Kurt Shintaku's Blog

Microsoft is a 1^st class platform leader in IaaS platform native Security, with Microsoft Defender cloud security solutions for virtually all IaaS workloads such as:

• Comprehensive Cloud Security Posture Management & Cloud Infrastructure Entitlement Management
• World class DDOS protection, Malware detection for blob storage, VMs, containers, etc.

Other lower-tier cloud providers do not have most of the same native IaaS security solutions to protect assets in their cloud and generally rely on customers purchasing separately licensed, 3^rd party security solutions & their positions on the Forrester Wave highlights this lack of attention to this critical area.

DOWNLOAD THE REPORT
To download the Forrester Wave report on “Infrastructure-as-a-service Platform Native Security” (licensed for distribution):

• Forrester names Microsoft a Leader in 2023 Infrastructure-as-a-Service Platform Native Security report
  https://www.microsoft.com/en-us/security/blog/2023/05/03/forrester-names-microsoft-a-leader-in-2023-infrastructure-as-a-service-platform-native-security-report/

We’ve published a request form for the Early Access Program for “Microsoft 365 Copilot”:

In March, we introduced the world to Microsoft 365 Copilot – your copilot for work. We’re excited to share the next step in our journey as we bring Copilot to more customers and introduce new capabilities. We’re also releasing new data and insights from our 2023 Work Trend Index on how work is changing in the era of AI.

Microsoft 365 Copilot Early Access Program
Since March, we’ve been testing Copilot with 20 enterprise customers, learning alongside companies like Chevron, Goodyear, General Motors and Dow. Their overwhelming feedback is that Copilot has the potential to revolutionize work. They point to how it is a game changer for meetings and is beginning to transform the way they create. And, they’ve identified areas where we can do more to help people adapt to this new way of working, like the need for more conversational, multi-turn interactions. As we bring Copilot to more customers, we’ll continue to rely on this kind of feedback to refine Copilot and help guide users as they adapt to this new way of working.

…

In addition to Microsoft 365 Copilot features previously announced, including Copilot for Word, Copilot for Excel, Copilot for PowerPoint, and others, we’re also announcing the following NEW capabilities:

Introducing new Microsoft 365 Copilot capabilities
When we introduced Copilot in March, we unveiled capabilities across the Microsoft 365 suite of apps that millions use every day to get work done. We’re not stopping there – we’re continuing to add new Copilot capabilities to bring AI to every part of the suite, enabling employees and organizations to unleash creativity, unlock productivity and uplevel skills.

· Copilot in Whiteboard will make Microsoft Teams meetings and brainstorms more creative and effective. Using natural language, you can ask Copilot to generate ideas, organize ideas into themes, create designs that bring ideas to life and summarize whiteboard content.

· By integrating DALL-E, OpenAI’s image generator, into PowerPoint, users will be able to ask Copilot to create custom images to support their content.

· Copilot in Outlook will offer coaching tips and suggestions on clarity, sentiment and tone to help users write more effective emails and communicate more confidently.

· Copilot in OneNote will use prompts to draft plans, generate ideas, create lists and organize information to help customers find what they need easily.

· Copilot in Loop helps your team stay in sync by quickly summarizing all the content on your Loop page to keep everyone aligned and able to collaborate effectively.

· Copilot in Viva Learning will use a natural language chat interface to help users create a personalized learning journey including designing upskilling paths, discovering relevant learning resources and scheduling time for assigned trainings.

…

Read more about how to request access here:

• Introducing the Microsoft 365 Copilot Early Access Program and 2023 Microsoft Work Trend Index
  https://blogs.microsoft.com/blog/2023/05/09/introducing-the-microsoft-365-copilot-early-access-program-and-2023-microsoft-work-trend-index/

A few more announcements regarding integration support for the new Windows Local Administrator Password Solution (WLAPS):

SENTINEL

One of Microsoft’s MVPs documented steps on how to create Data Collection Rules (DCRs) for Microsoft Sentinel that will collect LAPS events from your environment.

• Monitor Windows LAPS Events with Microsoft Sentinel
  https://www.kaidojarvemets.com/monitor-windows-laps-events-with-microsoft-sentinel/

INTUNE

We’ve also announced Microsoft Intune support for the ability to manage and support Windows LAPS, bringing Microsoft’s admin password management solution to the cloud.

• Announcing Windows LAPS management through Microsoft Intune
  https://techcommunity.microsoft.com/t5/intune-customer-success/announcing-windows-laps-management-through-microsoft-intune/ba-p/3801584

Does your organization have:

• field workers
• call centers
• factory floor workers

…or folks that other work in “rotation schedules”? 

Wouldn’t it be cool if you could provide Cloud PC access for any 3 employees per license – like shift-workers & 3rd party contractors?

Windows 365 Frontline is a version of Windows 365 that helps organizations save costs by providing a single license to provision three Cloud PC virtual machines. For each Windows 365 Frontline license that you buy, you can provision three different Cloud PCs that can’t be used concurrently. Instead, each user receives a unique Cloud PC that they can use when the other two users on the same license aren’t signed into their Cloud PCs.

Windows 365 Frontline is designed specifically for workers who share computing resources and don’t require 24/7 dedicated Cloud PCs. This system better supports organizations that are more elastic and distributed working across various devices. Frontline Cloud PCs can be helpful for users who are:

• On a rotation schedule.
• Working across time zones and regions.
• Part-time workers.
• Contingent staff.

The maximum number of active Windows 365 Frontline Cloud PCs in your organization is equal to the number of Windows 365 Frontline licenses that you’ve purchased. For example, if you purchase 10 licenses, 30 Cloud PCs will be provisioned. Ten of those Cloud PCs can be active at a given time. The licenses are managed automatically based on active sessions. When a user ends their session, the license is released for another user to start using their Cloud PC.

Windows 365 Frontline is in public preview.

…

Read more about Windows 365 Frontline here:

• ANNOUNCEMENT: Introducing Windows 365 Frontline
  https://www.microsoft.com/en-us/microsoft-365/blog/2023/04/06/windows-365-offers-flexibility-from-the-office-or-home-to-the-frontline/
• PRODUCT PAGE: Frontline | Windows 365
  https://www.microsoft.com/en/windows-365/frontline
• DOCS: “What is Windows 365 Frontline?”
  https://learn.microsoft.com/en-us/windows-365/enterprise/introduction-windows-365-frontline

Are you supporting Windows 10 or 11 desktops?

Wouldn’t it be great to receive an email when a significant known issue in Windows comes up?  There’s a new way to get those notices proactively!

Today, we’re announcing the availability of a much-requested feature for IT administrators planning and deploying Windows feature and quality updates—email alerts! Starting today, you can get notified about Windows known issues documented in the Windows release health section of the Microsoft 365 admin center. This enables you to easily and quickly learn about issues related to Windows updates and make informed decisions about rolling out an update across your environment.

When you sign up, you’ll receive emails about new issues for the versions of the Windows operating system you support, as well as updates to known issues such as:

• Changes in issue status
• New workarounds
• Issue resolution

This new feature is available to IT admins with a Windows or Microsoft 365 tenant, a subscription that provides access to Windows release health in the Microsoft 365 admin center^[1], and an eligible admin role.

…

Read about how to sign up for these alerts here:

• New feature: Sign up for Windows known issue email alerts
  https://techcommunity.microsoft.com/t5/windows-it-pro-blog/new-feature-sign-up-for-windows-known-issue-email-alerts/ba-p/3811111

To get the most value from your Security solutions, you need to understand the business value of the different features they include to decide if, when, and how to go about turning them on. And when you’re ready to enable new features, you need clear guidance to make it happen.  

This is why we recently published new Microsoft Security solution feature guides on Microsoft Defender for Office 365 and Defender for Endpoint. Each guide briefly highlights five key product features and the value they provide, then points directly to step-by-step enablement instructions. 

• Microsoft Security solution feature guide:
  Microsoft Defender for Office 365
  
  Defender for Office 365 provides integrated threat protection for your email and collaboration tools. With this guide, you can learn about and enable:

1. Incident and alert management
2. Attack simulations and training campaigns
3. Automated investigation and response triggers
4. Scanning with Safe Links
5. Attachment checks with Safe Attachments

• Microsoft Security solution feature guide:
  Microsoft Defender for Endpoint

  Defender for Endpoint helps you rapidly stop attacks, scale security resources, and evolve defenses across your operating systems and network devices. The guide covers the following features and links to instructions so you can: 

1. Define manual response actions
2. Explore automated investigations
3. Enable endpoint reporting and policy settings
4. Engage in advanced threat hunting
5. Choose either active or passive mode for antivirus

Check out the Microsoft Defender for Office 365 and Microsoft Defender for Endpoint solution feature guides to learn how you can get more value from Microsoft Security and take your first steps toward enabling more features today.   

Organizations are securing their workstation & servers by randomizing their Local Administrator account passwords & storing them in Azure AD using the new public preview of Microsoft’s “Windows Local Administrator Password Solution”.

Kaido Järvemets, a Microsoft MVP has written a blog about using Microsoft Sentinel to collect events from the new “Windows Local Administrator Password Solution”.

Windows Local Administrator Password Solution (LAPS) is a crucial security feature that helps organizations manage local administrator passwords for their domain-joined computers. In this blog post, we will explore how to create Data Collection Rules (DCRs) for Sentinel that will collect LAPS events from your environment.

Before you continue read my previous blog posts:

• Introducing the New and Improved Windows LAPS: Local Administrator Password Solution (kaidojarvemets.com)
• Windows LAPS PowerShell Commands (kaidojarvemets.com)
• Windows LAPS EventIDs and XPath Queries (kaidojarvemets.com)
• Windows LAPS – New Group Policy Settings (kaidojarvemets.com)

…

Read the entire blog post here:

• Monitor Windows LAPS Events with Microsoft Sentinel
  https://www.kaidojarvemets.com/monitor-windows-laps-events-with-microsoft-sentinel/

This keeps coming up so I’m writing a quick post about it. Many organizations using Microsoft 365 GCC still haven’t set up “Microsoft 365 Usage Analytics” through Power BI Pro.

WHAT IS IT?
Microsoft 365 Usage Analytics is a no-cost Power BI report that shows live information about what products & services are being used in a Microsoft 365 tenant. (Note: You must purchase 1 Power BI Pro license to use it)

This summary lets you quickly understand usage patterns in Microsoft 365 and how and where your employees are collaborating.  It includes:

• Adoption
  • how may users are enabled
  • how many people in your organization are actively using Microsoft 365
  • how many are returning users
  • how many are using the product for the first time
• Usage
  • volume of active users
  • key activities for each product for the last 12 months
• Communications preferences
  • do users prefer Teams, Yammer, email, or Skype calls
  • are there shifts in patterns in the use of communication tools
• Collaboration preferences
  • do users prefer OneDrive or SharePoint to store documents and collaborate with each other
  • does these trends evolve month over month
• Storage
  • track cloud storage for mailboxes, OneDrive, and SharePoint sites
• Mobility
  • track which clients and devices people use to connect to email, Teams, Skype, or Yammer
• Activation
  • track service plan (for example, Microsoft 365 Apps for enterprise, Project, and Visio) activations in your organization.
  • see the devices on which people have installed Microsoft 365 apps
• Licensing
  • overview of license types
  • count of users who were assigned each license type
  • license assignment distribution for each month

Additionally, administrators can create their own reports or customer the existing template.

BEFORE YOU BEGIN…

• You need to be a Microsoft 365 Global admin to enable data collection.
• You need the Power BI Desktop application to use the template file.
• You need a Power BI Pro license or Premium capacity to publish and view the report.

HOWTO:
For step by step guidance on setting this up for GCC tenants, visit:

• Connect to Microsoft 365 Government Community Cloud (GCC) data with Usage Analytics
  https://learn.microsoft.com/en-us/microsoft-365/admin/usage-analytics/connect-to-gcc-data-with-usage-analytics?source=recommendations&view=o365-worldwide

Follow the instructions above link re: downloading the Power BI template for GCC & using Power BI Desktop.

For more information about Usage Analytics, visit:

• About Microsoft 365 usage analytics
  https://learn.microsoft.com/en-us/microsoft-365/admin/usage-analytics/usage-analytics?view=o365-worldwide

————————

(BTW: This is a nice video walkthrough of how to connect Microsoft 365 Commercial – not Government – to Usage Analytics.  The catch is that you should not click the “Go to Power BI” button in the Microsoft 365 reports page.  This will not work because the button leads to the “Power BI Service” & the “Power BI Marketplace stored Usage Analytics template”.  This template ONLY points to Commercial environments – not Government. I’m sharing this video nonetheless to allow people to see how this is usually done outside of GCC tenants)

If you’re a public sector or government entity, be careful when considering purchasing Microsoft 365 F3 licensing to “save money” over Microsoft 365 G3.

TRADING BUDGET FOR COMPLIANCE & GOVERNANCE
Getting Microsoft 365 F3 user subscription licenses for a segment of your users may be a great solution for saving money on licensing for “field workers”, “technicians” & “non-office based workers” that don’t have the same robust needs as traditional information workers… but it’s only a good option if you don’t have governance or compliance needs for these workers.

DIFFERENCES BETWEEN E3 & F3
This article goes over the differences between E/Enterprise licenses & F/Field Worker user subscription licenses however there’s more than this.

• Changing from a Microsoft 365 E plan to a Microsoft 365 F plan
  https://learn.microsoft.com/en-us/microsoft-365/frontline/switch-from-enterprise-to-frontline?view=o365-worldwide

Here are a few features not available to Microsoft 365 F3 licensed users:

1. Ability to run eDiscovery searches on F3 user email, files, chat
2. Ability to put an F3 user’s mailbox on either Litigation Hold or In-place Hold
3. Ability to Audit user content
4. Ability to provide Email Archiving (aka Archive Mailbox)
5. Ability to apply Data Loss Prevention rules for email, files, chat or endpoints
6. Use more than 2GB of storage per F3 mailbox
7. Ability to Delegate Access to others to the mailbox
8. Ability to recover a single item in an Exchange mailbox

Many of these limitations are summarized in the table comparing subscription license types:

• Modern Work Subscription Comparisons – Enterprise
  https://go.microsoft.com/fwlink/?linkid=2139145

Note: For folks that have Microsoft 365 F3 and discover they have a need for one or more of the above features, the solution is to purchase one of the following for each existing F3 licensee:

• Exchange Online Plan 2
• Step up to Microsoft 365 E3/G3

Azure Lighthouse allows IT organizations to manage, secure & maintain the Azure subscriptions of other organizations – even across completely different Azure enrollments.

INITIALLY FOR CSPs
Originally created for Cloud Service Providers to enable them to manage the Azure subscriptions of hundreds of customers, Azure Lighthouse is also used by central IT authorities to provide their Azure skills & expertise as a service provider to other organizations (departments, agencies, etc.) that lack IT professionals with management, security, scale, governance, compliance & other needs. 

In turn, these depts or agencies can provide a central IT authority with specific access to their Azure instance for:

• Read-only, monitoring
• Limited administrative control
• Full subscription control

And there is no charge to use it.

For more information on this service, visit my previous post on Azure Lighthouse here:

• Azure Lighthouse: A unified control plane for managing Azure at scale
  https://kurtsh.com/2020/09/25/training-azure-lighthouse-a-unified-control-plane-for-managing-azure-at-scale/

Also, go to the following:

• Azure Lighthouse – Product Page
• Azure Lighthouse – Microsoft Q&A