Office 365 / Azure – New CDN’s are going to be used for authentication

This is an important notification for customer managing access to internet (and cloud services) using Whitelist. New Content Delivery Networks (CDN’s) are going to be used for managing Office 365 (and potentially Azure services) authentication. If you are using whitelisting to allow Office 365/Azure services access to your end-user you have to be prepared ASAP. The new CDN’s will be: aadcdn.msauth.net aadcdn.msftauth.net ccscdn.msauth.net ccscdn.msftauth.net If you need the IP addresses…

Read More

Office 365 – New administrative settings to manage trial services

Earlier in May 2018, Microsoft has announced the availability of 1 year trial for Microsoft Teams, even if the user is not yet licensed for it. This trial is now available to Office 365 commercial tenants (aka not Edu or Gov). In addition of this Microsoft Teams 1 year trial, a new administrative settings is made available to manage how trial services (as of today only Teams is available but…

Read More

Windows – Windows 10 1809 and Windows Server 2019 are available again

After a little bit more than a month and half after quickly pulling out Windows 10 1809 and Windows Server 2019, they are now available again through the usual channels: MSDN (by the end of this week), VLC, Media Creation tool or WindowsUpdate (this one may take a little bit more time to be available to everyone). In addition, some additional complements: Windows Assessment and Deployment Kit (ADK) for Windows…

Read More

Exchange – An updated Hybrid Configuration Wizard adds additional configuration transfer settings

As you may be aware, the Exchange Hybrid Configuration Wizard (HCW) has been able to migrate some organization configuration settings (ActiveSync Mailbox Policy, Mobile Device Mailbox Policy, Retention Policy and Tag) to Exchange Online since June 2018. Now, an updated version is coming and will be able to add additional organization settings like: ActiveSync Device Access Rule ActiveSync Organization Settings DLP Policy Malware Policy Organization Config Policy Tip Policy In…

Read More

Azure – Azure Policy now audits installed applications on VM’s

You may already know Azure Policy, introduced during Ignite 2018. If no, Azure Policy has the capability to apply audit settings on virtual machines (VM’s) running on Azure. The first policies can audit password security settings on both Windows and Linux VM’s or the encryption protocol used by IIS (aka TLS – in this case the VM is compliant if TLS 1.1 or 1.2 is enabled and other protocols disabled).…

Read More

Intune – You can now get Windows 10 join an Active Directory Domain (preview)

It has been quite a limitation so far for Windows 10 managed with Intune; it was impossible to get them to join an Active Directory domain using Autopilot, making these devices Azure AD Hybrid joined devices. Now (currently in preview – so there could be some glitch and may change), you can assign an Intune profile to your Windows 10 devices to join your Active Directory domain. Off course, to…

Read More

Azure AD Connect – A new version of the directory synchronization tool is available

A new version (1.2.65.0) of Azure AD Connect has been released. You can get it from http://go.microsoft.com/fwlink/?LinkId=615771 You need to know that this version is going to overwrite your setting for autoupgrade if you have it set to not automatically update. Before Update After Update If you want to keep the autoupgrade disabled you will need to run the following command after the upgrade is completed Set-ADSyncAutoUpgrade -AutoUpgradeState Disabled As…

Read More

Azure Information Policy – You can now set permissions using All Authenticated Users or All users within your organization

Azure Information Protection (AIP) has been updated to let you set AIP Protection to either All Authenticated Users or All Users within your Organization. These specific configuration can be helpful when you don’t really want to restrict access to specific and limited set of user but still want to restrict what can be done with the content (permissions and expiration), or when you do not want to restrict the access…

Read More

Office 365 – Your end-users will received communications from Microsoft with trainings and tips

An update is being deployed on Office 365 which will send notifications to your end-users with trainings and tips for using Office 365 services. While this comes from a good intention, it is clear this will obsessed some end-users, administrators and/or training person as it is going to bypass the ‘traditional’ training path. End-users will receive trainings and tips information only for the service they have been enabled/licensed for. Thankfully…

Read More

Office 365 – Microsoft is NO LONGER enforcing TLS 1.2

As you may have been aware as there has been quite lot of communication, Microsoft was planning to disable TLS 1.0 and 1.1 support for Office 365 services. Well, it seems this is longer the plan as per the updated KB 4057306 (https://support.microsoft.com/en-gb/help/4057306/preparing-for-tls-1-2-in-office-365) – as per the extract below: Note This doesn’t mean Office 365 will block TLS 1.0 and 1.1 connections. There is no official date for disabling or…

Read More

Azure – DevOps can now use ExpressRoute

You may be already aware that ExpressRoute implements a dedicated connection between your on-premises environment and Microsoft cloud services – Office 365 or Azure. While most of the Azure services (SQL instance,storage, VM…) were already able to be accessed using ExpressRoute, this was not the case for DevOps (https://dev.azure.com/ or https://{organization}.visualstudio.com). Well, this is not the case anymore; since Oct 23rd 2018, you can access your DevOps services through ExpressRoute.…

Read More

Office 365 – Privileged Access Management is available to Office 365

As announced at the Ignite 2018 conference, a new access management capability is now available to Office 365. This new feature, called Privileged Access Management (PAM), will help you granting on a ‘just in time’ basis high level privileges to Office 365 services. PAM is currently limited to Exchange Online scope. To set it up, you will need to use a security group for the PAM access (if you are…

Read More

Azure MFA – Support for hardware OAth token and multiple MFA devices coming on Azure MFA

You may be already aware of the Azure Multi Factor Authentication (MFA) solution which has been available for quite some time. Well, good news as Azure MFA is now going to support hardware tokens (OATH-TOTP SHA-1). As you may already know Azure MFA requires end-user to have a phone available (either mobile or desk phone) to be able to challenge the MFA request – either with a call (desk/mobile), text…

Read More

Azure – You can now enable Customer Lockbox for Azure VM (preview)

For those who already work with Office 365, you may be aware of the Customer Lockbox capability. In a nutshell, this feature (available with E5 or as add-on) allows Office 365 administrators to control how Microsoft engineers access your data – particularly during support. Now, you can take advantage of it also with Azure. To enable Customer Lockbox for Azure VM, you need to use Azure PowerShell (at least version…

Read More

Skype for Business – The new Skype for Business version is now available

Microsoft has released the latest version of Skype for Business (SfB 2019). You can get it from MSDN or Volume License. It gives support for Windows Server 2019, as well as cloud voice mail support or Cloud Data Connector. You can check all the new here https://docs.microsoft.com/en-us/SkypeForBusiness/skype-for-business-server-2019 and removed features here https://docs.microsoft.com/en-us/SkypeForBusiness/deprecated

Read More