Wednesday, June 24, 2015

Azure AD Connect is now GA

Source - http://blogs.technet.com/b/ad/archive/2015/06/24/azure-ad-connect-amp-connect-health-is-now-ga.aspx

We are also pleased to announce that Azure AD Connect Health is also now generally available for our growing number of Azure AD Premium customers. Azure AD Connect Health is a cloud based service and a key part of our effort to help you monitor and secure your cloud and on-premises identity infrastructure. In this first release, Azure AD Connect Health provides customers who use ADFS with detailed monitoring, reporting and alerts for their ADFS servers.

Read on more for additional details…

Azure AD Connect

Get Started Quickly and Easily

Azure AD Connect lets you get started using your on premises identities with the cloud quickly and easily.  Via a simple wizard based experience you can:

  • Use Express Settings to connect a single AD forest to the cloud within minutes with just a few clicks!

Read more at source - http://blogs.technet.com/b/ad/archive/2015/06/24/azure-ad-connect-amp-connect-health-is-now-ga.aspx

Thursday, June 18, 2015

Azure AD – SSO Integration and Support for Custom Application

Source - http://blogs.technet.com/b/ad/archive/2015/06/17/bring-your-own-app-with-azure-ad-self-service-saml-configuration-gt-now-in-preview.aspx

When we started building out the SaaS app management capabilities of Azure Active Directory, one of our goals was to provide an app integration experience that didn't require you to be an identity specialist to use. This ultimately led to our development of the Azure AD application gallery, and the concept of "pre-integrated" applications. Admins could select pre-integrated apps that they wanted from the gallery, and then complete a simplified step-by-step procedure to enable single sign-on to those apps.

As we worked with our customers and partners on these app integrations, we learned a lot about the types of applications people needed, and how they needed to be deployed. Some of our learnings included:

  • Customers didn't just need single sign-on to SaaS applications, but also their hosted line-of-business and third-party applications deployed to servers they control
  • Many customers had specialty SaaS applications that were difficult to acquire accounts with and test without a joint effort between the Azure AD team, the customer, and the SaaS app provider
  • Many enterprises appreciated the ability to easily configure SaaS apps from the Azure AD app gallery, but also staff people with plenty of knowledge of federation protocols like SAML, and desire the ability to onboard any apps they need in a self-service fashion

So today our team is pleased to announce the ability to configure any application that supports service provider -initiated sign-in using SAML 2.0 for single sign-on with Azure Active Directory.

This can include custom apps that your organization has developed, third-party web applications that your organization has deployed to servers you control, or SaaS applications that you use but have not yet been on-boarded to the Azure AD application gallery.

If you are using any of these types of applications, and have knowledge of or access to their SAML documentation, then we highly recommend checking this out.

When we started building out the SaaS app management capabilities of Azure Active Directory, one of our goals was to provide an app integration experience that didn't require you to be an identity specialist to use. This ultimately led to our development of the Azure AD application gallery, and the concept of "pre-integrated" applications. Admins could select pre-integrated apps that they wanted from the gallery, and then complete a simplified step-by-step procedure to enable single sign-on to those apps.

As we worked with our customers and partners on these app integrations, we learned a lot about the types of applications people needed, and how they needed to be deployed. Some of our learnings included:

  • Customers didn't just need single sign-on to SaaS applications, but also their hosted line-of-business and third-party applications deployed to servers they control
  • Many customers had specialty SaaS applications that were difficult to acquire accounts with and test without a joint effort between the Azure AD team, the customer, and the SaaS app provider
  • Many enterprises appreciated the ability to easily configure SaaS apps from the Azure AD app gallery, but also staff people with plenty of knowledge of federation protocols like SAML, and desire the ability to onboard any apps they need in a self-service fashion

So today our team is pleased to announce the ability to configure any application that supports service provider -initiated sign-in using SAML 2.0 for single sign-on with Azure Active Directory.

This can include custom apps that your organization has developed, third-party web applications that your organization has deployed to servers you control, or SaaS applications that you use but have not yet been on-boarded to the Azure AD application gallery.

If you are using any of these types of applications, and have knowledge of or access to their SAML documentation, then we highly recommend checking this out.

image

Read more at source - http://blogs.technet.com/b/ad/archive/2015/06/17/bring-your-own-app-with-azure-ad-self-service-saml-configuration-gt-now-in-preview.aspx

Tuesday, June 16, 2015

Azure Active Directory Premium - Leaked Credentials Report

Source - http://blogs.technet.com/b/ad/archive/2015/06/15/azure-active-directory-premium-reporting-now-detects-leaked-credentials.aspx

You deal with phishing attacks and malware every day, and the news is littered with articles on systems which are breached and have leaked username/password pairs. In aggregate, 10s of millions of credentials are exposed every month. Bad actors collect, sell, and share large lists of user account credentials from these breaches. Because 3 out of 4 users re-use credentials across multiple sites, there's a good chance that your users' credentials are in those lists.

As part of running our consumer and enterprise identity systems, Microsoft discovers account credentials posted publically and we are making this information available to you so you can protect your enterprise when your users' account credentials are at risk.

Today we're pleased to announce that this report is in preview for Azure AD Premium customers in the Azure management portal. The report surfaces any matches between these leaked credentials list and your tenant. You can go to the Azure management portal, select your Active Directory instance and look under your tenant's reports for "Users with leaked credentials."

The report shows you the users we've found and when we discovered the leaked credentials. To mitigate the security risk, we recommend you to enable Multi-Factor Authentication or reset the password for the accounts listed.

Multi-Factor Authentication can help mitigate the impact of leaked passwords by adding a layer of security to passwords. Multi-Factor Authentication not just provides additional security but it prepares you for recovery. To get started with Multi-Factor Authentication, check out this walkthrough video. If you're familiar with Multi-Factor Authentication, go here to enable your users for it.

Read more at source - http://blogs.technet.com/b/ad/archive/2015/06/15/azure-active-directory-premium-reporting-now-detects-leaked-credentials.aspx

Thursday, February 19, 2015

Getting Started with Windows Server Security

My new book “Getting Started with Windows Server Security” will be available next week.   More information about this book can be found:

http://www.amazon.com/s/ref=dp_byline_sr_book_1?ie=UTF8&field-author=Santhosh+Sivarajan&search-alias=books&text=Santhosh+Sivarajan&sort=relevancerank

https://www.packtpub.com/networking-and-servers/windows-server-security-essentials

 image

 image

About This Book

· Learn how to identify and mitigate security risks in your Microsoft Server infrastructure

· Develop a proactive approach to common security threats to prevent sensitive data leakage and unauthorized access

· Step-by-step tutorial that provides real-world scenarios and security solutions

Who This Book Is For

If you are a Windows Server or security administrator wanting to learn or advance your knowledge in Microsoft security and secure your Windows Server infrastructure effectively, this book is for you.

What You Will Learn

· Design a secure Windows Server platform based on the best practices and industry standard recommendations

· Identify and mitigate security risks using tools such as Security Configurations Wizard, ASA, App Locker, Bit Locker, and EMET

· Follow step-by-step instructions to tighten the security of your Active Directory file, print server, Hyper-V and IIS servers, and application roles

· Develop a secure access control mechanism using the Dynamic Access Control (DAC) feature

· Learn how to maintain security and deliver new security updates and patches using the Windows Server Update Service (WSUS)

· Discover how PowerShell cmdlets and custom scripts can support your day-to-day security administration tasks

In Detail

Implementing and maintaining security is a critical task for any organization; however, developing a proper solution based on your requirements can be time consuming and complex. Windows Server 2012 provides security features and solutions that can be used as standalone security solutions as well as integrated solutions with your existing security or auditing tools. These native and built-in tools can secure Microsoft infrastructure platforms based on Microsoft and industry standard best practices.

Getting Started with Windows Server Security provides you with an invaluable tutorial for creating and implementing a stable, reliable security solution for your Microsoft infrastructure.

To begin, you will learn how to implement baseline security using Microsoft Security Configuration Wizard (SCW) and how to lock down unwanted services, along with how to configure your Windows firewall. You will see how to enable and use native tools including App Locker and Credential Locker to identify and mitigate risks and make Windows Server more secure.

This book also walks you through best practices for designing and building a secure Microsoft server platform, with instructions on configuration and managing Dynamic Access Control and polices.

Finally, you will learn how to install and configure Microsoft Windows Server Update Services (WSUS), which plays a critical role in the security space.

Tuesday, February 3, 2015

New Azure RMS and Active Directory Features

Source - http://blogs.technet.com/b/enterprisemobility/archive/2015/01/29/azure-rms-new-features.aspx

Departmental templates are now in public preview. Organizations may choose to create policy templates specific to the needs of departments or divisions. Departmental templates will allow administrators to define the scope of these templates. In other words, an administrator can define the list of groups or individual users who can apply a particular template. Only those people can view and use the templates to protect documents.

Organizations that are looking to move from AD RMS to Azure RMS can now use the Azure RMS migration toolkit. This toolkit enables AD RMS and Windows RMS customers to migrate to Azure RMS without losing access to their existing RMS-protected content or their policies.

To help organizations carry a phased deployment of Azure RMS, we’re introducing Onboarding controls. This lets you designate a subset of users who can start to protect content with Azure RMS. This deployment configuration is useful when first deploying Azure RMS, because it lets an organization build up Azure RMS usage at its own pace.

Other updates for Azure RMS include the availability of RMS sharing application for Windows Phone at Windows Phone store and some bug fixes for the RMS sharing application.

Read more at source - http://blogs.technet.com/b/enterprisemobility/archive/2015/01/29/azure-rms-new-features.aspx

Friday, January 30, 2015

Backup your PC data to Azure

Source - http://blogs.technet.com/b/canitpro/archive/2015/01/08/step-by-step-backup-your-pc-data-to-azure.aspx

On December 16, 2014 we announced that you can now backup the data from Windows 7, Windows 8 and Windows 8.1 machines, using Azure Backup. This is extremely useful for any of us who may not touch base in a specific office on a regular basis. I am constantly on the road away from the office and away from the pile of USB drives I use to backup all the data I carry with me.

Let see how we set that up.

Setup the backup Vault

First, in your Azure Subscription, login to the portal and click New in the action bar, than Data Services, Recovery Services, Backup Vault and quick create

Read more at source - http://blogs.technet.com/b/canitpro/archive/2015/01/08/step-by-step-backup-your-pc-data-to-azure.aspx

Wednesday, January 28, 2015

Remote Server Administration Tools for Windows 10 Technical Preview

Source - http://www.microsoft.com/en-us/download/details.aspx?id=45520

Remote Server Administration Tools for Windows 10 Technical Preview enables IT administrators to manage roles and features that are installed on computers that are running Windows Server Technical Preview from a remote computer that is running Windows 10 Technical Preview.

Read more at source - http://www.microsoft.com/en-us/download/details.aspx?id=45520

Tuesday, January 27, 2015

Azure Data Factory

http://blogs.technet.com/b/machinelearning/archive/2015/01/16/channel-9-video-on-azure-data-factory-transform-data-into-trusted-data-assets-at-scale.aspx

In this video, Anand Subbaraj introduces us to Azure Data Factory (ADF), a new Azure service that helps data developers and IT professionals easily transform raw data into trusted data assets for their organization at scale.

ADF operates over a range of data services, and supports processing of on-prem SQL Server, Azure SQL Database, Blobs, and Tables using Hive, Pig and C# on HDInsight (Hadoop). With ADF, you can easily create and orchestrate simple, highly available, fault tolerant data analytics pipelines which can be monitored from the Azure Preview Portal.

Organizations all over the world are collecting, processing and gaining insights from more data than ever before – with ADF pipelines you can deliver transformed data from the cloud back to on-premises sources like SQL Server, or keep it in cloud storage; you can take advantage of the seamless connection with Power BI and other applications for the consumption of data assets.

 

Read more at source - http://blogs.technet.com/b/machinelearning/archive/2015/01/16/channel-9-video-on-azure-data-factory-transform-data-into-trusted-data-assets-at-scale.aspx

Azure Backup

Source  - http://azure.microsoft.com/en-us/services/backup/

Azure Backup is a simple and reliable data protection solution which enables customers to back up their on-premises data to Microsoft Azure. It is built on top of Azure’s world class infrastructure and is offered in eight Azure geos. Azure Backup is easy to use and seamlessly protects data from Windows Server, Windows Server Essentials and System Center Data Protection Manager (DPM). DPM protects a wide range of Microsoft workloads and it is easy to extend their protection to Azure. Backups can be managed using PowerShell or through an inbox user interface.Your backup data is secure over the wire and at rest. The backup data is stored in geo-replicated storage which maintains 6 copies of your data across two Azure datacenters. With 99.9% service availability, Azure Backup provides an operational peace of mind.

Read more at source - http://azure.microsoft.com/en-us/services/backup/

Monday, January 26, 2015

ADFS Deep Dive: Certificate Planning

Source - http://blogs.technet.com/b/askpfeplat/archive/2015/01/26/adfs-deep-dive-certificate-planning.aspx

The last blog was about planning for ADFS and what questions you should be asking when deploying it.

http://blogs.technet.com/b/askpfeplat/archive/2014/11/24/adfs-deep-dive-planning-and-design-considerations.aspx

I said that the next blog would be about what conversations and questions you should have with the application owners. After some thought, I’ve changed my mind and decided to write about certificate planning. During almost every ADFS deployment I’ve been a part of, most of the conversations and planning revolve around certificates so I figured we should take some time to talk about this. ADFS relies heavily on public/private key certificate so if you’re not already familiar certificates, deploying ADFS will quickly get you re-acquainted. Like I’ve mentioned before, ADFS is a service that will need to grow with your organization’s needs and so proper planning is also required for certificates to ensure they will meet your growing needs and requirements.

The funny thing about certificates is that almost anything goes. For example, installing ADFS is really black and white – you either install it or you don’t. With certificates, there are so many options for deploying them that many customers forget the basics about public/private certificate signing and encryption. Like most things, certificates are mostly 90% planning and 10% execution.

Read more at source  http://blogs.technet.com/b/askpfeplat/archive/2015/01/26/adfs-deep-dive-certificate-planning.aspx

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More