Posted by: kurtsh | December 20, 2016

INFO: Accelerate your Office 365 deployment with FastTrack


Fasttrack is a Microsoft service that comes with subscriptions to Office 365, Enterprise Mobility + Security Suite, Intune, & Azure RMS.  It provides engineers & architects to help folks onboard & deploy these cloud services – at no additional cost to you.

There’s a great presentation & video recording from Ignite 2016 out there called “Accelerate your Office 365 deployment with FastTrack”. The presentation goes over:

  • What services Fasttrack provides
  • What geographical coverage it supports
  • Scenarios, resources, and the expectations you should have of Fasttrack
  • Technical On-boarding capabilities of Fasttrack for
          • Exchange Online
          • SharePoint Online
          • Skype for Business Online
          • OneDrive for Business
          • Office Pro Plus
          • Yammer Enterprise
  • Process & how to get started

View the presentation here:

imagePASStv is your virtual ticket into SQL PASS Summit: Keynotes, Women In Technology luncheon, sessions, & more!

And it’s FREE.  Here’s a list of sessions with recordings to view on-demand from Oct 26-28, 2016:

imageWednesday, October 26

Thursday, October 27

Friday, October 28

View the recordings site here:

imageI really like this list as a guideline for folks considering security for their cloud solutions.  Here’s consideration #1, pictured to the right.

It’s part of the Microsoft Secure blog, a blog dedicated to Microsoft’s point of view on security, privacy, reliability, and trust. It’s the place to go for in-depth articles on Microsoft products and services, as well as tips and recommendations for improving security in your organization.

Here is a larger list of 8 questions to think about for adaptive cloud security. Step 1: Check your budget.

To read the full list, visit:


On October 25-28, 2016, SQL PASS 2016 took place in Seattle, WA – the world’s largest gathering of SQL Server and BI professionals.

If you’re interested in downloading the SQL PASS 2016 Keynote from Day 2 entitled, “Datawarehousing in the Cloud” by David J. DeWitt & Willis Lang, I’ve got the deck below.

imageStarting in February 2017, Microsoft will no longer support Project 2013 (through Office 365 or MSI) connecting to Project Online. Customers who need to connect to Project Online will need to move to Project 2016.

For more information, please check out Premier PFE, Brooks White’s blog here:

We announced 2 new support offerings: Windows Server Premium Assurance and SQL Server Premium Assurance. These offerings add 6 more years of product support for Windows Server and SQL Server, allowing for a minimum of 16 years of total support:

  • 5 years for Mainstream Support
  • 5 years of Extended Support
  • 6 years of Premium Assurance


The additional support period provides Security Updates and Bulletins rated “Critical” and “Important” (see the Security Bulletin Severity Rating System for definitions) for both products.

To learn more about Windows Server Premium Assurance and SQL Server Premium Assurance, and the six additional years of product support they provide, read the datasheet. The new offerings will be available early next year.

For more details, read the announcement blog post here:

imageAbout a week ago, a couple of Microsoft Researchers released a tool presented at Black Hat Europe 2016 called "SAMRi10" (pronounced “Samaritan”), a short PowerShell (PS) script which alters remote SAM access default permissions on Windows 10 & Windows Server 2016. This hardening process prevents attackers from easily getting some valuable recon information to move laterally within their victim’s network.

Here’s a summary of the tool’s goals & functionality:


Reconnaissance (recon for short) is a key stage within the Advanced Attackers’ kill chain. Once attackers have breached a single end-point, they need to discover their next targets within the victim’s corporate network, most notably privileged users. In order to enable admins to harden their network against such recon attacks targeting local users, we had developed the “SAMRi10” (pronounced Samaritan) tool.


Reconnaissance (recon for short) is a key stage within the Advanced Attackers’ kill chain. Once attackers have breached a single end-point, they need to discover their next targets within the victim’s corporate network, most notably privileged users

Attackers utilize compromised credentials in order to move laterally within their victims’ network. These compromised credentials may consist of either domain or local credentials. Local credentials, especially those of local admins, are a lucrative target for the attackers as they are less managed (password complexity and change policy) and less monitored (no traffic and logs besides the specific computer).

Querying the Windows Security Account Manager (SAM) remotely via the SAM-Remote (SAMR) protocol against their victim’s domain machines, allows the attackers to get all domain and local users with their group membership and map possible routes within the victim’s network. Recently, some frameworks (e.g. BloodHound) have automated that mapping process.
By default, the SAM can be accessed remotely (via SAMR) by any authenticated user, including network connected users, which effectively means that any domain user is able to access it. Windows 10 had introduced an option to control the remote access to the SAM, through a specific registry value. On Windows Anniversary update (
Windows 10 Version 1607) the default permissions were changed to allow remote access only to administrators. An accompanying Group Policy setting was added, which gives a user-friendly interface to alter these default permissions.

In order to enable admins to have granular control over remote access to SAM for all Windows 10 versions, we had developed the “SAMRi10” (pronounced Samaritan) tool. The SAMRi10 tool is a short PowerShell (PS) script which alters these default permissions on all Windows 10 versions and Windows Server 2016. Most significantly, this hardening process should block attackers from easily getting valuable recon information.

SAMRi10 can be downloaded from here. In-depth usage instructions are included in the download package.

Posted by: kurtsh | December 19, 2016

WHITEPAPER: Azure Onboarding Guide for IT Organizations


There’s a 103 page document that we’ve produced called the “Azure Onboarding Guide for IT Organizations”.

The purpose of this document is to provide an overview, guidance, and best practices for enterprise IT departments to introduce, consume, and manage Microsoft Azure-based services within their organization. The target audience is enterprise architects, cloud architects, system architects, and IT managers.

It covers the following:

  1. Moving to the Cloud
  2. Managing security, compliance, and data privacy
  3. Azure enterprise administration
  4. Integrating Azure into the corporate network
  5. Extending Active Directory to Azure
  6. Operating Azure IaaS Services
  7. Migrating existing services to Azure
  8. Offering management for cloud-based services

Download the whitepaper here:

For more papers & documentation, visit: attend our free, two-day technical training for IT professionals and developers with experts who build the cloud services across Microsoft Azure, Office 365, and Windows 10.

Join over 70 technical training sessions covering a range of topics across Microsoft Azure and the hybrid platform including security, networking, data, storage, identity, mobile, cloud infrastructure, management, DevOps, app platform, productivity, collaboration and more.

Register below:


We have a new free ebook to share! This ebook, Containerized Docker Applications Lifecycle with Microsoft Tools and Platform, by Cesar de la Torre, was published by the Microsoft DevDiv team. Cesar has previously written for Microsoft Press, so we’re helping spread the word about his new ebook. Enjoy!

« Newer Posts - Older Posts »