Why you should be using Azure Identity Protection

Why?

The move from traditional on-premises IT solutions to cloud services has seen a dramatic change in the way that systems are managed and controlled. The access to services from any location and using any device means that a lot of the traditional management methods are not feasible.

Identity (not the firewall) is the modern control pane. Your user identity (and how ever its protected) is typically the key to your applications, devices and data within the modern workplace so keeping it safe should be paramount.

The UK National Security Agency, any reputable security company or agency will advise you not to use the same password in multiple places, to make it complex, and to not make it simple like Password123 or Comanyname2019 for example.

What is Azure Identity Protection?

Aslong as your organisation uses Microsoft Azure AD – which it will if you use Office 365 (and have Azure AD Premium P1 or P2), Microsoft provides a nifty service (known as Azure Active Directory Identity Protection) that can go a long way in helping organisations guarantee that their users are follow industry (and your) security guidance and that they aren’t using common passwords or passwords that are known to be included in recent data attacks and breaches.

In addition to the automatic protection provided by Microsoft’s Threat Intelligent, Azure Identity Protection also allows you to manually specify up to 1,000 custom passwords. I’d strongly recommend adding (or using) the top 1,000 common passwords which is available on GitHub as a starter and then adding your own organisation’s name, and any common terms used in your company or industry to the list.

If you haven’t used the service before, you can run this in “Audit” mode to allow you to review the number of “hits” against the new policy before enforcing it. Once enforced, when any user tries to set/reset their password, their password is “scored” based on a combination of risks including use of known and common /custom passwords or known breach credential/password. 

How are passwords evaluated?

Whenever a user changes or resets their password, the new password is checked for strength and complexity by validating it against both the global and the custom banned password list (if the latter is configured).

Even if a user’s password contains a banned password, the password may still be accepted if the overall password is strong enough otherwise. A newly configured password will go through the following steps to assess its overall strength to determine if it should be accepted or rejected.

An invalid password reset attempt which is poorly scored as secured, will be rejected and the user will receive an error message similar to the below:

Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password.”

Reviewing the effectiveness

As well as users being informed (and prevented) to setting a password that is “banned”, admins can also see this activity in the Security Logs.

Read more from Microsoft

Microsoft provides a lot more detail and examples on how this works here:

What are Flow and Power Apps all about ?

I was in a client meeting earlier today and we were talking about process automation, their journey to Microsoft 365 and shifting workloads from on-premise to cloud. During the meeting, the words “Microsoft Flow”, Microsoft PowerApps and “Power Platform” came up a handful of times until one of my customers said “Sorry, don’t mean to sound dumb, but what is Flow and PowerApps?”

Now then…I am not an expert in either of these (well yet anyway), but I have been playing around with these for a little while and just wanted to summarise (in-case there are others that simply don’t know) what these are and why you might/should care.

In Summary, Microsoft’s PowerPlatform is made up of a handful of core services, including Flow, PowerApps, Power BI and Dynamics 365

Microsoft Flow

Microsoft Flow is a cloud based services that can helps you (yes the user not just admins) automate almost any process. Flow is accessed from the Office 365 App Launcher and it does indeed look and feel like it is part of Microsoft Office 365 but actually it is more part of the Business Apps products group and more aligned, in essence to more to Power BI and Dynamics 365.

With Microsoft Flow you can easily build a set of steps that link together to form a process (a bit like If this then that) that start when a certain event happens or is trigger. These events can be a scheduled time, the update or creation of data (for example a file, record or an email) or they can be triggered manually (there’s even Flow buttons you can create). .

All the processes developed in Microsoft Flow use a browser based Flow Designer tool and enable users to create Flows without the need to do any coding (though you can so think “No or Low Code”.

There are loads (hundreds in fact) of template Flows to get you started and i was amazed how quickly it was to set-up a simple “trigger” flow that would detect an email containing a simple string (from a particular sender), send me an alert and add the email body to a Microsoft OneNote page.

Example Flow

I’m not going to go in to “how to create and use” Flows here as the links below will help get you started quickly…definitely worth a play around with one lunchtime!

Power Apps

PowerApps is also part of this “No or Low Code” Power Platform and really they shouldn’t be seen as separate products since they tie in and work really well together.

PowerApps essentially helps people create the interface into the business processes (Flow) that they would like to implement. PowerApps are often used by organisations to replace paper based processes – its similar in nature, if you are familiar with the kinds of apps and forms that Lotus Notes used to offer….

Who’s experts in this space.

There are quite a few dedicated Microsoft Partners in this space, but a couple of good sites and references to learn more (ones i am using anyway) are listed below

Citrix VDI support for Microsoft Teams is just weeks away

At the Citrix Synergy event yesterday, Citrix announced the long anticipated optimization pack for Microsoft Teams for both the Citrix Virtual Apps and Desktops.

This long awaiting announcement builds upon the previous Citrix HDX Realtime Optimization Pack for Skype for Business that has been used by nearly three quarters of a million users according to Citrix to achieve a native-like experience for Skype for Business within their virtual environments.

The diagram below, from Citrix illustrates the high level technical architecture of how this works.

As with the Skype for Business version,  customers will get what is promised to be a fully native, fully featured Microsoft Teams experience within their Citrix Virtual Applications and Desktops. This wont just support the chat and collaborative features within Teams but will support the full HD voice, video and content sharing features.  Citrix said that the upcoming update to the the Citrix Workspace app has a “built-in multi-platform HDX Media Engine that ensures optimized device and media handling, with audio, video, and screen sharing offloaded to the users device”.

Click here to watch a video of the experience

When will it be released?

This is currently in technical preview and Citrix have said that it should be released fully in the next couple of weeks. and will be shipped inline with an updated Citrix Virtual Apps and Desktops release.

Citrix have also said that once on the new version, they will need to deploy the VDI ready version of the Microsoft Teams client – no announcement was made when this version/update was expected however.

You can read the full announcement from Citrix here:

New WannaCry-type exploit threatens XP, Server 2003 and Windows 7… What do you need to do?

Microsoft has started warning users of older versions of Windows desktop and Sever to urgently apply a Windows Update today to protect against a potential widespread attack similar to the infamous WannaCry attack.

“Windows 7 users are still vast.. Make sure you are patched..”

Microsoft have yet again issues patched to close the critical remote code execution vulnerability that can be exploited in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions including Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.

Microsoft seems to be continually “doing the right thing” of still releasing critical patches for Windows XP and Windows Server 2003 even though both operating systems have been out of support for some time.

Anyone still running Windows XP, (yes I know) will need to manually download the update from Microsoft’s website.

As you know Windows 7 reaches end of extended support in just 7 months. #Windows10 offers more than 30 odd significant advances in security and OS hardening compared to its older siblings and whilst many organisations are rapidly migrating to #Windows10 there are still many organisations that have not.

Microsoft did announce yesterday extended support for Windows10E5 subscribers for another 12 months as a benefit to their “commitment” to move to Windows 10.

Microsoft announces Windows 7 Extended Security Updates for Windows E5 customers.

As most people know, Windows 7 is going out of support January 14, 2020. Whilst there are now (according to Microsoft, 850 Million devices running Windows 10), and many many more organisations plans to have done so by the end of this year, Microsoft have yet again proven that they are listening to what their customers need and want and (subject to a number of conditions), have introduced Windows 7 Extended Security Updates (ESU) for customers that are invested in Windows 10 but just “need a little more time to migrate”.

Yesterday, Microsoft announced a new “promotion” as they are calling it for Windows E5 and Microsoft 365 E5 to address this.

As of the 1st June customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security (as of December 31, 2019) will get Windows 7 Extended Security Updates for 1 Year as a “free” benefit.

With this limited-time “promotion”, organisations will have more time and options to continue receiving Windows 7 security updates after end of support the official support cycle in Jan 2020..

What happens after this extended date?

After this date – the charges previously communicated take effect. It is worth noting that this benefit only applies to customers using the advanced SKUs  – this means users on Windows Pro, Windows E3 or Microsoft E3 for example will NOT get the extra benefit. 

Uploaded image: No description set. W7 ESU.jpg

Information verified via Microsoft.

Skype for Business Online Plan 2 being retired – what you need to know?

Microsoft have recently announced that after July 1st 2019, organisations will no longer be able to purchase Skype for Business Online Plan 2 as a standalone license and customers actively using it will not be able to renew it once their renewal time occurs.  Customers who have access to Skype for Business Plan 2 on one of the Office 365 suites (Office 365 E3 for example) will not be affected by this change as its still included.

Oh Sh*t – what are my options?

As I said above, those who have access to Skype for Business Plan 2 on one of the Microsoft 365 or Office 365 suites will not be affected by this change.

Advice from Microsoft is that organisations that are currently using Skype for Business Online Plan 2 standalone should consider moving these users to Microsoft 365 or Office 365 subscription which will provide access to Skype for Business Online Plan 2, but also of course Microsoft Teams, their primary (and now preferred) client for messaging, meeting and calls in Office 365.

But I still need Skype for Business Online!

Any organisation that wants/needs to continue using Skype for Business Plan 2, (i.e., they are not using Teams) can do so by moving to one the following subscriptions:

  • Office 365 Business Essentials, Office 365 Business Premium
  • Office 365 Enterprise E1, E3 and E5
  • Microsoft 365 Enterprise E1, E3, E5

Since Microsoft Teams is included in these subscriptions, organisations using Skype for Business Online standalone today will have the ability to also use Microsoft Teams with no additonal license. 

What about my Meeting Rooms?

Many organisation have been using Skype for Business Online Plan 2 (along with other standalone licenses such as Exchange Online) to licence their room systems (in order to add the Microsoft Phone System License) to which they can attach Conference and Calling Plans), rather than buying a the “more expensive” Office 365 E3 or E5 licence which includes features not needed by a room system.

Microsoft now have a specific Microsoft Meeting Room licence for room systems which is available for around £11.50 per room per month.

 

What about common area phones?

Yep – the Common Area Phone License will give you the Skype for Business/Teams capabilities and Phone System licenses, so this is for a basic phone like a Polycom VVX in a common area (like a conference room). This is available for around £6.00 per phone per month.

Worth nothing that with the Meeting Room license however you do you get more stuff: Teams, Skype for Business, Phone System, Audio Conferencing and Intune (so you can manage your rooms systems). You also get the ability to set-up a room mailbox without the need to buy an Exchange License where as you of course dont need this for just a common area phone. 

Longer Term

Longer term, we expect Microsoft to completely retire Skype for Business Online as it becomes and is replaced by Microsoft Teams.

How to do the things you used to do in Skype..in MicrosoftTeams

As I have the pleasure of working with more and more organisations on the adoption and deployment of Microsoft Teams (and in many cases the migration from Skype for Business to Teams), it’s easy to get carried away with all the new exciting things you can do. We often get asked by users (through the user adoption/training process), “How do I do all the normal things I used to do in Skype…but in Teams”.  This post hopefully summarises the how!

To be honest I don’t use Skype for Business anymore (as my organisation has shifted to Teams), but the things I used to do daily (and still do in Teams) were chat (one2one and group chat), organising my contacts by grouping people, making and receiving calls (including PSTN), joining meetings/conferences, checking if someone is “online” and setting my “status”.

Chat

Chat is a high part of Microsoft Teams and there isn’t anything massivley different from a features perespective except that in Microsoft Teamsm the chat is “persistent” – which means it stays in Teams making messaging much more reliable and consistent between platforms and no more “this user is offline and can’t be delivered” rubbish.

Chat can be one to one or group chat. You can rename a chat, add or remove participants and even edit messages.

 

Organising contacts by groups

A common way of organising your contacts in Skype for Business is to simply group them.

In Teams, in order to find your contacts and groups, you open the chat tab in the left side navigation, Recent will usually open by default and is where you will find all your recent conversations.

To make it more like Skype for Business though, click on Contacts.

In Microsoft Teams you see you have a “favourites” group as you did in Skype for Business and by clicking “Create a new contact group” you can create all the groups you need.

Something missing in Microsoft Teams (at the moment) is the ability to drag-and-drop contacts between different groups which is a bit of pain. However one of the things I do really like about Microsoft is the fact that they care about their users and users can quickly suggest or vote of changes and improvements they want via their UserVoice forums for feedback. 

Make a call

Making a call in Microsoft Teams is essentially the same “workflow” as in Skype for Business. The easiest way is to open the chat/team you want to make the call from.

In a chat you click the phone or camera (dependent if you want to make the call an audio only or video call) located in the right corner. There you also have the option to share your screen. 

Making a call in a team channel

Within a team, calling looks a little different (but should still be familiar). Here, you can open the channel (within the Team) you want to call from. Here you will see in the panel where you write messages and there is an icon in the shape of a video camera. Simply click this to “video call” the channel (yes you can turn off your camera if you like!)

Since the channel usually has more members then a chat you will get the option to give your call a name/subject and also to schedule a meeting instead.  You also (if enabled by the admin) have the ability to record and transcribe the call too – which includes the audio, video, any notes taken, content shared etc. The main advantage of Skype for Business is still is recorded centrally (on Stream actually) rather than locally on the PC.

Join a meeting

Within Teams you can see all you meetings in Microsoft Teams and it is relatively clear if the meeting is a Skype meeting, Teams meeting or just a “regular” face-to-face meeting – I know right!!

If it’s a Teams meeting, you’ll from the screenshot below, its easy to quickly chat to partcipants or simply join the meeting with a click. For phone die hard fans or those not on teams, there is a also an Audio Dial-in section below the meeting invite.

A point to note, while you can join a Skype for Business meeting from Microsoft Teams  – it actually just launches legacy Skype for Business and runs the meeting from there….

Its’ a bit yukky i know!

Check someone’s availability 

When I was a Skype for Business user, I used the check people’s statuses loads and used to tag people for status changes (stalker mode as it was called).  I must admit, whilst this functionality actually does exist in Teams, I dont tend to use it very much since with persistent chat, I am more confident in people getting my messages (and hopefully replying). 

However, if you do like to know if and when people are free, you will see their “status” in front of their name. If you hover over their name, you can also see if they added any message and when they latest where online.

If a person is busy/offline you can follow a person’s status and get notified when they appear Available or Offline – easiest it to click … on the person you’re interested in and click Notify when availible.

Status settings in Microsoft Teams

Your status will follow the status from your calendar, but if you want to update your status manually you click your portrait /picture in the top right corner of the Teams Client

From here you can change your status (or reset it) and also set a status message if you want to like the What’s happening today? from Skype for Business.

You can also have the status message time-out/reset after a period of time (which is nice as Skype didn’t do this).

 

 

 

That’s it – all the key functions you use in Skype…but in Teams! 


Of course there is loads more that Teams does outside of basic messaging and calling which is not covered here such as bots, content collaboration and tabs…. 

Anyway…..hope you found this useful.

 

Credit goes to @amandassterner for the idea on this.

Windows 10 is getting a full Linux kernel later this year.

At Microsoft Build this year, Microsoft annouced another bold move in embracing it s once enemy/competition Linux by announcing plans for a full Linux kernel to be rolled into Windows 10 later this year

Microsoft have been embracing Linux users for a several years now, with the Bash Shell incorporated into Windows 10 and the most recent public build, Linux instances were enabled to access Windows files directly.

That was only the beginning it seems

“Beginning with Windows Insiders builds this Summer, we will include an in-house custom-built Linux kernel to underpin the newest version of the Windows Subsystem for Linux (WSL),” Microsoft announced at Build.

“This marks the first time that the Linux kernel will be included as a component in Windows. This is an exciting day for all of us on the Linux team at Microsoft and we are thrilled to be able to tell you a little bit about it.”

“The kernel itself will initially be based on version 4.19, the latest long-term stable release of Linux. The kernel will be rebased at the designation of new long-term stable releases to ensure that the WSL kernel always has the latest Linux goodness.”

Microsoft has confirmed that there are a few patches that have been added to the kernel which are designed to reduce memory footprint and speed up launch times. This is a good example of Microsoft contributing heavily to a very open-source product rather than just consuming and adopting technology from others.

Canonical was the first to announce that they will be supporting the new kernel for Ubuntu. Stephan Fabel, Director of Product at Canonical, annouced that “Extending enterprise support for Ubuntu from Azure to Windows workstations and servers created a seamless operating environment for Ubuntu in the Microsoft environment,”.

“Our Collaboration with Microsoft enables us to certify Ubuntu on WSL, including Docker containers, Kubernetes, and snaps”.

Coming when?

The Linux kernel is set to roll out with the 19H2 update to Windows-as-a-Service, due in the autumn 2019.

Microsoft announces ‘Fluid Communication Experiences’ coming soon to Office 365

This week at Build (Microsoft’s annual developer conference), Microsoft announced the “Fluid Framework” a new software development kit (SDK) designed to help developers build faster and more flexibly distributed apps that will fundamentally change the way people think about document and collaborative editing and will help keep it ahead of the competition.

What is it?

In short, Fluid is a framework for building collaborative editing experiences.

Unlike the current Co auhtorsing capabilities of Office Online and Office Pro Plus though, since Fluid Framework can can be integrated across applications, that also means that users will be able to, for example, create and edit a document in an app such as Word and then share just an abstract or element of that document, say a table, in Microsoft Teams (or even a third-party application that supports Fluid Framework. All of the changes to the element sync in real time as a full document would in Office 365.

In one of the build demos, Microsoft’s demoed users could use formulas to calculate a cell in a spreadsheet inside the text document to calculate a number that is then automatically updated.

In another example Microsoft demoed how a document can be created and shared and then automatically translated in real-time to a variety of languages, while still allowing everybody to edit it in their own language.

Whilst in another demo, and element of a word document was inserted into Teams for review and edit without the actual document being uploaded or shared.

A Microsoft First?

Not in a tradional sense… but Microsoft has said that it’s Fluid Framework will sync faster than anything else currently on the market today whilst also providing developers the tools to deconstruct and reconstruct documents into different modular components so that they can then be integrated into different applications.

Microsoft PR head honcho Frank X. Shaw described the Fluid Framework as a way to “break down the barriers of the traditional document as we know it, and usher in the beginning of the free-flowing canvas.”

The Fluid Framework isn’t just about collaborative editing but it’s really a rethinking of how modern documents should work.

Microsoft already plans to integrate Fluid into some of its Office 365 applications later this year.