You are reading the next issue of the Infrastructure + Security: Noteworthy News series! As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.
Many organizations want to let users sign in to Azure Active Directory (Azure AD) using the same credentials as their on-premises directory environment. With this approach, known as hybrid authentication, users only need to remember one set of credentials. To help with the move to hybrid authentication, you can now configure Azure AD to let users sign in with an email in your verified domain as an alternate login ID.
Ever wish you could use B2C style user flows with B2B accounts? Wait no longer. You can now create user flows for apps that are built by your organization. Once you associate the user flow with one or more applications, users who visit that app will be able to sign up and gain a guest account using the options configured in the user flow.
Pre built queries that provide an instant insight into a resource or an issue shorten the time it takes to start using Log Analytics and provide a nice way to start learning and using KQL. We have been hard at work collecting and curating over 250 example queries, designed to provide instant value.
Microsoft is committed to helping protect your company’s most critical data as the business world changes before our eyes. For content stored in the Microsoft Cloud, that commitment starts with OneDrive. Read this article to learn how Microsoft 365 and OneDrive helps keep your data secure and private at the same time reducing the stress on IT during compliance or litigation issues.
This month, we have new meetings, calling, devices, chat, collaboration, platform, and industry features we will not want you to miss. Read on to stay up-to-date. If you are interested in our recent Microsoft Build news, check out our Teams Build blog!
Microsoft has deployed a new endpoint (API) for Azure AD Connect that improves the performance of the synchronization service operations to Azure Active Directory. By utilizing the new V2 endpoint, you will experience noticeable performance gains on export and import to Azure AD.
We’ve had a ton of requests for APIs to manage users’ authentication methods. That’s why it is so cool that today we get to announce that the first set of these APIs has reached beta in Microsoft Graph.
Azure Ultra Disk customers already benefit from server-side encryption (SSE) with platform-managed keys for Azure Managed Disks enabled by default. SSE with customer-managed keys (CMK) improves on platform-managed keys by giving you control of the encryption keys to meet your compliance needs.
Intune is deprecating the Exchange On-Premises Connector feature from the Intune service. This does not affect existing customers with an active connector, they will be able to continue using the connector for the time being. The only customers that will be impacted are those that do not have an existing active connector. Those customers will no longer be able to create new connectors or manage on-premises EAS devices from Intune.
With media optimization for Microsoft Teams, the Windows Desktop client handles audio and video locally for calls and meetings. You can still use Microsoft Teams on Windows Virtual Desktop with other clients without optimized calling and meetings. Teams chat and collaboration features are supported on all platforms.
The process of importing keys from on-premises HSMs to Key Vault HSMs is generally referred to as bring your own key (BYOK). Key Vault has supported BYOK with nCipher HSMs since its launch in 2015. The new BYOK method will enable Azure customers to use any supported on-premises HSMs to generate keys and import them into Key Vault.
We are excited to announce the public preview of a completely redesigned alert page in the Microsoft Defender Security Center. The new Microsoft Defender ATP alert page will enable security researchers to more effectively triage, investigate, and take effective actions on alerts.
To provide protection against cyberattacks or accidental deletion, Azure Backup has added one more level of security to the Azure file shares snapshot management solution by providing protection against the accidental or malicious deletion of backed-up file shares.
Livestream lets you run queries that refresh every 30 seconds and notifies you of any new results. Creating a livestream enables you to (1) test newly created queries as events occur, (2) receive notifications from a session when a match is found, (3) promote a livestream to a detection rule to generate incidents in the future, (4) quickly launch investigations if necessary. You can quickly create a livestream session using any Log Analytics query.
Fido2 support for single sign-on (SSO) was introduced first for cloud resources, and then expanded to include both cloud and on-premises resources. For both cases, you can use either Azure AD joined or Hybrid Azure AD joined Windows 10 devices. See this field experience case for to deploy in your environment.
In an illicit consent grant attack, the attacker creates an Azure-registered application that requests access to data such as contact information, email, or documents. Learn how to recognize and remediate the illicit consent grants attack in Office 365.
Microsoft Information Protection is a built-in, intelligent, unified, and extensible solution to protect sensitive data across your enterprise – in Microsoft 365 cloud services, on-premises, third-party SaaS applications, and more. Today we are excited to announce the general availability of Microsoft Information Protection’s sensitivity labels in Power BI. The same sensitivity labels you use to classify and label data in Microsoft365 apps can now be used to classify and label sensitive data in the Power BI service too.
A new API version for Azure Monitor Logs resource provider, 2020-03-01-preview, is now available. This API supports new functionality like customer-managed keys (CMK), bring your own storage (BYOS), along with other capabilities. The new version consolidates the functionality of all earlier versions including: 2015-03-20, 2015-11-01-preview, and 2017-04-26-preview.
The Microsoft 365 admin center—admin.microsoft.com—is the hub of the Microsoft 365 ecosystem. As part of our ongoing efforts to improve your Microsoft 365 admin experience, we have enhanced the Settings area, enabled dark mode across most pages, added several enhancements related to Microsoft 365 Groups, and added provisioning status for Microsoft Teams.
Two new key features are now available in Azure Firewall—forced tunneling and SQL FQDN filtering. Additionally, we’re increasing the limit for multiple public IP addresses from 100 to 250 for both DNAT and SNAT.