Infrastructure + Security: Noteworthy News (October, 2020)

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

 

You are reading the October issue of the Infrastructure + Security: Noteworthy News series!   As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

 

Microsoft Azure

Azure TLS certificate changes

Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities (CAs). This change is being made because the current CA certificates do not comply with one of the CA/Browser Forum Baseline requirements.  View this article to see when this will happen per service.

Conditional Access APIs are generally available!

Azure AD Conditional Access can ensure that the right people have the access to resources they need from wherever they are. We’ve had a ton of requests for Conditional Access APIs to manage policy at scale. That’s why it is so cool that at Microsoft Ignite, we announced that Conditional Access APIs and named location APIs has reached general availability in Microsoft Graph!

Assign scoped roles to an administrative unit

In Azure Active Directory (Azure AD), for more granular administrative control, you can assign users to an Azure AD role with a scope that's limited to one or more administrative units.

Microsoft 365 All Tenants list is rolling out

We’re thrilled to announce that a new multi-tenant management experience called All tenants is now rolling out to Microsoft 365 customers. The All tenants list is specifically for admins that manage two or more Microsoft 365 tenants.

Disable and delete external identities with Azure AD Access Reviews (Preview)

In addition to the option of removing unwanted external identities from resources such as groups or applications, Azure AD Access Reviews can block external identities from signing-in to your tenant and delete the external identities from your tenant after 30 days.

Conditional Access Adoption

This blog forms part of a series showcasing the impact SMC has had in securing our customer’s cloud-based identities. 

Azure AD provisioning, now with attribute mapping, improved performance and more!

We’ve made several changes to identity provisioning in Azure AD over the past several months, based on your input and feedback.  The public preview of Azure AD Connect cloud provisioning has been updated to allow you to map attributes, including data transformation, when objects are synchronized from your on-premises AD to Azure AD.

Provisioning reports in the Azure Active Directory portal (preview)

Provisioning logs have now been added in preview to the Azure AD portal.  Check out this article to see how to access them.

Windows Server

Hybrid Agent and Root Certificate Changes

Microsoft is updating Azure services to use TLS certificates from a different set of Root Certificate Authorities (CAs).  This change will ONLY impact Azure AD hybrid agents installed on-premises that have hardened environments with a fixed list of root certificates and will need to be updated to trust the new certificate issuers.  This change will result in disruption of service if proper action is not taken.

Modern Authentication Support comes to Microsoft Remote Connectivity Analyzer

Since December last year, we've been making a lot of investment into the Microsoft Remote Connectivity Analyzer site.  We're thrilled to announce that our Office 365 tests now have modern authentication capabilities!

Understanding Azure Arc Enabled SQL Server | Data Exposed

In this episode of Data Exposed with Sasha Nosov, learn how Azure Arc allows you to leverage Azure Services for your existing database applications hosted on-premises or in other public clouds, without changing or even stopping them.

New application actions in MEM admin center with Configuration Manager Technical Preview 2010.2

This month we have a second technical preview.  We've made improvements to applications for tenant attached devices. Administrators can now several more actions for applications in the Microsoft Endpoint Manager admin center.

Windows Client

Microsoft Endpoint Manager – WIN 10 Auto Enrollment

In this tutorial John Barbare will walk you through the steps of enrolling a Windows Device in Microsoft Endpoint Manager (MEM) and the newly released Android enrollment policy.

SHA-2 signing enforcement on Windows 7 and Windows Server 2008 R2 is almost here!

The deadline, November 2, 2020, is fast approaching.  Customers running Microsoft Defender for Endpoint on Windows 7 or Windows Server 2008 R2 must take a couple of actions or their agents will stop sending data.

What’s New in Microsoft Teams | October 2020

This month we have a packed blog with a lot of new features that are now generally available to improve your experience with meetings and calling, chat and collaboration, as well as a number of new updates to Microsoft Teams devices.

Announcing Windows 10 Insider Preview Build 20251

Today we’re releasing Windows 10 Insider Preview Build 20251 (FE_RELEASE) to Windows Insiders in the Dev Channel.

Security

Advancing Password Spray Attack Detection

In this article you will read about an amazing addition to our family of credential compromise detection capabilities – this one uses our machine learning technology and global signal to create incredibly accurate detection of a nuanced attack called “password spray.” This is a great example of where worldwide, multi-tenant detection combines with rapidly evolving detection technology to keep you safe from this very common attack.

Continuous Access Evaluation in Azure AD is now in public preview!

CAE is available in public preview for Azure AD tenants who have configured Conditional Access policies. Microsoft services, like Exchange and SharePoint, can terminate active user sessions as soon as a Conditional Access policy violation is detected.

Secure Score Over Time Power BI Dashboard

As organizations start to use Azure Security Center Secure Score to measure their journey to a better cloud security posture, it becomes important to understand how this secure score is progressing over time. With our new Power BI dashboard, you will be able to track your secure score progress over time and your resources’ health.

Azure Defender for Key Vault

We are excited to share that Azure Defender for Key Vault has been generally available since Microsoft Ignite on September 22nd, 2020! We have prepared this blog to go over the several topics.  Be sure to check it out.

Office 365 ATP is now Microsoft Defender for Office 365

At Ignite, we announced Microsoft 365 Defender which brings the threat protection service portfolio across Microsoft 365 together under a unified brand.  This new unified branding is a testament to our continued endeavor to integrate the different threat protection focused services across Microsoft.  Office 365 Advanced Threat Protection is now Microsoft Defender for Office 365.  While the name has changed, what has not changed is Microsoft’s continued commitment to offer best-of-breed protection against attacks targeting Office 365.

Introducing a new threat and vulnerability management report

We are excited to announce a new built-in report for Microsoft Defender for Endpoint’s threat and vulnerability management capability, the vulnerable devices report!  The Vulnerable devices report provides extensive insights into your organization’s vulnerable devices with summaries of the current status and customizable trends over time.

Connect your Favorite Apps to Microsoft Cloud App Security

As our team assists customers in adopting Microsoft Cloud App Security, and continues to encourage customers to leverage the best of its capabilities, we often see that a number of our customers are not aware of how simple and beneficial it can be to connect their other apps (in addition to O365 and Azure) to Cloud App Security.  To help you in that journey, we’ve compiled a short series of videos to help you with key points of integration.

Updates and Support Lifecycle

Windows 10 Feature Update Downloaded status reverted to No

You may have noticed that after synchronizing updates released on patch Tuesday (October 13, 2020), Windows 10 Feature Updates for versions 1903 and 2004 that were previously downloaded, now show a status of Downloaded = No under the All Windows 10 Updates node. The content for these Windows 10 Feature Updates were revised to address a security issue. As a result of this content revision, any previously downloaded feature updates will need to be downloaded again.

Update: Retirement of Site Mailboxes in SharePoint Online

We will retire (and ultimately delete) all site mailboxes in SharePoint Online in April 2021. We’ll post another update as we get closer to April 2021.  See this article for a to backup existing data.

Products reaching End of Support for 2020

Microsoft Premier Support News

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.