Cisco has released an updated version of their SD-WAN software which now supports the optimal routing of Microsoft SaaS apps including Microsoft SharePoint, OneDrive, and Teams on their SD-WAN. Cisco’s Vipella SD-WAN solution is the first SD-WAN solution to be certified for this.
Note: At time of writing, this feature applies to Cisco’s Viptela SD-WAN solution and is not currently supported in the Cisco Meraki SD-WAN portfolio. This may change.
With this update to the Cloud OnRamp feature, Cisco SD-WAN “further integrates Cisco’s support for Microsoft’s Informed Network Routing technology that lets organisations share Microsoft 365 app feedback telemetry with networking vendors and to receive network link telemetry from them”, according to Jeevan Sharma, Manager, Product Management, Enterprise Cloud & SD-WAN group at Cisco in a blog about the enhancements.
Known as Cloud OnRamp for Microsoft 365, it uses “proactive and continuous link probing to assess the best performing path at any point in time. It also allows network admin to utilize Microsoft URL categories granularity for categorizing the Microsoft 365 apps into Optimize, Allow and Default categories, while active link probing makes sure that the best performing path is always selected”.
How it works
This latest update to Cisco’s SD-WAN software, which continually monitors and controls the connectivity, management, and services between data users (remote or office based) and cloud and data centre services, now includes support for more Microsoft SaaS applications specifically SharePoint (and OneDrive) and Microsoft Teams.
Cisco SD-WAN customers can leverage Cisco’s Cloud OnRamp to intelligently route Microsoft 365 traffic, to provide the fastest, most secure, and most reliable end-user experience. This is done by ensuring that all connectivity paths to Microsoft 365 from each WAN / Internet connection at the branch, office, regional hub and/or data center is monitored continuously for performance, and application traffic is then dynamically routed to the best-performing path without requiring human intervention. Cisco Cloud OnRamp also provides real-time and historical visibility into SaaS application performance.
“I am excited to announce that the integration between Cisco SD-WAN and Microsoft Informed Network Routing now includes support for Microsoft Teams and SharePoint app telemetry. This update will help us deliver an improved end-user experience through enhanced cloud connectivity. The partnership between Microsoft 365 and Cisco SD-WAN further enhances your Microsoft Teams and SharePoint experience by optimizing routing and path selection beyond traditional network telemetry probes”
Jeff Mealiffe | Principal Architect | Microsoft 365 Core Networking | Cisco
Microsoft and Cisco Partnership
Cisco SD-WAN is Microsoft Network Partner Program (NPP) certified and is also a Microsoft 365 networking partner. As part of this program, Cisco SD-WAN aligns with the Microsoft’s Connectivity Principles aimed at helping Microsoft 365 customers achieve optimal end-user experience.
What is SD-WAN?
SD-WAN technology is available from leading network and vendors such as Cisco, Palo Alto etc, and typically include routers and switches or virtualised customer-premises equipment (vCPE). They run together using a connected software stack that handles things like policy, security, networking functions, and other management and security functions.
Cisco SD-WAN technology enables enterprises to build a scalable and carrier-neutral WAN infrastructure, allowing them to reduce WAN transport costs and network operational expenses. Cisco SD-WAN enables IT to apply business-centric, application-aware, and differentiated routing policies – providing end users at the remote offices, branch direct connectivity to performance-intensive trusted app, such as Microsoft 365, while routing generic Internet traffic via SWGs, CASBs, or the customer’s VPN connected data center.
Microsoft has launched their first Cyber Signals, a new quarterly cyber intelligence brief that highlights the latest cyber security threats, tactics, and strategies and is aimed at Chief Information Security Officers, Chief Information Officers, Chief Privacy Officers and other senior security opps teams.
Microsoft Cyber Signals Report
The brief is built using Microsoft’s extensive threat and data and research which leverages insights from more than 24 million security signals as well as intelligence data mined from the monitoring of 40 nation-state groups and over 140 threat groups. Microsoft has focused the first edition specifically on identity, which they believes is “the battleground for security” and the biggest weakest link in most organisations security posture.
In the briefing, Microsoft state that “Our identities are made up of everything we say and do in our lives, recorded as data that spans across a sea of apps and services. While this delivers great utility, if we don’t maintain good security hygiene our identities are at risk. And over the last year, we have seen identity become the battleground for security.“
Perhaps the biggest point raised in this Cyber Signals report is the worrying low adoption of strong identity authentication across organisations. This includes multifactor authentication (MFA) which are proven to reduce the risk of compromised identity by 99.9%.
Here are they key highlights from the report.
Only 22% of customers using Microsoft Azure Active Directory (Azure AD), Microsoft’s Cloud Identity Solution, have implemented strong identity authentication protection as of December 2021.
Microsoft Defender for Endpoint blocked more than 9.6 billion malware threats targetting enterprise and consumer customer devices
From January 2021 through December 2021, Microsoft blocked more than 25.6 billion Azure AD brute force authentication attacks and intercepted 35.7 billion phishing emails with Microsoft Defender for Office 365.
The full brief also examines how nation-states are using spear phishing attacks and targeted social engineering to obtain passwords and other sensitive data. It also details the latest Ransomware attack trends and how they are being along with guidance and recommendations for how to stop the attacks.
“Microsoft ended 2021 with 71 billion cyberattacks blocked.”
Microsoft Cyber Signals
Much of the research explained by leading security chiefs including Christopher Glyer – the principal threat intelligence lead at the Microsoft Threat Intelligence Center which employs nearly 4,000 security experts and threat hunters.
As of today (14th Jan 2022) Microsoft Defender for Endpoint Plan 1 is now included within Microsoft 365 E3/A3 licenses.
Microsoft Defender for Endpoint (Plan 1) extends Microsoft 365 security by including world class threat and attack prevention capabilities to help you deliver against your Zero Trust strategy, reduce cost (by negating the need for additional products) and simplifies security management.
Defender for Endpoint Plan 1 includes the following key features (among others).
Next generation, born in the cloud, antivirus, anti malware and anti ransomware protection that leverages all the intelligence of the Intelligent Security Graph to help keep users endpoints secure and protected.
World class attack surface reduction capabilities that harden the device, prevent zero day attacks, and provide granular control over access.
Device based conditional access which leverages Azure AD and the Intelligent Security Graph to provide additional layers of protection and breach protection and forms a key part of your Zero Trust Security architecture.
Microsoft Defender is a Top right Magic Quadrant leader for Endpoint Protection.
Gartner Magic Quadrant for Endpoint Protection
What’s included in Defender for Endpoint Plan 1
The following diagram from Microsoft illustrates the key services and features included within both Plan 1 (now part of Microsoft 365 E3 and A3) and Plan 2 (part of Microsoft 365 E5 and A5 or available as an add-on).
Defender for End Point Plan 1 vs Plan 2.
Microsoft Defender for Endpoint Plan 1 supports client endpoints running Windows 7 with Extended Security Updates, 8.1, 10, 11, macOS, Android, and iOS.
What about Plan 2?
Microsoft say that Plan one provides a strong baseline and leading edge protection against modern day, zero day and every advancing threats.
For the complete set of endpoint security capabilities, as shown above, Microsoft advise that organisations strongly consider Microsoft Defender for Endpoint Plan 2.
“Plan 2 builds on Plan 1 and provides a best in class EDR solution including automated investigation and remediation tools, advanced threat prevention and threat and vulnerability management (TVM), and hunting capabilities which which combined with the wider Microsoft Defender suite provides seemless, integrated and cross architecture protection”.
To find out more, please refer to the official Microsoft documentation.
Microsoft’s SIP gateway service was officially released as of today today. This means organisations can now repurpose a wide range of ‘old’ SIP phones and use them with #MicrosoftTeams helping to reduce TCO of Teams Voice Migrations and drive value out of legacy hardware.
The new SIP Gateway Service (which has been in private preview for a few months) is a solution that enables core Teams calling functionality on compatible SIP phones including many from Cisco, Poly, Yealink and AudioCodes.
Microsoft SIP gateway
Breathing life into legacy handsets
The SIP Gateway supports the following core Teams calling functionality:
Inbound and outbound calls
Call transfer
Meeting dial-in and dial-out
Device level based “do not disturb”
Voicemail with message waiting
The SIP Gateway Service is FREE
Microsoft are making the SIP Gateway service for free, and any user can use the SIP Gateway so long as they meet the following requirements.
Licensed for Teams Phone via Office 365 E5, Microsoft 365 E5 or a standalone license.
Enabled for PSTN, which means a phone number in Teams assigned via Calling Plan, a Direct Routing or Carrier Connect (calling via third party apps not supported)
Common Area devices licensed via Common Area Phone license.
For the best experiece Teams Phones are recommended
In the official Microsoft Teams blog, Microsoft reminds us that while their SIP Gateway and Skype for Business 3PIP Gateway services provide valuable flexibility for organisations wishing to sweat their legacy SIP phone investments, Teams phone devices provide the most complete Teams experience.
What devices are supported
These are the currently supported phones (at time of writing).
I feel I must congratulate Cisco on the annoucement of their new partner and customer centric Enterprise Agreement.
Simple and Inclusive
This looks and feels like one of the simplest yet powerful subscription based licensing programmes in the channel… at a time when “other” major vendors seem to be struggling to get a model right that is fair and offers value to both customer and partners regardless of size.
Consistent across their solution portfolio
When fully available in early 2022, Cisco will make their full portfolio of services available through a single agreement rather than the current multiple EAs with different terms, rules and portals they have today. Instead the EA will cover all five of Cisco’s solution areas – application infrastructure, networking infrastructure, collaboration, security and services.
Helps make it easy for customer to buy solutions across the stack
This new EA will dramatically simplify purchasing and selling as it creates one program and one experience for everything Cisco do and aligned to their product portfolio.
For example, Cisco has been beating the drum hard with the concept of “full stack observability”, which is growing in importance in this multi-cloud centric, highly mobile and hybrid world.
To make this a reality, customers, need to buy products across multiple technology and solution stacks, including services like AppDynamnics, ThousandEyes, Intersight etc., but this new should make it much easier for partners to sell and for customers to buy.
After their acquisition RiskIQ just last week and ReFirm the month before, Microsoft have just annouced they are now aquiring CloudKnox, a leader in Cloud Infrastructure Entitlement Management (CIEM).
Who are CloudKnox?
Founded in 2015, CloudKnox, are the only multi-cloud, hybrid cloud permissions management platform that provide granular visibility, automated remediation and continuous monitoring consistently enforcing least-privilege principles to reduce risk. CloudKnox works with Azure, as well as the AWS and Google public clouds as well with leading virtualisation and hybrid cloud vendors including VMware.
CloudKnox
CloudKnox are the leaders in Cloud Infrastructure Entitlement Management (CIEM) space and offers complete visibility into privileged access within cloud services.
What Microsoft plans to do with the CloudKnox acquisition.
In Microsoft’s most recent security blog, Joy Chik (VP of Identity at Microsoft) said:
“Modern identity security needs to protect all users and resources consistently across multi-cloud and hybrid cloud environments….Today, Microsoft is taking a significant step toward this goal with the acquisition of CloudKnox Security, a leader in Cloud Infrastructure Entitlement Management (CIEM). CloudKnox offers complete visibility into privileged access. It helps organizations right-size permissions and consistently enforce least-privilege principles to reduce risk, and it employs continuous analytics to help prevent security breaches and ensure compliance. This strengthens our comprehensive approach to cloud security.”
Joy Chik, Corporate VP of Microsoft Identity
The post (which can be read here) summarises how Microsoft will leverage the CloudKnox technology to help Security Admins with tasks such as managing privileged access in multi-cloud and hybrid cloud environment through a set of comprehensive yet simple threat assessments and prevention methods as well as ensuring security enforcement and governance.
Finally Microsoft said that the acquisition of CloudKnox will allow Microsoft to further harden Azure Active Directory with more granular visibility, continuous monitoring and automated remediation for their hybrid and multi-cloud identities, access and permissions further solidifying their market leading position in Identity and Access Management.
Extended Security Updates were made available (at a cost) by Microsoft for both SQL Server and Windows Server versions 2008 and 2008 R2 since “official support” ended but these extended support update are also now coming to an end on:
SQL Server 2008: July 9th, 2022
Windows Server 2008/2008 R”: Jan 14th, 2023 respectively.
If your organisation is still running any of these older server products in Azure then you will be currently entitled to (and receiving) 3 years of free Extended Security Updates, and Microsoft have recently announced that one more year of Extended Security Updates will be available BUT ONLY if these workloads are running in Azure.
SQL Server and Windows 2012
Support for SQL Server 2012 and Windows Server 2012 / 2012 R2 is also coming to an end:
SQL Server 2012: July 12th, 2022
Windows Server 2012/2012 R2 on October 23rd 2023
As with version 2008, Microsoft will be making (again at a cost) 3 years of Extended Security Updates available from your licensing partner or Cloud Solution Provider (CSP) and, as before these will be free if these workloads are running (or moved into) Azure.
If you are no planning on moving these into Azure, then you’ll need to buy licences for each server instance you need to cover.
Cost for ESU are
Year 1: 75% of the licence cost
Year 2: 100% of the licence cost
Year 3: 125% of the licence cost
What are my options?
If you are still on Windows Server 2008 or SQL 2008, you have 3 options:
Migrate the VMs/Servers into Azure for ONE MORE YEAR of free support
Migrate or Rehost apps and workloads to Windows Server and SQL Server on Azure virtual machines
Modernize with Azure services such as App Service and Azure SQL Managed Instance, and never have to patch or upgrade again.
If you are Windows or SQL Server 2012, you have 4 options:
Pay for Extended Support for up to 3 years
Upgrade the Servers to a supported version of SQL and Windows
Migrate or Rehost apps and workloads to Windows Server and SQL Server on Azure virtual machines
Modernize with Azure services such as App Service and Azure SQL Managed Instance, and never have to patch or upgrade again.
Further Reading and References
You can find the formal announcement here, along with the data sheet which does into more detail, as well as a FAQ from Microsoft.
Windows365 is a new service that will let users access their corporate ‘cloud’ PC from anywhere by streaming a version of Windows 10 (or Windows 11 when released) in a web browser. At initial launch, (2nd August 2021), organisations have two edition options – Windows 365 Business and Windows 365 Enterprise – with multiple Cloud PC configurations in each edition based on performance needs.
Designed for the disparate and agile workforce
Windows 365 allows organisations to equip distributed workforces, temporary and seasonal employees, contractors, and employees who have a need for specialised workloads in a flexible and highly secure manner – regardless of their location or device. Windows 365 will allow organisations to add and remove users with secure managed Cloud PCs according to the changing needs of the business and of the individual user, allowing them to scale for busy periods without the logistical challenges of issuing new hardware. Cloud PCs can be scoped, and scales based on the specification/power that best meets the user need and is paid for on a simple per user per month price.
Built on Azure Virtual Desktop – runs on anything
Windows 365 is built on Azure Virtual Desktop but simplifies the virtualization experience and licensing. Organisations that require greater customization and flexibility can of course still opt for Azure Virtual Desktop to modernize their VDI (Virtual Desktop Infrastructure) in the cloud or use a combination of both.
Windows 365 offers a consistent Windows experience, across any device/operating system including Windows, Mac, Linux, iOS, or Android. It promises to support all your business apps such as Microsoft 365, Dynamics 365, Power Platform, line of business apps, and more as well as the Office 365 suite.
It provides an instant-on boot experience that enables users to stream all their personalized applications, tools, data, and settings from the cloud across any device and allow them to pick up right where they left off. The state of a user’s Cloud PC remains the same, even when they switch devices.
Windows 365 Device Support (July 2021)
Consistent Device Management
Microsoft Endpoint Manager is used to procure, deploy, and manage Cloud PCs for their organisation, since Windows 365 is consistent with how they manage physical devices with Microsoft End Point Manager. Cloud PCs are managed alongside physical devices and can apply management and security policies to them in the same way as they do on physical devices. There is extensive monitoring too and IT can change on the fly the specification (processor, RAM, and disk) to adjust the performance of the Cloud PC to make sure the users are getting the best experience. There’s also built-in analytics and performance metrics to look at connection health across network to make sure the Cloud PC users can reach everything they need.
Build on Zero Trust Foundation
Windows 365 is built with a focus on a Zero Trust architecture. It stores information in the cloud, not on the device, and encryption is used everywhere as you’d expect with an Azure service. All managed disks running Cloud PCs are encrypted, stored data is encrypted at rest, and all network traffic to and from the Cloud PCs is also encrypted.
Licensing Information
Unlike other virtualisation services, Windows 365 is priced on a per-user price and are allocated via the Microsoft 365 admin centre portal in the same way as other Microsoft 365 E3/E5 licenses.
Windows 365 will initially come in two flavours – Business and Enterprise, and Microsoft will offer 12 different configurations for both the editions. The Cloud PCs can be configured with a single CPU, 2GB of RAM, and 64GB of storage at the low-end, all the way up to eight CPUs, 32GB of RAM, and 512GB of storage.
A full range of available configuration and example scenarios is available here.
Windows 365 will be officially available on August 2, 2021, and pricing will be announced on the same day, though rumours say we expect pricing to start from ~£25pupm
I read an article recently about StephenKitay – the Former Deputy Assistant Secretary of Defense for Space Policy, who is now Senior Director at Microsoft Azure Space. It got me thinking… Firstly.. what a cool job title…. and secondly… what is Azure Space..
It’s quite cool.. Tech and Space!
Microsoft says that “Azure Space was created to be the platform and ecosystem of choice for the mission needs of the space community” . It’s designed to make connectivity and compute increasingly attainable across industries including agriculture, energy, telecommunications, and government.”
Azure Space Overview
I loved researching and sharing some of what I read. What a great project to be part of… Imagine being asked what do you at a networking event and saying “supporting customers on their space missions off and on the planet, using the power of cloud and space technology to help business across industries re-imagine solutions to some of the world’s most challenging problems”
Taking cloud-powered innovation beyond Earth with “Azure Space”.
With the enormous challenges space presents, there also comes great opportunity. The space community is growing rapidly, and innovation is lowering the barriers of access for public and private sector organizations.
Microsoft is the first hyperscale cloud service provider to join the Space Information Sharing and Analysis Center (ISAC) as a member organization and they plan to share our unique global threat insights to protect critical infrastructure and strengthen cybersecurity expertise across the space community.
What is the purpose and applications for Azure Space?
“Microsoft are diligently working to make Azure the platform of choice for the mission needs of the space community, bringing our unique global threats insights to protect critical infrastructure and strengthen cybersecurity expertise in the space industry“.
But…. Its not just about sticking Azure in space stations and shuttles.
Putting compute, data and AI into space makes connectivity and compute increasingly more attainable and accessible across the globe and has huge benefits across industries such as agriculture, energy, telecommunications as well as across the public sector and in particular in regions where traditional connectivity and access to compute is more sparse. Third and developing world nations will also hugely benefit. “ our ambition is to grow the entire world community, which is the basis for Azure Space.”
OK so what is Azure Space though?
Azure Space is basically a set of innovative service offerings, a new partner ecosystem and a global strategy focused on specific core areas to addresses never-before-seen security challenges. Azure Space is made up of 3 main things..
Azure Space Components Overview
Azure orbital
Azure Orbital is a Ground Station As-a-Service that provides communication and control of a satellite and enables satellite operators to communicate with and control their satellites, process data, and scale operations within Microsoft Azure.
Azure Orbital brings satellite data directly into Azure, where it can immediately be processed with market-leading data analytics, geospatial tools, machine learning, and Azure AI services.
In essence Azure Orbital will allow organisations/providers of “space connected stuff”, to take full advantage of the Microsoft’s global network and services infrastructure to build new product offerings and services with the edge, 5G, SD-WAN, and AI.
Azure Modula Datacenter
The Azure Modular Datacenter (MDC) is a complete, rugged datacenter solution for organisations/servjce providers that need cloud computing capabilities in hybrid, sparse or challenging environments like space.
Microsoft designed the MDC to support high-intensity, secure cloud computing in challenging environments, such as situations where critical prerequisites like power and building infrastructure are unreliable. Built on Azure Stack(r), it is a self-contained unit the provides the capability to deploy a complete datacenter to remote locations, or to complement existing infrastructure. The MDC runs primarily on terrestrial fiber, low-bandwidth networks, or be completely disconnected.
Azure Orbital Simulator
With space mow opening up to more commercial and government space organisation, the pace and demand of developing interconnected satellite networks increases exponentially.
To aid with this, Microsoft have created Azure Orbital Emulator, an emulation environment that conducts massive satellite constellation simulations with software and hardware in the loop. This allows satellite developers to evaluate and train AI algorithms and satellite networking before ever launching a single satellite reducing cost, time and money as well as human safety naturally. With Azure Orbital Emulator, Azure can emulate an entire satellite network including complex, real-time scene generation using pre-collected satellite imagery for direct processing by virtualized and actual satellite hardware.
“The Goal of Azure Orbital Emulator is to aid the preparation of space missions with the power of Azure.”
Azure Orbital Emulator is already being used Azure Government customers globally.
Credits and further reading
Some of the content here is referenced/quoted from the full comprehensive report. https://www.helpnetsecurity.com/2021/07/13/microsoft-azure-space and on twitter at @helpnetsecurity. Much of the information comes from Microsoft Azure blogs referenced below.
For further reading (it’s quite interesting) you can read Microsofts official blurb and ongoing updates here.
Microsoft has opened registrations for this years Inspire 2021 virtual conference, which will be held on July 14th and 15th.
Microsoft Inspire is Microsoft’s largest (and global) annual partner event and as usual features several high-profile global execs including CEO Satya Nadella and EVP of Worldwide Commercial Business Judson Althoff.
What might we hear about?
Last year, there was huge news and updates around Azure, Microsoft Teams, Microsoft Edge as you’d expect with also a focus on new services such as Microsoft Lists, and Power Automate Desktop.
This year we can expect to hear some new enhancements and updates and I expect to see a focus around the recently(ish) announced Microsoft Viva along with more updates around Windows (following the event on the 24th June) and probably some new things none of us are expecting… .
You can register for Microsoft Inspire 2021 on this page with your Microsoft account, Office 365, LinkedIn, or GitHub account.
Microsoft announced today that they are rebranding Windows Virtual Desktop (WVD) to Azure Virtual Desktop (AVD).
In the annoucement, Microsoft also said that a number of new enhancements (some of which have gone into public preview from today) are coming, which are part of the wider and longer term vision and the changing needs of customers. In the annoucement Microsoft said that the COVID19 pandemic has resulted in organisation moving rapidly to Windows Virtual Desktop for “secure, easy to manage, productive personal computing experience with Windows 10 from the cloud”.
Improved Azure AD Support
Azure Virtual Desktop will support the ability for users to domain join their virtual desktops directly to AAD using just their credentials. They are also fully removing the need for organisations to need Windows domain controller allowing Azure AD as the only or primary authoritive directory service.
Azure Virtual Desktop will also add further support for secure sign on and single sign on, bringing support for smart cards and FIDO2 keys
Another feature now out in public preview is the ability to enroll and manage Windows 10 Enterprise multi-sessions virtual machines through Endpoint Manager just like admins would for physical machines. This further improves the process of managing both physical and virtual desktops using the Endpoint Manager admin center.
Enhanced Endpoint Manager support.
Microsoft have said they are also adding support for IT to be able to automatically enroll these virtual machines using Microsoft Endpoint Manager (formerly Intune), bringing a much more “streamlined” deployment and management experience.
Also coming soon (and in public preview from today) is the ability to be able to enroll and manage Windows 10 Enterprise multi-sessions virtual machines through Microsoft Endpoint Manager in the same way that physical devices are managed today. This closes the management gap and streamlines the process of managing both physical and virtual desktops using the same Endpoint Manager experience.
New QuickStart Experience
Microsoft said that new deployment onboarding experience which will be available soon (in preview first naturally). This is designed to help organisations initiate fully automated deployments from the Azure portal using just a simple wizard style process.
New “per user” pricing model
Yes.. As it pricing and license wasn’t complicated enough, there are new pricing options coming for organisation to leverage Azure Virtual Desktop VDI and streamed applications in the form of a true SaaS based model.
To make this simpler, Microsoft have announced a new monthly per-user pricing
This new pricing will launch on January 1st, 2022, and will be $5.50 per user per month for apps, and $10 per user per month for apps plus desktops.
A launch promo will mean organisations will be able to use Azure Virtual Desktop for streaming first-party or third-party applications to external users at no cost from July 14, 2021, to December 31, 2021, after which they will need to keep paying for the underlying Azure infrastructure.
So, it wouldn’t be a Microsoft event (#MSIgnite) without a handful of “wow” demos, updates, and new products announcement both in preview and GA across Teams, the wider Microsoft 365 platform, Azure, Windows 10 and Power Platform, but without doubt the biggest “thing” to happen at Ignite this year was Mcirosoft Mesh. Anyway, here’s my
As in previous years), Microsoft have published their “encyclopaedia” if you like, of Ignite (the #BookOfIgnite ) which covers all the announcements in detail along with links to blogs and tech articles.
This post, on the other hand is a summary of my personal “top 3” announcements across each of the core solution areas. Of course, depending on your role, line of business and priorities, and interests, you will have your own favourites so feel free to let me know yours in the comments.
Microsoft Mesh
This stole the show from the moment the keynote started and was without question the biggest news of Ignite 2021. Much of the keynote and later sessions were available to watch live AltSpace VR in both Mixed and Virtual Reality. Mesh is Microsoft’s new Mixed Reality Platform which is designed to allow people who are in physically various locations to join collaborative and shared holographic experiences across many kinds of devices.
The business case for Mesh builds upon the success of HoloLens 2 and is designed (and was highlighted) for organisations to let their teams joined shared virtual spaces for collaborative meetings, where everyone will appear as virtual avatars (reminds me of the holograms in the StarWars). Microsoft say that their target audience is both enterprise and commercial customers. Microsoft Mesh can be accessed through an updated version of AltSpace VR, which is Microsoft’s VR platform. Microsoft Mesh will be coming to HoloLens via a dedicated app and solutions built through Mesh by developers will also be able to be tailored/supported to Windows Mixed Reality, PCs, Macs, Smart Phones, and headsets like Oculus.
Microsoft Teams
Highlight of new Teams Meeting Features
Always needing its very own category, my top 3 in this category are:
1. Improvements for Teams Meetings and Live Events.
Teams can now be used to create and run fully interactive webinars for up to 1,000 attendees and will also support webinars with up to 20,000 attendees from later this month. This will also be included for any customer with Office 365 E3 and more without any additional licenses or cost.
Dynamic View for Teams meetings will be released next month and is all about ensuring more inclusive and natural meetings for remote/hybrid meetings making them more engaging. Dynamic view uses AI to adjust elements of the meeting to allow for display different modes such as charts, chats, etc next to video feeds as well as an overlay of presenter video and presentation space.
Improved privacy and security in meetings – with meeting-only meeting controls and end-to-end encryption in one-to-one calls.
PowerPoint Live in Teams is available now. The much-requested feature combines slides, notes, and meeting chat in a single view to help make presentations easier for speakers and presenters and to make them more engaging for attendees.
2. Teams Connect
A new channel-sharing feature coming to Teams “later” this calendar year. This will enable users to share channels with anyone, internal or external. Unlike guest access, the shared channel will appear within a user’s primary Teams tenant, alongside other Teams channels meaning that “multiple organisations can share a single channel” that all members can then access from their own Teams environments. Channel sharing seems is great for scenarios where multiple organisations are collaborating on a specific project for example. Guest Access isn’t going anywhere and is still relevant as this is more suited to situations where an external organisation or person needs broad access to data, meetings, and information, beyond just a specific channel. This is currently in “private preview”.
3. Teams Calling Updates
Direct Routing and Survivable Brach Appliances: With the explosion of customers enabling and migrating to PSTN calling in Teams from traditional IP PBXs, the use of Direct Routing grown 8-fold, Microsoft announced several new certified Session Border Controllers (SBC) for Direct Routing, with 6 new SBCs completing certification in just the past 3 months. Additionally, to add resiliency to the most critical locations, Survivable Branch Appliance (SBAs) are now generally available, enabling PSTN calling in the event an outage does not allow the Teams client to directly connect to Microsoft 365 global services.
Operator Connect Conferencing brings an “operator-managed service” that provides “bring your own operator” for conferencing, meaning customers can keep their preferred operator contracts in place as they migrate their PSTN infrastructure to the cloud. This also allows additional geographic dial-in coverage, enhanced support, and reliability with locally agreed technical support and SLAs. This enters private preview from June, with the initial wave of qualified partners, including BT, Deutsche Telekom, Intrado, NTT, Orange Business Services, and Telenor.
New CloudCalling Plan Countries were also announced, with Microsoft native calling plans coming to 8 new markets from April 2021 including New Zealand, Singapore, Romania, Czech Republic, Hungary, Finland, Norway, and Slovakia, bringing native Microsoft Teams Calling Plans to 26 markets across the globe.
Identity, Security & Compliance
1. Identity
Focusing on helping organisations deliver on their Zero Trust strategy including,
Password-less authentication which is now “generally available” for cloud and hybrid environments meaning customers can move towards a truly password-less world leveraging multi-factor authentication and risk based conditional access to provide just in time, assume breach, challenge everything approach to identify and access management without the need for passwords.
Azure AD Conditional Access now uses authentication context to enforce more granular policies based on user actions across the applications they are using or the sensitivity of data they’re trying to access.
Azure AD verifiable credentials will be in public preview later this month. Verifiable credentials allow organisations to confirm information without collecting or storing personal data, improving security and privacy.
2. Security announcements
A wealth of announcements here as well, all of which will further strengthen, Microsoft’s commitment to deliver the absolute best security protection, detection, and response for all clouds and all platforms:
Azure Sentinel now seamlessly integrates with Microsoft 365 Defender with shared incidents, schema, and user experiences to simplify investigations for a totally aligned view and remediation surface.
Endpoint and Office 365 defender capabilities are now also integrated into the Microsoft 365 Defender portal.
New Threat Analytics experience within the Microsoft 365 Defender portal provides a set of reports from expert Microsoft security researchers designed to help customers understand, prevent, and mitigate active threats, like the recent Solorigate / SolarWinds attacks.
The Secure-core services that are now build into Surface devices (and other leading Windows 10 devices) is also coming to Windows Server and Azure edge devices to help minimise risk from firmware vulnerabilities, attacks, and advanced malware in IoT and hybrid cloud environments.
3. Compliance announcements
Co-authoring of Microsoft Information Protection-protected documents will be available in “public preview” from this week. This in my experience the number one blocker of being able to properly deploy organisational wide information protect across SharePoint sites, Teams, and individual documents since currently (well, prior to this announcement) it was not possible to co-author docs that were encrypted which makes most of the power of Modern Office 365 and co-authoring useless. This feature helps significantly close the gap between security and productivity.
Microsoft Azure Purview was announced in more detail. Purview provides new cross-platform support and deeper insight into data classification and protection across structured and un-structured data across on-premises, data bases, Microsoft Cloud and third-party services including Google and AWS – it’s Azure Information Protection on steroids!
Microsoft 365 data loss prevention (DLP) now supports Google Chrome browsers and on-premises file shares and SharePoint Server as well as SharePoint Online and of course Microsoft’s Edge (Chromium based) browser.
Microsoft 365 Insider Risk Management Analytics was released into public preview.
Power Platform
1. Power Automate Desktop was made free!
This is really really big news for any organisation that is looking, using, or intending to use Robotic Process Automation (RPA). Power Automate Desktop is a an “attended Robotic Process Automation” solution which is a macro recorder on steroids. You can download it now if you want to try it. It will be available first for #WindowsInsiders to try (built into Windows 10), however it will eventually be rolled out to Windows 10 as a core product (most likely as an optional feature). Until now, a per user for month for the tool would cost about £12 a month. Power Automate currently has circa 400 actions to help build flows across different applications and the best part is that it enables you to build your own scripts to automate time consuming repetitive tasks which saves time and money. Microsoft’s goal here is to “democratise the development for everybody with Power Platform” by making no-code/low-code accessible to everyone not just developers.
2. PowerFX (a new low code programming language) was announced.
PowerFx is a low code programming language that is based on the foundation of the Microsoft Power Apps canvas. What’s great is that since Power Fx is based on Microsoft Excel, it will naturally be a great fit for a wide range of people since it will leverage skills, they “many” already know and becomes a common ground for business users and professional developers alike to express logic and solve problems. Microsoft also said they were planning make Power Fx, open source, making the language available for open contribution by the broader community on GitHub.
3. Dynamics 365 now seamlessly integrates with Microsoft Teams
This ensures conversations, calls, meetings, and chat will be available across dynamics 365 – within opportunities, sales, marketing, finance, and operations.
Windows 10
Windows 10 usually gets a backseat at Microsoft Ignite (as it typically focusses on cloud services and new things), but this year, there were some things which resonated.
1. Power Automate Desktop
As discussed above, Power Automate Desktop was announced and will be free for all Windows 10 users including Windows 10 Home and Pro and not just to Enterprise users. You can read more about this above.
2. Windows 10 in Cloud
Simply put, cloud configuration is a Microsoft-recommended device configuration for Windows 10, cloud-optimised for users with specific workflow needs. IT admins use Microsoft Endpoint Manager to apply a standard, cloud-based, easy-to-manage configuration of Windows 10 to a selected set of new or existing devices. The configuration works on devices running Windows 10 Pro or Windows 10 Enterprise and may be appropriate for workers who only need a limited number of IT-curated and approved applications to meet their targeted workflow needs. User accounts are registered in Azure Active Directory and devices are enrolled for cloud management in Intune, so they are automatically updated with continuous product and security updates.
Microsoft announced that the newly announced Windows 10 in Cloud has now been integrated into Microsoft Endpoint Manager, which will make it even easier to provide a secure device configuration regardless of the type of worker. Microsoft also made a full “Windows 10 in cloud configuration overview and setup guide” available which is designed to help solution integrators, partners, and internal IT teams to apply a uniform, secure and easy-to-manage cloud-based configuration of Windows 10 Professional or Enterprise devices.
3. New version of Windows 10 Perhaps?
Well maybe! During a Fireside chat session at Ignite, Surface and Windows Lead, Panos Panay “teased” of some major updates and design changes coming to Windows. These were very much hints and teases than any firm commitments but talked a lot about the fact that Microsoft has not “talked about the next generation of Windows for a while” and that he was “so pumped” for it – ending with “it’s going to be a massive year for Windows.”
As Microsofts’ annual dev conference Build opened today (May 19 2020), Microsoft announced the launch of the Microsoft Cloud For Healthcare, — a new Microsoft Industry Cloud solution.
Microsoft said that the solution aims to integrate Microsoft Cloud with an “industry-specific data model” “cross-cloud connectors,” and APIs to better help serve the global healthcare industry.
Global capabilities uniting the healthcare industry
The Microsoft Cloud for Healthcare wi bring together capabilities from across many Microsoft Cloud Services 365. This includes Microsoft 365, Dynamics 365, Power Platform, and if course Azure. This will be powered by a common data model which will allow the sharing of data across various applications to provide better analytics. Microsoft say that this will allow health providers globally to provide better services for patients, clinicians and doctors by helping make it easier to deploy resources to the needs of all hospital and care units.
For example, Cloud for Healthcare, will focus on what Microsoft has identified as important needs for the field, like engaging patients, facilitating health team collaboration and improving operational efficiency, all with strict security measures.
Sample Health App powered services
Of course, an important component of healthcare is aftercare, where medical professionals need to keep in touch with their patients to follow up on their recovery and any post opp treatment, tools available to do so are generally limited to follow-up phone calls and emails, which are not only tedious but can sometimes not meet security standards or provide the best care.
Microsoft’s Healthcare Bot Service will be available as part of this service, which Microsoft say is behind more than 1,500 instances of COVID-19-based bots that have gone live globally since March 2020. These bots can help alleviate the strain on emergency hotlines for public and provide health providers while addressing common questions that patients might have.
Availability
Microsoft has said that a public preview will be coming in coming days and will be free for 6 months for evaluation, with general availability bringing late this calendar year.
Microsoft has also said that although the healthcare industry will be “first served” with the solution, they also promised that more industry-specific clouds solutions will follow.
Thoughts..
What do you think.. Is industry specific Cloud solutions a good next step for Microsoft?
Microsoft’s Azure Cloud and Office 365\Teams collaboration services have seen a significant, in fact colossal, spike in usage over the past week as companies globally continue to deal with an increase in remote workers due to the ongoing COVID-19 outbreak and lock downs that are being put in place to help control the infection rate and curb the impact on the world’s health services like our incredible NHS.
Microsoft said yesterday that in the last week it has seen a 775% increase in the use of its cloud services in regions where enforced social distancing and lock downs have been put in place such as here in the UK, most of Europe and many States in the US.
Microsoft Teams is seeing more than 900 million meeting and calling minutes per day.
Microsoft had previously stated just last week that they was prioritising traffic for critical front line and public services such as NHS as well as also tuning and reprioritising services to cope with this unprecedented demand. This includes prior temporary limits on free offers (outside key workers and NHS for example) to prioritise capacity for existing customers and the downgrading of video in Teams for example to help manage traffic. Microsoft has said that these limits are typically being isolated to regions/locations that are seeing the most demand and that customers impacted can use alternative regions to get around some of the performance hits while they even out and scale out their services to handle the new demands.
Last week, Microsoft has some issues with adding new services to Azure in some regions, including the UK which caused them to “drop below the typical 99.99% success rates.”. This was caused by the huge surge in new Azure Virtual Desktop services being spun up as organisations looked to quickly enable remote desktop to facilitate homeworking after the UK mandated work from home as part of the UK Covid19 lock down measures.
COVID-19 sees huge demand and growth
Microsoft said last week that Teams has “seen a very significant spike” in usage and counted more than 44 million daily users. This week new numbers have revealed that last week they also saw more than 900 million meeting and calling minutes per day.
Windows Virtual Desktop has also seen a 300% increase in the last week with hundreds of thousands of new Desktops being added globally.
Other collaboration platforms like Cisco’s Webex and Zoom have seen similar surges in network traffic tied to the COVID-19 outbreak.
It’s not just Microsoft though…
Microsoft of course isn’t the only Web conferencing provider seeing such growth. Other collaboration platforms including Cisco Webex and Zoom have seen similar surges in network traffic tied to the COVID-19 outbreak.
Cisco has also reported large growth and demand and said Webex traffic from China had increased by more than 2,000% since the outbreak began and that more than 30% of its enterprise customers have reached out for help getting their employees set up to work from home.
Since the start of the outbreak, Microsoft, Zoom and Cisco have made their platforms available for free to most businesses affected by COVID-19 and are having to work relentlessly to expand the capacity of their services to ensure as few disruptions as possible…. All have had growing pains and as the lock downs continue globally, it probably won’t be the last time!
Microsoft Security. Now a Leader in 5 Gartner Magic Quadrants
Whatever you may have once thought about Microsoft and Security, (I remember the days when security engineers would say that its due to the amount of security holes in Microsoft that they have a job) Microsoft is now a global leader in cybersecurity, and invest more than $1b annually in security R&D as well as processing more than 6.5Trillion security and threat signals per day to protect organisations and further enhance and develop their platform and their customers businesses.
Gartner has now named Microsoft Security a Leader in five Magic Quadrants whichclearly demonstratesbreadth and depth of their security portfolio and depth of integration across their platforms. The leader awards include…
Cloud Access Security Broker (CASB)
Access Management
Enterprise Information Archiving
Unified Endpoint Management (UEM)
Endpoint Protection Platforms
Gartner places vendors as Leaders who are able to demonstrate balanced progress and effort in all execution and vision categories. This means that Leaders not only have the people and capabilities to deliver strong solutions today, they also understand the market and have a strategy for meeting customer needs in the future.
Given this, Microsoft Security doesn’t just deliver strong security products in five crucial security areas only, as you look across the Microsoft 365, Azure and Dymanics platforms but also across customers in premise and 3rd party cloud providers, they are able to provide a comprehensive set of security solutions that are built to work together, from identity and access management to threat protection to information protection and cloud security.
Their services integrate easily and share intelligence from the 6.5 trillion of signals generated daily on the Microsoft Intelligent Security Graph. Customer thst are bought in to the wider Microsoft Security approach can monitor and safeguard identity, devices, applications and data across their end to end infrastructure and cloud solutions whether that is Microsoft Azure, Amazon Web Services, Slack, SAP, Citrix, Oracle, Salesforce, Google or many many others.
They key to this is their ability (like few others) to unify their security tools, bringing end to end visibility into their customer entire environment all drawn together with their new SEIM platform Azure Sentinel.
Where are the gaps?
There are some… Some of the main ones I see are around
1. Web security and DNS security.. The kind of stuff Cisco does really well with Umbrella for example.
2. Network and LAN segmentation. This is possible in Azure but other than some relatively “old” Network Access Control services in Windows Server, this is also an area Microsoft don’t really play in.
3. Industry Specific scenarios where long (99 year or so) retention policies and archiving is required. These are areas where solutions like Proof Point do really well in my experience.
What others do you see? Interested in your views and comments..
An Azure Dedicated Host provides a single-tenant, physical server that can be used to host your Azure virtual machines for either Windows and Linux. Unlike normal Azure hosts, the server capacity in a dedicated host is hardware-isolated (as the name suggests) and is therefore not shared with other customers, meaning you can now run general purpose, memory or compute intensive intensive workloads in a hardware-isolated and virtualized server environment dedicated to your organisation.
Azure Dedicated Host, helps organisations address specific compliance requirements while increasing visibility and control over the underlying virtual infrastructure. This has the following key benefits:
Increase control without limiting choice
Deliver against your compliance needs
Reduce cost by leveraging you Azure Hybrid Rights Benefits
Increase control without compromising choice
Azure Dedicated hosts support Windows, Linux, and SQL Server virtual machines on Azure. The full range of options and scale are available, from server type, CPU type, number of cores, plus all the additional features. The underlying hosts are provisioned as single-tenant and dedicated to your Azure VMs and workloads for maximum security, compliance and placement control. All platform-initiated maintenance operations, such as OS patching, or hardware or software reboots can be scheduled as needed so you have full control like you’d have with on-premises workloads.
Deliver against your compliance needs
Azure Dedicated Hosts mean that its easier for your organisation to comply with your corporate or regulatory policies and standards by taking advantage of the vast range of industry certifications that Azure has earned. Add this to the fact that you can now locate Azure VMs on an isolated and dedicated physical server that runs only your workloads, you can be sure you are meeting your compliance guidelines and standards.
Reduce costs by using existing software licenses
With Azure Dedicated Hosts, you can still use your on-premises Windows Server and SQL Server licenses with Software Assurance benefits, or subscriptions with equivalent rights, when you migrate your workloads to Dedicated Host. Azure Hybrid Benefit licensing terms are available only on Azure. Microsoft also give you free extended security updates for Windows Server and SQL Server 2008 and 2008 R2 for another 3 years (bear in mind these go end of support otherwise in January).
How are they priced
Pricing is surprisingly simple..
Dedicated Host is charged at the host level regardless of the number of Azure VMs you run on the host.
Software licenses are billed separately from compute resources at a VM level based on usage.
Today saw Day 1 of Microsoft’s Annual Ignite conference in Orlando.
As expected there was a lot of hot (mainly Teams and Azure) news announced first thing and after reading many of the blogs, tweets and linked in posts, I’ve tried to summarise and include all the main (and my favourite) highlights (so far) in this one post.
This will likely be out of date before I finishing writing it, as there will be other “smaller” announcements through the day and into the rest of the week. We have also seen some other key big announcements from Microsoft partners and even their “competition” all Microsoft focused of course.
1. Microsoft Teams: Wealth of new features and integrations from Cisco and Zoom.
As expected, Microsoft Teams got some big announcements today, with the much anticipated roll out (this week) of secure private channels. Also announced was early 2020 roll out of pinned channels, multi-window chats and meetings. Microsoft also announced new integrations with To Do, Microsoft Planner, Project, Outlook, Yammer and the newly updated Power Platform.
2. Breaking down the vendor wars with improved meeting room and interop between Cisco and Zoom
Microsoft and Cisco have announced a partnership to work together to simplify the interop between Microsoft Teams Rooms and Phone System with Cisco Webex Room devices and IP voice gateways respectively and includes three new initiatives to help customers to get more out of their current investments.
Cloud Video Interop (CVI): Cisco Webex will introduce an interop solution that will be certified as a Microsoft Cloud Video Interop (CVI) solution and will allow Cisco Webex Room devices and SIP video conferencing devices to join Microsoft Teams meetings with a reliable interop experience. Coming early FY20.
Direct guest join, for meeting room devices: Cisco and Microsoft are also working together on a new approach that enables meeting room devices to connect to meeting services from other vendors via embedded web technologies. They announced a new “direct guest join” capability from their respective video conferencing device to the web app for the video meeting service.
Direct Routing for Phone System: At the heart of Microsoft Teams Direct Routing are Session Border Controllers (SBC). Since many customers also use Cisco Networking technology including SBCs and want both companies to provide joint solutions that do not require replacement of key infrastructure. Support for Cisco as a certified SBC is due in CY2020.
Zoom and Microsoft also announced that they have worked together to enhance conference room interoperability and simplify how users connect to third-party meetings.
This Zoom and Microsoft collaboration provides interoperability between the Zoom conference room solutions to provide streamlined meeting experiences. This will mean Zoom Rooms will be able to join Microsoft Teams meetings and Microsoft Teams Rooms will be able to join Zoom meetings, all without the purchase of additional licenses or third-party services. This is coming early CY2020.
3. Microsoft Flow is renamed to “Power Automate”
So this might take some time to grow on me, but Microsoft Flow, is being renamed to Power Automate. The name change was announced to allow the platform to “better align” with the wider Power Platform. Microsoft Flow (Sorry Automate) is also getting new a bunch of new features including Robotic process automation (RPA) for automating complex processes that span legacy and modern applications.
4. New: Microsoft Endpoint Manager
Microsoft Endpoint Manager is an integrated solution that promised to centrally and securely manage all of the endpoints across an organisation. This the next major milestone for Intune and will bring together Microsoft Intune and System Center Configuration Manager functionality while also adding a new intelligent actions and analytics.
Endpoint Manager will deliver a unified, seamless, end-to-end management for Windows, Android and Apple devices, apps, and policies without the complexity of a migration or disruption to productivity.
Expected in Q1 of 2020, Microsoft have also said they will be making Intune available to all existing SCCM customers for Windows PC management, meaning that Starting on 1st December 2019, customers can start to co-manage these devices in Microsoft Endpoint Manager, and start using cloud-powered features like Autopilot and Desktop Analytics.
5. New Chromium-based Edge: Jan 15 2020 Release
Actually one of my favourite #Geekouts right now – Microsoft has said that January 15, 2020 will be be for official release date of their new Chromium-based Edge browser for Windows and Mac. Microsoft announced that a “release candidate” build is available to download today in more than 90 languages which can be installed alongside the Canary, Dev, or Beta builds you may already be running or testing.
If you are a big Google Chrome fan, I urge you to try this out – its a really great browser and has loads of enterprise features built right in including native integration with your Office 365 environment.
I’ve been using this for a while (well a week or so) and today Microsoft is making this generally available for preview. The new Office Mobile app for iOS and Android combines Word, Excel, and PowerPoint functionality into a a simple single mobile app, similar to the old Office Hub on Windows Phone for those that remember it!. The new app has a really useful comes with an “Actions” pane, with easy access to common tasks, including scanning documents.
7. New: Project Cortex – a Microsoft 365 application that leverages AI to help better organise company data
Microsoft today, announced Project Cortex, the first new Microsoft 365 app since the announcement of Microsoft Teams that uses AI to analyse business data and in turn create a kind of neuro-knowledge network. The app will be able to organise data into different projects and customers, and make it easier for employees to find important info that can be buried in documents, conversations, or videos across their hybrid IT environment. This to me sounds a bit like Delve on steroids and one I need to read a bit more on (as I’m sure you will too), but it seems to be able to recognise data in documents and pull them together into actionable and useful information.
The follow video is quite an easy watch and shows some of the work they have done with early adopter customers https://youtu.be/K0Y15WKXuws
Yes..is a battle to win one of the biggest contracts in the cloud, #Microsoft has won the sought-after #JEDI cloud computing contract with the #Pentagon valued at as much as $10 billion over a decade, dealing a blow to the market leader, #Amazon \ #AWS which had been the front-runner.
What is J. E. D. I?
JEDI, Not related to Starwars in anyway, the 10-year contract for the Joint Enterprise Defence Infrastructure, is aimed at making the US defence department more technologically agile. The US Department of Defense wants to replace its aging computer networks with a single cloud system.
Under the contract, Microsoft will provide artificial intelligence-based analysis and security as well as host secure and highly classified military secrets among other services.
The #Pentagon have said “JEDI continues our strategy of a multi-vendor, multi-cloud environment as the department’s needs are diverse and cannot be met by any single supplier.”
READ MORE
Microsoft haven’t formerly commented as yet so expect to hear more when they do.. This is a collossal win for Microsoft and for any company with a deal of this size.
The move from traditional on-premises IT solutions to cloud services has seen a dramatic change in the way that systems are managed and controlled. The access to services from any location and using any device means that a lot of the traditional management methods are not feasible.
Identity (not the firewall) is the modern control pane. Your user identity (and how ever its protected) is typically the key to your applications, devices and data within the modern workplace so keeping it safe should be paramount.
The UK National Security Agency, any reputable security company or agency will advise you not to use the same password in multiple places, to make it complex, and to not make it simple like Password123 or Comanyname2019 for example.
What is Azure Identity Protection?
Aslong as your organisation uses Microsoft Azure AD – which it will if you use Office 365 (and have Azure AD Premium P1 or P2), Microsoft provides a nifty service (known as Azure Active Directory Identity Protection) that can go a long way in helping organisations guarantee that their users are follow industry (and your) security guidance and that they aren’t using common passwords or passwords that are known to be included in recent data attacks and breaches.
In addition to the automatic protection provided by Microsoft’s Threat Intelligent, Azure Identity Protection also allows you to manually specify up to 1,000 custom passwords. I’d strongly recommend adding (or using) the top 1,000 common passwords which is available on GitHub as a starter and then adding your own organisation’s name, and any common terms used in your company or industry to the list.
If you haven’t used the service before, you can run this in “Audit” mode to allow you to review the number of “hits” against the new policy before enforcing it. Once enforced, when any user tries to set/reset their password, their password is “scored” based on a combination of risks including use of known and common /custom passwords or known breach credential/password.
How are passwords evaluated?
Whenever a user changes or resets their password, the new password is checked for strength and complexity by validating it against both the global and the custom banned password list (if the latter is configured).
Even if a user’s password contains a banned password, the password maystill be accepted if the overall password is strong enough otherwise. A newly configured password will go through the following steps to assess its overall strength to determine if it should be accepted or rejected.
An invalid password reset attempt which is poorly scored as secured, will be rejected and the user will receive an error message similar to the below:
“Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password.”
Reviewing the effectiveness
As well as users being informed (and prevented) to setting a password that is “banned”, admins can also see this activity in the Security Logs.
Read more from Microsoft
Microsoft provides a lot more detail and examples on how this works here:
At the Citrix Synergy event yesterday, Citrix announced the long anticipated optimization pack for Microsoft Teams for both the Citrix Virtual Apps and Desktops.
This long awaiting announcement builds upon the previous Citrix HDX Realtime Optimization Pack for Skype for Business that has been used by nearly three quarters of a million users according to Citrix to achieve a native-like experience for Skype for Business within their virtual environments.
The diagram below, from Citrix illustrates the high level technical architecture of how this works.
As with the Skype for Business version, customers will get what is promised to be a fully native, fully featured Microsoft Teams experience within their Citrix Virtual Applications and Desktops. This wont just support the chat and collaborative features within Teams but will support the full HD voice, video and content sharing features. Citrix said that the upcoming update to the the Citrix Workspace app has a “built-in multi-platform HDX Media Engine that ensures optimized device and media handling, with audio, video, and screen sharing offloaded to the users device”.
This is currently in technical preview and Citrix have said that it should be released fully in the next couple of weeks. and will be shipped inline with an updated Citrix Virtual Apps and Desktops release.
Citrix have also said that once on the new version, they will need to deploy the VDI ready version of the Microsoft Teams client – no announcement was made when this version/update was expected however.
You can read the full announcement from Citrix here:
These were very much hints and teases than any firm commitments but talked a lot about the fact that Microsoft has not “talked about the next generation of Windows for a while” and that he was “so pumped” for it – ending with “it’s going to be a massive year for Windows.”
