Tech news for the week of May 20th, 2024
Topics in this week’s Tech Newsletter
What’s New Updates
Copilot and AI
Microsoft 365
Microsoft Defender and Sentinel
Azure
Server
Identity Protection and Management
Information Protection and Management
Intune
Device Management
Scripting and Automation
Security Tools and Guides
Microsoft News
Security News
?
What’s New Updates
What's new in Microsoft Entra (1st party)
With the ever-increasing sophistication of cyber-attacks, the increasing use of cloud-based services, and the proliferation of mobile devices, it’s essential that organizations secure access for both human and non-human identities to all on-premises and cloud resources, while working continuously to improve their security posture. Today, we’re sharing feature release information for January – March 2024, and first quarter change announcements. We also communicate these via release notes, email, and the Microsoft Entra admin center. The blog is organized by Microsoft Entra products, so you can quickly scan what’s relevant for your deployment.
What's new in Microsoft Entra ID? (1st party)
Microsoft Entra ID (previously known as Azure Active Directory) receives improvements on an ongoing basis. To stay up to date with the most recent developments, this article provides you with information about: the latest releases, known issues, bug fixes, deprecated functionality, and plans for changes.
What’s new: Power Apps March 2024 Feature Update (1st party)
Welcome to the Power Apps monthly feature update! We will use this blog to share a summary of product, community, and learning updates from throughout the month so you can access it in one easy place. This month we’ve got a great set of updates for Makers, Admins, and users across Power Apps, Dataverse and Copilot.
What’s New in Copilot | April 2024 (1st party)
Welcome to the April 2024 edition of What's New in Copilot for Microsoft 365! Every month, we highlight new features and enhancements for Copilot for Microsoft 365, so you can stay up to date with Copilot features that help you be more productive and efficient in the apps you use every day. This month, we’re excited to share information about extended language support in Copilot, features to help streamline data in Copilot in Excel, more efficient search and document creation with Copilot in Word, new training in Copilot Academy, and so much more!
What’s New in Microsoft Teams | April 2024 (1st party)
If you're looking for ways to boost your productivity with Microsoft Teams, you're in the right place. In this blog post, we'll share the latest features and improvements that have rolled out in April, covering everything from chat to meetings and town halls, from Teams Phone to Teams Rooms, and more. Whether you're a regular Teams user, an IT administrator, or a frontline manager, you'll find something new and exciting to try out. There are several features this month that I really like. First, I like that I’m now able to have a multi-turn conversation with Copilot, so that the answers are based on my follow-up questions. And when I join a meeting in a Teams Room, I enjoy that meeting chat is now displayed by default on the front-of-room screen alongside the meeting participants or content.
What's New in Excel (April 2024) (1st party)
Generating multiple formula columns, creating complex formula columns that span across multiple tables, and new ways to engage with Copilot in Excel are now available to Excel users on web and Windows. Copying and pasting improvements and sharing links to sheet views are also available in Excel for the web, and the ink to text pen is rolling out to Insiders running Excel for Windows.
What's new in Viva Insights - April 2024 (1st party)
We've launched a new Admin center page for Viva Insights admins. The new Admin center will show admins key metrics of product success, such as deployment and usage, and suggested actions to improve user adoption, enablement, and data quality. The Admin center is available to all users who are assigned the Viva Insights Admin role, and can be accessed within the Advanced insights app. With this update, admins gain a new “central hub” where they can view and manage key aspects of the product. For customers focused on deployment, for instance, the Admin center will show recommended deployment tasks. Or, for customers focused on adoption, they will have a view of enabled users and their levels of activity. Future versions of the Admin center will include data around the leader experience.?
What's new in Windows 365 Enterprise (1st party)
In the April 2024 release of Microsoft Intune, we’ve introduced some exciting enhancements. First up, app supersedence now makes it easier for IT admins to keep Win32 apps up to date. They can define a relationship between an existing app and a newer version, ensuring automatic updates without users having to track them manually. Next, Microsoft 365 app remote diagnostics streamlines troubleshooting by allowing admins to collect diagnostics from Microsoft 365 apps on iOS and Android devices directly. No more navigating through layers of menus! And for IT pros concerned about Windows updates, a new distribution report in Intune provides clear visibility into the status of monthly quality updates on managed Windows devices.
Azure Update - 17th May 2024 (3rd party) [VIDEO]
In his latest Azure Update video, John Savill provides a concise overview of the latest enhancements and offerings in Microsoft’s cloud platform. He discusses generative AI solutions, including various co-pilots and Azure AI Studio services, and outlines their applications and decision-making processes. The video also delves into the ephemeral OS disk capabilities, the availability of Ubuntu 24.04 LTS for Azure VMs, and the extension of Azure compute reservation exchanges. Networking updates include the preview of App Gateway V2 Basic and server variable enhancements for Azure Front Door. On the database front, the GA release of the Data API Builder is highlighted, offering a REST API and GraphQL interface for backend databases. The video concludes with miscellaneous updates, such as the GA release of GPT-4 Turbo with vision model and the introduction of GPT-4 Omni, which supports multimodal interactions including text, images, video, and audio.
?
Copilot and AI
One year ago, generative AI burst onto the scene and for the first time since the smartphone, people began to change the way they interact with technology. People are bringing AI to work at an unexpected scale — and now the big question is, how’s it going? As AI becomes ubiquitous in the workplace, employees and businesses alike are under extreme pressure. The pace and intensity of work, which accelerated during the pandemic, has not eased, so employees are bringing their own AI to work. Leaders agree AI is a business imperative — and feel the pressure to show immediate ROI — but many lack a plan and vision to go from individual impact to applying AI to drive the bottom line. At the same time, the labor market is set to shift and there’s a new AI economy. While some professionals worry AI will replace their job, the data tells a more nuanced story — of a hidden talent shortage, more employees eyeing a career change, and a massive opportunity for those willing to skill up.
How to use AI in 3 simple steps: Just ASK (1st party)
Generative AI tools such as Microsoft Copilot can help you be more creative, jumpstart your productivity, assist with research and save you time. And you don’t have to be a computer scientist to get the most out of your results. Three basic steps for giving Copilot instructions, called prompts, make it as easy as ASKing for what you need. Action: Explain what you want Copilot to do. Style: Describe the format you want the response presented in. Key details: Set the stage with more context about your situation. Let’s dive into the nitty gritty of how to use AI.
Microsoft is thrilled to announce the launch of GPT-4o, OpenAI’s new flagship model on Azure AI. This groundbreaking multimodal model integrates text, vision, and audio capabilities, setting a new standard for generative and conversational AI experiences. GPT-4o is available now in Azure OpenAI Service, to try in preview, with support for text and image. GPT-4o offers a shift in how AI models interact with multimodal inputs. By seamlessly combining text, images, and audio, GPT-4o provides a richer, more engaging user experience.
?
Microsoft 365
Today we’re happy to introduce performance, collaboration and interactivity upgrades to the file viewer in Microsoft 365. The file viewer in Microsoft 365 opens by default when you access non-Office files from OneDrive, SharePoint, or Teams. It’s especially handy for previewing files without having to download them and for viewing files without needing the specific app for that file type installed on your device. Whether it's a PDF, a video, a CAD drawing, or a Photoshop file, you can easily open it with the file viewer and see a high-fidelity rendering of its contents. File viewer supports over 300 file types and also allows for some basic image editing and file annotation. Let’s take a look at what’s new in file viewer.
Unveiling the Newest OneDrive Capabilities (1st party)
Last October, we unveiled the next generation of OneDrive which makes files easier to access with personalization, search, and new views - organized around people, meetings and shared files. At this year’s Microsoft 365 Community Conference, we are introducing new enhancements to the OneDrive experience for work and school that brings Copilot magic to OneDrive, accelerates teamwork and productivity, and helps you to work the way YOU like!
OneDrive Adds New Offline Capabilities (1st party)
Last October we updated OneDrive for web with a number of new features and enhancements to help you swiftly retrieve your files and content no matter where they live in your organization. Continuing with our ambition to give you simple and fast access to your files, we’re now launching offline mode, which brings both significant speed improvements and offline capabilities when using OneDrive in your favorite browser. Offline mode is now rolling out globally to OneDrive work and school users.
Pre-fill Responses in Your Microsoft Forms (1st party)
We are excited to share that Microsoft Forms now supports pre-filled links, making your data collection process more efficient and improving data accuracy. This feature not only allows you to set default answers for your questions, it empowers you to strategize how you would like the responses categorized. To help you better understand how to leverage this new feature, let's try it together with an online training feedback survey. You can also try to pre-fill a form from this template. Imagine your company conducted three online training sessions for participants in different time zones: Asia, Europe, and North America, each with a different lecturer. To streamline the process and avoid creating separate feedback forms for each session, you decide to use Forms pre-filled links to consolidate all feedback into a single form.
Reclaiming unused Microsoft 365 licenses (3rd party)
In episode three of our series, Microsoft MVPs Vlad Catrinescu and Drew Madelung discuss Maximizing ROI by Reclaiming Microsoft 365 Licenses. They explore the basics of Microsoft 365 licenses, provide practical insights for administrators to optimize licenses, show how to reclaim potentially unused and underutilized Microsoft 365 licenses, and efficiently assign licenses based on group memberships.
?
Microsoft Defender and Sentinel
Security operations center (SOC) teams actively look for opportunities to optimize both processes and outcomes. Every organization is unique, with its own security challenges. Teams must regularly adjust security controls to keep up with changing threat landscape and business priorities, while balancing investment (cost, SOC resources, time) and security coverage. Today, we’re happy to announce the public preview of a new experience and API – Microsoft Sentinel’s SOC Optimization, designed to empower security teams with precision-driven management capabilities. SOC optimization offers actionable tailored recommendations that adapt daily to the organization’s environment – starting with gaps in data utilization and detection of different types of attacks. These aren’t generic tips; they’re personalized strategies backed by Microsoft’s cutting-edge research, ensuring your defenses are always at their peak and that the balance between investment and outcome is always maintained. SOC optimization is available both in the Azure portal and in the unified security operations platform.
Understanding the audit log events for Microsoft Defender XDR is incredibly useful for security professionals and administrators. By accessing the audit log, they can investigate specific activities across Microsoft 365 services. This includes tracking changes to data retention settings, advanced features, creation of indicators of compromise, device isolation, security role management, and more. The audit log provides valuable insights to enhance security and compliance efforts, ensuring a robust defense against threats and unauthorized actions.
Last week, I wrote the first part of the XSPM blog series: Microsoft Security Exposure Management (XSPM) Overview. Now, it’s time to continue the story, delve deep into the XSPM solution, and find out how to achieve more with it. In part two, I will explore the Enterprise Exposure Graph, explain critical assets and their meaning to XSPM, and demonstrate the attack surface map without forgetting raw event data.Microsoft Security Exposure Management (XSPM) is integrated natively into the Defender XDR portal. It can be imagined as a combination of the next-generation vulnerability management & posture management solution that modernizes posture management in the same way XDR modernizes threat management. Where XDR (detect, investigate, and respond) provides unified threat management for workloads, the XSPM (identify and protect) provides unified exposure management for the same workloads.
Microsoft Sentinel is a cloud-native Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. When it comes to monitoring log flow ingestion for network devices to Microsoft Sentinel, we can use multiple methods and different options to achieve this. This could be at the source device, in between (Log forwarder) machines, or at the target in Sentinel. We must also easily maintain a list of those devices without operating overhead. As new devices are added to the network and old devices are being retired in large organizations, we need to monitor the flow logs continuously being ingested into Microsoft Sentinel.
?
Azure
Microsoft options for VMware migration (1st party) [VIDEO]
This video provides a comprehensive guide on Microsoft’s options for VMware migration, highlighting the changing landscape of hybrid cloud solutions and the transition from perpetual to subscription models. The presenter, Jeff Woolsey, delves into the benefits of various Microsoft solutions for migrating VMware workloads to Azure, addressing frequently asked questions and showcasing the ease of migration with tools like Azure Migrate. The video also covers the impact of Broadcom’s acquisition of VMware, the shift in licensing, and the reduction of VMware’s product portfolio, which has led to increased costs and customer concerns. Additionally, the video demonstrates the integration of Azure services with migrated workloads and the advantages of Azure Stack HCI, including hot patching and lifecycle management features.
7 steps for a successful Azure migration (1st party) [VIDEO]
Migrating an on-premises environment to Azure requires preparation, planning, and time. Let's discuss seven key steps for a successful Azure migration. First, we look at the Cloud Adoption Framework to get best practices for a landing zone, then we continue on our path to Azure Migrate to see how the service helps plan, deploy, and migrate our infrastructure to Azure. The integrated assessment analyzes the existing environment and recommends comparable Azure virtual machines (VMs), shows challenges and the expected costs. Last but not least, we take a quick look at the Azure Migrate and Modernize program to see how it can help support the migration journey.
Overview of Azure Monitor pipeline (1st party)
Azure Monitor pipeline is part of an ETL-like data collection process that improves on legacy data collection methods for Azure Monitor. This process uses a common data ingestion pipeline for all data sources and a standard method of configuration that's more manageable and scalable than other methods. Data collection using the Azure Monitor pipeline is shown in the diagram below. All data is processed through the cloud pipeline, which is automatically available in your subscription and needs no configuration. Each collection scenario is configured in a data collection rule (DCR), which is a set of instructions describing details such as the schema of the incoming data, a transformation to optionally modify the data, and the destination where the data should be sent.
Adaptive Cloud Community Call May 2024 (1st party) [VIDEO]
The Adaptive Cloud Community Call of May 2024 is a comprehensive session that delves into the latest updates and features across various Azure services. The call begins with an introduction to the Azure Adaptive Cloud Community and its focus on product and service updates, ranging from Azure Stack HCI to Azure IoT and AKS. Francisco presents the Arc Jumpstart updates, highlighting new scenarios using Edge Storage Accelerator (ESA) and improvements in ACI box features, including automatic validation and deployment, upgrade automation, and updated VHDX images. Stephen Pepin from the Edge Storage Accelerator team explains ESA as a Kubernetes native Arc extension, providing a read-write many file systems and data durability at the edge. Nathan introduces Azure Arc Site Manager in public preview, aiming to centralize management across various locations and resources. The call also covers updates on Azure Arc-enabled servers, including support for Oracle Linux 9 and improvements in error handling and machine configuration policy. The session concludes with an open Q&A, inviting attendees to engage with the presenters and discuss the topics covered.
If you want to keep your Azure virtual machines (VMs) up-to-date, then there is a service called Azure Update Management, which helps you to manage updates on your Azure VM guest operating system. However, this needed some additional planning and configuration. To make patching of your Azure virtual machines (VMs) easier, there is a new option called Automatic VM guest patching, which helps ease update management by safely and automatically patching virtual machines to maintain security compliance. With Azure automatic VM guest patching enabled, the VM is assessed periodically to check for available operating system patches for that Azure VM. Updates classified as ‘Critical’ or ‘Security’ are automatically downloaded and installed on the VM during off-peak hours. This patch orchestration is managed and handled by Azure and patches are applied following availability-first principles.
Your resource hierarchy in Azure consists of resources, resource groups, subscriptions, management groups, and tenants. Root management group settings can impact all resources. It’s important to protect the resource hierarchy from negative changes. Management groups have hierarchy settings that allow the tenant administrator to control these behaviors. By default, any user can create new management groups within a tenant. However, tenant admins can limit these permissions to specific users to maintain consistency and conformity in the management group hierarchy. This article explains how to secure Azure management group creation using the Azure portal and PowerShell, ensuring your organization’s security and governance while maintaining operational flexibility.
?
Server
Windows Server 2025: The upgrade and update experience (1st party) [VIDEO]
Discover the streamlined upgrade process to Windows Server 2025 in our session. We will cover N-4 media-based upgrades, feature upgrades through Windows Update, and efficient management of feature and quality updates with Windows Server Update Services (WSUS). Gain insights into best practices and tools for a smooth transition, ensuring your infrastructure aligns seamlessly with the latest advancements. Don't miss this opportunity for valuable insights, practical tips, and a roadmap to upgrade your Windows Servers effectively.
Automate on-premises Windows Server from the cloud using Azure Arc (1st party) [VIDEO]
This video features Thomas Mauer and Ryan Willis from the Azure Arc team, discussing how to automate on-premises Windows Servers using Azure Arc. They demonstrate five different methods to configure a Windows Server to host a website, showcasing the versatility and efficiency of Azure Arc’s features. The video begins with a point-and-click experience using Windows Admin Center, transitions to command-line methods like SSH and Run Command, and concludes with modern, declarative approaches like Azure Automation Runbook and Machine Config. The presenters emphasize the importance of choosing the right tool for the task, considering factors like scale, efficiency, and the desired level of automation. They also highlight Azure Arc’s ability to manage servers remotely, its integration with Azure policies, and its compliance monitoring capabilities, making it a powerful solution for IT administrators.
Today we discuss hardening the SMB protocol in Windows against interception attacks, previously referred to as “Man-in-the-Middle” attacks. As you know, interception attacks involve manipulating communications between client and server. An attacker might be eavesdropping, stealing credentials, or diverting a client to an evil endpoint masquerading as a friendly server. Interception doesn’t always mean attack; a packet-inspecting firewall or a WAN accelerator are both examples of friendly intercepting devices. For the purposes of this blog post though, everything in the middle is an enemy and your goal is to keep your users and organization safe from them. No distributed system protocol security is foolproof; we just want an attacker to move on to easier prey.
Introduction to Azure Arc Site Manager (3rd party)
Microsoft has announced a new feature within the Azure Arc portfolio - Azure Arc Site Manager! This public preview feature is designed to help customers view and monitor their resources according to their physical locations.?? Site manager allows customers to create Arc sites to represent their on-premises environments and have a centralised view for monitoring the infrastructure on the edge. Currently, Azure Arc Site manager supports Azure Stack HCI, Azure Arc-enabled servers, Azure Arc-enabled Kubernetes and Azure IoT Operations Assets.? Coming soon is support for more resource types, including Arc-enabled SQL servers, Arc-enabled VMware vSphere, and some cloud resources.
SCVMM management for Azure Stack HCI 23H2 (3rd party)
The System Center team just shared some information on System Center Virtual Machine Manager (SCVMM) supporting the latest Azure Stack HCI, version 23H2. As you know Azure Stack HCI 23H2 brings cloud-based management from Azure to the next level using Azure Arc management capabilities, but also many of our large-scale datacenter customers are using System Center VMM to manage their virtualization environment. Now the System Center team just shared some information on which scenarios will be supported with SCVMM.
Add Kubernetes Cluster to Microsoft Azure Arc (3rd party)
Azure Arc-enabled Kubernetes allows you to attach Kubernetes clusters running anywhere so that you can manage and configure them in Azure. By managing all of your Kubernetes resources in a single control plane, you can enable a more consistent development and operation experience to run cloud-native apps anywhere and on any Kubernetes platform. Azure Arc-enabled Kubernetes works with any Cloud Native Computing Foundation (CNCF) certified Kubernetes clusters. This includes clusters running on other public cloud providers (such as GCP or AWS) and clusters running on your on-premises data center (such as VMware vSphere or Azure Stack HCI). In the following step-by step installation, we are going to connect a Kubernetes Cluster with Azure Arc services.
Master Azure Arc and Azure Stack HCI for ultimate success (3rd party) [VIDEO]
This video is the third part of a series on integrating Azure Arc and Azure Stack HCI, focusing on monitoring clusters and virtual workloads. The presenter, Shabaz D, guides viewers through the process of registering Azure Stack HCI with Azure Arc, leveraging Azure services for centralized monitoring, and setting up log analytics for in-depth insights. The video also includes a demo on using Nerdio to manage Azure Virtual Desktop deployments, emphasizing the importance of geographical distribution and custom stack HCI locations for hybrid images.
?
Identity Protection and Management
Microsoft will require MFA for all Azure users (1st party)
Enterprise Impacting: This July, Azure teams will begin rolling out additional tenant-level security measures to require multi-factor authentication (MFA). Establishing this security baseline at the tenant level puts in place additional security to protect your cloud investments and company. MFA is a security method commonly required among cloud service providers and requires users to provide two or more pieces of evidence to verify their identity before accessing a service or a resource. It adds an extra layer of protection to the standard username and password authentication. The roll-out of this requirement will be gradual and methodical to minimize impact on your use cases. The blog post below provides helpful information from the Azure product team to assist you in getting ready to MFA-enable your access to Azure services.? Going forward, the team will provide communications to you about your specific roll-out dates through direct emails and Azure Portal notifications. Expect these in the coming months.
Microsoft Entra Private Access for on-prem users (1st party)
Microsoft Entra Private Access, part of Microsoft’s Security Service Edge (SSE) solution, securely connects users to any private resource and application, reducing the operational complexity and risk of legacy VPNs. It enhances the security posture of your organization by eliminating excessive access and preventing lateral movement. As traditional VPN enterprise protections continue to wane, Private Access improves a user’s ability to connect securely to private applications easily from any device and any network—whether they are working at home, remotely, or in their corporate office. With Private Access (Preview), you can now implement granular app segmentation and enforce multifactor authentication (MFA) on any on-premises resource authenticating to domain controller (DC) for on-premises users, across all devices and protocols without granting full network access. You can also protect your DCs from identity threats and prevent unauthorized access by simply enabling privileged access to the DCs by enforcing MFA and Privileged Identity Management (PIM). To enhance your security posture and minimize the attack surface, it’s crucial to implement robust Conditional Access controls, such as MFA, across all private resources and applications including legacy or proprietary applications that may not support modern auth. By doing so, you can safeguard your DCs—the heart of your network infrastructure.
What are passkeys? Explained in under 4 minutes (1st party) [VIDEO]
领英推荐
Say goodbye to password headaches and hello to a safer digital future with passkeys. In this video, we explore the limitations of traditional passwords and introduce passkeys as a faster, safer, and easier alternative. With multi-factor authentication by design, resistance to phishing scams, and seamless integration with biometric technology, passkeys offer a simple and secure sign-in experience for users and organizations alike.
The following document will guide you through configuring Microsoft Entra Cloud Sync for provisioning from Microsoft Entra ID to Active Directory. The public preview of Group Writeback v2 in Microsoft Entra Connect Sync will no longer be available after June 30, 2024. This feature will be discontinued on this date, and you will no longer be supported in Connect Sync to provision cloud security groups to Active Directory. We offer similar functionality in Microsoft Entra Cloud Sync called Group Provision to Active Directory that you can use instead of Group Writeback v2 for provisioning cloud security groups to Active Directory. We're working on enhancing this functionality in Cloud Sync along with other new features that we're developing in Cloud Sync.
Before your applications can interact with Azure Active Directory B2C (Azure AD B2C), they must be registered in a tenant that you manage. In this article, you learn how to create an Azure AD B2C tenant, link your tenant to your subscription, switch to the directory containing your Azure AD B2C tenant, and add the Azure AD B2C resource as a Favorite in the Azure portal.
Today I’m thrilled to share that the public preview of external authentication methods in Microsoft Entra ID is scheduled for release in the first half of May. This feature will allow you to use your preferred multifactor authentication (MFA) solution with Entra ID. Deploying MFA is the single most important step to securing user identities. A Microsoft Research study of MFA effectiveness showed that the use of MFA reduced the risk of compromise by more than 99.2%! Some organizations have already deployed MFA and want to reuse that MFA solution with Entra ID. External authentication methods allow organizations to reuse any MFA solution to meet the MFA requirement with Entra ID. Some of you might be familiar with custom controls. External authentication methods are the replacement of custom controls, and they provide several benefits over the custom controls approach.
Microsoft Entra Password Protection is excellent when you want to protect the organization from weak user passwords. That’s because Microsoft constantly analyzes Microsoft Entra security telemetry data looking for commonly used weak or compromised passwords and maintains a list of globally banned passwords. In this article, you will learn how to configure and enable Microsoft Entra Password Protection for Active Directory on-premises to prevent weak passwords from being used in the organization.
All Roads to Entra ID SSO (3rd party)
When I started learning Entra ID (then still Azure AD), my biggest challenge — aside from the seemingly endless product renamings in M365/Azure — was that "SSO" (= Single Sign-On) has almost become a buzzword. If you are currently looking for ways to standardize identities and less frequently interrupt a user’s work for logins, you are bombarded with fundamentally different technologies that are difficult to distinguish at first glance. So, I made it my task to collect all the core concepts and present them when they are needed. From here, one can then dive further into the documentation and other articles to implement what is necessary, which details need to be considered, etc.
You should secure every domain in Microsoft 365 with the authentication methods SPF, DKIM, and DMARC. Microsoft automatically configures the SPF record for the onmicrosoft.com domain but not the DKIM and DMARC records. It’s essential to configure both the records for the onmicrosoft.com domain. In this article, you will learn how to add the DKIM and DMARC records for the onmicrosoft.com domain.
Diving into Pre-Created Computer Accounts (3rd party)
I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certificate template also known as ESC1 that allowed domain computers to request certificates based on it. I then tried all the normal things such as creating a computer account as a normal user. The SeMachineAccountPrivilege was, however, adjusted in the Domain Controller Policy and only allowed a few specific groups to Add Computers to the Domain. This led me down the road of trying to escalate on the host itself. However, proper hardening was in place, so no apparent escalation path was clear. Looking through the data I had collected already from Active Directory, I started to form a new theory based on some old legacy knowledge.
?
Information Protection and Management
Microsoft SharePoint Roadmap Update - May 2024 (1st party)
This year at the Microsoft 365 Community Conference we had the special opportunity to update our customers on our journey to making SharePoint the best platform for compelling and engaging intranet sites. The core themes of our journey are the same: simpler authoring, compelling content, deeper engagement, and a flexible platform. Following our last update in the Fall, you’ll find below some of the most exciting updates to our roadmap yet.
Organizations are seeing massive growth in their digital estate as they continue their digitization journey. Businesses run on content – proposals, contracts, invoices, designs, plans, training videos, and more. Every workday, customers add over 2 billion new documents to Microsoft 365. SharePoint brings advanced AI from the Microsoft Cloud to your Microsoft 365 content, simplifying your everyday business processes at cloud scale. Every organization manages high value content, such as non-disclosure agreements, statements of work, purchase agreements, proposals, and other agreements. These agreements are the foundation of every business transaction. But it is challenging and time consuming to draft, review, negotiate and sign these documents. Organizations often struggle with having consistent language across all their agreements because they do not have consistent templates. Once the agreement is signed, businesses do not know where they are stored or when they expire.
Nowadays, business is done electronically - from making and reviewing documents to approving and reusing them. One of the most common document transactions is electronic signatures. The process of signing should be simple, safe, and integrated with your business workflows. SharePoint eSignature lets you ask for, sign, and keep signatures without interrupting your work process and while ensuring your signed documents are safe and compliant.?Your content remains in Microsoft 365 during the review, signature, and record-keeping processes.?This functionality is currently available in the US only. In this era of digital change and AI, security and compliance are essential. SharePoint eSignature ensures your content stays safe within the Microsoft trust limits.?eSignature makes the signing experience easier so you can keep working in your workflows without exiting the Microsoft 365 ecosystem. This leads to higher productivity and quicker completion times.?To be able to scale at the pace you need, eSignature enables tracking and management of every step of the signing process, for real-time visibility and accountability.
This instructional video provides a comprehensive guide on enabling Microsoft Copilot Studio for SharePoint content, focusing on creating a custom Copilot to access SharePoint Online data securely. The presenter outlines the process of setting up a specialized Copilot, such as an HR or R&D Copilot, that allows users to query SharePoint Online content using natural language processing while ensuring that users only see content they are authorized to access. The video demonstrates the creation of a custom Copilot, configuring security with Azure AD, and showcases how the Copilot can retrieve information from a SharePoint Online site collection, emphasizing the importance of delegated permissions for data security.
?
Intune
Introducing a new enrollment method for staging corporate Android devices with Microsoft Intune (1st party)
With Intune’s May (2405) service release, we’re introducing a new enrollment method ‘Device Staging’ for the following Android Enterprise devices. Currently, the enrollment process for corporate devices uses a ‘Default’ enrollment token and is completed in 2 stages, first by the admin and then the user. The admin initiates the enrollment process, creates the enrollment token, and then shares it with the user. Then, the user signs into the device using their credentials and navigates through all the provisioning steps to complete enrollment. The new method introduces a ‘Staging’ token, the enrollment is completed in 3 stages, first by the admin, second by an admin or third-party vendor, and then the user. In the ‘Staging’ enrollment experience, an admin initiates the process, creates the enrollment token, and then shares device staging token with a third-party vendor or admin. Then, provisioning steps are completed by the third-party admin/vendor. The device remains userless throughout the vendor stage and becomes user affiliated and ready for use only at the last step when the user signs in with their credentials. With this method, more work is done by the vendor/admin as they perform the enrollment of the device, go through the steps to complete Google registration, and get the device ready (while your organization’s apps are automatically installed in the background).
Endpoint management used to be famous for being nearly invisible, unless something goes wrong. Now that work has spilled out of the office and moved away from the desktop computer, users are increasingly aware of endpoint management, or at least to how it impacts their productivity. How quickly does their laptop boot up? How seamless is the sign on to corporate resources? How easy is it to use their preferred device to do their work? Over the last six months, we've been working hard to make it easier for end users to enroll Mac devices with Microsoft Intune and more powerful for administrators to manage them. We've had great results from customers who have ditched duplicative tools and moved their macOS management to Intune. See what's new with Intune's macOS device management capabilities and hear about a case study on a company that moved their Macs to Intune.
Admins will be able to use "available" assignment type for DMG and unmanaged PKG app types for macOS. This enables end users to browse and install these apps in the Mac Company Portal. This feature will begin rolling out in June 2024.
New in Intune 2403, native (Dell) BIOS Management capabilities! How does it work? What happens if you do something wrong? Before we start, we're going to need to get some pre-reqs in order, namely: Dell Command | Endpoint Configure for Microsoft Intune. The "secret sauce" that acts as the OEM Agent to apply a BIOS configuration to a device. The documentation is worth reading, but whether you install it manually for testing or wrap it as a Win32 for wider deployment, it's essentially a lightweight version of the Configure command-line and the "Dell.EndpointConfigure.WinServiceAgent" that will run on a device and enact the changes pushed down via Intune.
Onboard Existing PCs to Intune: Co-management (3rd party) [VIDEO]
This insightful video delves into the practical steps of onboarding existing PCs to Intune using co-management, a pivotal process for modern workplace management. The engaging presenter, Steve from getrubiks.com, navigates viewers through the intricacies of transitioning devices from SCCM to Intune, ensuring they are cloud-native ready. With a touch of humor about subway sandwiches and a clear, step-by-step approach, the video is a valuable resource for IT professionals looking to streamline their device management and embrace the benefits of a cloud-based infrastructure. Whether you’re a seasoned SCCM user or new to Intune, this tutorial offers a comprehensive guide to co-managing your device fleet efficiently.
This blog post is a valuable resource for IT professionals seeking to enhance their understanding and management of Delivery Optimization in Microsoft Intune. It provides a comprehensive guide on custom reporting with Power BI, offering insights into data analysis and visualization for Windows Update for Business. The post includes a step-by-step walkthrough on using the Power BI template, understanding telemetry data, and interpreting various report pages. It is particularly useful for those looking to optimize network bandwidth and update efficiency across managed devices, making it an essential read for anyone involved in device management and update deployment strategies.
?
Device Management??????
Many employees rely on multiple devices and applications in today’s work environment. If they’re using devices not on the latest operating system, there may be unsecured endpoints that can weaken an organization’s security. Read the e-book, Securing Today's Workplace: Modern endpoint strategies, to learn strategies to manage endpoints to better protect data, identities, and applications, help secure your organization’s infrastructure for the long term, and support increased productivity and collaboration with modern devices, while reducing costs associated with managing endpoints.
Windows news you can use: April 2024 (1st party)
This April, your job managing Windows 11 is made easier with continuous improvements. Watch out for these new monthly recaps—tailored to your needs as an IT admin or decision maker. Our goal? To help you quickly catch up so you can start using and benefiting from the latest features, capabilities, services, and tools. Let's kick off this new series of "news you can use" with a look at what's new in the world of Windows to help you and your organization stay protected and productive!
Out-of-the-box ways to improve the IT experience | Tackling Tech (1st party) [VIDEO]
Hear honest conversations from the worldwide tech community. From excitement over the latest AI innovations to the non-AI solutions that benefit them as IT professionals, Resh Sarkari, Raymond Comvalius, and Bec Kerr have something to say. Curious how Mesh in Microsoft Teams, BYOD Windows 365 scenarios, and Windows 11 accessibility features can benefit you as an IT pro? Watch this episode of Tackling Tech!
Getting started with Personal Data Encryption (3rd party)
This week is all about a nice feature that was introduced over a year ago, but that didn’t receive a lot of attention yet. That feature is Personal Data Encryption (PDE). PDE was introduced with Windows 11, version 22H2, as a security feature that provides file-based data encryption functionalities to Windows. Not as an alternative to BitLocker, but to work alongside BitLocker. Where the decryption key of BitLocker is released during the boot of the device, the decryption key of PDE is released during the sign-in of the user by using Windows Hello for Business. That makes sure that PDE is basically an additional layer of security, on top of BitLocker, that can focus on providing an additional layer of security for specific apps and their data. This post will start with a short introduction about PDE, followed with the configuration of PDE. This post will end with experiencing PDE.
Manage Windows 11 Readiness dashboard using SCCM (3rd party)
Explore the Windows 11 upgrade readiness dashboard in Configuration Manager to view Windows 10 machines which are ready for Windows 11 upgrade in your environment. In this tutorial, I will show you how to manage the Windows 11 readiness dashboard using SCCM. I will explain all the features that the readiness dashboard offers and how organizations can utilize this feature to find devices eligible for the Windows 11 upgrade. Simply put, the Windows 11 upgrade readiness dashboard was designed to alert administrators or management to devices that are ready for an upgrade.
In this blog post, I’ll describe an example of how we can inform our end users when their device runs an outdated Windows operating system version. Every month Microsoft releases the monthly security update for Windows to keep our devices secure. Most of the devices install this update without issues, but unfortunately on some devices, this isn’t the case, for whatever reason. I recently got the question to automatically create a monthly export of all Windows devices, so local IT could filter out all devices not running the latest OS build. With this information local IT could inform the user of these devices (and request to trigger the Windows update manually or contact the service desk). But why not automatically inform the users of these devices, so the whole process is automated? That’s what we are going to do with this solution.
?
Scripting and Automation
Developers use Microsoft Teams to build solutions for cross-industry, business-to-consumer (B2C) online meeting workflows in use cases such as clinician-led consultations (healthcare), banking and lending (financial services), and apparel purchases (retail). The new Microsoft Graph SMS notification and reminder APIs, now generally available, reduce no shows and facilitate a seamless customer experience. External attendees receive SMS text notifications and reminders with an embedded join link that supports mobile and web browsers. These new APIs give developers access to the hosted Microsoft SMS experience within Teams, with easy configuration that enables quick speed to market.
In July 2022, I wrote about using the Graph APIs to report files in a SharePoint Online document library. The script structure was straightforward: select a site, select a document library within the site, and report the files and folders found within the library. It was my first opportunity to work with SharePoint Online using Graph APIs and was an invaluable learning experience. Time and technology move on and it’s possible to do the same job with the Microsoft Graph PowerShell SDK. I prefer using the Graph PowerShell SDK when possible because it’s easier to work with. Cmdlets renew access tokens when necessary and take care of pagination when fetching data. Cmdlets output PowerShell objects, and so on. Sure, the Graph PowerShell SDK has some irritating foibles, but generally I try to use its cmdlets instead of Graph API requests whenever possible.
?
Security Tools and Guides
Introducing Maester: Your Microsoft 365 test automation framework by Merill Fernando (3rd party) [VIDEO]
This video introduces “Maester,” an open-source test automation framework designed to enhance security testing within Microsoft 365 environments. Merill Fernando, a product manager at Microsoft, presents the framework as a side project fueled by passion, emphasizing its potential to address common security breaches caused by misconfigurations. He highlights the alarming statistics from Gartner that predicted over 99% of cloud breaches would stem from preventable configuration errors. The framework, named after the knowledgeable maesters from Game of Thrones, aims to empower IT admins and cybersecurity professionals with DevOps practices, making complex security testing more approachable. Through a live demonstration, Fernando showcases the ease of installing the Maester module, running out-of-the-box tests, and generating accessible reports. The framework leverages PowerShell and Pester tests to automate the validation of security policies and configurations, ensuring that Microsoft 365 tenants remain secure and compliant.
Hunting in Azure subscriptions (1st party)
In the realm of cybersecurity, the ability to efficiently comprehend and utilize logs within Azure subscriptions for threat hunting is paramount. These investigations typically involve meticulous log analysis aimed at identifying the initial breach and the subsequent actions executed by the Threat Actor. This blog post delves into various strategies and methodologies designed to enhance our grasp of the scope and complexity of how threat actors' maneuver within Azure subscriptions, thereby fortifying our defenses against the ever-evolving landscape of cyberattacks.
Full Disclosure: A Look at a Recently Patched Microsoft Graph Logging Bypass – GraphNinja (3rd party)
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been attacked and would have had no indication of the activity. While this issue was identified in 2023, the exact time of its emergence remains unclear. The bypass was straightforward: by changing the authentication endpoint for Microsoft Graph to that of an unrelated tenant, logon attempts would not appear in the victim's logs. However, verbose error messages would still reveal the validity of User Principal Names (UPNs) and passwords. To be fair – while this vulnerability did enable attackers to silently identify valid credentials, they would then still need to use traditional logon methods that would appear in logs. Microsoft did not issue a CVE for this vulnerability, considering it a 'Low severity issue'. Internally, it was assigned VULN-107279 and the associated ticket was officially closed on March 11, 2024.
The U.S. government has unveiled new security guidelines aimed at bolstering critical infrastructure against artificial intelligence (AI)-related threats. "These guidelines are informed by the whole-of-government effort to assess AI risks across all sixteen critical infrastructure sectors, and address threats both to and from, and involving AI systems," the Department of Homeland Security (DHS) said Monday. In addition, the agency said it's working to facilitate safe, responsible, and trustworthy use of technology in a manner that does not infringe on individuals' privacy, civil rights, and civil liberties.
YARA is dead, long live YARA-X (3rd party)
For over 15 years, YARA has been growing and evolving until it became an indispensable tool in every malware researcher’s toolbox. Throughout this time YARA has seen numerous updates, with new features added and countless bugs fixed. But today, I’m excited to announce the biggest change yet: a full rewrite. Despite the dramatic title of this post, YARA is not actually dead. I’m aware that many people and organizations rely on YARA to get important work done, and I don’t want to let them down. YARA is still being maintained, and future releases will include bug fixes and minor features. However, don’t expect new large features or modules. All efforts to enhance YARA, including the addition of new modules, will now focus on YARA-X.
Let’s be honest, BloodHound and PowerView are objectively better tools for querying, enumerating, and investigating Active Directory (AD). They are more efficient, intuitive and with BloodHound you can track queries easily. It is also worth noting before we dive in, using the -v flag in PowerView will show you the query that is being run and can save a bit of time. However, you may one day find yourself in a situation, as I did in a recent assessment, where those tools are not readily available or viable. In that circumstance, the team could not run either tool from our host and had difficulty proxying in the tools. While we battled to get a solution working to use these tools, we still needed to make progress towards our objectives. Therefore, we took to manually querying with a set of credentials we attained earlier. Manual LDAP searches can be done with ldapsearch on *nix systems, and dsquery on Windows machines.
?
Microsoft News
Equipped with AI and technology skills, women across Southeast Asia find new career opportunities (1st party)
Ninety percent of leaders across Southeast Asia say their employees will need new skills to be prepared for the growth of AI, according to Microsoft’s annual Work Trend Index report released in May of last year, which surveyed a total of 31,000 workers globally. The report surveyed six of the 10 member countries of the Association of Southeast Asian Nations (ASEAN) – Indonesia, Malaysia, Philippines, Singapore, Thailand and Vietnam. Microsoft announced today plans to equip 2.5 million people in the ASEAN region with AI skills by 2025. The training will be delivered with the help of governments, non-profits, businesses and community.
Our 2024 Environmental Sustainability Report (1st party)
Four years ago, Microsoft committed that, by 2030, we would become carbon negative, water positive, zero waste, and protect more land than we use. Since that announcement, we have seen major changes both in the technology sector and in our understanding of what it will take to meet our climate goals. New technologies, including generative AI, hold promises for new innovations that can help address the climate crisis. At the same time, the infrastructure and electricity needed for these technologies create new challenges for meeting sustainability commitments across the tech sector. As we take stock as a company in 2024, we remain resolute in our commitment to meet our climate goals and to empower others with the technology needed to build a more sustainable future.
In the vibrant coastal village of Jatimalang, Indonesia, shrimp farmer Andriyono is revolutionizing aquaculture with the help of Mas Ahya, a generative AI assistant powered by Microsoft Azure OpenAI Service. This innovative tool, accessible via a mobile app, offers real-time insights into water quality, plankton conditions, and market prices, enabling Andriyono to make informed decisions and significantly increase his productivity. The eFishery startup, behind Mas Ahya, aims to modernize traditional fish and shrimp farming, supporting 200,000 farmers and promoting sustainable practices. With technology like automated feeders and water quality monitors, farmers like Andriyono and tilapia farmer Ira Nasihatul Husna are not only improving their yields but also paving the way for a more sustainable future in aquaculture.
Microsoft announces US$1.7 billion investment to advance Indonesia’s cloud and AI ambitions (1st party)
Today, Microsoft announced it will invest US$1.7 billion over the next four years in new cloud and AI infrastructure in Indonesia, as well as AI skilling opportunities for 840,000 people, and support for the nation’s growing developer community. It represents the single largest investment in Microsoft’s 29-year history in the country. Together, these initiatives will help achieve the Indonesian government’s Golden Indonesia 2045 Vision, which aims to transform the nation into a global economic powerhouse. “This new generation of AI is reshaping how people live and work everywhere, including in Indonesia,” said Satya Nadella, Chairman and CEO, Microsoft. “The investments we are announcing today – spanning digital infrastructure, skilling, and support for developers – will help Indonesia thrive in this new era.”
Microsoft announces significant commitments to enable a cloud and AI-powered future for Thailand (1st party)
Today, Microsoft announced significant commitments to build new cloud and AI infrastructure in Thailand, provide AI skilling opportunities for over 100,000 people, and support the nation’s growing developer community. The commitments build on Microsoft’s memorandum of understanding (MoU) with the Royal Thai Government to envision the nation’s digital-first, AI-powered future. Microsoft’s digital infrastructure commitment includes establishing a new datacenter region in Thailand. The datacenter region will expand the availability of Microsoft’s hyperscale cloud services, facilitating enterprise-grade reliability, performance, and compliance with data residency and privacy standards. It follows growing demand for cloud computing services in Thailand from enterprises, local businesses, and public sector organizations. It will also allow Thailand to capitalize on the significant economic and productivity opportunities presented by the latest AI technology.
In 2016, our Chairman and CEO, Satya Nadella, set us on a clear course to adopt a principled and human-centered approach to our investments in artificial intelligence (AI). Since then, we have been hard at work building products that align with our values. As we design, build, and release AI products, six values – transparency, accountability, fairness, inclusiveness, reliability and safety, and privacy and security – remain our foundation and guide our work every day. To advance our transparency practices, in July 2023, we committed to publishing an annual report on our responsible AI program, taking a step that reached beyond the White House Voluntary Commitments that we and other leading AI companies agreed to. This is our inaugural report delivering on that commitment, and we are pleased to publish it on the heels of our first year of bringing generative AI products and experiences to creators, non-profits, governments, and enterprises around the world.
AI is currently at the forefront of global technological advancement, permeating various sectors from insurance to energy, driving efficiency, innovation, and transformative changes in society. With ongoing developments in machine learning and natural language processing, AI continues to reshape industries, offering a glimpse into a future where technology and human ingenuity intersect in exciting new ways. The expanding footprint of AI promises both unprecedented opportunities and considerations for responsible implementation. This willingness of industry leaders to be pioneers of AI was on bold display during the Microsoft AI Tour stop in Paris, part of the global event series designed to help decision makers and developers discover new opportunities with AI and advance their knowledge. Organizations such as Schneider Electric, The Groupama Group, Amadeus, Onepoint, AXA, and TotalEnergies are not just adopting AI; they’re redefining its potential. These groundbreaking use cases are shedding light on a future where AI is not just a tool, but a catalyst for a richer, more efficient, and more sustainable world.
Microsoft experience at Hannover Messe 2024: Accelerating industrial transformation with AI (1st party)
With nearly 130,000 global business and government leaders in attendance, Hannover Messe is the event to showcase innovation in the manufacturing industry. This year, together with our partners and customers, Microsoft showed how our technology is enabling manufacturers to “Accelerate Industrial Transformation with AI.” With almost 40 demonstrations of technology and 30 speaking sessions, we showed how manufacturers can transform their entire value chain from product design to post-sales service with Microsoft technologies.
?
Security News
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps (1st party)
Microsoft discovered a path traversal-affiliated vulnerability pattern in multiple popular Android applications that could enable a malicious application to overwrite files in the vulnerable application’s home directory. The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an application’s implementation. Arbitrary code execution can provide a threat actor with full control over an application’s behavior. Meanwhile, token theft can provide a threat actor with access to the user’s accounts and sensitive data. We identified several vulnerable applications in the Google Play Store that represented over four billion installations. We anticipate that the vulnerability pattern could be found in other applications. We’re sharing this research so developers and publishers can check their apps for similar issues, fix as appropriate, and prevent introducing such vulnerabilities into new apps or releases.
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. Lumen Technologies' Black Lotus Labs examined the new malware and reports that Cuttlefish creates a proxy or VPN tunnel on the compromised router to exfiltrate data discreetly while bypassing security measures that detect unusual sign-ins. The malware can also perform DNS and HTTP hijacking within private IP spaces, interfering with internal communications and possibly introducing more payloads.
Payload Trends in Malicious OneNote Samples (3rd party)
In this post, we look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote files. The interaction then executes an embedded malicious payload. Since macros have been disabled by default in Office, attackers have turned to leveraging other Microsoft products for embedding malicious payloads. As a result, malicious OneNote files have grown in popularity. The OneNote desktop app is included by default in Windows in Office 2019 and Microsoft 365, which can load malicious OneNote files if someone accidentally opens one.
Microsoft is overhauling its security processes after a series of high-profile attacks in recent years. Security is now Microsoft’s “top priority,” the company outlined today in response to ongoing questions about its security practices and the US Cyber Safety Review Board’s labeling of Microsoft’s security culture as “inadequate.” Microsoft CEO Satya Nadella is now making it clear to every employee that security should be prioritized above all else. The Verge has obtained a memo from Nadella to Microsoft’s more than 200,000 employees, where he discusses the new security overhaul and how the company is learning from attackers to improve its security processes. Nadella also makes it explicitly clear that employees should not make security tradeoffs.