Kurt Shintaku's Blog

Today we’re announcing the general availability of Azure Monitor for virtual machines (VMs), which provides an in-depth view of VM performance trends and dependencies. You can access Azure Monitor for VMs from the Azure VM resource blade to view details about a single VM, from the Azure Virtual Machine Scale Sets (VMSS) resource blade to view details about a single VM scale set, and from Azure Monitor to understand compute issues at scale.

Azure Monitor for VMs brings together key monitoring data about your Windows and Linux VMs, allowing you to:

• Troubleshoot guest-level performance issues and understand trends in VM resource utilization.
• Determine whether back-end VM dependencies are connected properly and which clients of a VM may be affected by any issues the VM is having.
• Discover VM hotspots at scale based on resource utilization, connection metrics, performance trends, and alerts.

…

Read the full announcement here:

• RELEASE: Announcing the general availability of Azure Monitor for virtual machines
  https://azure.microsoft.com/en-us/blog/announcing-the-general-availability-of-azure-monitor-for-virtual-machines/

Need to learn Microsoft Teams?  Administration?  Architecture?  Troubleshooting?  Deployment?

Use these training resources to educate yourself about Teams, teach others or run workshops.

• Admin training for Microsoft Teams
  https://docs.microsoft.com/en-us/microsoftteams/itadmin-readiness

ARCHITECTURE POSTERS FOR ITPROS
Teams is central to the logical architecture of productivity services in Microsoft 365 – including data governance, security, and compliance capabilities.

This series of illustrations provides a view into the logical architecture of productivity services for enterprise architects, leading with Teams.

• Microsoft Teams IT architecture and telephony solutions posters
  https://docs.microsoft.com/en-us/microsoftteams/teams-architecture-solutions-posters

From Jarad Spataro, CVP, Microsoft 365:

As the work week draws to a close, we continue to feel the impact of the COVID-19 outbreak.

With remote work and travel restrictions on the rise, teams everywhere are facing a big question: What should we do about virtual events? I can’t think of a better person to address this question than my colleague Bob Bejan.

In his role as Corporate Vice President of Global Events, Production Studios, and Marketing Community at Microsoft, Bob has deep experience overseeing events and productions—often at huge scale. Today on LinkedIn, Bob shared insights from the event-production frontlines. I found them so helpful, and I think you will too.

…

Read more here:

• Digital transformation of live events: Bob Bejan’s observations from the frontline
  https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/13/digital-transformation-live-events-bob-bejans-observations-frontline/

(Here’s an older clip of what Microsoft Production Studios is like)

Microsoft pushed out this patch “out-of-band”, the day it was available, to all our clients & affected servers, and it required a mandatory reboot.

This is important.  Please review urgently.

The patch for the SMB compression RCE is released.

• CVE-2020-0796 | Windows SMBv3 Client/Server Remote Code Execution Vulnerability
  https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796

It applies to all Windows 10 version 1903 & 1909, and Windows Server version 1903 & 1909. Does not apply to Windows Server 2019, W10 LTSC, or any older OSes and versions.

Additionally, you will want to look at firewall best practices and configurations to enhance security and prevent malicious traffic from leaving computers or their network.

Here is guidance on how to accomplish this:

• SUPPORT: Preventing SMB traffic from lateral connections and entering or leaving the network
  https://support.microsoft.com/en-us/help/3185535/preventing-smb-traffic-from-lateral-connections

(Obtained from Ned Pyle.  Good thread here on the topic & background: 
https://twitter.com/NerdPyle/status/1238144361067511810)

If you’re finding yourself using Microsoft Teams a little more these days, this is a nice ramp up "Getting Started" 5-page PDF guide:

• DOWNLOAD: Microsoft Teams Quick Start Guide
  https://download.microsoft.com/download/D/9/F/D9FE8B9E-22F5-47BF-A1AB-09539C41FCD0/Teams%20QS.pdf
• VIDEO: Accompanying Video Introduction to Microsoft Teams (“What is Microsoft Teams”)
  https://support.office.com/en-us/article/video-what-is-microsoft-teams-422bf3aa-9ae8-46f1-83a2-e65720e1a34d?ui=en-US&rs=en-US&ad=US

App templates are production-ready apps for Microsoft Teams that are community driven, open-source, and available on GitHub. Each contains detailed instructions for deploying and installing that app for your organization, providing a ready-to-use app that you can install and begin using immediately. The complete source code is available as well, so you can explore it in detail, or fork the code and alter it to meet your specific needs.

One such app is the “Company Communicator” – which sends targeted communications to employees on Teams and modernizes dissemination and consumption of employee announcements.

ex: COVID-19 alerts & notices

Here’s the description:

COMPANY COMMUNICATOR

The Company Communicator app enables corporate teams to create and send messages intended for multiple teams or large number of employees over chat allowing organization to reach employees right where they collaborate. Utilize this template for multiple scenarios such as new initiative announcements, employee onboarding, modern learning and development or organization-wide broadcasts.

The app provides an easy interface for designated users to create, preview, collaborate and send messages.

It provides a foundation to build custom targeted communication capabilities such as custom telemetry on how many users acknowledged or interacted with a message.

Other app templates include:

• Celebrations app
• Company Communicator app
• FAQ Plus Bot
• HR Support Bot
• SharePoint List Search app
• Custom Stickers app
• Icebreaker bot
• Scrum Status bot
• Crowdsourcer bot
• Expert Finder bot
• Book-a-room bot
• Attendance app
• Associate Insights app
• Incentives app

Check out the App Templates below:

• INFO: “Company Communicator” & Microsoft Teams App Templates
  https://docs.microsoft.com/en-us/microsoftteams/platform/samples/app-templates#company-communicator

Yubico VP Derek Hanson shares how Microsoft’s FIDO2 GoPasswordless support for hybrid environments is a game-changer for Firstline Workers:

Microsoft announced the FIDO2 passwordless support for hybrid environments. The integration of FIDO2-based YubiKeys and Azure Active Directory (Azure AD) is a game changer. It combines the ubiquity of Azure AD, the usability of YubiKey, and the security of both solutions to put us on the path to eliminate passwords in the enterprise.

Think about that for a moment. Imagine never being asked to change your password again, no more password spreadsheets or vault apps. No more phishing and password spray! Would it be too much to compare it to the moon landing? Probably. But it’s at least as monumental to security as the introduction of passwords themselves. Now think about how much passwordless authentication will improve everyday work for Firstline Workers.

…

Read more here:

• INFO: Empower Firstline Workers with Azure AD and YubiKey passwordless authentication
  https://www.microsoft.com/security/blog/2020/03/12/empower-firstline-workers-azure-ad-yubikey-passwordless-authentication/

For Multi-factor Authentication to be effective, you also need to block legacy authentication. There’s no point in setting up MFA if people can simply use other means of authentication to bypass it.

The following is a critical step-by-step guide to blocking legacy authentication in your organization through the use of legacy authentication reporting, Azure AD Conditional Access, & disabling legacy authentication in your services.

• INFO: New tools to block legacy authentication in your organization
  https://techcommunity.microsoft.com/t5/azure-active-directory-identity/new-tools-to-block-legacy-authentication-in-your-organization/ba-p/1225302

If you’re used to on-premises infrastructures, cloud platforms can seem daunting. But it doesn’t need to be.

This eBook written by the veteran IT consultant and trainer Paul Schnackenburg, covers all aspects of setting up and maintaining a high-performing Azure IaaS environment, including:

• VM sizing and deployment
• Migration
• Storage and networking
• Security and identity
• Infrastructure as code
• and more!

The first 5 chapters goes over the basics of Azure IaaS – perfect for those starting out – with chapters 6-11 covering more advanced skills targeted at seasoned Azure administrators. Chapter 12 goes one step further preparing you for future advances in the Azure IaaS platform.

Are you ready to blast off your IT skillset into the clouds? Download this free eBook today and buckle up.

• DOWNLOAD: Free eBook, “The SysAdmin’s Guide to Azure Infrastructure as a Service” (3rd Party)https://www.altaro.com/ebook/Azure-IaaS.php

Organizations that would like to provide their work-from-home users with the ability to use Teams Conferencing as well can get temporary/trial licenses for 30 days.  If you’re a managed customer that has an account team, those licenses can be extended beyond 30 days.

The way to get Teams Conferencing for work-from-home users is to set up a trial for corporate “Office 365 E5” licenses in your company’s existing tenant. 

1. Signing up for Office 365 trial licenses is easily done at the URL below:
   https://www.microsoft.com/en-us/microsoft-365/business/office-365-enterprise-e5-business-software?activetab=pivot%3aoverviewtab
2. Once you’ve set up the trial, your account team will be able to extend it past 30-days.

This will enable work-at-home employees to use Teams Conferencing while they are “telecommuting” in addition to the rich collaborative capabilities of Teams.

(Note: Unfortunately, Microsoft employees can’t stand up the trial for you on your behalf.   The trial request has to be done by your work email address and applied by an Office 365 Administrator.)