Infrastructure + Security: Noteworthy News (August, 2020)

Microsoft Azure

Configure anonymous public read access for containers and blobs

Azure Storage supports optional anonymous public read access for containers and blobs. By default, anonymous access to your data is never permitted. Unless you explicitly enable anonymous access, all requests to a container and its blobs must be authorized.  This article describes how to configure anonymous public read access for a container and its blobs.

Administrative units management in Azure Active Directory (preview)

Administrative units allow you to grant admin permissions that are restricted to a department, region, or other segment of your organization that you define. You can use administrative units to delegate permissions to regional administrators or to set policy at a granular level.  This article describes administrative units in Azure Active Directory (Azure AD).

Using directory schema extension attributes in claims

Directory schema extension attributes provide a way to store additional data in Azure Active Directory on user objects and other directory objects such as groups, tenant details, service principals. Only extension attributes on user objects can be used for emitting claims to applications. This article describes how to use directory schema extension attributes for sending user data to applications in token claims.

Accessing the Universal Print Public Preview

As of July 2020, Universal Print is offered as a public preview, and over the next few months we'll be expanding the preview to most Microsoft 365 customers.  During the preview Microsoft will support Universal Print through the Azure Support portal to help get Universal Print deployed in your organization and quickly address any issues you encounter.

Azure Policy Remediation with Deployment Scripts

Have you wanted to remediate a non-compliant object using Azure Policy but found you can’t because the policy language or type of object can’t be manipulated in that way?   Deployment Scripts are currently in preview and allow you to execute PowerShell or CLI scripts using Azure Container Instances as part of an Azure Resource Manager template. Now you can run a script as part of a template deployment.

Soft delete for containers (preview)

Soft delete for containers (preview) protects your data from being accidentally or erroneously modified or deleted. When container soft delete is enabled for a storage account, any deleted container and their contents are retained in Azure Storage for the period that you specify. During the retention period, you can restore previously deleted containers and any blobs within them.

Use cloud groups to manage role assignments in Azure Active Directory (preview)

Azure Active Directory (Azure AD) is introducing a public preview in which you can assign a cloud group to Azure AD built-in roles. With this feature, you can use groups to grant admin access in Azure AD with minimal effort from your Global and Privileged role admins.

Replica sets concepts and features for Azure Active Directory Domain Services (preview)

When you create an Azure Active Directory Domain Services (Azure AD DS) managed domain, you define a unique namespace. This namespace is the domain name, such as aaddscontoso.com, and two domain controllers (DCs) are then deployed into your selected Azure region.  You can expand a managed domain to have more than one replica set per Azure AD tenant. Replica sets can be added to any peered virtual network in any Azure region that supports Azure AD DS. Additional replica sets in different Azure regions provide geographical disaster recovery for legacy applications if an Azure region goes offline.

Windows Server

Exchange Server 2016 and the End of MainStream Support

Exchange Server 2016 enters the Extended Support phase of its product lifecycle on October 14^th 2020.  With the transition of Exchange Server 2016 to Extended Support, the quarterly release schedule of cumulative updates (CU) will end. The last planned CU for Exchange Server 2016, CU19, will be released in December 2020.   

Use Spot VMs in Azure

Using Spot VMs allows you to take advantage of our unused capacity at a significant cost savings. At any point in time when Azure needs the capacity back, the Azure infrastructure will evict Spot VMs. Therefore, Spot VMs are great for workloads that can handle interruptions like batch processing jobs, dev/test environments, large compute workloads, and more.

Windows Client

Microsoft Whiteboard in Teams Adds Sticky Notes and Text, Improves Performance

Whether you’re working remotely or in the office, your team can use Whiteboard to run effective meetings, brainstorm, plan and think creatively.  We’re excited to announce that some of the most loved Microsoft Whiteboard features on Windows 10 and iOS are now available to use in Teams and Whiteboard on the Web.

New Windows Virtual Desktop capabilities now generally available

With the global pandemic, customers are relying on remote work more than ever, and Windows Virtual Desktop is helping customers rapidly deliver a secure Windows 10 desktop experience to their users.  In April 2020, we released the public preview of Azure portal integration which made it easier to deploy and manage Windows Virtual Desktop. We also announced a new audio/video redirection (A/V redirect) capability that provided seamless meeting and collaboration experience for Microsoft Teams.  We are happy to announce that both the Azure portal integration and A/V redirect in Microsoft Teams are now generally available.

Trying Out Autopilot Hybrid Join Over VPN In Your Azure Lab

As an IT admin you plan to ship new devices to end users which can join the on-premises AD (Active Directory) by leveraging Autopilot with Intune for device management.  This post is a walkthrough of evaluating the Autopilot Hybrid join over VPN scenario in a lab environment hosted in Azure.

What’s New in Microsoft Teams | August 2020

In August, we saw updates in Microsoft Teams that continue to improve the meetings experience and new features that provide developers a rich canvas to build workflows to enhance personal productivity. We are excited to share new features this month across meetings, calling, devices, chat and collaboration, IT admin, and industry. Check out our new capabilities,

Setting the BitLocker encryption algorithm for Autopilot devices

With Windows Autopilot, you can configure BitLocker encryption settings to get applied before automatic encryption starts. This configuration makes sure the default encryption algorithm isn't applied automatically. Other BitLocker policies can also be applied before automatic BitLocker encryption begins.

Security

Restrict guest access permissions (preview) in Azure Active Directory

Azure Active Directory (Azure AD) allows you to restrict what external guest users can see in their organization in Azure AD. Guest users are set to a limited permission level by default in Azure AD, while the default for member users is the full set of default user permissions. This is a preview of a new guest user permission level in your Azure AD organization's external collaboration settings for even more restricted access.

Optimize reauthentication prompts and understand session lifetime for Azure Multi-Factor Authenticat...

Azure Active Directory (Azure AD) has multiple settings that determine how often users need to reauthenticate.  You can configure these reauthentication settings as needed for your own environment and the user experience you want. 

Administrator roles for Microsoft 365 services

All products in Microsoft 365 can be managed with administrative roles in Azure AD. Some products also provide additional roles that are specific to that product. 

Revoke user access in Azure Active Directory

Among the scenarios that could require an administrator to revoke all access for a user include compromised accounts, employee termination, and other insider threats. Depending on the complexity of the environment, administrators can take several steps to ensure access is revoked.  To mitigate the risks, you must understand how tokens work. There are many kinds of tokens, which fall into one of the patterns mentioned in the sections included in this article.

Encryption at rest using customer-managed keys

Encrypting your web app's application data at rest requires an Azure Storage Account and an Azure Key Vault. These services are used when you run your app from a deployment package.

Administrator roles by admin task in Azure Active Directory

In this article, you can find the information needed to restrict a user's administrator permissions by assigning least privileged roles in Azure Active Directory (Azure AD). You will find administrator tasks organized by feature area and the least privileged role required to perform each task, along with additional non-Global Administrator roles that can perform the task.

View and search your recent sign-in activity from the My Sign-ins page       

You can view all of your recent work or school account sign-in activity, from the My Sign-ins page of the My Account portal. Reviewing your sign-in history helps you to check for unusual activity by helping you to see if someone is trying to guess your password, if an attacker successfully signed in to your account, and from what location, or what apps the attacker tried to access.

Updates and Support Lifecycle

Network optimization tips for on-premises Office installs and updates

There are a variety of scenarios including but not limited to, installations of Office.  The goal of this article is to provide solutions for challenges collected from customers in the field.  

Hotfix: JDBC Driver 8.4.1 for SQL Server Released

We recently released an update to Microsoft JDBC Driver for SQL Server, version 8.4.1. The update addresses a few issues that are important to our customers.

Cumulative Update #14 for SQL Server 2016 SP2

The 14th cumulative update release for SQL Server 2016 SP2 is now available for download at the Microsoft Downloads site. Please note that registration is no longer required to download Cumulative updates.

Products reaching End of Support for 2020

Microsoft Premier Support News

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.