Tech news for the week of September 30th, 2024
Topics in this week’s Tech Newsletter
Enterprise Impacting
What’s New Updates
Training
Copilot and AI
Microsoft 365
Windows 365 and Azure Virtual Desktop
Microsoft Defender
Azure
Server
Identity Protection and Management
Information Protection and Management
Intune
Device Management
Security Tools and Guides
Microsoft News
Security News
Industry Specific News
?
Enterprise Impacting
Adding your Microsoft Entra account to a device (1st party)
Enterprise Impacting: The changes to the single sign-on enrollment page mentioned in this article are scheduled for October of 2024. The single sign-on (SSO) enrollment page is shown when you're trying to access protected resources through an app. The page is where you decide if you want to add your account to the device. When an app like Outlook tries to access a protected resource, you see the SSO enrollment page requesting you to add your account to the device. This functionality enables your administrator to make sure your device is compliant with your organization's security requirements. Adding your account to the device gives you the ability to seamlessly sign in to all your desktop apps. It also provides you with more security features. This dialog only appears when using your Microsoft Entra accounts.
Enterprise Impacting: As part of our vision for simplified Windows management from the cloud, Microsoft has announced deprecation of Windows Server Update Services (WSUS). Specifically, this means that we are no longer investing in new capabilities, nor are we accepting new feature requests for WSUS. However, we are preserving current functionality and will continue to publish updates through the WSUS channel. We will also support any content already published through the WSUS channel. Deprecation is the stage of the product lifecycle when a feature or service is no longer in active development. WSUS deprecation does not impact existing capabilities or support for Microsoft Configuration Manager. While the WSUS role remains available in Windows Server 2025, we recommend organizations transition to cloud tools, including Windows Autopatch and Microsoft Intune for client update management and Azure Update Manager for server update management.
Enterprise Impacting: Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. This move isn't surprising, as Microsoft first listed WSUS as one of the "features removed or no longer developed starting with Windows Server 2025" on August 13. In June, the company also revealed that it would also soon deprecate WSUS driver synchronization. Introduced in 2005 as Software Update Services (SUS), WSUS allows IT administrators to manage and distribute updates for Microsoft products across large corporate networks that require consistent and controlled updates for large numbers of Windows devices. It acts as an intermediary and offers centralized control over updates rather than having each device download them individually from Microsoft's servers.
Enterprise Impacting: After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. ActiveX is a legacy software framework introduced in 1996 that enables developers to create interactive objects that can be embedded in Office documents. Redmond will start by turning off ActiveX controls in documents opened in Win32 Office desktop apps in October 2024, a change that will also roll out to Microsoft 365 apps in April 2025. "Starting in new Office 2024, the default configuration setting for ActiveX objects will change from Prompt me before enabling all controls with minimal restrictions to Disable all controls without notification," the company said in a new Microsoft 365 message center entry.
?
What’s New Updates
What’s new in Windows Autopatch: September 2024 (1st party)
In modern IT environments, ensuring that Windows updates are deployed quickly is critical to business productivity and worker satisfaction. Policy conflicts can disrupt the update process, preventing devices from updating and negatively affecting monthly patch compliance. That is why we are excited to highlight that you can now use PowerShell scripts with Windows Autopatch to resolve policy conflicts. Let’s look at what causes policy conflicts and, more importantly, how you can easily resolve them with PowerShell scripts.
What's New for Planner in Teams in August 2024 (1st party)
The Planner team is excited to share some fresh new updates in the Planner app for Microsoft Teams. We thank you for your valuable feedback that helps shape feature updates, and hope these capabilities significantly enhance your experience managing tasks and coordinating team initiatives.
?
Training
Administer Active Directory Domain Services (1st party) [FREE]
To earn this Microsoft Applied Skills credential, learners demonstrate the ability to administer Active Directory Domain Services (AD DS). Candidates for this credential should be familiar with Windows Server, core networking technologies, PowerShell basics, and AD DS concepts and technologies.
Even in the age of AI, the need for human talent isn’t going away anytime soon, with some 4 million cybersecurity jobs still available globally. At the same time, IT professionals and security practitioners who can meet evolving security needs have much to gain. For instance, professionals with AI skills earn 21% more on average than those without. Whether you want to further your security career through technical upskilling or need to fortify your teams’ abilities with game-changing technologies like AI, Microsoft Learn’s 30 Day Plans are a smart way to meet all of these needs by helping you skill up quickly across fields and topics. Curated by Microsoft subject matter experts, 30 Day Plans are designed to be completed in one month or less so you can reach your learning goals sooner. Each Plan is also aligned to a Microsoft Certification exam or Microsoft Applied Skills assessment so you can prove your expertise by earning a verified Microsoft Credential.
Course SC-200T00-A: Microsoft Security Operations Analyst (1st party) [FREE]
Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender XDR and? Microsoft Defender for Cloud. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
This course provides foundational level knowledge on security, compliance, and identity concepts and related cloud-based Microsoft solutions. The audience for this course is looking to familiarize themselves with the fundamentals of security, compliance, and identity (SCI) across cloud-based and related Microsoft services. The content for this course aligns to the SC-900 exam objective domain. Candidates should be familiar with Microsoft Azure and Microsoft 365 and understand how Microsoft security, compliance, and identity solutions can span across these solution areas to provide a holistic and end-to-end solution.
Course SC-100T00-A: Microsoft Cybersecurity Architect (1st party) [FREE]
This is an advanced, expert-level course. Although not required to attend, students are strongly encouraged to have taken and passed another associate level certification in the security, compliance and identity portfolio (such as AZ-500, SC-200 or SC-300) before attending this class. This course prepares students with the expertise to design and evaluate cybersecurity strategies in the following areas: Zero Trust, Governance Risk Compliance (GRC), security operations (SecOps), and data and applications. Students will also learn how to design and architect solutions using zero trust principles and specify security requirements for cloud infrastructure in different service models (SaaS, PaaS, IaaS).
Course AZ-700T00-A: Designing and Implementing Microsoft Azure Networking Solutions (1st party) [FREE]
This course teaches Network Engineers how to design, implement, and maintain Azure networking solutions. This course covers the process of designing, implementing, and managing core Azure networking infrastructure, Hybrid Networking connections, load balancing traffic, network routing, private access to Azure services, network security and monitoring. Learn how to design and implement a secure, reliable, network infrastructure in Azure and how to establish hybrid connectivity, routing, private access to Azure services, and monitoring in Azure.
Course AZ-900T00-A: Microsoft Azure Fundamentals (1st party) [FREE]
This course will provide foundational level knowledge on cloud concepts; core Azure services; and Azure management and governance features and tools. This course is suitable for IT personnel who are just beginning to work with Azure. This audience wants to learn about our offerings and get hands-on experience with the product. This course primarily uses the Azure portal and command line interface to create resources and does not require scripting skills. Students in this course will gain confidence to take other role-based courses and certifications, such as Azure Administrator. This course combines lecture, demonstrations, and hands-on labs. This course will also help prepare someone for the AZ-900 exam.
Microsoft Security Virtual Training Days (1st party) [FREE]
Build technical skills, knowledge, and insights to protect your organization from modern cyberthreats. Explore free, in-depth training from Microsoft Learn to learn how to detect threats, help keep hybrid clouds secure, safeguard information, and manage your digital security needs.
Mastering Certificates with Microsoft Intune (3rd party) [PAID]
This three-day LIVE Online Training event will teach you how to provision and manage on-premises enterprise PKI certificates using Microsoft Intune. The class, presented by Microsoft MVP Richard Hicks, provides a comprehensive overview of certificate services and public key infrastructure (PKI). Participants will learn the importance of certificates, explore common use cases, and examine popular solutions like Active Directory Certificate Services (AD CS) and Microsoft Cloud PKI, in addition to non-Microsoft solutions. The course covers AD CS certificate templates, revocation, and security considerations. It also discusses Intune certificate deployment options and explores the choice between PKCS and SCEP. Participants will gain a solid understanding of deploying certificates using PKCS and SCEP, focusing on implementation and security best practices. Troubleshooting issues related to installation, connectivity, and certificate enrollment will also be covered.
?
Copilot and AI
As AI advances, we all have a role to play to unlock AI’s positive impact for organizations and communities around the world. That’s why we’re focused on helping customers use and build AI that is trustworthy, meaning AI that is secure, safe and private. At Microsoft, we have commitments to ensure Trustworthy AI and are building industry-leading supporting technology. Our commitments and capabilities go hand in hand to make sure our customers and developers are protected at every layer. Building on our commitments, today we are announcing new product capabilities to strengthen the security, safety and privacy of AI systems.
Using Copilot to Demo Copilot (1st party)
In today's fast-paced digital world, creating compelling demo content is essential for showcasing the capabilities of various tools and technologies. Microsoft Copilot can significantly streamline this process. In this article, we will explore how to create sample demo content using Microsoft Copilot, providing you with a step-by-step guide to make your demos more effective and engaging. We’ll explore three scenarios that make great Copilot demonstrations – Meeting Recaps, Excel, and Outlook.
The Power Automate team is committed to empowering you with the most reliable, innovative, and value-driven automation solution available. At the heart of everything we do is our core development principles: harmonious automation, trustworthy and reliable solutions, continuous process excellence, and measurable customer value. These principles guide our vision to blend the strengths of AI with human ingenuity, ensuring that every step you take in automation is supported by a solution you can trust. Today, at the Power Platform Community Conference, we are thrilled to unveil a new set of AI capabilities in Power Automate that bring this vision to life in fresh and powerful ways. Whether you’re building automation from descriptions or leveraging AI-driven decision-making in your flows, our latest features are designed to help you achieve more with less effort. All the while, they maintain the highest standards of security, transparency, and process optimization.
Learn about retention for Copilot (1st party)
Messages from Microsoft 365 Copilot and Microsoft Copilot are automatically included in the retention policy location named Teams chats and Copilot interactions because they are retained and deleted by using the same mechanisms. Users don't have to be using Teams for the retention policy to apply to Copilot. The information in this article supplements Learn about retention because it has information that's specific to Microsoft Teams messages and interactions with Copilot.
Unveiling Copilot agents built with Microsoft Copilot Studio to supercharge your business (1st party)
At Microsoft, we understand that every organization is unique, and to get the most out of AI, you will want to customize it for your business’s specific needs and processes. That’s why we’re excited to announce Copilot agents in Microsoft 365 Copilot. Whether you’re a user, developer, or IT professional, Microsoft Copilot Studio offers a comprehensive platform for creating, managing, and deploying Copilot agents.
?
Microsoft 365
Track goals in the new Microsoft Planner (1st party)
Setting goals for your plan is crucial for creating alignment within your team and among stakeholders to ensure that everyone knows what top work is most important and how it is being prioritized. Many teams find it challenging to keep everyone on the same page when it comes to goals. Misaligned priorities, lack of visibility, and difficulty in tracking progress can lead to missed deadlines and unmet objectives. The new Microsoft Planner’s Goals feature can address these challenges. With Goals in the new Microsoft Planner, you can easily set and track goals for your plan, and even link them to tasks to ensure that the work you have defined aligns with your goals.? Copilot helps you quickly add specific and measurable goals tailored to your scenario.
We are thrilled to share that, in the coming weeks, we’ll start rolling out the new Microsoft Planner for the web! We first announced the new Planner last November at Microsoft Ignite, and this past April, we launched the first version of the new Planner app in Microsoft Teams. Thank you for using the new Planner experience and sharing your helpful feedback! We’ve been hard at work addressing your top feedback, including bringing the new Planner to the web endpoint.
AMA: Live video Q&A with the Loop team (1st party) [VIDEO]
The Loop AMA (Ask Microsoft Anything) is a chance to ask open questions and provide feedback about what you’ve learned about Microsoft Loop throughout this learning series. The AMA is a 90-minute opportunity to connect live with Loop experts who will be live on video to answer your questions and listen to feedback. Note: If you are unable to attend the live AMA hour, you can ask your question at any time on the event page below in comments and the team will work to address it during the event – either on video or in direct written response in the comments; so, check back for sure.
Microsoft 365 Champions community call: The latest updates in OneDrive for work (1st party) [VIDEO]
In this session, we’ll explore the latest developments in OneDrive with the introduction of Copilot, and the enhanced File Explorer experience in Windows, focusing on how it boosts productivity and promotes flexible work. We’ll delve into how OneDrive, combined with the AI-powered capabilities of Copilot, can revolutionize your work across all of Microsoft 365. We’ll also discuss the latest enhancements in Windows File Explorer, enhancing flexibility and adaptability to work the way you prefer. Discover how these technologies are shaping the future of flexible workspaces, fostering collaboration, and driving efficiency in various work environments.
Hi, Microsoft 365 Insiders! I’m excited to share that an interpreter can now switch the translation direction between two languages in Microsoft Teams with the click of a button. This allows for more efficient real-time translation using just one interpreter, greatly simplifying the process. Live language interpretation, which can be added to non-encrypted meetings in Microsoft Teams, allows professional interpreters to translate what the speaker in the meeting says into another language in real time, without disrupting the speaker's delivery. This highly popular feature allows millions of users to access and understand important information in their native language. With bidirectional support for language interpretation in Teams, an interpreter can now switch the translation direction between two languages by selecting an indicator on their Teams screen. This new capability eliminates the need for a second interpreter or additional device when going back and forth between two languages.
Options for deploying Microsoft 365 Insider (1st party)
The Microsoft 365 Insider program offers organizations an opportunity to evaluate new Microsoft 365 Apps features before general release. As the admin, you can deploy Microsoft 365 Insider for your users. Or, you can allow users to select which Microsoft 365 Insider channel they want to use. Different deployment options are available, for Windows and Mac devices. Which option, or options, you choose depends on how you manage Microsoft 365 Apps in your organization.
As a Compliance Manager or IT administrator, it's crucial to stay up-to-date on the latest governance, data lifecycle, and compliance posture for the software solutions being used in your organization. This article details the capabilities available and not available yet for Microsoft Loop. Where Loop content is stored impacts the admin management, governance, data lifecycle, and compliance capabilities available. Microsoft Loop is built on top of SharePoint, OneDrive, and SharePoint Embedded, which means that most of these capabilities work just like existing files in your ecosystem. Because Loop pages and components are files, they can be managed in a familiar way, within your existing workflows. The table should help clarify how Loop content is stored in the Microsoft ecosystem.
?
Windows 365 and Azure Virtual Desktop
Watch as Dave Rodriguez interviews Trent Berghofer about using the Windows 365 Cloud PC platform to provide our employees with virtual loaner PCs when they need a backup machine to keep working. Rodriguez is a principal product manager on the Frictionless Devices team in Microsoft Digital, the company’s IT organization. He talks with Berghofer about using the Windows 365 Cloud PC platform to provide employees with a low-touch, personalized, secure Windows experience hosted on Microsoft Azure. “With Windows 365 Cloud PC, we’ve been able to accelerate our digital first support model for hybrid employees and deemphasize our reliance on walk up, in-person support at the on-site service locations,” says Berghofer, general manager of Field IT Management and leader of the Support team in Microsoft Digital.
GPU-enhanced Windows 365 Cloud PCs (1st party) [VIDEO]
Windows 365 Cloud PCs with GPU capabilities are revolutionizing the way businesses handle high-performance computing tasks. The addition of GPU power to Cloud PCs means faster processing times and enhanced performance for demanding applications, such as 3D rendering, video editing, and complex simulations. Tune to this episode of Windows in the Cloud to learn how GPU-enhanced Cloud PCs work, discover the latest enhancements, and much more.
Today Microsoft is excited to announce that the new VDI solution for Teams on Azure Virtual Desktops/Windows 365 environments is generally available. As explained in our previous blog, this new architecture brings the Teams’ user experience to a closer alignment between physical and virtual desktops. By introducing a new media engine (same one used by the Teams native Windows app) that is decoupled from the Remote Desktop client, and always up to date, we can introduce features faster without requiring VDI infrastructure upgrades. As part of the release activities, we wanted to provide an F.A.Q based on all the interactions we had with customers during the public preview phase, so all IT Admins can benefit from this curated summary of typical questions.
Azure Virtual Desktop supports graphics processing unit (GPU) acceleration in rendering and encoding for improved app performance and scalability using the Remote Desktop Protocol (RDP). GPU acceleration is crucial for graphics-intensive applications, such as those used by graphic designers, video editors, 3D modelers, data analysts, or visualization specialists.
?
Microsoft Defender
Cross-domain attacks remain a critical challenge for most security teams. As attackers use a combination of threat vectors to gain a foothold in an organization, visibility across critical assets becomes vital. With advanced attacks like cryptojacking and IaaS resource theft becoming increasingly prominent, it’s clear that attacks are crossing boundaries into cloud and hybrid workloads. The importance of natively integrating your XDR and cloud security insights becomes crucial when defending against these attacks. Since we integrated cloud workload alerts, signals and asset information from our industry-leading CNAPP solution, Microsoft Defender for Cloud, into Microsoft Defender XDR, we've seen its transformative impact in real-world scenarios. This integration enhances our ability to detect, investigate, and respond to sophisticated threats across hybrid and multi-cloud environments. To illustrate this, let’s explore a real scenario that showcases the power of this integration.
Microsoft Defender for Identity: the critical role of identities in automatic attack disruption (1st party)
In today's digital landscape, cyber-threats are becoming increasingly sophisticated and frequent. Advanced attacks are often multi-workload and cross-domain, requiring organizations to deploy robust security solutions to counter this complexity and protect their assets and data. Microsoft Defender XDR offers a comprehensive suite of tools designed to prevent, detect and respond to these threats. With speed and effectiveness being the two most important elements in incident response, Defender XDR tips the scale back to defenders with automatic attack disruption.
In a nutshell, it's a capability within the Azure Portal that allows you to continuously discover and map your digital attack surface to provide an external view of your online infrastructure. For any seasoned security professional, having a good understanding of company's infrastructure is absolute gold dust, but if you add in the ability to view potential attack surface routes, vulnerabilities and compliance issues, you have a security Swiss-knife at your disposal.
QR codes are gaining popularity as an easy way to access information for services and products. While QR codes are often used as convenient shortcuts, they can also be used by cybercriminals to trick users into accidentally scanning QR codes and expose themselves to risks. Understanding the dangers of QR codes, such as being redirected to fake websites or downloading malware, is crucial. Education enables users to check if QR codes are genuine, examine destination URLs, and use reliable apps for scanning. In the ongoing fight against phishing, informed end users become an important line of defense, preventing possible threats and strengthening their organization’s resilience. Recently, we have observed a new trend in phishing campaigns that leverage QR codes embedded in emails to evade detection and trick users into visiting malicious links. To help our customers defend against this emerging threat, Microsoft Defender for Office 365 has introduced several enhancements to its prevention capabilities that can detect and block QR code-based attacks. Check out this blog to learn more about QR codes and how Defender for Office 365 is protecting end users against such attacks.
SIEM Migration Update: Now Migrate with contextual depth in translations with Microsoft Sentinel! (1st party)
The process of moving from Splunk to Microsoft Sentinel via the SIEM Migration experience has been enhanced with three key additions that help customers get more context aware translations of their detections from Splunk to Sentinel. These features let customers provide more contextual details about their Splunk environment & usage to the Microsoft Sentinel SIEM Migration translation engine so it can account for them when converting the detections from SPL to KQL. Let’s talk about how these can make life easier when migrating to Microsoft Sentinel via the SIEM Migration experience.
Prepare for Upcoming Transitions in Defender for Servers (1st party) [VIDEO]
Microsoft is streamlining its Defender for Servers offering by deprecating the Log Analytics agent (MMA) in favor of a more unified and efficient approach. This transition, set to complete by summer 2024, will simplify onboarding and reduce external dependencies by integrating Microsoft Defender for Endpoint as the primary security agent. Customers will benefit from agentless scanning and enhanced security capabilities, reducing complexity and deployment friction. This shift aims to provide comprehensive protection with fewer agents, ensuring better performance and broader coverage across all environments.
Microsoft Defender for Identity: the critical role of identities in automatic attack disruption (1st party)
领英推荐
In today's digital landscape, cyber-threats are becoming increasingly sophisticated and frequent. Advanced attacks are often multi-workload and cross-domain, requiring organizations to deploy robust security solutions to counter this complexity and protect their assets and data. Microsoft Defender XDR offers a comprehensive suite of tools designed to prevent, detect and respond to these threats. With speed and effectiveness being the two most important elements in incident response, Defender XDR tips the scale back to defenders with automatic attack disruption.
On Tuesday, Sept. 10, we hosted the Windows Endpoint Security Ecosystem Summit. This forum brought together a diverse group of endpoint security vendors and government officials from the U.S. and Europe to discuss strategies for improving resiliency and protecting our mutual customers’ critical infrastructure. Although this was not a decision-making meeting, we believe in the importance of transparency and community engagement. Therefore, we’re sharing the key themes and consensus points discussed during the summit, offering insights into our initial conversations. A key consensus point at the summit was that our endpoint security vendors and our mutual customers benefit when there are options for Windows and choices in security products. It was apparent that, given the vast number of endpoint products on the market, we all share a responsibility to enhance resiliency by openly sharing information about how our products function, handle updates and manage disruptions.
?
Azure
Azure Container Storage is a cloud-based volume management, deployment, and orchestration service built natively for containers. This article shows you how to configure Azure Container Storage to use Azure managed disks as back-end storage for your Kubernetes workloads. At the end, you'll have a pod that's using Azure managed disks as its storage.
?
Server
Now in preview: Hotpatch for Windows Server 2025 (1st party)
You asked and we delivered: Standard and Datacenter edition server hotpatching - security updates without reboots - is ready for your evaluation in Windows Server 2025 Azure Arc-enabled Hotpatch public preview. This feature will be a game changer; simpler change control, shorter patch windows, easier orchestration… and you may finally get to see your family on the weekends. Hotpatches are OS security updates that don’t require a reboot. It works by patching the in-memory code of running processes without the need to restart the process.
Hi all! - Jerry Devore back again to talk more about securing LDAP.? This time I want to cover LDAP channel binding.? If you have been following this series, you already know that LDAP signing should be enforced to prevent relay and MITM attacks.? So, what is the purpose of enforcing LDAP channel binding?? Well, channel binding can be used to prevent relay and MITM attacks against LDAP.? If you don’t find that explanation helpful you are not alone.? A lot of people are struggling to understand why both are necessary.? I hope to clear things up and give you the information you need to move forward with confidence.
This fine site holds many articles about Exchange Server. Our thoughts therefore focused on the recent communication from the Exchange development team laying out their plans and recommendations for the transition to Exchange Server subscription edition (SE). There are many mentions of Exchange 2019 in the text, but the essence of the message is that those running on-premises Exchange servers need to figure out their plan to upgrade their organization to run Exchange Server subscription edition after its release in summer 2025. Licensing for Exchange Server SE follows along the same lines as Exchange 2019. Users must have an Exchange Online license or a Client Access License (CAL) purchases through Software Assurance. Free licenses will be available for Exchange Server SE hybrid servers. It will also continue to be possible to manage Exchange recipient properties on-premises with PowerShell or using the Exchange Management tools without the need for a server.
We are pleased to announce the general availability of Relayed RDP Shortpath. This enhancement allows UDP connections via relays using the Traversal Using Relays around NAT (TURN) protocol, extending the functionality of RDP Shortpath on public networks for everyone. TURN enables indirect connection by relaying traffic through an intermediate server when a direct connection is not possible. TURN is an extension of Simple Traversal Underneath NAT (STUN), with the added benefit of known public IP addresses and ports, which can be managed through firewalls and network devices. The preferred path is RDP Shortpath with STUN, which allows direct UDP connection between the client device and session host.
How to Enable or Disable IPv6 in Exchange Online (3rd party)
Starting October 16, 2024, IPv6 is enabled by default for all the domains in the Microsoft 365 tenant (Exchange Online). However, you might want to disable IPv6 for a domain or all the domains, which is only possible with PowerShell. In this article, you will learn how to enable or disable IPv6 for Exchange Online in Microsoft 365.
Microsoft deprecated WSUS — should you care? (3rd party)
Triggered by the publishing of documentation for Windows Server 2025 about features removed or no longer being developed, Microsoft published a separate post explicitly calling out one of those items: WSUS. While the Server post described it as “no longer being developed,” the separate post called that “deprecated.” Well, Microsoft explicitly stated that they weren’t removing support, so they’re just discouraging use because they want you to use something else. So practically, it doesn’t really mean anything; it’s just another example of Microsoft trying to push customers in another direction (i.e. “cloud native”). WSUS was already “no longer being developed” as it hasn’t had any significant changes in years. But it still chugs along as a key part of Microsoft Configuration Manager’s Windows updating capabilities. So which will die first, WSUS or ConfigMgr? If at some point in the future we see Microsoft working to remove the ConfigMgr software update point (SUP), then we will know. Until then, we can assume that they will both ride off into oblivion together.
?
Identity Protection and Management
As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical. In October 2024, Microsoft will begin enforcing mandatory multifactor authentication (MFA) for the Microsoft Entra admin center, Microsoft Azure portal, and the Microsoft Intune admin center. We published a Message Center post (MC862873) to all Microsoft Entra ID customers in August. We’ve included it below: Take action: Enable multifactor authentication for your tenant before October 15, 2024. Starting on or after October 15, 2024, to further increase your security, Microsoft will require admins to use multifactor authentication (MFA) when signing into the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center.
With the rise of hybrid work, identity and network security professionals are now at the forefront of protecting their organizations. Traditional network security tools fall short in meeting the integration, complexity, and scale requirements of anywhere access, leaving organizations exposed to security risks and poor user experiences. To address this, network security and identity must function as a unified force in defense. Only when identity and network controls deeply integrate into secure access, can we fully deliver on the core Zero Trust principles, where trust is never implicit and access is granted on a need-to-know and least-privileged basis across all users, devices, and applications.
A refresh token is used to obtain new access and refresh token pairs when the current access token expires. When a client acquires an access token to access a protected resource, the client also receives a refresh token. Refresh tokens are also used to acquire extra access tokens for other resources. Refresh tokens are bound to a combination of user and client, but aren't tied to a resource or tenant. A client can use a refresh token to acquire access tokens across any combination of resource and tenant where it has permission to do so. Refresh tokens are encrypted and only the Microsoft identity platform can read them.
The announcement in message center notification MC884015 (5 Sept 2024) that the Microsoft 365 admin center will implement continuous access evaluation (CAE) in September 2024 is very welcome. Microsoft implemented CAE for Exchange Online, SharePoint Online, and Teams in January 2022. Implementing CAE means that the Microsoft 365 admin center can respond to critical events that occur such as user account password changes or if a connection originates from an unexpected IP address. If an administrator account is unfortunate enough to be compromised, CAE will ensure that the credentials used to access the admin center will expire immediately after the password is changed for the account or access is revoked for the account.
Deep Dive SSO in Entra Private Access (3rd party)
A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time now and more and more proof of concepts are being launched, it is high time for me to do a blog series about it. With the addition of both UDP and DNS support to Entra Private Access, the vast majority of scenarios that VPN has been used for in the past can be covered - including Single Sign On with Kerberos. To enable a high level of user-friendliness and security, single sign-on is an important component and Global Secure Access really has a lot to offer here!
Yubikey Provisioning with Microsoft Entra ID (3rd party) [VIDEO]
Microsoft recently announced their new FIDO2 provisioning APIs within Microsoft Entra ID. While users can register their FIDO2 keys fairly easily with a Temporary Access Pass, the new API allows admins to register keys on behalf of a user. This can be extremely handy in onboarding scenarios or in case a new key needs to be shipped to a vendor or contract worker. The Microsoft APIs support every vendor of FIDO2 (passkeys), but Yubico has made some extra effort to provide a sample Python script that uses the Yubikey Manager under the hood.
?
Information Protection and Management
A question we often get is, "What should I do to secure data and protect access when an employee leaves my organization?" This article series explains how to block access to Microsoft 365 so these users can't sign in to Microsoft 365, the steps you should take to secure organization data, and how to allow other employees to access email and OneDrive data.
We like to keep an eye on the development of sensitivity labels. Understanding features like blocking access to content services to restrict access to labeled files by Copilot for Microsoft 365 help to solve problems that arise from other Microsoft 365 technologies. The latest innovation is a feature called dynamic watermarking, which is designed to prevent people from taking screenshots of sensitive documents, much like watermarking in Teams meetings is a deterrent against data leakage such as taking and sharing screenshots of information displayed on-screen during calls.
?
Intune
Use the settings catalog to configure settings on Windows, iOS/iPadOS, and macOS devices (1st party)
The settings catalog lists all the settings you can configure all in one place. This feature simplifies how you create a policy and how you see all the available settings. For example, you can use the settings catalog to create a BitLocker policy with all BitLocker settings. You can also use Microsoft Copilot in Intune. When you use the Copilot features with the settings catalog, you can use Copilot to learn more about each setting, get impact what if analysis, and find potential conflicts and summarize existing policies and get impact analysis on users and security.
Identify devices as corporate-owned (1st party)
Ensure that corporate devices are marked as corporate-owned as soon as they enroll by adding their corporate identifiers ahead of time in the Microsoft Intune admin center. The benefit of managing corporate devices is that they enable more device management capabilities than personal devices. For example, Microsoft Intune can collect full phone number and app inventory from a corporate device, but can only collect partial phone number and app inventory for personal devices. To add corporate identifiers to Microsoft Intune, you can upload a file of corporate identifiers in the admin center or enter each identifier separately. It isn't necessary to add corporate identifiers for all deployments. During enrollment, Intune automatically assigns corporate-owned status to devices that join to Microsoft Entra.
Microsoft Intune support for Apple Intelligence (1st party)
Apple recently announced new ways for users to generate content that are collectively labeled Apple Intelligence (AI). You can learn more about these capabilities based on the documentation Apple has shared via Appleseed for IT and their Device Management Client Schema on GitHub. We’re excited to share that Microsoft Intune’s mobile device management (MDM) and mobile app management (MAM) controls are now updated to allow you to configure availability of these new capabilities. As detailed below, when Apple Intelligence features are released in iOS 18.1, iPadOS 18.1 and macOS Sequoia 15.1, Intune will allow you to customize usage for your environment. Our ongoing goal is to enable you to balance productivity and security in your environment by making sure the right policy controls are available regardless of your deployment model.
Remediations on demand is an extremely powerful tool for managing our Intune managed devices. One of the biggest differences compared to how we managed Windows Devices on premises was that we could always connect to them using WinRm for example and solve problems. In the Zero-trust world there is no such possibility, many are working from home and then Remote Control is the way to help them. However, this is both expensive and time-consuming both for IT and for the end-user as it takes up their time. Remediations on demand is a great tool to try to solve issues without remote controlling the device. This is something that is important to train ServiceDesk and to use Scope tags to control which scripts they can run on the device. Scope tags are not used enough in my opinion.
How To Secure BYOD Devices Using Conditional Access? (3rd party) [VIDEO]
This video dives into how to use Conditional Access in Microsoft 365 to mitigate security risks associated with Bring Your Own Device (BYoD) scenarios. What you'll learn: the security risks of BYoD with Microsoft 365 (downloading OneDrive/SharePoint content, etc.), how Conditional Access policies can be used to address these risks, a step-by-step walkthrough of configuring Conditional Access policies for BYoD on desktops (Windows, Mac, Linux), and differentiating policy settings for desktop apps vs. web apps.
Greetings, fellow IT admins! Repackaging setup files and editing your Win32 app again can be tedious and time-consuming. Thankfully, I bring you good news! There is a way to deploy a Win32 app and have it always install the latest version of the app on the computer. To achieve this, we will deploy a PowerShell script as a Win32 app. This script will grab the latest version from the vendor’s site, download it, and then install it on the end computer. IT admins will not have to repackage the same app over and over again, edit their Win32 apps with every patch, and all your new devices/users will always get the latest version of the application.
?
Device Management
KB5043950: Windows 11, version 24H2 support (1st party)
Enterprise Impacting: New Windows 11, version 24H2 devices that are intended to be onboarded to Microsoft Defender for Endpoint might require customers to enable the prerequisite feature. This affects all supported architectures. IT admins might observe devices not being able to be onboarded to the Defender for Endpoint cloud service, and not receiving the expected protection as a result, even if Intune is expected to execute the onboarding sequence by applying an endpoint detection and response (EDR) policy. Intune will also display an error as it is unable to successfully apply the policy. Users may also not be able to connect to corporate resources if a Conditional Access policy is configured to require Defender for Endpoint being enabled and actively reporting in. Compliance status is visible in the Microsoft Intune device compliance dashboard.
Microsoft Edge management service (1st party)
The Microsoft Edge management service is a platform in the Microsoft 365 admin center that enables admins to easily configure Microsoft Edge browser settings for their organization. These configurations are stored in the cloud and the settings can be applied to a user's browser through group assignment or group policy. Users must be logged into Microsoft Edge to retrieve these settings.
Secure-by-default with Windows 11: why wait? - Tackling Tech (1st party) [VIDEO]
See what Windows MVPs find exciting about Windows 11 and gain insights on the adoption process. In this episode of Tackling Tech, Johan Arwidmark and Gianni Castaldi cover some of the challenges and how to overcome them like the hardware that needs to be configured to support Windows 11. They’ll also discuss the security enhancements, how Windows Autopatch can help, and a look into Security Copilot.
How complicated is OOBE? (3rd party)
A long time ago, the original marketing materials for Windows Autopilot (before it had a name) were created by the engineers working on the product. It pitched Autopilot as a way to simplifying the out-of-box experience (OOBE) for Windows, even though it was Microsoft that made OOBE so complicated in the first place. Obviously that positioning was modified to something that wasn’t quite so cynical. But how complicated is OOBE anyway? To get a rough idea, the diagram below shows all the “nodes” in the OOBE navigation process. This was created from the “navigation.json” file from Windows 11 24H2, which you can find at “C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\data\prod\navigation.json.” The “main” flow through OOBE is “FRXINCLUSIVE.” Each defined node specifies what the “next” node should be in the case of success; the diagram below shows that “success” flow, starting from the “StartSelector” node at the bottom center and working all the way through.
The Men who stare at the AppLocker event log (3rd party)
In this blog, we’ll delve into the curious interplay between AppLocker, MSI installers, Intune, and event logs. We’ll explore how to configure and monitor AppLocker policies, the limitations imposed by Intune, and what to expect from your event logs when blocking applications. Let’s get started!
?
Scripting and Automation
Practical PowerShell: Output and Logging (3rd party)
In this installment of the Practical PowerShell series, I want to touch on an essential subject: output and logging. In previous articles, I discussed topics such as managing code flow and error handling. In addition to taking measures to anticipate the success (or failure) of actions, you should also consider if and how you want to make the results known to the person running the code, and if and how you want to keep them informed about how things are progressing. In addition, when you have a script that manipulates data or performs configuration changes, you might want to record those actions. After all, output to the console is volatile and might not even be seen when running scripts as part of a headless Azure Function or Runbook. And even if you don’t want to see the output, perhaps a customer might be interested in this kind of report.
PowerShell is a great tool for administrators to manage devices and servers in their environment. When using it to administer remote systems with PSRemoting, you don’t leave credentials behind on the target systems – as opposed to RDP with which your credentials would be stored in the Local Security Authority (LSA). This provides many security benefits and helps prevent Pass-The-Hash attacks and other credential theft scenarios. Since it is a preinstalled tool, adversaries have been known to use PowerShell to attack organizations. Companies that have set up a robust PowerShell configuration and monitoring have a clear advantage against those adversaries! Thanks to PowerShell’s numerous built-in security and monitoring features, it is easy to detect and disrupt adversaries.
Win32 app State Messages Demystified (3rd party)
In this post we will do some digging on Win32 app state messages and look at the compliance state and enforcement state messages stored in the local registry for win32 app policies processed by the client. We will also take the state values and convert them into a readable format to help you understand if a Win32 app was processed successfully.
At Patch My PC (PMPC), ensuring seamless app deployment is a priority. During a recent Win32App deployment via Intune, a detection script failure highlighted the role of Constrained Language Mode (CLM) in restricting certain script executions. This post dives into how CLM can impact the Intune Custom detection scripts and how to manage it using AppLocker.
?
Security Tools and Guides
Bret Arsenault, Microsoft's chief information security officer (CISO), who's been at Microsoft for 31 years, says he's only ever been publicly cheered once at the company: that was when he killed off Microsoft's internal policy of changing passwords every 71 days. "That's the first time I've been applauded as a security person and executive," Arsenault tells ZDNet. "We said we're turning off password rotation within Microsoft, because we had eliminated that part of it." As Microsoft's CISO, Arsenault is responsible for protecting both Microsoft products and its internal networks used by its 160,000 employees. After adding vendors into the mix, he's responsible for about 240,000 accounts globally. And getting rid of passwords and replacing them with better options like multi-factor authentication (MFA) is high on his to-do list.
We’re excited to announce the Microsoft Incident Response Ninja Hub. This page includes a compilation of guides and resources that the Microsoft Incident Response team has developed on threat hunting, case studies, incident response guides, and more. Many of these pieces were also developed in collaboration with Microsoft’s partners across Microsoft Security, providing a unique view into how the Microsoft Security ecosystem leans on cross-team collaboration to protect our customers.
Ever since 2004, the payment card industry has required merchants who accept credit card payments to adhere to the Payment Card Industry Data Security Standards (PCI DSS, often shortened to PCI). This requirement doesn’t just apply to merchants, but is applicable to any organization that stores, or processes credit or debit card information or who processes accepts credit or debit card payments. Unfortunately, PCI compliance is not a one-time endeavor.
Practical Protection: Imposing Cost (3rd party)
There’s an old chestnut in the security world: if you make yourself a hard enough target, in many cases an attacker will go find an easier target and leave you alone. Plants with thorns, critters with spines or spikes, and trees that secrete toxins all embody this principle: making an attacker pay a price for every attack will both stop but also deter attacks. Of course, trees, critters, and plants don’t have to deal with criminal gangs or nation-states, so this principle doesn’t hold universally—but it’s pretty much true for cybersecurity. Let’s see what “imposing cost” means to the Microsoft 365 administrator.
Security Operations Centers (SOCs) play a critical role in defending against cyber threats. They monitor, detect, investigate, and respond to security incidents around the clock. To understand their effectiveness, metrics like Mean Time to Detect (MTTD), Mean Time to Respond (MTTR), and Mean Time to Investigate (MTTI) have long been essential. However, as cybersecurity automation continues to advance, there's a need for a more complete metric: Mean Time to Conclusion (MTTC).
?
Microsoft News
Securing our future: September 2024 progress update on Microsoft’s Secure Future Initiative (SFI) (1st party)
In November 2023, we introduced the Secure Future Initiative (SFI) to advance cybersecurity protection for Microsoft, our customers, and the industry. In May 2024, we expanded the initiative to focus on six key security pillars, incorporating industry feedback and our own insights. Since the initiative began, we’ve dedicated the equivalent of 34,000 full-time engineers to SFI—making it the largest cybersecurity engineering effort in history. And now, we’re sharing key updates and milestones from the first SFI Progress Report.
During his keynote at the Microsoft AI Tour 2024 in Mexico City, Chairman and CEO Satya Nadella announced that Microsoft Corporation is reaffirming its commitment to the country. He revealed a new investment of $1.3 billion over the next three years to enhance AI infrastructure and initiatives aimed at promoting digital and AI skills. This includes the Artificial Intelligence National Skills program, which aims to democratize access to AI skills and reach 5 million people. The investment will also work on improving connectivity and encouraging AI adoption by small and medium-sized businesses to accelerate their digital transformation and business operations within the country. Microsoft reaches its 38-years presence in Mexico seizing a pivotal moment of opportunity driven by technology and artificial intelligence. With a long-standing commitment to the nation and recognizing AI’s role as a catalyst for social and economic growth, Microsoft is expanding its AI infrastructure in Mexico. This involves a significant investment to increase local computing capacity and encourage innovation.
Federal civilian agencies across the U.S. government have until the end of the month to fix four key issues in Microsoft products after they were made public on Tuesday. The Cybersecurity and Infrastructure Security Agency (CISA) said the four vulnerabilities affect widely used Microsoft tools and are already being exploited by hackers. The four bugs — CVE-2024-38226, CVE-2024-43491, CVE-2024-38014 and CVE-2024-38217 — were part of the 79 vulnerabilities included in the monthly security release from Microsoft.
?
Security News
Cambodian scam giant handled $49 billion in crypto transactions since 2021, researchers say (3rd party)
A notorious online marketplace allegedly tied to cyber scam operations and linked to the family ruling Cambodia has processed more than $49 billion in cryptocurrency transactions since 2021, according to a new report. Blockchain analysis firm Chainalysis published its mid-year crypto crime update on Thursday and spotlighted Huione Guarantee, an online marketplace tied to the Cambodian conglomerate Huione Group. In July, blockchain security firm Elliptic exposed the platform as a key player in the now industrial-scale pig-butchering economy — serving as a “guarantor or escrow provider for all transactions.”
Sensitive information belonging to 3.1 million people across several states was breached during the cybercriminal campaign last year that targeted the popular MOVEit file transfer service. The Centers for Medicare & Medicaid Services (CMS) — the federal agency that manages the Medicare program — and the Wisconsin Physicians Service Insurance Corporation (WPS) said on Friday that they have begun notifying people whose personal information leaked after hackers exploited a vulnerability in the MOVEit software. According to the release, 946,801 people are being sent notices explaining that their names, Social Security numbers, birthdays, addresses, Medicare account numbers, health insurance information and more were leaked.
?
Industry Specific News
Healthcare – Microsoft warns US healthcare of threat actor using new ransomware (3rd party)
Vanilla Tempest, a ransomware group also known as Vice Society, has been seen deploying the INC ransomware strain for the first time to target the American healthcare sector. This is according to cybersecurity researchers from Microsoft, who recently detailed their newest findings in an X thread. In the thread, the company said Vanilla Tempest first receives hands-off from Gootloader infections by Storm-0494, before deploying different malware and software, including Supper, AnyDesk, MEGA, and others.
Helping SMEs automate and scale their operations with seamless tools, while sharing my journey in system automation and entrepreneurship
1 个月Embracing challenges head-on is crucial for growth and progress. It's inspiring to see your commitment to resilience and adaptability in the face of obstacles! ??