Kurt Shintaku's Blog

Version 16.1.0.456 of Skype for Business for Mac was announced last month.

Here’s a few of the items updated in this release:

• Contact group management features for Office 365 / Skype for Business Server 2015 customers
• Contact tagging for status changes
• Improvements to meetings reliability, sign-in, and chat

Read the announcement & download the bits from below if you don’t have Microsoft AutoUpdate turned on.

• ANNOUNCEMENT: "Skype for Business on Mac CU1 Released!"
  https://blogs.technet.microsoft.com/nexthop/2016/11/22/skype-for-business-on-mac-cu1-released/
• DOWNLOAD: Skype for Business on Mac CU1
  https://www.microsoft.com/en-us/download/details.aspx?id=54108

At Microsoft Ignite 2016 the Office 365 ProPlus deployment team released a brand new guide focused on making your organization’s Office 365 ProPlus deployment a success.

This guide has been created by a team of subject matter experts from the Office 365 Product Group, Office 365 Product Marketing Group, and delivery experts from Microsoft Services which provides a single source for the Office 365 ProPlus deployment guidance that you need to successfully deploy and manage Office 365 ProPlus, including recommended guidance for discovery of applications, preferred deployment scenarios and practices, recommended approaches for channel management, and reporting capabilities for licensing and usage.

Note: The guide is actually an 8.46MB OneNote notebook so you’ll need to have OneNote installed to use it.  Download it for free for Windows 10, Windows desktop, Windows Phone, Mac, iOS, & Android at https://www.onenote.com/Download.

• DOWNLOAD: Introducing the “Preferred Practices guide for Office 365 ProPlus Deployment”
  http://www.deployoffice.com/preferred-practices/

Fasttrack is a Microsoft service that comes with subscriptions to Office 365, Enterprise Mobility + Security Suite, Intune, & Azure RMS.  It provides engineers & architects to help folks onboard & deploy these cloud services – at no additional cost to you.

There’s a great presentation & video recording from Ignite 2016 out there called “Accelerate your Office 365 deployment with FastTrack”. The presentation goes over:

• What services Fasttrack provides
• What geographical coverage it supports
• Scenarios, resources, and the expectations you should have of Fasttrack
• Technical On-boarding capabilities of Fasttrack for
• Exchange Online
• SharePoint Online
• Skype for Business Online
• OneDrive for Business
• Office Pro Plus
• Yammer Enterprise
• Process & how to get started

View the presentation here:

• BRK3065 – Accelerate your Office 365 deployment with FastTrack
  https://techcommunity.microsoft.com/t5/Microsoft-Ignite-Content/BRK3065-Accelerate-your-Office-365-deployment-with-FastTrack/td-p/10458

PASStv is your virtual ticket into SQL PASS Summit: Keynotes, Women In Technology luncheon, sessions, & more!

And it’s FREE.  Here’s a list of sessions with recordings to view on-demand from Oct 26-28, 2016:

Wednesday, October 26

• 08:10 AM Interview: Patrick O’Keeffe, Dell Software & Denise McInerney, VP of Marketing, PASS
• 08:15 AM Day 1 Keynote – Joseph Sirosh, Corporate Vice President of the Data Group, Microsoft
• 09:45 AM Interview: Neil Garrett, Idera and Argenis Fernandez, PASS SQLSaturday
• 10:45 AM Intro to Internals: How to Think Like the SQL Sever Engine by Brent Ozar
• 01:23 PM Interview: Rob Wallace, Pyramid Analytics & Ryan Adams, PASS Director, Chapters
• 01:30 PM Mobile BI and Dataviz with SQL Server 2016, R, and PowerBI by Jen Stirrup
• 02:45 PM Interview: Richard Macaskill, RedGate Software & Tim Ford, PASS Director Membership
• 03:10 PM Interview: Wendy Harms & Maurice De Vidts, HPE & Adam Jorgensen, PASS President
• 03:15 PM The Many Latencies of TempDB by Gail Shaw
• 04:45 PM This Batch-Mode Window Aggregate Operator Will Change Your Life! by Itzik Ben-Gan

Thursday, October 27

• 08:10 AM Interview: Bill Preachuk, Hortonworks & Adam Jorgensen, PASS President
• 08:15 AM Day 2 Keynote "Data Warehousing in the Cloud" by David DeWitt, Adjunct Professor, MIT
• 09:45 AM Interview: Thomas LaRock, SolarWinds & Wendy Pastrick, Director, PASS Virtual Chapters
• 10:15 AM SQL Server 2016: It Just Runs Faster by Bob Ward
• 11:30 AM Interview: Kellyn Gorman, Delphix & Allen White, Director, PASS Program
• 11:45 AM Women in Technology Keynote: Leadership, The Missing 33%, and Career Success for Women, presented by Kelly Lockwood Primus, Leading Women
• 01:15 PM Interview: John McAllister, Profisee & Wendy Pastrick, Director, PASS Virtual Chapters
• 01:30 PM Recovery Models Made SIMPLE by Kalen Delaney
• 02:45 PM Interview: Kevin Kline, SentryOne and Ryan Adams, Director, PASS Chapters
• 03:15 PM Power BI for the Enterprise by Sirui Sun, Sivakumar Harinath
• 04:45 PM UNPLUGGED: SQL Server 2016 by Scott Klein, Rohan Kumar
• 06:00 PM Building an SSRS Monitoring System by Stacia Varga
• 07:15 PM Safe-Guard Your Career: How to Work Better as a Team and Between Departments by Richard Bolesta

Friday, October 28

• 08:00 AM Optimizing Multi-Billion Row Tables in Tabular by Marco Russo
• 09:15 AM Interview: Kevin Petrie, Attunity & Jen Stirrup, Director, PASS Business Analytics
• 09:30 AM Advanced Power BI: Solving the Hard Problems by Devin Knight
• 11:15 AM How to move databases around in Azure by Andre Kamman
• 12:45 PM Database Security in SQL Server 2016 and Beyond by Denny Cherry
• 02:00 PM Developing Highly Concurrent Databases by Michael J Swart
• 03:30 PM Mitigating a SQL Server Upgrade Disaster by Victor Isakov

View the recordings site here:

• VIDEO: SQL PASS Summit 2016 “PASStv” On-Demand Recordings
  http://www.sqlpass.org/summit/2016/PASStv.aspx

I really like this list as a guideline for folks considering security for their cloud solutions.  Here’s consideration #1, pictured to the right.

It’s part of the Microsoft Secure blog, a blog dedicated to Microsoft’s point of view on security, privacy, reliability, and trust. It’s the place to go for in-depth articles on Microsoft products and services, as well as tips and recommendations for improving security in your organization.

Here is a larger list of 8 questions to think about for adaptive cloud security. Step 1: Check your budget.

To read the full list, visit:

• BLOG: Managing cloud security: Four key questions to evaluate your security position
  http://blogs.microsoft.com/microsoftsecure/2016/08/15/managing-cloud-security-four-key-questions-to-evaluate-your-security-position/?wt.mc_id=DX_873533

On October 25-28, 2016, SQL PASS 2016 took place in Seattle, WA – the world’s largest gathering of SQL Server and BI professionals.

If you’re interested in downloading the SQL PASS 2016 Keynote from Day 2 entitled, “Datawarehousing in the Cloud” by David J. DeWitt & Willis Lang, I’ve got the deck below.

• DOWNLOAD: PASS 2016 Keynote – “Datawarehousing in the Cloud”
  https://1drv.ms/p/s!Ao0Dfn8MQdoApJc5LsLGdXZpZ8Tp9A

Starting in February 2017, Microsoft will no longer support Project 2013 (through Office 365 or MSI) connecting to Project Online. Customers who need to connect to Project Online will need to move to Project 2016.

For more information, please check out Premier PFE, Brooks White’s blog here:

• After February 2017, no more support for Project 2013 with Project Online
  https://blogs.technet.microsoft.com/brookswhite/2016/10/29/after-february-2017-no-more-support-for-project-2013-with-project-online/

We announced 2 new support offerings: Windows Server Premium Assurance and SQL Server Premium Assurance. These offerings add 6 more years of product support for Windows Server and SQL Server, allowing for a minimum of 16 years of total support:

• 5 years for Mainstream Support
• 5 years of Extended Support
• 6 years of Premium Assurance

The additional support period provides Security Updates and Bulletins rated “Critical” and “Important” (see the Security Bulletin Severity Rating System for definitions) for both products.

To learn more about Windows Server Premium Assurance and SQL Server Premium Assurance, and the six additional years of product support they provide, read the datasheet. The new offerings will be available early next year.

For more details, read the announcement blog post here:

• BLOG: Introducing Windows Server Premium Assurance and SQL Server Premium Assurance
  https://blogs.technet.microsoft.com/hybridcloud/2016/12/08/introducing-windows-server-premium-assurance-and-sql-server-premium-assurance/

About a week ago, a couple of Microsoft Researchers released a tool presented at Black Hat Europe 2016 called "SAMRi10" (pronounced “Samaritan”), a short PowerShell (PS) script which alters remote SAM access default permissions on Windows 10 & Windows Server 2016. This hardening process prevents attackers from easily getting some valuable recon information to move laterally within their victim’s network.

Here’s a summary of the tool’s goals & functionality:

Overview

Reconnaissance (recon for short) is a key stage within the Advanced Attackers’ kill chain. Once attackers have breached a single end-point, they need to discover their next targets within the victim’s corporate network, most notably privileged users. In order to enable admins to harden their network against such recon attacks targeting local users, we had developed the “SAMRi10” (pronounced Samaritan) tool.

Introduction

Reconnaissance (recon for short) is a key stage within the Advanced Attackers’ kill chain. Once attackers have breached a single end-point, they need to discover their next targets within the victim’s corporate network, most notably privileged users

Attackers utilize compromised credentials in order to move laterally within their victims’ network. These compromised credentials may consist of either domain or local credentials. Local credentials, especially those of local admins, are a lucrative target for the attackers as they are less managed (password complexity and change policy) and less monitored (no traffic and logs besides the specific computer).

Querying the Windows Security Account Manager (SAM) remotely via the SAM-Remote (SAMR) protocol against their victim’s domain machines, allows the attackers to get all domain and local users with their group membership and map possible routes within the victim’s network. Recently, some frameworks (e.g. BloodHound) have automated that mapping process.
By default, the SAM can be accessed remotely (via SAMR) by any authenticated user, including network connected users, which effectively means that any domain user is able to access it. Windows 10 had introduced an option to control the remote access to the SAM, through a specific registry value. On Windows Anniversary update (Windows 10 Version 1607) the default permissions were changed to allow remote access only to administrators. An accompanying Group Policy setting was added, which gives a user-friendly interface to alter these default permissions.

In order to enable admins to have granular control over remote access to SAM for all Windows 10 versions, we had developed the “SAMRi10” (pronounced Samaritan) tool. The SAMRi10 tool is a short PowerShell (PS) script which alters these default permissions on all Windows 10 versions and Windows Server 2016. Most significantly, this hardening process should block attackers from easily getting valuable recon information.

…

SAMRi10 can be downloaded from here. In-depth usage instructions are included in the download package.

• DOWNLOAD: “SAMRi10” – Hardening SAM Remote Access in Windows 10/Server 2016
  https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b

There’s a 103 page document that we’ve produced called the “Azure Onboarding Guide for IT Organizations”.

The purpose of this document is to provide an overview, guidance, and best practices for enterprise IT departments to introduce, consume, and manage Microsoft Azure-based services within their organization. The target audience is enterprise architects, cloud architects, system architects, and IT managers.

It covers the following:

1. Moving to the Cloud
2. Managing security, compliance, and data privacy
3. Azure enterprise administration
4. Integrating Azure into the corporate network
5. Extending Active Directory to Azure
6. Operating Azure IaaS Services
7. Migrating existing services to Azure
8. Offering management for cloud-based services

Download the whitepaper here:

• Azure Onboarding Guide for IT Organizations (.PDF, 103pg, 2.63MB)
  https://download.microsoft.com/download/F/F/F/FFF60E6C-DBA1-4214-BEFD-3130C340B138/Azure_Onboarding_Guide_for_IT_Organizations_EN_US.pdf

For more papers & documentation, visit:

• Microsoft Cloud Resource Center
  https://azure.microsoft.com/en-us/resources/