Podcast: Play in new window | Download (Duration: 39:15 — 27.0MB)
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | Spotify | RSS
In Episode 190, Ben and Scott talk about the difficulties of naming human genes when Excel gets in the way, improvements coming to the automatic cleanup of deployment history within Azure Resource Manager, and the automatic enablement of App Lock in the Microsoft Authenticator app. (more…)
Podcast: Play in new window | Download (Duration: 34:46 — 23.9MB)
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | Spotify | RSS
In Episode 187, Ben and Scott discuss the newly announced preview for alternate login IDs in Azure Active Directory, enabling “sensitive by default” labels with DLP in SharePoint Online, and the GA of the new Microsoft Secure Score. (more…)
![Episode 181 – Deep[er] Dive on Azure Sentinel](https://i0.wp.com/www.msclouditpropodcast.com/wp-content/uploads/2020/06/Copy-of-Episode-180-Json-All-the-things.png?resize=1080%2C650&ssl=1)
Podcast: Play in new window | Download (Duration: 43:20 — 29.8MB)
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | Spotify | RSS
In Episode 181, Ben and Scott go deeper into Azure Sentinel, discussing considerations for the design and segmentation of your Sentinel workspaces. (more…)
Podcast: Play in new window | Download (Duration: 43:05 — 29.6MB)
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | Spotify | RSS
In Episode 178, Ben and Scott dive into what you should think about when securing Microsoft 365 at a high level and run down the areas you’ll want to focus on first.
- [Ben] Welcome to Episode 178 of the Microsoft Cloud IT pro podcast, recorded live on May 15 2020. This is a show about Microsoft 365 and Azure from the perspective of IT pros and end users. Where we discuss the topic or recent news and how it relates to you. Is this episode Scott and Ben take a high level approach and rundown what you should consider when securing your Microsoft 365 environment, based on recently published recommendations from Microsoft.
- [Scott] Mic check one, two, three.
- [Ben] Mic sir?
- [Scott] Sure.
- [Ben] Are we checking for Mic?
- [Scott] Why not, let's do it.
- [Ben] We're gonna get zoom bombed by mic.
- [Scott] That's how your weeks gone huh? I say my, I say mic check and you're gonna make mic jokes.
- [Ben] I'm gonna make mic jokes. You know what I got a lot of sleep last night after not sleeping the night before. So that may affect my sense of humor.
- [Scott] So either way you would have been grogging out of it. Love it.
- [Ben] Yeah, pretty much. However, I did make an upgrade to our home network today.
- [Scott] Oh, yeah?
- [Ben] Yes, I now have.
- [Scott] You renamed the WiFi from FBI surveillance fan to stay away there's COVID
- [Ben] No, but that would be kind of funny. I now have redundant internet coming to our house. It was even more nerdy than renaming the WiFi.
- [Scott] Oh, cool. So you run everything into a router that's gonna support that failover for you then?
- [Ben] Yep, I have a unifi USG, and it has a LAN. Well, so it has a LAN and WAN, and then a LAN slash WAN. So you can use it for whatever you want to. So right now it is set up as two LANs and I have a AT&T going into one way LAN, Comcast going into another LAN. And if one of them drops, it automatically fails over.
- [Scott] Perfect, can you bond those connections together and use them both at the same time? Or is just one strictly there for failover.
- [Ben] So technically, I could.
- [Scott] Technically.
- [Ben] Technically I could do.
- [Scott] I could have even more bandwidth. Like I can see you like the Infinity Gauntlet in your hand, you're just squeezing.
- [Ben] Yeah, I could do lots of things. So I did test it, I actually like reached over and just turned off my Comcast modem. And AT&T picked right up and turned it back on, it flipped over, I could see it in all the logs where it switches your primary way in connection, however, what I think I'm going to do. So Dan Patrick, over at CES Alliance wrote an article about this on the Build Five Nines site. And he and I were actually talking about this and trying to figure out some of the routing, I think I'm going to stick a bunch of my family and streaming devices on one way in connection, and keep the other one for work stuff now as all of that- [Scott] Gotcha.
- [Ben] All right?
- [Scott] Well, yeah, you might wanna just like separate them and keep them all on one and potentially do the failover thing, right? 'Cause then if you put one on one and one on the other, if one goes down then stuff.
- [Ben] So I think and I need to go through Dan's article and probably talk to him a little bit more about how he did it, is you can do both, where it still works as a failover. And you can have them on both VNet. So it's essentially like two VNets that, you can do policy based routing, but then it still will fail over when it fails over. I need to dig through all of it a little more.
- [Scott] Gotcha. Yeah, it's a little bit of a setup to do what he was doing. 'Cause yes, he was doing a couple things with like policy based routing on his USG user.
- [Ben] Yes, exactly. So I'm gonna go through that. I may try to do that because it would also help with my other problem is that Xfinity limits you to so much bandwidth a month.
- [Scott] Not right now, they don't.
- [Ben] Not right now they don't. But when they do go back, so I've been paying for extra because I have a tendency to go over my allocated bandwidth.
- [Scott] I do the same thing you do. Yeah, we're limited to one terabyte and. everybody says, how do you go through a terabyte? Well try having two kids at home who are streaming everything all the time? My job requires streaming like, what was I doing today? Oh, yeah, just doing some deployments and trying to test them locally meant downloading, not just a bunch of ISOs and doing installs, but full VHDs for environments. So those really don't like zip up and compress very well. So it's easy to blow through, 20 gigs in a small download. And then you kind of do that every day a couple times. And it adds up quick.
- [Ben] Yeah. So see, what you can do is you can get redundant internet. Because now you're paying almost the exact same amount. And it's like five or $10 more to have a second internet connection. Technically, now, instead of paying $50 for unlimited, I just have two of them, and I have a two terabytes which I don't know that I've ever gone over two terabytes.
- [Scott] Only if you split your traffic the right way.
- [Ben] Right, so that comes back into some of those policy based, if I can split all my streaming over one, and all my work over another, I might be able to get away with dropping my unlimited internet and putting that money towards my redundant internet.
- [Scott] Interesting. I guess that works if you live in one of those magical places, so people internationally are laughing at us 'cause they're like, what do you mean magical place? Well, one of those magical places where you can have two internet providers. The neighborhood I live in is one of those magical places where it is Comcast or Bust.
- [Ben] I'm sorry.
- [Scott] Oh, well, I could get AT&T like DSL, but it's really, really, really slow. It's not worth it. I miss my days at firehouse, let's put it that way.
- [Ben] Fair enough. I like my Comcast, so I have the Comcast one gig. That's my plain one. And that also helps you go over your internet in a hurry when you can transfer data at a gigabit per second. You can blow through a terabyte really quickly. And then my AT&T is like 50 Megs, so that is most definitely my backup. And I don't know if it'll work for streaming we'll have to see. But that is my non Cloud related not news for the week.
- [Scott] Good for you. I'm glad You're geeking out in all the right ways over there.
- [Ben] Yes, I do. Outlook add-ins are a great way to improve productivity and save time in the workplace. And Sperry Software has all the add-ins you'll ever need. The Save as PDF add-in is a best seller, and is great for project backups legal discovery and more. This add-in saves the email and attachments as PDF files. It's easy to download, easy to install, and Sperry Software's unparalleled Customer service is always ready to help. Download a free trial at SperrySoftware.com, S-P-E-R-R-Y-S-O-F-T-W-A-R-E.com, and see for yourself how great Save as PDF is. Listeners can get 20% off their order today by entering the code, Cloud IT. That's Cloud IT, C-L-O-U-D-I-T, all one word at checkout. Sperry Software work in email, not on email. So should we get on to our topic or do you have any not news you wanna talk about? Any Build sessions we should pay attention to now that schedules out?
- [Scott] So I haven't looked at the schedule for Build, but I did go through my Build attendee box and hang my lanyard up with all my other lanyards. I think there's gonna be in general, I think Build will be a little bit more developer oriented this year. It looks like it has less kind of market texture sessions. Like certainly there's the keynote and things in the beginning. But there's a pretty wide variety of sessions out there, wait, I think I saw in the catalog, they even have a couple of sessions on, like, dedicated to Rust. They're going in a certain way. If you are signed up for build, awesome, go take a look at the catalog. If you are not signed up for Build, go register and put that in and or go view any of the videos or things afterwards. It looks like they're limiting session registrations. So some sessions are filling up, which I find funny.
- [Ben] You know what I just realized, Build's gonna be over by the time people hear this, I think.
- [Scott] Yeah, well, well they can go watch the video soon.
- [Ben] Go watch the videos.
- [Scott] They will all be recorded.
- [Ben] Yes, if you're listening to this sorry you missed Build go find videos.
- [Scott] It'll come back around again. It'll be there someday.
- [Ben] Yes exactly. I did not get a Build box, I was not on the, I was not quick enough, I was too slow. Because it looks like they only sent those out to like the first few thousand attendees. I don't know how many the first few thousand is, but I was most definitely not in the box list. And I think I've seen some others that were not in the box list as well.
- [Scott] Gotcha. Yeah, I was so it was a, what was it? It was like a bamboo lunch box. It was some stickers, some socks, a lanyard and kind of a welcome to, oh welcome to Build card so.
- [Ben] Got it.
- [Scott] So it was a nice thing to get. But it's not like you're missing out on a free surface go or something like that.
- [Ben] Well, I kind of wanted the socks. But other than that, I'm fine. However, if you are listening to this, and you missed out on the Build bikes and you want swag, let us know via Twitter or Facebook or some way, go to the podcast, leave a comment. Because we have a ton of stickers that we don't have anywhere to give out because life has been canceled. And we will send you stickers because I have like 500 of them in my office and nowhere to go with them. So it does not Build swag, but we have swag, if you want it, let us know we'll send it to you. Shameless self promotion of the podcast and our stickers.
- [Scott] Gotta do what you got to do.
- [Ben] Hey, it is what it is. All right, so our topic today, we previewed this topic last week. We said we would talk about it, so we probably should.
- [Scott] Okay.
- [Scott] Let's do it.
- [Ben] It's Friday afternoon. It's been a lot of time inside our practical guide. So this is all coming from one article that you sent me that I have not read yet because I am way behind on my RSS blog reading, or I just didn't see this. But this is a practical guide to securing remote work using Microsoft 365 business premium. So last week, we had kind of talked about, hey, Microsoft 365 business premium is not as bad as those business plans used to be, it's probably worth going out looking into, definitely a better service than it used to be with some of the changes, improvements, services they've added. And now there's this practical guide that gives you a whole bunch of recommendations, configurations, things to do to help secure that, especially in this world of remote work. So we said, we'll kind of talk through this if you wanna go out and buy Microsoft 365 business premium, you have under 300 users, and you wanna know the best way to secure it. Here is some practical guidance from an article and from the mouths of Scott and Ben, and we'll see if we agree with this whole article. You know, I think guidance is good. You always have to pick what you're going to implement there. I see a lot of folks who get very frustrated when service providers like Microsoft come in, and not sometimes only say, here's some guidance for you, but they potentially implement that guidance automatically. So maybe like turning on MFA for your accounts or things like that.
- [Ben] Or security defaults.
- [Scott] Or security defaults, what used to be baselines, yes, all those kinds of things. I think it's nice. Well, it's easy to fall into the trap of saying they keep turning this stuff on. So I'm just gonna ignore it and kind of go to the side, versus hey, they keep turning this stuff on, do I need to use all of it? Or should I maybe actually be using just some of it? Like, let me take a look at some of the things they're doing and see what needs to happen along the way, because your situation is gonna be different than mine. So when we break down some of the features, it's very much and it depends, or situational kind of choice for us to see where we wanna land out.
- [Ben] Right. So this article kind of walks you through, and this article does that a little bit too. It helps you think through some of it. So the first part has some these steps and actually enabling it. There's seven steps that it walks through in terms of, like setting up your tenant identity protection, email protection, information protection, Team security devices and remote access. But then as you go down, it also says so as you go through these phases, different companies, different SMBs, in this case, because we're gonna be primarily looking at under 300 users due to the license constraints. Fallen to typically two common scenarios, although there's probably people that fall somewhere in the middle of this, they want certain features, they don't want others maybe compliance. But they have a normal scenario, which they consider a typical business that wants to enable secure, remote work, balance, kind of ease of use with security, and then a high risk for somebody that is really trying to maximize security, maybe they have HIPAA compliance needs or other regulatory requirements, that cause them to need to be significantly more secure, than they are, normally or than they are by default. So it gives different settings and different things to think about in these two different scenarios. And like you said, you could fall somewhere in the middle, you don't necessarily need all of these, it's gonna guide you through what Microsoft might think you need, given one of those two scenarios.
- [Scott] And these aren't the only two scenarios that are out there. So I would also encourage anyone who's interested in security guidance for Office 365, or Microsoft 365. Maybe you're listening to this and saying, well, it's great that they enable these features for Microsoft 365 business premium, but I might not have all these features just with my Office 365 E3 or E1 or F1, whatever it is. They actually do publish way, they publish deeper guidance, and I wanna say it's way better. But it's much deeper guidance out there, for different types of organizations. So one of the ones that I like to go to for security guidance is one that's for political campaigns. So if you think about political campaigns, they're typically going to have not the most computer savvy types of folks who are gonna be your most high risk targets. Their job isn't to use computers, their job is to be politicians. And, you know, hopefully, most forward a little bit.
- [Ben] The ways we could go with this discussion right now.
- [Scott] I understand that, but I look at things like that. Like, it doesn't matter if you're a politician, or you are someone who works in the HR department at your organization, like you're probably not a computing expert there either. And especially with the tools that we give you with email, and SharePoint, and Exchange, and Teams on the back end, and Yammer and all these other things. So I think a lot of those guides are super helpful as well, so I'll make sure I put a link to, to that guidance out there. Like I think everybody should look at the one that's guidance for political campaigns and non-profits. Like take those two and and go through them and take a look at what's in there. And I bet no matter what your organization is, even if you're not a political campaign, like if you are an enterprise, a small business, a medium business, you will find some actionable guidance in there.
- [Ben] Yeah, well, I think that's a boat, a lot of SMBs find themselves in. And I've had some clients too, that are not the 300. But their five, 10, 15 employees, kind of like you said, they're not all computer savvy. They're not necessarily focused on security. Some of them may even be dealing with HIPAA stuff, you think about like a small dentist office or doctor's office or something like that, that these are gonna be really good guides for them to go through or to have someone sit down and go through with them, to really help secure their Office 365 environment, especially given the current state of things with everybody working remotely working from home, maybe working on their own devices at home, there's a lot of things to still think about and consider for those types of companies.
- [Scott] Just a few.
- [Ben] So should we start working their way kind of through this article and talk through some of the things that they recommend?
- [Scott] Yeah, let's do it.
- [Ben] All right, so the first area, setting up your tenant, most people have probably already gone through this, they have one set up, if they don't, these are things you can think about setting up, or settings that if you do have it, you may wanna go in and think about going in Configure. So these are gonna be tasks that you're typically done, when you set up a new tenant, things that you think about them. Again, you might go through and change them. So this one when it comes to recommended settings for normal versus high risk, there actually is no difference. All of these sections are going to give you a table, and at the top, they have the task, and then a column for normal and high and then underneath they have explanation of what you should do. So setting up the tenant, at least when it comes to just that initial setup, it talks about deciding between like hybrid and Cloud only. This one is really gonna depend not so much on if you should set it up or not. But if you have on Prem AD or not. I would argue, no matter who you are, if you have on Prem ID, or on Prem AD, you should be setting up hybrid, you should be using Azure AD Connect in sinking your tenant or your users up there. If you don't have a current AD on Prem environment, and you don't ever have plans for one or need one. There's no reason to do hybrid. So this one essentially says do hybrid, do Azure AD Connect. Yeah, as long as you have an on Prem AD controller, do it, do a password hash synchronization, enable Single Sign On, use your user principal name for your primary attribute, set up password right back, so you can do your password resets in the Cloud. If you're gonna migrate email, you can think about that. And then set up your DNS based on what you're gonna use it for. That one is pretty straightforward in terms of setting up your time. And I think I don't have a whole lot on that, that I would say, think about other than do you have an on Prem domain controller or not?
- [Scott] Yeah, I think one consideration there is lots of people tend to read Microsoft's documentation, and especially in areas like hybrid identity. So you'll walk down that path, you'll say, great, I have on Prem AD, I'm gonna do AD Connect. And I'm never gonna do Cloud Identities for anything. Just make sure you leave yourself that Cloud Identity for a break class account, or like emergency access to your environment. So don't lock yourself all the way out of your tenant, by doing something crazy along the way. But most of it's pretty straightforward. And AD Connect is about as next, next, next of an implementation that you can get these days. So especially if you just need it in its default state to get you up and go, and get your on Prem identity, into Azure Active Directory, and then being able to consume those entities, so those users and groups directly within your M365 services or your Azure services, or other services.
- [Ben] And the other thing I would say is, so this gets kind of goofy. I don't know if this gets outside of SMB or not. But as you get further down through this article, it does talk about like Windows Virtual Desktop, for doing remote access RDP into those terminals using the virtual desktop. If you think you're going to go that route, which is like way down in the document, you may actually want to set up an AD Controller , or an AD server in Azure. So just because you may be Cloud only, doesn't mean you don't want that Domain controller up in Azure, especially if you are going to do Windows Virtual Desktop because right now some type of domain controller either Azure AD Domain Services, or a standard domain controller is required. Truth be told, a standard AD controller is cheaper and it was. And is required.
- [Ben] And is required, while you can do it with Azure AD Directory services. But that one gets more expensive. And it's not quite as straightforward when it comes to setting things up, in my opinion as, just throw up a domain controller and sync. Through domain controller, cheap VM and Azure, sync it up to Azure AD with Azure AD Connect. And then you could do Windows, Virtual Desktop and some other things as well.
- [Scott] Yeah, your possibilities certainly start to open up.
- [Ben] Yeah, I actually have that running in my environment.
- [Scott] Once you give yourself some of that flexibility.
- [Ben] I'm just one person and I have it set up so I can play with stuff, test stuff out, use it for different things. So kind of once you have that setup it taught goes through some of the identity protection. This gets into what you said planned for admin access, who's that admin gonna be? Like you said, do a Cloud account. Don't do all synced accounts. Set up some dedicated admin accounts. Don't make all your users admins. The one difference they have here is going security defaults versus conditional access for normal versus high risk. I would do conditional access for everybody. I don't like security defaults and 100% transparency.
- [Scott] If you're licensed for conditional access, it's going to give you the most flexibility. And flexibility in this case is gonna be really, really key to getting getting you going. And kind of being agile as you approach your implementation of zero trust and identity security within there.
- [Ben] And if you're talking Microsoft 365 premium, you're gonna have conditional access, because it's now included with all your Microsoft 365 business premium subscriptions. So I've seen people saying, hey, I wanna do MFA. Why is it only letting me do the app? And a lot of people didn't realize or didn't catch that when security defaults became the new default, that doesn't allow MFA with anything except the authenticator app from Microsoft. So that in itself is a reason to go to conditional access because how many times does the app network, you're in a spot where your phone's not giving you a push notification, if you just wanna be able to log in with a text message, or you need to give somebody else the text message, for some reason to be able to log in as you and take a look at something. Not a best security practice, but let's face it, it happens where you need to give somebody the code so they can log in with your account for whatever reason, they're getting a text message, you wanna be able to pull a code off their phone, all of that you can do with conditional access security defaults, you're locked into that app.
- [Scott] Yeah, we'll just leave it as friends don't let friends do security defaults, if they have better options.
- [Ben] Yes, absolutely.
- [Scott] I think the thing there is really you're talking about kind of a range of functionality and the options that are in front of you. So depending on your licensing, should you wanna put yourself in a better posture, there is an option out there for you. It's just, it's like everything else. It has constraints and considerations. So are those gonna drive the right behaviors, or allow you to continue to do business the way you wanna do business? If the answer is no, then don't implement.
- [Ben] Yep, absolutely.
- [Scott] That's part about Cloud. Being really straightforward and self aware as you assess features.
- [Ben] Did you just use Cloud and straightforward in the same sentence?
- [Scott] I did.
- [Ben] It used to be.
- [Scott] Oh, come on, it still is.
- [Ben] Once upon a time. Okay, so what about email protection? Any thoughts on this one?
- [Scott] I think for most customers, like if you're looking at M365, hopefully you're looking at migrating the majority of your email traffic and mailboxes, and underlying workloads that are supported by those up to Exchange Online. I think you get everything into Exchange Online and it just makes your life easier. Whether it's storage, having access to potentially EOP or other types of filtering technologies that are up there. You can do like Native Office 365 quarantined, you can still use other third party quarantine services if you want to, like if proof points your thing, then go ahead and do that. It's still super flexible for you. But I think it just gives you a lot more agility when it comes to kind of if anything, even outside the security just mailbox management, 'cause you're not managing those on Prem exchange environments anymore and worrying about how much space did I consume? I'm I backing everything up the right way? Did we actually test our backups and restore, and all that just kind of falls to Microsoft, which gives you some more time in your day to do the important things. You just have to be aware again, of kind of like quirks of Office 365. And maybe the way like Microsoft automatically trusts other Office 365 tenants. So you might see weird spam and weird places, maybe you've got to configure some additional transport rules, but that's all pretty doable, and really, honestly well baked and well known at this point.
- [Ben] Yeah, and this one does have a lot of different settings that they have different recommendations for based on your normal and high risk. Some of their normal ones, I would take the high risk approach when it comes to some, some of those things like your DKIM and your SPF. I like my email secure. I feel like when you talk to different companies, that's the way most people get in, whether it's ransomware or getting user information or getting bank accounts. It is usually not because they guess your password. Well, that does happen. It is usually somehow through email that I feel like you hear about these breaches starting or that's where the information initially comes out. So my opinion when it comes to email is, I would probably go with some of the high risk scenario settings or all of the high risk scenario settings no matter what boat you're in, because that does tend to be a point of data leakage.
- [Scott] I think one thing to consider there is, lots of people look at maybe some defaults that are here. So like enable a transport rule to block auto forwarded email. Like, all right, that gets you a little bit of the way there. But let's be honest, transport rules are way more powerful than that. I recommend if you're looking, Microsoft doesn't give like great recommendations for default transport rules or like things you should think about implementing on top of that. Thankfully, we have fun folks on the internet, like SwiftOnSecurity, who have authored like GitHub repos that are full of just really awesome anti-phishing exchange transport rules, that you can go and implement. And you do that plus quarantine. And you're in just an awesome place for kind of cutting down on all the noise that comes through in your life and hopefully making everything better for those users along the way. Right, the more that you can filter out and be sure that it's gone, the less you need to be in front of your users all the time going don't get phished.
- [Ben] Yep absolutely. Yeah, there's spend a lot of time on the email security is kind of what would come out of that. We'll put some links to some of that in the show notes as well. As IT professionals in the Cloud era, sometimes that feels like we don't speak the same language as the rest of the organization. So when stakeholders from finance or other departments start asking about a specific project or teams Azure costs, they don't always realize how much work is involved in obtaining that information. Sifting through cluttered CSVs and a complex mess of metadata, in order to manually create custom views and reports. It's a real headache. On top of helping you understand and reduce your organization's overall Azure spend, ShareGate Overcast, lets you group resources into meaningful cost hubs and map them to real world business scenarios. This way you can track costs in the way that makes most sense with your corporate structure, whether it's by product, business unit, Team or otherwise. It's a flexible, intuitive and business friendly way of tracking Azure infrastructure costs. And it's only available in ShareGate Overcast. Find out more on sharegate.com slash IT Pro. So the other area that's kind of along the same lines with email security is your information governance, especially if you're starting to put documents up in SharePoint, you have documents in your Team's files, which newsflash is also SharePoint, if people have missed that. So if you have files in SharePoint, even through emails, that information governance policies, some of the recommendations here, apply to all of the content. Some of its applies to Teams conversations, to, like we said files, data in SharePoint, emails going out. This is when you're gonna start looking at setting up some of that data loss prevention. And they do have recommended default policies for data loss prevention. And if you do need to go to that other level where you need to start putting things like HIPAA in place, or GLBA, or CCPA, although CCPA doesn't really apply to data loss prevention. PII, all of that type of stuff. There are a lot of pre-configured data classification types that are out there in Office 365, that you can configure to help that data from leaking out. So this isn't about a hacker getting in, or somebody sending you a hacking email as much as it is making sure you're not compromising information that you hold, whether it be on employees, or patients or anybody else. But protecting that with some of the data loss prevention, you have email encryption, so you can send encrypted email based on subject lines, based on auto detected information using something like sensitivity labels in Office 365. There's retention policies that can get put in place if you're in one of those companies where a law office or CPA where certain data has to be retained for seven years, or if you as a company didn't retain your financial data for seven years, and you wanna put those retention policies on data, you can set up retention policies, sensitivity labels, again, to classify data as a certain type of information, whether using some of that default sensitivity labels or creating your own, to really help categorize content that's within your Office 365 environment. And then apply policies to it to help ensure that, that data is being handled properly.
- [Scott] There's way more to dig into on that one. I always think some of the compliance features that come up along the way, with, particularly once you get into like Microsoft information protection, it looks just like a race car zooming off into the distance, and you're kind of standing there going like, whoa, I can't see any, I can't see it anymore. And it's also an area that's rapidly changing. So the one thing I think, like when it comes to Information Governance, it's always a good idea to just do the kiss thing. Like, really keep it simple. Start small, and if you see something you don't understand or you don't know about, or you don't think it's helpful, like, just skip that for now. That's okay. Not a problem. Easy enough, you can always come back and do it later, or you can wait until there's more guidance out there. I think today, if you went and read, like the documentation for how to implement, like auto classification with sensitivity labels, you go cross eyed and just banging your head against the desk for a while. And good luck if you can actually get it done.
- [Ben] Yeah, and maybe it's my background. But even going through this, I would consider this one of all of their recommendations. The most complex and the most time consuming to properly set up and configure. Like if I had to go implement this for a company, this would probably be the first one of all of these, that I would go look for somebody that's an expert in information, government and or information governance, taxonomies, content management to help me with, because this is, this topic if you like more than other tends to involve different things with legal departments, with HR departments, understanding laws and regulations, and all of that. This is not a simple topic, in my mind, or as simple as all of the other security topics discussed. And like you said, just if you're gonna do it, definitely start simple and keep it simple. Even if it's just starting by encrypting email and giving users the option to throw something into the subject, confidential, whatever, and encrypt email with a certain information in it.
- [Scott] Yeah, I think it's a hard area to get into. Like I said, like the guidance there is rough in the Docs. And if you think about a customer implementation thing for just about all these other areas, we could say, hey, if you have enough seats, go and do fast track or something like that, like there would be somebody at Microsoft who could help you even from a first party vendor perspective, for all the time that MIP and information protection and all these features have been out, Microsoft still has not GA'd a compliance offering within FastTrack. Like they're getting ready to do it now. But it's been out for a few years, like in the field as a feature. So I think even from that side, you know, finding something outside of Docs or actual information, you're gonna be stuck with either blogs or consultants. And if that's not your thing, then just wait a while. It'll come eventually. Hopefully.
- [Ben] And if you love it.
- [Scott] I'm just hoping it will.
- [Ben] If you wanna get a little bit more of a complete story, I would say it is by no means a in depth, but we did have that podcast interview we did back at Ignite September, where we kind of talked through, kind of the roadmap 'cause this product has changed names. Its functionality has evolved. We have a whole podcast just on the whole AIP, MIP, whatever the first letter is, IP, roadmap story where this is all going, how it's all evolved. And a few more details about some of this stuff. So we'll link to that one in the show notes as well. As article keeps going, Scott. Well, there's a lot more there. you still got Teams, you got Device Management, you've got access to other apps.
- [Ben] Access to other apps, we should at least do Teams and Device Management, we're gonna lose our reputation for a nice 30 minute podcast. But security is important. Configuring team security. So some of this ties into your information governance, because you're gonna have the DLP and it ties into SharePoint security. But there's also different things you want to think about with Team security. And there's a couple I wanna call out on this list in particular, or one is that, third party Cloud Storage. This is one a lot of people don't realize is that, by default in your Team's environment, if users go to files and add storage, they can add Google Drive box, Dropbox, and Citrix ShareFile. And I think I saw ignite is coming, not ignite the conference, but ignite like e.g. NYT I think.
- [Scott] Yes yep, that's gonna be a new one.
- [Ben] Those are all coming. And anybody in your organization by default can add those to a Team sign up with an account. And all of a sudden, you could start ending up with files in one of these third party services. And not necessarily be aware of it, mic stuff does give you the option to go in and turn all of these third party Cloud Storage options solutions off within your Team's environment so users can't add them. That is one that they're recommended settings for a normal scenario is to leave it as default let people do that. I would argue that that one should maybe even be off by default, because now all of a sudden you start having that information, data leakage into other services, especially if you're trying to get into the whole Office 365 ecosystem, do the DLP, setup the security, that's a big one in my opinion, in this list of recommendations.
- [Scott] I'm with you there, I don't think you enable that one by default, especially if you don't understand what Cloud Storage Services are being used with in your organization. Now if there is any question where you can't walk in and say, yes, people are using Dropbox or Google Drive, or anything else, then you don't wanna just let them arbitrarily add that to Teams, and then have that option there where they can easily have ex filtration of your company's data out to those services. It's not that you still can't have that because obviously, they can open a web browser, they can drag and drop into Google Drive for whatever it is, but you're at least making them go through the extra hurdle of doing that until you can implement some of those other solutions, maybe like a cas-bee, or something like that.
- [Ben] Yep, couple other ones you may wanna think about is Guest Access, if you're gonna allow, allow your users to invite guests into your Team's environment. Teams environments to users, are users allowed to create teams on their own. If you're doing Office or Microsoft 365 business premium, you're gonna have the MS, which means you have AD premium, which means you can go limit group creation, which would in turn limit Team's creation, so not anybody could do that. External chat if you're gonna allow users to chat with other Teams users, external users, external Skype commercial users. And then you do have a bunch of policies, you can go configure as well around what people are allowed to do in Teams, in terms of what types of messages they can use, what types of ad-inns they're allowed to use. Different settings there, but I think some of the users create Teams, third party Cloud Storage, and possibly external chat are some of the bigger ones there that you probably wanna think about going in and configure when you're getting going.
- [Scott] Yeah, I think they're the most light touch too. When you get into the messaging policies, there's so many of them. And I think it's easy to get lost in kind of the sea of configuration options that's available to you. And then once you go down the path of customizing messaging policies and meeting policies and settings and things like that around them. All of a sudden, you're off the beaten path. So you might not get Microsoft's defaults in the future. You have to pay attention when new defaults come, or those features that you want, don't want, which accounts do you apply them to? It's a lot more operational overhead for you.
- [Ben] Exactly. And then if you are using Teams, and there's involved with files, there's the whole SharePoint, to think about too, with the files in SharePoint. Device security, this one is also can be very complicated depending on what you wanna do with devices. I think there's some simpler things you can do there, especially with some of the main policies that we've talked about before. It's been a while, but there's a lot of things you can do around managing devices, without, sounds funny, managing devices without actually managing devices, and more managing the data and the apps that are on those devices.
- [Scott] Yeah, well, I mean, we've talked about that in past, I think it's all about your posture and, are you BYOD like, it was like how do you view that for your organization? And where do you wanna be, heavy handed or not heavy handed within there?
- [Ben] Yep, sorry. And it's not MAM anymore. If you don't look for MAM, look for app protection policies. And if you want the acronym for app protection policies, that's app.
- [Scott] Yes, why would it be called the same thing that all the other vendors call it? That would be too easy?
- [Ben] Yeah, I mean, you do have Intune. So if you do wanna do the whole full blown Device Management, you can use Intune. You can do Device Management. Most of the time, like we said, that app protection policies and conditional access, combined can do a lot to really help secure your data when it comes to different devices, mobile devices, that type of stuff. So that's always where I start with clients. When I start looking at that is that app, those app protection policies and conditional access?
- [Scott] Yeah, I mean, they're easy to get going with, like they're nice, they're consumable, and to a certain degree, you can like next, next, next, your way through a lot of those?
- [Ben] Yep, absolutely. And then the last step they have in here is securing access to other apps. I would say this one also gets a little bit more complex, they start talking about split tunneling your VPN, setting up single sign on with third party apps, standing up Windows, virtual desktop. These are gonna be a little bit more complicated. Some things may be a little bit more costly, something like Windows Virtual Desktop, while the licenses are free for Windows and the apps, you still gonna have to go start setting up Azure, paying for VMs, that type of stuff. I will say though, that Windows Virtual Desktop in terms of a configuration and standard up, is relatively simple. I've done it in about four or five hours. I actually have one set up right now that I was gonna use for a demo that I have like, five different test users, they can all log in, they can get into different desktops, use Office 365, use Teams. It's a nice solution if you're a small business looking for a VDI type solution.
- [Scott] Yeah I mean it's turnkey, and if you're getting into it today, you're getting into the new version of it, so you don't have to migrate, which is nice.
- [Ben] Yes, if you can actually like configure it in the UI, instead of having stuff that's only visible within PowerShell.
- [Scott] Well isn't that nice.
- [Ben] I like night gooeys. But yeah the Azure AD Single sign-on with those small business plans, you're going to have that option. You're gonna start, there's usually some configuration that goes in there, and sometimes it's also how you're licensed with those third-party apps, and if those third-party apps support Azure AD single sign-on, a lot of them do, I think there's over 3,000 Cloud apps or other apps that are listed in Azure that support Single sign-on, but some of those you do have to like upgrade to higher licensing levels for those other Cloud apps in order for them to support Single sign-on. So it's not just I have Azure Ad Single sign-on capability, so I can go do this with all the other apps, it's do those other apps support it, I'm I licensed for it in those other apps as well.
- [Scott] Yes, yeah it's a little bit of a rabbit hole for that one.
- [Ben] Yep, So that hits all of the topics in this article, again definitely go check it out if you're looking to enhance your security posture, you wanna know are you following some of the recommendations, let us know if you have any questions about us, 'cause that was a high level overview of all of them. And with that, we didn't do too bad Scott?
- [Scott] No you did good. I don't know how I did. But you did great.
- [Ben] You did fine. I don't think I have anything else. We can rap it up at 45-ish minutes.
- [Scott] Excellent. Thanks Ben.
- [Ben] All right. Thank you Scott, go enjoy your day, enjoy your weekend. As always stay healthy, and we'll talk to you next week.
- [Scott] Have a good one.
- [Ben] If you enjoyed the podcast, go leave us a 5-star rating in iTunes. It helps to get the word out so more IT pros can learn about Office 365 and Azure. If you have any questions you want us to address on the show, or feedback about the show, feel free to reach out via our website, Twitter or Facebook. Thanks again for listening, and have a great day.
Enter your name and email address below and I'll send you periodic updates about the podcast.
Podcast: Play in new window | Download (Duration: 30:01 — 20.6MB)
Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | Spotify | RSS
In Episode 176, Ben and Scott dive into the April announcements around feature updates to Microsoft Teams, Microsoft Threat Protection, and Azure Active Directory.
- Welcome to Episode 176 of the Microsoft Cloud IT Pro Podcast, recorded live on May 1, 2020. This is the show about Microsoft 365 and Azure from the perspective of IT pros and end users. Where we discuss a topic or recent news and how it relates to you. In this episode, Scott and Ben discuss some of the recent news from the month of April, including some upcoming conferences, Azure AD Security, and Microsoft Teams.
- I feel like April was never going to end.
- Well, it has, I mean, it's still might not have, but officially on the calendar it has. In our brains and collective consciousness it may have not.
- Yes, but the good news is, at least here in Florida, we are slowly starting to open back up. The question is, are you going to go out and do anything, now that it's opened back up?
- Well, we chose to open on our day of highest deaths. So my personal approach is to stay home a little bit while longer.
- You've already had it, you're immune.
- We'll see, I'm thinking about paying the 120 bucks to get the test, just to find out.
- Are you just to find out if you had it or not?
- Yeah, some of the labs are starting to get it. So Quest has one.
- Got it, interesting.
- And less little antibody test.
- I saw the mall, town center is going to open Monday, I think is what I saw. So yeah, stores, restaurants, I think they said are gonna open, but they have to be at 20% capacity. I think it was or 25% capacity.
- Yep, 25 here.
- So, we'll see. We haven't gone out and done a whole lot. We've started to see a few more people. I'm getting kind of stir-crazy and I don't know, like, I feel like we've flattened the curve and we don't need to talk about this too long 'cause we have other topics to talk about. But it's like at what point in time do you just have to start going out? Because obviously vaccines are gonna be a long way off. It feel like the curve is starting to flatten out. So I'm kind of getting close to that approach of, "All right, it's time to start getting out, "seeing some people doing some normal activities again." So yeah, my two cents.
- Slowly but surely, like get back out, see family, things like that, where you can and where it makes sense.
- And that's what we did. My wife's family came over the other day and they didn't even come inside. We actually just sat outside at the picnic tables, in the park next to our house. And it was her sister's birthday, so it was fun. It was fun to see them, we hadn't seen them in like a month. So all good, but there's some other events coming up now too, that are free. So there's some silver lining in all of this. There are some free events coming up that people can participate in.
- Nice, what type of free events are coming?
- Yes, what type of free events? So as an IT pro and as an IT pro-ish podcast, one may or may not appeal to a bunch of our audience, but Build, I have never been to a Build. This year I'm going to Build Scott, virtually because it's free and it's virtual. So that is one of the events coming up. I think you registered for it the other day. I registered for it last night. So I am going to try to keep some of the sessions. Sometimes there's some interesting things that come out of Build, especially around late Visual Studio Code or some of the PowerShell or source control stuff that I use with my PowerShell. There's always stuff that comes out around Azure and things that, well, we may not go Build applications. They still can be applicable to IT pros in terms of how you manage what developers may try to do to your environment based on new capabilities being released. So even though I'm not a developer, I still try to keep track of some of those developer-ish type conferences.
- Yeah, so I think there's some exciting things that they have planned this year, if anything, just in the delivery model that they're going to use for it. So not only is registration open and certainly you should go register because it is a free event. I think there's some constraints there for a lot of us. Like one of the things I love about, you know, going to conferences, isn't just the networking. Like that's certainly valuable. But if you are going to go to sessions, you're there and it's much easier to go and not be distracted by work. So I think lots of people are gonna be potentially competing for work over May 19 and 20 while this goes on, but it's gonna be a 48-hour event and it's gonna be running for 48 hours straight, which means you're going to have coverage in geographies, which would typically feel like they would have to miss out on an event like this, just due to time of day. So if you think about folks over in Australia, and APAC, and certainly Europe and things like that, everybody is going to be able to get in on the fun.
- Yeah, it should be good. And there's another one coming up that will be short. Let me think, it'll be the day after this recording goes live. Office 365 Nashville is doing a virtual one. So Daniel Glenn is kinda spearheading that one and that one is going to be on May 8. So this episode should come out May 7. I think registration will still be open, but it's a free virtual event that you can go sign up for. I'm actually speaking at that one because it was virtual and enabled me to speak at that one. So that one's coming up, we'll put a link in that one, if you wanna go register there. And then there's also one that Joel Oleson is doing. I can't remember the name of it right now, but we'll put it in the show notes.
- Yeah, My 365 something or on there.
- Yeah, it was gonna be like the virtual Olympics and then they ran into like some trademark issues because apparently Olympics is trademarked. Imagine that, who saw that one coming? Marathon, Virtual Marathon, I think is what it is. But it's another Microsoft 365 free Virtual Marathon. I think that one's like 36 hours straight. And I've seen like, he's trying to get 900 live sessions over the course of 36 hours.
- That's gonna be quite a bit.
- Yes, we will find the link for that and put that in the show notes as well.
- Outlook add-ins are a great way to improve productivity and save time in the workplace. And Sperry Software has all the add-ins you'll ever need. The Save As PDF add-in is a best seller and is great for project backups, legal discovery, and more. This add-in saves the email and attachments as PDF files. It's easy to download, easy to install, and Sperry Software's unparalleled customer service is always ready to help. Download a free trial at SperrySoftware.com. S-P-E-R-R-Y-S-O-F-T-W-A-R-E.com and see for yourself how great Save As PDF is. Listeners can get 20% off their order today by entering the code cloudIT. That's cloudIT, C-L-O-U-D-I-T all one word at checkout. Sperry Software, work in email, not on email.
- Those are all the events I have. Do you have any other ones that I didn't think of?
- No, we did just have the Virtual Azure Global Bootcamp, which passed. But lots of these sessions for that were recorded. So if anybody did miss the 2020 Azure Virtual Bootcamp, just hop on YouTube and search around for some of those videos and things that came out from all the wonderful speakers who put their time into it.
- All right, sounds good. Yeah, we didn't do much here because it was all virtual. So who knows if they do kind of an in person one later this year, maybe we'll try to jump on, maybe we'll just have to wait for round two and come back to it in 2021.
- It'll still be there.
- Yep, it will, hopefully I'll in person again. So there was also some news that came out these past few weeks, different things around Azure, some office 365 stuff, some Azure AD stuff, some that spans all of them like Windows Virtual Desktop. So we decided we'd just dive into some of these news articles that have our news announcements that have come out over the last few days. Take your pick. Which one would you like to start with?
- Let's see, I always like the identity stuff. I think they've done some good things there for customers, especially as some of the licensing has opened up like bringing Azure AD Premium P1 to the Microsoft 365 business here and things like that. And they're starting to open up the platform more and more for all customers. Which is always nice to see, especially in these times when everyone is working at home or remotely, or if anything, just on the go more than they are. I think that whole Zero Trust Model around identity and securing your identities and gating your access to all these resources, is super important. So one of the things they've done there is they've extended the ability to use Azure AD single sign-on for an unlimited number of cloud apps at no extra cost. And that's across every SKUs. So now in the past, you would have been limited in the number of cloud apps that you could add to a user. And then also the number that you could potentially perform SSO against your Azure Active Directory with. So this is using SSO with Azure AD, whether you're federated or unfederated. And like I said, it's available across all of the pricing tiers or SKUs of Azure AD, even Azure Active Directory free.
- Perfect, 'cause this used to be, I think the limit used to be 10, right? I think it was 10 apps.
- 10 apps, yeah but you were even limited within SKUs by how many apps you could have and some could have 10 cloud apps, but not SSO. And others could have 10 cloud apps with SSO. So now it's just open across the board, which is much nicer. I mean, it's more consumable. So you make those things more readily available and hopefully people actually use them. You know, that would be the next step is going out and getting folks to light up that feature and actually turn some of that stuff on.
- Well, and this is, like apps that are not native Office 365 apps to it. If you're doing third party apps or developing your own apps, this applies to those apps. Before it was like all the included apps were kind of excluded from those limits. They were all considered bundled in, but this is other apps that you set up SSL with, set up SAML authentication with, whatever he might be doing.
- I mean, it's interesting, like you talked about the Azure AD Premium coming to business and some of that, well, I get that some of these features cost Microsoft more money to let users use because of resources and whatever, by giving these to everybody, it's also helping Microsoft. Because the more people that roll this type of stuff out, the more secure the Cloud platform is gonna be. Because if everybody on Office 365 and Azure AD is using MFA, it's going to help Microsoft from a security perspective, protect their own platform by kind of minimizing those, their footprint, minimizing the security risks that are enabled by rolling these out to everybody and including them with all the plans.
- I also think it makes some of the security services more valuable. So if you look at the way Microsoft approaches machine learning for a couple of their different security products, if you think about risk-based sign-on with conditional access through identity protection, and even some of the features may be inside security products, like the Microsoft Threat Protection Suite or Azure Sentinel, things like that. They rely on signals. And the more signals there are, the better those services are going to become for everybody. In some cases yes, it's probably a little bit of loss on the money side, but it's potentially a gain in the features that you can offer in some of those other super sweet products that kind of build on top of everything that's there and make those true differentiators kind of across the market.
- Yeah, which there was another security. We'll keep moving on through the news. There was another security feature that there was a change to this past week. And that was the Microsoft Threat Protection is now gonna automatically be turned on for any eligible license holders effective June 1 of 2020. So approximately exactly one month from the day we're recording this. If you are licensed for Microsoft Threat Protection, which is, this isn't gonna be your lower SKU. So this is going to be Microsoft 365 E5, Microsoft 365 E5 Security, Windows 10 Enterprise E5, EMS E5, Office 365 E5. Are you getting the pattern here?
- Yes.
- And then some of those other plans like Microsoft Defender, Advanced Threat Protection, Azure Advanced Threat Protection, Cloud App Security, and then Office 365 Advanced Threat Protection Plan two.
- Some of those are interesting though, the E5s, they make total sense, but some of those like, Azure ATP was just a sub-SKUs of... 'Cause MTP is more of an overall, an overarching licensing suite that helps you bring alignment with unified reporting and some other things in there. But Azure ATP or Cloud App Security MCAS that Microsoft CASB, those were both just individual parts of that suite. Now they're saying, "Hey, if you purchase one part "of the suite, we'll give you the rest of it." So now they're saying if you have Cloud App Security and that's all you've done, you're gonna go ahead and enable some other features. Like you'll get features in Office 365 and ATP and an Azure ATP without having to do anything. Which simplifies that whole licensing thing.
- I was gonna say, just reading through this list, really reading through that list as I was listening to myself, say it out loud, I'm like, "Their naming and their licensing is getting "completely out of control." The fact that you have Microsoft Defender Advanced Threat Protection, Azure Advanced Threat Protection, Office 365 Advanced Threat Protection Plan two, it is getting really hard to keep track of all of these SKUs and what's in these SKUs, and how these SKUs impact other SKUs, and all of that.
- Yeah, did you see the one about Planner going away and being renamed, Tasks, but it's gonna be renamed six other things along the way.
- I didn't see the six other things, but I did see that that is gonna be Tasks now.
- Yes, so as we roll out the Tasks experience on Teams, desktop clients, the app will initially appear as Planner to users. The name will then temporarily change to Tasks by Planner and To-Do, and later on, it will be renamed to Tasks. I think it's the first time I've ever seen. I've ever seen an announcement that of all the product renames in one place.
- Which I don't know why it wasn't Tasks originally because you know what the URL for Planner is, don't you?
- Yes.
- It's tasks.office.com. I mean, Tasks would have probably made sense right out of the gate. I don't know, but now people are gonna be, "Did you add it to Tasks?" And it's going to be, "Well, which Tasks? "My Outlook Tasks, which then go to To-Do, "which To-Do also pulls from Planner, "which is now gonna be Tasks." Or you have your Tasks in OneNote, like I get naming things after what they do. But if you're gonna name something after what it does, you can't have five or six or seven or eight things that all do the same thing and name them all the same thing.
- A task is a task, is a task, is a task, except when it's not a task.
- And that's only when it's in the Task app or one of the several Task apps.
- Nice and easy, right?
- That add-in 'cause I know, that add-in that I talked to you about earlier, it just crashed again. I've been having problems with Edge on macOS. Anybody else who's has had problems with the... I'm running the Canary Belt. That's probably my problem.
- Yeah, Canary's had some weirdness going on lately.
- Yes, especially in macOS. But that being said, I just lost all of my notes 'cause not only does Canary crash, it will not allow me to reopen it until I restart my computer.
- It's a feature.
- Something like that. So yes, guy will pull up some more links, but I am flying blind right now in terms of what I was gonna talk about. So Microsoft Defender Advanced Threat Protection, that announcement was made. What is Microsoft Defender Advanced Threat Protection? We talked about it's gonna be turned on, but we haven't actually mentioned what it is.
- I'll be darned if I know at this point. It's gotten kinda crazy out there with some of that stuff, especially when you consider some of the Defenders Threat Protection capabilities and how they integrate maybe with Intune and device management, and what you can push down on that side. That is a product that I too am waiting for clarity in.
- You would like to know what it does? So I have it running on my Mac 'cause they do have like the whole antivirus endpoint.
- Well, you have the EV component running on your Mac, but really it's more about that Cloud-based management and kind of all the other things that go into it.
- Yes, all of that as well. I lost all my articles, I'm trying to pull these all up while I'm talking. So yes, but it is going to be enabled. It's going to be on and it does, like you said, it varies. So there's a whole Microsoft... Well, then you have Windows Defender Advanced Threat protection too that ties into it. That's based on your SKU of Windows that you're running. There are a whole bunch of that go into it. We'll just put links in the show notes about Microsoft Defender Advanced Threat Protection and let you guys go check out all of the capabilities that are not going to be enabled by default. Because I think SafeLink, Safe Attachments, they all fall under that umbrella too, don't they?
- They should, as far as I know. But who actually actually knows at that point?
- Maybe we should try to find somebody from the Microsoft Defender Advanced Threat Protection team to explain it all to us.
- We should. We've had MIP folks before it, because for MTP and kind of that overall fish in there, 'cause it is interesting where it's been going. And once you do get in there and light all those products up, some of the new things that have happened over in security.office.com, particularly when it comes to like incident hunting, they are really cool.
- Yeah, we should, so if anybody that's listening is from that team or know somebody on that team that they can put us in touch with too, we'll go out and see if we can dig up somebody. But yeah, if somebody knows and wants to send them our way or make an introduction, we'll get them on the show and we'll talk about it.
- Just that easy.
- As IT professionals in the Cloud era, sometimes it feels like we don't speak the same language as the rest of the organization. So when stakeholders from finance or other departments start asking about a specific project or Team's Azure costs, they don't always realize how much work is involved in obtaining that information. Sifting through cluttered CSVs and a complex, massive metadata in order to manually create custom views and reports. It's a real headache. On top of helping you understand and reduce your organization's overall Azure spend, ShareGate Overcast lets you group resources into meaningful cost hubs and map them to real world business scenarios. This way you can track costs in the way that makes most sense with your corporate structure. Whether it's by product, business unit, team or otherwise. It's a flexible, intuitive, and business-friendly way of tracking Azure infrastructure costs. And it's only available in ShareGate Overcast. Find out more on sharegate.com/itpro.
- So Teams, Teams has had an endless stream of new announcements and features. I feel like everybody started using it and all of a sudden they wanted all these features, Microsoft, it's like they prioritize a bunch of features all of a sudden.
- Huh? How did that happen?
- I don't know. I don't know why.
- When you have 44% usage growth in one month and then in the next calendar month, you go up another 70% over what was your new 100%. It gets interesting fast.
- Yes, and all of a sudden, like UserVoice. It's like, "Hey, this UserVoice went from, "like 100 votes to 10,000 votes "because all of a sudden everybody's using it "and wants these features." I don't know if there's actually a feature that did that, but it wouldn't surprise me.
- So good news, drum roll, you now get more than four by four in a Teams meeting. You get, I mean not four by four. Won't four by four be nice? You to get more than two by two. You now get three by three. We went from seeing four users at once, Scott to seeing nine.
- Yeah, you did and you can still pin people too. So when you go into those classrooms or you know, if you're a teacher out there and things like that, you can still just right-click and pin and get the big face in front of you. So you can do "The Brady Bunch" view of the world or you can go to a number nine. Coming to a tenant near you. I mean, Brandy it's not the, what can you do on Zoom? Can you do 50?
- Sorry, three by three.
- What can you do on Zoom? I think you can do 50 on one screen in Zoom.
- It goes up...
- Significantly higher.
- It goes up quite a bit, yeah.
- But I did see Microsoft is planning to bring more. I won't lie, I thought they were gonna go up higher than just two by two to three by three. I thought they said they were gonna try to do it so you could see everybody at once. But right now you can put 250 people in a Teams meeting. Can you imagine 250 people looking at all of them at once? It'd be like little thumbnails on most people's monitors.
- It would be like a Zoom meeting. That's what it would be like.
- Yeah, they also increased another feature. In that article was, they increased the number of participants that can take place in a live meeting. So live meetings we used to have a limit of 10,000 people for live meeting. They have doubled that to now allowing you to have 20,000 participants in a Team's live meeting.
- Yes, they have. Limits continue to rise there. It's an interesting one.
- Well, because that takes a lot of resources. Like I thought they were hurting for resources, unless they've kind of gotten a little bit of a handle on that. I was surprised to see that big of a jump in the live meeting attendees
- Resource availability has actually gotten quite a bit better. So not just for Teams things, but I'm even seeing in Azure, some of the restrictions are starting to be lifted, which is very nice.
- Yes, absolutely. It's nice to be able to start using some of this stuff to its full potential again.
- It's like all of a sudden I can create Azure SQL databases. I finally found one of my articles again.
- What else was there? Simultaneous people raising hands is coming. So you're gonna be able to raise hand. Well, before we do raise hands, just on the limit thing, that is a temporary raise.
- Was that a temporary one?
- Yes. The defaults will raise until July 1st.
- Yes.
- And then in August they're going to officially make some changes. So they call out the 20,000 number, but they might settle on something else, you know, after that, if they see that there's huge uptake to the 20,000 number and all that.
- Yeah, it'll be interesting to see once all of this is done, how it changes companies views on remote-work. Or if people tend to work remotely more, if everybody's gonna be so tired of working remotely, everybody's gonna wanna go the office. Shall be interesting.
- I don't know, do you want to go to the office? I don't feel like I do. I'm good staying right where I am.
- I've been right where I am for the last, like 12 years anyways. So hasn't changed a whole lot for me. Background effect was interesting. This one just makes me laugh 'cause they announced background effects which you used to be able to blur, now you can add pictures and I think it was the, like they did this well, they really seating they're like, "We're not gonna allow you "to put your own custom pictures in, for governance reasons." Obviously, you never know what certain people may upload as a background image. I think that day they released this, all these articles came out about how you could just go into a certain directory on your computer and add your own custom images and have them in Teams. It took less than eight hours from when it was live to when, even though they didn't give you the option to do it in the browser, they made it really easy to do by just going to a certain path in your file system, on your C-Drive and adding pictures there.
- Yeah, I've been having a bunch of fun with that one. Made my wife's the envy of all her friends at school.
- Have you seen the articles about people that took, like a screenshot or a picture of them sitting in their office and then they put that as their background picture and they're not actually at the meeting. It's just their picture.
- Yeah, that's a thing that has happened as well. You give somebody a tool and they will absolutely take advantage of it.
- That, they will. Call recording, I mean there's a bunch we'll link to the show notes. There were some updates around devices, a few meeting control changes. Most of the other ones were small. You can do things like put system audio now into a live meeting. So if you wanna play a video and feed that audio back into your live meeting to send it out to everybody, you can do that. But I think that kind of hits some of the big Team's announcements that came out in the month of April.
- Yeah, that'll probably wrap up most of them, like you said, a lot of that stuff just roadmap anyway. So it'll be filtering out. The nice thing is they've been filtering out much quicker, like you brought up.
- Any other news topics you want to cover today before we wrap up.
- Well, since we're talking about end users things, I think a good one to talk about might be some impacts to how end users interact with Azure AD. So there's a couple new experiences that are coming. So all of the new "My URLs" of Azure AD have lit up. So if you've ever pushed out things like My Apps to your users, there's gonna be a new URL and effectively a new UI coming to that. So my applications.microsoft.com is live today and ready to go. So it's kind of like My Apps, but it lets you group your applications by workspaces. They've simplified access management requests. So things that might come through privileged identity management are now gonna be consolidated and available at myaccess.microsoft.com. Sign in information is consolidated at My Sign-ins. That one's actually been out there and kicking around a while. And there's also the new, myworkaccount.microsoft.com, which brings forward kind of what would have been your account portal inside of M365 or O365. So you roll that out, that's all the new look and feel. And then you've also got the new MFA, SSPR consolidated signing experience and things like that. So if you have some downtime and you're at a help desk or you know, you're working with your end user community, and now's a good time to update some of your documentation because now that the URLs are all out there and all live, you can go ahead and get up to date screenshots and everything you might need.
- Yeah, these are nice. The, My Applications one, there's My Groups where I can do groups and...
- So My Applications is an interesting one. That's a UI that's going to be surfaced in two places. So it's going to be at myapplications.microsoft.com. And then you can also go into office.com into the app launcher and you could get to all your apps there. So the UI there is going to stay almost the same as it is today. But when you go into All Applications, you're gonna have access to that same grouping concept with the workspaces.
- Got it, well, it looks like when you go start doing the groups that actually takes you over to your, it's a URL under youraccount.activedirectory.windowsazure.com
- Makes total sense, right?
- Yeah, it's kind of like the number of admin portals.
- Just a few of those.
- I forgot how many different Office 365 tenants I'm a member of, because on that My Applications tool lets you go, you can do a drop down and look at all of the organizations. So you can jump to see all of your apps between all the different tenants you're a part of. My list got rather long.
- It does creep up.
- How many you are in, you go through and look at it and you're like, "Oh, they never actually removed me. "I'm still a guest in their tenants somewhere, or?" Those are some good URLs to know about to bookmark.
- I have quite a few of those kicking around.
- Well, since we had a longer one last week, should we wrap this one up sort of on time?
- All right, just for giggles let's do it.
- Let's do it. We can go back and do some more real work.
- Yes, it's Arm Template Friday.
- All right, I'm going to go play with Azure. I've been playing with Azure more. I've been playing with Windows Virtual Desktop and domain controllers and IS so I'm going to go back and play in Azure some more this afternoon.
- All right, sounds like a plan.
- All right, go enjoy your afternoon, don't work too hard and we will talk to you again next week, Scott.
- Thanks Ben.
- If you enjoyed the podcast, go leave us a five star rating in iTunes. It helps to get the word out so more IT pros can learn about office 365 and Azure. If you have any questions you want us to address on the show or feedback about the show, feel free to reach out via our website, Twitter or Facebook. Thanks again for listening and have a great day.
Enter your name and email address below and I'll send you periodic updates about the podcast.