Office 365 / Azure – New CDN’s are going to be used for authentication

This is an important notification for customer managing access to internet (and cloud services) using Whitelist. New Content Delivery Networks (CDN’s) are going to be used for managing Office 365 (and potentially Azure services) authentication. If you are using whitelisting to allow Office 365/Azure services access to your end-user you have to be prepared ASAP. The new CDN’s will be: aadcdn.msauth.net aadcdn.msftauth.net ccscdn.msauth.net ccscdn.msftauth.net If you need the IP addresses…

Read More

Azure – Azure Policy now audits installed applications on VM’s

You may already know Azure Policy, introduced during Ignite 2018. If no, Azure Policy has the capability to apply audit settings on virtual machines (VM’s) running on Azure. The first policies can audit password security settings on both Windows and Linux VM’s or the encryption protocol used by IIS (aka TLS – in this case the VM is compliant if TLS 1.1 or 1.2 is enabled and other protocols disabled).…

Read More

Intune – You can now get Windows 10 join an Active Directory Domain (preview)

It has been quite a limitation so far for Windows 10 managed with Intune; it was impossible to get them to join an Active Directory domain using Autopilot, making these devices Azure AD Hybrid joined devices. Now (currently in preview – so there could be some glitch and may change), you can assign an Intune profile to your Windows 10 devices to join your Active Directory domain. Off course, to…

Read More

Azure AD Connect – A new version of the directory synchronization tool is available

A new version (1.2.65.0) of Azure AD Connect has been released. You can get it from http://go.microsoft.com/fwlink/?LinkId=615771 You need to know that this version is going to overwrite your setting for autoupgrade if you have it set to not automatically update. Before Update After Update If you want to keep the autoupgrade disabled you will need to run the following command after the upgrade is completed Set-ADSyncAutoUpgrade -AutoUpgradeState Disabled As…

Read More

Azure Information Policy – You can now set permissions using All Authenticated Users or All users within your organization

Azure Information Protection (AIP) has been updated to let you set AIP Protection to either All Authenticated Users or All Users within your Organization. These specific configuration can be helpful when you don’t really want to restrict access to specific and limited set of user but still want to restrict what can be done with the content (permissions and expiration), or when you do not want to restrict the access…

Read More

Azure – DevOps can now use ExpressRoute

You may be already aware that ExpressRoute implements a dedicated connection between your on-premises environment and Microsoft cloud services – Office 365 or Azure. While most of the Azure services (SQL instance,storage, VM…) were already able to be accessed using ExpressRoute, this was not the case for DevOps (https://dev.azure.com/ or https://{organization}.visualstudio.com). Well, this is not the case anymore; since Oct 23rd 2018, you can access your DevOps services through ExpressRoute.…

Read More

Azure MFA – Support for hardware OAth token and multiple MFA devices coming on Azure MFA

You may be already aware of the Azure Multi Factor Authentication (MFA) solution which has been available for quite some time. Well, good news as Azure MFA is now going to support hardware tokens (OATH-TOTP SHA-1). As you may already know Azure MFA requires end-user to have a phone available (either mobile or desk phone) to be able to challenge the MFA request – either with a call (desk/mobile), text…

Read More

Azure – You can now enable Customer Lockbox for Azure VM (preview)

For those who already work with Office 365, you may be aware of the Customer Lockbox capability. In a nutshell, this feature (available with E5 or as add-on) allows Office 365 administrators to control how Microsoft engineers access your data – particularly during support. Now, you can take advantage of it also with Azure. To enable Customer Lockbox for Azure VM, you need to use Azure PowerShell (at least version…

Read More

Azure AD – You can now send your Azure AD logs to Log Analytics

You may already know that you can have Azure AD Diagnostic logs; but do you know you can now send these logs to Log Analytics for consolidation and better analysis? To do so, just logon to your Azure AD administration portal (https://aad.portal.azure.com) or Azure portal (https://portal.azure.com) and reach out the Azure AD configuration blade. From there, scroll down to reach the Monitoring section and click on the Diagnostic settings –…

Read More

Azure – You can enable analytics for Azure Information Protection

This is a new capability being added to Azure Information Protection (AIP), currently in preview. You can now enable analytics for AIP. To do logon to your Azure portal (https://portal.azure.com) and reach out the Azure Information Protection configuration blade From there you should see  Configure analytics (preview) under the Manage section From this configuration blade you can use an existing Log analytics workspace or create a new one; if you…

Read More

Azure AD – New capabilities for identity governance on Azure AD

You can now define policies to let your end-users requesting access to your corporate resources – from group membership to role permissions – either with automated or manual approval. At this stage, this is currently available only through private preview. You can register your interest here https://aka.ms/azureadidentitygovernancepreview

Read More

Intune – You can now assign Windows Autopilot profile to already registered clients

As you may already know Windows Autopilot simplifies Windows 10 device enrollment to Azure Active Directory (AAD) and providing seamless user experience. One of the problem with Windows Autopilot was if your already have Windows 10 devices registered to your Azure AD, you were not able to assign an Autopilot profile. With the latest update on Intune, you can now update your Autopilot policy to apply the policy also on…

Read More

Intune – Display an enrollment status page

With the latest Intune update, you can now display an enrollment status page after a Windows 10 device has been registered. The page will let your end-users know what is happening while their device is finalizing the registration process. To do so, you first need to enable the feature in Intune Connect to your Azure portal and reach out the Intune configuration blade Then reach out the Device Enrollment\Windows Enrollment…

Read More

Windows / Azure – Reset password from all Windows

You may be already aware that you can provide the ability to your end-user to reset their password (Self Service Password Reset – SSRP) directly from the logon screen for Windows 10 Azure AD Joined device (see https://t.co/LW060QqgGV if you want to know more). Well, Microsoft has announced a major improvement for this feature as you can now use it for all Windows version (from Windows 7 to Windows 10…

Read More

Exchange Online – Implement ‘Limited Access’ Conditional Access

You may already know that you can implement a ‘limited access’ conditional access for SharePoint Online and OneDrive for Business, allowing end-users to access content on SharePoint Online but not authorizing to download anything while accessing using non compliant devices. Now, you can do the same for Exchange Online to allow your end-users accessing their mailbox using Outlook on the Web (aka Outlook Web Access) while the device they are…

Read More