Kurt Shintaku's Blog

Stop managing your own Windows updates & outsource it to Microsoft engineering at NO COST to Windows Enterprise E3/E5 customers.  Windows Autopatch is now generally available!

WHAT IS WINDOWS AUTOPATCH?
Windows Autopatch is a free service that allows Windows E3 and E5 customers to automate updating for Windows 10/11, Microsoft Edge, and Microsoft 365 apps.  Watch this video to learn about Autopatch in 40 seconds:
https://www.microsoft.com/en-us/microsoft-365/windows/autopatch

Microsoft configures the policies and deployment service of Windows Update for Business on your behalf. What you see are updates and patches that get rolled out progressively through testing rings that we create for you and get paused or rolled back if there are issues.

• SAVING TIME & LABOR
  You can save time and money by enrolling endpoints in Windows Autopatch. The time is saved by not having to define testing rings, schedule deployments, and essentially stop your normal activities every Patch Tuesday to plan and manage updates.  It should lead to fewer support tickets related to updating, and to more productive uptime for enrolled devices.

• BETTER, MORE RELIABLE SECURITY
  From a security perspective, making sure your devices are always up-to-date and have the latest updates is an important aspect of securing devices.  A broader benefit however of Windows Autopatch is peace of mind:  Not only are there expert Microsoft engineers running the Autopatch system, but the FastTrack team is ready to help you get enrolled at no additional cost. With the App Assure promise, you can be sure that should an issue arise, Microsoft has your back.

RESOURCES

• Tech Community:
  Microsoft has created a tech community for individuals with questions and looking for discussions on Windows Autopatch.  There you will find multiple discussions on various topics, guided by Microsoft Windows Autopatch product managers.
  https://techcommunity.microsoft.com/t5/windows-autopatch/bd-p/Windows-Autopatch
• FAQ:
  The following page has our frequently asked questions for Windows Autopatch users
  https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-faq/ba-p/3272081
• Video Training:
  Microsoft has produced a Youtube playlist with 9 videos and growing of instructions on how to accomplish and troubleshoot any number of topics related to Windows Autopatch.
  https://www.youtube.com/playlist?list=PLLhSArDiaW6JO_QPq_Qrm7xDTzmKtMStT

Customers often ask what is the integration between Microsoft Teams & SharePoint Online.  We all know that SharePoint Online is the file storage service underlying Microsoft Teams – but what else is shared between the services?

Here’s the documentation on how these two services work together.  Educate yourself about this integration in this article here:

• Teams and SharePoint integration – SharePoint in Microsoft 365
  https://docs.microsoft.com/en-us/sharepoint/teams-connected-sites

We’re excited to introduce the SQL Server 2022 blog series!

From product insights to best practices, you’ll learn about SQL Server 2022 directly from the engineering team that built it.

Read more about the subtopics this series will cover:

In our upcoming SQL Server 2022 blog series, you will learn about new innovation, discover best practices, and gain product insights from the engineering team who built it. Our product team members are lined up to share specifics from their respective areas of expertise.

The series will cover:

• Performance and scalability, including buffer pool parallel scan.
• Security and governance, including SQL Server Ledger and Microsoft Purview.
• Query processing, including Intelligent Query Processing Next Gen.
• Analytics, including Azure Synapse Link.
• T-SQL enhancements, including JSON data support.
• Availability, including the new link feature in Azure SQL Managed Instance.
• Deployment options, including SQL Server on Linux and Containers and SQL Server on Azure Arc–enabled servers.

Bookmark the SQL Server 2022 Blogging Series page to follow along and see future blog posts.

Wanna use Azure AD Access Reviews to identify old, stale accounts?

I’m excited to share with you the public preview of access reviews for inactive users, part of Azure Active Directory Identity Governance. We have seen an explosion in collaboration growth over the past two years, both within and between organizations. While this growth has been great for productivity, it’s also expanded the likelihood that “stale” accounts—accounts that were needed at one time, but not any longer—might be lurking in your environment.  Examples include former employees who have left the organization, or contractors whose assignments have ended.  It’s an easy but powerful way to reduce security risks by uncovering these stale accounts, and removing them if they truly have no purpose going forward.

The public preview of access reviews for inactive users enables administrators to review and remove stale accounts that have not signed in for a certain number of days.  Both interactive and non-interactive sign-in activities are covered under sign-in activity.  As part of the review process, stale accounts can automatically be removed. This, in turn, improves your organization’s security posture.

Want to help reduce the risk of inactive users? Try the access reviews now. You can specify an inactive duration for up to two years for guest users, or all users. 

…

Read more here:

• Review and remove AAD inactive users in Public Preview
  https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/review-and-remove-aad-inactive-users-in-public-preview/ba-p/3290632

Governments are increasingly taking steps to reduce energy consumption and carbon emissions, working to manage energy costs and invest in renewable energy. Prioritizing these initiatives is the first step in reaching a net-zero future. 
In this webinar, learn how to create that better future by harnessing the power of new and emerging technologies.

• Use the lens of sustainability to reimagine government processes while meeting the needs of the planet. 
• Reduce your carbon footprint and promote sustainability with Microsoft products, services, and devices. 
• Prioritize the adoption of technologies with built-in benefits for sustainability to help reduce your agency’s environmental impact. 
• Empower employees to work remotely, encouraging reduced travel—including daily commutes—which can help curb carbon emissions and combat climate change.

Registration:
https://info.microsoft.com/ww-ondemand-implementing-sustainability-strategies-in-government.html

Q&A:

• Find out more about Project Longship which Lena mentioned:
  https://news.microsoft.com/transform/northern-lights-is-innovating-for-the-future-of-carbon-transport-and-storage/
• For those of you interested, please find the presentation slides for this session linked below.
  https://on24static.akamaized.net/event/36/21/98/7/rt/1/documents/resourceList1645738598502/webinardeckimplementingsustainabilitystrategiesingovernment1645738597584.pdf
• With so many employees working from home, does Microsoft itself consider employee homes to be satellite worksites and does does the company track/consider WFH climate emissions? Does Microsoft offer programs that help employees reduce home emissions through electrification, energy purchase agreements, offsets etc?
  At present Microsoft doesn’t consider employee homes to be satellite worksites. However, we support our employees in learning more and taking action on their emissions footprint. Each year we run an Ecochallenge which has helped our employees make changes across our 4 pillars. We also offer training and readiness.
• Define how to measure the emissions. Define the standard and ways to achieve a reduction of carbon emission.
  This video explains the math involved in Microsoft’s carbon commitment: https://www.youtube.com/watch?v=wj0UrF2T130 And further information on this topic can be found here: https://microsoft.github.io/Sustainability-Resources/greenhouse-gas-emissions

[ORIGINAL – July 11, 2022]
Ever wanted an animated background in your video during a Microsoft Teams conference call?  Rogier Dijkman figured out how to do it – here’s a quick synopsis:

1. Take any animated GIF file, such as ANIMATED.GIF & rename it to ANIMATED.PNG. (You can convert any video file to animated GIFs at http://makeagif.com.)
2. Make a copy of ANIMATED.PNG & call it ANIMATED_thumb.PNG. (Add the text “_thumb” to the end of the file name in lowercase or this won’t work)
3. Copy BOTH files to:
   %AppData%\Microsoft\Teams\Backgrounds\Uploads
4. Start a Teams meeting & turn on your camera. Click the Ellipsis (…) & select “Apply Background Effects”.
5. Select the Animated Background to enable it.

I’ve created a collection of 10 animated backgrounds for Microsoft Teams to get you started:

• Kurt’s Collection of Animated Backgrounds for Microsoft Teams (262MB)
  http://aka.ms/ksanimated

[UPDATE 4/28/23]
This has become so popular that I thought I’d release another “Version 2.0” set of Animated Backgrounds for Microsoft Teams.  For those of you who know me, yes, this contains that “moving clouds” background that you see behind me all the time.

• Kurt’s 2nd Collection of Animated Backgrounds for Microsoft Teams (114MB)
  https://aka.ms/ksanimated2

I’ve gotten the question a number of times in the past couple months so I thought I’d nip it in the bud here:

Q1: What licenses provide me with the ability to use Power Automate?

Q2: What are the limitations placed on Power Automate for each licensing scenario?

Here’s a chart that lays out the licenses that allow the user to access Power Automate and the limitations placed on each licensed scenario.

For more information on Power Automate licensing, visit the following links:

• Overview of Power Automate licensing
• Types of Power Automate licenses
• Frequently asked questions about Power Automate licensing

Wanna know how Microsoft’s cybersecurity shocktroopers address threats on our customer’s networks when they are concerned about a breach, Ransomware or some other security incident?

That’s the DART. DART provides onsite reactive incident response and remote proactive investigations.

Human-operated ransomware is not a malicious software problem—it’s a human criminal problem. The solutions used to address commodity problems aren’t enough to prevent a threat that more closely resembles a nation-state threat actor who:

• Disables or uninstalls your antivirus software before encrypting files
• Disables security services and logging to avoid detection
• Locates and corrupts or deletes backups before sending a ransom demand

These actions are commonly done with legitimate programs that you might already have in your environment for administrative purposes. In criminal hands, these tools are used maliciously to carry out attacks.

Responding to the increasing threat of ransomware requires a combination of modern enterprise configuration, up-to-date security products, and the vigilance of trained security staff to detect and respond to the threats before data is lost.

The Microsoft Detection and Response Team (DART) responds to security compromises to help customers become cyber-resilient. DART provides onsite reactive incident response and remote proactive investigations. DART leverages Microsoft’s strategic partnerships with security organizations around the world and internal Microsoft product groups to provide the most complete and thorough investigation possible.

This article describes how DART handles ransomware attacks for Microsoft customers so that you can consider applying elements of their approach and best practices for your own security operations playbook.

See these sections for the details:

• How DART uses Microsoft security services
• The DART approach to conducting ransomware incident investigations
• DART recommendations and best practices

…

Read more here:

• Microsoft DART ransomware approach and best practices
  https://docs.microsoft.com/en-us/security/compass/incident-response-playbook-dart-ransomware-approach

This is an excellent report from Microsoft‘s Brad Smith on the evolving theater and character of global conflict, and lessons learned defending against #cyber warfare.

"When countries send code into battle, their weapons move at the speed of light. The internet’s global pathways mean that cyber activities erase much of the longstanding protection provided by borders, walls, and oceans. And the internet itself, unlike land, sea, and the air, is a human creation that relies on a combination of public and private-sector ownership, operation, and protection."

This report provides analysis on the nation-scale use of cyber-attacks, network penetration and espionage, and cyber influence operations.

The report also offers a comprehensive strategy on how to detect, defend, disrupt, and deter foreign cyber influence operations through government and private sector #collaboration.

• DOWNLOAD: eBook, “Defending Ukraine: Early Lessons from the Cyber War”
  https://aka.ms/June22SpecialReport
• BLOG POST: Defending Ukraine: Early Lessons from the Cyber War
  https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/

The often question arises, “How can we change the Azure AD that we use for a given Azure subscription?”

Organizations might have several Azure subscriptions. Each subscription is associated with a particular Azure Active Directory (Azure AD) directory. To make management easier, you might want to transfer a subscription to a different Azure AD directory. When you transfer a subscription to a different Azure AD directory, some resources are not transferred to the target directory. For example, all role assignments and custom roles in Azure role-based access control (Azure RBAC) are permanently deleted from the source directory and are not transferred to the target directory.

This article describes the basic steps you can follow to transfer a subscription to a different Azure AD directory and re-create some of the resources after the transfer.

If you want to instead block the transfer of subscriptions to different directories in your organization, you can configure a subscription policy. For more information, see Manage Azure subscription policies.

…

For more details, read the following:

• INFO: Transfer an Azure subscription to a different Azure AD directory
  https://docs.microsoft.com/en-us/azure/role-based-access-control/transfer-subscription