Kurt Shintaku's Blog

If you recently deployed Microsoft Defender for Identity on your Domain Controllers and haven’t gone through all the prerequisites, you may find that you receive health alerts indicating NTLM Auditing is not enabled.

You can also enable NTLM Auditing on your Domain Controllers if you are planning to deploy Microsoft Defender for Identity.

Read at the link below for instructions on how to enable NTLM auditing via Group Policy to elevate the effectiveness of your Microsoft Defender for Identity deployment.

• Microsoft Defender for Identity | Enable NTLM Auditing
  https://azurecloudai.blog/2023/02/07/microsoft-defender-for-identity-enable-ntlm-auditing/

I had planned on writing something similar to what’s below however this was a such a good roundup, I shamelessly stole the following from Jiadong Chen, Microsoft Cybersecurity MVP.

Microsoft is leading the way in security best practices with their comprehensive reference materials, such as the Microsoft Cybersecurity Reference Architectures, Microsoft cloud security benchmark, the Cloud Adoption Framework, and Microsoft security best practices provide valuable guidance on how to best protect systems and data in the cloud. In this post, I’d like to share some of the key Microsoft security best practices resources that can help ensure your organization’s security!

()
Diagrams and sections in MCRA are a key source of security best practices for many topics including:

• Zero trust user access, security operations, multicloud and cross-platform capabilities, operational technology (OT), attack chains, technical capability coverage, Azure native security controls, and security roles and responsibilities. https://lnkd.in/gZ_t_88h

()
To rapidly adopt Zero Trust in your organization, RaMP offers technical deployment guidance organized in these initiatives:

• Explicitly validate trust for all access requests https://lnkd.in/g6MjQDpy
• Ransomware recovery readiness https://lnkd.in/gYkFm5zF
• Data protection https://lnkd.in/gn5XzcuV
• And more! https://lnkd.in/gEr5q2ET

()
The MCSB provides security best practices for Microsoft Azure, on-premises datacenters, and other cloud providers, including two types of guidance:

• Security controls
  Identity Management (IM): https://lnkd.in/d8bvgaUA
  Network security (NS): https://lnkd.in/dRJfYfpV
  and more! https://lnkd.in/drR5zmTk
• Security baselines
  Security baselines are standardized documents, describing the available security capabilities https://lnkd.in/dzYjPK5g
  Full security baseline mapping file: https://lnkd.in/dMcTQvfA

Cloud Adoption Framework can help you get started with several different getting started guides, of which security is an important component.

• Azure Top 11 essential security practices: https://lnkd.in/dPjY2Axc
• Cloud security functions: https://lnkd.in/dTQvUwJ4
• Reference implementation: https://lnkd.in/dTKgmBcV

Assess your Security Journey for Cloud Adoption. Receive actionable considerations to improve your security posture. https://lnkd.in/dH-tV95F

()
Helps accelerate security program modernization with reference strategies built using Zero Trust principles https://lnkd.in/dFhNZGFP

Recently, Jeff Woolsey, Microsoft Principal Program Manager for Windows Server & Hybrid Cloud, in what can only be described as a fit of frustration , posted this information to his followers & it’s worth repeating:

1. Do not put Domain Controllers on the open internet. 
   Do not put Domain Controllers on the open internet. 
   Do not put Domain Controllers on the open internet.
   Here’s some additional helpful guidance for securing Domain Controllers:
   Securing Domain Controllers Against Attack
   https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/securing-domain-controllers-against-attack#blocking-internet-access-for-domain-controllers
2. You should run all domain controllers on the newest version of Windows Server that is supported within your organization. Organizations should prioritize decommissioning legacy operating systems in the domain controller population.
3. Keeping domain controllers current and eliminating legacy domain controllers, allows you to take advantage of new functionality and security. This functionality may not be available in domains or forests with domain controllers running legacy operating system.
4. What is the impact of upgrading the Domain or Forest Functional Level?
   https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/what-is-the-impact-of-upgrading-the-domain-or-forest-functional/ba-p/399348
5. At this point in time, your domain controllers should all be running at Windows Server 2016 Functional Level. There’s a good chance that future AD features will require a 2016 DFL. To learn more about Active Directory Functional Levels see:
   What Are Active Directory Functional Levels?
   https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc787290(v=ws.10)
6. Q: Are their any concerns about upgrading Domain or Forest Functional Level
   A: No. In a review over a decade of support calls, NOT ONE involves a case where changing the Domain or Forest Function Level was responsible as the root cause of any issue.
7. How to raise Active Directory domain and forest functional levels:
   https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/raise-active-directory-domain-forest-functional-levels
8. Best Practices for Securing Active Directory
   https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/best-practices-for-securing-active-directory

Check out what’s being announced at #AzureCosmosDBConf!

Azure Cosmos DB Conf is a free virtual developer event co-organized by Microsoft and the Azure Cosmos DB community.

This is our third Azure Cosmos DB Conf. Sessions will be a combination of Microsoft and community delivered. Come and learn more about Azure Cosmos DB. See what others in the community are building.

March 28, 2023 8:00AM PT – 11:00AM PT 

Pre-Register Now:

• Azure Cosmos DB Conf 2023:
  https://learn.microsoft.com/en-us/events/learn-events/azure-cosmos-db-conf-2023/

Do you have students that are looking for a career in technology?

Are you a student looking for resources on how to get ahead with Microsoft technology?

Microsoft Student Summit
A good place to start is the Microsoft Student Summit 2023, a 90 minute virtual event the week of March 20 to help build your skills and experience on the Microsoft Cloud. Students and tech career seekers should register now to attend a session in your timezone.

“Student Hub” and more
Additionally, the following resources are available from Microsoft for students interested in careers in tech:

• Student Hub Overview – Microsoft Learn Student Hub
  • Student Training and Certification
  • Student discounts
• Self-paced online training – Learning Paths & Modules
• Instructor-led Microsoft Virtual Training Days
  • Microsoft Virtual Training Days – Azure
  • Microsoft Virtual Training Days – Business Applications
  • Microsoft Virtual Training Days – Microsoft 365
  • Microsoft Virtual Training Days – Security

Learning Pathways is a a collection of self-guided learning journeys to help you with your ongoing professional development.

These guides are one-page overviews that are HYPERLINKED and show the available training available for the subject.  They act as learning companions to the Enterprise Skills Initiative and are available in the following categories:

Infrastructure:

• Azure Administrator
• Azure VMWare Solution
• Azure Solution Architect
• Azure Network Engineer
• Stack Hub Operator

Data & AI:

• Data Skills (Aspiring Analyst)
• Power BI Data Analyst
• Data Engineer
• Azure Synapse Analytics
• Azure Database Admin
• Azure Data Scientist
• AI Engineer
• Microsoft Purview

Security:

• Security Operations Analyst
• M365 Security Admin
• Azure Security Engineer
• Identity and Access Admin
• Information Protection Admin
• Microsoft Sentinel

Development:

• Azure Developer
• Azure DevOps
• GitHub Learning

Other:

• Microsoft Cost Management
• Digital Skills > Cloud
• Microsoft Teams

AWS-to-Azure:

• Azure for AWS Architects
• Azure for AWS Developers
• Azure for AWS SysOps

To download the guides. visit:

• DOWNLOAD: Microsoft Cloud Learning Pathways
  https://learning-pathways.co.uk/

Microsoft has made 6 major announcements in the past few weeks regarding artificial intelligence.

1. Microsoft OpenAI partnership
2. GPT & Bing & Edge
3. GPT & Viva Sales
4. GPT & Teams Premium
5. Microsoft on Responsible AI
6. General availability of “Azure OpenAI Service”

Additionally, Microsoft previously announced exclusive licensing of GPT-3 language model.

• BLOG: Microsoft teams up with OpenAI to exclusively license GPT-3 language model

For State & Local Government decision makers, the opportunity is excellent:

• BLOG: How OpenAI can benefit State and Local Government
• BOOK: Generative Artificial Intelligence Use Cases in State & Local Governments: Scratching the surface of the "Why" & "How" to initiate implementing … through the lens of 100 use cases

Azure has made OpenAI services available in “commercial” tenants:

• SITE: Azure OpenAI Service – Advanced Language Models
• DOCS: Azure OpenAI – Documentation, quickstarts, API reference
• BLOG: General availability of Azure OpenAI Service expands access to large, advanced AI models with added enterprise benefits

There’s been lots of coverage from the press.

• New York Times:
  Microsoft’s ChatGPT-Powered Bing Makes Search Interesting Again
• Bloomberg:
  Microsoft’s AI Chatbot Finds Early Success in Bing Searches
• Wall Street Journal:
  I Tried Microsoft’s New AI-Powered Bing. Search Will Never Be the Same.
• Business Insider:
  Microsoft Bing Vs Google Search: Why Bing Is so Much Better
• CNET:
  Microsoft’s AI-Powered Bing Can Run Rings Around Google Search:  For eight of 10 tough questions I asked, I liked Bing’s answers better.
• CNBC:
  Microsoft will offer ChatGPT tech for companies to customize: source
• Windows Central:
  Microsoft unveils crazy new Bing powered by ChatGPT AI tech | Windows Central
• Yahoo! Finance:
  ChatGPT on track to surpass 100 million users faster than TikTok or Instagram: UBS
• SiliconAngle:
  Microsoft integrates OpenAI’s GPT-3.5 model into its Viva Sales application
• Inverse:
  Microsoft Teams Premium Has the First Actually Useful Application of OpenAI’s GPT-3
• ZDNet:
  ChatGPT – One million people have joined the waitlist for Microsoft’s AI-powered Bing

A new paperback book that examines the use of Generative AI for State & Local Government scenarios was released earlier this month:

"Generative Artificial Intelligence Use Cases in State & Local Governments" is a groundbreaking book that explores the numerous ways in which AI can be harnessed by government entities at the state and local levels to enhance their operations and services.

The book provides a comprehensive overview of AI technologies and their potential applications, including:

• predictive maintenance
• fraud detection
• budget forecasting
• grant application review
• and much more

With real-world case studies and examples of AI deployments, the book illustrates the tangible benefits that can be achieved by incorporating these technologies into government operations.

The book also provides practical guidance on how to plan and implement AI projects, including best practices for data management, ethical considerations, and how to foster collaboration between AI practitioners and government officials.

Whether you are a government executive, an AI professional, or simply interested in the role of technology in the public sector, this book is an essential resource for anyone looking to understand the future of AI in state and local governments.

Get the book here on Amazon:

• Amazon.com: Generative Artificial Intelligence Use Cases in State & Local Governments: Scratching the surface of the "Why" & "How" to initiate implementing … through the lens of 100 use cases: 9798376107843: Shekhar, Vidhu, ChatGPT, OpenAI: Books

Some organizations have users that switch computers often and require the use of Microsoft 365 Apps such as Word, Excel, PowerPoint, etc.  Each time they switch computers, one of their 6 license activations are used… until there are no more activations are left.

If this becomes a problem for your users, the user that’s “maxed out” their Microsoft 365 Apps installations may “deactivate previous device installations” that have been used on their own.
 
Deactivate an installation of Office – Microsoft Support

If you have an Microsoft 365 subscription, you can sign out of Office on a PC or Mac remotely from any web browser to deactivate the installation. Because Office will sign you out of devices automatically to stay within your sign-in limit, there’s no longer a need to use this process to free up installs. For more info, see How sign in works in Microsoft 365.

Note: Signing out of Office doesn’t uninstall Office, remove Office documents, or cancel your Microsoft 365 subscription.

Alternatively, you may leverage Microsoft 365 Apps via “Shared Computer Activation”.
 
Overview of shared computer activation for Microsoft 365 Apps – Deploy Office | Microsoft Learn

Shared computer activation lets you deploy Microsoft 365 Apps to a computer in your organization that is accessed by multiple users. Here are some examples of supported scenarios:

• Three workers at a factory share the same physical computer, with each worker using Office on that computer during their eight-hour shift.
• Fifteen nurses at a hospital use Office on 10 different computers throughout the day.
• Five employees connect remotely to the same computer to run Office.
• Multiple employees use Office on a computer that’s located in a conference room or some other public space in the company.
• Multiple users access an instance of Office that is hosted through Remote Desktop Services (RDS).

Shared computer activation is required for scenarios where multiple users share the same computer and the users are logging in with their own account. Normally, users can install and activate Microsoft 365 Apps only on a limited number of devices, such as 5 PCs. Using Microsoft 365 Apps with shared computer activation enabled doesn’t count against that limit.