Kurt Shintaku's Blog

We’re thrilled to announce the 1.0 release of the ’Information Assistant’, built with Azure OpenAI Service! Our Industry Accelerator provides an end-to-end baseline custom RAG (Retrieval Augmentation Generation) pattern for public sector customers and partners, to get started with Generative AI. 🧠💡

You can access the “Information Assistant” via Microsoft’s public GitHub repository and deploy it using GitHub Codespaces within your own tenant in under an hour.

• GitHub Repo:
  https://github.com/microsoft/PubSec-Info-Assistant
• Two minute video summary:
  https://www.youtube.com/watch?v=gwUhmMexmgw&t=5s

What’s an Industry Accelerator from Microsoft?
It’s a combination of components, provided as sample code and documentation, that can provide a foundational capability aligned to an industry need. They make it easier to use and deploy our software and are provided to customers and partners at no charge. 💼🌐

Got questions or interested in a discussion/demo? We’re here to help!
Click on the link below and let’s get the conversation started. 📝💬

• Information Assistant built with Azure OpenAI Service
  https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR6o4NZzd2WJFhMOsgKclOl9UOFVXWEMyVERTVkxZTU9SUk5PVTkyUzdDRiQlQCN0PWcu

Are you using Office 365, Microsoft 365, Azure or Power Platform?  If so, you’re using “Entra ID”, formerly Azure Active Directory.

So how are you protecting your organization’s identities?  No, not “multi-factor authentication” & “strong passwords”.  Think about:

• Authentication monitoring
• Identifying risks amongst identities
• Simulating risk like atypical travel, leaked credentials, unfamiliar sign-in properties, anonymous IP addresses
• Automatically escalating authentication requirements

If this is unfamiliar to you, you should investigate Entra ID Protection.

What is Entra ID Protection?
“Microsoft Entra ID Protection helps organizations detect, investigate, and remediate identity-based risks.” https://learn.microsoft.com/en-us/entra/id-protection/overview-identity-protection

• Detect risks
  ➡ Anonymous IP address usage
  ➡ Password spray attacks
  ➡ Leaked credentials
• Investigate
  ➡ Risk detections
  ➡ Risky sign-ins
  ➡ Risky users
• Remediate risks
  ➡ Automatic remediation
  ➡ Manual remediation

Documentation:

• Plan an Identity Protection deployment 
  https://learn.microsoft.com/en-us/entra/id-protection/how-to-deploy-identity-protection
• Configure and enable risk policies  https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-configure-risk-policies
• What are risk detections?    
  https://learn.microsoft.com/en-us/entra/id-protection/concept-identity-protection-risks
• Simulating risk detections
  https://learn.microsoft.com/en-us/entra/id-protection/howto-identity-protection-simulate-risk

Is there training or deployment planning?
Entra ID Protection has self-paced training available here:
https://learn.microsoft.com/en-us/training/modules/protect-identities-with-aad-idp/

It also has instructor-led training available in the SC-300 Identity & Access Administrator course:
https://learn.microsoft.com/en-us/credentials/certifications/identity-and-access-administrator/?source=recommendations

If you would like guidance around deployment planning:
https://learn.microsoft.com/en-us/entra/id-protection/how-to-deploy-identity-protection

How do I license Entra ID Protection?
Entra ID Protection is available to license (subscribe to) in several ways. Technically, a small amount of Entra ID Protection’s security reporting is available via “Entra ID Premium P1” licenses (which you can see here) however the only way to get full functionality is by obtaining “Entra ID Premium P2” licenses for all your users in Entra ID:

1. Entra ID Premium P2
2. Enterprise Mobility & Security E5/G5 (which includes Entra ID Premium P2)
3. Microsoft 365 E5/G5 (which includes Enterprise Mobility & Security E5/G5)

#microsoft #security #identityprotection #entraid

As a governance leader, your role in the incident response process is pivotal. Gain a comprehensive understanding of your responsibilities and the crucial steps to guide your team effectively.

From the introduction of “Navigating the Maze of Incident Response“:

Cyber security incidents are an inevitability. It’s important to start an incident response (IR) the right way, with a thorough understanding of what to do, when to do it, and who needs to be involved. Beyond the obvious questions about the scope of the compromise and how to regain control, it’s important to preserve evidence, as well as understand your compliance and regulatory obligations.

This guide explains how to structure an incident response, with recommendations and best practices to help navigate those crucial initial hours after a breach is detected.

While a wealth of material on IR best practices already exists, this document focuses first and foremost on the people and processes involved in effectively responding to an incident—the roles required to respond to incidents, how to manage your response in way that is efficient and people-centric, how to avoid burnout and ensure all requirements and obligations are met at every level, and how to ensure everyone’s roles and responsibilities are clear, so the incident response is effective overall.

Get the complete interactive guide here: 

• DOWNLOAD: Navigating the Maze of Incident Response (74pgs, .PDF)
  https://www.microsoft.com/content/dam/microsoft/final/en-us/microsoft-brand/documents/Navigating-the-Maze-of-Incident-Response.pdf

Did you know Microsoft offers complete certification training courses online 100% FREE for over 28+ technologies?

• Automating Administration w/ PowerShell (5 day)
• Fabric Analytics Engineer (4 day)
• Administering Windows Server Hybrid Core Infrastructure (4 day)
• Configuring & Operating Microsoft Azure Virtual Desktop (4 day)
• Azure Administrator (4 day)
• Microsoft 365 Endpoint Administrator (5 day)
• Microsoft 365 Administrator (5 day)
• Data Engineering on Microsoft Azure (4 day)
• Administering Information Protection and Compliance in Microsoft 365 (4 day)
• Designing and implementing a data science solution on Azure (4 day)
• Managing Microsoft Teams (4 day)
• Collaboration Communications Systems Engineer (4 day)
• Configuring Windows Server Hybrid Advanced Services (4 day)

…and many more shorter, 1 day courses like:

• Microsoft 365 Fundamentals (1 day)
• Microsoft Azure Fundamentals (1 day)
• Microsoft Azure Data Fundamentals (1 day)
• Microsoft Azure AI Fundamentals (1 day)
• Implementing a Lakehouse with Microsoft Fabric (1 day)
• Implementing a Data Analytics Solution with Azure Synapse Analytics (1 day)
• Empower your workforce with Copilot for Microsoft 365 Use Cases (1 day)
• Copilot for Microsoft 365 for Administrators (1 day)

…and more!

Click here for the catalog:

• Browse Microsoft Training Courses for All IT Professional Roles
  https://learn.microsoft.com/en-us/training/browse/?resource_type=course&products=azure%2Cm365%2Cfabric%2Cwindows&roles=administrator%2Cai-engineer%2Cbusiness-analyst%2Cbusiness-user%2Cdata-analyst%2Cdata-engineer%2Cdata-scientist%2Cfunctional-consultant

Explore ways to use Azure AI tools to build cloud-native apps that elevate customer experiences and drive business growth.

Get the e-book Using AI to Build Intelligent Apps that Delight Customers to read how four enterprise companies are using Azure AI to deepen customer satisfaction, drive immediate business results, and position themselves for long-term success.

Read the e-book to:

• See how to accelerate innovation by streamlining development and offering intelligent services that work across data types, environments, and skill levels.
• Discover why intelligent apps are beloved by customers and why they outperform traditional apps in flexibility, scalability, and cost efficiency.
• Explore case studies from Microsoft customers and see the Azure solutions they’re using to gain a competitive edge.

Download the eBook here:

• DOWNLOAD: eBook, “Using AI to Build Intelligent Apps that Delight Customers” (.PDF)
  https://info.microsoft.com/ww-landing-using-ai-to-build-apps-that-delight-customers.html?lcid=en-us

Are you using Microsoft Defender for Office 365? Hopefully, you’re aware of the “Configuration Analyzer”.

Configuration analyzer in Microsoft Defender for Office 365 helps you find and fix security policies that are less secure than the recommended settings. It allows you to compare your current policies with the standard or strict preset policies, lets you apply recommendations to improve your security posture, and view historical changes to your policies. 

There are 3 new improvements made to the Configuration Analyzer:

New Recommendations:

1. Safe links Policy: Create Custom safe links policy.
2. Outlook: Configure External tag in Outlook.
3. Anti Phishing Policy: Enable First contact safety tips.
4. DKIM: Configure DKIM and SPF for your domains.
5. Built-in Protection Policy: Remove Built-in protection exclusions.

New Flyout Experience:

• Clicking on a recommendation will now open a flyout that has brief detail about why we are making the recommendation as well as targeted links to documentation to learn more about.

Exporting the Recommendations:

• A new Export button should appear when you select one or multiple recommendations. Clicking on the Export button will download the selected recommendations as a CSV file which can be shared with your external partners who might not have access to your environment.

View the announcement post here:

• BLOG: Updates to Configuration Analyzer in Microsoft defender for Office 365
  https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/updates-to-configuration-analyzer-in-microsoft-defender-for/ba-p/4043087

Some folks have heard me use the generic term, “AI Czar”, as in an individual designated as the point of contact for knowledge, strategy & guidance around the use of artificial intelligence within a municipal entity.

Well, many organizations are taking this to a leadership level with a CxO title: The “Chief AI Officer”.

A quote for Jared Spataro, Microsoft’s Corporate VP of Modern Work & Business Applications:

In the midst of the #AI boom, a new leadership role is emerging: the rise of senior executives devoted to AI. This piece from The New York Times showcases Mayo Clinic‘s pioneering decision to appoint a Chief AI Officer, Dr. Bhavik Patel. Leading groundbreaking AI initiatives at Mayo Clinic, Patel is spearheading efforts to revolutionize healthcare. This move mirrors a trend seen across various sectors, with companies like Florida Blue and Accenture also appointing executives to spearhead AI endeavors.

From hospitals to law firms, the rise of #AILeadership positions signals a new era of innovation. As industries race to the potential of AI, executive roles such as Patel’s become crucial in navigating the transformative power of this technology. Dive into the full article to explore how companies worldwide are embracing AI leadership to shape the future of their respective industries.

Read the New York Times article Jared is referencing here:

• Hottest Job in Corporate America? The Executive in Charge of A.I.
  Many feared that artificial intelligence would kill jobs. But hospitals, insurance companies and others are creating roles to navigate and harness the disruptive technology.
  https://www.nytimes.com/2024/01/29/technology/us-jobs-ai-chatgpt-tech.html
  (https://archive.ph/FCHZ2)

Customers must migrate off the legacy Log Analytics agents (Microsoft Monitoring Agent (MMA), Operations Management Suite (OMS)) by August 31st, 2024 to remain supported.

Action required
Please be sure to plan appropriately to ensure you have ample time to complete the migration. All legacy agents need to migrated to Azure Monitor Agent (AMA) by August 31, 2024.

Resources to help you:

• Learn about Azure Monitor Agent (AMA) migration:
  Migrate to Azure Monitor Agent from Log Analytics agent
  https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-migration
• Migrate using migration tools:
  Tools for migrating to Azure Monitor Agent from legacy agents
  https://learn.microsoft.com/en-us/azure/azure-monitor/agents/azure-monitor-agent-migration-tools
• Ask your Unified Enterprise CSAM about the “Proof of Concept for Monitoring Workloads” value-based delivery (Datasheet Page 1 image to the left)

As announced last year, after March 31, 2024, any classic Teams users that haven’t updated to new Teams will be automatically updated to new Teams. ‌It only takes one click to update to new Teams. Users can easily pick up and resume exactly where they left off in classic Teams and their chat messages, Teams and channels, and apps will appear in new Teams.

‌Note:

• The classic Teams for Virtualized Desktop Infrastructure (VDI) will reach the end of availability on June 30, 2024.
• Windows Server 2016 is not supported with new Teams. VDI Customers should plan to update to Windows Server 2019 (10.0.17763) or Windows Server 2022 (10.0.20348) or higher to get started on their new Teams journey. For details on VDI system requirements, visit this page.
• The auto-update timeline of March 31, 2024, will not impact Microsoft Teams Rooms (MTR) and Surface Hub devices.
• Users of the Teams Windows desktop app must have Windows 10 version 10.0.19041 or above to access new Teams. The prerequisites for new Teams can be found here.
• If you are using the Admin-controlled policies for manage the New Teams client rollout, as outlined in Upgrade to the new Teams using policies, know that these policies will no longer be honored at the start of April, apart from your VDI users, and the following changes will happen:
• New Teams will be installed and become the default client. The toggle to return to classic Teams will still be available if needed.
• In mid-May, any users remaining on classic Teams will be switched to new Teams, and the toggle to return to classic Teams will no longer be available. We’ll attempt to uninstall classic Teams, currently after a period of 14 days.

Action:

• With March 31, 2024, being less than two months away, we ask that if you are still on classic Teams, to update to new Teams as early as possible.
• Know that starting from this month, any classic Teams users who haven’t updated to new Teams will see an informational banner to remind them about the timeline for the auto update.
• We recently introduced the new Teams usage report in the Teams Admin Center. The client usage report gives customers an overview of the Teams desktop clients in use within their organization. It highlights platform (Windows or Mac), app version, and user type (preview or production) to help customers better understand the current state of their user’s desktop clients. Please try out the usage report tool.

Resources

• User experience before and after March 31, 2024
• Auto-update announcement

Kijo Girardi, a security escalation engineer with Microsoft wrote a PowerShell script he calls, “MDE Tester”. MDE Tester tests the following features:

• Microsoft Defender SmartScreen
• Microsoft Defender Exploit Guard, Network Protection
• Microsoft Defender for Endpoint, URL Indicators
• Microsoft Defender for Endpoint, Web Content Filtering

Get his PowerShell script here:

• DOWNLOAD: Microsoft Defender for Endpoint Tester
  https://github.com/LearningKijo/MDEtester