Eastern Cloud Blog

This blog is aimed at our East Region State & Local Government customers. Opinions are our own - be gentle with us.

Getting started with Operations Management Suite Security and Audit Solution


Microsoft Operations Management Suite (OMS) is Microsoft's cloud based IT management solution that helps you manage and protect your on-premises and cloud infrastructure. Explore the OMS Security and Audit dashboard, security domains, and common security queries then get step-by-step guidance on how to leverage OMS to proactively and automatically:


 

Want more information on OMS? See the Operations Management Suite overview.

Microsoft Azure Government adds Premium Storage and expanded virtual machine image coverage

Virtual machine disks – now with Premium Storage
Customers now have the option to select Azure Premium Storage when provisioning DS-series virtual machines through PowerShell and the Azure CLI. Premium Storage provides high-performance, low-latency disk support for virtual machines running I/O-intensive workloads. VM disks using Premium Storage store data on solid state drives (SSDs), providing improved performance for the most demanding applications. More information about this functionality is available here.
 
Expanded virtual machine image support
In addition to Premium Storage, Azure Government has also been expanded to include a number of pre-configured VM images. With these images, customers can quickly provision a VM running pre-installed and configured software. In addition to the existing VM image portfolio available today, provisioning of the following image types can be accomplished immediately:
  • Windows Server Remote Desktop Session Host on Windows Server 2012 R2
  • Windows Server Remote Desktop Session Host with Microsoft Office 365 ProPlus
  • SharePoint Server 2016 Trial
  • Visual Studio Enterprise 2015 Update 2 with Azure SDK 2.9 on Windows Server 2012 R2

We are excited to share these additions. To keep up with the latest Azure Government news or provide feedback, please follow the Azure Government blog! We look forward to continuing to expand Microsoft Azure Government!

Read more here...

Azure Security Information Site on Azure.com

We are very happy to announce today the release of the Azure Security Information site on Azure.com!

The Azure Security Information site is intended to be your one-stop shop for getting information about Azure security services, technologies, and features. In addition to this, we have information about security architecture, best practices and patterns, security in industry verticals, and an array of other security resources.

Prior to this site, you would have had to poke around in the Azure documentation to piece this information together for yourselves.

Since we're talking about security, here's a reminder of some of the other key sites related to Microsoft cloud security:


Check out all the Azure sessions planned for Microsoft Ignite

Ready to join the Azure team at Microsoft Ignite? Now you can start planning exactly which topics, issues, and ideas you want to dive into! The full session catalog is live, with 440+ sessions to choose from, including more than 75 sessions devoted to Azure topics. And it’s easy to search and filter so you can find just the courses that fit your needs.

Here’s a sample of the Azure topics you’ll find…

Review Microsoft Azure Stack with Jeffrey Snover and Mark Russinovich

Get an overview of Azure Stack from Technical Fellow Jeffrey Snover and Azure CTO Mark Russinovich. They’ll discuss—and demonstrate—the approach and benefits of allowing customers to run Azure on the servers in their datacenters.

Master modern PaaS for the Enterprise with Azure App Service

Security. Scale. Hybrid. Modern. These aren’t just buzzwords—they all describe capabilities that a modern PaaS platform should provide. Azure App Service is the battle-tested PaaS platform for modern enterprise applications. Learn how Azure App Service lets you seamlessly compose data across on-premises and the cloud, support both mobile clients and traditional browsers, and scale your apps around the world—all while maintaining the security and control that your enterprise demands.

Make your life easier one environment at a time with Azure DevTest Labs

This session presents how teams can use Microsoft Azure DevTest Labs to quickly create environments with a few clicks using reusable templates and artifacts while minimizing waste and controlling cost by setting policies and automated shutdowns. We also show examples of how to use the Labs APIs directly to create continuous delivery pipelines.

And that’s just a start…

With more than 75 Azure sessions to choose from, which ones will you attend?

> Explore Azure sessions <

Remember: September 26–30 is approaching fast. We’re excited to see everyone soon—and if you haven’t yet registered, don’t delay! Register for Microsoft Ignite.

What’s new in Office 365 Groups administration—June 2016 update

  • Ability to update privacy type—When you create an Office 365 group, users have two privacy options: public (anyone within your organization can access the group’s content) and private (only approved members can access the group’s content). This update enables group owners to change the privacy setting from public to private or vice versa by editing the group properties in Outlook on the web. Administrators can also leverage the Set-UnifiedGroup cmdlets to change the privacy type. Read “Make Office 365 groups public or private” for more information.

What’s new in Office 365 Groups administration 1

Easily edit a group’s privacy setting.

  • Multi-domain support—Larger organizations use separate email domains to reflect different parts of their businesses. Office 365 groups that are created by users in one domain will share that domain (as opposed to using a common domain across the tenant). Administrators now also have control to create groups in specific domains of their choosing. Read “Multi-domain support for Office 365 Groups” for more information.
  • Guidance to configure Office 365 Groups with on-premises Exchange mailbox users—If you’ve configured a hybrid deployment between your on-premises Exchange organization and Office 365, you can make groups created in Office 365 available to your on-premises users by following the steps outlined in “Configure Office 365 Groups with on-premises Exchange hybrid.”
  • Allow users to send as the Office 365 group—If you want to enable your group’s shared mailbox to “Send As,” you can now use the PowerShell cmdlets to configure this. Once you enable this setting, your Office 365 group users can use Outlook or Outlook on the web to send and reply to email as the Office 365 group. Users can go to the group, create a new email and change the “Send As” field to the group’s email address. See “Use PowerShell to manage Office 365 Groups” for more information.
Read more here...

#AzureAD a leader in the 2016 Gartner IDaaS MQ



Gartner released their Magic Quadrant for Identity and Access Management as a Service (IDaaS) for 2016 and Azure Active Directory was placed in the “leaders” quadrant, and positioned very strongly for our completeness of vision.

Read more, and get access to the Gartner report here.

StorSimple adds support for cool Blob storage

Blob storage accounts are specialized storage accounts for storing your unstructured data as blobs (objects) in Azure Storage. With Blob storage accounts, you can now choose between hot and cool storage access tiers. And you can switch between hot and cool access tiers any time with a quick toggle from the Azure portal. The latency for Blob storage accounts (hot and cool) is in the milliseconds and the scalability and performance targets are the same as general-purpose storage accounts. Read more details in the Azure Blob storage documentation.



Best practices for using the Azure Blob storage accounts with StorSimple:

  • Initially set the access tier to hot. Keep the access tier set to hot until any initial data migrations are complete and the account has a significant amount of infrequently accessed data. Then consider switching to cool.
  • Evaluate your existing usage pattern to determine whether you will benefit from using a cool storage account. To learn how Azure Storage metrics can help you to understand your storage usage pattern, click here.
  • Scenarios that involve a lot of cloud data access, such as using the StorSimple Cloud Appliance for dev/test or research, are better suited for hot storage.
  • If you expect to clone data often you should choose hot storage.


Read more here..


#AzureAD Identity Protection adds support for federated identities!

Azure AD Identity Protection has been generating a TON of customer interest, especially with recent news about hackers selling huge lists of leaked user credentials. So today Azure AD Identity Protection has just turned on support for federated identities. This means that our largest customer, most of who use Active Directory Federation Server with Azure AD, can now get the benefit of this powerful security service.

Identity Protection detects risk events involving identities in an Azure Active Directory that indicate that the identities may have been compromised. For details on risk detection, see Types of risk events detected by Azure Active Directory Identity Protection.

What’s new: Starting today, all of Identity Protection’s risk event types will be covered for federated identities! Now you can tell if botnet infections, TOR networks, or location anomalies are present in your federated sign-ins. [Note that leaked credentials detection requires that you have enabled password hash sync in your federated tenant.]



Read more here...

Microsoft helps secure accounts by blocking weak passwords



Recent news about the 167 million accounts and passwords for LinkedIn that have been put up for sale on the dark web has scared a lot of people - hopefully, you have reset your password by now.  Of course, this is just the latest in a long history of accounts being leaked and potentially used for nefarious purposes.  What was interesting about this latest breach is that one organization has managed to crack about 117 million of those passwords because users were using weak, easily guessable passwords. 

Microsoft is taking action on this problem of users electing to use weak passwords by dynamically blocking those types of passwords for Microsoft Accounts (aka Live IDs).  Microsoft has been securing these accounts for years and sees millions of attacks on these accounts every day.  Leveraging this experience, machine learning and the compute resources of Azure, we have the ability to solve some of these issues.

Please review this Active Directory Team Blog post to learn about some interesting statistics, some research we've done on the problem and the solutions we are implementing to protect consumers and customers.

Microsoft and Citrix Partner to Help Customers Move to the Cloud



At the Citrix Synergy event in Las Vegas today, there were several exciting announcements about how Microsoft and Citrix are partnering together to accelerate Windows 10 and Office 365 adoption. 

  • Citrix will leverage Azure to provide a Windows 10 VDI solution for customers with Windows licensed per user. 
  • Citrix is updating their mobile applications with the Microsoft Intune SDK so they can be managed by Intune and integrated with Office 365 mobile apps.
  • Citrix has announced an updated connector for SCCM, allowing organizations to manage Citrix XenApps applications with a single tool.
  • Microsoft and Citrix have partnered to optimize the Skype for Business application for use in XenApp and XenDesktop environments
  • Citrix and Microsoft are working together to leverage the Citrix NetScaler solution to provide secure, conditional access to on premises applications through the Intune solution
  • Citrix is building capabilities into its mobile apps like support for MFA and self-service password reset


Find out more about how the Microsoft and Citrix partnership continues to grow and provide valuable solutions for our customers.  All the details are in this Brad Anderson blog post.