As announced yesterday in Microsoft Licensing’s news site:

“To help support customers transition to Office 365 ProPlus apps, we have decided to retain the “dual use” policy in the Microsoft 365 From SA product terms.

We had previously announced plans to phase out rights to deploy perpetual Office clients in new and renewing agreements that include the “From SA” version of Microsoft 365 E3 or E5.

Retaining this policy will provide more flexibility and time as customers deploy and adopt Office 365 ProPlus, a key part of the modern workplace.”

Read more here:

Join us for a quick look at the new and improved Supervision policies in Microsoft 365.

Learn how to create policies to help enforce corporate communications policies, monitor risk management, and meet regulatory compliance requirements. Use custom and intelligent policy conditions, such as the offensive language data model, to capture and flag all email and Microsoft Teams communications. Learn how to easily review and classify captured messages with the new management and reporting experience in the Security & Compliance Center.

For more information on Supervision policies in Microsoft 365, follow this link: http://aka.ms/supervision

imageHot off the presses… here’s a summary of the OneDrive announcements made at SharePoint Conference 2019 this week.

This includes the introduction of:

  • “Differential-based file sync, saving time & network utilization”
  • “Microsoft Teams file sharing integration in chats and conversations”
  • “Requests files from others”
  • “Known Folder Move support for OneNote”

Read about it here:

Watch this Teams Academy session to learn about Live Events and how to configure them in Microsoft Teams.

Presentation deck available at:
http://aka.ms/teamsacademy

imageAzure AD now supports restricting access to SSPR/MFA self service to trusted devices, trusted networks, low risk scores and more using Conditional Access.

This helps ensure it’s the right user—not an attacker—registering this security sensitive info. Some common restrictions were requested include ensuring that:

  • Users are on a trusted network.
  • Only users with a low sign-in risk can register security information.
  • Users can only register on a managed device.
  • Users should agree to a terms of use during registration.

Check on the announcement & documentation here!

Posted by: kurtsh | May 17, 2019

RELEASE: Disabling hyperthreading in Azure VMs

A new Azure VM capability – “Disabling Hyperthreading” – has been released this week that may provide greater performance & security for folks using Virtual Machines in Azure.

  • The origins of this feature are sourced from a new class of Intel CPU vulnerabilities which makes the use of hyperthreading potentially a risk for companies specifically using untrusted code.
  • Additionally, as a side benefit for some, disabling hyperthreading may improve performance for certain heavy workloads.

Here’s the recently released process on how to disable hyperthreading:

[taken from Guidance for mitigating speculative execution side-channel vulnerabilities in Azure]

Disable hyperthreading on the VM – Customers running untrusted code on a hyperthreaded VM will need to disable hyperthreading or move to a non-hyperthreaded VM size. To check if your VM has hyperthreading enabled, please refer to the below script using the Windows command line from within the VM.

Type wmic to enter the interactive interface. Then type the below to view the amount of physical and logical processors on the VM.

  • CPU Get NumberOfCores,NumberOfLogicalProcessors /Format:List

If the number of logical processors is greater than physical processors (cores), then hyperthreading is enabled. If you are running a hyperthreaded VM, please contact Azure Support to get hyperthreading disabled. Once hyperthreading is disabled, support will require a full VM reboot.

[Thank you to Lee Reese & Raj Nemani for hunting this down for our customers]

Most people know cloud services to be an Operational Expense (OPEX) however did you know that it can be, under certain circumstances be a capital expense (CAPEX)?

Reserving your VM

As of November 2017, you’re no longer limited to an operational expenditure model in Azure. By using Azure Reserved Virtual Machine Instances (known as RIs) you can change your cloud payment model to a capital expenditure model.

This model works well for a number of situations. Imagine you’re deploying a web service that will require at least two VMs online 24/7 for the next year, with other VMs brought on-and offline as demand fluctuates.

In this situation, you could purchase two, one-year RIs. RIs are paid for upfront with a 1-year commitment and the longer you commit the more you save; this can mean cost-savings versus paying monthly. To respond to increased demand, you’ll still be able to finance other VMs on a pay-as-you-go basis.

If you commit to three RIs you could save up to 82% when compared to pay-as-you-go. That’s a huge saving, especially if you have access to the funds upfront.

Original post here:

May Azure AD webinars are next week and we have two new topics! Beginning Your Journey to Zero Trust with Conditional Access and Identity Protection and The Power of Advanced Hunting will be offered for the first time.

All of our webinars are listed at http://aka.ms/aadwebinars

Details:

  • These webinars are free of cost.
  • These webinars are currently held monthly with new sessions being added.
  • These sessions are 1 hour which includes an anonymous Q&A session with our Engineering Team.

Beginning Your Journey to Zero Trust with Conditional Access & Identity Protection

Tuesday, May 14, 2019 7:00 AM – 8:00 AM PDT (UTC -7)

Tuesday, May 14, 2019 11:00 AM – 12:00 PM PDT (UTC -7)

Streamlining Password Management Using Azure AD

Wednesday, May 15, 2019 7:00 AM – 8:00 AM PDT (UTC -7)

Wednesday, May 15, 2019 11:00 AM – 12:00 PM PDT (UTC -7)

Azure AD Connect Health

Thursday, May 16, 2019 7:00 AM – 8:00 AM PDT (UTC -7)

Thursday, May 16, 2019 11:00 AM – 12:00 PM PDT (UTC -7)

Getting Ready for Azure AD

Tuesday, May 21, 2019 7:00 AM – 8:00 AM PDT (UTC -7)

Tuesday, May 21, 2019 11:00 AM – 12:00 PM PDT (UTC -7)

The Power of Advanced Hunting – Unleash the hunter in you!

Wednesday, May 22, 2019 7:00 AM – 8:00 AM PDT (UTC -7)

Wednesday, May 22, 2019 11:00 AM – 12:00 PM PDT (UTC -7)

Manage Partner and Vendor Access Using Azure B2B Collaboration

Thursday, May 23, 2019 7:00 AM – 8:00 AM PDT (UTC -7)

Thursday, May 23, 2019 11:00 AM – 12:00 PM PDT (UTC -7)

In case you missed it, Windows 10 Enterprise “September” releases have been granted 30 months of support – as result of a policy change made a few months ago. 

Here’s the details of the change:

Longer Windows 10 servicing for enterprises and educational institutions

In April 2017, we aligned the Windows 10 and Office 365 ProPlus update cadence to a predictable semi-annual schedule, targeting September and March. While many customers—including Mars and Accenture—have shifted to a modern desktop and are using the semi-annual channel to take updates regularly with great success, we’ve also heard feedback from some of you that you need more time and flexibility in the Windows 10 update cycle.

Based on that feedback, we’re announcing four changes:

  • All currently supported feature updates of Windows 10 Enterprise and Education editions (versions 1607, 1703, 1709, and 1803) will be supported for 30 months from their original release date. This will give customers on those versions more time for change management as they move to a faster update cycle.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of September (starting with 1809) will be supported for 30 months from their release date. This will give customers with longer deployment cycles the time they need to plan, test, and deploy.
  • All future feature updates of Windows 10 Enterprise and Education editions with a targeted release month of March (starting with 1903) will continue to be supported for 18 months from their release date. This maintains the semi-annual update cadence as our north star and retains the option for customers that want to update twice a year.
  • All feature releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (this applies to feature updates targeting both March and September).

In summary, our new modern desktop support policies—starting in September 2018—are:

image

Read about this and other policy changes here:

“Activates” engagements from Microsoft Premier Services are on-site engagements that includes training on the technology in question, as well as jumpstart guidance to help customers move forward with an initiative.  The goal is to pass on knowledge to customer’s staff so they can move forward on their own.

Each Activates offering is generally a 3-5 days long on-site engagement led by a Premier Field Engineer and requires 5 days of “SAB Planning Services”.  This is the only scenario I know of where SAB Planning Services may be used for Premier offerings.

Contact your Premier TAM for more information on how to take advantage of your SAB Planning Services benefits with “Activates” offerings.

For reference, here is the list of Azure related Activates I’m aware of as for 5/10/19:

Focus Area

Activate Services

Primary Technology

Azure

Activate Azure Stack with IaaS

Azure

Azure

Activate Azure with Administration and Governance

Azure

Azure

Activate Azure with Enterprise-grade Networking

Azure

Azure

Activate Azure with Hybrid Cloud

Azure

Azure

Activate Azure with Recovery Services

Azure

Azure

Activate Azure with Azure Monitor

Azure

Azure

Activate Azure with Virtual Classrooms

Azure

Azure Developer

Activate Azure with Dev Ops

Developer – Azure

Azure Developer

Activate Azure with Intelligent Apps

Developer – Azure

Azure Developer

Activate Azure with Microservices and Containers​​​​

Developer – Azure

Azure Developer

Activate Azure with Mobile Apps

Developer – Azure

Azure Developer

Activate Azure with Modern Apps

Developer – Azure

Data & Analytics

Activate Azure with Automated Deployments

Data AI

Data & Analytics

Activate Azure with Log Analytics

Data AI

Data & Analytics

Activate Business Analytics with Power BI

SQL Server

Data & Analytics

Activate Data Platform Modernization for SQL

Data AI

O365

Activate Enterprise Mobility + Security

EMS (Intune / AutoPilot)

O365

Activate Microsoft Teams

Teams

Security

Activate Windows Hello for Business

Windows 10

Security

Activate Windows 10 Enterprise

Windows 10

Azure

Activate Azure with Conditional Access

Azure

Azure Developer

Activate Azure Internet of things

Azure – Developer

Azure

Architectural Services – Microsoft Azure: Cloud Ready Datacenter

Azure

« Newer Posts - Older Posts »

Categories