Office 365 / Azure – New CDN’s are going to be used for authentication

This is an important notification for customer managing access to internet (and cloud services) using Whitelist. New Content Delivery Networks (CDN’s) are going to be used for managing Office 365 (and potentially Azure services) authentication. If you are using whitelisting to allow Office 365/Azure services access to your end-user you have to be prepared ASAP. The new CDN’s will be: aadcdn.msauth.net aadcdn.msftauth.net ccscdn.msauth.net ccscdn.msftauth.net If you need the IP addresses…

Read More

Azure – Azure Policy now audits installed applications on VM’s

You may already know Azure Policy, introduced during Ignite 2018. If no, Azure Policy has the capability to apply audit settings on virtual machines (VM’s) running on Azure. The first policies can audit password security settings on both Windows and Linux VM’s or the encryption protocol used by IIS (aka TLS – in this case the VM is compliant if TLS 1.1 or 1.2 is enabled and other protocols disabled).…

Read More

Azure Information Policy – You can now set permissions using All Authenticated Users or All users within your organization

Azure Information Protection (AIP) has been updated to let you set AIP Protection to either All Authenticated Users or All Users within your Organization. These specific configuration can be helpful when you don’t really want to restrict access to specific and limited set of user but still want to restrict what can be done with the content (permissions and expiration), or when you do not want to restrict the access…

Read More

Azure – DevOps can now use ExpressRoute

You may be already aware that ExpressRoute implements a dedicated connection between your on-premises environment and Microsoft cloud services – Office 365 or Azure. While most of the Azure services (SQL instance,storage, VM…) were already able to be accessed using ExpressRoute, this was not the case for DevOps (https://dev.azure.com/ or https://{organization}.visualstudio.com). Well, this is not the case anymore; since Oct 23rd 2018, you can access your DevOps services through ExpressRoute.…

Read More

Azure – You can now enable Customer Lockbox for Azure VM (preview)

For those who already work with Office 365, you may be aware of the Customer Lockbox capability. In a nutshell, this feature (available with E5 or as add-on) allows Office 365 administrators to control how Microsoft engineers access your data – particularly during support. Now, you can take advantage of it also with Azure. To enable Customer Lockbox for Azure VM, you need to use Azure PowerShell (at least version…

Read More

Azure – You can enable analytics for Azure Information Protection

This is a new capability being added to Azure Information Protection (AIP), currently in preview. You can now enable analytics for AIP. To do logon to your Azure portal (https://portal.azure.com) and reach out the Azure Information Protection configuration blade From there you should see  Configure analytics (preview) under the Manage section From this configuration blade you can use an existing Log analytics workspace or create a new one; if you…

Read More

Azure AD – New capabilities for identity governance on Azure AD

You can now define policies to let your end-users requesting access to your corporate resources – from group membership to role permissions – either with automated or manual approval. At this stage, this is currently available only through private preview. You can register your interest here https://aka.ms/azureadidentitygovernancepreview

Read More

Windows / Azure – Reset password from all Windows

You may be already aware that you can provide the ability to your end-user to reset their password (Self Service Password Reset – SSRP) directly from the logon screen for Windows 10 Azure AD Joined device (see https://t.co/LW060QqgGV if you want to know more). Well, Microsoft has announced a major improvement for this feature as you can now use it for all Windows version (from Windows 7 to Windows 10…

Read More

Exchange Online – Implement ‘Limited Access’ Conditional Access

You may already know that you can implement a ‘limited access’ conditional access for SharePoint Online and OneDrive for Business, allowing end-users to access content on SharePoint Online but not authorizing to download anything while accessing using non compliant devices. Now, you can do the same for Exchange Online to allow your end-users accessing their mailbox using Outlook on the Web (aka Outlook Web Access) while the device they are…

Read More

Azure – New Azure PowerShell Module coming up

A new Azure PowerShell module is currently in preview and will become the default PowerShell module to manage Azure later, combining AzureRM and AzureRM.Netcore modules. New PpowerShell capabilities will be delivered only through Az starting December 2018. The new Az module is currently in preview and latest version is 0.2.2 AzureRM is still supported (for now). It is supported on PowerShell 5.1 with .Net Framework 4.7.2 or later [Windows only]…

Read More

Azure AD – New SSO setup experience

An updated and refreshed experience is now available when setting up Single Sign On (SSO) when publishing application on Azure Active Directory (AAD). After adding a new application in Azure AD you need to setup how the authentication is going to be proceed and most of the time you are going to setup SSO. The new SSO setup experience is more intuitive and will let you test the setup before…

Read More

Azure/Windows 10 – You can use your Authenticator App to sign in

Going the same way than Windows Hello for Business, you can now use your Microsoft Authenticator app to sign in to your corporate resources protected by Azure AD (Azure, Office 365, Azure published apps…) You need off course few prerequisites: Running Windows 10, registered to your Azure AD tenant Have setup an authentication policy on your Azure AD Have register your Microsoft Authenticator app Setup the authentication policy on Azure…

Read More

Azure – Azure AD authentication available in preview for Azure Files

You may already know Azure Files service allowing you to use Azure as files ‘server’ and off course Azure AD to manage authentication to your Microsoft cloud services (Azure and/or Office 365). Well, good news, you can use Azure AD to leverage authentication to access Azure Files; meaning you can set NTFS like permissions on Azure Files. Off course the existing storage account key process is still supported and available.…

Read More

Azure – Secure Score is now available for Azure

You may already know Secure Score for Office 365, helping you to understand your security settings on Office 365 and providing guidance to increase it. Now, you can have Secure Score for Azure Active Directory (AAD) too The functionality is currently in preview and can be accessed either through the dedicated preview portal (https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/IdentitySecureScore) or by accessing your Azure AD administration portal () or Azure portal (https://portal.azure.com/) and then reaching…

Read More

Azure – New Azure information Protection Client available

A new version (1.37.19.0) of the Azure Information Protection Client has been released. You can download it from https://www.microsoft.com/en-us/download/details.aspx?id=53018 This version includes few updates and changes: Support for the ISO standard for PDF encryption. You need to configure the below advanced configuration to enable it and then keep the PDF format for encrypted PDF files instead of using the PPDF Labels applying protection are now displayed on Office 2016 clients…

Read More