Tech news for the week of July 15th, 2024
Topics in this week’s Tech Newsletter
What’s New Updates
Training
Copilot and AI
Microsoft 365
Windows 365 and Azure Virtual Desktop
Microsoft Defender
Azure
Server
Identity Protection and Management
Information Protection and Management
Intune
Device Management
Scripting and Automation
Security Tools and Guides
Microsoft News
Security News
?
What’s New Updates
In 2022, we introduced Windows Admin Center in Azure, making it easy for you to manage your Windows Server Azure VMs directly from the Azure Portal. Since its release, we’ve been overwhelmed by the positive response and feature requests we’ve received. Over the last 2 years, we expanded to support Azure Arc-enabled Windows Servers and Azure Stack HCI clusters, providing you access to Windows Admin Center for your on-premises machines without. We’ve heard you and added secure, password-less authentication, giving you single sign-on using your Entra ID credentials. We also increased the performance by over 50% leveraging Azure Front Door as our content delivery network. We continue to release every month, providing you with new experiences, updates, and bug fixes.
Azure Sphere OS version 24.06 is now available for evaluation in the Retail Eval feed. The retail evaluation period for this release provides 14 days (about 2 weeks) of testing. During this time, please verify that your applications and devices operate properly with this release before it is deployed broadly to devices in the Retail feed. The 24.06 OS Retail Eval release includes a security update.
?
Training
Skilling snack: Windows Autopilot device preparation (1st party) [FREE]
Exciting new things have come to Windows Autopilot. If you’re not already familiar with this technology, Autopilot describes a group of technologies used to preconfigure new devices for productive use. To further simplify this process, Windows Autopilot device preparation became generally available in June.
Introduction to accessibility (1st party) [FREE]
This module presents the core ideas and definitions needed to understand accessibility concepts. You'll learn what accessibility means, why it's important for technology to be accessible to everyone, and about different assistive technologies.
Deploy, manage, and monitor Windows containers on Azure Kubernetes Service (1st party) [FREE]
Learn how to deploy, manage, monitor, and operate Windows containers on Azure Kubernetes Service and AKS Hybrid by examining the core principles of Windows containers and Kubernetes.
On Demand Instructor-led Training Series (1st party) [FREE]
Elevate your learning experience with our Course Video Training series. Each video lasts between 15 to 30 minutes, providing flexibility and empowering you to cover the course content at your own pace. Perfect for those looking for a supplementary resource to reinforce understanding, make the most of this resource and enhance your learning experience with additional insights and expert guidance.
One-Day Training on Azure Administrative Model: Secure Your Entra Tenant (3rd party) [PAID]
October 24: Join this intensive one-day training designed for IT professionals who are keen to deepen their understanding of cloud security through Microsoft’s Entra Security Services. This training will focus on the strategic implementation of these services to enhance control, visibility, and the security layers necessary to protect cloud tenants. Participants will learn to develop and enforce access controls specifically tailored to their organizational needs, while also enhancing visibility across cloud operations to preemptively address vulnerabilities. The course will emphasize the importance of layering security measures to fortify defenses against unauthorized access and breaches.
?
Copilot and AI
Technical Pattern: Build Your Own AI Assistant (1st party)
In an era where information is paramount, Microsoft presents the "Build Your Own AI Assistant" reference architecture, a robust framework designed to create customized AI assistants that can search, summarize, and interact with both private and public data. This cutting-edge solution enables organizations to develop AI capabilities tailored to their specific business needs, enhancing productivity and decision-making with a focus on ease of use and seamless integration into existing workflows. Microsoft's CSA CTO Office actively maintains a one click deploy solution accelerator for this reference architecture.
Effective and efficient communication is key when it comes to managing your workday. Whether you’re collaborating with colleagues, discussing project details, or simply sharing updates in a chat, the way you convey your thoughts changes depending on who you are talking to. Microsoft Copilot in Teams’ chat and channels compose box is a powerful tool that helps take your messages to the next level. In this blog, we’ll cover what this AI-powered tool is, how to access and prompt with it, as well as an exciting new feature: Custom tone.
Exploring Generative AI: A Hands-on Course on Prompt Engineering for non-tech students - Part 2 (1st party)
Welcome to Part 2 of our exploration into generative AI, where we delve deeper into the practical applications and creative potential of this innovative technology. This article highlights concrete examples from students projects of the course ‘Prompt Engineering’ at Fondazione Bruno Kessler (FBK) in Trento (Italy). The aim is to? showcase how students leveraged generative AI in unique ways. In particular, we'll focus on two fascinating projects: "Generative Music" and "Personal Chef," which exemplify the versatility and impact of generative AI in diverse fields.
New AI integration for your SQL databases | RAG, Vector Search, Admin Automation (1st party) [VIDEO]
Check out new AI integrations for your Azure SQL databases. With Retrieval Augmented Generation, you can bridge structured data with generative AI, enhancing natural language queries across applications. With advanced vector-based semantic search, discover precise insights tailored to your data, while Copilot in Azure streamlines troubleshooting and T-SQL query authoring. Optimize workflows, personalize responses, and unlock new levels of efficiency in SQL-driven AI applications. Accelerate performance troubleshooting and complex query authoring tasks with Copilot in Azure. Quickly diagnose database issues and receive expert recommendations for optimization, ensuring optimal performance and reliability. Seamlessly traverse hierarchies within tables and generate intricate queries with ease, saving time and resources. ?Bob Ward, Azure Principal Architect, shows how to unleash the full potential of your SQL data, driving innovation and intelligence across your applications.
?
Microsoft 365
Enterprise Impacting: Office connectors in Microsoft Teams deliver content and service updates directly from third-party services into a Teams channel. By using Office connectors, users can receive updates from popular services such as Azure DevOps Services, Trello, Wunderlist, GitHub, and more. Office connectors post these updates directly into the chat stream. This functionality makes it easy for all team members to stay in sync and informed on relevant information. Starting August 15th, 2024 we will be retiring the Office 365 connectors feature from Microsoft Teams. We recommend Power Automate workflows as the solution to relay information into and out of Teams in a scalable, flexible, and secure way.
Welcome to Copilot in Word (1st party)
Copilot in Word ushers in a new era of writing, leveraging the power of AI. It can help you go from a blank page to a finished document in a fraction of the time it would take to compose text on your own. And while it may write exactly what you need, sometimes it may be "usefully wrong" thus giving you some helpful inspiration. Additionally, Copilot Chat can provide helpful actions based on your document content or obtain additional content from outside resources. And if you’re looking for something more generic, beyond what's in your draft, you can ask Copilot Chat questions to research, ideate, or iterate on for possible content to add.
In today's diverse work environment, we understand that there is no one-size-fits-all solution when it comes to shared spaces and devices. Each organization has its unique spectrum of needs, and at Microsoft, we believe in providing solutions that cater to this variety. Our offerings are designed to adapt to different settings, ensuring that whether it's a shared workspace or a large conference room, the technology enhances collaborative experiences. Shared spaces are hubs for collaboration, creativity, and connectivity wherever you are. From traditional conference rooms and boardrooms to small focus or huddle rooms, and even work and meeting spaces to which you bring your own device, AI is already improving how we work. Thought leadership on space planning and utilization, innovation from our OEM partners, and Microsoft solutions have helped customers reimagine how to make the most out of their shared spaces to meet present and future needs.
Find out who's working on the same app (1st party)
Use copresence to identify individuals working on the same app as you in Power Apps Studio. When you're in read-only mode the command bar, add new screen, and edit control properties are disabled. The first time someone opens your app in Power Apps Studio while you're working on it, copresence indicators appear that shows other people are also working on the app. The maker that opens the app first has editing control. If a second user tries to open the app, a notification appears letting them know that someone else is editing the app so they're in read-only mode. If you're in read-only mode, you can save a copy of the app.
Advanced Project Planning with Microsoft Planner: Dependencies and Critical Path in Timeline View (1st party)
One of the top challenges in team initiatives is determining when the work will be completed, ensuring it meets deadlines, and understanding which tasks to prioritize so the project finishes on time. This is particularly difficult with multiple interdependencies. The tools teams use for work management need to drive more momentum and efficiency, helping team members reach the desired outcomes faster. Microsoft Planner offers advanced features like Dependencies and Identification of Critical Path all supported in the Timeline view to address these pain points and enhance these processes, making managing projects more efficient and precise.
SharePoint roadmap pitstop: June 2024 (1st party)
It's official - summer is here (in the Northern Hemisphere), happy Wintering Southern Hemi. No matter the latitude or the attitude, the altitude of tech delivery continued with verve and zest. June 2024 brought some great new offerings: Viva Amplify supports SharePoint audience targeting, SharePoint Premium: Autofill columns, SharePoint: Apply shapes to images, updated CLI for Microsoft 365 v7.10, Teams: File previews in messages, SharePoint: Text web part updates, OneDrive: Shortened URLs, Microsoft Designer updates + new icon, planner.cloud.microsoft, and more. Details and screenshots below, including our audible companion: The Intrazone Roadmap Pitstop: June 2024 podcast episode – all to help answer, "What's rolling out now for SharePoint and related technologies into Microsoft 365?"
Celebrating a year of innovation: Announcing the Microsoft Power Platform templates Cookbook Challenge (1st party)
In today’s fast-paced digital landscape, enterprise organizations are grappling with an ever-expanding application backlog, with over 1 billion apps expected to be built by 2028. However, there are only four million developers in the United States. This disparity underscores the urgent need for scalable solutions that empower organizations to bridge the gap between demand and developer capacity. Enter Microsoft Power Platform, a suite of low-code tools designed to empower both professional developers and citizen developers. By enhancing these tools with generative AI, we’ve revolutionized how applications are built, reducing the time and expertise needed to develop robust solutions. However, mastering Microsoft Power Platform isn’t instantaneous, which is why, a year ago, we introduced public preview versions of our enterprise application templates to accelerate organizations’ time to value and streamline the upskilling process.
?
Windows 365 and Azure Virtual Desktop
The future of Windows, Windows 365 and AI (1st party) [VIDEO]
This video, presented by Christiaan Brinkhoff, Principal Product Manager at the Windows Cloud engineering team, delves into the future of Windows, Windows 365, and AI. It highlights the integration of Windows 365 with various cloud services, the increasing adoption of cloud-native solutions, and the role of AI in enhancing productivity. The video also showcases new features and products, including the Windows 365 Cloud PC, the Windows app, and AI-powered devices. Brinkhoff emphasizes the importance of hybrid work environments and the seamless experience provided by Windows 365 across different platforms. The presentation concludes with a look at upcoming innovations and the potential of AI to transform the way we work.
Microsoft announced a new type of Windows 365 Cloud PC with Graphics capabilities via a Windows 365 GPU public preview in November 15, 2023. On Friday, myself and Paul presented on the topic of Windows 365 at the TunedIn: Leeds event, it was received with a lot of positivity and questions, so I thought I’d cover the Windows 365 Boot content here for those of you that couldn’t make it to the event, it was awesome!
On Friday, myself and Paul presented on the topic of Windows 365 at the TunedIn: Leeds event, it was received with a lot of positivity and questions, so I thought I’d cover the Windows 365 Boot content here for those of you that couldn’t make it to the event, it was awesome! So let’s look at what I covered in relation to Windows 365 Boot and why it matters. Your mileage may vary and you might not have any issues with Windows 365 Boot, please do let me know in the comments. When a user turns on their physical device and signs in, Windows 365 Boot signs them in directly to their Cloud PC, not their physical device. If single sign-on is turned on for their Cloud PC, they don't have to sign in again to their Cloud PC. This expedited sign in process reduces the time it takes the user to access their Cloud PC.
?
Microsoft Defender
We’re announcing new capabilities to help accelerate your transition to a Zero Trust security model with the general availability of the Microsoft Entra Suite, the industry’s most comprehensive secure access solution for the workforce, and the general availability of Microsoft Sentinel within the Microsoft unified security operations platform, which delivers unified threat protection and posture management. These innovations make it easier to secure access, identify and close critical security gaps, detect cyberthreats, reduce response times, and streamline operations.
Microsoft Defender Experts for XDR demonstrated excellent managed extended detection and response (MXDR) by unifying our human-driven services and Microsoft Defender XDR in the MITRE Engenuity ATT&CK? Evaluations: Managed Services menuPass + ALPHV BlackCat. In the first cyberattack, Defender Experts for XDR provided detection, visibility, and coverage under what Microsoft Threat Intelligence tracks as the threat actor Purple Typhoon. From the early steps in the intrusion, our team alerted the customer that 11 systems and 13 accounts were compromised via a malicious Remote Desktop Protocol (RDP) session, leveraging a Dynamic Link Library (DLL) Search Order Hijacking on a legitimate Notepad++ executable. As is common with this threat actor, the next cyberattack, established a Quasar RAT backdoor triggering keylogging, capturing credentials for the domain admin. After the loaders were executed, scheduled tasks were used to move laterally, execute discovery commands on internal network areas, and complete credential theft dumping.
With hybrid work here to stay and data-centric cyberattacks on the rise, safeguarding sensitive information is critical to every security strategy. While data loss prevention (DLP) is often considered for cloud storage locations, the management of removable storage devices such as USBs is equally important, to help ensure that data-at-rest is encrypted and integrity and confidentiality of sensitive information is maintained. We’re excited to announce that Defender for Endpoint device control support for BitLocker is now in public preview. This new feature provides security admins with more granular control through policy exceptions for BitLocker encrypted devices.
Microsoft Defender for Cloud Apps is one of the many puzzle pieces of the Microsoft XDR solution that helps you to secure your corporate environment. While Defender for Endpoint and Defender for Office 365 may be the more prominent names in this puzzle, Defender for Cloud Apps has a few aces up it’s sleeve that help you to protect access to corporate data on a complete other level. Many of you might already know the cloud discovery capabilities, which help you to get a deep insight into your companies usage of Software as a Service solutions. But the hidden champion is the Conditional Access App Control feature.
?
Azure
We want to dig into specifically, how Azure can deliver real business value through cost optimization and streamlined productivity for their Windows Server and SQL Server deployments when they migrate to Azure. We’ve helped countless organizations migrate their SQL Server and Windows workloads to Azure a critical 1st step in any transformation initiative. The move can help improve cybersecurity posture and business continuity, boost productivity, and lay the foundation for AI and other highly scalable data innovations, while automating updates, backups, and other time-consuming IT tasks.
Announcing Advanced Container Networking Services for your Azure Kubernetes Service clusters (1st party)
Following the successful open sourcing of Retina: A Cloud-Native Container Networking Observability Platform, Microsoft’s Azure Container Networking team is excited to announce a new offering called Advanced Container Networking Services. It’s a suite of services built on top of existing networking solutions for Azure Kubernetes Services (AKS) to address complex challenges around observability, security, and compliance. The first feature in this suite, Advanced Network Observability, is now available in Public Preview.
How to edit files in Azure Cloud Shell (1st party)
Azure Cloud Shell is a great tool to manage your Azure resources directly within the Azure Portal, Microsoft Docs, the Azure Mobile App or shell.azure.com. With Azure Files you even get persistent storage, which you can use to store scripts, Azure Resource Manager (ARM) templates, files and other tools. Sometimes you want to make a quick change to one of the files you are using in the Azure Cloud Shell, for that the Azure Cloud Shell comes with text editors like vi, vim, nano, and emacs. However, my favorite editor in Cloud Shell is code. Code is an editor based on the Visual Studio Code open-source project Monaco. Monaco is the same web-standards based editor that powers Visual Studio Code, and the editor is now integrated directly into Cloud Shell.
View and download your Microsoft Azure invoice (1st party)
You can download your invoice in the Azure portal or get it sent in email. Invoices are sent to the person set to receive invoices for the enrollment. If you're an Azure customer with an Enterprise Agreement (EA customer), only an EA administrator can download and view your organization's invoice. Direct EA administrators can Download or view their Azure billing invoice. Indirect EA administrators can use the information at Azure Enterprise enrollment invoices to download their invoice.
Azure Update - 21st June 2024 (3rd party) [VIDEO]
This video provides a comprehensive update on the latest developments in Azure infrastructure as of June 21, 2024. It covers a wide range of topics, including new features and updates for Azure services such as App Insights, VMSS, AKS, Azure SQL Database, Cosmos DB, and more. The presenter also discusses the new multicloud connector for AWS, enhancements in Azure Monitor, and various updates in Azure Kubernetes Service (AKS) and Azure Container Apps. The video is packed with detailed information and practical insights for Azure users and IT professionals.
领英推荐
Azure Data Explorer is a great solution for storing ‘date and time-related’ facts, also known as immutable observations. It stores these data points in a time-series format in the underlying data storage for blazingly fast querying. Azure Data Explorer is now the heart of many IoT solutions our team builds and maintains. This is because we are actually recording all kinds of real-time messages coming from many devices.
?
Server
Delivery Optimization is something that can be leveraged to greatly reduce internet traffic overhead on your network. The purpose of this post is to run through how to troubleshoot and optimize your configuration. In this post I am going to revisit, clarify, and provide updated troubleshooting guidance in respect to something that is absolutely vital to prevent network bandwidth issues, that of course is Delivery Optimization.
?
Identity Protection and Management
We’re announcing new capabilities to help accelerate your transition to a Zero Trust security model with the general availability of the Microsoft Entra Suite, the industry’s most comprehensive secure access solution for the workforce, and the general availability of Microsoft Sentinel within the Microsoft unified security operations platform, which delivers unified threat protection and posture management. These innovations make it easier to secure access, identify and close critical security gaps, detect cyberthreats, reduce response times, and streamline operations.
To secure user sign-in events in Microsoft Entra ID, you can require multifactor authentication. Enabling Microsoft Entra multifactor authentication using Conditional Access policies is the recommended approach to protect users. Conditional Access is a Microsoft Entra ID P1 or P2 feature that lets you apply rules to require MFA as needed in certain scenarios. you can instead enable each account for per-user Microsoft Entra multifactor authentication. When users are enabled individually, they perform multifactor authentication each time they sign in (with some exceptions, such as when they sign in from trusted IP addresses or when the remember MFA on trusted devices feature is turned on).
In the digital age, identity and access management (IAM) is crucial for protecting data and ensuring that only authorized users, machines, and applications get access to the right resources, at the right time. It’s an essential part of ensuring secure and efficient system interactions. This blog post explores some of the core elements of identity and access management, offering insights into its critical role in cybersecurity.
Deploying solutions into Azure that rely on Role Based Access often involve us creating IaC automation for the assignment of roles, such as a service’s access to Key Vault, a service’s access to a Key Vault specific secret, a service’s access to a storage account, or a service’s access to a Service Bus Queue or Topic. In many of these instances we may wish to leverage the source resource identity (System Assigned Managed Identity) for the assigned access. But what happens when we delete the source resource, are the role assignments applied on the target resources removed? The answer… No, they are not.
Welcome to the first installment of a series of blog articles that delve into the modern techniques and security controls surrounding password spraying. This series is a follow-up to my presentation, "What the Hell is Azure AD Smart Lockout?" and will explore the current techniques, tactics, and procedures (TTPs) for password spraying, share my research findings, and discuss industry observations on what can change to support these practices better. While I don’t plan on releasing specific tools throughout this process, we’ll see where the journey takes us.
?
Information Protection and Management
Using Teams Compliance Records for eDiscovery (3rd party)
Always verify what you read in a blog before you accept it as fact. A myriad of reasons might make text unreliable. People make mistakes as they write, or in their understanding of a topic, or use different versions of software to what you have. The problem doesn’t exist only in independent blogs. Microsoft publications get things wrong too. A recent example in when they updated their guidance about what’s captured in Teams compliance records and can be used for eDiscovery. It’s good when Microsoft does this because there’s a ton of misconception in the technical community about the purpose and usage of Teams compliance records. I have been told that it is possible to backup Teams by copying the compliance records in an Exchange Online backup, something that is complete and unadulterated rubbish. You can copy the compliance records, but you’ll never be able to restore those items into Teams. As explained below, Microsoft updated their page because it contained some errors (correct information is now online).
Sharing Smarter: Mitigating Microsoft 365 Oversharing Risks (3rd party) [VIDEO]
This webinar, “Sharing Smarter: Mitigating Microsoft 365 Oversharing Risks,” features Vlad Catrinescu, a Microsoft MVP and Office 365 consultant. Hosted by cisit, the session delves into the challenges of oversharing in Microsoft 365, covering both external and internal risks. Vlad provides insights on configuring sharing settings, managing permissions, and leveraging tools to enhance governance and security. The webinar includes a demo of cisit Point, showcasing its capabilities in monitoring and controlling sharing activities within Microsoft 365 environments.
In March 2024, Microsoft announced Restricted SharePoint Search. Now in public preview, Microsoft says that Restricted SharePoint Search gives organizations “time to review and audit site permissions” and “maintain momentum with your Copilot deployment while you implement robust data security solutions.” The product documentation highlights the need to stop Copilot from accessing content in “sites that haven’t undergone access permission review or Access Control Lists (ACL) hygiene, and doesn’t have data governance applied.” In other words, Copilot for Microsoft 365 can extract and use information from sites where access control might not be what it should be and reuse that information in the responses it generates for user prompts.
Sometimes you read a headline, and the individual words make sense, but it’s still hard to puzzle out exactly what it means. This article is probably a good example. You already know what all the individual word means, but unless you are used to using the Office Cloud Policy Service, or unless you have been around the Microsoft security world for a while, you might not be familiar with the concepts we’re going to cover. Let’s start with a fairly simple concept. Some years ago, Microsoft was getting a lot of criticism for having too many settings and not providing enough guidance for customers to understand what the settings did or how they should be used. This complaint actually goes all the way back to the old Windows resource kits, which, for those of you who weren’t around then, were big boxed sets of printed documentation covering all of the different registry keys and other settings available in the BackOffice applications. As time passed, Microsoft steadily improved both the amount and the quality of their documentation. Other organizations, including the National Security Agency and the National Institute of Standards and Technology, got in on the game and started producing their own configuration recommendations.
?
Intune
Which version of Windows Autopilot to use is dependent on many factors and variables, with each environment having different needs. Windows Autopilot device preparation in its initial offering isn't as feature rich as Windows Autopilot, but it does have some advantages and features not available in Windows Autopilot. Windows Autopilot device preparation and Windows autopilot can be used concurrently and side by side within an organization. However, any one device in an environment can only run one of the two solutions. Windows Autopilot profiles take precedence over Windows Autopilot device preparation policies. If a Windows Autopilot registered device needs to go through a Windows Autopilot device preparation deployment, it must first be removed as a Windows Autopilot device.
Automate Intune App Assignments with PowerShell (3rd party)
Managing app assignments in Microsoft Intune can be a time-consuming task, especially when dealing with multiple applications and groups. This PowerShell script aims to simplify and automate the process of adding new inclusion or exclusion assignments to Intune apps without removing existing assignments. Whether you need to include or exclude a group from app deployments, this script provides a streamlined solution.
Secure Home folders in macOS using Intune (3rd party)
If you have onboarded your macOS devices onto Defender for Endpoint, then more often than not, you will see the vulnerability recommendation flagging for 'Secure Home folders in macOS' affecting the secure score. The potential risk here being is that allowing all users to view the top level of all networked user's home folder may not be desirable since it may lead to the revelation of sensitive information. This is because by default macOS allows all valid users into the top level of every networked user's home folder, with the ability to view the folder content and this can be a security risk.
Windows Enrollment Unpacked (3rd party)
Do you use Intune and are you confused about the many different ways to enroll Windows devices? Yeah, lots of people are, even Intune veterans! This blog aims to provide clear, easy to understand guidance on enrolling your Windows devices into Intune. The MS Learn documentation that's available is a great source of detailed information and covers a massive number of topics, but when it comes to trying to find the right information it can sometimes be quite difficult. Moreover, things like Autopilot have been around for a long time, so even searching the web for "how do I set up autopilot" can bring back outdated guides and blogs that might send you down the wrong path. I also see a lot of people using the wrong enrolment method, or even worse, unsupported enrolment methods (just cos it "works" doesn't mean you'll get any help when it stops...). This guide will hopefully give better context to enrolment methods to ensure you're using the right enrolment method for your Windows devices.
It’s been a couple of weeks now since Autopilot Device Preparation hit our tenants and the dust is only just beginning to settle. There’s been some really great content produced on the topic already and I don’t want to repeat all that great work so please check these out (References added at the bottom). In fact thanks to others in the community we have some amazing insights into the technology. Now that I’ve had the time to test this out for myself, I wanted to add my own opinion, insights and tests into the whole discussion.
Understanding enrollment time grouping (3rd party)
This week is all about one of the key features of Windows Autopilot device preparation. That feature is enrollment time grouping. Windows Autopilot device preparation itself is a new iteration of Windows Autopilot and is used to quickly set up and configure new Windows devices. So far, nothing new. The focus, however, of Windows Autopilot device preparation is to further simplify the deployment of Windows devices, by delivering consistent configurations, enhancing the overall setup speed, and improving the troubleshooting capabilities. Besides that, it also takes away the requirement of first registering Windows devices with the Windows Autopilot service. Instead the Windows Autopilot device preparation profile is assigned to users and applied after user authentication during the out-of-box experience (OOBE). That provides a much more flexible process. Another important enhancement of Windows Autopilot device preparation is enrollment time grouping. This post will focus on that feature.
?
Device Management
Low Space on EFI (System) Partition – Clean up (3rd party)
Hey folks, this seems like a topic that keeps coming up, despite the fact I had assumed everyone was creating large EFI volumes (984MB) by now, but I keep finding folks who have 100MB and run into issues. So, MS says the minimum is 200MB. (they just updated their minimum in May 2024 from 100 to 200MB) Please don’t use minimums. Do you use minimum requirements to run Windows in general? NO YOU DON’T! You’d be crazy to! Your end users would revolt! So why do you use minimum for EFI size???
Are you wondering when and how Microsoft will fix the Windows subscription activation issue? Well, Patch My PC was too! We tried to find out by checking the latest Windows Insider preview and the June/July Windows Updates. If you want to know more, keep on reading! If you’re encountering issues with the automatic license upgrade from Windows Pro to Windows Enterprise, particularly after installing the latest Windows 11 update KB5036980, you are at the correct address! In a previous blog, Rudy explained how the KB5036980 Windows update has caused subscription activation issues, preventing devices from upgrading their license from Windows Pro to Windows Enterprise. This issue also causes existing devices to drop from Windows Enterprise to Windows Pro, which could cause some serious security issues! All the security policies that only work with Windows Enterprise will stop working when the license is reverted to Windows Pro.
?
Scripting and Automation
Getting started with the new Entra PowerShell module (3rd party) [VIDEO]
This video by Steve from Get Rubiks introduces the new Entra PowerShell module, a tool for interacting with Microsoft Graph to manage Entra attributes like users and groups. Steve walks through the installation process, prerequisites, and basic commands, demonstrating how to query and manipulate user data. He also shows how to create users and assign licenses, highlighting the module’s potential for automating various administrative tasks. The video is both informative and practical, making it a valuable resource for IT professionals looking to streamline their workflows.
?
Security Tools and Guides
Given the recent slate of massive ransomware attacks that have disrupted everything from hospitals to car dealerships, Cisco Talos wanted to take a renewed look at the top ransomware players to see where the current landscape stands. Based on a comprehensive review of more than a dozen prominent ransomware groups, we identified several commonalities in tactics, techniques and procedures (TTPs), along with several notable differences and outliers.? ?Talos’ studies indicate that the most prolific ransomware actors prioritize gaining initial access to targeted networks, with valid accounts being the most common mechanism.
RSAC Tech Talk - Cyber Hygiene by Trevor Parks and Emily Skahill (3rd party) [VIDEO]
In this video, Emily Skahill and Trevor Parks from the Cybersecurity and Infrastructure Security Agency (CISA) discuss the importance of cyber hygiene for high-risk communities. They highlight the challenges faced by nonprofits, activists, human rights defenders, and journalists who are often targeted by advanced persistent threat actors. The speakers emphasize the need for accessible cyber defense strategies and introduce resources like the High-Risk Communities Protection webpage, Project Upskill, and the Cyber Volunteer Resource Center. These initiatives aim to provide practical cyber hygiene guides and connect under-resourced organizations with volunteer cyber experts to enhance their cybersecurity posture.
This article introduces a previously-unnamed class of Windows vulnerability that demonstrates the dangers of assumption and describes some unintended security consequences. This article will discuss a previously-unnamed vulnerability class in Windows, showing how long-standing incorrect assumptions in the design of core Windows features can result in both undefined behavior and security vulnerabilities. We will demonstrate how one such vulnerability in the Windows 11 kernel can be exploited to achieve arbitrary code execution with kernel privileges.
Windows Defender MP Logs - A Story of Artifacts (3rd party)
Catchy title, eh? Well, I promise it’s not “clickbait”. When it comes to DFIR, there are obviously many artifacts to look at. You may even find an item of interest or “pivot point” in multiple artifacts. For example, identifying that a program was executed from both Prefetch and UserAssist or presence of a binary within the MFT (Master File Table) and Shimcache; but is there an artifact or log that will have observed files, hashes, timestamps, full paths, and potentially even signatures? Enter Windows Defender MP (Microsoft Protection) logs.
The State of Data Breaches (3rd party)
I've been harboring some thoughts about the state of data breaches over recent months, and I feel they've finally manifested themselves into a cohesive enough story to write down. Parts of this story relate to very sensitive incidents and parts to criminal activity, not just on behalf of those executing data breaches but also very likely on behalf of some organizations handling them. As such, I'm not going to refer to any specific incidents or company names, rather I'm going to speak more generally to what I'm seeing in the industry.
?
Microsoft News
In the dynamic realm of telecommunications, Microsoft has emerged as a catalyst for change, fostering innovation and collaboration. Our longstanding partnership with the TM Forum and our contributions to the Open Digital Architecture (ODA) are a testament to our unwavering commitment to the industry’s transformation. Reflecting on our previous announcement, we continue to champion a vision for a more interconnected and agile digital future. The telecommunications industry stands at a pivotal juncture, where the convergence of technology and communication is accelerating at an unprecedented pace. Microsoft’s role in this transformation is not just as a participant but as a leader, driving the conversation and action towards a more integrated and efficient ecosystem. Our efforts with the TM Forum and ODA over the years have been instrumental in setting new standards and fostering an environment of open collaboration.
Buying habits shift quickly in today’s consumer-driven world. For retailers, especially grocers, providing customers with affordable, fresh, and convenient options while navigating the impacts of inflation and supply chain disruption is critical. Meeting these expectations requires creating and maintaining a supply chain centered around customer demand—no easy task when supply chain functions are siloed, data is disparate, and needs change from day to day. Together, Blue Yonder and Microsoft are unlocking a new era of value for retailers with AI. With AI-powered solutions, retailers can empower their teams to make decisions based on access to real-time data and intelligent insights. AI has allowed us to reimagine planning, making it possible for retailers to operate more effectively by transforming category management into an agile, responsive, and ongoing process that is tightly synchronized with the broader supply chain.
Between lifting a combined 200 kilograms (nearly 441 pounds) at a world championship, winning a bronze medal and qualifying for the 2024 Paris Olympics, weightlifter Jourdan Delacruz doesn’t have a lot of spare time. Ranked fourth in the world in her weight class, she spends her days training, traveling and preparing for her second trip to the Olympic Games. So, when it comes to refueling her body after a long day, Delacruz has no interest in scrolling through endless recipes. Instead, she turns to AI for help and recently made a tasty chicken stir-fry. Using AI to learn about nutrition is just one part of a new technology project that Delacruz and other women athletes are participating in to help improve their well-being, performance and careers as they train for a spot at the Olympics or Paralympics. Or, in the case of Delacruz, who recently qualified, a spot on the podium.
?
Security News
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. Although the attacks do not appear particularly sophisticated, the observed activity underscores the risk posed by unpatched endpoints, emphasizing the urgent need for administrators to apply the security updates.
The U.S. government announced on Thursday that it is banning the sale of Kaspersky antivirus software in the country, and is asking Americans who use the software to switch to a different provider. The Commerce Department’s Bureau of Industry and Security said it imposed the “first of its kind” ban, arguing that Kaspersky threatens U.S. national security and users’ privacy because the company is based in Russia. ?“Russia has shown it has the capacity, and even more than that, the intent to exploit Russian companies like Kaspersky to collect and weaponize the personal information of Americans. And that’s why we are compelled to take the action that we’re taking today,” U.S. Commerce Secretary Gina Raimondo said in a call with reporters.
A gang of cyber criminals causing huge disruption to multiple London hospitals has published sensitive patient data stolen from an NHS pathology testing provider. ? Overnight on Thursday, Qilin shared almost 400GB of the private information on their darknet site. The gang has been trying to extort money from NHS provider Synnovis since they hacked the firm on 3 June. Cyber security expert Ciaran Martin told the BBC it was "one of the most significant and harmful cyber-attacks ever in the UK."
Cyber-attack delays child's cancer operation (3rd party)
A 14-year-old boy with cancer is among hundreds of hospital patients whose medical procedures have been postponed following a cyber-attack on an NHS provider. Dylan Kjorstad was scheduled to have a tumour on his ribs removed on 6 June at London's Royal Brompton Hospital, but the operation has been put back due to concerns about delays in blood supplies. A ransomware attack on the blood-testing firm Synnovis on 3 June led to disruption to clinical procedures at several London hospitals because the hack meant the company was unable to share information matching blood supplies to patients.
Hackers broke into a cloud platform used by AT&T and downloaded call and text records of “nearly all” of AT&T’s cellular customers across a several month period, AT&T announced early on Friday. The stolen data, which mostly impacts calls and texts made between May 2022 and October 2022, presents a hugely significant and unprecedented data breach for AT&T and the telecom industry more broadly. Metadata—which shows what numbers a customer interacted with—is typically only available to law enforcement in a targeted way under legal process. Here, outside hackers managed to steal the data themselves. In its announcement AT&T said it believes that authorities have already apprehended one of the people involved in the breach.
A previously undocumented Chinese-speaking threat actor codenamed SneakyChef has been linked to an espionage campaign primarily targeting government entities across Asia and EMEA (Europe, Middle East, and Africa) with SugarGh0st malware since at least August 2023. "SneakyChef uses lures that are scanned documents of government agencies, most of which are related to various countries' Ministries of Foreign Affairs or embassies," Cisco Talos researchers Chetan Raghuprasad and Ashley Shen said in an analysis published today. Activities related to the hacking crew were first highlighted by the cybersecurity company in late November 2023 in connection with an attack campaign that singled out South Korea and Uzbekistan with a custom variant of Gh0st RAT called SugarGh0st.
An organization for educators in Texas sent out breach notifications over the last week warning of a cyberattack that exposed sensitive information. The Association of Texas Professional Educators (ATPE) submitted filings with regulators on June 14 that said the incident affected 426,280 people — including members of the organization, employees and their dependents.? ?ATPE represents nearly 100,000 teachers, administrators and public education employees across Texas. ?For everyone involved, Social Security numbers, dates of birth and addresses were exposed during a cyberattack that was discovered on February 12.
Change Healthcare is formally notifying some of its pharmacy and hospital customers that their patients' data was stolen from it by ransomware criminals back in February – and for the first time has concretely disclosed the types of information swiped during that IT intrusion. In a Thursday notice, the healthcare giant said it's still "working through data to identify affected individuals." This could take some time. Back in April, Change's parent UnitedHealth warned the stolen files "could cover a substantial proportion of people in America," a nation of more than 330 million.
The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. SnowFlake is a cloud database platform used by some of the largest companies worldwide to store their data. Earlier this month, a threat actor began to sell data from numerous companies, including TicketMaster, Satandar Bank, Advance Auto Parts, and Pure Storage, with the hacker stating it was stolen from SnowFlake.
Client Director @ Crayon | Guiding Tomorrow’s Decisions
7 个月Got a subscriber out of me today! Love the updates and seeing just the tip of the iceberg with AI adoption!