Hi there! You are reading the next issue of the Infrastructure + Security: Noteworthy News series!
As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.
Microsoft Azure |
Upcoming changes to the Azure AD sign-in experience Announcing a visual design update that is coming to the Azure AD and Microsoft 365 sign-in experience globally in April. The freshened default background image on our sign-in screens will be one percent the size of the previous image, reducing bandwidth requirements and improving perceived page load times, especially on slower networks. |
Migrate your IaaS resources to Azure Resource Manager by March 1, 2023 In 2014, we launched IaaS on Azure Resource Manager and have been enhancing capabilities ever since. Because Azure Resource Manager now has full IaaS capabilities and other advancements, we deprecated the management of IaaS VMs through Azure Service Manager on February 28, 2020 and this functionality will be fully retired on March 1, 2023. Classic VMs will be following the Modern Lifecycle Policy for deprecation. |
Public preview of Azure AD support for FIDO2 security keys in hybrid environments Announcing the public preview of Azure AD support for FIDO2 security keys in hybrid environments. Users can now use FIDO2 security keys to sign in to their Hybrid Azure AD joined Windows 10 devices and get seamless sign-in to their on-premises and cloud resources. With the expansion of FIDO2 support to Hybrid environments, we offer seamless sign-in to Windows devices and virtually unphishable access to on-premises and cloud resources, using a strong hardware-backed public/private-key credential. |
Update to the Microsoft Authenticator app now rolling out There is now a new feature for the Microsoft Authenticator app allows you to change your password, update your security information, and view your recent account activity for your personal Microsoft accounts. The Microsoft Authenticator app keeps you informed about what's going on with your account, by sending security notifications to your personal Microsoft account, making it easy for you to manage your account. This update provides you with even more options. Each of your accounts expand into a full screen view, where you'll see more options pertaining to that account. The goal is to make it easy for you to take action if your account gets compromised and to stay aware of your account security so you don't get locked out. |
New tools to block legacy authentication in your organization Legacy authentication protocols like POP, SMTP, IMAP, and MAPI are preferred entry points for adversaries attacking your organization. In September 2019, Exchange Online announced the deprecation of legacy authentication prior to its removal on October 13, 2020. Disabling legacy authentication for users is a must-do on your identity security checklist. To assist with this the Identity Team has introduced three new tools: sign-in logs in the Azure portal to all tenants for 7 days, sign-in logs now include the user agent used to sign in, and sign-in logs client apps filter now includes all legacy Exchange Online protocols |
Announcing the preview of Azure Shared Disks for clustered applications Announcing the limited preview of Azure Shared Disks the industry's first shared cloud block storage. Azure Shared Disks enables the next wave of block storage workloads migrating to the cloud including the most demanding enterprise applications, currently running on-premises on Storage Area Networks (SANs). With Azure Shared Disks, customers now have the flexibility to migrate clustered environments running on Windows Server, including Windows Server 2008 (which has reached End-of-Support) to Azure. |
New Microsoft Edge Available for Download Announcing the new Microsoft Edge now available to download on all supported versions of Windows and macOS in more than 90 languages. Microsoft Edge is also available on iOS and Android, providing a true cross-platform experience. The new Microsoft Edge provides world class performance with more privacy, more productivity and more value while you browse. Our new browser also comes with our Privacy Promise and we can't wait for you to try new features like tracking prevention, which is on by default, and provides three levels of control while you browse. |
New version of Windows Virtual Desktop Client (MSRDC) now available You can use the Remote Desktop client for Windows Desktop to access Windows apps and desktops remotely from a different Windows device. The client can be configured for different user groups. You can be notified whenever a new version of the client is available either in the Connection Center or the Windows Action Center. See what's new for all the latest versions. |
Azure Security Center-Improved just-in-time experience The features, operation, and UI for Azure Security Center's just-in-time tools that secure your management ports have been enhanced. A new optional field is available to enter a justification for the request for access to a virtual machine (VM) through the just-in-time page of the Azure portal as well as automatic cleanup of redundant just-in-time (JIT) rules whenever you update a JIT policy. |
Preparing for TLS 1.2 in Microsoft Azure Microsoft Azure recommends all customers complete migration towards solutions that support transport layer security (TLS) 1.2 and to make sure that TLS 1.2 is used by default. All Azure services fully support TLS 1.2, and services where customers are using only TLS 1.2 have made a switch to accept only TLS 1.2 traffic. Services that currently accept TLS 1.0/1.1 traffic will continue supporting these protocol versions until further notice to ensure compatibility with existing applications. |
How to operationalize Microsoft Secure Score in your organization As you begin your journey towards operationalizing Secure Score you should treat it like a program that will not have an end date, and one that will continue and evolve over time. With the public preview of Microsoft Secure Score now well under way we have taken the received feedback and prioritized the features for the next release. To see more about how to start the conversation, building a long term plan, and how to embed it in your culture be sure to check out the full article. |
Microsoft Defender ATP for Linux is coming ...And a sneak peek into what's next The Microsoft Defender ATP team is thrilled to announce public preview of Microsoft Defender ATP for Linux and a sneak peek into our mobile threat defense capabilities for Android and iOS. In our initial release, we offer preventive capabilities for Linux servers. This includes a full command line experience to configure and manage the agent, initiate scans, and manage threats. Microsoft Defender ATP for Linux can be deployed and configured using Puppet, Ansible, or using your existing Linux configuration management tool. |
Understand data classification preview As a Microsoft 365 administrator or compliance administrator, you can evaluate and then tag content in your organization in order to control where it goes, protect it no matter where it is and to ensure that it is preserved and deleted according your organizations needs. This is done through the application of sensitivity labels, retention labels, and sensitive information type classification. There are various ways to do the discovery, evaluation and tagging, but the end result is that you may have very large numbers of documents and emails that are tagged and classified with one or both of these labels. After you apply your retention labels and sensitivity labels, you'll want to see how the labels are being used across your tenant and what is being done with those items. With the new unified analytics dashboard we provide a dashboard that summarizes key data as well as the Activity Explorer and Content Explorer tools to help understand the data in detail. |
Real-world practices to optimize Windows 10 update deployments Since the initial launch of Windows 10 in 2015, many of you have sought release-over-release efficiencies to ensure that the devices and users in your environments remain protected and productive. Based on discussions with, and feedback received from enterprise customers around the world, we recognize that the journey of keeping devices up to date and, more specifically, building "update velocity" isn't always clear. To provide clarity to IT professionals managing Windows 10 environments, today we published an in-depth guide on Optimizing Windows 10 update adoption. Please see the adoption guide on best practices and tips. |
Windows SMBv3 Client/Server Remote Code Execution Vulnerability A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. To exploit the vulnerability against a server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 server. To exploit the vulnerability against a client, an unauthenticated attacker would need to configure a malicious SMBv3 server and convince a user to connect to it. The security update addresses the vulnerability by correcting how the SMBv3 protocol handles these specially crafted requests. |
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms. |