Tech news for the week of December 2nd, 2024
Topics in this week’s Tech Newsletter
Enterprise Impacting
Training
Copilot and AI
Microsoft 365
Windows 365 and Azure Virtual Desktop
Microsoft Defender
Azure
Server
Identity Protection and Management
Information Protection and Management
Intune
Device Management
Scripting and Automation
Security Tools and Guides
Microsoft News
Security News
Enterprise Impacting
Announcing mandatory multifactor authentication for the Microsoft 365 admin center (1st party)
Enterprise Impacting: Microsoft is committed to continuously enhancing security for all our users and customer organizations. One of the pillars of the Microsoft Secure Future Initiative is to protect identities and secrets, and multifactor authentication (MFA) is a proven approach to substantially reduce the risk of unauthorized access to user accounts. Starting February 3rd, 2025, Microsoft will begin requiring MFA for all user accounts accessing the Microsoft 365 admin center. This requirement will be rolled out in phases at the tenant level. You will receive a message through the Microsoft 365 admin center Message center approximately 30 days before your tenant is eligible for enforcement.
Training
What’s next in Windows 365 Frontline (1st party) [FREE]
December 5: Get ready to supercharge your productivity and flexibility with Cloud PCs! In this exciting episode, we dive into the latest game-changing features of Windows 365 Frontline. Discover how Windows 365 is revolutionizing scenarios and features to bring unparalleled simplicity, security and cost-effectiveness to your organization. Don't miss out on the chance to learn how Microsoft is making Windows 365 more powerful than ever before! Catch up on demand and dive into Windows 365 capabilities with insights and demos from the Microsoft engineers bringing you Windows in the cloud! Learn how to easily deploy and manage Cloud PCs—and create a protected and productive experience for your end users! Join host Christiaan Brinkhoff as he also brings in members of the Windows 365 community to share best practices and adoption tips.
The Chief Information Security Officer (CISO) Workshop Training (1st party) [FREE]
The Chief Information Security Office (CISO) workshop helps accelerate security program modernization with reference strategies built using Zero Trust principles. The workshop covers all aspects of a comprehensive security program including strategic initiatives, roles and responsibilities, success metrics, maturity models, and more. Customers with Microsoft Unified can contact their Customer Success Account Manager (CSAM) to request a delivery of the CISO workshop (Envisioning session for End to End security).
Microsoft Copilot for Security Flight School (1st party) [FREE]
Microsoft Copilot for Security is the first generative AI Security product that empowers security and IT teams to protect at the speed and scale of AI. Learn what generative AI is and how to use Copilot to quickly analyze and mitigate threats using natural language. This series consists of 11 videos walking through how to best make use of Copilot for Security in your organization.
PSAppDeployToolkit V4 Launch Webinar (3rd party) [FREE]
December 4: Unveiling the Next Generation of Application Deployment Join us for an exclusive webinar as we launch the highly anticipated PSAppDeployToolkit V4! Discover how the newest version revolutionizes application deployment with cutting-edge features and enhanced capabilities with the Dans, Sean, Mo, Mitch, and the Master Packager team. Who should attend? IT professionals involved in application deployment and management, system administrators looking to streamline deployment processes, and anyone interested in leveraging PowerShell for advanced deployment tasks.
Copilot and AI
Empowering defense operations with Microsoft AI (1st party)
In today’s rapidly changing global defense and intelligence landscape, the need for real-time data processing, analysis, and decision-making has never been more critical. Cloud computing continues to emerge as a transformative technology, offering unparalleled innovation, scalability, agility, security, and accessibility for information-driven operations. The rapid advent of AI and language models is taking the contest for digital advantage to the next level. As the demand for rapid innovation and more aggressive digital strategies rises, defense organizations are encountering significant challenges, including constraints imposed by an austere and remote operating environment, increased cognitive load on individuals conducting operations due to exponential growth in the volume, veracity, and velocity of data, and survivability and the need for distributed nodal command and control. The dilemma posed here is whether technological advancements inadvertently compromise decision-making abilities due to the heightened cognitive burden on users.
Every day, NASA’s satellites orbit Earth, capturing a wealth of information that helps us understand our planet. From monitoring wildfires to tracking climate change, this vast trove of Earth Science data has the potential to drive scientific discoveries, inform policy decisions and support industries like agriculture, urban planning and disaster response. But navigating the over 100 petabytes of collected data can be challenging, which is why NASA has collaborated with Microsoft to explore the use of a custom copilot using Azure OpenAI Service to develop NASA’s Earth Copilot, which could transform how people interact with Earth’s data. Geospatial data is complex, and often requires some level of technical expertise to navigate it. As a result, this data tends to be accessible only to a limited number of researchers and scientists. As NASA collects more data from new satellites, these complexities only grow and may further limit the potential pool of people able to draw insights and develop applications that could benefit society. Recognizing this challenge, NASA embarked on a mission to make its data more accessible and user-friendly. Through NASA’s Office of the Chief Science Data Officer, the agency seeks to democratize data access, breaking down technical barriers to empower a diverse range of audiences, from scientists and educators to policymakers and the general public.
Grow Your Business with AI You Can Trust (1st party)
Discover how safe and secure AI business practices can enhance performance and effectively drive impact. Get the e-book, Grow Your Business with AI You Can Trust, to explore AI business principles that minimize risk while optimizing potential. Find resources and guidance to understand how responsible AI business practices can prepare your organization to innovate with AI, learn why consistent security hygiene practices and principles help protect data, people, and devices, and assess your opportunities and create a plan to build trust and excitement about AI.
AI innovations for a more secure future unveiled at Microsoft Ignite (1st party)
In today’s rapidly changing cyberthreat landscape, influenced by global events and AI advancements, security must be top of mind. Over the past three years, password cyberattacks have surged from 579 to more than 7,000 per second, nearly doubling in the last year alone. New cyberattack methods challenge our security posture, pushing us to reimagine how the global security community defends organizations. At Microsoft, we remain steadfast in our commitment to security, which continues to be our top priority. Through our Secure Future Initiative (SFI), we’ve dedicated the equivalent of 34,000 full-time engineers to the effort, making it the largest cybersecurity engineering project in history—driving continuous improvement in our cyber resilience. In our latest update, we share insights into the work we are doing in culture, governance, and cybernorms to promote transparency and better support our customers in this new era of security. For each engineering pillar, we provide details on steps taken to reduce risk and provide guidance so customers can do the same.
Reflecting on Copilot Wave 2, Exchange’s Final Countdown & Teams Updates (3rd party)
Microsoft Ignite is starting today, with lots of news to digest- so in our penultimate episode before Ignite, we reflect back on Copilot Wave 2, news about Exchange Server, and a roundup of some of the most interesting Microsoft Teams updates.
Microsoft 365
Unleashing the power of agents in Microsoft Planner (1st party)
In today's fast-paced world, AI has become an essential tool for enhancing productivity and efficiency. We are committed to empowering our users with innovative solutions that simplify their work processes, and we’re thrilled to introduce the latest updates to Microsoft Planner, designed to leverage the power of Copilot and agents to streamline project management and task organization. With the recent announcement of Project Manager agent, rolling out in public preview in the Planner app in Microsoft Teams, and the rollout of the new Planner for the web, we are bringing you a comprehensive suite of tools to help you and your team achieve more with less effort. We invite you to explore these exciting new features and discover how they can transform the way you work.
Viva Connections and SharePoint Framework community call 14th of November 2024 (1st party) [VIDEO]
Viva Connections & SharePoint Framework community call on November 14th 2024. Recap on news and updates from Microsoft and community projects, followed by demos by the community. The call included three great demos: Luise Freese on how to create a Web Part that populates Lists with SVGs, Ejaz Hussain with automated Employee Onboarding with SPFx & Microsoft Graph, and Martin Lingstuyl showing how to extend Microsoft 365 with custom retention controls.
New data sync solution is now supported in forms created from SharePoint, OneDrive and Teams (1st party)
We have been gradually updating the Forms data sync to Excel to a new solution since August, and we're excited to announce that it’s now fully available in group forms, no matter created through Forms, SharePoint or Teams, as well as for personal forms created through Forms and OneDrive. Let’s take a look at how it works!
Disabling Auto-Start for the New Microsoft Teams (3rd party)
Two years ago, I wrote an article on how to disable or enable the auto-start feature of the classic Microsoft Teams application on Windows devices using Group Policy (GPO). With the release of the new Microsoft Teams, many of my blog readers have asked how to disable the auto-start feature for this updated version. Since the methods used for the classic Teams no longer apply, this blog post explores various options for managing auto-start with the new Teams.
Effortlessly Create a SharePoint Dashboard (3rd party)
Last week, we had a customer ask about Power BI. We had a chat about what the Power BI need was, so that we would know how complex of a project it would be, and what it would entail. The main reason for Power BI, they said, was the need for dashboards for executives and managers to look at and discuss, in their leadership meetings. I asked about the data, and basically it comes from a few different databases and systems, and they currently consolidate it all in spreadsheets with charts. Many spreadsheets with many charts within each spreadsheet. They mentioned not having a need to connect to the databases directly with Power BI, but really just to have all of those charts in one simple dashboard, or dashboards per region, so that their meetings would be more efficient, and wouldn’t have to entail opening multiple spreadsheets each time. It only requires SharePoint and the file and media web part. This gave me an idea! From the requirements, instead of spending thousands of dollars potentially, and many consulting hours re-building the charts from the spreadsheets, in Power BI, we could simply display the existing charts as web parts, and use a SharePoint page as the “dashboard”!
Practical Teams: What’s New for Task Publishing (3rd party)
Task Publishing in Teams allows organizations to publish tasks to teams and track their completion status from the Planner app in Teams. Task Publishing uses a hierarchy model, enabling teams to publish and track tasks to teams below themselves in this hierarchy. This article explains some recent updates in Task Publishing. To learn more about how to set up, configure, publish, and track tasks, read Steve Goodman’s article: Plan and Deploy Task Publishing in Microsoft Teams.
Windows 365 and Azure Virtual Desktop
Azure Virtual Desktop now supports Azure Extended Zones (1st party)
Azure Virtual Desktop now supports the ability to deploy your session host virtual machines in Azure Extended Zones. This reflects our commitment to providing organizations with a broad selection of Azure locations to run their workloads. The first Azure Extended Zone is now available in Los Angeles, California. Azure Extended Zones are small-footprint extensions of Azure placed in metropolitan areas, industry centers, or a specific jurisdiction to serve low-latency and data-residency workloads.
Windows 365 Frontline shared mode now in public preview (1st party)
Windows 365 Frontline is expanding its capabilities with the public preview of “shared mode.” The new mode offers organizations even more options by providing Cloud PC access to multiple users with a non-personalized desktop experience, while simplifying the management experience for IT admins and improving end-user productivity. Since its launch in 2021, Windows 365 has changed the way organizations manage end-user computing and provided employees with a new way of working with the flexibility and security of Cloud PCs. In July 2023, Microsoft continued its Cloud PC innovation by releasing Windows 365 Frontline, expanding the power of Cloud PCs to more users by providing a flexible model, with one license providing Cloud PCs for up to three employees to use during their staggered working hours. This experience—called “dedicated mode”—has already helped enhance productivity for shift workers and part-time information workers across organizations of all sizes and industries.
Azure Virtual Desktop Metadata Database available in South Africa (1st party)
I am pleased to announce that the Azure Virtual Desktop metadata service is now generally available in South Africa North, extending the service’s regional database capability to meet your organization’s needs. We are constantly expanding our footprint of the Azure Virtual Desktop connectivity platform to ensure lower latency and an improved experience for organizations around the globe. We currently have a service presence in every Azure geography. We’ve also enabled the ability to specify the geography where we store service metadata, which is a benefit for organizations that require this for regulatory or compliance reasons as well as for improved latency. You can choose to locate your Azure Virtual Desktop host pool objects within South Africa and be assured data will remain within that geographical boundary.
Introducing Windows 365 Frontline in shared mode (3rd party)
Did you hear about the new shared mode for Windows 365 Frontline? It’s a great way to allow users to quickly sign in to a shared Frontline Cloud PC to perform their tasks. Let’s compare the Windows 365 offerings and find out how and where the new shared mode fits in. Windows 365 Frontline features most of the capabilities that Windows 365 Enterprise has but there are some key differences. With Frontline you can license based on concurrency instead of a per-user basis. If you have a high concurrency (where users use their Cloud PC each day), then you probably should use a Windows 365 Enterprise Cloud PC. If you have a low concurrency (where users work in shifts and/or not every day) then I would recommend to use a Frontline Cloud PC.
Microsoft Defender
Leave no data behind: Using summary rules to store data cost effectively in Microsoft Sentinel (1st party)
Security Operations teams all over the world use SIEMs and security tools such as Microsoft Sentinel and Microsoft Defender XDR to defend their IT and OT state against attackers. Larger organizations tend to amass huge amounts of data ranging from hundreds of gigabytes to terabytes of data. Not all this data has security value at first sight, but by considering common patterns and trends, this data can still allow defenders to detect incidents that might have otherwise gone undetected. Summary rules in combination with proper log tiering are the ideal solution for these kinds of situations. They allow us to look for anomalies and trends in large amounts of data and in addition they also work on all the tiers of data storage in the unified SOC platform. In this blog, we will walk you through the setup and a couple of use cases that you can use in your own environment as well. We’ll show you how to derive detection value from noisy or high-volume data by using auxiliary logs with summary rules. This approach helps you manage large datasets efficiently, extract valuable insights, and detect threats without overwhelming your system with noise.
Keep your online activity safer on public Wi-Fi with Microsoft Defender for individuals (1st party)
Public Wi-Fi is usually free, easy and convenient, but not necessarily always safe. As they say, there is no ‘free lunch’. Microsoft Defender for individuals aims to provide a safer online experience wherever you go and late last year, we introduced privacy protection (VPN), so you can browse without having to worry about your personal data being intercepted over an unsecure Wi-Fi connection. Check out the previous blog to learn more about the risks of unsecure WiFi and how a Defender VPN increases your online safety.
How Microsoft’s leading SIEM is getting even better (1st party)
As we approach Microsoft Ignite 2024, we want to share the significant advances made by the Microsoft Sentinel team, reflecting our commitment to listening and delivering industry-leading innovation for our customers. Microsoft Sentinel, our AI-powered Security Incident Event Management (SIEM) solution, continues to lead the way on security team priorities to streamline security operations, improve threat detection, and optimize costs. In this post, we’ll explore these key improvements and how they empower the SOC to achieve greater security outcomes against ever-evolving threats.
Prompting in Microsoft Security Copilot (1st party)
Watch the Security Copilot tour to get familiar with the standalone Security Copilot experience, if you haven't already. Once you're all set up in Security Copilot, you can start using prompts. Prompts are the primary input Security Copilot needs to generate answers that can help you in your security-related tasks. Promptbooks are a series of prompts that have been put together to accomplish specific security-related tasks. To help introduce the concept of prompting in Security Copilot, a set of prompts and promptbooks are immediately available on the home screen.
Microsoft Security enablement (1st party)
Secure your future with the AI-first end-to-end security platform. Get started with the resources, skilling, and community to help you adopt Microsoft Security. Protect your apps, data, endpoints, and identities using industry-leading threat intelligence and robust tools for multicloud and multiplatform environments. Make the most out of your Microsoft Security investment by reading the adoption guide on how to get started, operationalize, and empower your business users.
Practical Sentinel: Adding Automation for Networking Data (3rd party)
While Microsoft Sentinel is best known for its SIEM (Security information and event management) capabilities, it also boasts some SOAR (Security orchestration, automation and response) capabilities that will let you spend less time executing manual actions. In the previous articles, we focused on using Microsoft Sentinel’s SIEM capabilities to ingest networking data and create incident alerts. This final chapter will explain how to use Microsoft Sentinel’s SOAR capabilities to build automation on top of networking data. We will focus on three techniques to add automation on top of networking data: enrichments, automated actions, and threat intelligence integrations.
Azure
Ignite 2024: AKS enabled by Azure Arc - New Capabilities and Expanded Workload Support (1st party)
Microsoft Ignite 2024 has been a showcase of innovation across the Azure ecosystem, bringing forward major advancements in AI, cloud-native applications, and hybrid cloud solutions. This year’s event featured key updates, including enhancements to AKS enabled by Azure Arc, which introduced new capabilities and expanded workload support. These updates reinforce the value and versatility that AKS enabled by Azure Arc brings to organizations looking to scale and optimize their operations. With these advancements, AKS Arc continues to support seamless management, increased scalability, and enhanced workload performance across diverse infrastructures.
How the cloud and community strength fuel success in Spain (3rd party) [VIDEO]
Cloud Cultures explores what happens when technology and culture converge. Discover how rich history and tradition form the foundation for innovation and learn how business and IT leaders are using cloud technology to improve the world around them. These stories show firsthand how technology and tradition combine to form cloud cultures. In this episode, we travel to Spain to explore how a focus on community and a mindset of shared success can amplify individual goals.
Automatically populate a device group based on a user group using Azure automation (3rd party)
In this post I will share an Azure automation script (runbook) allowing you to automatically populate a device group based on a user group. You have a group of users for instance one for digital workplace, one for IT team... You want to deploy an application, script... only on devices for IT team. You need a group that will gather all devices for all users from a specific group. This is where my automation runbook makes the job.
Server
Windows Server 2025 Installcalypse?! (3rd party)
Please Note: It appears that Microsoft has pulled the Server 2025 Feature Update from the Windows Update channel. Consider this a temporary measure, a pause, to provide time for better communication from Microsoft and adjustments by third party vendors. There’s been a series of threads on social media with alarm-raising titles like ‘Windows Server 2022 Servers Unexpectedly Upgrading to Server 2025—Help!‘ For any system administrator, the sudden appearance of Windows Server 2025 on your 2022 servers is understandably concerning. But let me say up front: if you’re using Microsoft’s management tools to handle server updates, you’re in the clear and won’t be impacted by this unexpected upgrade.
In Place Upgrade of Windows Server 2012 R2 to Windows Server 2025 (3rd party) [VIDEO]
Windows Server 2025 supports in-place upgrade from Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, and Windows Server 2022. Join ITOpsTalk as they walk through the entire in-place upgrade process to help you understand how it works and what to look for during the work.
Identity Protection and Management
Microsoft Entra CBA enhancements (1st party)
Over the last year, we’ve seen many federal and regulated industry customers migrate from Active Directory Federation Services (AD FS) to Microsoft Entra ID seamlessly providing end users a familiar sign-in experience with Microsoft Entra certificate-based authentication (CBA). In fact, in the last 12 months, we’ve seen an over 1500% increase in phishing-resistant authentication for United States government customers. As we continue our investments in the Microsoft Entra CBA, today I am excited to share the public preview of our latest enhancements. Certificate Revocation List (CRL) validation fail safe: Admins can strengthen the security by failing CBA authentication if the issuing certificate authority (CA) has no Certificate Revocation List (CRL). Enhanced PKI based certificate authority (CA) store: This enhancement removes any current size limitation and supports issuer hints at each CA level. Let’s dig deeper!
Prerequisite work for implementing Zero Trust identity and device access policies (1st party)
This article describes the prerequisites admins must meet to use recommended Zero Trust identity and device access policies, and to use Conditional Access. It also discusses the recommended defaults for configuring client platforms for the best single sign-on (SSO) experience. Before using the Zero Trust identity and device access policies that are recommended, your organization needs to meet prerequisites. The requirements are different for the various identity and authentication models.
Accelerate your Zero Trust Journey: Unify Identity and Network Access (1st party) [VIDEO]
Discover how to accelerate your Zero Trust journey with a unified approach across identity and network. We will explore how Microsoft’s identity-centric Security Service Edge solution can help you secure access to all private, on-premises, internet, and SaaS applications and resources from anywhere. Join us to learn about Microsoft’s technology partnerships, where you can further enhance your organization’s security posture.
How to Configure Passkeys in Microsoft Entra ID (3rd party)
A passkey is a simple and secure way to sign in without having to enter a username or password. It also adds an extra layer of security to protect your account. In this article, you will learn how to configure passkeys in Microsoft Entra ID with Microsoft Authenticator. Microsoft Entra ID allows passkeys to be used for passwordless authentication. This passkey can be used instead of a password and allows you to sign in using your face, fingerprint, or PIN.
Why Privileged Identity Management Falls Short [5 Key PIM Mistakes] (3rd party) [VIDEO]
Are your Microsoft 365 Privileged Identity Management (PIM) settings leaving you exposed? Discover the 5 common mistakes that could put your organization at risk—and how to fix them. In this video, we dive into Microsoft Privileged Identity Management (PIM) to uncover critical misconfigurations that could compromise your security. As a Microsoft Security Partner of the Year, we’ve identified recurring issues, including the limitations of MFA settings you might not know, why Conditional Access with Authentication Context is essential, common misuses of approval processes for role activation, the risks of ignoring PIM for groups and how to avoid lockouts with break-glass accounts. Learn actionable tips to reinforce your identity security, prevent token theft, and implement well-architected Conditional Access policies.
Information Protection and Management
Exploring the New Kraph Features: Unlocking Powerful Patterns and Operations (1st party)
Kusto Graph Semantics have always been a powerful tool for representing and analyzing complex data structures. With the recent release, we are pleased to introduce a suite of enhancements designed to simplify and enrich your data analysis experience. In this blog post, we delve into the new features including the star pattern, default node id, graph-shortest-path, and graph-mark-components. The latest graph features offer robust tools for enhancing your data analysis capabilities. From the intuitive star pattern to the precise definition of default node ids, and from the efficiency of graph-shortest-path to the clarity of graph-mark-components, these enhancements empower you to delve deeper into your graphs and extract meaningful insights. Embrace these new features and unlock the full potential of your data with ease and precision. Stay tuned for more updates and tutorials on how to leverage these powerful graph features to their fullest extent.
Accelerate Microsoft 365 Copilot adoption with built-in content governance (1st party)
As AI reshapes the modern workplace, business leaders and decision-makers are eager to unlock the full potential of this new technology safely and effectively; however, years of accumulated content without adequate content governance controls can stall AI deployments and business transformation. Effective content governance has always been crucial for maintaining the integrity, security, and relevance of organizational content. AI’s power to make content more discoverable than ever before amplifies this need. Enhancing content governance practices in this new context requires implementing both strategies and tools that streamline the content management processes, ensure data is relevant and secure while improving overall content quality.
Rewrite with Copilot in SharePoint: Tailor Your Content with Ease (1st party)
As a SharePoint author, you know how essential it is to produce high-quality, engaging, and well-structured content. Whether you’re crafting updates, announcements, or informative articles, tailoring content to specific audiences, adjusting the tone, or refining length can be challenging. Our new Rewrite with Copilot in SharePoint feature is designed to streamline these tasks with a range of customization options. Rewrite with Copilot allows you to quickly adapt your content by automatically rewriting and adjusting tone and length. Let’s explore how this tool can help you create compelling and relevant content more easily.
Reimagine content management with agents in SharePoint (1st party)
Your organization's content is growing exponentially in the era of AI. How do you get the information you need, when you need it, to help you make decisions that drive your business forward? Join one of Microsoft’s most distinguished leaders — along with our expert product teams to find out. From agents, Copilot in SharePoint & OneDrive, automated tasks and more, you’ll learn how SharePoint leverages AI to unlock knowledge and put your content to work.
26 mistakes you may be making with your sensitivity labels (3rd party)
With Microsoft Purview’s "Secure by Default" initiative from the engineering team at Microsoft, creating and publishing sensitivity labels has become simpler and more efficient. Now, you can cover all prerequisites and set up the 12 recommended labels, publishing them to end users in just a few clicks. This streamlined process means that even organizations with minimal administrative effort can achieve robust data protection. However, if you'd like to take the recommended or manual route, that requires some extra settings and knowledge. It is for this very reason that I have written up my tips on how to properly deploy, customize and manage sensitivity labels based on the common mistakes I see people make in Microsoft Purview.
How SharePoint Online Intelligent Versioning Interacts with Retention Policies and Labels (3rd party)
Last month, I wrote about the introduction of Intelligent Versioning for SharePoint Online. I think this is a great feature because its automated management of versions created during editing sessions reduces the storage quota consumed to store file versions. The advent of AutoSave for Office increased the number of versions created for files, and keeping 500 or so versions for a file, when some versions only include minimal changes, is effective but expensive. Microsoft allows tenants a default storage quota for SharePoint Online that’s consumed by items stored in sites and Loop workspaces (containers). If a tenant exceeds their SharePoint storage quota, they must buy more from Microsoft or use Microsoft 365 Archive to move the storage consumed by inactive sites to cheaper “cold” storage. As I noted in the article, the big issue with the current implementation of intelligent versioning is that it doesn’t work with Purview Data Lifecycle management, aka Microsoft 365 retention policies. If SharePoint Online sites come within the scope of a retention policy or individual documents have retention labels, then the requirement to retain information about files trumps the desire of intelligent versioning to remove unwanted versions for those files.
Intune
Certificate Connector for Microsoft Intune (1st party)
For Microsoft Intune to support use of certificates for authentication and the signing and encryption of email using S/MIME, you can use the Certificate Connector for Microsoft Intune. The certificate connector is software you install on an on-premises server to help deliver and manage certificates for your Intune-managed devices. This article introduces the Certificate Connector for Microsoft Intune, its lifecycle, and how to keep it up to date.
Success with Intune Suite streamlines Krones AG global operations (1st party)
Krones AG faced significant challenges managing over 25,000 Windows and 11,000 iOS devices globally. Reliance on third-party vendors led to increased complexity, security risks, and operational inefficiencies, hindering its operations. Microsoft provided Krones a unified, cloud-native device management solution through Intune Suite and Windows Autopilot, which streamlined operations, improved security, and enhanced efficiency by centralizing operations and automating manual tasks. By implementing Intune Suite, Krones achieved significant cost savings, eliminated third-party tools, and reduced annual IT costs by a six-figure sum. Additionally, service technicians can now reset devices on site within hours, increasing productivity.
The Ultimate Guide to Troubleshoot Windows Autopilot Device Preparation (3rd party)
In this blog, I’ll walk you through some powerful troubleshooting techniques to help you tackle issues during Windows Autopilot Device Preparation (AP-DPP), whether it’s application installation failures or other bumps along the way. With the introduction of Windows Autopilot Device Preparation (AP-DPP), troubleshooting enrollment issues has become more critical, especially when problems like application installation failures arise. So, how do we determine what caused these issues?
The curious case of the missing OneDrive sync app health reports (3rd party)
This blog post covers the changes in OneDrive sync health reports configuration, and how to deploy this through Microsoft Intune. For those of you not already aware, there is a nice reporting feature hidden away within the Microsoft 365 Apps admin center which provides reports on the health of your client OneDrive sync agents. Using this report, you can also identify issues with processes such as known folder move, something that is vital to determine if your OneDrive migration is going as planned. I have been using this reporting feature with clients for quite some time now, and until very recently everything appeared to be working as normal, until it wasn’t.
Intune Company Portal Demystified Webinar (3rd party)
The goal of this session is to unravel the mysteries of the Company Portal from start to finish and help clarify how it functions, from installation to the logs under the hood.
Improving Onboarding Experience: Automatically Launch the Company Portal (3rd party)
What if I told you we could automatically launch the Company Portal after the first login? Imagine skipping the User Status Page entirely and letting the Company Portal guide users through the apps still being installed or even showing them if the device is compliant without the user lifting a finger. And here’s the funny part: this isn’t just for the Company Portal. You can do it for any app you need to take center stage. Ready to make it happen? Let’s dive in.
Device Management
Get started with Microsoft Edge configuration profiles (1st party)
The Microsoft Edge management service is a platform in the Microsoft 365 admin center that enables admins to easily configure Microsoft Edge browser settings for their organization. These configurations are stored in the cloud and the settings can be applied to a user's browser through group assignment or group policy. Users must be logged into Microsoft Edge to retrieve these settings. The Microsoft Edge management service uses the Cloud Policy service, which currently isn't available to customers who have the following plans: Office 365 operated by 21Vianet, Office 365 GCC, or Office 365 GCC High and DoD.
Hotpatch for client comes to Windows 11 Enterprise (1st party)
Today we announce the public preview of hotpatch updates for Windows 11 Enterprise, version 24H2. With hotpatch updates, you can quickly take measures to help protect your organization from the evolving landscape of cyberattacks, while minimizing user disruptions. Hotpatching represents a significant advancement in our journey to help make you and everyone who uses Windows more secure and productive. Hotpatch updates are scoped and provide a complete set of OS security patches. No additional features are included. They are unique in that they take effect immediately upon installation without requiring you to restart your device, helping to ensure focused, rapid protection.
How to detect the source of registry key modifications on windows devices (3rd party)
In this blog post, we'll explore how to detect the source of registry key modifications on a Windows device. In other words, we'll look into identifying who is adding, deleting, or changing registry keys, whether through Group Policy (GPO), Intune, SCCM, scripting, or other methods. While investigating an event related to exceeding the maximum failed sign-in attempts that caused a device to enter BitLocker recovery mode, I have come across an interesting finding. For a full list of BitLocker recovery scenarios, you can refer to the official Microsoft documentation.
Managing automatic switching in Microsoft Edge for Business (3rd party)
This week is all about Microsoft Edge for Business and the automatic switching feature. Microsoft Edge for Business is the dedicated Microsoft Edge experience that is created for work accounts. It provides IT administrators with the capabilities to provide users with a productive and secure browsing experience across managed and unmanaged devices. That includes the ability to manage the automatic switching behavior between work and personal profiles. Automatically switching between profiles can help users to keep their work and personal browsing separate. When the device has an existing work profile, it enables automatic switching when adding a personal profile, to enforce the browsing context separation. That behavior can also be managed. The automatic switching is not always desirable, or sometimes needs some tuning. This post will focus on the configuration options for automatic switching, followed with the configuration itself. This post will end with the user experience.
How to Manage Edge Browser Policies from the Microsoft Admin Center (3rd party) [VIDEO]
During Microsoft Ignite, I walked by the Edge for Business booth to grab an awesome sticker. I ended up learning about new ways to manage global settings and configurations for the browser from the Microsoft Admin Center. The Microsoft Edge management service is a platform in the Microsoft 365 admin center that enables admins to easily configure Microsoft Edge browser settings for their organization. These configurations are stored in the cloud and the settings can be applied to a user's browser through group assignment or group policy. Users must be logged into Microsoft Edge to retrieve these settings.
Scripting and Automation
Intune, PowerShell and Graph API: best practices (3rd party)
In this article, we will cover some best practices to know in order to start automating your actions with Intune, PowerShell and Graph API. Your browser, Chrome or Edge, allows you to understand what is happening during a web call on a site. This can be done through the developer mode. This mode can be opened by pressing F12 in your browser, which will open a configuration panel. It allows you, starting from an action performed in the portal, to see what is done in background using Graph API.
Handling Date Values When Moving from EWS to the Graph (3rd party)
Microsoft announced the Retirement of Exchange Web Services in Exchange Online a while ago. That means vendors and any scripts or applications you have written should be reviewed and rewritten to use Microsoft Graph. One of the little things that can bite you are dates and times. I was involved in a project where an existing application was rewritten to utilize Microsoft Graph instead of Exchange Web Services. One of the features was related to tasks. Microsoft Graph supports tasks with the To Do API. The problem the project team faced was that the time format used was never converted to the users’ respective time zones. As a result, all the date and time stamps, for example, dueDateTime, were wrong.
Security made easy! Pre-provision FIDO2 keys for your users with PowerShell! (3rd party)
Multi-factor authentication (MFA) in Entra ID is crucial for safeguarding sensitive information and maintaining robust identity security. Traditional MFA methods, such as SMS or one-time codes, can be vulnerable to phishing attacks where attackers trick users into revealing their authentication codes using fake websites. Phishing-resistant MFA, on the other hand, uses more secure methods that are harder for attackers to intercept or manipulate. Among these methods FIDO2 keys (AKA “Security keys“) are one of the best options for this purpose because they leverage public-key cryptography on a dedicated hardware chip. This gives us a strong, password-free, hardware-based layer of security for an account. These keys are resistant to phishing, replay attacks and other common attack-methods associated with passwords, combined with traditional MFA.
How to Work with JSON in PowerShell: A Practical Guide (3rd party)
As a Windows systems administrator, working with JSON (JavaScript Object Notation) data is increasingly becoming a crucial skill. Whether you’re parsing configuration files, interacting with REST APIs, or managing application data, knowing how to handle JSON efficiently in PowerShell can save you hours of work. In this hands-on tutorial, I’ll show you the practical side of working with JSON in PowerShell.
Security Tools and Guides
Active Directory Certificate Services (AD CS) - A Beautifully Vulnerable and Mis-configurable Mess (3rd party)
Active Directory Certificate Services (AD CS) is a collection of features in Microsoft Active Directory environments for creating, issuing, and managing Public Key Infrastructure (PKI) certificates. The Active Directory suite of software and protocols implement AD CS as a Windows Server role, usually allowing Administrators of the Domain to give out certificates for encrypting, signing, and potentially authentication to devices in the Active Directory environment. Just like other Active Directory technologies, AD CS can be easily misconfigured for full Domain privilege escalation from Domain User to Domain Administrator, and can also allow machine and Domain persistence, and finally credential theft. This documentation will cover some AD CS misconfigurations and how to exploit most of them. This tradecraft was originally discovered and publicized by some amazing people at SpecterOps in a whitepaper. This writeup is mainly to document my research into AD CS attacks and provide a source of knowledge for others to learn from.
ShadowHound: A SharpHound Alternative Using Native PowerShell (3rd party)
While SharpHound has been the cornerstone for collecting data for BloodHound, deploying it in a target environment poses detection risks (even after some obfuscation and customization). EDRs are getting increasingly better at detecting and flagging such binaries, whether they are reflectively loaded, etc. ShadowHound aims to avoid this issue by utilizing native PowerShell or legitimate tools (AD Module) to obtain the BloodHound Data. It should be noted that Domain Controllers can still flag unusual LDAP queries (with the help of Defender for Identity for example). However, by avoiding the introduction of known-malicious binaries, we can minimize our footprint on the target machine and avoid some of the common LDAP filters which trigger alerts (more on this later).
Windows Environment Variables for Ransomware Analysis (3rd party)
Windows environment variables are one such critical component that forensic analysts must be familiar with. These variables function like shortcuts to specific system locations, and they play a pivotal role in both legitimate and malicious activities. Environment variables in Windows are dynamic values that the operating system and applications use to determine various settings and locations on the computer. These variables are often used to point to directories, system paths, and configuration settings. They can be predefined by the operating system or created by users and administrators.
Microsoft Entra ID Attack & Defense Playbook with Sami Lamppu (3rd party) [VIDEO]
Sami Lamppu and Thomas Naunheim have a chat about their community project and how it started, research, and the writing process. Tune in if you like to learn more about the background of the Attack and Defense playbook for Microsoft Entra.
Microsoft News
Transforming the travel industry through innovation and collaboration: World Aviation Festival 2024 (1st party)
The 2024 World Aviation Festival in Amsterdam was an exhilarating event, reflecting the revitalization of the travel and aviation industry. With nearly 6,000 attendees from 105 countries including airlines, airports, and industry ecosystem partners, the festival served as a premier hub for discussing innovations, challenges, and future directions in aviation. As a supporter of the event, Microsoft met with industry leaders, customers, and partners to discuss the impact of growth, technological advancements, and a secure future for the industry.
Security News
CrowdStrike part 2 crashes Microsoft Office on Windows 11 24H2 (3rd party)
What just happened? Enterprise users at companies that employ CrowdStrike antivirus software and have received prompts to upgrade their operating systems to Windows 11 24H2 should probably wait. The security toolchain has encountered another faulty update that could make Microsoft Office apps unusable. Fortunately, the problem isn't as widespread as the incident from earlier this year. Microsoft is investigating an error that causes Microsoft Office applications like Word and Excel to crash after users upgrade to Windows 11 24H2. The problem only impacts companies and managed IT environments, so those using Windows 11 Home or Pro on personal devices need not worry.