Infrastructure + Security: Noteworthy News (January, 2020)

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Hi there! You are reading the next issue of the Infrastructure + Security: Noteworthy News series!

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

 

Microsoft Azure

Azure is now certified for the ISO/IEC 27701 privacy standard

We are pleased to share that Azure is the first major US cloud provider to achieve certification as a data processor for the new international standard ISO/IEC 27701 Privacy Information Management System (PIMS). The PIMS certification demonstrates that Azure provides a comprehensive set of management and operational controls that can help your organization demonstrate compliance with privacy laws and regulations. Microsoft’s successful audit can also help enable Azure customers to build upon our certification and seek their own certification to more easily comply with an ever-increasing number of global privacy requirements.

Azure Active Directory Customer and Partner Identity Management Whitepaper (PDF)

Simplify the way you manage your employee, customer, and partner identities with Microsoft Azure Active Directory (Azure AD), the world’s most trusted identity service. With a single identity solution, your organization is equipped to harness the power of your digital relationships.

Advancing Azure Active Directory availability

Our customers trust Azure AD to manage secure access to all their applications and services. For us, this means that every authentication request is a mission critical operation. Given the critical nature and the scale of the service, our identity team’s top priority is the reliability and security of the service. Azure AD is engineered for availability and security using a truly cloud-native, hyper-scale, multi-tenant architecture and our team has a continual program of raising the bar on reliability and security.

Azure AD B2C phone sign-in experience is now in public preview!

With this public preview, Azure AD B2C now supports phone sign-in and sign-up using a phone number and one-time password (OTP). This means that app developers can add a user flow to their app that allows users sign-up and sign-in by simply entering their phone number, which is verified by entering the OTP received via SMS. As with other B2C experiences, this user flow can be fully customized by the developer.

New Azure blueprint for CIS Benchmark

We’ve released our newest Azure blueprint that maps to another key industry-standard, the Center for Internet Security (CIS) Microsoft Azure Foundations Benchmark. This follows the recent announcement of our Azure blueprint for FedRAMP moderate and adds to the growing list of Azure blueprints for regulatory compliance, which now includes ISO 27001, NIST SP 800-53, PCI-DSS, UK OFFICIAL, UK NHS, and IRS 1075. Azure Blueprints is a free service that enables cloud architects and central information technology groups to define a set of Azure resources that implements and adheres to an organization's standards, patterns, and requirements. Azure Blueprints makes it possible for development teams to rapidly build and stand up new trusted environments within organizational compliance requirements. Customers can apply the new CIS Microsoft Azure Foundations Benchmark blueprint to new subscriptions as well as existing environments.

Windows Client

New year, new browser – The new Microsoft Edge is out of preview and now available for download

We are pleased to announce the new Microsoft Edge is now available to download on all supported versions of Windows and macOS in more than 90 languages. Microsoft Edge is also available on iOS and Android, providing a true cross-platform experience. The new Microsoft Edge provides world class performance with more privacy, more productivity and more value while you browse. Our new browser also comes with our Privacy Promise and we can’t wait for you to try new features like tracking prevention, which is on by default, and provides three levels of control while you browse.

Security baseline (FINAL) for Chromium-based Microsoft Edge, version 79

Microsoft is pleased to announce the enterprise-ready release of the recommended security configuration baseline settings for the next version of Microsoft Edge based on Chromium, version 79. The settings recommended in this baseline are identical to the ones we recommended in the version 79 draft, minus one setting that we have removed and that we discuss below. We continue to welcome feedback through the Baselines Discussion site.

Accelerate your RDS and VDI migration to Windows Virtual Desktop

At Microsoft Ignite in November, we announced new features as well as new Azure capabilities that enable you to migrate existing virtual desktop workloads to Microsoft Azure — as part of Windows Virtual Desktop. Whether you are working with a greenfield scenario (i.e. building a new environment from the ground up) or a brownfield scenario (i.e. transforming existing RDS resources and Windows 10 single-session virtual machines), I hope you find that the information and links in this post help you kickstart (or progress) your Windows Virtual Desktop implementation.

8 new ways to empower Firstline Workers and transform the way they work with Microsoft 365

With Microsoft 365, the world’s productivity cloud, we’re in a unique position to help companies of all sizes and across all industries provide their employees the tools and expertise they need to do their best work, without sacrificing the security of their organization or customers’ data. Giving Firstline Workers the tools they need requires companies to address unique user experience, security and compliance, and IT management.

Security

Zero Hype

Zero Trust, conceptually, asserts that traditional security models based on “the walled garden” are outdated, and that security models should assume that all requests should be treated as though they originate from an uncontrolled (external or compromised) network. Whether you think of this as “assuming breach” and operating as though the enemy is inside your perimeter or you think of this as operating in a perimeter-less environment, it’s all about operating as though you are in a pervasive threat environment. This is a simple concept, we don’t need to complicate it or dress it up because it has powerful implications. Let’s dig in a bit.

Turn on Microsoft Threat Protection

Microsoft Threat Protection unifies your incident response process by integrating key capabilities across Microsoft Defender Advanced Threat Protection (ATP), Office 365 ATP, Microsoft Cloud App Security, and Azure ATP. This unified experience adds powerful features you can access in the Microsoft 365 security center.

How to implement Multi-Factor Authentication (MFA)

Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn’t persuaded you to switch to Multi-Factor Authentication (MFA) already, maybe the usual January rush of ‘back to work’ password reset requests is making you reconsider. When such an effective option for protecting accounts is available, why wouldn’t you deploy it straight away?

Cultivating a collective defense against cyberthreats (Video)

John Lambert, Distinguished Engineer and General Manager of the Microsoft Threat Intelligence Center (MSTIC), explains how, while all organizations work to manage their security risks in cyberspace, these risks become threats when combined with malicious intent. The goal of threat intelligence is to give organizations context and awareness about the online threats they face and to help them prioritize their responses.

Security Baseline recommendations now available in Office Cloud Policy Service

We are pleased to announce a new feature in the Office Cloud Policy Service that will allow you to easily find and configure policies that are recommended by Microsoft as security baseline policies.

Protecting your information and staying compliant with Microsoft Teams

Adopting Microsoft Teams in your organization brings the benefits of chat-based collaboration and an integrated hub for your calls, meetings, apps, and content. This is why there are more than 20 million daily active users of Teams. But it isn’t all about productivity, we want Teams to contribute to your security and compliance requirements and you probably have a lot of questions on how this happens. You may be used to protecting email and files in Microsoft 365 and on your mobile devices, but how should you approach security and compliance as you add Teams to the mix? Did you know, for example, that Teams keeps persistent records of chat conversations by default?

Threat hunting in Azure Advanced Threat Protection (ATP)

As members of Microsoft’s Detection and Response Team (DART), we’ve seen a significant increase in adversaries “living off the land” and using compromised account credentials for malicious purposes. From an investigation standpoint, tracking adversaries using this method is quite difficult as you need to sift through the data to determine whether the activities are being performed by the legitimate user or a bad actor. Credentials can be harvested in numerous ways, including phishing campaigns, Mimikatz, and key loggers.

Updates and Support Lifecycle

End of support: transforming your Windows Server 2008 and 2008 R2 workloads

On January 14, 2020, Windows Server 2008 and 2008 R2 went end of support. This means that security updates will not be available to workloads available for this version of Windows Server and customers can be vulnerable to security and compliance issues. If you’re still running Windows Server 2008 or 2008 R2, there are a few options for you to secure your workloads. They include migrating to Azure and taking advantage of three years of extended security updates, upgrading to a later version of Windows Server, or you can remain on-premises and connect to Azure through Windows Admin Center. You can also bring Windows Server licenses to Azure with Azure Hybrid Benefit. Read the recent blog, “Turn to a new chapter of Windows Server innovation” to learn more about these options.

Enforcement of TLS 1.2 for connections to Microsoft Defender ATP

To maintain the highest security standards and provide the best-in-class encryption to our customers, Microsoft Defender ATP is deprecating the use of TLS 1.0 and 1.1. Customers and partners will be required to use TLS 1.2 and above for all communications with their API integrations.

Microsoft Extending End of Support for Exchange Server 2010 to October 13th, 2020

After investigating and analyzing the deployment state of an extensive number of Exchange customers we have decided to move the end of Extended Support for Exchange Server 2010 from January 14th 2020 to October 13th 2020. Our commitment to meeting the evolving needs of our customers is as strong as ever, and we recognize discontinuing support for a product that has been as popular and reliable as Exchange Server 2010 can be an adjustment. We also know that some of you are in the midst of upgrades to a newer version of Exchange Server on-premises, or more transformative migrations to the cloud with Office 365 and Exchange Online. With this in mind, we are extending end of support to October 13th 2020 to give Exchange Server 2010 customers more time to complete their migrations. This extension also aligns with the end of support for Office 2010 and SharePoint Server 2010.

Products reaching End of Support for 2020

Microsoft Premier Support News

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.