Category: #sharingiscaring

#sharingiscaring

March ’23 Week 3

Endpoint

Demo of WinGet 1.4 support for Zip installers and the WinGet PowerShell module https://www.youtube.com/watch?v=s_txdH3db80
Microsoft Store apps can now be deployed through the Enrollment Status Page https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#week-of-march-6-2023
Windows 365 provisioning policy supports multiple Azure Network Connections as alternates https://learn.microsoft.com/en-us/windows-365/enterprise/azure-network-connections#alternate-ancs
Currently (Currently??!) devices on the Windows Server platform don’t support mobile device management (MDM) and can’t enroll in Intune. As part of Intune’s May (2305) service-side release, you can expect Windows Server devices that currently display as “Windows” to update to “Windows Server” as the OS platform. Support tip: Windows Server devices will now be identified as a new OS platform in Microsoft Intune – Microsoft Community Hub
This script will install the necessary modules and prompt you if you want to set the group tag on one or multiple Autopilot devices. You can also use it to remove the group tag on one or multiple devices. https://www.niallbrady.com/2023/03/22/automating-group-tags-for-windows-autopilot-registered-devices/
Microsoft announced on February 9th that they are adding a new controls to Windows 11 22H2 (and beyond) that allow organizations to temporarily turn off new features that are periodically released on top of Windows 11 through Windows updates. https://oofhours.com/2023/03/02/want-to-block-windows-11-moments-that-add-new-features/
This blog post provides an overview of the Windows monthly update process. It explains the different types of updates that are released each month, including security updates, quality updates, and optional updates. The post also covers the different channels that updates are released through, and provides guidance on how to manage updates in an enterprise environment. https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-monthly-updates-explained/ba-p/3773544#
The post explains how UUP works, and the benefits it provides over the previous update delivery technology, different scenarios where UUP is used, and provides guidance on how to prepare for UUP in an enterprise environment. What’s UUP? New update style coming next week! – Microsoft Community Hub
Microsoft has enabled functionality that protects path, process, and extension exclusions deployed through Intune. When tamper protection is combined with the DisableLocalAdminMerge setting exclusions and DisableLocalAdminMerge will be protected by tamper protection. This means that any exclusions configured by other processes will be explicitly ignored and only intended exclusions are applicable on the device. https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/introducing-tamper-protection-for-exclusions/ba-p/3713761

Identity

Coleman conceptualized a consolidated, more unified SSO in which Shibboleth would forward credential validation to Azure AD. “We benefit from Conditional Access policies, device health, and posture with Azure AD, so we can use metrics collected in the cloud to make decisions at the time of authentication” https://customers.microsoft.com/en-us/story/1612190252283983346-university-of-illinois-urbana-champaign-higher-education-azure-active-directory
The Azure AD recommendations feature is the Azure AD specific implementation of Azure Advisor, which uses data to support you with the roll-out and management of Microsoft’s best practices for Azure AD tenants to keep your tenant in a secure and healthy state. The Azure AD recommendations feature provides a holistic view into your tenant’s security, health, and usage. https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/overview-recommendations

Cloud

KQL cheat sheet, documentation, Pluralsight course https://techcommunity.microsoft.com/t5/azure-data-explorer-blog/azure-data-explorer-kql-cheat-sheets/ba-p/1057404
Azure Firewall basic for SMBs Protect against cyberattacks with the new Azure Firewall Basic | Azure Blog and Updates | Microsoft Azure

Teams

Green screen improves the sharpness and definition of the virtual background effect around your face, head, ears, and hair. It also allows you to show a prop or other object in your hand to be more visible to other participants in a call. https://m365admin.handsontek.net/microsoft-teams-green-screen-feature-in-teams-meetings/

Tags #sharingiscaring

#sharingiscaring

March ’23 Week 1

Cloud

DataON Azure Stack HCI for SLGE. Power, versatility, reliability, trust. Run Kubernetes or VDI, migrate from VMware, deploy Azure Edition Windows Server https://youtu.be/LG-GlpLVPeE
Azure VMware Solution preview available in Azure Government https://azure.microsoft.com/en-us/blog/azure-vmware-solution-in-microsoft-azure-government-streamlines-migration-efforts/
Routers in the cloud? “So in essence, a subnet in Azure is not a L2 broadcast domain, but just a logical group of NICs that share the same routing policy.” https://blog.cloudtrooper.net/2023/01/21/azure-networking-is-not-like-your-on-onprem-network/

Security

The LastPass compromise is all about the difficulty of protecting apps and data on BYOD without Zero Trust https://www.helpnetsecurity.com/2023/02/28/lastpass-breach-corporate-vault/
Noise is the enemy of speed in a SIEM https://securityinsights.substack.com/p/what-should-i-log-in-my-siem?sd=pf
Protect users, reduce your attack surface, lower your insurance bill Improving Cyber Insurance Coverage with Microsoft Security | CSO Online
Get Security Done Original GSD project in one Page – Get Security Done (dcaddick.github.io)
MDE MVP series. Intro, configure, onboard, protect. MDE Series blogs – Jeffrey Appel – Microsoft Security blog
Defender what’s new for March 2023 https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/monthly-news-march-2023/ba-p/3758308
Microsoft Defender Vulnerability management. P2 add-on, Defender for Cloud, or standalone add-on Microsoft Defender Vulnerability Management premium capabilities
Sync M365 Defender to Sentinel https://learn.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-defender-integration-with-azure-sentinel?view=o365-worldwide
Workflow for mitigating app vulnerabilities with Intune and Defender Remediate vulnerabilities | Microsoft Learn

Endpoint

Intune Suite overview on Microsoft Mechanics https://youtu.be/nEa5AFBCRbI
Intune suite launch announcement blogs http://aka.ms/IntuneSuiteLaunch
Intune Endpoint Privilege Management to grant users limited/scoped elevated actions in Windows Enable Windows standard users with Endpoint Privilege Management in Microsoft Intune – Microsoft Community Hub
Intune pricing Microsoft Intune Plans and Pricing
- Microsoft Intune Plan 2 and Microsoft Intune Suite are not yet available for GCC, GCC-High or DoD customers.
Nick Moseley’s Endpoint Insights for February 23 – even more and better links for sharing and caring https://www.linkedin.com/smart-links/AQGcsNU3lkxPGw/863e5949-6166-4f8f-ae45-8b6d05064710
Skilling Snack, Windows Autopilot https://techcommunity.microsoft.com/t5/windows-it-pro-blog/skilling-snack-windows-autopilot/ba-p/3756518

Identity

GCCH/Commercial collaboration, reduces need for ADFS Collaborate securely across organizational boundaries and Microsoft clouds – Microsoft Community Hub
Azure AD Connect is a tier 0 identity server and can be used to attack your AAD tenant https://cloudbrothers.info/en/prem-global-admin-password-reset/
PIM for AAD security groups, how and where it works https://learn.microsoft.com/en-us/azure/active-directory/privileged-identity-management/concept-pim-for-groups?WT.mc_id=AZ-MVP-5003945
Prepare for 2024 authentication changes in Azure AD, and please use Azure AD Premium for Conditional Access instead of security defaults or per-user MFA. https://msendpointmgr.com/2023/03/06/migrating-to-authentication-methods/

Teams

Talking To Myself, a Teams Voice blog for GCC customers https://talking-to-myself.blog/

Tags #sharingiscaring

#sharingiscaring Azure Microsoft 365

What’s cool and new in February ’23

Post author By johnengelking
Post date February 28, 2023
No Comments on What’s cool and new in February ’23

DSC for M365 settings, SaaS as code, perform policy audit and check for drift https://www.french365connection.co.uk/post/m365dsc-getting-started-part-1-desired-state-configuration
Enhance privacy and protect data from analog screenshots Announcing public preview for watermarking on Azure Virtual Desktop – Microsoft Community Hub
Zero trust resources for partners Stay secure with Microsoft
You can require users who are eligible for a role to satisfy Conditional Access policy requirements: use specific authentication method enforced through Authentication Strengths, elevate the role from Intune compliant device, comply with Terms of Use, and more. Configure Azure AD role settings in PIM – Azure Active Directory – Microsoft Entra | Microsoft Learn
AAD Device Registration Troubleshooter PowerShell script. https://www.linkedin.com/posts/markmorow_tuesdaytip-tuesdaytip-microsoftsecurity-activity-7033823566563348482-t7a6?utm_source=share&utm_medium=member_desktop
Use TeamLink to support hybrid workforces, built on Dataverse for Teams. https://youtu.be/zmp_F2e42-I, https://aka.ms/getteamlink
Bite sized learning for moving endpoints to the cloud, hybrid, cloud attach, cloud native Skilling snack: From on premises to the cloud – Microsoft Community Hub
Connect with engineering teams for Intune and Windows in one customer community Evolving the Windows and Endpoint Manager Customer Connection Programs – Microsoft Community Hub
Connect with engineering teams for security tools like Sentinel and Defender The New Microsoft Security Customer Connection Program (CCP) – Microsoft Community Hub
Portable app support and improved packaging intelligence What’s new in the MSIX Packaging Tool: February 2023 – Microsoft Community Hub
Microsoft Defender for Cloud apps as part of Microsoft 365 defender provides protection between SaaS cloud apps and can remediate risks https://www.microsoft.com/en-us/security/blog/2023/02/15/microsoft-shifts-to-a-comprehensive-saas-security-solution/
Microsoft Assessments help customers work through a scenario of questions and recommendations that result in a curated guidance report that is actionable and informative. Assessments (microsoft.com
Windows Drivers through Windows Update for Business deployment service and Graph, Commercial customers only. Commercial driver and firmware servicing is publicly available! – Microsoft Community Hub
Cross-tenant AAD sync, making life easier for multi-tenant orgs with various cloud apps. Seamless application access and lifecycle management for multi-tenant Azure AD organizations – Microsoft Community Hub
Enhancing AVD performance with turn RDP and shortpath https://techcommunity.microsoft.com/t5/azure-virtual-desktop/announcing-public-preview-symmetric-nat-support-for-rdp/m-p/3736640
Entra AAD user provisioning into non-AD applications Automate provisioning and governance of your on-premises applications – Microsoft Community Hub
Move to Azure AD from ADFS