Azure App Service

Microsoft wants to provide wider tools alongside the lock icon to give users of Microsoft Edge more knowledge of website security. Specifically, the company is developing a solution that shows more details about a site in the information in a pop up.

Security is important, especially when browsing online. Many users are at risk from attack, so understanding if a website you visit is safe or not. A lock icon is a solid first step, showing that the site uses HTTPS and security tools like SSL encryption. However, it is no guarantee that the site is overall safe or not trying to scam you.

Moving forward, the pop up will show wider information about a site you are visiting, with details from Wikipedia. Ok, Wikipedia is hardly the final word in legitimate information, but the details should give users a solid knowledge of a site’s security.

However, it is easy for someone not associated with the website to edit a Wikipedia entry. There is some concern that the website may not agree with their depiction on Wikipedia. In other words, the information Microsoft presents may be incorrect or simply made up.

More Details

Microsoft has baked in a toggle to Microsoft Edge Dev and Edge Canary in testing. However, it is currently only available to select testers. As well as information from Wikipedia, the pop-up also shows social media pages associated with the site.

Also in Microsoft Edge Canary, the company is working on an “underside panel” that highlights the more important information from the site.

Tip of the day: With many reachable wireless access points popping up and disappearing again, the available networks list can become quite annoying. If needed you can use the allowed and blocked filter list of Windows 10 to block certain WiFi networks or all unknown WiFi networks.

Today’s Challenge

Cross-Tenant migration and integration projects increasingly use Azure B2B guest users as part of Microsoft Business-to-Business (B2B) account functionality to provide a richer collaboration experience during the coexistence stage of a migration project.

During a Merger and Acquisition (M&A) event, Enterprise organizations will allocate some users as B2B Guest accounts so teams from both organizations may share and manage information during the business and technology integration.

During these events, administrators or internal users will invite different people from the acquired organizations to participate in discussions, schedule meetings, and share data from Microsoft Teams, Groups, and SharePoint sites. These external users which now have B2B Guest accounts in their directory will eventually need to be migrated. But before that, licenses will be needed in order to create their mailboxes and OneDrive containers in SharePoint before any data can be migrated.

This is a problem for B2B Guest accounts as they don’t recognize being licensed and can’t own a mailbox in Exchange Online.  The guest account could be removed, and a new account created and licensed, but all the permissions previously assigned to files and shared resources would be lost, which causes other problems with email reply-ability and cached identities. And if the account is recreated, the end-user will be forced to manage two sets of credentials until they are fully migrated if they want to keep collaborating with the team members in the acquiring organization.

So how do we preserve permissions, keep collaborating without managing two sets of credentials while preparing the user account for data migrations?

Today’s Solution

The simple answer is conversion! This blog outlines how to convert your existing invited guest accounts to a standard member account to maintain the current assigned permissions, update the UPN and license the accounts to prepare for data migrations. And lastly, I’ll demonstrate how the access and collaboration experience for the user remains the same until the migration is finalized.

How to Convert to Azure B2B Guest Users to B2B Members

Microsoft presently supports inviting internal users to B2B collaboration where they remain as a member user type. Essentially, that is what I will demonstrate here, but in a different order. Instead of starting out as a Member User then sending an invite, we are going to start as a Guest Invited User but end up as a Member User that was originally invited to B2B collaboration; we will refer to this type of user as a B2B Member.

The conversion process is a multi-step process that can be executed through PowerShell, and the script you construct should consist of the key actions outlined in the remainder of this article. The commands below are only examples of how to execute these actions against a single user. Ensure you have the proper permissions and have installed the appropriate PowerShell modules, AzureAD, and MSOnline to complete these steps.

Start by logging into your target Microsoft 365 tenant with PowerShell where the Guest account currently resides. Before you get started you will want to get the Object ID for the specific Guest account you are going to convert to a B2B member.

Get the Guest Object ID
To find the external directory object ID of the given guest user, run this command:

Update User Type
To modify the User Type from Guest to Member, run this command:

Update UPN
To modify the login ID from the Guest format to a standard format, run this command:

Set the Usage Location
Before assigning a subscription plan the account must have a usage location assigned. To do so, run this command:

Set a Default Password
To generate a random default password and force the user to change it at the next login, run this command:

*Tip – This action may be run during the final cutover event if so desired. If your organization utilizes hybrid identity management, then I recommend you synchronize your Active Directory passwords to make the process easier for your users during the transition event.

License Account
To set a subscription plan for a user, in this example an E3 Enterprise Pack, run this command. Most contemporary migration solutions require the user to be licensed prior to data migrations, with some exceptions using native tooling.

Once the above actions are completed against the designated users, they are almost ready to begin migrations. The mailbox must finish being procured by Exchange Online and the OneDrive container must be provisioned either manually or using your chosen migration tool.

The Before & After Shots

Next, let’s take a look at the changes made to the user account from the Azure AD perspective. During my testing, I used a cloud-only Guest account, not hybrid, although the principle is the same in both cases.

Figure 1 displays the Guest account that has been invited to participate in B2B collaboration and the invitation was accepted. Also note the User Type is set to Guest and the User Principal Name is formatted based on how the account was initiated:

Figure 2 illustrates the same user account after the conversion has been run. The User Type has been updated, the UPN has been standardized and the invitation state remains the same:

What Does the User Experience Look Like?

To illustrate how a user’s access to shared resources between Microsoft 365 tenants is not interrupted during this process, let’s use an example of a Guest user collaborating in Teams.

Figure 3 shows our example user, Jane Doe as a Guest wherever her name is displayed. Jane can easily switch between organizations as illustrated in the right panel. Presently she is in a Team located in the target Microsoft 365 tenant where eventually she will be migrated. If Jane wants to connect back to her source Teams, then she can easily switch back between organizations:

In figure 4 Jane has been converted from an Azure B2B Guest User to a B2B Member. To her not much is different, she won’t see the word, “Guest” next to her name anymore but other than that she’ll be unaware of the changes that were made to her new target account.

Jane has retained all her access, all her chat history and lost zero functionality. In fact, when Jane is finally migrated to the target, all her access and history will remain intact, making her migration experience as smooth as possible while retaining previously granted permissions.

Things to Consider

Below are some questions around this process I hear asked frequently, along with my response:

1. Before the migrations are final could the user login to the target with their new account if they have the credentials?

Yes, it is possible. However, as with any Cross-Tenant migrations that is not recommended. Do not communicate or provide the user the means to do so until the correct time.

2. After migrations are final how do I prevent the source account from authenticating with the target tenant?

Disable, Delete, Delicense, or Deny Access to the source account as part of your migration workflow process. You could replace the account with a Mail Contact for mail routing purposes and delete the original account if possible. Otherwise, you may prevent the user from sign-in then decide how to deal with GAL visibility and mail routing.

3. After converting and licensing the target account, won’t I need to set a Mailbox forwarding for messages to route to the active mailbox in the source?

Yes, in most cases you will want to set a mailbox forwarding so any inbound mail for this account is delivered to the source mailbox while the user is still active over there.

My Conclusions

Microsoft B2B functionality is here to stay, changing the range of options for setting up coexistence between tenants during an integration migration project. Before B2B came along, to grant access to shared resources in Teams and SharePoint, an administrator had to create a new set of credentials and the user had to manage switching between identities when needed – not an ideal situation.

Additionally, using your own source credentials to access target resources prior to the migration is a spectacular option for any future integration project and a great bonus.

However, I am not suggesting that you plan for all your Azure B2B guest users to be set up this way – I would only selectively use this method. Isolate it to power users that require this level of rich collaboration. But it is nice to know when this use case does come up, there is a method you can now use to easily manage the account to meet your needs.

Source Practical365

The cybersecurity paradigm is built on being prepared for the unexpected. Organizations have long relied on strategies like employee training, security procedures and IT solutions help defend against cyber threats.

But the giant upheaval brought by the COVID-19 pandemic has led to a staggering 500% increase in the number of attacks. Hackers are eager to take advantage of weaknesses and vulnerabilities introduced by the rapid shift to remote work, which left many organizations without the time or expertise to implement changes in their IT infrastructures securely. For example, some allow employees to use unsecured Remote Desktop Protocol (RDP) services, which has become one of the chief attack vectors for ransomware. In addition, many cybersecurity teams are struggling to maintain the security of networks, company devices and data being accessed remotely, while working remotely themselves.

Remote work is almost certainly here to stay. For example, a survey from Deloitte found that almost three-quarters of employees working in financial services rate their work-from-home experience during the lockdown as positive, and so do company executives. Similarly, PwC’s January 2021 report on remote work states that 83% of employers say the shift to remote work has been successful for their company, up from 73% in their June 2020 survey.

Therefore, it’s imperative for organizations to rethink their security strategies with remote work and the current threat landscape firmly in mind. My talk at The Experts Conference (TEC) in September 2021, Hacker’s Paradise: Top 10 Biggest Threats when Working from Home, will provide a deep analysis of the top threats to pay attention to, along with practical recommendations for both technical teams and decision makers.

Some of the top threats in a work-from-home world

Here’s a sneak peek at a few of the threats I’ll cover at TEC:

Phishing emails

Phishing activity increased from 1 in 10,000 emails in Q3 2019 to 1 in 4,200 emails in the beginning of 2020.

Cybercriminals use phishing emails to pose as a legitimate authority or institution in order to lure individuals into providing sensitive data, such as personally identifiable information (PII), banking and credit card details, and login credentials. The email can include a malicious attachment that, if opened, launches malware to collect this data, or a link to a fake corporate website that tricks the victim into entering the information.

This technique can be highly effective. Indeed, my company’s experience in performing controlled phishing campaigns reveals that around 25% of corporate users fall for them. In fact, sometimes it takes just 40 seconds for a user to click on a malicious link after receiving the phishing email.

Once attackers have a user’s credentials, even multifactor authentication (MFA) may not be enough to keep them out of your network. For example, hackers can intercept both call-based and SMS one-time passwords (OTPs) commonly used in MFA.

Insecure Wi-Fi networks

Another risk of remote work is the use of insecure Wi-Fi networks, such as those at airports or cafés. Attackers can provide a fake access point with the same SSID; if a user connects to it instead of the real one, the attacker can redirect them to a malicious webpage that looks exactly the same as the legitimate one. When connected to the same insecure public Wi-Fi network as a victim, an attacker can also perform Man-in-the-Middle attacks on a victim’s workstation to achieve similar effects.

VPN pivoting attacks

Another tactic that can make remote work a hacker’s paradise is a VPN pivoting attack. Once an attacker has control over a machine that is connected through VPN to the company network (for example, because the user has opened a malicious attachment), they can treat the workstation as a proxy. The hacker will be able to see the infrastructure that the user has access to and will be able to connect to the cloud infrastructure as well. For example, in 2020, attackers were able to take control over the internal infrastructures of many companies by using a backdoor in SolarWinds Orion software and compromising Microsoft 365 accounts. In my presentation, we will take a closer look at how this is possible and why additional inspection is necessary for all incoming VPN traffic.

Source Practical365

In this article, I will show you how to enable auto shutdown Azure virtual machines. You can configure the auto shutdown while creating a new VM in Azure or on existing VM’s.

The auto-shutdown feature in Azure allows you to configure the shutdown schedule for virtual machines. Based on the schedule you set, the Microsoft Azure VMs automatically shutdown. This is a great feature to save your money.

I have got Azure subscription with a limited number of credits. I never want to leave my Azure VM’s running when they are not in use, especially the test VM’s that I create.

Sometimes the virtual machines that you create in Azure don’t need to be running all the time. Running the Virtual Machines require Azure credits and if you keep them running, you must pay and this can empty one’s pockets.

The Azure Virtual Machine auto-shutdown was first introduced by Microsoft in year 2107, and you can configure the auto-shutdown of VM’s in Azure portal.

If you are doing many VM deployments, a Microsoft Azure Resource Manager template is the best way to go. Enabling and configuring the auto-shutdown feature in Azure through ARM templates is effortless.

Auto Shutdown Azure Virtual Machines

If you have created Virtual Machines in Azure and you want to configure auto-shutdown, you can do it with following steps.

First login to Azure Portal and click Virtual Machines. If you don’t find that option, use the search bar to locate Virtual Machines. Now select a Virtual Machine and under Operations, select Auto-Shutdown.

In the right pane, configure the following auto-shutdown settings.

1. Enabled – Select On to enable Auto Shutdown Azure Virtual Machines.
2. Scheduled Shutdown – Select the time at which you want to shut down the VM.
3. Time Zone – Select the time zone based on the region that you are located.
4. Send notification before auto-shutdown – Select Yes to enable the notifications.
5. Webhook URL – A notification will be posted to the specified webhook endpoint when the auto-shutdown is about to happen. The endpoint must support incoming TLS 1.2 connections.
6. Email Address – Provide a set of semicolon-delimited email addresses to receive alert notification emails. An email will be sent from Microsoft Azure 30 minutes before the virtual machines are shutdown.

After you configure the above settings, click Save.

Keep an eye on the notifications to confirm if the auto-shutdown feature is successfully enabled. The update of schedule successful confirms the auto shutdown has been enabled on the virtual machine.

Based on the auto-shutdown settings, I got emails from Microsoft Azure just 30 minutes before the Virtual Machines were about to shut down.

Microsoft Azure Alert – Your virtual machine in Azure DevTest Labs will automatically shut down
Virtual machine CLOUDVM3 (mecmlab_resourcegroup) is scheduled to shut down in 30 minutes. You may postpone or skip this instance:

• Postpone: 1 hour
• Postpone: 2 hours
• Skip this instance

You can postpone the shutdown from next 1 hour, 2 hours and also skip this instance. Note that if you postpone the shutdown, a new notification will be sent 30 minutes before the new shutdown time.

Enable Auto-Shutdown for New Virtual Machines in Azure

If you are creating a new virtual machine in Microsoft Azure, you get the option to enable the auto-shutdown.

• Launch the browser and go to portal.azure.com.
• Select Virtual Machines and click Create > Virtual Machine.
• Click the Management tab and under Auto-Shutdown, select Enable auto-shutdown.
• You can also configure the shutdown time, time zone and notification before shutdown.

If you don’t configure the Notification, you won’t get any emails however the virtual machines in Azure will be shutdown at scheduled time.

Source Prajwaldesai

Microsoft’s PowerApps solution has suffered a data leak that has left 38 million records exposed online. Included in the leak are vaccine statuses for COVID-19 and social security numbers. According to UpGuard, the company that discovered the leak, says default security on the platform leave some tools exposed.

Specifically, while default configurations in PowerApps protect tables secure, it does not protect lists. Data from 47 businesses, including Microsoft payroll information and government agency data was exposed.

Among those who have confirmed they were affected by the leak are the Maryland Department of Health and its COVID test appointments, New York City Department of Education rosters, employees lists from the New York Metropolitan Transit Authority, and contact-tracing data from the Indiana Department of Health.

UpGuard tried to inform Microsoft of the problem but the company responded by saying the “behavior is considered to be by design”. After Microsoft’s response, UpGuard disclosed the leak to affected companies.

PowerApps Update

Individual companies then took action to shore up the leak, while Microsoft helped government clients handle the issue. Furthermore, a new Microsoft tool allows users in PowerApps to detect when lists are open to anonymous access.

In a statement Microsoft says:

“We take security and privacy seriously, and we encourage our customers to use best practices when configuring products in ways that best meet their privacy needs.”

PowerApps allows developers and businesses create applications without needing to use coding, and it is now available in public preview.

There are now over 100 integrations within PowerApps, with this update bringing tighter integration with Azure Functions.

The service is a part of Microsoft’s Power Platform alongside Flow and Power BI.

Tip of the day: The Windows 10 Clipboard history feature provides the functionality across device, space, and time, letting you copy on one computer and paste the text days later on a different PC. All of it is possible via the Windows 10 clipboard manager, which lets you view, delete, pin, and clear clipboard history at will.

In our tutorial we show you how to enable the feature, clear clipboard history, and enable/disable clipboard sync to meet your preferences. You can also create a clear clipboard shortcut for quick removal of stored content.

Source Winbuzzer

Microsoft has announced AlmaLinux is now available for the Microsoft Azure cloud platform. Customers can get the operating system through the Azure marketplace with images available across Gen 1 and Gen 2. All downloads will run through the Azure portal.

If you are unfamiliar with AlmaLinux OS, it has a very interesting origin story. It is essentially a clone of CentOS. Yes, the same CentOS Linux distro that was is developed by Red Hat.

Back in December 2020, Red Hat revealed it was not going to focus on CentOS Linux anymore, instead turning to CentOS Stream. CentOS was supposed to be the rebuilt version of Red Hat Enterprise Linux (RHEL) but the company changed track.

The decision annoyed users running CentOS, but a savior was on the horizon. CloudLinux – one of the biggest commercial distributors of CentOS – said it would build a cloud of the distro. That clone was AlmaLinux, which is now coming to Microsoft Azure.

I told you it was an interesting origin.

Details

Aside from the good news of a release on Azure, it gets even better because CloudLinux costs the grand sum of zero. While it is not abnormal for a Linux distro to be free, there is some surprise considering CloudLinux has been providing RHEL/Cent OS server clones for over a decade.

On the Azure marketplace, CloudLinux describes AlmaLinux OS in the following way:

“AlmaLinux OS is the only 100% community owned and governed, open source, and forever-free, enterprise-grade Linux distribution based on RHEL. Focused on long-term stability and providing a robust platform, AlmaLinux is 1:1 binary compatible with RHEL. Users and developers count on AlmaLinux as the platform to power all their workloads in the cloud and beyond.”

It is worth pointing out Red Hat has not abandoned CentOS, it is just now different and approaches the company’s RHEL platform differently. Known as CentOS Stream, tracks in front of the current RHEL version as a developer/preview release.

Tip of the day: Windows Aero Shake is a handy feature that lets you quickly reduce screen clutter with a shake of an app’s title bar. Doing so minimizes all windows other than the one in focus, allowing you to focus solely on what’s at hand. Another wiggle lets you undo Aero Shake, maximizing the other Windows again so you can continue working.

Unfortunately, the feature can also have unintended consequences. Those who move their windows about or have dual monitors may notice that they’re accidentally activating Windows shaking. Luckily, enabling or disabling Aero shake isn’t too hard.

Source Winbuzzer

Microsoft has announced AlmaLinux is now available for the Microsoft Azure cloud platform. Customers can get the operating system through the Azure marketplace with images available across Gen 1 and Gen 2. All downloads will run through the Azure portal.

If you are unfamiliar with AlmaLinux OS, it has a very interesting origin story. It is essentially a clone of CentOS. Yes, the same CentOS Linux distro that was is developed by Red Hat.

Back in December 2020, Red Hat revealed it was not going to focus on CentOS Linux anymore, instead turning to CentOS Stream. CentOS was supposed to be the rebuilt version of Red Hat Enterprise Linux (RHEL) but the company changed track.

The decision annoyed users running CentOS, but a savior was on the horizon. CloudLinux – one of the biggest commercial distributors of CentOS – said it would build a cloud of the distro. That clone was AlmaLinux, which is now coming to Microsoft Azure.

I told you it was an interesting origin.

Details

Aside from the good news of a release on Azure, it gets even better because CloudLinux costs the grand sum of zero. While it is not abnormal for a Linux distro to be free, there is some surprise considering CloudLinux has been providing RHEL/Cent OS server clones for over a decade.

On the Azure marketplace, CloudLinux describes AlmaLinux OS in the following way:

“AlmaLinux OS is the only 100% community owned and governed, open source, and forever-free, enterprise-grade Linux distribution based on RHEL. Focused on long-term stability and providing a robust platform, AlmaLinux is 1:1 binary compatible with RHEL. Users and developers count on AlmaLinux as the platform to power all their workloads in the cloud and beyond.”

It is worth pointing out Red Hat has not abandoned CentOS, it is just now different and approaches the company’s RHEL platform differently. Known as CentOS Stream, tracks in front of the current RHEL version as a developer/preview release.

Tip of the day: Windows Aero Shake is a handy feature that lets you quickly reduce screen clutter with a shake of an app’s title bar. Doing so minimizes all windows other than the one in focus, allowing you to focus solely on what’s at hand. Another wiggle lets you undo Aero Shake, maximizing the other Windows again so you can continue working.

Unfortunately, the feature can also have unintended consequences. Those who move their windows about or have dual monitors may notice that they’re accidentally activating Windows shaking. Luckily, enabling or disabling Aero shake isn’t too hard.

Source Winbuzzer

TEC 2021 (The Experts Conference) takes place as a free virtual event on September 1-2. Practical365.com has a close relationship with TEC as many of our writers are TEC speakers, so I thought that I’d highlight some of the sessions I am looking forward to. Many other sessions covering different topics are on the TEC agenda, so you’re sure to find something interesting to attend.

Please register for TEC to access the sessions. Even if you can’t attend on the day, you’ll be able to use your registration link to access recordings afterwards. Of course, attending live is best because you’ll then have the chance to participate in the live Q&A following the recorded segment of each session. Be nice to the presenters and don’t throw too many curve balls… With that said, here’s my curated list of TEC 2021 sessions. All times are in U.S. eastern time.

Artificial Intelligence and Microsoft 365

Some excellent Microsoft speakers are going to share their unique perspectives on different aspects of Microsoft 365 technology. At 10:30AM on September 2, Jeffrey Snover, the CTO for Modern Workplace Transformation (a fancy name for making stuff work across Microsoft 365) will deliver a keynote covering the use of artificial intelligence within Microsoft 365. Sometimes people get worried about the use of machine learning and AI within Microsoft 365 as they see features like insights and suggested responses turn up in email and meeting requests. I’m more focused on the use of AI in applications like Viva Topics. Jeffrey says that AI will make features more intelligent and easier to use. Turn up and see what you think!

Protecting Office 365 Against Attack

Practical365 traffic spiked in March when the Hafnium attack exploded and many Exchange on-premises administrators discovered just how exposed their servers were to attack. Alex Weinert, Director of Identity Security, is going to improve our knowledge about how attacks develop, the techniques used to penetrate systems, and how Microsoft and other security companies work to mitigate and close off vulnerabilities. Specifically, he’s going to analyze the Nobelium (SolarWinds) attack in December 2020 during his 1:30PM session on September 1.

Using Sensitivity Labels with SharePoint Online

Sensitivity labels are a great way to apply rights management-based encryption to Office documents. They can also be used to protect containers (Teams, Groups, and Sites). I can’t think of a better person to come along and talk about how to protect SharePoint Online and OneDrive for Business with sensitivity labels than Sanjoyan Mustafi, a Principal Product Manager who’s one of my go-to people whenever I have a question about the inner workings of sensitivity labels for SharePoint content. Sanjoyan speaks at 1:30PM on September 2. Apparently, he might even drop some hints about some new features due to appear soon.

Collaborating Teams Channels

A conference would be a pretty bland affair if only Microsoft people spoke, so TEC has many other experts come along to talk about different aspects of technology. MVP Curtis Johnstone talks at 12:45PM on September 1 about the different types of channels used in Teams, including the new shared channels first revealed in March and now getting close to public preview. Curtis plans to cover how shared channels work, differences with private channels, and how organizations can govern channel use.

Power Automate and Teams

Microsoft spends a lot of time banging the publicity drum for Teams and Power Automate. MVP Christina Wheeler brings some practical advice (always appreciated at Practical365.com) at 1:30PM on September 1 to show how to connect the two technologies to get real work done by exploring how to launch a flow from a Teams bot.

Go to OneDrive

At 12:45PM on September 2, MVP Andy Huneycutt dives into the topic of moving people off network drives to OneDrive for Business. Many good business and technology reasons exist for this transition. Better data governance, more stable infrastructure, more visibility over content, better sharing, and so on. And of course, the simple fact that Office 365 and Microsoft 365 apps are built to use OneDrive for Business (Stream and Whiteboard are both moving their storage to OneDrive for Business). Why anyone would stay on old-fashioned network drives is beyond me…

Manage Exchange Online at Massive Scale

SAP is a very large software company that also uses Exchange at massive scale. MVP Ingo Gegenwarth gets lots of practice running PowerShell scripts to process tens of thousands of objects, and he’s going to share his experience and give some tips and techniques for how to approach the problem of dealing with so many objects at 2:30PM on September 1. I suspect Ingo might even say that it’s a good idea to use the Microsoft Graph API with PowerShell to get data about service incidents or interrogate Azure AD.

Removing the last Exchange On-Premises Server

After the Hafnium exploit in March, some organizations started to look more closely at the question of removing the last Exchange on-premises server. This has been a hotly debated topic for years, with some people saying that it’s easy to do (by performing brain surgery with ADSIEdit) and Microsoft continually saying that they are seeking a more graceful solution. Steve Goodman takes on the challenge of reporting the current situation at 12:45PM on September 2.

Group Policies Are Dead: Long Live Intune

I hate Group Policy Objects (GPOs). For years, they’ve been a necessary evil to enable workstation and server management. Intune is a better solution, especially in the world of Microsoft 365 where the PC is not the sole focus. Paul Robichaux covers this topic at 11:45AM on September 2 with a real focus on making management easier for your Microsoft 365 tenant.

Leveraging the Graph to Manage Microsoft 365

Finally, if you have time, you could attend my session at 11:45AM on September 1 where I’ll discuss how to use the Microsoft Graph APIs to manage Microsoft 365 tenants and applications. This is not a session for programmers. It’s focused on tenant administrators who automate processes with PowerShell today and want (or need) to use some Graph APIs with PowerShell. Maybe it’s just to get work done faster (like when you need to process thousands of mailboxes) or it’s because a Graph API is the only way to change a tenant setting.

Many Practical365.com articles cover different aspects of using the Graph APIs from reporting the storage used by Teams channels to updating tenant privacy controls. It should be a fun session (for me anyway!).

Enjoy TEC 2021. I plan to and hope that you’ll come along and have a terrific time sharing knowledge with some excellent speakers.

Source Practical365

The days of supercomputers being a niche product are in the past. Companies are building hardware that is streamlining the concept of super computing and Microsoft is leading the way with its Azure platform. By leveraging its servers and using cloud to handle the high performance computing (HPC) workloads, the company is increasingly bringing supercomputers to the cloud.

In a report, ZDNet points out how Microsoft is using Azure to become a leader in mainstreaming supercomputer technology. In fact, the newest Top500 list released in June shows Microsoft Azure with four supercomputers within the top 30. Amazon Web Services (AWS), Azure’s biggest competitor, has just a single entry in the top 500 (41^st).

You may be wondering why the race is on to make supercomputers are part of everyday computational output. Well, as datasets become increasingly large and complex, only a supercomputer can efficiently sort the information. For example, simulations of millions of data points run through multiple times to see different scenarios would take years to organize using even the best cloud virtual machines.

Instead, the data needs to be distributed so systems work on specific areas. The only machines with the computational power necessary are supercomputers. While the hardware for supercomputers has traditionally been off the cloud, there is an increasing push towards these computers living in cloud data centers.

Azure HPC

For Microsoft, that means Azure HPC (high performing computer), a service that allows complex computational loads. Microsoft describes the platform as a new way to have all computational needs in one product:

“Azure high-performance computing (HPC) is a complete set of computing, networking and storage resources integrated with workload orchestration services for HPC applications. With purpose-built HPC infrastructure, solutions and optimized application services, Azure offers competitive price/performance compared to on-premises options with additional high-performance computing benefits. In addition, Azure includes next-generation machine learning tools to drive smarter simulations and empower intelligent decision making.”

Microsoft’s push to make supercomputers usable in everyday scenarios for major organizations is already visible. Back in April, the company combined its Azure HPC offering with the UK Met Office to develop a weather-predicting supercomputer. In fact, one of the top 25 most powerful supercomputers in the world.

The Met Office will base the supercomputer in the south of the UK, and it will be operational from summer 2022. Microsoft says the machine will have a 10-year lifespan. While the UK is not home to the most devastating of weather, climate change is causing concerns about increasingly powerful storms, snow, and floods.

Microsoft’s supercomputer technology on Azure will provide deeper prediction by analyzing bigger sets of data more efficiently. By leveraging AI and simulations, the solution will provide richer weather models for more accurate forecasting.

Tip of the day: Did you know that as a Windows 10 admin you can restrict user accounts by disabling settings or the control panel? Our tutorial shows how to disable and enable them via Group Policy and the registry.

Source Winbuzzer

Informing Tenants About Feature Updates

I recently wrote about the transition of the Office 365 Service Communications API to become a Microsoft Graph API and how to use the API to fetch details of service incidents. As I pointed out then, the API includes the ability to retrieve information about the service update messages Microsoft posts to inform tenants about the delivery or retirement of features. These messages show up in the message center in the Microsoft 365 admin center (Figure 1) and are a great source of information about future change.

Microsoft has done a lot of work over the last few years to improve communication with tenants. They’ve:

• Built an integration between the Message Center and Planner to synchronize updates to Planner. Tenants can then use the tasks created in Planner to assign responsibility for managing the introduction of new features or phasing out of old features. We recommend that all tenants consider using this integration to help manage change.
• Added extra information to the messages to highlight the affected services (like Exchange Online, SharePoint Online, and Teams).
• Introduced better filtering capability in the Message Center.

Even so, challenges still exist in dealing with the volume of updates Microsoft introduces annually. It’s not just reading about the changes as they appear to understand how a new feature will affect users and the business, or how to manage something like the retirement Skype for Business Online on July 31, 2021. Not everyone has the time or opportunity to keep tabs on new posts in the message center, and when they do, it can be challenging to understand some of the text created by Microsoft development groups to describe what they’re doing (intelligent people aren’t necessarily great writers). Another problem is tracking the frequent slippage in dates when Microsoft predicts features will be available. While Teams is notable for the high percentage of missed dates, no workload hits all its commitments.

Custom Message Processing

Good as the Message Center is, it’s always good when you can do things your own way, and that’s why the Office 365 Service Communications API is valuable. My last article covers the basics of connecting to the API and fetching data. Here we focus on the Messages API and how to extract and manipulate service update messages with PowerShell.

I like to think of practical examples to illustrate how something works. In this case, my example is a report of the service update messages flagged for tenants to act by a certain date. For instance, Teams ceased support for IE11 after November 30, 2020. That date is long gone now but a message to remind administrators of the fact remains. You could argue that this is an example of something Microsoft should clean up; equally, you could say that it’s a prompt for tenants to move off IE11 to Edge, which is why Microsoft might have left the message in place. In any case, it’s a message with an act-by date. Looking at the message center as I write, of the 256 messages, 31 have act-by dates.

I discovered this fact by running a simple Graph query using a registered app with consent to use the ServiceMessage.Read.All permission:

This code sets a date range to check service update messages against (I chose 180 days in the future) and sets up a query to find messages with an action required date less than the date. The code then runs the query and extracts the message data from the information the API returns. An individual message looks like:

So far, so good. We have some data, and the nice thing about having some data to play with is that we can decide how to slice and dice the information to make it more digestible for the target audience.

Let’s assume that we need to convince managers of the need to do some up-front preparatory work before Microsoft delivers new software to the tenant. Asking managers to go to the Microsoft 365 admin center isn’t feasible. In my experience, busy managers are more likely to review information if given a spreadsheet or report.

The next task is therefore to create code to loop through the message data retrieved from the Graph and generate suitable outputs. Apart from removing all the HTML formatting instructions from the descriptive text for a message, there’s no great challenge in this code. To make things interesting, I computed the time remaining between the current time and the action by date and flagged overdue items. You can download the complete script from GitHub. Figure 2 shows the HTML version of the report. The script also generates a CSV file.

Generating a Word Document

Given the flexibility of PowerShell, you could even create Word documents using message data in an approved form. Here’s some code to generate a Word document containing details of a message center notification.

Figure 3 shows an example of a Word document generated using the code.

Access Drives Innovation

The nice thing about having access to data is that innovative people will do interesting things with the data. Being able to process Microsoft 365 service update messages to extract whatever value you see in the information is goodness. The only question is how best to make use of the opportunity…

Source Practical365