Kurt Shintaku's Blog

Microsoft & OpenAI recently announced has a multi-billion dollar partnership with OpenAI as it’s largest founding partner. 

As such:

• Microsoft Azure will be the exclusive cloud provider for OpenAI & exclusive licensee for the GPT-3 language model used in ChatGPT.
• Microsoft has released Azure OpenAI Service, an enterprise-class delivery of OpenAI capabilities.
• Microsoft intends on leveraging OpenAI services, including ChatGPT, throughout it’s entire cloud portfolio including Microsoft 365, Azure & Dynamics 365.
  

Read more about the new partnership extension here:

• Microsoft and OpenAI extend partnership
  https://blogs.microsoft.com/blog/2023/01/23/microsoftandopenaiextendpartnership/
• What is Azure OpenAI?
  https://learn.microsoft.com/en-us/azure/cognitive-services/openai/overview
• Azure OpenAI Service helps customers accelerate innovation with large AI models; Microsoft expands availability
  https://news.microsoft.com/source/features/ai/azure-openai-service-helps-customers-accelerate-innovation-with-large-ai-models-microsoft-expands-availability/
• Microsoft teams up with OpenAI to exclusively license GPT-3 language model
  https://blogs.microsoft.com/blog/2020/09/22/microsoft-teams-up-with-openai-to-exclusively-license-gpt-3-language-model/

Hoping your organization stays under the radar & waiting for bad actors to test your defense & take advantage of your vulnerabilities is a scary approach to security. Proactive threat hunting gives your organization the upper hand and doesn’t necessarily require additional headcount or roles.

The Microsoft Security Experts, “Threat Hunting Survival Guide” is a 31 page eBook (PDF) that reviews why organizations should invest in proactive thread hunting, and how to use threat hunting beyond the endpoint.

The book goes over:

1. The difference between commodity malware & human-operated attacks
2. How to identify signs of human-operated attacks in your environment
3. How to prepare for basic thread scenarios
4. How to develop your own thread hunting program
5. How Microsoft can assist with “Microsoft Defender Experts for Hunting” – a discrete service available today that Microsoft has available to extend your team of experts & reduce risk with more accurate detection.

Download the eBook here:

• Microsoft Security Experts “Threat Hunting Survival Guide” (31pgs, PDF)https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE5aC6y?culture=en-us&country=US

If you’re interested in a cool example of how ChatGPT will affect many aspects of IT, take a look at this recently published article about integrating the service with “Microsoft Sentinel”.

For example, Microsoft Sentinel, given a set of conditions, can leverage ChatGPT to identify the right steps to resolve an incident to notify the people responsible in conversational English & expedite resolution.

• Unlocking the Power of ChatGPT for Incident Management: A Step-by-Step Guide to Integrating with Microsoft Sentinel | by Zubair Rahim | Jan, 2023
  Use ChatGPT to automate responses, provide accurate & timely answers, and streamline incident management work flows with Microsoft Sentinel.
  https://zubairrahimse.medium.com/unlocking-the-power-of-chatgpt-for-incident-management-a-step-by-step-guide-to-integrating-with-1862ab7b38bb

Next month, Microsoft will be permanently disabling the “IE11 desktop app” on Windows 10.

• This will be done through an "Edge Update" (not a Windows Update) on February 14, 2023.
• Microsoft Edge ‘IE Mode’ will continue to provide managed IE11 compatibility for organizations that require it after this date.

For more information, please refer to the information below:

• Windows message center | Microsoft Learn
  https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2985
• Internet Explorer 11 desktop app retirement FAQ
  https://techcommunity.microsoft.com/t5/windows-it-pro-blog/internet-explorer-11-desktop-app-retirement-faq/ba-p/2366549

I used to get asked the question, “Why should we be deploying at Windows 11? over Windows 10”

• Speed/Performance & Visual UI
  End users love Windows 11.  Applications that users depend on every day simply run faster on Windows 11. 

  Tools like Outlook, Teams, Edge, Chrome, even OneNote are all noticeably faster because ‘multithreaded operations’ are executed & handled much better at a CPU level. 

  Apps have been publicly benchmarked by folks as much as 20% faster simply by upgrading to Windows 11.

  Visually, the OS’s user interface is quicker & smoother – this is deliberate for reducing eye fatigue.  A large part of this is because the internal screen animation & movement frame rate is natively higher.  The result is that the Start button, window movement, taskbar… all appear more fluid.

  The UI also benefits from Windows 11’s improved multi-threaded performance making application response snappier.  It’s a noticeable improvement for users, helping to make long periods of work easier.

• Management
  Your desktop IT team is going to love Windows 11.  OS updates are 40% smaller than on Windows 10 – meaning:

  1. 40% faster deployments
  2. 40% less bandwidth required to distribute updates
  3. 40% less storage required on every desktop
  4. 40% less annoying to end users

  Also, Windows 11 only does major releases once a year.  Major OS updates only happen once – not twice – making Windows 11 channel updates far less stressful for IT teams.

• Security
  This is the real reason why your organization needs Windows 11.  Malware writers & hackers aren’t focused on OS “buffer overruns” or even traditional application vulnerabilities like macro payloads:  Criminals are attacking desktop hardware vulnerabilities.  Physical attacks through Direct Memory Access on USB & Thunderbolt ports.  Remote attacks that modify UEFI & BIOS boot. And they’re happening now. 

  The only way to protect against these attack vectors is through close integration between the OS & hardware.  This protection has to originate at an Operating System level and that’s what Windows 11 is quietly designed to do. 

  Windows 11 protects against the next generation wave of hardware vulnerabilities and this is the reason Microsoft requires 8^th gen Intel architecture & a TPM 2.0 chip at a minimum for installing Windows 11.  These hardware technologies give Windows 11 the ability to protect organizations from the next generation of attacks on your infrastructure.

  We’ve published a Windows 11 Security Guide that is 65 pages long that goes over all the work that’s been done in Windows 11 alone to protect organizations.   The threat is real and institutions need to start piloting – not testing – Windows 11 now. 

• DOWNLOAD: Free eBook, “Windows 11 Security Book: Powerful security from chip-to-cloud”
  https://kurtsh.com/2021/10/05/download-free-ebook-windows-11-security-book-powerful-security-from-chip-to-cloud/

So Windows Server 2022 Azure Edition is awesome & is also ‘generally available‘.

Windows Server 2022 Azure Edition has the following features – only available when running in Azure!(https://learn.microsoft.com/en-us/windows-server/get-started/whats-new-in-windows-server-2022)

1. Hotpatching, part of Azure Automanage, is a new way to install updates on new Windows Server Azure Edition virtual machines (VMs) that doesn’t require a reboot after installation.
2. SMB over QUIC uses the QUIC protocol (UDP-based) instead of TCP in Windows Server 2022 Datacenter: Azure Edition, Windows 11 and later to access data on file servers running in Azure without a VPN, directly from the desktop.
3. Azure Extended Network enables you to stretch an on-premises subnet into Azure to let on-premises virtual machines keep their original on-premises private IP addresses when migrating to Azure.

Additionally, one of my favorite features available in all editions of Windows Server is SMB compression.  It does real-time compression of file transfers that can reduce transfer time by upwards of ~80% for uncompressed data like documents, VHDs, etc. (See Ned Pyle previews SMB Compression – YouTube for a demonstration)

Tell a friend! Then register for the…

Windows Server Summit 2022:
Tuesday, December 6, 2022 9:00 AM–10:30 AM Pacific Time

• Registration:
  https://info.microsoft.com/ww-windows-server-summit.html

Just released: "#Windows Ugly #Sweater: #Clippy Edition" (Get it while you can! It’ll sell out fast!) #microsoft

• Windows Ugly Sweater: Clippy Edition
  https://gear.xbox.com/products/clippy-holiday-sweater

Also just released: "#AgeOfEmpires Ugly Holiday #Sweater" #microsoft

• Age of Empires Holiday Sweater
  https://gear.xbox.com/collections/new-releases/products/age-of-empires-holiday-sweater

Microsoft today announced new social gaming functionality inside Microsoft Teams called "Games for Work".

Build Work Connections Through Play

Today, I am excited to introduce the Games for Work app,* developed by Microsoft Casual Games, an Xbox Games Studio.** Now, you can easily add a game in the context of where work happens: in Microsoft Teams meetings. Choose from a selection of favorite casual games including Microsoft IceBreakers, Wordament, Minesweeper, and Solitaire—all easy to play in quick, interactive, and multi-player versions (from 2 to 250 players). They are safe for work (verifiably “E” rated) and ad-free. To address the various needs of teams, each game within the app emphasizes a different element of team building.

…

Available to Microsoft Teams Enterprise & Education subscribers only. Works for both desktop & mobile & it’s ad-free!

• Read more here:
  https://www.microsoft.com/en-us/microsoft-365/blog/2022/11/16/build-connections-with-games-for-work-a-new-microsoft-teams-app/

• Download the "Games for Work" app for Microsoft Teams here:
  https://teams.microsoft.com/l/app/db7832f4-7ead-41d4-ae33-a58096cf0c6d?source=app-details-dialog

(I stole this from Eric M.’s post because it was such a good reference.)

Microsoft’s Active Directory Monitoring solution started as Advanced Threat Analytics, migrated to the cloud as Azure Advanced Threat Protection, and then graduated into the Defender for Identity product that is deeply integrated with the other M365D products such as Defender for Endpoint, Defender for Cloud Apps, and Azure Active Directory Identity Protection.

It’s important to understand that configuring an AD service account and installing the MDI sensor msi does not complete the deployment. If you stop there, your sensor will fail to detect malicious activity that it could because key installation steps were missed.

Key things to consider when deploying MDI:

• Advanced Audit Policy that meets MDI’s auditing requirements is critical
• Disable LSO on VMware DC’s that show health alerts
  Allowlist/bypass yourdomain.atp.azure.com TCP 443 traffic from SSL intercept/proxy
• Make sure that communication isn’t blocked for localhost, TCP port 444
• MDI takes 30 days to baseline the environment for behavioral alerts (pictured)
• Never use the same gMSA for the monitoring & action accounts
• Make sure that SAM-R required permissions are configured for Lateral Movement Path detections
• You do not need to purchase Npcap licenses
• You can use the Azure service tag AzureAdvancedThreatProtection in NSG/Azure Firewall rules
• The monitoring gMSA account must be granted the Log on as a service permission

Resources:

• Advanced Audit Policy Events: https://lnkd.in/gFwqxJXN
• Microsoft’s Audit Policy Readiness check script: https://lnkd.in/gmRnjcwh 
• Raymond R.’s Audit Policy GUI tool: https://lnkd.in/gveSKihW
• VMware fix: https://lnkd.in/gqFmd-Zy
• Npcap: https://lnkd.in/gm4pPUTg
• Provisioning gMSA’s: https://lnkd.in/gyhJDFy9

Today we are excited to make announcements in multiple areas of Azure Virtual WAN (vWAN), networking as a service that brings networking, security, and routing functionalities together to provide a single operational interface.

As enterprises increasingly adopt the cloud while reducing their costs, IT teams looking to consolidate, accelerate, or even revamp their wide area network should consider Azure Virtual WAN.

You don’t need to have all these use cases to start using Virtual WAN—you can get started with just one. With ease of use and simplicity built in, vWAN is a one-stop shop to connect, protect, route traffic, and monitor your wide area network.

The following areas have key announcements:

• Remote user connectivity (also known as point-to-site VPN)
• Routing
• Branch connectivity (also known as site-to-site VPN)
• Private connectivity (also known as ExpressRoute)
• Third-Party Network Virtual Appliance Integrations

Read more about the announcements here:

• Azure Virtual WAN simplifies networking needs
  https://azure.microsoft.com/en-us/blog/networking-needs-simplified-with-azure-virtual-wan/