Azure – Azure Site Recovery automatic update is now available

Azure Site Recovery (ASR) is an Azure service allowing you to setup a disaster recovery infrastructure by replicating your virtual machines either from on-premises (VMWare/Hyper-V) or from Azure. When you implement ASR you have to deploy a component, known as mobility service, on each virtual machines being replicated. As each time ASR is updated (which is a monthly cadence) you also have to update your mobility agent, which then may…

Read More

Azure – You can explore your Azure Resources using Graph

Azure Resource Graph is a new capability (currently in preview) which is helping you exploring all your Azure resources. This is already in use by Azure itself when you use the ‘Search resources, services, and docs’ search box To start using Azure Resource Graph, search for Resource Graph from the ‘All services’ From there you can launch the Cloud Shell to your query You can also use Resource Graph directly…

Read More

Office 365 / Azure – New CDN’s are going to be used for authentication

This is an important notification for customer managing access to internet (and cloud services) using Whitelist. New Content Delivery Networks (CDN’s) are going to be used for managing Office 365 (and potentially Azure services) authentication. If you are using whitelisting to allow Office 365/Azure services access to your end-user you have to be prepared ASAP. The new CDN’s will be: aadcdn.msauth.net aadcdn.msftauth.net ccscdn.msauth.net ccscdn.msftauth.net If you need the IP addresses…

Read More

Azure – Azure Policy now audits installed applications on VM’s

You may already know Azure Policy, introduced during Ignite 2018. If no, Azure Policy has the capability to apply audit settings on virtual machines (VM’s) running on Azure. The first policies can audit password security settings on both Windows and Linux VM’s or the encryption protocol used by IIS (aka TLS – in this case the VM is compliant if TLS 1.1 or 1.2 is enabled and other protocols disabled).…

Read More

Azure Information Policy – You can now set permissions using All Authenticated Users or All users within your organization

Azure Information Protection (AIP) has been updated to let you set AIP Protection to either All Authenticated Users or All Users within your Organization. These specific configuration can be helpful when you don’t really want to restrict access to specific and limited set of user but still want to restrict what can be done with the content (permissions and expiration), or when you do not want to restrict the access…

Read More

Azure – DevOps can now use ExpressRoute

You may be already aware that ExpressRoute implements a dedicated connection between your on-premises environment and Microsoft cloud services – Office 365 or Azure. While most of the Azure services (SQL instance,storage, VM…) were already able to be accessed using ExpressRoute, this was not the case for DevOps (https://dev.azure.com/ or https://{organization}.visualstudio.com). Well, this is not the case anymore; since Oct 23rd 2018, you can access your DevOps services through ExpressRoute.…

Read More

Azure – You can now enable Customer Lockbox for Azure VM (preview)

For those who already work with Office 365, you may be aware of the Customer Lockbox capability. In a nutshell, this feature (available with E5 or as add-on) allows Office 365 administrators to control how Microsoft engineers access your data – particularly during support. Now, you can take advantage of it also with Azure. To enable Customer Lockbox for Azure VM, you need to use Azure PowerShell (at least version…

Read More

Azure – You can enable analytics for Azure Information Protection

This is a new capability being added to Azure Information Protection (AIP), currently in preview. You can now enable analytics for AIP. To do logon to your Azure portal (https://portal.azure.com) and reach out the Azure Information Protection configuration blade From there you should see  Configure analytics (preview) under the Manage section From this configuration blade you can use an existing Log analytics workspace or create a new one; if you…

Read More

Azure AD – New capabilities for identity governance on Azure AD

You can now define policies to let your end-users requesting access to your corporate resources – from group membership to role permissions – either with automated or manual approval. At this stage, this is currently available only through private preview. You can register your interest here https://aka.ms/azureadidentitygovernancepreview

Read More

Windows / Azure – Reset password from all Windows

You may be already aware that you can provide the ability to your end-user to reset their password (Self Service Password Reset – SSRP) directly from the logon screen for Windows 10 Azure AD Joined device (see https://t.co/LW060QqgGV if you want to know more). Well, Microsoft has announced a major improvement for this feature as you can now use it for all Windows version (from Windows 7 to Windows 10…

Read More

Exchange Online – Implement ‘Limited Access’ Conditional Access

You may already know that you can implement a ‘limited access’ conditional access for SharePoint Online and OneDrive for Business, allowing end-users to access content on SharePoint Online but not authorizing to download anything while accessing using non compliant devices. Now, you can do the same for Exchange Online to allow your end-users accessing their mailbox using Outlook on the Web (aka Outlook Web Access) while the device they are…

Read More

Azure – New Azure PowerShell Module coming up

A new Azure PowerShell module is currently in preview and will become the default PowerShell module to manage Azure later, combining AzureRM and AzureRM.Netcore modules. New PpowerShell capabilities will be delivered only through Az starting December 2018. The new Az module is currently in preview and latest version is 0.2.2 AzureRM is still supported (for now). It is supported on PowerShell 5.1 with .Net Framework 4.7.2 or later [Windows only]…

Read More

Azure AD – New SSO setup experience

An updated and refreshed experience is now available when setting up Single Sign On (SSO) when publishing application on Azure Active Directory (AAD). After adding a new application in Azure AD you need to setup how the authentication is going to be proceed and most of the time you are going to setup SSO. The new SSO setup experience is more intuitive and will let you test the setup before…

Read More

Azure/Windows 10 – You can use your Authenticator App to sign in

Going the same way than Windows Hello for Business, you can now use your Microsoft Authenticator app to sign in to your corporate resources protected by Azure AD (Azure, Office 365, Azure published apps…) You need off course few prerequisites: Running Windows 10, registered to your Azure AD tenant Have setup an authentication policy on your Azure AD Have register your Microsoft Authenticator app Setup the authentication policy on Azure…

Read More

Azure – Azure AD authentication available in preview for Azure Files

You may already know Azure Files service allowing you to use Azure as files ‘server’ and off course Azure AD to manage authentication to your Microsoft cloud services (Azure and/or Office 365). Well, good news, you can use Azure AD to leverage authentication to access Azure Files; meaning you can set NTFS like permissions on Azure Files. Off course the existing storage account key process is still supported and available.…

Read More