Intune – Third party certification authorities is now supported for SCEP

One of the important security management responsibilities of Microsoft Intune is the ability to issue certificates to devices using the Simple Certificate Enrollment Protocol (SCEP). Starting today, Intune now supports third party certification authorities for SCEP – starting with Entrust as first CA. Support of Active Directory Certificate Services is still supported of course Below an high level diagram explaining how SCEP works with Intune (courtesy Microsoft) To setup the…

Read More

Office 365 – New anti-phishing capabilities added to Advanced Threat Protection

A new default policy is being deployed for Office 365 ATP (Advanced Threat Protection) to protect you against phishing. The new policy is/will be available through the Security and Compliance administration portal (https://protection.office.com/) From there, reach out the Threat Management\Policy section and then click on ATP anti-phishing option Then the Default policy is not displayed in the list of policy; it is displayed using the button Default policy By clicking…

Read More

Azure – An updated interface for Azure AD Roles management

The Azure Active Directory Roles configuration blade has been updated to provide more details and management option for Azure AD Roles. Connect to your Azure administration portal (https://portal.azure.com) or Azure AD administration portal (https://aad.portal.azure.com) and reach out your Azure Active Directory blade or Then reach out the Roles and administrators blade At first sight it does not seems to had some changes but it has been updated; first, if you…

Read More

Azure / Office 365 – You can now use your Microsoft Authenticator mobile app for SSPR (preview)

The Self Service Password Reset, available with Azure AD and Office 365, has been updated to let your end-user use the Microsoft Authenticator mobile app when using the Self Service Password Reset (SSPR). First you need to enable this new capability from your Azure AD portal (https://aad.portal.azure.com/) or Azure portal (https://portal.azure.com) and reach the Password reset configuration blade Then go to the Authentication methods blade and enable the Mobile app…

Read More

Sway – Sway is moving to a new URL

This is not a big change but could impact your end-users if you whitelist Office 365 endpoints at your proxy level. Sway is moving to a new URL: http://sway.office.com So if you have whitelisted Office 365 services endpoints, you will have to update it to replace sway.com to sway.office.com; let me also remind you, you should start using the Office 365 Endpoints web service to maintain the whitelisting (see https://t.co/B4A5CMAkRh)

Read More

Azure – New version of Azure AD Connect available for autoupgrade

If you have configured your Azure AD Connect (the directory synchronization tool for Azure AD and Office 365), a new version (1.1.880.0) has been made available. This version solves the issue with Azure AD Connect Health agent running 100% CPU – which was (incorrectly?) reported to be related to the Framework update. Also part of this update support for Windows Server 2019 Essentials and GA (general availability) of the integration…

Read More

Azure – Azure AD Conditional Access sign-ins reports in preview

You may already be aware of this security feature called Azure AD Conditional Access helping you protecting and securing access to your resources published through Azure AD. A new capability to this feature has been added (in preview) to provide a better reporting and troubleshooting capabilities: Azure AD Conditional Access Sign-Ins Report To start using it, logon to your Azure AD administration portal – either from the Azure portal (https://portal.azure.com)…

Read More

Office Server – The previews for Exchange and Skype for Business 2019 is now available

This is it, it has just been announced: the preview of the next major version of Exchange and Skype for Business is now available (SharePoint will come later). You can get the bits here: Exchange 2019: https://www.microsoft.com/en-us/download/details.aspx?id=57167 Skype for Business 2019: http://download.microsoft.com/download/2/0/9/209372AB-F64F-4F04-8BDA-FBAB1C685BA3/W17_2044.76_Eval.iso As part the new features/capabilities: Exchange 2019 Exchange 2019 can be deployed on Windows Server Core (2016 or 2019), off course deploying on Windows Server with Desktop Experience…

Read More

Office 365 – Reminder to move to TLS 1.2

UPDATE Oct 26th, 2018 – Microsoft is delaying the enforcement http://bit.ly/2D5uv3p A quick reminder as the date is fast approaching: you must have moved to TLS 1.2 before October 31, 2018 It has been announced about a year ago (October 2017), all client-server and browser based communication with Office 365 services will use TLS 1.2 After October 31, 2018, if you are still using older TLS version (1.0 or 1.1),…

Read More

Azure AD / Office 365 – Integration with LinkedIn is finally here

It has been announced some time ago already, but now the integration is finally here. You can now enable the LinkedIn integration with your Office 365 (Azure AD) tenant. NOTE the integration is turned off by default. To enable the feature, you need to logon to your Azure portal (https://portal.azure.com/) or your Azure AD administration portal (https://aad.portal.azure.com) Then go to your Azure AD configuration blade Access the User settings configuration…

Read More

Windows 10 – Error 0x80180014 when joining Windows 10 to Azure AD

I just got an interesting error when trying to join a Windows 10 1803 to Azure AD; I was continuously getting the error ‘0x80180014’ when trying to join the device to Azure AD. The interesting thing was this device has been already Azure AD Joined but has been reset, with all reference in Azure AD or Intune removed. Nonetheless, each time I tried to join again I was getting this…

Read More

Exchange Online – Mailbox Auditing will be enabled by default

A good news for compliance and security, Exchange Online Mailbox auditing will now be enabled by default. The schedule is all commercial tenant will be set by end of calendar year. All mailboxes already set for auditing will continue to be enabled, while all others will then be audited. A new parameter for the Set-OrganizationConfig cmdlet will also be introduce for Exchange administrator to override (not recommended) this new configuration.…

Read More

Azure – New data migration option to Azure: Azure Data Box

As for Exchange Online migration, you now have the option to ship encrypted hard-drives to Microsoft datacentres when you migrate big amount of data to Azure workloads. This is a similar option than the one we already have to migrate Exchange mailboxes to Exchange Online. The option, called Azure Data Box, has been introduced late last year already but now it has been improved to provide more flexibility in term…

Read More

Azure – New networking feature in preview: Azure Virtual WAN

A new Azure networking feature is now available in preview (you need to register first, see below): Azure Virtual WAN. Azure Virtual WAN allows you to optimize and automate branch-to-branch connectivity with Azure. Virtual WAN offers the following advantages: Virtual WAN and virtual hubs: You can create a virtual WAN and then deploy virtual hubs in any Azure public region. This allows your hubs to be close to your branch…

Read More