Tech News for the week of November 20th, 2023
In honor of Microsoft Ignite last week, you're getting a digital campfire as the logo this week. I've included some Ignite news in the newsletter, but expect a lot more of it next week as well.
Topics in this week’s Newsletter
What’s New Updates
Training
Microsoft 365
Microsoft Sentinel
Microsoft Defender
Azure
Server
Identity Protection and Management
Information Protection and Management
Intune
Device Management
Scripting and Automation
Security Tools and Guides
Microsoft News
Security News
Industry Specific News
?
What’s New Updates
Microsoft Ignite Book of News (1st party)
Welcome once again to Microsoft Ignite and this year’s edition of the Book of News. It’s an action-packed version that features more than 100 announcements in a wide range of topics, including infrastructure, Microsoft Copilot, the relationship between data and AI, new tools for developers and security. The Book of News is designed to be your guide to all our announcements, making it easy for you to navigate the latest information and provide key details on the topics in which you are most interested. We are excited to share some groundbreaking new products and critical updates that help make work and life easier and more productive.
Hello Windows Insiders, today we are releasing Windows 11 Insider Preview Build 25992 to the Canary Channel. If you’re looking to start testing a version of Windows with all the coming sweeping SMB changes, this is where you start.
Sysinternals updates (1st party)
The Sysinternals web site was created in 1996 by Mark Russinovich to host his advanced system utilities and technical information. Whether you’re an IT Pro or a developer, you’ll find Sysinternals utilities to help you manage, troubleshoot and diagnose your Windows and Linux systems and applications.
The refreshed Viva Connections landing experience offers a more intuitive layout and introduces several requested new features including branding capabilities, sending announcements, and support for different card sizes. This experience will also bring the Feed back into the viewport on your Connections page and offers an improved layout to the landing page. A notable change that we will be discussing in this blog is the revamped Resources section that will appear in the refreshed Viva Connections experience.
Microsoft Graph connectors continue to be a powerful extensibility option for Microsoft 365 Copilot and Search. They index your valuable organization content in Microsoft Graph. The Graph also enables Copilot to reason over the entire breadth of your enterprise content. You may index content from data sources like File shares, Service Now, Jira, Confluence, Salesforce etc. and deploy Copilot as your complete AI-powered productivity solution. Here are some recent updates related to Microsoft Graph connectors.
Windows Autopatch, the cloud-based service that automates the deployment of Windows Enterprise security and feature updates, helps you save time, reduce costs, and improve security. We heard your feedback about how we can continue to help you further streamline the update process and we are responding. Several new and upcoming Windows Autopatch enhancements will give you more control, extend the value of your investments, and simplify update management. These enhancements make Windows Autopatch more user-friendly, flexible, and powerful, helping you to optimize your update processes, and keep your devices running smoothly.
?
Training
Ignite 2023 – A look ahead for Microsoft 365 admins (1st party) [FREE]
Microsoft Ignite 2023 is a huge opportunity to join the global community of IT admins who want to know more about how to transform their organizations with Microsoft 365 and with Microsoft Copilot. Sessions this year cover topics ranging from Copilot and AI, to the latest enhancements that drive collaboration and productivity, and not forgetting improvements to simplify management of Microsoft 365.?? You can still register for Ignite’s digital experience, which gets you access to livestream keynotes, breakouts and discussion sessions, Microsoft Cloud Skills challenges, and attendee networking. Some sessions will be recorded and made available after the event for you to get caught up. There’s a lot that’s going to be covered over Ignite.
Patch Tuesday Support Group November Webinar (3rd party)
In this group healing session, we’ll hear from Jordan Benzing regarding the latest round of Microsoft and 3rd Party patches and highlight those that present particularly disturbing vulnerabilities. Then Bryan Dam will spend a few minutes discussing general industry news relevant to fellow system administrators. Our hope for this support group is to provide a short, 30-ish-minute session that fellow system administrators will find helpful in keeping up with our fast-paced industry. Life comes at you fast, so we intend to stay brief and high-level while pointing you toward resources that dig deep if you need to.
Must Learn KQL (3rd party) [FREE]
This repository contains the code, queries, and eBook included as part of the MustLearnKQL series. The series is a continuing effort to discuss and educate about the power and simplicity of the Kusto Query Language. The eBook (PDF) is updated whenever changes are made or new parts of the series are released.
Security plays a key part in the digital world, especially for organizations. They’re constantly facing security threats, so they desperately need security experts and technologies to keep their data safe. That’s how they run into Microsoft Azure, one of the most popular and reliable cloud providers. Microsoft Azure provides different services for monitoring and centralizing security across cloud services. And knowing how to operate a Microsoft Azure environment properly is vital for any IT expert working for a company. If you’re interested in becoming a successful IT security engineer, you’re at the right place. Today’s article explains how a Microsoft Azure Security certification can benefit your career, so let’s jump in.
?
Microsoft 365
At Microsoft Ignite 2023, we’re excited to announce Microsoft Copilot Studio, a low-code tool to customize Microsoft Copilot for Microsoft 365 and build standalone copilots. Copilot Studio is included in Copilot for Microsoft 365 and brings together a set of powerful conversational capabilities—from custom GPTs, to generative AI plugins, to manual topics. Copilot Studio exposes a full end-to-end lifecycle for customizations and standalone copilots within a single pane of glass—you can build, deploy, analyze, and manage all from within the same web experience. And since it’s a software as a service (SaaS), everything you create is live instantly.
SharePoint at Ignite 2023 – The Guide (1st party)
Business runs on content. By 2025, there will be 130 billion terabytes of content–from contracts and invoices, to designs and videos. And to digest all of what’s new and how it fits into your now and soon after, join us for Microsoft Ignite 2023 (Nov.14-17) to learn how AI-powered content management in Microsoft 365 enables content intelligence, optimizes critical business processes, improves governance, and prepares your content for Copilot. Discover the best of what's next in technology, problem-solve with experts, and make global connections to empower yourself to lead your organization.
Microsoft 365 & Power Platform Development Community call November 9th, 2023 (1st party) [VIDEO]
Microsoft 365 & Power Platform Development Community call on November 9th. Recap on news and updates from Microsoft and community projects, followed by demos by the community on the art of possible. Jason Murphy (University of Surrey) – shows off Power Automate Advanced: Treat flows as functions. Paolo Pialorsi (PiaSys) demos implementing SSO-enabled Microsoft Teams Message Extensions with Teams Toolkit. Lastly, Chris Kent (Takeda) shows off folder colors, hover panels, and file previews with the Microsoft Lists formatting. Q&A takes place as always in chat throughout the call.
When we work together and share ideas and files, we achieve our goals faster than working alone. However, as collaboration expands across applications, teams, geographic borders, and time zones, staying organized and locating files has become increasingly challenging. We've all experienced the frustration of not remembering where a file is then having to search through emails, chat conversations, OneDrive or SharePoint sites to find it. To minimize this frustration and save you time, we are thrilled to introduce the People and Meetings views in OneDrive for Web. These new views let you effortlessly locate files based on the people you work with and your meetings. Let's take a look.
Here’s how to enable Preserve Declined Meetings for viewing declined meetings in Outlook (3rd party)
Microsoft is releasing a new Outlook feature called Preserve Declined Meetings (PDM) to keep declined meetings in your calendar, instead of deleting them completely. Once you switch on PDM, your declined meetings will still appear in your calendar so you can easily access the information, documents and chats related to the meeting…and the time slot will still show as available. If you become free to attend the meeting you can update your previous response (RSVP) and accept the invite or forward it to someone else. Due mid to late November 2023.
Power Automate & Quick Parts (3rd party)
What does that title mean?? Translation: Create a Microsoft Flow that will let people fill out a form and place the field values in specific spots of a Word document, so that it looks like a filled-out legal document (or any kind of document).? Quick parts are not new.? They’ve been around since SharePoint / Office 2010.? This post is really just showing a way that they can be used in conjunction with Flow.
?
Microsoft Sentinel
In just two years, the number of password attacks detected by Microsoft has risen from 579 per second to more than 4,000 per second. According to Cybersecurity Ventures, the global cost of cybercrime is expected to reach $10.5 trillion by 2025, up from $3 trillion in 2015.2 On average, organizations use 80 security tools to manage their environment, resulting in security teams facing data deluge, alert fatigue, and limited visibility across security solutions. Security teams face an asymmetric challenge: they must protect everything, while cyberattackers only need to find one weak point. And security teams must do this while facing regulatory complexity, a global talent shortage, and rampant fragmentation. Our new generative AI solution—Microsoft Security Copilot—combined with our massive data advantage and end-to-end security, all built on the principles of Zero Trust, creates a flywheel of protection to change the asymmetry of the digital threat landscape and favor security teams in this new era of security.
Introducing a Unified Security Operations Platform with Microsoft Sentinel and Defender XDR (1st party)
Today, we enable SOC teams to build robust protection using Microsoft Defender XDR (formerly Microsoft 365 Defender), the market’s most comprehensive XDR platform. It provides unified visibility, investigation, and response across endpoints, hybrid identities, emails, collaboration tools, cloud apps, cloud workloads and data. Additionally, our cloud native SIEM solution, Microsoft Sentinel, offers unparalleled visibility into the overall threat landscape, extending coverage to every edge and layer of the digital environment. These experiences are natively integrated with bidirectional connectors, enabling security operations teams to benefit from the comprehensiveness and flexibility of the SIEM and the threat-driven approach of the XDR. We believe it’s time to further unify the security toolkit for our customers and deliver a solution that will meet the needs of an increasingly complex security landscape.
Detecting DOS Attacks (3rd party)
Detecting Denial of Service (DoS) attacks is a crucial aspect of cybersecurity, especially in an era where services are expected to be available 24/7. While DoS attacks may not be as distributed or complex as DDoS (Distributed Denial of Service) attacks, they can still wreak havoc. DoS detection typically revolves around monitoring network traffic for abnormal patterns or spikes that deviate from the baseline “normal” behavior. Techniques like rate-based thresholds are commonly employed, where the number of incoming requests from a single source is limited within a given timeframe.
?
Microsoft Defender
Defend against ransomware with Microsoft Security (1st party) [VIDEO]
Ransomware threats continue to grow in volume and velocity. Microsoft XDR helps to prevent, detect, and respond to ransomware threats with cutting-edge technology that automatically disrupts in-progress attacks. Learn how Microsoft Security provides end-to-end protection to safeguard your organization from the growing threat of ransomware.
Understand and investigate Lateral Movement Paths (LMPs) with Microsoft Defender for Identity (1st party)
A key component of Microsoft Defender for Identity's security insights are Lateral Movement Paths or LMPs. Defender for Identity LMPs are visual guides that help you quickly understand and identify exactly how attackers can move laterally inside your network. The purpose of lateral movements within the cyber-attack kill chain are for attackers to gain and compromise your sensitive accounts using non-sensitive accounts. Compromising your sensitive accounts gets them another step closer to their ultimate goal, domain dominance. To stop these attacks from being successful, Defender for Identity LMPs give you easy to interpret, direct visual guidance on your most vulnerable, sensitive accounts. LMPs help you mitigate and prevent those risks in the future, and close attacker access before they achieve domain dominance.
Endpoints remain critical entryways for adversaries to begin their reconnaissance before moving laterally through an organization. That’s why Endpoint Detection and Response (EDR) solutions have become a critical component in most cyber tool sets and are essential in helping SOC teams detect and respond to these threats early. Today we are excited to announce deception as a built-in capability in Microsoft Defender for Endpoint. Augmenting its powerful EDR capabilities, you can now create an artificial attack surface that entices adversaries to access assets you created just for them, and triggers high-fidelity, early-stage signal when accessed. As a built-in capability, deception is generated and deployed automatically to add a new layer of protection for devices in your organization, while enabling the SOC team to speed up their response.
Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA) 2.6 released (3rd party)
Microsoft has recently released a new and updated version (2.2) of the Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA). Office 365 Recommended Configuration Analyzer ORCA is a report that you can run in your environment which can highlight known configuration issues and improvements that can impact your experience with Microsoft Defender for Office 365 (formerly Office 365 Advanced Threat Protection). The ORCA is a great little PowerShell script, to give you a good overview of your Defender for Office settings and recommendations.
In today’s interconnected world, mobile devices are more than just communication tools. They are repositories of sensitive corporate data and business applications, making them a prime target for cybercriminals. To ensure robust protection against these evolving threats, Microsoft introduces Defender for Android, a powerful tool specifically designed to safeguard Android Enterprise devices. Defender for Android is an innovative, comprehensive mobile threat defense solution that helps prevent, detect, and respond to sophisticated threats targeting Android Enterprise devices. The platform provides powerful anti-phishing capabilities, blocking malicious sites accessed through SMS, WhatsApp, email, browsers, and other apps. Moreover, Defender for Android’s built-in device risk level assessment keeps organizations informed about potential risks and helps them take proactive measures to mitigate them.
?
Azure
Simplify IT management with Microsoft Copilot for Azure – save time and get answers fast (1st party)
Today, we’re announcing Microsoft Copilot for Azure, an AI companion, that helps you design, operate, optimize, and troubleshoot your cloud infrastructure and services. Combining the power of cutting-edge large language models (LLMs) with the Azure Resource Model, Copilot for Azure enables rich understanding and management of everything that’s happening in Azure, from the cloud to the edge. The cloud management landscape is evolving rapidly, there are more end users, more applications, and more requirements demanding more capabilities from the infrastructure. The number of distinct resources to manage is rapidly increasing, and the nature of each of those resources is becoming more sophisticated. As a result, IT professionals take more time looking for information and are less productive. That’s where Copilot for Azure can help.
Fast, Expert-led Azure Assessment (1st party)
Azure Expert Assessment is a new offering where you will receive an assessment to help plan your cloud adoption, by collaborating with Azure?experts. It is designed with automation in every step of the engagement to?expedite your unique?assessment needs, such as SQL Server Migration, Windows Server Migration, Optimization best practices, and more. Claim your vouchers now and get started with Azure Expert Assessment at no cost to you. At the end of your engagement, enjoy free downloads of tailored assessments reports specific to your needs, with next steps and value-adds clearly defined, and receive a free voucher to advance to Azure SQL Migration Factory after successful completion of your assessment.
I am excited to announce a comprehensive refresh of the Well-Architected Framework for designing and running optimized workloads on Azure. Customers will not only get great, consistent guidance for making architectural trade-offs for their workloads, but they’ll also have much more precise instructions on how to implement this guidance within the context of their organization. Cloud services have become an essential part of the success of most companies today. The scale and flexibility of the cloud offer organizations the ability to optimize and innovate in ways not previously possible. As organizations continue to expand cloud services as part of their IT strategies, it is important to establish standards that create a culture of excellence that enables teams to fully realize the benefits of the modern technologies available in the cloud. At Microsoft, we put huge importance on helping customers be successful and publish guidance that teaches every step of the journey and how to establish those standards. For Azure, that collection of adoption and architecture guidance is referred to as Azure Patterns and Practices.
What is Azure Front Door? (1st party)
Whether you’re delivering content and files or building global apps and APIs, Azure Front Door can help you deliver higher availability, lower latency, greater scale, and more secure experiences to your users wherever they are. Azure Front Door is Microsoft’s modern cloud Content Delivery Network (CDN) that provides fast, reliable, and secure access between your users and your applications’ static and dynamic web content across the globe. Azure Front Door delivers your content using Microsoft’s global edge network with hundreds of global and local points of presence (PoPs) distributed around the world close to both your enterprise and consumer end users.
Azure empowers intelligent services like Microsoft Copilot, Bing, and Azure OpenAI Service that have captured our imagination in recent days. These services, facilitating various applications like Microsoft Office 365, chatbots, and search engines with generative AI, owe their magic to large language models (LLMs). While the latest LLMs are transcendental, bringing a generational change in how we apply artificial intelligence in our daily lives and reason about its evolution, we have merely scratched the surface. Creating more capable, fair, foundational LLMs that consume and present information more accurately is necessary.
You can use a chaos experiment to verify that your application is resilient to failures by causing those failures in a controlled environment. In this article, you cause a high CPU event on a Linux virtual machine (VM) by using a chaos experiment and Azure Chaos Studio. Running this experiment can help you defend against an application from becoming resource starved. You can use these same steps to set up and run an experiment for any agent-based fault. An agent-based fault requires setup and installation of the chaos agent. A service-direct fault runs directly against an Azure resource without any need for instrumentation.
Earlier this year, we announced the preview of Azure Container Storage (ACS), the industry’s first platform-managed container native storage service in the public cloud, providing highly scalable, cost-effective persistent volumes, built natively for containers. Today, we are announcing the preview update enabling advanced capabilities on resiliency, security, data protection and an Azure Kubernetes Service (AKS)-integrated install experience enabling you to easily use block storage volumes for production-scale stateful container applications on Azure.
Azure OpenAI offers innovative capabilities that drastically transform operations, decision-making, and service delivery in various organizational settings. Leveraging AzOpenAI and Azure Integration Services is essential for organizations to unlock new capabilities, enhance decision-making and streamline operations. However, the challenges of integrating disparate systems and data environments can limit the effectiveness and efficiency of AzOpenAI applications. This paper explores some guiding principles for application integration, including the establishment of interoperable standards, breaking down data silos, standardizing data integration protocols, and formulating a robust data strategy with a unified data model at its core. By addressing these challenges, the groundwork for leveraging OpenAI can be laid, paving the way for organizations to harness the full spectrum of its capabilities. The essay delves into three core challenges: multiple systems siloing data, mixed integration, and poor data strategy, shedding light on the underlying issues within these categories that pose hurdles to leveraging OpenAI. Furthermore, it explores the importance of Azure Integration Services and guiding architectural principles.
If you are a student developer or an entrepreneur who wants to build applications using Azure, you might be wondering how to choose the best Azure region for your needs. Azure regions are geographically distributed locations where Azure services are available. Choosing the right region can affect the performance, cost, and availability of your applications. One way to compare Azure regions is to use Azure Speed Test and Azure Latency Test. These are web-based tools that allow you to measure the network speed and latency between your browser and various Azure regions. You can use these tools to find out which regions have the fastest and most reliable connections for your target audience.
Log Analytics dashboards can visualize all of your saved log queries. Visualizations give you the ability to find, correlate, and share IT operational data in your organization. This tutorial covers creating a log query that will be used to support a shared dashboard that can be accessed by your IT operations support team. You learn how to create a shared dashboard in the Azure portal, visualize a performance log query, add a log query to a shared dashboard, and customize a tile in a shared dashboard.
I’m sure you know the continuous increase in ransomware attacks across industries worldwide. These attacks have been increasing, not only in terms of frequency but in terms of the complexity and sophistication that happen every day. Backups are a key target for ransomware attackers and hence a rise in the need for security and ransomware protection for our backups. In this guide, we will discuss how to protect your backups from ransomware with Azure Backup.
Today at Microsoft Ignite 2023, I will be presenting Upgrade and migrate Windows Server IaaS virtual machines on an interactive Learn Live online streaming session together with Cloud Solution Architect and Microsoft MVP Bert Wolters. In this session we will go through the Microsoft Learn module and provide you with some great demos on how to migrate a workload running in Windows Server to an infrastructure as a service (IaaS) virtual machine (VM) with Azure Migrate, and to Windows Server 2022 by using Windows Server migration tools or the Storage Migration Service. We will also show how you can manage on-premises machines which can’t be migrated to Microsoft Azure, using Azure Arc.
?
Server
Azure MMA Agent Bulk Removal (1st party)
In the following sections of this blog, I will provide a step-by-step guide to help you migrate away from MMA to AMA. This guide is designed to make the transition as smooth and seamless as possible, minimizing any potential disruptions to your monitoring workflow. But that is not all. To make things even easier, there is a GitHub site that hosts the necessary binaries for this migration process. These binaries will be used to install a set of utilities in Azure, including a process dashboard. This dashboard will provide you with a visual representation of the migration process, making it easier to track and manage.
?
Identity Protection and Management
Before you introduce Microsoft 365 Copilot into your environment, Microsoft recommends that you build a strong foundation of security. Fortunately, guidance for a strong security foundation exists in the form of Zero Trust. The Zero Trust security strategy treats each connection and resource request as though it originated from an uncontrolled network and a bad actor. Regardless of where the request originates or what resource it accesses, Zero Trust teaches us to "never trust, always verify." This article provides steps to apply the principles of Zero Trust security to prepare your environment for Microsoft 365 Copilot in the following ways.
As the digital world continues to expand, so do the risks and challenges of cybersecurity. There are more identities, endpoints, apps, and data to protect from nefarious groups staffed by skilled talent with funding from nation states and criminal syndicates. And in the new era of AI, there will be infinite new ways for malicious actors—including insiders—to cause damage. Everything we’re adding to Microsoft Entra is designed to help you stay ahead of the evolving threat landscape. It all comes down to one principle: make it easier for you to stay secure. Whether you’re a large enterprise with a team of defenders or a small business with no IT department at all, we want to help you deploy the right tools and configure the right policies.
领英推荐
Leave an organization as an external user (1st party)
When a B2B collaboration user leaves an organization, the user's account is "soft deleted" in the directory. By default, the user object moves to the Deleted users area in Microsoft Entra ID, but permanent deletion doesn't start for 30 days. This soft deletion enables the administrator to restore the user account, including groups and permissions, if the user makes a request to restore the account before it's permanently deleted. If desired, a tenant administrator can permanently delete the account at any time during the soft-delete period with the following steps. This action is irrevocable.
You can specify the lifetime of an access, ID, or SAML token issued by the Microsoft identity platform. You can set token lifetimes for all apps in your organization, for multitenant (multi-organization) applications, or for service principals. We currently don't support configuring the token lifetimes for managed identity service principals. In Microsoft Entra ID, a policy object represents a set of rules that are enforced on individual applications or on all applications in an organization. Each policy type has a unique structure, with a set of properties that are applied to objects to which they're assigned.
Bringing Passkey into your Passwordless Journey (1st party) [VIDEO]
The industry is all abuzz with excitement about passkeys! As most customers are either deploying a form of Passwordless credential or planning to in the next few years there's no better time to learn about passkeys. Join the Microsoft Entra product team as we walk you through the background of where passkeys came from, their impact on the passwordless ecosystem, the product features and roadmap bringing passkeys into the Microsoft Entra passwordless portfolio and phishing resistant strategy.
Organizations who have enabled password hash synchronization can allow password changes on-premises to remediate user risk. This configuration provides organizations two new capabilities. Risky hybrid users can self-remediate without administrators intervention. When a password is changed on-premises, user risk is now automatically remediated within Entra ID Protection, resetting the current user risk state. Organizations can proactively deploy user risk policies that require password changes to confidently protect their hybrid users. This option strengthens your organization's security posture and simplifies security management by ensuring that user risks are promptly addressed, even in complex hybrid environments.
I’ve learned something new today. Hear me out. Up until now, sending emails using managed identities trough Graph API was a bit of a hassle. You needed to grant access using Graph API or Powershell first, but before you could do that, you needed to find the correct IDs for Graph API, the Managed Identity, and the permission itself. Lucky for us, Jan Vidar spoiled us with this nice blog post, which I used pretty often. Next, you would end up with a managed identity that could send mail from EVERY mailbox in your tenant. In order to limit that, we needed to use App Access Policies in Exchange Online to restrict access to specific mailboxes. A cumbersome process if you ask me. I like things simple.
In a Windows environment, users authenticate to their machines (either locally or remotely) with their username and password. Behind the scenes, Windows hands off all authentication related tasks to the Local Security Authority Subsystem Service (LSASS) process. This process, known as “lsass.exe”, stores all sensitive authentication data in its memory, including user credentials and password hashes. Knowing this, attackers target the data in the LSASS process to steal users’ sensitive Windows credentials from a previous logged session. Once credentials have been compromised, attackers can further their malicious lateral movement on the network. This process is known as credential dumping and is a key phase during an attacker’s kill chain to compromise accounts, passwords, and hashes.
?
Information Protection and Management
How AI Gives You Data Synthesis Superpowers (1st party)
We’re all living in a data haystack. You’ve got files on your OneDrive—some organized, some dumped in a heap in your documents. Files on your corporate server—some properly named and categorized, some not. Somewhere among your calendar, emails, chats, documents, meetings, and contacts is a needle—the sliver of insight you need now. Think of Microsoft 365 Copilot as a magnet. One of the most powerful aspects of Copilot is its ability to search across the web and all the information you have access to—your organization’s data as well as your own—and pull out just the data and info you need in a secure, compliant, and privacy-preserving way.
We are excited to announce that we are rolling out a new homepage for the Search & Intelligence Admin portal, the central place to learn and administer Microsoft Search capabilities for your organization. The new homepage provides you with a single entry point to access a range of Microsoft Search features and functions, such as Graph connectors, user feedback, Microsoft Search educational content, and more. The new homepage also helps you discover new ways to enhance your search experience and monitor feature status.
Introducing SharePoint Premium – the future of AI powered content management and experiences (1st party)
Content is the lifeblood of every organization. It is how great teams collaborate to build better products and services to delight customers. It is how leaders drive process transformation to increase agility and lower costs. And how organizations harness their knowledge to make better decisions and help employees grow. Because of this, more content is being created than ever before – two billion documents daily in Microsoft 365 – so it needs to be organized and managed with robust processes, security and compliance. As the opportunities with AI and Copilot make content even more valuable to the growth of your organization and your employees, this means a comprehensive and innovative content management solution is more valuable than ever. Today we’re excited to introduce the new SharePoint Premium, our advanced content management and experiences platform and our next evolution for Syntex. SharePoint Premium brings AI, automation, and added security to your content experiences, processing, and governance. With SharePoint Premium we’ll be transitioning the services already released as part of Syntex, including SharePoint Advanced Management, to join the growing family of SharePoint services along with brand new content experiences.
Microsoft Copilot for Microsoft 365 messages are automatically included in the retention policy location named Teams chats and Copilot interactions because they are retained and deleted by using the same mechanisms. Users don't have to be using Teams for the retention policy to apply to Copilot for Microsoft 365. The information in this article supplements Learn about retention because it has information that's specific to Microsoft Teams messages and interactions with Microsoft Copilot for Microsoft 365.
While AI-powered productivity tools unlock valuable insights and boosts user productivity, they also introduce new user activities and produce a lot of data. Just like other enterprise activities and data, they require security and compliance management. The following capabilities from Microsoft Purview strengthen your data security and compliance for Microsoft Copilot for Microsoft 365.
Microsoft Viva Topics enables your organization to discover, explore and easily contribute knowledge proactively inside of Microsoft 365 apps such as Outlook, SharePoint and Microsoft Teams. Today we are excited to announce that we are extending Topics functionality into Microsoft Copilot for Microsoft 365. Topics will ground your Copilot experience with knowledge from inside your organization, to bring the best of AI and crowdsourced knowledge & expertise to your flow of work.
If you’ve ever read any Microsoft 365 marketing material, you’ve no doubt seen the word “collaboration” appear countless times. Making it easier for people to work together is one of the core benefits of Microsoft 365. From co-authoring documents in SharePoint Online to Teams chat and meetings, many aspects of Microsoft 365 support collaboration between users. Extending collaboration to external organizations is a relatively straightforward process. However, some organizations may choose to limit the levels of interaction available with external organizations based on privacy, compliance, or security concerns.
Crash Course in Microsoft Purview: A guide to securing and managing your data estate (1st party) [E-BOOK]
Data has become the lifeblood of every business. But to fuel innovation and growth, data must be readily discoverable, understandable, governable, and safe. Unfortunately, 42 percent of organizations say at least half of their data is “dark”—that is, unknown or unused for business purposes. This problem has been compounded by the shift to hybrid work, unprecedented levels of digital transformation, and environments that now span many different devices, apps, and clouds. The market has responded with dozens of products that address fragments of the data protection, governance, and compliance landscape. But these point solutions typically don’t work well together, exposing infrastructure gaps and increasing the complexity and costs of management. Microsoft Purview was designed to meet these challenges. It’s a platform-based approach that enables information protection, data governance, risk management, and compliance across multicloud, multiplatform data estates.
?
Intune
Public key infrastructure (PKI) is enormously complex, time consuming, and requires deep expertise. For many years, customers have been asking for a cloud-based PKI offering and in February 2024 we will answer that ask with Microsoft Cloud PKI, a key addition to the Microsoft Intune Suite.Microsoft Cloud PKI helps organizations accelerate digital transformation by simplifying certificate management and moving it to the cloud. With Cloud PKI, you will no longer have to deploy, configure and manage on premises servers or procure hardware. You will be able to create multiple certification authorities and manage the lifecycle of certificates issued to Intune-managed devices. This means you can set up PKI infrastructure in minutes instead of weeks – and eliminate the need for lengthy planning, coordination, procurement and deployment. Our new solution will greatly simplify and automate certificate management.
Modern management innovation shaping endpoint security (1st party) [FREE]
Top issues on the minds of CTO and CISOs? How to defend against the evolving sophistication of cyber threats while ensuring a productive workforce. Your device security posture and performance depend on modern endpoint management solutions that are cloud-based, unified and AI enabled. Join us to explore the newest wave of Microsoft Intune innovation to shape your defense-in-depth strategy for a secure and productive end user computing estate.
Support tip: BitLocker and Compliance policies (1st party)
When working with compliance policies, it’s important to understand the complex series of actions that must take place on the device for them to apply properly. For example, a common scenario that may occur includes BitLocker being enabled on the device with the drive encrypted but the compliance policy shows non-compliant for BitLocker. IT administrators need to understand how compliance policies impact BitLocker to troubleshoot scenarios such as this.
Management of macOS devices using Intune (3rd party)
Recently I had the opportunity to deploy an Intune solution for macOS management for one of my customers. I configured everything in my lab first and tested using my trusty MacBook (Monterey 12.6.1). I'm finally getting around to blog about the experience.
Have you ever encountered an error while attempting to upload custom ADMX files in Intune? If you're facing the "ADMX file referenced not found NamespaceMissing:Microsoft.Policies.Windows" error, I can relate. In this article, I'll share my experience and guide you through the steps I took to resolve this issue and successfully upload custom ADMX files in Microsoft Intune.
My vision (a.k.a North Star) for the Modern Workplace on Windows would be a workplace where minimal applications are installed, users mainly interact with SaaS based applications which they access through the web browser, or access using application add-ins in their browser or the Microsoft 365 apps. For this reason, I’m against installing big and complex applications on the Modern Workplace. Anyway, in some cases you need to make applications available to your Modern Workplace and if you must, I hope this article will give you some guidance on how to set this up.
In this blog post, I will show you how to use Intune Remediations to map printers and drives on Windows Entra Joined devices. Intune Remediations are script packages that can detect and fix common support issues on a user’s device. I have created a remediation script that will create a scheduled task that will map printers or drives when user logon or connect VPN.
?
Device Management
This spreadsheet lists the policy settings for computer and user configurations that are included in the Administrative template files delivered with Windows 11 2023 Update (23H2). You can configure these policy settings when you edit Group Policy Objects.
This week is all about Windows Hello for Business. More specifically, about Windows Hello for Business cloud Kerberos trust. Not something really new, but definitely something that should be part of the default toolset. Hopefully familiar nowadays, Windows Hello for Business can be used to replace password sign-in with strong authentication on Windows. On top of that, Windows Hello for Business cloud Kerberos trust brings a simplified deployment experience for hybrid authentication with Windows Hello for Business. To provide that functionality, it relies on Microsoft Entra Kerberos for requesting Kerberos ticket-granting-tickets (TGTs). And those TGTs can then be used for on-premises authentication.
Windows LAPS in 9 mins: Hackers DON’T watch this! (3rd party) [VIDEO]
Windows LAPS is the newest & best way to manage your local admin passwords!? Learn how to INSTALL, CONFIGURE and MANAGE Azure LAPS in less than 9 minutes.? Cloud LAPS is the future of secure local admin passwords, quick and easy!
I have updated the script I use to uninstall built in apps in Windows 10 and Windows 11. Windows 11 22H2 has some changes when it comes to removing built-in apps. Is uninstalling built-in apps still a thing, yes it is. Teams Personal is one example of a similar app to Teams that causes unnecessary helpdesk calls and confusion for the end-users. Attack vector is also a thing as some built-in apps have vulnerabilities and some apps are being abused like Power Automate and Quick Assist.
Majority of organizations will allow end users to retrieve the BitLocker recovery key through self-service. While this certainly eases the manageability and cuts down on support calls, the question to ask here is whether it is secure or not. To give some more context, my test device lost connectivity to internet due to rouge Defender FW policies. Not being able to fix this in full OS mode, I circumvented the problem by booting into advanced startup and disabling the Defender components to check if that gets the device back on the internet, which it eventually did and I was then able to fix the issue by applying correct set of policies using Intune. Now that we have established the context, let's look at the various ways through which one can implement controls around the retrieval of the BitLocker recovery key.
Introducing: Windows Cache Cleanup Tool (3rd party)
Update, Component, Volume, Configuration Manager Client, and Shadow Copy all create caches that take up a lot of space. All these caches can be safely purged without major issues. One exception is the update cache which when cleaned will make all installed updates non-removable. This tool was specifically created for cleaning up the Windows Image during a Build and Capture task sequence, but can also be used as a standalone cleanup tool or in a Configuration Baseline.
?
Scripting and Automation
Microsoft Intune Management - Connect securely to Intune with Microsoft Graph and PowerShell! (1st party)
Dear Microsoft Intune friends, in this article I will show you how to create a "secure" connection to Microsoft Intune with Microsoft Graph and PowerShell! In this example, we use an app registration in Microsoft Entra ID and a certificate created on the local machine.
In this post we will see how to use PowerShell and Azure Automation to automatically add a device when Windows Autopilot is successfully completed.
Managing a secure and reliable VPN infrastructure is critical for supporting today’s highly mobile workforce. For Always On VPN administrators, PowerShell is an indispensable tool for achieving this goal. Not only can PowerShell be used to automate the installation and configuration of Windows Server Routing and Remote Access Service (RRAS) server, but it can also be used to audit configuration and monitor system health and user activity as well. In addition, it is highly recommended that the RRAS role be installed on Server Core for optimum security and performance. Administrators must be familiar with these PowerShell commands and more to support RRAS on Windows Server Core in their environment.
This post takes you through Microsoft Azure Active Directory Conditional Access policies using the PowerShell Graph SDK module.
PowerShell App Deployment Toolkit with Microsoft Intune (3rd party) [VIDEO]
In this video we walk through how to use the awesome PowerShell Application Deployment Toolkit with Microsoft Intune, step by step.
?
Security Tools and Guides
Safeguarding your online identity and data has never been more critical. “World More Than A Password Day” is a global movement to emphasize the importance of stronger online authentication and to release essential password guidance for businesses and individuals. “World More Than A Password Day” is not merely to raise awareness but to serve as a call to action. With up to 80% of data breaches attributed to stolen or weak passwords, the time has come to elevate our defenses, embracing stronger authentication methods that go beyond mere passwords.
CISA and Artificial Intelligence (3rd party)
The security challenges associated with AI parallel cybersecurity challenges associated with previous generations of software that manufacturers did not build to be secure by design, putting the burden of security on the customer. Although AI software systems might differ from traditional forms of software, fundamental security practices still apply. As noted in the landmark Executive Order 14110, “Safe, Secure, And Trustworthy Development and Use of Artificial Intelligence (AI),” signed by the President on October 30, 2023, “AI must be safe and secure.” As the nation’s cyber defense agency and the national coordinator for critical infrastructure security and resilience, CISA will play a key role in addressing and managing risks at the nexus of AI, cybersecurity, and critical infrastructure.
This guide walks you through how to use the AzureADRecon tool to scan your environment and then import that data into Sentinel for some deep analytics.
RedEye: Red Team C2 Log Visualization (3rd party)
RedEye is an open-source analytic tool developed by CISA and DOE’s Pacific Northwest National Laboratory to assist Red Teams with visualizing and reporting command and control activities. This tool allows an operator to assess and display complex data, evaluate mitigation strategies, and enable effective decision making in response to a Red Team assessment. The tool parses logs, such as those from Cobalt Strike, and presents the data in an easily digestible format. The users can then tag and add comments to activities displayed within the tool. The operators can use the RedEye’s presentation mode to present findings and workflow to stakeholders.
?
Microsoft News
At Microsoft, we have a unique responsibility and leading role to play in securing the future for our customers and our community. We have a long and proud history of delivering innovative and impactful products and services that have shaped the industry and transformed the lives of billions of people around the world. We have also been at the forefront of developing and adopting security best practices, standards and tools that have helped us protect our customers and ourselves from cyberthreats and risks. Our move to Zero Trust, multifactor authentication, modern device management, and enhanced telemetry and detections have driven an embedded security culture across our company.
?
Security News
On Nov 2nd, a potential vulnerability in our on-premise software came to our security team’s attention. We immediately initiated our incident response protocol and began proactively communicating with our on-premise customers to ensure they could implement a mitigation solution we had identified.? We engaged Profero, a cyber security incident response company, to assist us in our investigation.? The investigation determined that there was a zero-day vulnerability in the SysAid on-premises software. We urge all customers with SysAid on-prem server installations to ensure that your SysAid systems are updated to version 23.3.36, which remediates the identified vulnerability, and conduct a comprehensive compromise assessment of your network to look for any indicators further discussed below.? Should you identify any indicators, take immediate action and follow your incident response protocols.
The Russian ransomware gang behind the exploitation of several popular file transfer tools is now exploiting a new vulnerability in SysAid IT support software, according to a new report. On Wednesday night, security officials at Microsoft said the Clop ransomware gang — which they refer to as Lance Tempest — is targeting new victims through the bug, which SysAid patched after being informed of the attacks. SysAid allows customers to manage a suite of IT services.
Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. While fourteen remote code execution (RCE) bugs were fixed, Microsoft only rated one as critical. The three critical flaws fixed today are an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a Hyper-V escape flaw that allows the executions of programs on the host with SYSTEM privileges.
One of the nation’s largest private radiology companies agreed to pay a $450,000 fine after a 2021 ransomware attack led to the exposure of sensitive information from nearly 200,000 patients. In an agreement announced on Wednesday, New York Attorney General Letitia James said US Radiology failed to remediate a vulnerability announced by security company SonicWall in January 2021. US Radiology used the company’s firewall to protect its network and provide managed services for many of its partner companies, including the Windsong Radiology Group, which has six facilities across Western New York.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be weaponized to launch massive DoS amplification attacks. It was disclosed by Bitsight and Curesec earlier this April.
Washington’s State Department of Transportation is recovering from a cyberattack that is causing a range of issues for local ferries and apps used for maps. The issues began on Tuesday morning, when the department’s website, cameras and app went down. The department’s IT team began working on the issue and started an investigation. Everything from travel maps to traffic cameras, ferry vessel video feeds, mountain pass reports, online freight permits and more were affected by the incident.
Cybersecurity researchers have discovered a stealthy backdoor named Effluence that's deployed following the successful exploitation of a recently disclosed security flaw in Atlassian Confluence Data Center and Server. "The malware acts as a persistent backdoor and is not remediated by applying patches to Confluence," Aon's Stroz Friedberg Incident Response Services said in an analysis published earlier this week. "The backdoor provides capability for lateral movement to other network resources in addition to exfiltration of data from Confluence. Importantly, attackers can access the backdoor remotely without authenticating to Confluence."
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool. Threat actors are leveraging local ScreenConnect instances used by Transaction Data Systems (TDS), a pharmacy supply chain and management systems solution provider present in all 50 states. Researchers at managed security platform Huntress spotted the attacks and report seeing them on endpoints from two distinct healthcare organizations and activity indicating network reconnaissance in preparation of attack escalation.
In early November, the Cogdell Memorial Hospital (Scurry County Hospital District) announced it was experiencing a computer network incident that prevented the hospital from accessing some of its systems and severely limiting the operability of its phone system. The hospital immediately removed network connectivity and continued to provide most routine services. The facility operates as a Critical Access Hospital and a Rural Health Clinic serving rural West Texas. The Lorenz extortion group claimed responsibility for the security breach and added the hospital to its Tor leak site. The group claims to theft of more than 400GB of data, including internal files, patient medical images, and also employee email communications.
?
Industry Specific News
Agriculture - Evolving Microsoft Azure Data Manager for Agriculture to transform data into intuitive insights (1st party)
As AGRITECHNICA 2023—the world’s leading trade fair for agricultural machinery—makes a triumphant return after nearly four years, over 450,000 attendees from 130 countries will come together to witness the latest and greatest agriculture innovations firsthand. However, not all of these breakthrough innovations take up large exhibition spaces. Some are quietly revolutionizing the industry through data and analytics, equipping farmers with tools for smarter, data-driven decision-making. These data-driven tools—including transformative AI that is reshaping industries—depend on clean, unified data. That’s why we announced Microsoft Azure Data Manager for Agriculture in March 2023, a data platform that leverages industry-specific data connectors and capabilities to connect and unify farm data from disparate sources.
Sports - LALIGA delivers next-generation fan experiences by reimagining data and AI at scale (1st party)
As one of the world’s largest sports leagues, LALIGA is a familiar name to soccer enthusiasts. To meet the ever-evolving demands of a content-driven entertainment enterprise, LALIGA puts fans first when developing new initiatives. In support of its over 2.8 billion soccer fans worldwide and more than 200 million followers in social media, LALIGA set strategic goals to continually evolve its digital ecosystem, creating an infrastructure to support the organization's growth. LALIGA’s partnership and move to Azure has transformed fan engagement, driven revenue growth, and created new opportunities for sports clubs, leagues, and federations.