Infrastructure + Security: Noteworthy News (July, 2020)

Microsoft Azure

Modern Auth and Unattended Scripts in Exchange Online PowerShell V2

Today, we are happy to announce the Public Preview of a Modern Auth unattended scripting option for use with Exchange Online PowerShell V2. This feature provides customers the ability to run non-interactive scripts using Modern Authentication. This feature requires version 2.0.3-Preview or later of the EXO PowerShell V2 module, available via PowerShellGallery.

Customize External Identities self-service sign-up with web API integrations

Last month at Microsoft Build, we announced the public preview of Azure Active Directory (Azure AD) External Identities, introducing self-service sign-up for external users.  As a follow-up to that announcement, the team has released the public preview of the API connectors feature mentioned in Principal Group PM Manager Robin Goldstein’s blog post. This means you can now invoke web APIs as specific steps in a sign-up flow to trigger cloud-based custom workflows.

Working with the Azure AD entitlement management API

Azure Active Directory (Azure AD) entitlement management can help you manage access to groups, applications, and SharePoint Online sites for internal users as well as users outside your organization.  This beta version of the API now allows you to programmatically create packages.

ClaimsXRay in AzureAD with Directory Extension

Read on to see how to use the famous ClaimsXRay application with AzureAD to troubleshoot problems with SAML single sign-on for 3^rd party tool applications.

Introducing Microsoft Teams displays

As many people around the world are working remotely, we are seeing an increased need to streamline the work experience and help prioritize what is important. Following our recent blog on Teams product news, we are excited to announce our newest device innovation, Microsoft Teams displays, a category of all-in-one dedicated Teams devices featuring an ambient touchscreen, and a hands-free experience powered by Cortana.

Migration updates – Migration Manager general availability and SPMT adds Teams support

We are pleased to share Migration Manager – part of the SharePoint admin center - has completed rollout to Microsoft 365, including commercial and government cloud customers. We, too, have updated the SharePoint Migration Tool (SPMT) – adding support for migrating content to Microsoft Teams.

A New RecoverableItems Experience Comes to Exchange Online!

We are excited to announce that RecoverableItems, a tenant admin PowerShell cmdlet, has shipped to the preview version of Exchange Admin Center with a new UI!

Azure geo-zone-redundant storage is now general available

Geo-zone-redundant storage (GZRS) and read-access geo-zone-redundant storage (RA-GZRS) are now generally available, offering intra-regional and inter-regional high availability and disaster protection for your applications.

Azure Storage account failover is now generally available

Customer-initiated Storage account failover is now generally available, allowing you to determine when to initiate a failover instead of waiting for Microsoft to do so. When you perform a failover, the secondary replica of the Storage account becomes the new primary, and the DNS records for all Storage service endpoints—blob, file, queue, and table—are updated to point to this new primary. Once the failover is complete, clients will automatically begin reading from the Storage account and writing data to it in the new primary region, with no code changes.

Windows Server

Installation of SCOM Reporting 2019 after UR1

Lately, we have observed a strange issue with users unable to install SCOM reporting 2019 when Update Rollup 1 is installed in the environment. Below are the steps to successfully install the component. Please make sure that you are using the correct Build numbers of Update Rollup.

Endpoint analytics is now available in public preview

With this initial release of Endpoint analytics, we provide insights to help you understand your devices’ reboot and sign-in times so you can optimize your users’ journey from power on to productivity.  It also helps you proactively remediate common support issues before your users become aware of them which can help reduce the number of calls your helpdesk gets. Endpoint analytics even allows you to track the progress of enabling your devices to get corporate configuration data from the cloud, making it easier for employees to work from home.

How to Troubleshoot Windows Server Network connectivity issues via PowerShell

The Test-NetConnection cmdlet displays diagnostic information for a connection. It supports ping test, TCP test, route tracing, and route selection diagnostics. Depending on the input parameters, the output can include the DNS lookup results, a list of IP interfaces, IPsec rules, route/source address selection results, and/or confirmation of connection establishment.

Released: Azure SQL Managed Instance Management Pack (7.0.22.0)

System Center Operations Manager Management Pack for Azure SQL Managed Instance is now available. If you have a hybrid data environment and SCOM is your preferred monitoring solution, you can now use it to monitor your Azure SQL Managed Instances in addition to on premises SQL Servers, SQL VMs, and Azure SQL DBs. 

Windows Client

What’s new for IT pros in Windows 10, version 2004

Windows 10, version 2004, officially known as the Windows 10 May 2020 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business, and can be downloaded from Visual Studio Subscriptions, the Software Download Center (via Update Assistant or the Media Creation Tool), and the Volume Licensing Service Center. For those of you exploring your deployment options in a remote work scenario, check out Deploying a new version of Windows 10 in a remote world.

Active Investigation into Outlook Crashing on Launch

There is a new symptom of Outlook crashing on launch starting on 7/15/2020.   A fix has been published but will take time to propagate to worldwide availability. 

Security

Configure authentication session management with Conditional Access

In complex deployments, organizations might have a need to restrict authentication sessions.  Conditional Access controls allow you to create policies that target specific use cases within your organization without affecting all users.  Session controls provides you the ability to modify how often the user must re-authenticate.

Why are my users not prompted for MFA as expected?

It may be frustrating after have MFA enabled for quite some time that now all of a sudden some of your users are no longer receiving the MFA prompt while logging into applications which required this before.  Read on to discover why this may be the new user experience.

Announcing GA: Mark new files as ‘sensitive by default’ in OneDrive and SharePoint

When new files are added to SharePoint or OneDrive in Microsoft 365, it takes a while for them to be crawled and indexed.  It takes additional time for the Office Data Loss Prevention (DLP) policy to scan the content and apply rules to help protect sensitive content. If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing.  Instead of turning off external sharing entirely, you can address this issue by using a new PowerShell cmdlet.

Announcing general availability of the new version of Microsoft Secure Score

Earlier this year we blogged about the latest public preview of Microsoft Secure Score and today we’re pleased to announce that we‘ve completed our global roll out making it generally available to all of our commercial customers.

Announcing general availability of the new version of Microsoft Secure Score

Earlier this year we blogged about the latest public preview of Microsoft Secure Score and today we’re pleased to announce that we‘ve completed our global roll out making it generally available to all of our commercial customers.

Creating a Custom Dashboard for Azure Security Center with Azure Resource Graph

Azure Resource Graph (ARG) provides an efficient way to query at scale across a given set of subscriptions for any Azure Resource. With ARG, you can query, visualize, or export Azure Security Center (ASC) recommendations in order to get the information that matters most to you.

identityProtectionRoot resource type

Identity Protection is a tool that allows organizations to discover, investigate, and remediate identity-based risks in their environment. You can use the following Microsoft Graph APIs to query risks detected by Identity Protection.

Protect and Secure Cloud-based Applications using Azure MFA

In this guide step by step, we show you how to enable MFA for an Azure App Service web app so authentication is taken care of by Azure Active Directory, and users accessing the app are forced to perform multifactor authentication using conditional access policy that Azure AD will enforce.

Announcing high value asset tagging in Microsoft Defender ATP

We are excited to introduce a new setting in Microsoft Defender ATP that allows customers to define a machine’s value to the organization. 

Updates and Support Lifecycle

Support update for Azure AD Premium customers using Microsoft Identity Manager

For Azure AD Premium customers, standard support is available from June 2020 onward, continuing after January 2021, for specific components of Microsoft Identity Manager 2016 Service Pack 2, or later service packs, that enable Azure AD integration. This is in addition to the existing support for Microsoft Identity Manager already provided through the fixed lifecycle policy and plans for support for businesses.

Impact of Changes to Update Channels for Microsoft 365 Apps

Microsoft recently made changes to the update channels for Microsoft 365 Apps. For the official announcement of these changes, read this blog post. For Microsoft Endpoint Configuration Manager admins that manage Microsoft 365 Apps updates, actions may be required depending on your environment.

Released: June 2020 Quarterly Exchange Updates

Announcing the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previously released security updates. 

Azure API Management update – July 2020

A regular Azure API Management service update was started on July 8, 2020. Continue to the article to see what it includes in terms of new features, bug fixes, and changes, along with other improvements.

Products reaching End of Support for 2020

Microsoft Premier Support News

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.