View Recording: Simplifying Azure Operations with AI-Powered SRE Agents

Joe Steiner 0:22 Alright, excellent. Hello everyone. I am Joe Steiner. I’m a solutions architect here at Concurrency. I hope everyone’s having a great day today. We’re going to be talking about simplifying Azure operations and specifically the Azure SRE agent, which is available in preview. Currently we’re talking. Quite a bit about that and and how that might help all of you out. So with that. Let’s go on those. So site SRE or site reliability engineering, I think most of you probably aware, but just for anyone that isn’t, it’s a operational practice whereby you’re continuously evaluating. Websites and software to ensure that the performance is maintained, that you don’t have issues and a way to kind of incorporate that into the ongoing development process. Very important for any modern organization trying to maintain. Sites particularly client facing sites, but it also can involve a lot of time consuming repetitive task. You have to go through analysis of data from many different places and that there are there are some pieces of that that. Certainly tools like artificial intelligence agents can help with as those excel at automating those kind of repetitive tasks and bringing vast data sense and doing some kind of core analysis of that Azure SRE agent is really the application of AI to. Reliability engineering. So with that, we’re going to go through Azure SRE Agent. You know, here’s kind of our agenda for the day and and also what it does. You know the SRE Agent, one of the first things that we’ll do when you set it up. Is to perform an analysis of your existing environment and then from there performs ongoing proactive monitoring. It does this through its connection with the Azure monitoring services, which we’ll talk a little bit about. It can monitor anything that’s in Azure in the resource groups or subscriptions that you tie it to, but it has certain things, additional enhanced things it can do on a more proactive, almost remediation basis for certain services and we’ll talk about what some of those are. As it’s monitoring that, it also can provide you with some of the reporting as well as then in both daily reports, which we’ll talk about as well as some of the custom reporting that it can automatically generate at your request. And pull from the relevant data sources and and produce reports for you. But also can do some best practice analysis where it’s taking on the the evaluating your environment and comparing it against some of the recommended best practices in in in some incidents. From there, because it has all that data, you can take that and and perform tie that in with their incident management. Then you know as you have things happen, the incident management environment can. Then take over and and you can use this to both feed information into it as well as handle those events, both in a manual way with some guidance from the tooling, but also it can actually provide some automated mitigation of those incidents as well. It also can assist with creating a root cause analysis, so we’ll be talking about that. We’re also going to talk a little bit about the security of this as you’re as you were rolling this out and some of the security approaches there which actually are good. Security model in some ways for looking at any kind of AI agent. So we’ll we’ll have a little bit of discussion on that, talk about some example prompts throughout and then talk about what you need to do to go into this and start playing with it yourselves. It’s available today via preview and then we talk about what the billing would be like for that going forward. So with that, let’s start with talking about environment analysis monitoring. As I stated, the first thing that the SRE agent does when you. To connect it to your subscription and resource groups is that it’ll create what’s called a welcome thread. Again, as an AI agent, the threads are kind of those conversational threads that get generated and we’ll create that and provide. Current first hand view of of your services that are running in there and anything that it notices right away after it runs its first evaluation of that. From there it’ll kind of create the snapshot of all that which you can then pull up and see graphically. Here’s an example of a visualization of the resources in one example of this, and it can generate lists of all the application found in the managed in the resource groups that you’ve assigned for it to manage. So it can help you with collecting things like some of the things you’ll see in these Gray boxes. Here are example prompts and they’re much more detailed and involved ones from there. But what services is this resource connected to? Or list all the resource groups that you’re managing in in the subscriptions and. It can very quickly generate that information for you just by asking it the questions. As we stated a moment ago, Azure SRE Agent pulls this data from. The Azure Resource Manager API as well As for Azure Monitor, you can connect it to Pagerduty as an alternate option. There are some things you’d have to do to make that happen, but it is also a available option for anybody that might be using that, but by default as soon as you turn it on. That’s gonna connect to Azure Resource Manager and Azure Monitor. Amy Cousland 6:50 Hey Joe, you got a few questions and said can it monitor Azure Health? Joe Steiner 6:51 Yeah. Excellent. Great. Amy Cousland 6:55 And does it work on a subscription basis or can it be deployed at management group scope? Joe Steiner 6:55 Uh. So it it works it you assign it, you have to manually assign subscriptions and you also have to use the check box there. You there’s some other ways sometimes when you’re in the in the graphical user interface to to approach those. You have to use the check box to when you go through that list for subscriptions and resource groups. Those will be the things that’ll it’ll prompt you to say OK, what subscriptions, what resource groups do you want this to manage? You also can start with small and then add on to that through the interface over time. As far as Azure Health, it is providing those things. Azure Health ties in with that. If it comes through Azure Monitor, any alerts or connections through there, it will be picking up as well. There may be some other things Azure Health does in processing. If that doesn’t flow back through Azure Monitor, it it may not get that. Who? Any other questions, Amy? Amy Cousland 8:12 No, those are the two there. Joe Steiner 8:13 OK, excellent. Sorry I I with the I apologize, I’m not able to to see those myself so we can keep an eye on that format. I appreciate it. So the support services in here again. Azure SRE will monitor anything that runs in Azure. Azure monitoring can collect all that that as well, and that’s that’s the method that it the path that it uses, but it does have specialized tools for managing the services you see here. That list will continue to grow. Again, this is in preview right now. But within those tools you will have some things and really that comes into when we start getting into, I want to actually you go ahead and remediate this, it’ll be able to take some some additional actions in these areas and there there’ll be some prompts that can be generated to to allow that. To operate there and be able to take action on your behalf. Again, you’ll see in a moment you have the option to put it into a review state or an auto state and so there are controls on that, but you can have the tooling take care of and remediate. Any incidents that come up as well. It’s really one of the more powerful aspects of this, along with just the ability to generate reports on command. The prompts are really just commands in many ways, getting the list of the services that you have the. Specialized additional capabilities for as that changes over time, you can ask the tool itself as to what it’s able to do at any point in time. As that changes, you’ll see there’s some changes to the list and again, you know the example prompts here, you can see that you’re able to do that. Be able to also see anything that you listed by apps, by services, by resources that’s being managed across the subscriptions through that agent. So reporting and best practices again here we start getting all kinds of prompts that can. Generate what you’re after here, and this really some of the power of this starts to come to light. You can go and ask it any number of things and and even start doing clustering and combining different things together and have it combine, you know, abuse of different. Types of resources or or that and bring that all into a simple report. You’ll see the example on the bottom here of you know, visualize the split of container apps versus web apps versus AKS clusters. A managed across all subscriptions as a put in a pie chart. It’ll do it for you like that. There any just as one example, there’s a a number of those kind of things I can do. I would really encourage you if you go to preview this to to play around with that. It’s pretty powerful that way. Every day it will generate a report for you. That includes the state and status of your services in the resource groups that are have been selected to be managed. That includes any incidents that may have occurred. It’ll provide you any information about that, as well as whether that’s active, mitigated, or resolved. Talk about the application group performance and health and provide metrics on there, including availability, CPU usage and memory usage, and then provide a summary of any actions that have been taken relative to the health and maintenance of Azure resources. Particularly if you’ve had it in an auto mode for taking action on your behalf, it’ll say, hey, here’s what we did or what the tool did on your behalf there. So pretty powerful that way. As we move into, you know, beyond the monitoring, OK, now it’s managing incidents as well. It is able to and you are able to diagnose what’s happening with incidents just by interacting with the agent through the chat interface. And also via, you can do that via your incident management platform. So you’re using Azure Monitor as a incident management management platform you can or as part of that you can you can utilize that as well. It will automatically respond to any alerts that are generated through Azure Monitor. And or Pagerduty, if you’ve connected to that with kind of a its initial view of, hey, here’s what I’m seeing in the environment to help you with addressing those those incidents you can have alerts are generally triggered by predefined conditions so you can control. To a degree where those alerts are coming forward and off of the services inside of Azure and through Azure Monitor when the SRE agent receives that alert. Then it will bring all the information from the incident into its analysis and look at the situation, determine what it recommends. The next steps would be based on its past volume of what’s the best way to mitigate these kinds of situations. Yeah, the idea is that this is really where you start getting into the more A I power of of this, where it is trying to mimic how you know you as as a human would handle these kinds of things and it uses past history. For how these things and how Microsoft recommends you handle these things to go ahead and and process that and we can have it do it on your behalf. Again, you can authorize it or let it go ahead and do that automatically as well. We’ll talk about how that works. You know, as part of that, it’ll review logs, the health probes, any telemetry it has to assess the incident, try and figure out what what’s happened. It also tries to determine if the alert is a false positive, so it’s not taking action. When it when it maybe shouldn’t and and try and decide what action and and whether it’s needed. So and really all this is trying to answer OK, why isn’t this working or why did this happen? And you can ask that of it too if if you if you notice something that. Yourselves. But again this will actually be triggering off of the alerts automatically and say OK, we’ve we’ve got an incident, here’s what I can the tool can tell you about that and then be able to provide you some some potential corrective action on on there. And here we can kind of talk about the how it will operate. You can have it run in a reader mode. There are two modes. You can have it run in a reader mode. In reader mode it will take in the the information. And just provide what it would recommend you do, but it won’t take action unless you specifically authorize it to do that. In autonomous mode, it will allow the agent to automatically take action or. Those incidents, depending on how you configure it, and you do have a significant set of configuration settings that you can apply to that in terms of establishing some policies for how to handle things and what it can and can’t do. It also can update or close incidents outside of itself, providing information back out to to other systems to say, hey, this is the action that. This agent has taken and be able to notify other tooling of of what’s happening there. So again you’ll have that kind of reader autonomous mode and it’s kind of you’ll talk, you’ll see reviewer auto later when we when we talk further when we get into security side which ties back to this too but. OK, do I want human involvement in this or do I want the AI to be able to to take action on its own? And again, you know, allowing for it to go ahead and very quickly resolve things that. On your behalf that you may not even had the time to notice yet. So but again you control the ruling, the rules for that and again provides that control of this A I agent. Um, so that you can you can decide what you allow it to do and and what you don’t. You know, as we kind of continue into mitigations, you’ve had an incident and are working through that. Again, you’ve got the automatic option to automatically take care of of incidents and thereby start mitigating. Immediately and and start working on on getting that back in service while it it works in that the automation will require approval for some things and we’ll we’ll talk about that kind of approval process in a moment. But you know again it just showing that there are a lot of controls to how you can dictate how the A I will will operate here. It’s not just go ahead and you know do whatever it thinks that it it should do you you have had some configuration control over. Over this this tool support, you know as reagent can fix you know configuration and and dependent services of the applications that you have actually can tie into GitHub for any code issues. And even with some of the A I tooling and GitHub can start generating code to provide fixes for that too as as part of this as well. If nothing else, it can mark that hey, we’ve got this issue that needs to be addressed and create the issue. And let human developers work on that. But there are further automation options in there. Some of the examples of automated agent actions that can be taken is inside of Azure App Service that could roll back. Deployment scale resources up and down, restart applications, containers again, roll back, scaling and restarts. Kubernetes kind of restart pods and deployment again, roll back to previous revisions, scale and also patch. Resource definitions inside of there as well. The other thing you can do when you’ve had an incident is help and provide root cause of where the app issues came from by analyzing again all the data that it has. At its disposal through Azure Monitor and the Resource Manager and be able to say, hey, here’s here’s kind of the root cause. And if it hasn’t already provided an automated mitigation, it can provide, hey, here’s what you we think or the tool thinks you should do. And to to correct the situation. So there’s some different again examples of you know, let’s say you’ve got an application down, it will show you as you would say, hey, what are the the call? Why is my application down? Down it would then come forward and say, hey, here’s the possible causes and then we’ll show and say, hey, we think that it’s probably because there’s a bad deployment or that there was high CPU and that it can show some percentages on those and say, hey, this is the most likely. Cause of this in this situation and for those things that it’s able to fix, you can then have it take action to fix or automatically have work to fix that depending on how you’ve you’ve set that up. So same thing with continued edges. And say, hey, we had a a pull failure on a container image, you know, kind of come forward and might say, hey, here are the three most likely causes. We think in this case it was due to perhaps network connectivity. And then I can then say, hey, here’s here’s what we think you should do. You know, if it was, you know, one of the other things, the, you know, registry connectivity issues, it might be able to to take other actions there on your behalf. So the level of automation will depend on the nature of the issue, but it will be able to tell you what that issue. That issue is right away, just by an on request again. Again, we’ve talked a little bit about how you know you can have things automated or where you have review in there. We want to talk a little bit to to about some of the underlying security permissions that are involved with this. First, we’re talking about security permissions of the user as a human interacting with it. And there’s two types of interaction. You have the person that creates it. They need to be an owner or have admin permissions to any subscription. One thing I do want to note in preview, it is only available in Sweden Central. Kind of an odd thing with the preview there. However, it can monitor resources in Azure regions anywhere in the world. But the SRE agent itself has to be created in Sweden Central, and so whoever’s creating the agent has to be able to create resources in the Sweden Central region to stand the agent up. And here’s the permissions that you need. Anybody interacting with the agent needs to have contributor permissions to the resource group or at the agent instance level to be able to interact. Again, one of the previous webinars we were talking about governing. A I we talked about how you know the permissions and through Entra will kind of flow through and be honored throughout very much the case here and that is why you have to have contributor permissions to be able to view the results of what the SRE agent is producing. It’s ensuring that you’re able to you have the rights to see what’s what’s happening in there. As far as the agent, it too will have an identity controlled by Entra, kind of like another user in some ways. And as that gets created, it will be pre-configured with at least three role assignments and then it’ll add the others as needed in a kind of reader form for any subscription service services within the subscription or resource group that you have. That you’ve told it to manage so, but at a minimum it frequently will come up with Log Analytics, Azure Reader and Monitoring Reader and assign those those roles to that it’s managed entity identity. Inside of of Entra. From there, as you’re setting it up, you will make a determination as to OK. I want this to have reader level or privilege level permissions the reader level. Will allow it to read only. It configures with read only permission so it can view information. It can tell you, hey, here’s what the agent is seeing inside of your environment. Here’s. You know where it thinks the problem lies. Here’s what it thinks you should do, but it won’t take any action. I actually typically hear that in terms of all right action, any kind of changes to the environment that’s going to require elevated permissions. It can prompt for that on a temporary basis to complete the action. So if it’s got a, if it said, hey, the app’s down, it will tell you here’s why it’s down just by reading the information and data sources that it has. But then it may say, hey, here’s a recommendation. Do you want me to to do this on your behalf? And then you as as the user interacting with the agent can say yes or no and it will temporarily gain permissions. To do that, and we’ll talk about how it does that in just a second, gain, temporarily gain permissions and then relinquish those to to perform that change on your behalf, all of which is locked in a privileged permission level if you would set the SRE agent to that. After it it it is able to see, hey, there’s this incident, here’s the recommended course of action. It will already have the permissions to take action and it’ll depend on the type of action. Some of the other settings that you have was to whether. It will go ahead and automatically take those action or not. So there’s a few different places within the SRE agent where you’re going to want you’ll have control over how much automation it can perform and what it can do. This is 1 the the reader or privilege permission level. At the front end here will generally dictate. OK, yes, if I’m read only, I’m going to have to prompt every time I want to take a further action. Here with privilege, it’ll say, hey, you can go ahead and do what you need to within those things that you have that you have the ability to. I’m. The other thing that ties in with that is execution modes. And here again you have this review and auto. I mean the case of review on any right action that it’s going to take any time it’s going to do something within the environment. It will prompt the user for approval to take that right action and then if it has. Review only access. It’ll ask you as the user to say, hey, will you allow me to perform this action on your behalf? I mean take over your permission level, perform the action and then shut that down just to to do that. If you have granted it privileged and then review, it will already have the permissions and it’ll just prompt you to say do you want me to take the right action and then at the point that you’ve said yes. It already has the privileges to go and perform the action and so we’ll go ahead and and just do that for read action. It will automatically take action as long as it has security permissions to do so. So that read actions would be again showing you information that it’s found inside of the data in the logs. You know, generating the reports, things like that. The right actions are really just those where, all right, we’ve found this incident, we’re going to take that automated mitigation step. Those are the the, the typically most of the right actions in in this case. The other execution mode is auto. Auto really allows it to say, OK, I’m going to go ahead and take action automatically if it has a security missions and you’ve configured it to be able to do so. It and it it’s going to go ahead and and do that. So if you have auto and privileged set for the agent, it’s going to go ahead and just take action on your behalf for anything that you’ve granted it the rights to manage along with some other configuration setting, but in general that will. Allow it to automatically do what it thinks it should do. If you have auto and the reader action, it will seek to automatically take action. It’ll be trying to, but then it will have to prompt you for the permissions still. For anything that it doesn’t have permissions for. So it’ll say, OK, I’m gonna take this action. Can you can I do this on your behalf? And you’ll have to, you’ll have to provide that authority to act on your behalf using your permissions. So just a couple of of things here. It’s worth thinking through that. We do have some links further on. There’s some charts about how that that maps out, but this is kind of the the base summary of of how those execution modes work. Really a good approach towards. You know, again, if I don’t want the AI agent doing everything that it thinks it should do, this is a way to allow it to go ahead and take quick action on these things, but have some level of control to whatever comfort level you are, you and your organization are. Are choose to allow within the you know the the interface, you know it is a prompt interface and so here’s just some. A few sample prompts. If you follow the link when we send the deck out, there’s a whole host of. There’s probably 30 to 50 other prompts on that list there that you can. If you get into the preview, you can. Go ahead and start playing with these things within your environment and the whole host of things. In here it’s about giving a view of a heat map, what revision of a container app is active, you know when where. One was how many of my apps have public Internet egress associated with it? Are there staging slots configured for this? Show me a visualization of response times for a container for the last week. So it can be what’s happening now, what’s been happening, what’s been happening over a set of time, the whole host of things that you can generate again just by asking the question. The biggest thing with AI is OK, what? Start asking the questions of it and see what it can do for you. And here’s good. There’s a good list of prompts that are going to particularly follow that link there. I want to make this still legible as we’re going through this, but there’s there’s a whole host of ideas out there and you can take it from there, so. A very, very powerful tool can do a lot. And again, whether that’s providing just information for you to make your own decisions and or even, you know, starting to recommend actions and taking actions on your behalf. And you can control where how much of that you use out of the tool. So it is again available in preview today. It only operates with English, so it doesn’t have any other language interfaces yet. I’m sure those are coming. The is only available again and kind of oddly in the Sweden Central region, but it can monitor and remediate issues for services in any region that can connect out from there, but the agent itself has to exist in Sweden Central today. As it’s available in preview, if you need to have more information about how data is collected and managed by the SRE agent, the the privacy policy link is provided there to sign up. We even I put the the link here so you can sign up to. Go try the SRE agent and connect it to your own environment and just yes. Amy Cousland 32:56 Yeah, Joe, there’s a question about is there an expected GA time frame? Joe Steiner 33:00 Yeah. So they are planning on, we’re actually gonna get to that in just a second. They’re planning on on starting to bill on September 1st. So it’s the that’s coming to an end. I need to verify. If they are on track for that, sometimes they the previews there run a little longer and so I think it’s a little nebulous right now, but there is a we are coming up. You’ve got a couple of weeks left still for. For the the preview that may end up getting extended, it hasn’t yet. Usually that happens in this time period so that it could still extend, but as of right now it is September 1st is they’re planning on starting the the billing for it. Were there, were there any other questions? I mean as long as we. Amy Cousland 33:55 That was that was it then. Joe Steiner 33:58 OK. All right. Well, thank you. Please, please feel free to to ask. We’re glad to happy to answer anything we can and if not, we will get back to you with with with the answer thereafter. As far as the preview, I will check and see if that’s if we’re looking like that’s going to be extended or not. The one of the things once the billing does kick in, they’re using the Azure Agent Units mechanism. This is a standardized way to bill for AI agents that Microsoft is using. They’re using it across multiple pre-built agents services that they offer and it it just makes for a a common approach across Microsoft at least for for that you would have to find out what your AAU price is. But there’s two basic kind of components to that. One is the always on flow which where it’s just continually monitoring resources that is. For Azure SRE agent that will generate 4 AU per agent hour. So as long as it’s monitoring resources, it’s going to mark up 4 AU for every hour that it’s running. There’s then the active flow action type where these would be things that where the first always on is, you know, just the underlying Azure monitoring data feeds, all that that’s all being collected at that. That per agent hour basis is an hours on flow for the active flows. This would be like, hey, I’ve interacted with the agent, asked it a question and it had to do something, whether it’s producing a report, whether it was taking a. Mitigation step, anything like that where you’re interacting with it. That is 1/4 of an AAU per every task per second, so. If I am starting a conversation thread with it and interacting with it for, you know, a few seconds that way, that will for each second that it’s interacting there, that will utilize that quarter AU for that kind of interact. So again, it’s just so it’s good to know the always on versus the active flow differentiation for how that’ll be calculated in terms of any billing. And again your price for Azure Agent units will depend on your agreements with. Your Microsoft licensing. Come. That’s that’s it. I I I would encourage you to particularly in these next couple of weeks that you still might be able to go try it. And as with any AI agent, try a host of different prompts with the reporting. Don’t be afraid of it. Ask any questions you. Can’t hurt it. As long as you’re asking for like, hey, can you show me this? Can you show me that? If it can’t do it, it’ll tell you or it’ll give you the the response that it think best suits what you’re asking. But don’t be afraid to ask the questions. And as I said, if you go through those sample prompts, it’ll give you a good sense of a here’s the kind of questions I might be able to ask. It’s like let me try this and kind of for my environment we’d we want to see a map of these things together or a chart of these things together or that kind of thing. Don’t be afraid to get in there and try and play with it. Other things that you should be aware of is that we do at concurrency offer a AI governance readiness assessment which. Ties in with some of the risk compliance and governance pieces here for any type of of AI engagement, but we certainly can work with you and and what you’re trying to accomplish, whether that’s with SRE and setting up the configuration permissions for that or for anything else. Any other AI apps or agents that you’re building. Also, you should look at the Microsoft funding available. If you’re exploring AI projects, there is a whole host of funding available with Microsoft’s new fiscal year, which started July 1st. To help you move forward with any A I, a particularly A I initiatives that you’re you’re after and those are things that we can help you navigate as well. So with that any other questions we’re I know we’re. Not quite to the full hour today, but that’s that’s what we we had on the SRE agent and hopefully this is valuable. Amy Cousland 39:03 Let’s see. I haven’t seen any yet. Any questions yet? We can give it a minute here. Otherwise, yeah, if you want to take a moment to just fill out that brief survey and you can also request any kind of follow up. But that’s OK. It says Steven has a question. Let me go in here and see if I can. Joe Steiner 39:08 OK. Sure. Amy Cousland 39:21 Unmute him. Hold on a second. Um, Steven, here we go. Uh, Allman, Allah. I’m trying to. I’m trying to allow Mike. Hold on a second. OK, Steven, you should be able to talk now. Colegrove, Stephen 39:51 Hi, can you hear me? Amy Cousland 39:53 Yeah, we got you. Joe Steiner 39:55 Hi, Steven. Colegrove, Stephen 39:56 Hey, sorry about that. Yeah, back before. Joe Steiner 40:03 Oh, lost you, Stephen. Amy, OK. Amy Cousland 40:23 Not sure what happened. We lost you. So if you want to go ahead and type any kind of question into the chat or if your mic comes back on. Joe Steiner 40:24 OK. Amy Cousland 40:43 Hmm. Joe Steiner 40:47 Steven. Colegrove, Stephen 40:48 Yeah, I I apologize. Can you hear me? Yeah, sorry, sorry, you guys and everyone else on the line. So there was there was a moment where you had the agent prompted you and asked you, should I give myself more privileges to complete this thing? Joe Steiner 40:49 There we go. No worries. We can. Yeah. What’s your question? Yes, yes. Colegrove, Stephen 41:05 Was that with the original setup? Was that reader mode or had it already been delegated as you have elevated rights and it just needed more? Joe Steiner 41:08 Go back to that. So it yeah, so it yeah, it begins with there’s there’s two pieces to this. There’s the reader and the privilege permission level. And so if I’ve put it in reader, it’s gonna have me have to ask me for permissions on a lot of things that it does, right? Colegrove, Stephen 41:21 Privilege. Joe Steiner 41:38 In the privileged, I’ve said, hey, you have the rights, these rights to to to take action, right? And then there’s another level where you’re dictating whether, OK, you may have the rights, but can you take the action? And that’s what. Colegrove, Stephen 41:46 to take action, right? And then there’s another level where they may have the rights, and that’s what Joe Steiner 41:58 Review versus auto controls where I might have something and say, hey, I’ve given you privileged access, but I’ve put you in review and there it’ll say, hey, I’m always gonna prompt you for any right action. But for anything else, if I’ve given you privileged, it can go ahead and take that action without having to ask for permissions, if that makes sense. So kind of there’s the the privileged version. This is is pretty clear cut where for any read action and it already has the permissions, it’ll go ahead and be able to do it. If it’s for a right action, it will prompt for approval and that’s what review controls is that any. I want you to prompt for any right before you go to do anything inside of the environment if I have turned on. The reader permissions. Then it’s going to have to ask for permission to do not only any write actions, but sometimes for the read actions as well, depending on what underlying permissions that that have been granted to it. So it’ll say, hey, you might say, hey, generate this report for me. If you have it locked down in reader and review mode and haven’t given a lot of permissions, it may have to say, OK, I’ll generate that report, but can I do you want me to do this? On your behalf and it’ll use your permissions then to temporary allow it to do it and then go from there and with auto it will automatically if you’ve given it the ability to. Perform the If you’ve given it a privileged access, it’ll automatically go ahead and step up and give it action, give it rights to go in, perform the action, and then step back down. Colegrove, Stephen 43:51 Thank you. OK. Joe Steiner 44:00 Well, if that makes it any clearer, but that’s that’s that’s roughly how that works. So you have two kind of choices there. You have reader versus privileged, which is at the permission level and then you have review versus auto. Which controls. I can go ahead and do things. I can only do read actions or I can do read and write depending on my ermissions. Colegrove, Stephen 44:29 OK. Thank you. Joe Steiner 44:30 Yeah, and like I said, there is a chart. If you look at the, there’s a little, there’s some documentation. We took most of this from Microsoft documentation and experience there is there is documentation there and if you go into the security section in the documentation for Azure SRE. You’ll see a little chart where it kind of maps out OK, review auto read permissions or you know or does it have privileged access there. So and it kind of maps all that out into a more stepwise fashion that might be easier to consume. Amy Cousland 45:10 Alright, thanks. Are there any other questions? Doesn’t look like there is. If anybody else does think of anything, feel free to respond to our survey and we can follow up with you. Otherwise, Joe, thank you so much for this great webinar. Take care. Joe Steiner 45:22 OK. Yeah. Thank you. Thank you everyone for your time. We look forward to hearing any questions you have and I hope everyone has a great rest of your day. Take care.