Kurt Shintaku's Blog

State and local government IT leaders and IT professionals are invited to join us for the Government Summit: Building Resilience for a Better Tomorrow on December 3, 2020, beginning at 10:00 AM PT.

At this virtual event, you’ll learn about how other state and local government organizations are using technology to address current and future challenges, and to respond, recover, and reimagine government services.

Special session: Vaccine Distribution

We have a special *unlisted* session many individual may be interested in:

• “Challenge of a Lifetime: Secure, Safe, and Equitable Vaccine Distribution” – Dr. David Rhew, Chief Medical Officer, Microsoft
  Dr. Rhew is a Professor at Stanford University School of Medicine specializing in Infectious Diseases and will be speaking to you about how new technology innovations today can help expedite & optimize the distribution of vaccinations in state & local municipalities.

Also on the agenda:

• “Enabling Remote Work across Agencies” – State of Georgia’s Office of the Treasurer
• “Fraud, Waste & Abuse Reduction” – State of Nevada, Finance
• “Sustainability through Technology” – Maryland’s County of Anne Arundel
• “Accessibility for All” – State of California’s Department of Rehabilitation
• …and more!

Register below:

• Date:
  Thursday, December 3, 2020 10:00 AM – 12:00 PM PT
• Registration:
  https://info.microsoft.com/US-DIGTRNS-WBNR-FY21-12Dec-03-VirtualGovernmentSummitBuildingResilienceforaBetterTomorrow-5588_01Registration-ForminBody.html

MileIQ Premium (aka “Unlimited”) is now available to customers licensed for Microsoft 365 E3, Microsoft 365 E5, Office 365 E3 and Office 365 E5.

…at no additional cost.

WHAT IS MILEIQ?
MileIQ is a Microsoft solution that enables automatic mobile mileage tracking for deductions and reimbursements, delivering stress-free logging and accurate reports in the palm of your hand.

Benefits of MileIQ include:

• Works in the background as you drive
  Once MileIQ is installed it works in the background – there are no buttons to press to start or stop. Your miles are automatically logged and recorded creating a complete record of all your tax deductible and reimbursable mileage.
• Intelligent and Customizable
  MileIQ saves time by automatically classifying frequent drives on your behalf. The Work Hours feature makes it simple to set the times you work, including multiple shifts, and will automatically classify drives outside of those hours as personal. You always have the option to re-classify a drive if necessary from the web dashboard.
• Detailed reports at your fingertips
  Need reports of your all of drives? MileIQ maintains an accurate record of your mileage. Use one tap on your mobile device to get a report of your current drive or a snapshot of many drives. If you need more detail, use your personalized web dashboard to view all your drives.
• Classify each drive with a swipe
  Classification allows you to categorize which drives are for business and which are personal. To classify a drive swipe to the left for personal or to the right for business drives.
• Mileage where you want it
  The MileIQ Dashboard is available on your laptop, desktop or tablet. Use advanced features like bulk classify and adding locations to create a tailor-made mileage experience.

Read more about this great new value for Office 365 E3/E5 customers here:

• PRODUCT PAGE: MileIQ mobile mileage tracker app with reporting – Microsoft 365
  https://www.microsoft.com/en-us/microsoft-365/business/mileage-tracking-software
• HOWTO: Activate premium MileIQ with your Office Plan
  https://support.mileiq.com/hc/en-us/articles/360001447406-How-to-Activate-premium-MileIQ-with-your-Office-Plan
• DOCS: MileIQ documentation
  https://docs.microsoft.com/en-us/office365/mileiq/

I’m often asked, “How can I provide someone with download access to a Microsoft Stream video?” 

(This comes up a lot with meeting recordings from Microsoft Teams, for instance.)

The only way to do that is to add someone as an owner of your Microsoft Stream video so another individual can get downloads of the recording from the Microsoft Stream service.

INSTRUCTIONS:

1. Go to the Stream that you created.  This is usually a microsoftstream.com/video/[bigguidgoeshere]
2. Click the ellipsis. This will reveal a menu.
3. Click “Update video details”. This will show the people with current access to the video.
4. Check the checkbox next to the name of the person you’re providing OWNER rights to (this indicates the person is an “owner”)
5. Press the APPLY button.

Once this is done, the user will be able to pull down the .MP4 recording. (One hour recordings are usually around 300MB)

———————

Note: For Microsoft Teams meetings, moving forward meeting recordings will be saved to either OneDrive for Business or SharePoint Online instead of Microsoft Stream, so this procedure should not be needed.

For those looking to script configurations in Microsoft Teams, the following links should be helpful.

• Microsoft Teams PowerShell Overview
  https://docs.microsoft.com/en-us/MicrosoftTeams/teams-powershell-overview
• Microsoft Teams 1.16: Microsoft Teams cmdlets module for Windows PowerShell and PowerShell Core
  https://www.powershellgallery.com/packages/MicrosoftTeams/1.1.6

Microsoft Teams Governance is documented in the articles below.

• Plan for governance in Teams
  Teams provides a rich set of tools to implement any governance capabilities your organization might require. This article guides IT pros to ask the right questions to determine their requirements for governance, and how to meet them.
  https://docs.microsoft.com/en-us/MicrosoftTeams/plan-teams-governance
• Governance quick start for Microsoft Teams
  The following activities will happen simultaneously, and they may involve all or part of your key team. As a best practice, defer large-scale governance and security conversations for after you have completed your initial experimentation with Teams. It is important to understand how governance decisions may impact the end-user experience and will simplify the decisions you will need to make at that later date.
  https://docs.microsoft.com/en-us/microsoftteams/teams-adoption-governance-quick-start
• Create and test an approval workflow with Power Automate
  A Microsoft Teams Governance practice is to enable Approval Workflow such that to create a new team, users need to make a request.
  https://techcommunity.microsoft.com/t5/microsoft-teams-blog/get-faster-results-with-approvals-in-microsoft-teams/ba-p/1680743
  https://docs.microsoft.com/en-us/power-automate/modern-approvals
  https://techcommunity.microsoft.com/t5/microsoft-teams-blog/automate-teams-provisioning-with-the-request-a-team-app-template/ba-p/1390964
• Private channels in Microsoft Teams
  Private channels in Microsoft Teams create focused spaces for collaboration within your teams. Only the users on the team who are owners or members of the private channel can access the channel. Anyone, including guests, can be added as a member of a private channel as long as they are already members of the team.
  https://docs.microsoft.com/en-us/microsoftteams/private-channels
• Manage tags in Microsoft Teams
  Tags in Microsoft Teams let users quickly and easily connect with a subset of people on a team. You can create and assign custom tags to categorize people based on attributes, such as role, project, skill, or location. Or, tags can be automatically assigned to people based on their schedule and shift information in the Shifts app (coming soon). After a tag is added to one or multiple team members, it can be used in @mentions by anyone on the team in a channel post or to start a conversation with only those people who are assigned that tag.
  https://docs.microsoft.com/en-us/microsoftteams/manage-tags
• Manage app setup policies in Microsoft Teams
  As an admin, you can use app setup policies to do the following tasks:
• Customize Teams to highlight the apps that are most important for your users. You choose the apps to pin and set the order that they appear. Pinning apps lets you showcase apps that users in your organization need, including apps built by third parties or by developers in your organization.
• Control whether users can pin apps to Teams.
• Install apps on behalf of users (in preview). You choose which apps are installed by default for users when they start Teams. Keep in mind that users can still install apps themselves if the app permission policy that’s assigned to them allows it
  https://docs.microsoft.com/en-us/microsoftteams/teams-app-setup-policies
  
• Turn on or turn off guest access to Microsoft Teams
  By default, guest access is turned off. You must turn on guest access for Teams before admins or team owners can add guests.
  After you turn on guest access, it may take a few hours for the changes to take effect. If a user sees the message "Contact your administrator" when they try to add a guest to their team, it’s likely that either guest access hasn’t been turned on or the settings aren’t effective yet.
  https://docs.microsoft.com/en-us/microsoftteams/set-up-guests
  
• Calling policies in Microsoft Teams
  In Microsoft Teams, calling policies control which calling and call forwarding features are available to users. Calling policies determine whether a user can make private calls, use call forwarding or simultaneous ringing to other users or external phone numbers, route calls to voicemail, send calls to call groups, use delegation for inbound and outbound calls, and so on.
  You can use the global (Org-wide default) policy that’s created automatically or create and assign custom policies.
  https://docs.microsoft.com/en-us/MicrosoftTeams/teams-calling-policy
  
• Manage meeting policies in Teams
  Meeting policies are used to control the features that are available to meeting participants for meetings that are scheduled by users in your organization. You can use the global (Org-wide default) policy that’s automatically created or create and assign custom policies. You manage meeting policies in the Microsoft Teams admin center or by using PowerShell.
  https://docs.microsoft.com/en-us/microsoftteams/meeting-policies-in-teams
• Manage Microsoft Teams settings for your organization
  You manage apps for your organization in Teams apps in the Microsoft Teams admin center. For example, you can set policies to control what apps are available org-wide or to specific Teams users and you can customize Teams by pinning the apps that are most important for your users.
  You can control organization-wide user settings in the Microsoft Teams admin center. To edit org-wide settings, go to the Microsoft Teams admin center, and then select Org-wide settings. You can configure the following settings.
  https://docs.microsoft.com/en-us/microsoftteams/enable-features-office-365
• Manage teams policies in Microsoft Teams
  As an admin, you can use teams policies in Microsoft Teams to control what users in your organization can do in teams and channels. For example, you can set whether users are allowed to create private channels.
  https://docs.microsoft.com/en-us/MicrosoftTeams/teams-policies
• Microsoft 365 group expiration policy (Requires “Azure Active Directory Premium P1” license)
  With the increase in usage of Microsoft 365 groups and Microsoft Teams, administrators and users need a way to clean up unused groups and teams. A Microsoft 365 groups expiration policy can help remove inactive groups from the system and make things cleaner.
  When a group expires, all of its associated services (the mailbox, Planner, SharePoint site, team, etc.) are also deleted.
  When a group expires it is "soft-deleted" which means it can still be recovered for up to 30 days.
  https://docs.microsoft.com/en-us/microsoft-365/solutions/microsoft-365-groups-expiration-policy
  
• Microsoft 365 groups naming policy (Requires “Azure Active Directory Premium P1” license)
  You can use a group naming policy to enforce a consistent naming strategy for groups created by users in your organization. A naming policy can help you and your users identify the function of the group, membership, geographic region, or who created the group. The naming policy can also help categorize groups in the address book. You can use the policy to block specific words from being used in group names and aliases.
  The naming policy is applied to groups that are created across all groups workloads (like Outlook, Microsoft Teams, SharePoint, Planner, Yammer, etc.). It gets applied to both the group name and group alias. It gets applied when a user creates a group and when group name or alias is edited for an existing group.
  https://docs.microsoft.com/en-us/microsoft-365/solutions/groups-naming-policy
• Dynamic membership rules for groups in Azure Active Directory (Requires “Azure Active Directory Premium P1” license)
  In Azure Active Directory (Azure AD), you can create complex attribute-based rules to enable dynamic memberships for groups. Dynamic group membership reduces the administrative overhead of adding and removing users. This article details the properties and syntax to create dynamic membership rules for users or devices. You can set up a rule for dynamic membership on security groups or Microsoft 365 groups.
  https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-dynamic-membership
• Overview of dynamic membership for teams
  Microsoft Teams supports teams associated with Microsoft 365 groups by using dynamic membership. Dynamic membership enables the membership of a team to be defined by one or more rules that check for certain user attributes in Azure Active Directory (Azure AD). Users are automatically added or removed to the correct teams as user attributes change or users join and leave the tenant.
  https://docs.microsoft.com/en-us/microsoftteams/dynamic-memberships

The Microsoft Cybersecurity Reference Architecture (https://aka.ms/MCRA) describes Microsoft’s cybersecurity capabilities and how they integrate with existing security architectures and capabilities.

We have seen this document used for several purposes by our customers and internal teams (beyond a geeky wall decoration to shock and impress your cubicle neighbors 🙂

• Starting template for a security architecture – The most common use case we see is that organizations use the document to help define a target state for cybersecurity capabilities. Organizations find this architecture useful because it covers capabilities across the modern enterprise estate that now spans on-premise, mobile devices, many clouds, and IoT / Operational Technology.
• Comparison reference for security capabilities – We know of several organizations that have marked up a printed copy with what capabilities they already own from various Microsoft license suites (many customers don’t know they own quite a bit of this technology), which ones they already have in place (from Microsoft or partner/3rd party), and which ones are new and could fill a need.
• Learn about Microsoft capabilities – In presentation mode, each capability has a "ScreenTip" with a short description of each capability + a link to documentation on that capability to learn more.
• Learn about Microsoft’s integration investments – The architecture includes visuals of key integration points with partner capabilities (e.g. SIEM/Log integration, Security Appliances in Azure, DLP integration, and more) and within our own product capabilities among (e.g. Advanced Threat Protection, Conditional Access, and more).
• Learn about Cybersecurity – We have also heard reports of folks new to cybersecurity using this as a learning tool as they prepare for their first career or a career change.

Get it here:

• DOWNLOAD: Microsoft Cybersecurity Reference Architecture
  http://aka.ms/mcra

Highly secure and forward-thinking, Azure powers government missions across a broad range of data classifications and tactical scenarios from intelligent cloud to intelligent edge.

Discover the wide range of new Azure services and capabilities to help government organizations meet their critical needs—both today and tomorrow.

• Date/Time:
  Wednesday, November 18, 2020 | 10:00AM – 1:30 PM PST
• Registration:
  https://info.microsoft.com/en-us-landing-WhatsNewinAzureGovernment-none.html

Did you know there’s a special trick that enables you to automatically register any SQL Server Virtual Machines running in your Azure subscription as SQL workloads in the Azure Portal?

• Register Your Azure SQL Virtual Machines with SQL Server IaaS Agent extension today
  “…simply tick a consent checkbox and allow Microsoft to automatically register all existing and future SQL Server Virtual Machines in your subscription”
  https://azure.microsoft.com/en-us/updates/register-your-azure-sql-virtual-machines-with-sql-server-iaas-agent-extension-today/

If you enable this switch in your Azure Portal, any new Azure VMs running SQL Server get automatically discovered & registered in Azure Portal Management as “SQL Resources” & are simultaneously prepped for “Automated Management”, without *any* disruption to the VM’s operation.

WHY DOES ONE CARE?
By doing this, you get the benefits of SQL IaaS “Lightweight Management” Mode for all SQL Server VMs – at no cost!:

1. Registers the VM as a SQL resource in Azure Portal – enabling views & dashboards that “catch” any and all SQL resources in a group or the subscription
2. Enables the Azure Administrator to “discover” SQL workloads that “pop up” in their subscription to ensure they are properly licensed or applying Azure Hybrid Benefit to reduce the VM operational cost
3. Enables changing the SQL Server license type/edition on the fly to ensure it matches one’s licensing
4. Installs the SQL IaaS extension binaries on the VM – but does NOT reboot the VM nor consume CPU cycles
5. Simplifies compliance by notifying Microsoft that Azure Hybrid Benefit is enabled, a requirement per Product Terms
6. Enables administrators to easily step up to SQL IaaS “Full Management” mode during a maintenance window
   (Full Management provides Automated Backup, Automated Patching, Azure Key Vault Integration, etc. – for FREE)

Details here:

• Automatic registration with SQL VM resource provider
  https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/sql-vm-resource-provider-automatic-registration?tabs=azure-cli
• What is the SQL Server IaaS Agent extension?
  https://docs.microsoft.com/en-us/azure/azure-sql/virtual-machines/windows/sql-server-iaas-agent-extension-automate-management?tabs=azure-cli

Customers leveraging Microsoft 365 E3 & E5 are well-positioned in the Gartner Magic Quadrant for “Enterprise Information Archiving” through its solutions in Microsoft 365 E3 & E5.

“I am delighted to announce that Gartner has listed Microsoft as a Leader in its 2020 Magic Quadrant for Enterprise Information Archiving. This is the third consecutive year that Microsoft has been recognized as a Leader in this critical space. To us, this recognition reinforces our leadership in innovative data governance, archiving, eDiscovery, and compliance solutions.”

For more information & to download the report, visit:

• NEWS: Microsoft recognized as a Leader in the 2020 Gartner Magic Quadrant for Enterprise Information Archiving (Oct 2020)
  https://www.microsoft.com/security/blog/2020/11/05/microsoft-recognized-as-a-leader-in-the-2020-gartner-magic-quadrant-for-enterprise-information-archiving/

This is old news but for the purposes to making sure folks know:

Office 2016 connectivity support for Office 365 services
In addition, we are modifying the Office 365 services system requirements related to service connectivity. In February, we announced that starting October 13, 2020, customers will need Office 365 ProPlus or Office 2019 clients in mainstream support to connect to Office 365 services. To give you more time to transition fully to the cloud, we are now modifying that policy and will continue to support Office 2016 connections with the Office 365 services through October 2023.

The previous support end date was October 2020.  Basically, connectivity from Office Professional Plus 2016 was gonna be “no longer supported” after this month.  This support statement changed as you can see.

(It’s buried at the bottom of this post so I wanted to highlight it for those who needed it)

• ANNOUNCEMENT: “Helping customers shift to a modern desktop”
  https://www.microsoft.com/en-us/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop/