Kurt Shintaku's Blog

Azure Firewall Manager is now generally available.

Azure Firewall Manager is a security management service that provides central security policy and route management for cloud-based security perimeters.  It includes Azure Firewall Policy, Azure Firewall in a Virtual WAN Hub (Secure Virtual Hub), and Hub Virtual Network. In addition, we are introducing several new capabilities to Firewall Manager and Firewall Policy to align with the standalone Azure Firewall configuration capabilities.

Key features in this release include:

• Threat intelligence-based filtering allow list in Firewall Policy is now generally available.
• Multiple public IP addresses support for Azure Firewall in Secure Virtual Hub is now generally available.
• Forced tunneling support for Hub Virtual Network is now generally available.
• Configuring secure virtual hubs with Azure Firewall for east-west traffic (private) and a third-party security as a service (SECaaS) partner of your choice for north-south traffic (internet bound).
• Integration of third-party SECaaS partners are now generally available in all Azure public cloud regions.
• Zscaler integration will be generally available on July 3, 2020. Check Point is a supported SECaaS partner and will be in preview on July 3, 2020. iboss integration will be generally available on July 31, 2020.
• Support for domain name system (DNS) proxy, custom DNS, and fully-qualified domain name (FQDN) filtering in network rules using Firewall Policy are now in preview.

Read more here:

• RELEASE: Azure Firewall Manager
  https://azure.microsoft.com/en-us/blog/azure-firewall-manager-is-now-generally-available/

The Azure Maps visual for Power BI will be releasing as a preview this week. Power BI is a powerful analysis and visualization tool. Azure Maps is an important tool for gaining geospatial context and insights that can be used in decision making.

This initial release includes the following visualization layers:

• Bubble layer
• 3D bar chart layer
• Reference layer
• Custom tile layer
• Real-time traffic overlay

In addition to these visualization layers, this visual also leverages built-in Power BI features, such as tooltips, color themes, as wells as filter and slicer support.

• BETA: Azure Maps for Power BI (Public Preview)
  https://azure.microsoft.com/en-us/blog/azure-maps-power-bi-visual-now-in-preview/

Windows Virtual Desktop announced 2 new very impactful features you should know about:

• Azure portal integration
  With the Azure portal integration, you get a simple interface to deploy and manage your apps and virtual desktops. Host pool, workspace, and all other objects you create are Azure Resource Manager objects and are managed the same way you manage other Azure resources.
• A/V redirect for Microsoft Teams
  ”Once you enable A/V redirect in the Desktop client for Windows, the audio and video will be handled locally for Microsoft Teams calls and meetings. You can still use Microsoft Teams on Windows Virtual Desktop with other clients without optimized calling and meetings.”

Read more and find pointers to the documentation here:

• New Windows Virtual Desktop capabilities now generally available
  https://azure.microsoft.com/en-us/blog/new-windows-virtual-desktop-capabilities-now-generally-available/

Edge is now integrated into the Microsoft public roadmap.

Today, we are announcing the availability of Microsoft Edge enterprise features on the Microsoft 365 Roadmap portal, and a new Microsoft Edge release schedule for Beta & Stable channel releases.

The M365 roadmap portal lets you view upcoming Microsoft Edge enterprise features—you can filter by “Microsoft Edge” in the Products field, or by “Beta channel” and “Stable channel” in the Release Phase field. Developers should continue to reference our Platform Status page for information on supported and upcoming platform features.

…

See the full announcement here:

• BLOG: Introducing the Microsoft Edge enterprise roadmap and release schedule
  https://blogs.windows.com/msedgedev/2020/07/23/introducing-enterprise-roadmap-release-schedule/

PASSsummit 2020 has gone Virtual!

PASS is the premier event for SQL Server database administrators, developers, & architects.  Community driven & supported by Microsoft, PASSsummit has been one of the most successful conferences for data people of all facets.

Learn about the Virtual Summit Packages with over 200 hours of expert-led content, on-demand access, and PASS networking opportunities.

Register here: https://www.pass.org/summit/2020/

Protect your users by automatically opening suspicious emails & documents for them in hardware virtualized containers using the new “Microsoft Defender Application Guard”.

Application Guard for Office is now available in public preview!

Files from the internet and other potentially unsafe locations can contain viruses, worms, or other kinds of malware that can harm your users’ computer and data. To help protect your users, Office opens files from potentially unsafe locations in Application Guard, a secure container that is isolated from the device through hardware-based virtualization. When Office opens files in Application Guard, users can securely read, edit, print, and save those files without having to re-open files outside the container. This feature will be off by default.

Note:  This security service/feature will be coming to Microsoft 365 E5 or M365 E5 Security licensees.

Learn more about Application Guard here:

• DOCS: Application Guard for Office (public preview) for admins
  https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide

UPDATE 2/17/21:
This feature was removed from the roadmap.

ORIGINAL POST (AUG 2020)
Did you ever wish you could share your Microsoft Stream-based videos with people outside of your organization/company?

I spotted something that on the public Microsoft 365 roadmap:

Microsoft Stream: Public anonymous external video sharing

Allow individual videos in Microsoft Stream to be marked for external public access allowing people to view the videos without a login. Stream admins will be able to control if this feature is enabled and who within the organization can make videos publicly available.

Slated for release “Q4 Calendar Year 2020”.

• Microsoft 365 Roadmap: Microsoft Stream public anonymous external video sharing
  https://www.microsoft.com/en-us/microsoft-365/roadmap?featureid=27728

The end of mainstream support for Advanced Threat Analytics (ATA) is coming on January 2021.

ATA will continue to be supported in extended support however after this date:

• no further feature updates will be made to ATA (past updates are located here)
• no functional patches other than security fixes will be published for ATA

WHAT TO DO?
Azure Advanced Threat Protection (AATP) has been the evolution of Advanced Threat Analytics, operating in the cloud & delivering improved protection at a rapid pace.

Folks using ATA know that it has always been a few steps behind AATP in features & functionality because it requires manual on-premises software updates, relative to AATP which is updated regularly in the cloud on customer’s behalf. 

It’s recommended that IT organizations consider beginning their transition to Azure Advanced Threat Protection to ensure their Active Directory Domain Controller environment is securely monitored for breaches & anomalous behaviors.  Resources to migrate are available here.

For more information, read the notification about the ending of ATA’s mainstream support:

• NEWS: End of mainstream support for Advanced Threat Analytics January 2021
  https://go.microsoft.com/fwlink/p/?linkid=2138125

Determining the differences between Microsoft 365 F1, F3, E3, & E5 Suites can be difficult. 

On the surface, there’s a few pages documenting the general differences in applications & services available but scratching the surface reveals a lot more technical differences in those same services that you might not know about.

MARKETING COMPARISONS
These sites are a good starting point as they provide overall/all-up views on the available services & functional differences between each suite.

For example, these sites will tell you which M365 license suite has Exchange Online, which has the Office ProPlus apps, which have Azure Information Protection, etc.

• Comparison between Microsoft 365 Firstline Worker license suites F1/F3:
  https://www.microsoft.com/en-us/microsoft-365/enterprise/firstline
• Microsoft 365 F1:
  https://www.microsoft.com/en-us/microsoft-365/enterprise/f1
• Microsoft 365 F3:
  https://www.microsoft.com/en-us/microsoft-365/enterprise/f3
• Comparison between Microsoft 365 Enterprise license suites E3/E5 & F3
  https://www.microsoft.com/en-us/microsoft-365/compare-microsoft-365-enterprise-plans

SERVICE DESCRIPTION COMPARISONS
To understand feature level differences in each service or product, you need to go into the Service Descriptions for each suite/service.

For example, these sites will tell you “the differences in mailbox size” between suites, whether or not “mailbox litigation hold” or “data loss prevention” is available for a specific M365 license suite, etc.

• Microsoft 365 Service Description
  (with F3, E3, E5 comparisons)
  https://docs.microsoft.com/en-us/office365/servicedescriptions/office-365-platform-service-description/office-365-platform-service-description
• Exchange Online Service Description (with F3, E3, E5 comparisons)
  https://docs.microsoft.com/en-us/office365/servicedescriptions/exchange-online-service-description/exchange-online-service-description
• OneDrive for Business Service Description (F1, F3, E3, E5)
  https://docs.microsoft.com/en-us/office365/servicedescriptions/onedrive-for-business-service-description
• SharePoint Online Limits (F1, F3, E3, E5)
  https://docs.microsoft.com/en-us/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits

Anyone that establishes a Contacts database in Teams/SharePoint Online can synchronize that database to their personal installation of Outlook.

Note: This synchronization does NOT mix the online database’s contacts with your personal contacts.  It establishes a new database in Outlook for you which is selectable to view & edit from the Contacts section of Outlook.

The following is for ANY person with access to the Contact database that wants to synchronize the contacts locally to Outlook:

To synchronize the database’s contacts with Outlook:

1. Open Outlook on your desktop. 
   This will make the next step smoother as
2. Go back to your browser and jump to the Contacts web view for your Contact database. (If you’re using Teams, see the first 3 steps of the blog post, “Part 1: Creating a Contacts Database”)
   
3. Click the “Return to classic SharePoint” link at the bottom of the page.  The view should change with 3 menu items appearing near the top of the screen: “BROWSE, ITEMS, LIST”
   (It is possible that this might not work the first time – so you may need to click it AGAIN, a second time.)
   




4. Click “LIST”.  This should reveal a “ribbon” of options.
5. Click “Connect to Outlook”
   This will immediately open a dialog box in Outlook requesting permission to establish a SharePint Contacts list sync.
   
6. Click the “Yes” button. Outlook will immediately establish a new Contacts database locally and sync it with the SharePoint Contacts database.
   The new Contacts database should appear on the left.
   (Note: In some rare cases, the new Contacts database will not appear in the Contacts database list despite having been created & synced. Simply restart Outlook to have it appear.)

That’s it.  At this point, you can:

1. Copy Contacts from your personal contacts database to the new Contacts database established within Outlook.
2. Any changes – additions, edits, deletions – you make to the newly created/synchronized Contacts database will be synced to the online database as well for others to see – and sync.

Caution: Any changes that OTHER people make to the synced contacts will also be synced back & reflected in the online database so be sure you trust those people you provide access to.