Tech news for the week of August 19th, 2024
Topics in this week’s Tech Newsletter
What’s New Updates
Training
Copilot and AI
Windows 365 and Azure Virtual Desktop
Microsoft 365
Microsoft Defender
Azure
Server
Identity Protection and Management
Information Protection and Management
Intune
Device Management
Scripting and Automation
Security Tools and Guides
Microsoft News
Security News
Industry Specific News
?
What’s New Updates
What’s new in Copilot | July 2024 (1st party)
Welcome to the July 2024 edition of What's New in Copilot for Microsoft 365! Every month, we highlight new features and enhancements for Copilot for Microsoft 365, to keep Microsoft 365 admins up to date with Copilot features that help your users be more productive and efficient in the apps they use every day.? And don’t miss the new monthly series designed to empower small and midsized businesses to harness the power of AI at work, Grow your Business with Copilot for Microsoft 365.
What's new in Microsoft Sentinel (1st party)
This article lists recent features added for Microsoft Sentinel, and new features in related services that provide an enhanced user experience in Microsoft Sentinel. The listed features were released in the last three months.
What's new in Microsoft Entra ID? (1st party)
Microsoft Entra ID (previously known as Azure Active Directory) receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about the latest releases, known issues, bug fixes, deprecated functionality, and plans for changes.
?
Training
Microsoft Virtual Briefing - Unveiling the Shield: Navigating Microsoft Security Exposure Management (1st party) [FREE]
August 20: Cyberattacks are becoming more sophisticated, and traditional security measures are no longer sufficient. Enter Microsoft’s Security Exposure Management—a powerful solution designed to proactively identify and mitigate security risks before they escalate. Join us as we dive deep into Microsoft Security Exposure Management, a transformative solution designed to unify disparate data silos and extend end-to-end visibility across all assets. In this session, you will learn how to: discover and inventory all your assets, analyze and remediate your exposure based on business context and threat intelligence, monitor and report on your exposure risk with metrics and dashboards. Integrate it with existing security tools and workflows to streamline your exposure management program.
?
Copilot and AI
Water is the planet’s most precious resource. It is life. In Scotland, Scottish Water’s 4,500 people provide water and wastewater services to 2.6 million households. In addition to field operations and the treatment works themselves, digitalisation plays a big role at Scottish Water: it helps the company to analyse the water cycle and better understand water demand. This crucial work is often interrupted by tedious tasks that keep people from doing what they love most—delivering safe drinking water to Scotland’s homes and recycling waste water in ways that are good for the environment. Reducing mundane tasks to a minimum, and thus freeing up time for employees to work on the more meaningful tasks, makes for an even more motivated workforce. This is exactly what Scottish Water achieved when it implemented Copilot for Microsoft 365.
Harnessing the full power of AI in the cloud: The economic impact of migrating to Azure for AI readiness (1st party)
As the digital landscape rapidly evolves, AI stands at the forefront, driving significant innovation across industries. However, to fully harness the power of AI, businesses must be AI-ready; this means having defined use-cases for their AI apps, being equipped with modernized databases that seamlessly integrate with AI models, and most importantly, having the right infrastructure in place to power and realize their AI ambitions. When we talk to our customers, many have expressed that traditional on-premises systems often fall short in providing the necessary scalability, stability, and flexibility required for modern AI applications. A recent Forrester study, commissioned by Microsoft, surveyed over 300 IT leaders and interviewed representatives from organizations globally to learn about their experience migrating to Azure and if that enhanced their AI impact.
?
Windows 365 and Azure Virtual Desktop
Windows 365 service resilience (1st party)
Windows 365 is designed to provide a resilient and reliable service for organizations and end users, connecting to, and using their Cloud PCs. Windows 365 uses the Azure Virtual Desktop service to connect and broker end user connections to their Cloud PC in any of the supported Azure regions from anywhere, on any device. To minimize outages and support end user and administrator requests, resilience is architected into these services. In addition to this, Windows 365 operates another set of platform infrastructure that provides the many administrator and end user features that manage and control the overall Windows 365 experience. Microsoft fully manages this infrastructure.
This article is a reference for the settings that are available in the Windows 365 Cloud PC security baseline that you can deploy with Microsoft Intune. For each setting we list the baselines default configuration, which is also the recommended configuration for that setting provided by the relevant security team. Because products and the security landscape evolve, the recommended defaults in one baseline version might not match the defaults you find in later versions of the same baseline. Different baseline types, like the MDM security and the Defender for Endpoint baselines, could also set different defaults.
We are thrilled to announce that AI-powered Cloud PC recommendations are now available to all Windows 365 administrators. This new AI-powered capability provides you with tailored recommendations to optimize the use and performance of Windows 365 Cloud PCs. IT administrators often face challenges after purchasing licenses for their Cloud PC deployments. Managing the total cost of ownership (TCO) while ensuring a productive employee experience can be complex. Admins need to determine the best Cloud PC configurations for their specific needs, optimize with various configurations, and maintain optimal use. Without appropriate information, this struggle can lead to several outcomes. The good news is that to improve the employee experience or to reduce TCO, you can optimize Cloud PC usage dynamically by resizing devices or deprovisioning them based on activity. By leveraging machine learning algorithms, Windows 365 analyzes resource utilization data with an evolving model, providing you with immediate and actionable insights about Cloud PCs that are underused, sized appropriately, or could otherwise benefit from resizing. These AI-powered recommendations help simplify management of devices and offer specific sizing information for Cloud PCs, making the assignment of an optimized device simple and intuitive. As usage evolves and changes over time, you can continue to utilize this intelligent resource to help make informed decisions that enhance the overall Windows 365 experience and optimize device usage over time.
New GPU-enabled Windows 365 experiences (1st party) [VIDEO]
This video showcases the capabilities of GPU-enabled Cloud PCs in Windows 365, highlighting how they can securely run demanding workloads on any device. It demonstrates the use of powerful accelerators in the cloud to deliver high-performance experiences for graphic design, video editing, 3D modeling, and more. The video also explains the different GPU options available, their specifications, and the benefits of fast data transfer and low latency. Additionally, it covers the integration with Microsoft Intune for easy management and security compliance, making Windows 365 an ideal solution for both individual and shared use cases.
We are pleased to announce the general availability of Windows 365 and Omnissa Horizon integration. This integration offers new and existing Omnissa customers the ability to layer the Blast protocol with Windows 365 for an IT admin. It allows joint customers to connect to their Windows 365 Cloud PCs over the Horizon Blast protocol and gateway. "Omnissa is excited to bring Horizon's capabilities to Windows 365,” said Arindam Nag, VP, of Product Management for Omnissa Horizon. “This integration ensures our joint customers can use both solutions for their virtualization needs. Expanding our collaboration to include Windows 365 allows us to bring Horizon value to Cloud PCs across a wide range of end-user needs and diverse work environments.”
Today, we're excited to highlight a few newly added and upcoming features that strengthen the Windows 365 security foundation. We are constantly innovating to ensure that Windows 365 continues to provide a safe environment to securely stream your personalized Windows desktop, apps, settings, and content from the Microsoft Cloud to any device. Windows 365 provides security in various layers—identity, access, and data—when employees use their Cloud PCs. Existing capabilities like Conditional Access policies help protect user identities and ensure that Cloud PCs are accessed securely from any device. Customer managed keys help encrypt and protect data. As businesses and individuals increasingly rely on cloud platforms to store, process, and access their information, the risk of data breaches, unauthorized access, and cyberattacks becomes more significant. Below are a few newly added features that support Windows 365 in providing integrity, robustness, and reliable remote access to your Cloud PCs.
Configure the clipboard transfer direction and data types that can be copied in Azure Virtual Desktop (1st party)
Clipboard redirection in Azure Virtual Desktop allows users to copy and paste content, such as text, images, and files between the user's device and the remote session in either direction. You might want to limit the direction of the clipboard for users, to help prevent data exfiltration or malicious files being copied to a session host. You can configure whether users can use the clipboard from session host to client, or client to session host, and the types of data that can be copied. You apply settings to your session hosts. It doesn't depend on a specific Remote Desktop client or its version. This article shows you how to configure the direction the clipboard and the types of data that can be copied using Microsoft Intune or Group Policy.
Today, we're excited to share that Windows 365 management capabilities are now generally available on N-able Cloud Commander. N-able provides remote monitoring and management solutions for managed service providers (MSPs) and cloud solution providers (CSPs). N-able Cloud Commander is a multitenant solution for the Microsoft Cloud that enables MSPs and CSPs to manage Microsoft users, Microsoft Azure resources, and Microsoft Intune from a single console. The new Windows 365 integration with N-able Cloud Commander provides MSPs and CSPs with comprehensive management and monitoring capabilities for Windows 365 Cloud PCs.
?
Microsoft 365
Microsoft Loop | Live, Five-Part Learning Series (1st party)
Are you ready to learn more about Microsoft Loop? We have five upcoming Loop events for you – numerous opportunities to see Microsoft Loop in action, to learn about upcoming roadmap items and Copilot/AI innovations, ask questions, get time-saving tips and tricks, and provide direct feedback to the Loop product team. We’re all eyes and ears each week for five weeks – starting August 14th, 2024. Review each weekly, online learning opportunity below. Register to learn and share all things Loop – there it is! If you can’t make it to one, each part will be made available for on-demand viewing as soon as possible; we’ll keep this blog up to date throughout the series.
We are happy to announce the launch of the new contact editor in Outlook Mobile, designed to enhance your contact experience on both iOS and Android platforms. This editor enables users to seamlessly add and edit contacts in a compliant manner and will replace the use of the devices’ native editors in Outlook Mobile. We have received feedback about compliance concerns in the previous native Android and iOS editors related to managing and enforcing Intune policies for contact editing in Outlook Mobile. Many users have also shared feedback about the inconsistent experience across different devices with the former editors.
Windows App general availability coming soon (1st party)
We are delighted to announce that the Windows App for Windows, Web, iOS, and macOS, currently in preview, will be generally available this fall. Also announced for this fall is the Windows App for Android public preview. The Windows App is your gateway to securely connect to Windows on any device or app across Windows 365, Azure Virtual Desktop, Remote PC, Remote Desktop Services, Microsoft Dev Box, and more. Enjoy the simplicity of a unified client that securely connects you to your Windows workspace in the cloud from any device. Enhance productivity with customizable home screens, support for multiple monitors, and USB redirection. Benefit from advanced security features, including multifactor authentication, which ensure a seamless and robust connection to your Cloud PCs and enable you to work efficiently from any location, at any time.
Frontline workers need to engage with customers while staying connected to coworkers and operations. Having the right solutions helps organizations fill technology gaps and attract and retain skilled employees to work securely from any device, anywhere. Download the infographic Strengthen your frontline with a tech-empowered workforce to learn why empowering frontline workers allows them to work, communicate, and collaborate more effectively. You’ll also discover potential benefits in deploying Microsoft 365, including an increase in frontline worker productivity resulting in $12.1M growth over three years, increased net margins of $1.1M by improving customer experience, improved engagement, up-to-date operations, and strengthened security.
Viva Connections is the one stop place for all employee service where employees can easily access the relevant company information and their personal tools. We keep on evolving and improving the Viva Connections experiences constantly with new out-of-the-box features and new extensibility opportunities.
How to unlock a more organized and efficient workflow with subtasks in Planner (1st party) [VIDEO]
This video introduces the new subtasks feature in Planner, available in Premium Plans. Subtasks help break down complex tasks into manageable pieces, making it easier to stay organized and efficient. The video explains how to create subtasks, assign them, set due dates, and add attachments, with support for up to 10 levels of subtasks. This feature is designed to enhance project management by keeping the big picture in sight while managing detailed tasks.
On August 1, 2024, the new Outlook for Windows (aka “the Monarch client” attained generally available status (also see Microsoft 365 message center notification MC810420). According to Techopedia, general availability is the point in the life cycle for software when the software is made available for sale. All the necessary actions to prepare for worldwide distribution localization and support are complete and the software is free of critical bugs. In previous times, this was the point where developers released the software to manufacturing (RTM) to generate the disks, CDs, or DVDs used for customer distribution. General availability does not mean that software contains all the features desired by customers nor that the product release is functionally equivalent to a prior version. This is the situation that we find the new Outlook for Windows in because it lags Outlook classic in many significant areas. However, the new Outlook for Windows is now fully supported for deployment in production. If you have users who like OWA, it’s probably a good idea to consider asking them to switch. The users won’t see much difference and they’ll give your organization a valuable test group to measure progress for the new client.
With the shift to remote work, virtual meetings are essential for organizations. However, virtual meetings can also pose security risks. Teams Premium is an add-on license that adds to the existing Teams capabilities with personalization, intelligence, and protection. Teams Premium is ideal for organizations that want to add functionality to their Teams meetings and webinars and get additional options for security and privacy. In this article, I focus on the security aspects of Teams Premium and guide you through the various security options and settings. To use Teams Premium, you must have a Teams license. Teams Premium can be added to any Teams license. All meeting security functionality described here is “organizer-based” in terms of licensing, meaning only the meeting organizer needs a Teams Premium license assigned.
Enterprise Impacting: What are we to make of the announcement in message center notification MC836942 (26 July 2024) that Microsoft plans to charge for storing unlicensed OneDrive for Business sites through Microsoft 365 Archive? Slipped into the newsfeed late on a Friday afternoon (the recommended way to share bad news), Microsoft’s announcement is both unexpected and entirely predictable. It’s unexpected because Microsoft hadn’t communicated their intention of doing this during high-profile conference keynotes (perhaps because of the bad news element). It’s predictable because Microsoft hadn’t the tool to handle unlicensed OneDrive sites until Microsoft 365 Archive came along. Archiving unlicensed sites makes a ton of sense. An unlicensed OneDrive site can exist for several reasons. The most common is that the site comes within the scope of a retention policy (or items within the site have retention labels). In this situation, OneDrive must retain the sites even after the retention period configured for deleted OneDrive accounts (by default 30 days) elapses. It’s also possible that the owner’s account no longer has a OneDrive license. The simplest reading for this story is that Microsoft wants organizations to clean up (remove) unlicensed OneDrive sites. It could also be a step to help organizations manage the removal of OneDrive sites belonging to ex-employees better. These reasons are valid, but as often the case with Microsoft, some other influences might also contribute to the decision.
?
Microsoft Defender
Announcing quarantine release integration in Microsoft Defender for Office 365 hunting experience!! (1st party)
We are excited to introduce the new quarantine release integration within Microsoft Defender for Office 365 as part of the hunting experience. This enhancement allows Security Operators (SecOps) to address false positives more efficiently and with greater flexibility in Microsoft Defender for Office 365. With this new capability, SecOps can now move quarantined messages to Inbox across hunting experiences - Threat Explorer, Advanced Hunting, Email summary panel, Email Entity Page, and custom detection. SecOps team members can act on both single and quarantine messages in bulk. To act on a single message, use the Email Entity page, to act on multiple messages use Threat Explorer, Advanced hunting, custom detection rules in Defender XDR.
In this blog post, I will discuss the efficient monitoring of Microsoft Sentinel workbooks through Dashboard Hub and the creation of customized reports using Power BI. Microsoft Sentinel provides a variety of pre-built workbooks that are crucial for visualizing data and enhancing operational efficiency. Given the numerous workbooks available in our content hub solution, organizing them into dashboards ensures that stakeholders can easily access data relevant to their specific interests. At this point, I presume you have determined the workbooks you intend to save and identified which stakeholders require access to specific workbooks for their daily tasks. Let’s delve into the solution.
Enhancing vulnerability prioritization with asset context and EPSS - Now in Public Preview (1st party)
Vulnerability prioritization is a critical component of an effective Vulnerability Risk Management (VRM) program. It involves identifying and ranking security weaknesses in an organization's systems based on their potential impact and exploitability. Given the vast number of potential vulnerabilities, it is impossible to address all of them at once. Effective prioritization ensures that the most critical vulnerabilities are addressed first, maximizing security efforts. This approach is crucial for defending against cyberattacks, as it helps allocate resources effectively, reduce the attack surface, and protect sensitive data more efficiently. We are excited to announce the addition of three crucial factors to our prioritization process in Microsoft Defender Vulnerability Management, aimed at improving accuracy and efficiency. These factors include information about critical assets (defined in Microsoft Security Exposure Management), information about the internet-facing device, and an Exploit Prediction Scoring System (EPSS) score. In this article, you can learn more about each of these enhancements, how they contribute to a more robust vulnerability prioritization process, and how you can use them.
This update services the EDR sensor included in the new Microsoft Defender for Endpoint unified solution package released in 2021. Installation is required before this package can be applied. For more information about prerequisites and installation steps refer to Onboard Windows servers to the Microsoft Defender for Endpoint service. This update gets released periodically, and with the same KB number (5005292). When it is deployed, this article will be updated with the latest version number for MsSense.exe. It may take a while before the package is fully available for all channels including WSUS - this may mean that the version reflected in the Windows Update Catalog remains behind until broad deployment is reached.
Announcing Microsoft Defender for Office 365 API’s for retrieving threat data and remediating emails (1st party)
We are excited to announce the release of new Microsoft Defender for Office 365 API’s which enable security teams to leverage threat information and response capabilities of Microsoft Defender for Office 365 inside automation and security orchestration tools of their choice. These new API’s enable your security teams to achieve more within their existing toolsets by leveraging the power of Microsoft Defender for Office 365! We believe that these new API’s will enable us to meet the SOC where they are, enable your teams and third-party security vendors to natively interact with Microsoft Defender for Office 365. Our new API’s are built around least-privilege with its own permission scopes, complete with auditing capabilities, allowing you to perform automation and integration securely in your organization. It does not matter if you are using Sentinel, a third-party SOAR platform, logic apps, PowerShell automation, python scripts, or any other tool – these API’s are about meeting you where you are so you can leverage the power of Microsoft Defender for Office 365 to help secure your organization.
Defend with the only security operations platform that combines the full power of a cloud-native SIEM, native XDR, global threat intelligence, and generative AI. This comprehensive, AI-powered unified platform helps SOC teams automatically disrupt in-progress attacks, detect and defend across the entire kill chain, get end-to-end-visibility into threats all in one place, automate threat response across security systems, proactively improve security posture and reduce risk exposure, and supercharge SOC productivity with generative AI.
Microsoft Sentinel now provides the ability to create dynamic summaries using Azure Monitor summary rules, which aggregate large sets of data in the background for a smoother security operations experience across all log tiers. Access summary rule results via Kusto Query Language (KQL) across detection, investigation, hunting, and reporting activities. Run high performance Kusto Query Language (KQL) queries on summarized data. Use summary rule results for longer in investigations, hunting, and compliance activities.
The CISA Known Exploited Vulnerabilities Catalog helps organizations prioritize vulnerabilities, as an end user you want to be notified when a new vulnerability is added. This blog describes four different solutions in Microsoft Sentinel to automate the notification process, leaving you with the important task of analyzing this new threat. The four automation solutions presented in this blog are email notifications, Teams channel notifications, Sentinel incidents, and Sentinel Analytics Rules.
Microsoft Sentinel customers, get ready to streamline your security monitoring and investigation workflows with the official 1Password integration for Microsoft Sentinel. 1Password for Microsoft Sentinel is an end-to-end solution allowing you to ingest 1Password Events API data directly to Microsoft Sentinel. This brings visibility to 1Password audit events, sign-in activity, and shared item usage, with the full power of Microsoft Sentinel. You can get started right away with alerts and a dynamic, customizable dashboard thanks to out-of-the-box analytics rules and workbooks. Stay in the know with real-time alerts for successful and failed login attempts as well as account and billing changes. Gain insights into user adoption and usage, file uploads, and item modifications for accountability and transparency. Proactively identify potential security threats and attacks, equipped with actionable suggestions with 18 analytics rule templates. Consolidate 1Password logs into Microsoft Sentinel, allowing for a single pane of glass and reducing the time spent toggling between different apps and services.
?
Azure
Set a blob's access tier (1st party)
This article describes how to manage a blob in an online access tier. The default access tier setting for a general-purpose v2 storage account determines in which online tier a new blob is created by default. You can set the default access tier for a general-purpose v2 storage account at the time that you create the account or by updating an existing account's configuration. When you change the default access tier setting for an existing general-purpose v2 storage account, the change applies to all blobs in the account for which an access tier hasn't been explicitly set.
领英推荐
We are excited to announce the general availability of custom Shortpath settings at the host pool level. Now you can granularly control how RDP Shortpath is used by configuring the networking settings of a host pool through the Microsoft Azure portal or Azure PowerShell. By configuring RDP Shortpath on the host pool, you can specify which RDP Shortpath options to apply, in addition to the session host configuration. In cases where there is a conflict between the host pool and session host settings, the most restrictive setting will be enforced. For instance, if RDP Shortpath for managed networks is enabled on the session host but disabled at the host pool level, RDP Shortpath for managed networks will not function. This enhanced granular control allows you to optimize network setup at the host pool level without making changes to the network setup. It also makes it so you no longer need to set the RDP Shortpath using Group Policy or Microsoft Intune policy at the session host level. By fine-tuning these settings, you can ensure smoother remote desktop sessions and better utilization of your network resources, leading to increased productivity and satisfaction for your end users.
Identify your savings potential in Azure (1st party)
Are you spending more than you need to in the cloud? Do you want to learn how to monitor, analyze, and optimize your Azure costs? If so, this document is for you. In this document, we will introduce you to some of the key features and capabilities of Azure Cost Management, Azure Advisor, and the Cost Optimization workbook, and show you how to use them to find and implement cost optimization opportunities. You will learn how to use Cost analysis to understand your cost drivers and trends, and how to investigate the root causes of cost changes or spikes. You will also learn how to use Azure Advisor to implement cost optimization best practices and recommendations, and how to use the Cost Optimization workbook to analyze and optimize your usage and costs across your environment. Additionally, you will learn how to perform an architectural review to align your solutions with the Well-Architected Framework, and how to stay updated with the latest cost optimization news and resources. By using these tools and services, you can reduce your cloud spending and improve your cost efficiency, while aligning your costs with your business needs and goals.
Azure FinOps: Introduction and Assessments (3rd party)
This episode of the Azure Enablement Show that FinOps, a framework and practice for managing cloud spending and maximizing value. FinOps expert Dirk Brinkman explains the principles, domains and capabilities of FinOps and shows some of the Microsoft resources that can help customers implement it. Dirk also provides a demonstration of the FinOps review assessment tool, which can help customers assess their current maturity level and identify areas of improvement.
?
Server
Windows Server 2025 Secured-core Server (1st party)
The server threat landscape is constantly evolving with cybercriminals becoming more ambitious and sophisticated in their attacks, and the damage is becoming more costly to those targeted. In April 2022, the ransomware group Conti carried out two massive ransomware attacks that breached the Costa Rican government and affected nearly 30 different ministries and different essential services within the country. This attack was so disruptive that the President of Costa Rica had to declare a state of National Emergency, the first ever such instance in response to a cyberattack. In different incidents, Shields Health Care Group had a data breach where nearly 2 million patient records were stolen by attackers, and Medibank Private Ltd., one of the largest health insurance providers in Australia had data pertaining to 9.7 million customers stolen. In the latter case, the attackers threatened to release the customer data on the dark web unless a ransom was paid. Servers are the backbone of modern businesses, and they store and process vast amounts of sensitive data. As a result, server security is critical to protect against cyberattacks that can cause financial losses, reputational damage, and legal liabilities. In 2021, Microsoft announced the launch of Secured-core servers in partnership with our silicon partners and original equipment manufacturers (OEMs). These servers offer some of the most advanced hardware-based security capabilities that make it harder for adversaries to carry out cyberattacks. In this post, we will provide an example of how the upcoming Windows Server 2025 Secured-core servers seamlessly integrate with the broader suite of Microsoft's security offerings to not just identify but also help block real world attacks.
Plan for Hyper-V scalability in Windows Server (1st party)
This article gives you details about the maximum configuration for components you can add and remove on a Hyper-V host or its virtual machines, such as virtual processors or checkpoints. As you plan your deployment, consider the maximums that apply to each virtual machine, and those that apply to the Hyper-V host. Maximums continue to grow in Windows Server versions, in response to requests to support newer scenarios such as machine learning and data analytics.
The Future of Windows Server Hyper-V is Bright! (1st party)
There have been several recent changes in the virtualization market, so this month, I wanted to take a moment to respond to the flood of questions we are receiving about Hyper-V futures, Windows Server 2025, and more. I surmise this blog will garner questions in the comments section, so I plan to answer those questions in the next blog. Let’s get started beginning with Hyper-V itself. Hyper-V is Microsoft's hardware virtualization product. It lets you create and run a software version of a computer, called a virtual machine (VM). Each virtual machine acts like a complete computer, running an operating system and programs. When you need computing resources, virtual machines give you more flexibility, help save time and money, and are a more efficient way to use hardware than just running one operating system on physical hardware. This quick description is just the beginning of what Hyper-V delivers…
It’s been seven months since we released the last Public Preview for our “Modernized Gateway” (known as v2) -- today, we’re updating the Public Preview build with new functionality and bug fixes. As we get closer to officially releasing this version to general availability (GA), we want to hear from you first so that we proactively address any feedback you may have! Please note that this is still a Public Preview version of Windows Admin Center, so it is not recommended to install this build in your production environment. We’ve been working behind the scenes to ensure that Windows Admin Center is up-to-date, secure, and reliable. We suggest experienced users of Windows Admin Center and Windows Admin Center developers give this new build a try. Read on to learn about the new features and updates!
Azure Arc Jumpstart - Accelerate your Azure Arc learning and experimentation! (3rd party) [VIDEO]
This video introduces the Azure Arc Jumpstart kits, designed to simplify learning and experimenting with Azure Arc. The presenter explains how these kits help users try out various Azure Arc capabilities, such as onboarding servers, SQL, VMware environments, Kubernetes, and more. The video covers different scenarios, including retail and manufacturing use cases, and details the Arc Box and HCI Box setups for IT pros, DevOps, and DataOps. It also highlights the community-driven nature of the project, encouraging contributions and providing extensive resources like architecture diagrams, training materials, and documentation. The video emphasizes the ease of deployment and the ability to stop and delete resources to manage costs effectively.
As a shared service, Exchange Online has always limited the ability of mailboxes to send higher-than-normal volumes of email. The rationale is no single account should be able to hog resources to the detriment of others. Exchange Online uses a mechanism called the recipient rate limit to set a threshold for the traffic that an individual mailbox can generate. The recipient rate limit controls the number of individual recipients for outgoing messages that can be on messages sent from a mailbox. The current rate is 10,000 recipients daily. When computing the number of recipients in a day, a distribution list or Microsoft 365 group counts as a single recipient. The imposition of the recipient rate limit is an effective solution to prevent tenants from sending large quantities of unsolicited commercial email (spam).
Migrate servers to Azure using Azure Migrate (3rd party) [VIDEO]
This video, presented by Thomas Maurer, a cloud advocate at Microsoft, provides a comprehensive guide on how to migrate servers and applications to Microsoft Azure using Azure Migrate. It covers essential steps such as assessing your current environment, planning the migration, and executing the process using Azure Migrate’s tools. The video also highlights the importance of the Azure Cloud Adoption Framework and offers practical demonstrations within the Azure portal, making it an invaluable resource for anyone involved in cloud migration projects.
Today, the Azure Migrate team launched an update to the Azure Migrate service, which can help you discover, assess, and migrate applications, infrastructure, and data from your on-prem environment to Microsoft Azure. This is excellent timing since we all know that Windows Server 2008 and Windows Server 2008 R2 are soon out of support and you get free extended security updates if you migrate your VMs to Azure. With Azure Migrate, you can now centrally track the progress of your migration journey across multiple thrid-party and Microsoft tools. In addition, Azure Migrate can now assess and migrate your Hyper-V virtual machines (VMs).
Exchange Online mailboxes are literally stuffed full of information. It’s not just email that finds its way into folders. Mailboxes also hold calendar events, contacts, tasks, compliance records, and anything else that users and developers store. Exchange Web Services (EWS) has long been the API for access to mailbox data. But Microsoft will block EWS access for non-Microsoft apps from 1 October 2026. Even if Microsoft has some gaps in coverage to close, the Graph API is the path forward for app developers. Microsoft still hasn’t made much progress in the delivery of Graph APIs for Exchange Online management, but APIs do exist to access the most important mailbox elements: folders, messages, calendar events, and contacts. Tasks are handled by the long-term plan to unify tasks within Microsoft 365.
?
Identity Protection and Management
Manage users or devices for an administrative unit with dynamic membership rules (Preview) (1st party)
You can add or remove users or devices for administrative units manually. With this preview, you can add or remove users or devices for administrative units dynamically using rules. This article describes how to create administrative units with dynamic membership rules using the Microsoft Entra admin center, PowerShell, or Microsoft Graph API. Dynamic membership rules for administrative units can be created using the same attributes available for dynamic groups. Although administrative units with members assigned manually support multiple object types, such as user, group, and devices, it is currently not possible to create an administrative unit with dynamic membership rules that includes more than one object type.
Today I'm excited to announce a great new way to onboard employees with admin provisioning of FIDO2 security keys (passkeys) on behalf of users. Our customers love passkeys as a phishing-resistant method for their users, but some were concerned that registration was limited to users registering their own security keys. Today we’re announcing the new Microsoft Entra ID FIDO2 provisioning APIs that empowers organizations to handle this provisioning for their users, providing secure and seamless authentication from day one. While customers can still deploy security keys in their default configuration to their users, or allow users to bring their own security keys which requires self-service registration by a user, the APIs allow keys to be pre-provisioned for users, so users have an easier experience on first use.
DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. It is unclear how many certificates will be revoked during this process, but the company says it affects approximately 0.4% of the applicable domain validations they have conducted between August 2019 and June 2024. DigiCert is one of the prominent certificate authorities (CAs) that provides SSL/TLS? certificates, including Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV) certificates.
DigiCert urges critical infrastructure operators to request a delay if they cannot reissue their certificates, as required by an ongoing certificate mass-revocation process announced on Tuesday. The company is mass-revoking transport layer security (TLS) certificates because of a non-compliance issue with domain control verification (DCV). This procedure required 6,807 impacted customers to reissue 83,267 certificates within 24 hours by July 31, 19:30 UTC, after logging in to their DigiCert CertCentral account to identify affected certificates.
Entra ID Classifications have been a feature of Office 365 Groups (now Microsoft 365 Groups) since their introduction in 2015. They’re a text-only zero-intelligence method to mark a group with a visual indicator of the sensitivity of the content likely to be found in group discussions or the group SharePoint Online site. Microsoft has done nothing to develop classifications since 2017 or thereabouts because their focus is firmly set on sensitivity labels. Obviously, sensitivity labels – or rather, the container management version of sensitivity labels, are much more powerful, but the salient fact remains that not every Microsoft 365 tenant has access to sensitivity labels because organizations need Office 365 E3 or above to use Purview Information Protection.
?
Information Protection and Management
Dynamic watermarks for Purview (1st party)
When a user accesses a file with this label applied, by default, their email address is dynamically inserted as a watermark on each page of the file. Optionally, by using the PowerShell cmdlet Set-Label with the DynamicWatermarkDisplay parameter, you can specify a custom string that also supports variables (currently, the user's email address). This watermark is highly visible when viewing the file on a device, and persists when printed, although not when exported. This watermarking is more secure than the standard content markings for a label, because the user can't manually remove or change it. The only way to remove the watermark is to relabel the document, choosing a sensitivity label that applies a different dynamic watermark, or no dynamic watermark. However, as with all encrypted content, a user must have the usage right of Export or Full Control to remove the existing encryption.
Microsoft Announces General Availability of Microsoft 365 Backup and Microsoft 365 Backup Storage (1st party)
Microsoft 365 is designed to ensure high availability, disaster recovery, security, and data privacy. As the number of ransomware attacks and the scale of impacted data increase year over year, customers want enhanced self-service recovery capabilities over extended time periods. We're excited to announce the general availability of Microsoft 365 Backup, and the underlying developer-focused Microsoft 365 Backup Storage platform, delivering capabilities to help you address these growing challenges.
?
Intune
Known issue: New apps not added in APP when targeting "All Apps" or "All Microsoft Apps" (1st party)
Enterprise Impacting: We recently identified an issue where newly added apps aren’t targeted automatically in Microsoft Intune app protection policies (APP) when the policy is targeted to app groups such as "All Apps" or "All Microsoft Apps". While we’re working on a fix, we recommend updating existing policies that target app groups to ensure all apps within an app group are included and receive the application. There is a workaround provided here that can be used until this issue is resolved.
A prerequisite to managing Android Enterprise devices with Microsoft Intune is that organizations must first complete a one-time onboarding process which requires admins to create and manage a consumer Gmail account. Starting in August 2024, this process will no longer require Gmail accounts. Instead, we’re happy to announce that admins will be able to use their existing Microsoft Entra credentials to complete this one-time onboarding. For tenants connecting or reconnecting your Microsoft Intune tenant to Managed Google Play, you can now use your Microsoft Entra credentials to complete the onboarding process. Let’s walk through the new flow. As you work through the Prerequisites tab under Android enrollment, the new flow is invoked when you select “Launch Google to connect now”. At this point, a new tab is launched with the following screen. The Microsoft Entra credentials used to sign into the Microsoft Intune admin center will be pre-filled.
Use the information in this article to help you add an unmanaged macOS PKG app to Microsoft Intune.
Microsoft Intune Firewall Policy Reports (3rd party)
In this post, we will explore all the firewall policy reports available in Microsoft Intune. The Intune firewall policy reports show detailed information about the firewall status of your managed devices. For both Windows and macOS devices, you can configure the built-in firewall using the endpoint security Firewall policy in Intune. It is important to configure the firewall policy because if you don’t do so, the users can manage the firewall on their own which puts the devices at risk. The Intune firewall policy reports display status details about the firewall status for your managed devices. You can also use these reports to identify devices that have the firewall enabled or disabled. Note that the firewall reports in Intune support managed devices that run only Windows 11 and Windows 10.
?
Device Management
Windows news you can use: July 2024 (1st party)
It’s time to explore the latest in Windows security, device management, Windows Server, productivity, and collaboration, plus some important lifecycle updates. First, in response to the CrowdStrike issue impacting endpoints and servers, we issued a statement, released a signed Microsoft Recovery Tool, and followed up to share more on Windows resiliency: Best practices and the path forward. We then released an analysis of CrowdStrike's outage report, offering details on how security vendors and organizations can use the flexibility and integrated capabilities of Windows for increased security and reliability. (For more information on Windows 11 security, see the Windows security book.) Now let’s dig into recent enhancements and new features.
On new devices, Windows Update doesn't begin installing background updates until a user has completed the Out of Box Experience (OOBE) and signs in for the first time. In many cases, the user signs in immediately after completing the OOBE. However, some VM-based solutions provision a device and automate the first user experience. These VMs may not be immediately assigned to a user so they won't see an initial sign-in until several days later. In scenarios where initial sign-in is delayed, there is a registry value you can set to allow devices to begin background update work before a user first signs in.
OneDrive in Windows media is not up to date (3rd party)
OneDrive is not installed in the images on Windows 10/11 media. Instead, each Windows image contains a copy of OneDriveSetup.exe in the C:\Windows\System32 folder. This is automatically executed for each user that signs into the computer via a “Run” registry key in the default user profile. That might seem like an obvious statement: the OneDrive client is updated frequently, so of course the version of OneDrive that is included in Windows 10 and 11 media is going to be out of date. But just how out of date? Let’s take a look.
?
Scripting and Automation
Offline apps is the last remaining significant function of the Microsoft Store for Business on its path to full retirement. Offline apps allows customers to download packaged apps from the Microsoft Store for Business or Education for distribution through alternate mechanisms like a Windows Provisioning Package. With the impending retirement of the Microsoft Store for Business and Education on August 15, 2024, this offline apps functionality will also retire but the ability to download and distribute packaged apps from the Microsoft Store to devices with restricted connectivity to the Microsoft Store remains. For this reason, starting with version 1.8, Windows Package Manager (WinGet) added the capability to download packages from the Microsoft Store. Unless explicitly disabled, all Windows devices will have automatically updated to this version already. To check the version running locally, you can run winget –v from a command prompt.
We are enabling the rise of the AI engineer with GitHub Models–bringing the power of industry leading large and small language models to our more than 100 million users directly on GitHub. We are launching GitHub Models, enabling our more than 100 million developers to become AI engineers and build with industry-leading AI models. From Llama 3.1, to GPT-4o and GPT-4o mini, to Phi 3 or Mistral Large 2, you can access each model via a built-in playground that lets you test different prompts and model parameters, for free, right in GitHub. And if you like what you’re seeing on the playground, we’ve created a glide path to bring the models to your developer environment in Codespaces and VS Code. And once you are ready to go to production, Azure AI offers built-in responsible AI, enterprise-grade security & data privacy, and global availability, with provisioned throughput and availability in over 25 Azure regions for some models. It’s never been easier to develop and run your AI application.
In April 2024, I wrote about the new AuditLog Query Graph API. At the time, the API exhibited the normal rough edges found in any beta API, but I managed to use it to retrieve records from the Microsoft 365 unified audit log. Roll forward some months and cmdlets are available for the AuditLog Query Graph API in the beta version of the Microsoft Graph PowerShell SDK (I used version 2.21 to test). Microsoft uses a process called AutoRest to automatically generate SDK cmdlets from Graph API metadata and cmdlets usually turn up a month or so after an API appears. Running a query is a matter of constructing a hash table containing the parameters such as the start and end time and the operations to search for, checking for completion of the job, and downloading the results.
?
Security Tools and Guides
In a special report produced by Foreign Policy Analytics with financial support from Microsoft, researchers examine cyber deterrence strategies for NATO in the age of AI, bringing sharpened focus on the risks of, and responses to, hybrid warfare. Focusing on the most destructive cyberattacks, the analysis identifies critical deterrence gaps and presents cross-sectoral recommendations to deterrence stakeholders including member states and private industry. Cyber attackers are increasingly finding new ways to apply AI to enhance the scale, sophistication, and anonymity of their operations while reducing associated costs. Defenders, meanwhile, have recognized AI as a crucial asset that will require deepening public-private, civil-military, and allied nation collaboration. Get details from the joint 2023 Microsoft and OpenAI research study outlining how five known nation state actors were using large language models (LLMs) to enhance their operations.
This article describes the protection against the publicly disclosed Secure Boot security feature bypass that uses the BlackLotus UEFI bootkit tracked by CVE-2023-24932, how to enable the mitigations, and guidance on bootable media. A bootkit is a malicious program that is designed to load as early as possible in a devices boot sequence to control the operating system start. Secure Boot is recommended by Microsoft to make a safe and trusted path from the Unified Extensible Firmware Interface (UEFI) through the Windows kernel Trusted Boot sequence. Secure Boot helps prevent bootkit malware in the boot sequence. Disabling Secure Boot puts a device at risk of being infected by bootkit malware. Fixing the Secure Boot bypass described in CVE-2023-24932 requires revoking boot managers. This could cause issues for some device boot configurations.
Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. Redmond first acknowledged this known issue in January, days after widespread reports from Windows users of 0x80070643 errors. The company released the problematic KB5034441 (Windows 10 21H2/22H2), KB5034440 (Windows 11 21H2), and KB5034439 (Windows Server 2022) updates to fix CVE-2024-20666, a BitLocker encryption bypass flaw that can let attackers access encrypted data.
?
Microsoft News
Broadcast media leader Globo saves over 10% per year on PC and Mac management with Microsoft Intune (1st party)
Globo, a leading Latin American broadcast media brand, used to have another solution to manage the company’s 1,500 Macs besides Microsoft tools that always have been used to manage more than 13.000 PCs. The situation has created a scenario of decentralized management and additional costs. Today, Globo uses Microsoft Intune for security and management of Macs and PCs, and Windows Autopilot to automatically deploy Windows devices. The move helped Globo save more than five percent per year on its device management budget by unifying the solution and improving the employee experience.
Last month, we unveiled our Datacenter Community Pledge, emphasizing that datacenters are not only the backbone of modern technology but also a force for good in the communities they serve. As part of this commitment, at Microsoft we recognize our crucial role in protecting and replenishing freshwater resources both in the regions where we operate and around the world. That’s why in our datacenter operations, one of the essential engineering questions we ask each day is: how can we continue to conserve water while meeting growing customer demand for cloud and AI innovation? In datacenters, water is primarily used for cooling and humidification. As demand for high performance cloud and AI applications has grown over the past few years to fuel customer applications and enable a new frontier of discovery and innovation, so have the power requirements for silicon chips—the basic building blocks of cloud and AI computing—that sit within the racks and servers of datacenters. Because advanced chips typically utilize more power, they also generate more heat. To prevent the chips from malfunctioning, more intensive cooling is needed, and this has historically required consuming water.
?
Security News
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017. "In a file-sharing attack scenario, an attacker could provide a specially crafted document file designed to exploit the vulnerability, and then convince users to open the document file and interact with the document," Microsoft says.
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab's XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that can be used to execute arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems. "Considering its harm, I will not disclose more details in the short term," the security researcher tweeted, adding that blocking IPv6 on the local Windows firewall won't block exploits because the vulnerability is triggered prior to it being processed by the firewall.
A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. Promoted through text messages, the malware poses as a legitimate mobile security tool and can steal up to 15,000 EUR per transaction. According to researchers analyzing it, BingoMod is currently under active development, with its author focusing on adding code obfuscation and various evasion mechanisms to drop detection rate.
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems using IPv6, which is enabled by default. Found by Kunlun Lab's XiaoWei and tracked as CVE-2024-38063, this security bug is caused by an Integer Underflow weakness, which attackers could exploit to trigger buffer overflows that can be used to execute arbitrary code on vulnerable Windows 10, Windows 11, and Windows Server systems. "Considering its harm, I will not disclose more details in the short term," the security researcher tweeted, adding that blocking IPv6 on the local Windows firewall won't block exploits because the vulnerability is triggered prior to it being processed by the firewall.
Cybersecurity researchers are warning about a new phishing campaign that targets Microsoft OneDrive users with the aim of executing a malicious PowerShell script. "This campaign heavily relies on social engineering tactics to deceive users into executing a PowerShell script, thereby compromising their systems," Trellix security researcher Rafael Pena said in a Monday analysis. The cybersecurity company is tracking the "crafty" phishing and downloader campaign under the name OneDrive Pastejacking. The attack unfolds via an email containing an HTML file that, when opened, displays an image simulating an OneDrive page and includes the error message that says: "Failed to connect to the 'OneDrive' cloud service. To fix the error, you need to update the DNS cache manually."
?
Industry Specific News
Education: Support tip: Turn off Activation Lock in Apple Business Manager or Apple School Manager with Intune (1st party)
Activation Lock on Apple devices helps keep the device secure if it falls into the wrong hands and works to prevent unauthorized access to data on devices that are owned by your organization. While Intune has a feature to disable Activation Lock, we wanted to highlight that Apple has also made this functionality available in Apple School Manager (ASM) and Apple Business Manager (ABM), keep reading to learn more!