Eastern Cloud Blog

This blog is aimed at our East Region State & Local Government customers. Opinions are our own - be gentle with us.

Office 365 customer security considerations preview



Office 365 provides customers with a continuous stream of innovative features that provide significant productivity improvements while keeping information highly secure. We are working on resources and tools to help you leverage Office 365 information security features and controls, so you can manage security in your Office 365 tenant. The Office 365 Service Trust Portal (STP), launched earlier this year, is an example of a feature that provides deep insights into how Office 365 services are operated and independently audited.

 

Now we are pleased to present the customer security considerations (CSC) workbook that can be used to facilitate a quick review and implementation of the security controls available in Office 365. The CSC workbook is designed to provide you with information on key security and compliance features to consider when adopting, deploying and managing Office 365.

 

I’ve downloaded this and the information in the spreadsheet is fantastic.  Controls are organized by objective, and directions for configuration with PowerShell and the admin portal are provided.  I strongly recommend downloading this resource and going through it, just so you know what you can do.

 

If you have not registered for the O365 STP, you’ll need to do so in order to access this resource. Follow the blog link above for an overview and instructions.  We didn't have an entry on this, but it's a fantastic resource that customers have been asking for!!

 

Read the Office 365 Team Blog entry for more details and instructions.



Azure SQL Database Threat Detection now in Public Preview


Microsoft is excited to announce that we have made Threat Detection available for preview on Azure SQL Database. Azure SQL Database Threat Detection provides a new layer of security to your database by detecting anomalous database activities which may indicate a common threat like SQL injection attacks.

The introduction of this feature helps customers detect and respond to potential threats as they occur. Users can immediately explore the potential threat by using SQL database auditing to determine if the event is the result of an attempt to access, breach or exploit data in the database.

The benefits of Azure SQL Database Threat Detection include:

  • Simple configuration of SQL threat detection policy via Azure portal.
  • Clear email alerts upon detection of suspicious databases queries indicating potential SQL injection events.
  • Ability to explore the audit log around the time of the event using the Azure portal or a pre-configured excel template.
  • No need to modify database procedures or application code.


Go to this Azure Blog entry to read more, see how to set it up and view a demo.


Azure Disk Encryption in public preview

Azure Disk Encryption for virtual machines (VMs) helps you address organizational security and compliance requirements by encrypting your VM disks, including boot and data disks, with keys and policies you control in Azure Key Vault. Disk Encryption for VMs works across both Linux and Windows operating systems. It also uses Key Vault to help you safeguard, manage, and audit use of your disk encryption keys. All the data in your VM disks is encrypted at rest using industry-standard encryption technology in your Azure Storage accounts. The Disk Encryption solution for Windows is based on proven Microsoft BitLocker Drive Encryption, and the Linux solution is based on dm-crypt.

 You can read more on this Azure Virtual Machines Security page.


Announcing New Microsoft Enterprise Mobility Capabilities

Today, Microsoft announced that we’re delivering some new enhancements to Microsoft Intune. Intune already delivers mobile device and application management capabilities to ensure data and apps are protected on mobile devices.  Now, Intune will provide expanded capabilities to manage company apps and data in many more cases, specifically:

  • Intune now provides data leakage prevention through its Mobile Application Management (MAM) features. Intune MAM was recently updated to isolate corporate and personal data within the same app – something no other solution provides.

  • With today’s announcements, Intune’s MAM is being extended to “Bring your own” (BYO) devices that are not enrolled for device management (MDM).  This protects company data in mobile apps without requiring IT to enroll and deeply manage that end users’ entire device. The end-user preserves complete control over their personal apps, data, and settings – while the IT department controls the protection of corporate IP.

  • Intune MAM is also being extended to protect company information on devices enrolled into non-Microsoft MDM solutions. This allows you to start extending Intune MAM protections to mobile apps without having to first migrate your entire MDM solution.

  • Additional Microsoft apps are announcing support of for Intune MAM, including Power BI, and Remote Desktop client (both of which are available now).  Support for the Skype for Business and Dynamics CRM apps is coming soon.

  • Major companies like Box and Adobe have announced iOS and Android apps with native support for Intune mobile application management. Additionally, SAP Fiori mobile apps that are customized and built by SAP’s customers using SAP’s Fiori mobile services will also support these management and data protection capabilities delivered by Microsoft Intune.

Read this major announcement on Brad Anderson’s In the Cloud blog.  Find out how Intune MAM can now complement your current MDM solution, whatever it may be.


Microsoft launches Windows Store for Business

Features

Organizations of any size can benefit from using the Store for Business provides:

Scales to fit the size of your business
- For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate the Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.

Bulk app acquisition
- Acquire apps in volume from the Store for Business.

Private store
- Curate a private store for your business that’s easily available from any Windows 10 device.

Flexible distribution options - Flexible options for distributing content and apps to your employee devices

    • Distribute through Store for Business services. You can assign apps to individual employees, or make apps available to all employees in your private store.
    • Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
    • Offline licensing model allows you to distribute apps without connecting to Store services, and for managing images.

Line-of-business apps - Privately add and distribute your internal line-of-business apps using any of the distribution options.

App license management
: Admins can reclaim and reuse app licenses. Online and offline licenses allow you to customize how you decide to deploy apps.

Up-to-date apps - The Store for Business manages the update process for apps with online licenses. Apps are automatically updated so you are always current with the most recent software updates and product features. Store for Business apps also uninstall cleanly, without leaving behind extra files, for times when you need to switch apps for specific employees.