AI | Modern Work | Cloud | Security
Microsoft announced a lot of new and updated products today at the 2019 #SurfaceEvent.
Surface Laptop 3
https://youtu.be/o3IQ1JrXnV8
Surface Pro 7
https://youtu.be/V4Hwi3o2X0E
New… Surface Pro X (ipad competitor)
https://youtu.be/v5SFBpMiaiQ
Surface Neo (foldable)
https://youtu.be/fssZICsV4Rg
Surface Duo (a phone built with Google)
https://youtu.be/kU78s9ExFFA
Accessories
Surface war buds
https://youtu.be/EwxyD_dkGVA
This was a very quick summary…
Rob
Microsoft Whiteboard allows Windows, SurfaceHub and iOS (Android coming soon) to Create freely and work naturally – giving ideas room to grow with Microsoft Whiteboard. Transform your work into professional-looking charts and shapes on an infinite canvas with an interface designed for pen, touch, and keyboard.
The Whiteboard app is also built into Microsoft Teams and can be used in video calls to help teams work collaboratively in a virtual whiteboard space.
Microsoft Whiteboard allows Windows, SurfaceHub and iOS (Android coming soon) to Create freely and work naturally – giving ideas room to grow with Microsoft Whiteboard. Transform your work into professional-looking charts and shapes on an infinite canvas with an interface designed for pen, touch, and keyboard.
Microsoft updated their White Boarding App yesterday “Microsoft Whiteboard” for Windows (including Surface Hub) and iOS yesterday adding a hugely requested feature which they have called “templates”.
The templates help to quick start meetings and get everyone on the same page. They have been added to help with common tasks and Team sessions around SWOT analysis, project planning, learning, and more. Microsoft have created layouts that provide an immediate structure with helpful tips for running activities that can be easily expanded to fit any and all content.
Microsoft have said that more templates and capabilities will be made available continuously in the coming months.
If you cant see the feature yet, head to the store and check for updates!
If you dont have Whiteboard yet – you can get it here:
One of my earlier posts talked about how enabling Multi-Factor Authentication across your organisation can dramatically reduce your risk of attack/breach or data theft by Identity Compromise however after reading some of the comments and talking to some other IT admins and CSOs, I felt this needed a Part #2.
According to Symantec, 91% of all Cyber Attacks start with a spear phishing email
Its fair to say that “most” organisations who use Microsoft Exchange Online for their corporate email services use some form of additional security or protection….
Microsoft provides Exchange Online Protection (EOP) as a standard service with Exchange which essentially is an anti-spam and antivirus service.
Every and any mail security company, Symantec, proof point, mimecast, you name it, will heavily criticise Microsoft for its “lack” of protection against modern and zero-day threats and to be honest they are quiet right too but what many people aren’t aware of (and I don’t think Microsoft shout about it loud enough) – they have some pretty good advanced services you can enable (or buy). Any security officer will tell you that they key to security is defence in depth and there isn’t a single “master of all” platform or vendor out there that can protect an organisation from attack, regardless of what form it comes in.
Having multiple defences (not necessarily multiple vendors) in place helps because if spam sneaks by the first line, it might be stopped by the second.
As you’d expect there are many 3rd party products and services available that complement the standard Exchange Online Protection services available including ProofPoint, Symantec, Mimecast etc, but if your organisation uses Microsoft Exchange Online then, depending on your licensing level, you have some pretty impressive advanced security features which to be honest, you should be using especially if you don’t use any 3rd party bolt-ons. This Office 365 ATP (note, its not specifically focuses on Exchange).
Microsoft Office Advanced Threat Protection (ATP), which is part of Office 365 E5 (or an add-on) builds on the Microsoft EOP and provides two key features aimed at protecting users from phishing attacks, malicious attachments and other advanced threat vectors which typically target users but getting them to click something, fill something in or download something. Again, according to Symantec 1 in 4 people will click a link in an email without checking the message header or checking it is from who they think it is.
Of course Microsoft claim Office ATP is the best line of defence for their Office 365 customers. As you’d expect, Third-party mail hygiene services beg to differ and say that their solutions offer better protection. Either way, you’re better protected when EOP is not the only line of defence.
Office ATP delivers two key security enhancements for Exchange (and Office 365 in general) including ATP Safe Attachments and ATP Safe Links, both features designed to prevent or stop malicious content arriving in user mailboxes and indeed across the other key Office 365 services.
The concept behind ATP Safe Attachments is fairly simple and is designed with protecting users against emails that may contain malicious attachments. ATP Safe Attachments helps here by intercepting all emails before they hit the users inbox, essentially detonates the attachment to makes sure its safe. ATP Safe Attachments also stops infections caused by malware being uploaded to SharePoint Online and OneDrive for Business sites, including the SharePoint Online sites used by Microsoft Teams (which is enough for Microsoft to claim ATP support for Teams).
There are a couple of configuration options around how Safe Attachments works which are mainly designed to control how attachments get delivered to users.
The options are relatively self explanatory. For avoidance of doubt, I’d strongly recommend using Dynamic Delivery, which means all users receive their email messages (at first) without the attachments (well, they get a place-holder) while those attachments are being scanned by Microsoft to check they are safe.
Safe Attachments doesn’t generally take long to process attachments and in my experience the delay is usually less than 30 seconds (though that can feel like ages if you are waiting for the scan to complete in order to open your attachment – especially if its a sales PO!).
ATP Safe Links as the name implies, provides “click-time” URL Protection to blocks malicious links by analyzing them at arrival time and also each and every time the user clicks on the link to protect against spear phishing attacks that weaponize a link after an email is delivered.
While links are being checked, users are prevented from getting to these to the sites. Yes, this can delay mail recipients from being able to get to information but given the amount of bad sites that exist on the internet (and that more than 91% of phishing attacks original from email), this is a fair compromise, even if users are sometimes frustrated when they can’t immediately reach a site because of a blocked link.
A newish feature in the ATP Safe Links policy allows Office 365 administrators to “delay message delivery” until all links in an email message are scanned (see below). This seems to be “off” by default but is definitely one I think should be enabled.
I’m not going to go into the pros and cons of the other services in this blog, the 3rd party vendors will do this, but depending on your licensing level, need or desire to use multiple vendors for security or to standardise your security products across other key strategic vendors, you may choose to explore. Which is best – its hard to say but if you have nothing, I’d start with Office ATP as its most likely included within your licensing plan (and if not its easy to set-up a trial with your partner).
Microsoft and also many 3rd parties provide Advanced Threat Protection services across Exchange Online . At time of writing, Microsoft, however, are the only vendor that extend these services across other Office 365 services including SharePoint Online, One Drive for Business and therefore Teams.
OK so a short blog this time and about something I don’t usually write much about… Dynamics
Microsoft have announced 2 major and significant new features coming to its #Dynamics 365 platform which will essentially bring Dynamics 365 AI into real stores.. Which is actually really really cool..
These two new retail-focused apps named are called “Dynamics 365 Commerce” and “Dynamics 365 Connected Store”.
Dynamics 365 Connected Store will help companies improve the physical retail experience by analysing data from video cameras and IoT sensors to help show traffic flow, dwell zones, dead areas etc allowing retail spaces to better visualise and plan their store front layouts and adjust based on where people foot fall and grouping occurs.
This release wave will also see a new Dynamics 365 Product Insights, a new application with Dynamics 365 which will use product telemetry to help companies “build richer relationships and improve engagement.”
Learn More – There is a free Microsoft Business Applications Virtual Launch Event on the 10th October in which the world will learn more.
Cyber-attacks aren’t slowing down, and it’s worth noting that many attacks have been successful without the use of advanced technology.
For even the largest, most security averse company, all it takes is one compromised credential or one legacy application to cause a data breach.
This underscores how critical it is to ensure password security and strong authentication across your organisation and whilst there are many many solutions out there that can protect networks, applications and data, there is one simple thing that organisations can do, regardless of size and sector that can have a significant impact on protecting cyber-attacks and breach through compromised credentials.
A recent report from the SANS Software Security Institute, the most common vulnerabilities include:
There’s loads of simple steps than can and should be undertaken to provide some basic account and security hygiene.
Administrators can quickly help prevent many of these attacks by banning the use of bad passwords (Azure AD can do this naively), blocking legacy authentication, and through basic awareness and training to staff on how to spot common phishing attacks.
Whilst all this will help – by far the most effective step you can take as a business is to turn on and require Multi Factor Authentication (MFA). This extra layer of user account protection, creates a very effective barrier and layer of security that makes it incredibly difficult for attackers to log on or use stolen/compromised credentials even if a user “hands the over” as a result of a successful phishing attack.
Simply put, MFA can block over 99.9% percent of account compromise attacks. With MFA, knowing or cracking the password isn’t enough to gain access since the user will be challenged to enter a code, respond to a text sent to their phone or approve logon via an app on a device that they have in their possession. To learn more, read Your Pa$$word doesn’t matter.
According to the SANS Software Security Institute there are two primary obstacles to adopting MFA implementations today:
When we have these kind of conversations with customers, the 2nd point is usually the most common – “the owner wont like it” or “what if stops person x from logging on and they cant talk to IT?”
No banking app allows their customers to access their services these days without some form of MFA and we all (as we have to) simply accept this so why should accessing your company’s data be any different?
Depending on your organisations choice of MFA technology and the level of licensing they have in place, services such as MFA can be used in conjunction with Risk Based Conditional Access – which is a feature included within Azure Active Directory.
Risk Based Conditional Access is essentially adaptive authentication which looks at a number of different risk factors to determine what and how to allow a user to gain access to resources. In the MFA example, RBCA can be configured to now need MFA to be used when on a corporate device when in the office but enforced when ever users are remote or on an non-corporate or non encrypted device.
Need some help – the organisation I work for @cisilion can help – get in touch via twitter or visit our website. For more click here:
Note: Aspects of this information are taken from a blog by
Melanie Maynes | Senior Product Marketing Manager | Microsoft Security
Organisation-wide teams provide an automatic way for everyone in a small to medium-sized organisation (up to 5,000 users) to be a part of a single team for collaboration and notifications.
With org-wide teams, an organisation can easily have a (well actually up to 5) public teams that pulls in every user in the organisation and keeps the membership up-to-date with Active Directory as users join and leave the organisation (assuming your AD is well managed of course).
As your organisation’s directory is updated to include new active users, or if users no longer work at your company and their Teams license is disabled, changes are automatically synced and the users are added or removed from the team.
Team members can’t leave an org-wide team.
As a team owner, you can manually add or remove users if needed.
To get the most benefit out of using an org-wide team, there’s some best practice Microsoft has published based on its research with customers:
I also discovered you can convert an existing Team to a Org-wide team if you want to.. Again this is an admin required task.
There is of course Private Channels also coming very shortly to Teams which can also be used to segregate aspects of your org-wide Team to, well, less than all the organisation… I’d probably suggest not using this function inside these kind of Teams (assuming it’s permitted).
https://robquickenden.blog/private-channels-for-teams-are-almost-here
Thanks for Reading.
Updated: 4th Nov 19
Private Channels (which are being released this week) will allow team owners to limit which team members can see the conversation and content within a particular channel within a Team (kind of a private space between a wider Team). This allows team admins to right-size channel participation and exposure without having to create discrete teams to limit visibility. This can help with reducing team sprawl and can help with internal and B2B communications.
Private channels will be indicated by a small lock / padlock icon next to the channel within a Team.
Pretty much ever since Teams was released users have been asking (shouting) for Private Channels. The concept sounds straightforward enough; private channels would only be seen and accessible by the creator and whoever he/she invites. In practice, however, the feature has been a major development challenge.
According to the user requests and comments in Teams User Voice, people generally want more options when it comes to creating channels in Microsoft Teams. Specifically, they want channels that are:
What might seem a simple request has created lots of friction and almost brexit like opinion polls over the last couple of years
The “Pro” private channels want it becuase:
The “anti” private channels don’t like the concept of a private channels because:
These are all workable (though not necessarily as convenient) options.
Outside of the long and extensive debates above and Microsoft having to try to make sense of it, consult with large enterprise and event run early alpha tests with clients to test and confirm the pro and cons, the design and implementation of this feature has been complex
In simple terms, Channels in Teams simply were not originally designed or created to be “blocked off” or isolated and so because of this, the architecture of channels doesn’t lend itself to being private and has had to be majorly modified to accommodate this feature
There’s more to it than this though…
Every Team that’s created is enabled by other components of Office 365. For example, Teams need Planner for task management and SharePoint (that includes One Drive) for file storage. If a certain channel in a Team became private…
The engineering team at Redmond have had to overcome a whole load of technical and process integration obstacles to provide options for organisation who wish to make part of their open collaboration platform. not open!
You don’t have to do anything. Private channels can be used or disabled should IT not want this feature being used…whilst not released yet the options to control it are available now in the Teams policies settings in the Teams Admin Centre.
There isn’t a process to covert a Team into a channel within another team so this is a process you’ll need to consider and think about and there will be use cases for such you’ll want to consider… A personal example for our organisation is where we have Team sites for customer project work which is internal and another customer Team site we use for sharing and collaborating with a customer..
We in effect have duplicate Teams today for this reason. I expect we will look to consolidate these down to one and use private channels within a wider channel that we will use for internal / company confidential communications and docs.
Of course… This also is a great time to look at house cleaning Teams across the estate…Time will tell on that one!
Private Channels is rolling out this week…so now (almost). Like all new features.. They take a few days to roll out depending on your Office 365 release schedule.
I am proud to share with you that last night, I finally received the official Windows Insider MVP Award from Microsoft, for my contributions in the Windows development life cycle community in the past 12 months.
Those that know me and work with me, know I’m passionate about technology and have become a real #MicrosoftAdvocate since running the Microsoft business at @cisilion.
The Windows Insider MVP award is an additional award to the over arching Microsoft MVP award. It was created and announced in 2016, and is focusing on Windows and Windows Powered Devices.
The MVP award program rewards participants who contribute significantly, and voluntarily, to their technical communities. While Microsoft doesn’t publish the exact qualification criteria, the nomination process usually includes includes being nominated, detailing your community activities over the past 12 months, including blogging, speaking engagements, social media and contributions to forums or other technical groups (including answers.microsoft.com and techcommunity.microsoft.com)
It is an honor to be awarded for my work and contributions to this fine community led by @donasarkar and her team of #ninjacats. Its a bit like a passion and second job at times…. Playing with new and experimental features, suggesting and feeding back and influencing the future development for everyone. It’s a small but great community to be a tiny part of globally.
“Congratulations! Thank you for your contributions to the Windows community, we are excited to welcome you as a Windows Insider MVP. This award is a token of our appreciation, your leadership and passion help make Windows the best yet. We look forward to collaborating with you and all of our Windows Insider MVPs as we continue to strengthen the Windows Insider MVP (WI MVP) Program.”
Outside of a nice badge and trophy, the Microsoft MVP title unlocks access directly to the Microsoft product groups, via webinars, email lists, Yammer community and the invitation-only annual MVP Summit at Microsoft HQ in Redmond.
Additionally, Microsoft MVPs gain software licensing benefits to some Microsoft software titles, LinkedIn Learning and other third-party MVP offers. Speaking to other MVPs and WIMVPs, there is feeling that the MVP Community is like a family of enthusiasts and processionals
Whilst I have not been before, all content presented at the MVP Summit (which is held in March each year), is under a strict non-disclosure agreement. This allows MVPs an incredible level of access to hear about upcoming product changes and to influence product strategy and feed back thoughts, ideas and issues.
Microsoft places a huge amount of value on the stories from MVPs on what’s working well and what the road blocks are for the user and professional community.
I’m told content is presented well and that there is a great opportunity for open discussion…I am told there also “time” for some social events including dinners as well as tour of some of the special places on the Microsoft Redmond Campus….but most of all the opportunity to meet the amazing people that design, build and market some of the best products, services and platforms that set out to “empower every personal and every organisation on the planet to achieve more”.
Finally.. I hear there also lots and lots of geeky swag and stickers..
https://insider.windows.com/en-us/MVPs/rob-quickenden/
Thanks for reading my boast post!
Rob
Microsoft has launched (in preview) an SMS Organizer app for Android devices.
Why? Well, other messaging apps like WhatsApp are really good at things like sorting messages and adding some intelligence but plain old text/SMS apps don’t get any love… Until now..
Microsoft originally released the app in India last year but its now popped up in early release mode in the Play Store here in the UK…according to sources it’s only available today in UK, USA and Australia today.
SMS Organizer uses machine learning to automatically analyse and sort messages and then organises them into different folders for you.
For example, any and all messages recognised as spam or sales promotional messages get filtered into a “promotions” folder, while real messages live in inbox.
Microsoft also generates contextual reminders in your SMS inbox for things like flights, trains, and appointments or bookings and there’s also a whole bunch of customisation options including ability to block senders, star/favourite messages, and even archive/backup older messages.
Once you install it, it asks to take over as the default messaging app.
That’s it… Download it here… ANDROID ONLY.
https://aka.ms/smsorganizer
Thanks all
Rob
August 2019:
Up until now (well, yesterday in my experience, it has not been possible to share your “system audio” when sharing or presenting content such as a video or PowerPoint from within a #MicrosoftTeams meeting. A new update in in Teams which is rolling out “now” (mine “switched on” yesterday” now lets you do just that!
This feature is easily missed but you can spot it (and enable) it from the share try tab when in a teams Meeting. When sharing content (such a application or your screen, simply tick the “include system audio” and you are good to go.
…you need to check to make sure this works though
First, you need to ensure your Windows audio device is the same as your audio device in Teams. So if you hear the audio from other participants in your headphones you have to make sure that your Windows system sound is played to that device too.
If you don’t have the same audio device selected in Teams and in Windows you will likely see the error below.
Secondly – if you have already stared a sharing session and forgot to enable the system audio, you can enable this “mid-sharing” by clicking the icon in the top control bar. To do this, simply move your mouse to the top of the screen and it should appear, select “Include system audio” by clicking on the button.
Right now, from my initial testing anyway, sharing system audio does not work with Live Events which is odd. I’ve seen nothing specifically about this in the Teams Road map but i suspect this is something that will be addressed in time.
Thanks for Reading.
Rob
We knew it was coming and it’s actually taken longer than many people thought, but just 2 years after the first debut of Microsoft Teams, Microsoft has announced the Skype for Business Online will no longer be available from 31st July 2021 – which is two years from today!
Microsoft has been working heavily on Teams since its launch which was always intended to fully replace Skype for Business Online at somepoint.
There gave been a plethora of new updates releases to Teams in recent months especially around voice, auto attendant services and support for direct routing (bring your own SIP). At Microsoft’s Global Partner Conference arlier this month, Microsoft also announced that their full APIs stack for voice have been released meaning that ISVs and software partners now finally able to bring their custom extensibility apps such as Contact Centre Solutions and Call Recording into Teams.
Unlike Skype for Business Online, it’s key to remember that Teams is not just a cloud phone system, but a fully integrated enterprise chat, collaboration and productivity platform with an extensive set of phone features.
Today Team and Skype for Business (online and on-premise) can co exist and even integrate to varying degrees with each other but each and all of the these modes have been designed with eventual migration to Teams in mind.
From September 1 this year, Microsoft will also discontinue the Skype for Business Online service for new users (meaning new customers cannot have Skype for Business Online) , providing them only with the option of Microsoft Teams as their central place for communication and cloud voice – or ofcourse Skype for Business Server.
Any organisation already using Skype for Business Online will retain all access, including the ability to add new users but organisations need to start planning for the migration which will turn off for good in 2 years time.
Any organisation using (or planning to use and deploy) Skype for Business Server will not be affected, and the Microsoft have committed to supporting the service until October 14, 2025 at the very least. Skype for Business Server 2019 has recently been released and comes with it, extensive integration to Teams to make integration and longer term migration possible.
Microsoft provide a comprehensive set of technical guidance and planning resources for Teams, and of course you can work with your Microsoft Partner to help you plan, pilot, migrate and train users.
That’s all for now.
Thanks
Rob
A recent Nemertes’ “Workplace Collaboration: 2019-20 Research Study” of more than 625 organisations, found that almost two thirds (64%) of participants were using or already planning to use “team collaboration” applications, while another 15% are already evaluating them for future deployment.
The report goes to say that of those using or planning to use team collaboration applications, a third said that they view them as the “hub for all collaboration”. This clearly shows that organisations see the value of converging disparate applications for chat, meetings, and calling into a single unified, contextual work space that integrates (or can be extended) with other line of business applications.
More importantly, Nemertes found that viewing team collaboration as a work hub correlates with success. Almost half of those organised surveys said they recognised measurable value from their team collaboration deployments (in terms of reducing costs, improving and simplifying processes), view team collaboration as a hub, versus less than a quarter who said they didn’t see any measurable business benefit from their deployments.
Looking at the Enterprise Chat Space (by that i means the likes of Microsoft Teams, Cisco WebEx Teams etc.,) it’s no surprise that Integrated voice and video conferencing is the most widely used feature of enterprise team chat applications.
For Microsoft Teams users, this means the ability to easily launch a meeting from within a chat or a Team channel, enabling participants to quickly join, converse, and share relevant documents from the team space.
Due to the “addictive-ness” and viral adoption of Teams within organisations, we often experience clients who are struggling to contain the spread of teams usage. This is good for Microsoft and good for users (since the application is clearly nice and useful to use), but if Teams isn’t part of the wider Video and Conference experiences then the usefulness of the meeting and video within Teams becomes limited (trapped) by who can access them and who they can reach.
If for example, an organisation has already invested in web or videoconferencing technology and has also deployed them into their meeting rooms, access to Teams Video becomes limited to users working remotely or gathered around laptops/PCs often “plugged” into the companies expensive meeting room screens in an attempt to “hack” some form of Teams Room System together – the experience is far from optimal.
In an ideal world (where cost isn’t an option), the ideal of course (if teams is the future) is to rip out these existing video conferencing / video rooms and replace them with new Teams Rooms Systems. If Teams is the organisation’s future then this is a good idea and can be done in phases as part of refresh.
Since Microsoft Teams is still quote new, the goal for those using Microsoft Teams and who want to allow it to “spread it wings”, should look to integrate their existing meeting room and video endpoints into the Teams conferencing experience.
This integration easily allows users in an existing (non Microsoft Teams Room) meeting room to easily join a Microsoft Teams meeting, share content, and collaborate with those in other locations either using room systems, or joining from desktop, laptop, or mobile devices seamlessly.
Cloud Video Interop (CVI) services are available from Poly, Pexip and BlueJeans and these are the only certified and support (which is important) services that can enable these third-party meeting rooms and personal video devices (VTCs) to natively join Microsoft Teams meetings.
The integration of Microsoft Teams with existing room systems through Video InterOp Services provides 4 main business benefits:
For Microsoft Teams to be successful and used to potential within an organisation, it should be viewed as a hub for team work rather than just an IM platform to replace Skype or Lync. When deployed an used within an organisation to full potential, Teams can enable the integration of other collaboration and business applications into all your team spaces including existing videoconferencing endpoints.
Enabling such integration will enable and empower your Teams collaborators to enjoy and utilise the investment of an organisations existing meeting room and video conferencing technology with minimal new investment, without replacing what is already there and within the context of the Microsoft Teams meeting experience.
Thanks for reading. That’s all for now.
Credit and References: Stats and data contained within this blog are taken from Nemertes: A global research-based advisory and consulting firm that analyses the business value of emerging technologies.
The move from traditional on-premises IT solutions to cloud services has seen a dramatic change in the way that systems are managed and controlled. The access to services from any location and using any device means that a lot of the traditional management methods are not feasible.
Identity (not the firewall) is the modern control pane. Your user identity (and how ever its protected) is typically the key to your applications, devices and data within the modern workplace so keeping it safe should be paramount.
The UK National Security Agency, any reputable security company or agency will advise you not to use the same password in multiple places, to make it complex, and to not make it simple like Password123 or Comanyname2019 for example.
Aslong as your organisation uses Microsoft Azure AD – which it will if you use Office 365 (and have Azure AD Premium P1 or P2), Microsoft provides a nifty service (known as Azure Active Directory Identity Protection) that can go a long way in helping organisations guarantee that their users are follow industry (and your) security guidance and that they aren’t using common passwords or passwords that are known to be included in recent data attacks and breaches.
In addition to the automatic protection provided by Microsoft’s Threat Intelligent, Azure Identity Protection also allows you to manually specify up to 1,000 custom passwords. I’d strongly recommend adding (or using) the top 1,000 common passwords which is available on GitHub as a starter and then adding your own organisation’s name, and any common terms used in your company or industry to the list.
If you haven’t used the service before, you can run this in “Audit” mode to allow you to review the number of “hits” against the new policy before enforcing it. Once enforced, when any user tries to set/reset their password, their password is “scored” based on a combination of risks including use of known and common /custom passwords or known breach credential/password.
Whenever a user changes or resets their password, the new password is checked for strength and complexity by validating it against both the global and the custom banned password list (if the latter is configured).
Even if a user’s password contains a banned password, the password may still be accepted if the overall password is strong enough otherwise. A newly configured password will go through the following steps to assess its overall strength to determine if it should be accepted or rejected.
An invalid password reset attempt which is poorly scored as secured, will be rejected and the user will receive an error message similar to the below:
“Unfortunately, your password contains a word, phrase, or pattern that makes your password easily guessable. Please try again with a different password.”
As well as users being informed (and prevented) to setting a password that is “banned”, admins can also see this activity in the Security Logs.
Microsoft provides a lot more detail and examples on how this works here:
I was in a client meeting earlier today and we were talking about process automation, their journey to Microsoft 365 and shifting workloads from on-premise to cloud. During the meeting, the words “Microsoft Flow”, Microsoft PowerApps and “Power Platform” came up a handful of times until one of my customers said “Sorry, don’t mean to sound dumb, but what is Flow and PowerApps?”
Now then…I am not an expert in either of these (well yet anyway), but I have been playing around with these for a little while and just wanted to summarise (in-case there are others that simply don’t know) what these are and why you might/should care.
In Summary, Microsoft’s PowerPlatform is made up of a handful of core services, including Flow, PowerApps, Power BI and Dynamics 365
Microsoft Flow is a cloud based services that can helps you (yes the user not just admins) automate almost any process. Flow is accessed from the Office 365 App Launcher and it does indeed look and feel like it is part of Microsoft Office 365 but actually it is more part of the Business Apps products group and more aligned, in essence to more to Power BI and Dynamics 365.
With Microsoft Flow you can easily build a set of steps that link together to form a process (a bit like If this then that) that start when a certain event happens or is trigger. These events can be a scheduled time, the update or creation of data (for example a file, record or an email) or they can be triggered manually (there’s even Flow buttons you can create). .
All the processes developed in Microsoft Flow use a browser based Flow Designer tool and enable users to create Flows without the need to do any coding (though you can so think “No or Low Code”.
There are loads (hundreds in fact) of template Flows to get you started and i was amazed how quickly it was to set-up a simple “trigger” flow that would detect an email containing a simple string (from a particular sender), send me an alert and add the email body to a Microsoft OneNote page.
I’m not going to go in to “how to create and use” Flows here as the links below will help get you started quickly…definitely worth a play around with one lunchtime!
PowerApps is also part of this “No or Low Code” Power Platform and really they shouldn’t be seen as separate products since they tie in and work really well together.
PowerApps essentially helps people create the interface into the business processes (Flow) that they would like to implement. PowerApps are often used by organisations to replace paper based processes – its similar in nature, if you are familiar with the kinds of apps and forms that Lotus Notes used to offer….
There are quite a few dedicated Microsoft Partners in this space, but a couple of good sites and references to learn more (ones i am using anyway) are listed below
At the Citrix Synergy event yesterday, Citrix announced the long anticipated optimization pack for Microsoft Teams for both the Citrix Virtual Apps and Desktops.
This long awaiting announcement builds upon the previous Citrix HDX Realtime Optimization Pack for Skype for Business that has been used by nearly three quarters of a million users according to Citrix to achieve a native-like experience for Skype for Business within their virtual environments.
The diagram below, from Citrix illustrates the high level technical architecture of how this works.
As with the Skype for Business version, customers will get what is promised to be a fully native, fully featured Microsoft Teams experience within their Citrix Virtual Applications and Desktops. This wont just support the chat and collaborative features within Teams but will support the full HD voice, video and content sharing features. Citrix said that the upcoming update to the the Citrix Workspace app has a “built-in multi-platform HDX Media Engine that ensures optimized device and media handling, with audio, video, and screen sharing offloaded to the users device”.
Click here to watch a video of the experience
This is currently in technical preview and Citrix have said that it should be released fully in the next couple of weeks. and will be shipped inline with an updated Citrix Virtual Apps and Desktops release.
Citrix have also said that once on the new version, they will need to deploy the VDI ready version of the Microsoft Teams client – no announcement was made when this version/update was expected however.
You can read the full announcement from Citrix here:
Microsoft has started warning users of older versions of Windows desktop and Sever to urgently apply a Windows Update today to protect against a potential widespread attack similar to the infamous WannaCry attack.
Microsoft have yet again issues patched to close the critical remote code execution vulnerability that can be exploited in Remote Desktop Services that exists in Windows XP, Windows 7, and server versions including Windows Server 2003, Windows Server 2008 R2, and Windows Server 2008.
Microsoft seems to be continually “doing the right thing” of still releasing critical patches for Windows XP and Windows Server 2003 even though both operating systems have been out of support for some time.
Anyone still running Windows XP, (yes I know) will need to manually download the update from Microsoft’s website.
As you know Windows 7 reaches end of extended support in just 7 months. #Windows10 offers more than 30 odd significant advances in security and OS hardening compared to its older siblings and whilst many organisations are rapidly migrating to #Windows10 there are still many organisations that have not.
Microsoft did announce yesterday extended support for Windows10E5 subscribers for another 12 months as a benefit to their “commitment” to move to Windows 10.
As most people know, Windows 7 is going out of support January 14, 2020. Whilst there are now (according to Microsoft, 850 Million devices running Windows 10), and many many more organisations plans to have done so by the end of this year, Microsoft have yet again proven that they are listening to what their customers need and want and (subject to a number of conditions), have introduced Windows 7 Extended Security Updates (ESU) for customers that are invested in Windows 10 but just “need a little more time to migrate”.
Yesterday, Microsoft announced a new “promotion” as they are calling it for Windows E5 and Microsoft 365 E5 to address this.
As of the 1st June customers with active subscription licenses to Windows 10 Enterprise E5, Microsoft 365 E5, or Microsoft 365 E5 Security (as of December 31, 2019) will get Windows 7 Extended Security Updates for 1 Year as a “free” benefit.
With this limited-time “promotion”, organisations will have more time and options to continue receiving Windows 7 security updates after end of support the official support cycle in Jan 2020..
After this date – the charges previously communicated take effect. It is worth noting that this benefit only applies to customers using the advanced SKUs – this means users on Windows Pro, Windows E3 or Microsoft E3 for example will NOT get the extra benefit.
Information verified via Microsoft.
Microsoft have recently announced that after July 1st 2019, organisations will no longer be able to purchase Skype for Business Online Plan 2 as a standalone license and customers actively using it will not be able to renew it once their renewal time occurs. Customers who have access to Skype for Business Plan 2 on one of the Office 365 suites (Office 365 E3 for example) will not be affected by this change as its still included.
As I said above, those who have access to Skype for Business Plan 2 on one of the Microsoft 365 or Office 365 suites will not be affected by this change.
Advice from Microsoft is that organisations that are currently using Skype for Business Online Plan 2 standalone should consider moving these users to Microsoft 365 or Office 365 subscription which will provide access to Skype for Business Online Plan 2, but also of course Microsoft Teams, their primary (and now preferred) client for messaging, meeting and calls in Office 365.
Any organisation that wants/needs to continue using Skype for Business Plan 2, (i.e., they are not using Teams) can do so by moving to one the following subscriptions:
Since Microsoft Teams is included in these subscriptions, organisations using Skype for Business Online standalone today will have the ability to also use Microsoft Teams with no additonal license.
Many organisation have been using Skype for Business Online Plan 2 (along with other standalone licenses such as Exchange Online) to licence their room systems (in order to add the Microsoft Phone System License) to which they can attach Conference and Calling Plans), rather than buying a the “more expensive” Office 365 E3 or E5 licence which includes features not needed by a room system.
Microsoft now have a specific Microsoft Meeting Room licence for room systems which is available for around £11.50 per room per month.
Yep – the Common Area Phone License will give you the Skype for Business/Teams capabilities and Phone System licenses, so this is for a basic phone like a Polycom VVX in a common area (like a conference room). This is available for around £6.00 per phone per month.
Worth nothing that with the Meeting Room license however you do you get more stuff: Teams, Skype for Business, Phone System, Audio Conferencing and Intune (so you can manage your rooms systems). You also get the ability to set-up a room mailbox without the need to buy an Exchange License where as you of course dont need this for just a common area phone.
Longer term, we expect Microsoft to completely retire Skype for Business Online as it becomes and is replaced by Microsoft Teams.
As I have the pleasure of working with more and more organisations on the adoption and deployment of Microsoft Teams (and in many cases the migration from Skype for Business to Teams), it’s easy to get carried away with all the new exciting things you can do. We often get asked by users (through the user adoption/training process), “How do I do all the normal things I used to do in Skype…but in Teams”. This post hopefully summarises the how!
To be honest I don’t use Skype for Business anymore (as my organisation has shifted to Teams), but the things I used to do daily (and still do in Teams) were chat (one2one and group chat), organising my contacts by grouping people, making and receiving calls (including PSTN), joining meetings/conferences, checking if someone is “online” and setting my “status”.
Chat is a high part of Microsoft Teams and there isn’t anything massivley different from a features perespective except that in Microsoft Teamsm the chat is “persistent” – which means it stays in Teams making messaging much more reliable and consistent between platforms and no more “this user is offline and can’t be delivered” rubbish.
Chat can be one to one or group chat. You can rename a chat, add or remove participants and even edit messages.
A common way of organising your contacts in Skype for Business is to simply group them.
In Teams, in order to find your contacts and groups, you open the chat tab in the left side navigation, Recent will usually open by default and is where you will find all your recent conversations.
To make it more like Skype for Business though, click on Contacts.
In Microsoft Teams you see you have a “favourites” group as you did in Skype for Business and by clicking “Create a new contact group” you can create all the groups you need.
Something missing in Microsoft Teams (at the moment) is the ability to drag-and-drop contacts between different groups which is a bit of pain. However one of the things I do really like about Microsoft is the fact that they care about their users and users can quickly suggest or vote of changes and improvements they want via their UserVoice forums for feedback.
Making a call in Microsoft Teams is essentially the same “workflow” as in Skype for Business. The easiest way is to open the chat/team you want to make the call from.
In a chat you click the phone or camera (dependent if you want to make the call an audio only or video call) located in the right corner. There you also have the option to share your screen.
Within a team, calling looks a little different (but should still be familiar). Here, you can open the channel (within the Team) you want to call from. Here you will see in the panel where you write messages and there is an icon in the shape of a video camera. Simply click this to “video call” the channel (yes you can turn off your camera if you like!)
Since the channel usually has more members then a chat you will get the option to give your call a name/subject and also to schedule a meeting instead. You also (if enabled by the admin) have the ability to record and transcribe the call too – which includes the audio, video, any notes taken, content shared etc. The main advantage of Skype for Business is still is recorded centrally (on Stream actually) rather than locally on the PC.
Within Teams you can see all you meetings in Microsoft Teams and it is relatively clear if the meeting is a Skype meeting, Teams meeting or just a “regular” face-to-face meeting – I know right!!
If it’s a Teams meeting, you’ll from the screenshot below, its easy to quickly chat to partcipants or simply join the meeting with a click. For phone die hard fans or those not on teams, there is a also an Audio Dial-in section below the meeting invite.
A point to note, while you can join a Skype for Business meeting from Microsoft Teams – it actually just launches legacy Skype for Business and runs the meeting from there….
Its’ a bit yukky i know!
When I was a Skype for Business user, I used the check people’s statuses loads and used to tag people for status changes (stalker mode as it was called). I must admit, whilst this functionality actually does exist in Teams, I dont tend to use it very much since with persistent chat, I am more confident in people getting my messages (and hopefully replying).
However, if you do like to know if and when people are free, you will see their “status” in front of their name. If you hover over their name, you can also see if they added any message and when they latest where online.
If a person is busy/offline you can follow a person’s status and get notified when they appear Available or Offline – easiest it to click … on the person you’re interested in and click Notify when availible.
Your status will follow the status from your calendar, but if you want to update your status manually you click your portrait /picture in the top right corner of the Teams Client
From here you can change your status (or reset it) and also set a status message if you want to like the What’s happening today? from Skype for Business.
You can also have the status message time-out/reset after a period of time (which is nice as Skype didn’t do this).
That’s it – all the key functions you use in Skype…but in Teams!
Of course there is loads more that Teams does outside of basic messaging and calling which is not covered here such as bots, content collaboration and tabs….
Anyway…..hope you found this useful.
Credit goes to @amandassterner for the idea on this.
At Microsoft Build this year, Microsoft annouced another bold move in embracing it s once enemy/competition Linux by announcing plans for a full Linux kernel to be rolled into Windows 10 later this year
Microsoft have been embracing Linux users for a several years now, with the Bash Shell incorporated into Windows 10 and the most recent public build, Linux instances were enabled to access Windows files directly.
“Beginning with Windows Insiders builds this Summer, we will include an in-house custom-built Linux kernel to underpin the newest version of the Windows Subsystem for Linux (WSL),” Microsoft announced at Build.
“This marks the first time that the Linux kernel will be included as a component in Windows. This is an exciting day for all of us on the Linux team at Microsoft and we are thrilled to be able to tell you a little bit about it.”
“The kernel itself will initially be based on version 4.19, the latest long-term stable release of Linux. The kernel will be rebased at the designation of new long-term stable releases to ensure that the WSL kernel always has the latest Linux goodness.”
Microsoft has confirmed that there are a few patches that have been added to the kernel which are designed to reduce memory footprint and speed up launch times. This is a good example of Microsoft contributing heavily to a very open-source product rather than just consuming and adopting technology from others.
Canonical was the first to announce that they will be supporting the new kernel for Ubuntu. Stephan Fabel, Director of Product at Canonical, annouced that “Extending enterprise support for Ubuntu from Azure to Windows workstations and servers created a seamless operating environment for Ubuntu in the Microsoft environment,”.
“Our Collaboration with Microsoft enables us to certify Ubuntu on WSL, including Docker containers, Kubernetes, and snaps”.
The Linux kernel is set to roll out with the 19H2 update to Windows-as-a-Service, due in the autumn 2019.