by Scott Muniz | Sep 22, 2020 | Uncategorized
This article is contributed. See the original author and article here.
With remote work being the new norm these days, it is critical to safeguard your business data from unauthorized access while at the same time make your employees, partners, and customers more productive. Microsoft runs on trust. We continue to provide you enterprise grade and frictionless security along with comprehensive compliance offerings.
Today at Microsoft Ignite 2020 we are excited to announce the following new security and compliance controls in SharePoint and OneDrive that help you to secure and govern your data holistically in this remote work era. We categorized them under three areas:
- Secure external collaboration in SharePoint and OneDrive
- Preventing data loss through end points and user sessions
- Comprehensive compliance and best performance
Secure external collaboration in SharePoint/OneDrive
Automatic expiration of external access
With external collaboration so paramount for your business growth, equally important is to govern the external users access. We are expanding our external collaboration offering with one more critical control. We are announcing the general availability of automatic expiration of external access, roll out starting today.
You can now simply set an expiration, say 30 days, for external access in your organization. From the day an external guest user got invited to a site or a file, the timer starts and the access is automatically revoked upon expiration. In addition, site admins can get detailed reports of external access and can extend the expiration for specific external users as needed. Learn more here.
Figure. SharePoint site collection admin manages the external access expiration for a site
External sharing policies with Microsoft Information Protection sensitivity labels
We are continuing to innovate in our Microsoft Information Protection (MIP) journey to help you secure your sensitive content holistically and throughout its lifecycle. This spring we announced MIP sensitivity labels for securing Teams, SharePoint Sites, and Microsoft 365 Groups. We started with associating privacy and device policies with sensitivity labels.
Today we are announcing external sharing policies with Microsoft Information Protection sensitivity labels, coming soon in public preview. You can now associate external sharing policies to the sensitivity labels making it even more powerful to achieve secure external collaboration with frictionless experience to your users.
Administrators can tailor the external sharing settings according to the sensitivity of the data and business needs. For example, for Confidential label you may choose to block external sharing whereas for General label you may allow it. Users have to simply select the appropriate sensitivity label while creating a SharePoint site or Team, the appropriate external sharing policy for SharePoint content is automatically applied.
Figure. Microsoft Information Protection sensitivity labels with external sharing policies
Access governance insights for files in SharePoint, OneDrive, and Teams
As your workforce expands across the globe and you see exponential growth in digital data, administrators need a way to holistically govern the top sites that matter the most, for example top sites that contain most number of sensitive documents or top sites that are over shared. The access governance insights dashboard in SharePoint admin center aims to solve that need.
You can now see access centric insights for your top sites with most sensitive documents and over shared sites. Insights allow you to validate the access policy settings such as unmanaged device and external sharing are appropriate for your security posture and as needed take actions and tweak them in SharePoint admin center. This feature is coming to private preview soon, if interested you can sign-up here.
Figure. SharePoint admin center and data access governance insights
Data loss prevention (DLP) policy for blocking anyone links for sensitive content
You want to share sensitive content with external collaborators. However, due to sensitivity of the content, you want to avoid external users accessing it using anyone link and instead require authenticated access.
We are announcing DLP policy rule to block anyone with the link option for sensitive content, generally available now. Administrators can now configure DLP rules with an action to block sharing and access to the sensitive content using anyone with the link. Learn more here.
Figure. Microsoft 365 DLP policy blocking ‘anyone with the link’ sharing option
Preventing data loss through end points and user sessions
Endpoint data loss prevention (DLP)
With remote working and proliferation of devices, end points have exponentially grown, we are helping you to protect and avoid leakage of sensitive content at all end points on Windows devices. Learn more about Endpoint DLP here and it is available in public preview.
Figure. Microsoft 365 compliance admin editing the end point DLP policy rules
Unified session sign-out powered by continuous access evaluation
Not only end points, we are also helping you to prevent data loss in the event of device lost or theft or account compromise. Today we are announcing the public preview of unified session sign-out in Microsoft 365, including SharePoint and OneDrive. With one click in Microsoft 365 admin center, you can now sign out a user instantly from all their sessions on all devices, including both managed & unmanaged devices. Learn more here.
Figure. Microsoft 365 admin signs out a user from all sessions on all devices
Comprehensive compliance and best performance
We announced multi-geo, records management, and many other compliance controls for SharePoint and OneDrive. Today we are excited to add one more compliance control to that portfolio.
Information barriers for OneDrive and SharePoint
You may have compliance needs to put barriers in collaboration and communication between certain set of users in your organization to avoid conflict of interest. You can now achieve these needs in Microsoft 365, we are announcing general availability of information barriers for SharePoint and OneDrive.
You can create information segments per your compliance needs, for example Investment banking vs Advisory, and then create barriers for communication and collaboration between those segment users. In near future, as a SharePoint administrator or a site owner you can manage the segments association for a site, as illustrated in the pictures below. You can learn more here and here.
Figure. SharePoint admin experience to manage information segments for sites
Figure. SharePoint site owner experience to manage information segments for a site
Microsoft 365 Network Insights
Network connectivity to Microsoft 365 is critical to offer the best performant experience to your users for accessing the Microsoft 365 content. We are excited to announce Microsoft 365 Network Insights, available in public preview today, that help in designing network perimeters for your office locations across the globe. These insights provide live performance data for common issues for each geographic location where users are accessing your content from. To learn more, check out the article here.
Figure. Microsoft 365 network insights showing global network performance
For licensing information for these features, check out the respective product documentations.
In addition to the above features, we have a beautiful security and compliance cook book for SharePoint, OneDrive, and Microsoft 365 administrators. You can download SharePoint and OneDrive Security Cook Book for FREE.
To take advantage of all these capabilities in Microsoft 365, we are also helping you to migrate content to Microsoft 365 from on-premises and other cloud sources. Check out our new migration manager.
To learn more about our SharePoint Administration and Migration improvements, check out SharePoint admin and migration announcements at Ignite 2020. Also, check out the Microsoft Lists announcements at Ignite 2020 and Top OneDrive Moments from Microsoft Ignite 2020.
Getting started
To learn more about the above features in detail, check out the product documentation articles below:
To participate in the private previews, sign up here: https://aka.ms/SPSecurityPreviews
Here are our Ignite 2020 videos related to security and compliance controls in SharePoint & OneDrive & Microsoft 365 (Note that links will become active once Ignite videos are live, check these links out on 9/23/2020):
Check out many more Ignite sessions in the Ignite website and Microsoft 365 Adoption Center: Virtual Hub.
If you are new to Microsoft 365, learn how to try or buy a Microsoft 365 subscription.
As you navigate this challenging time, we have additional resources to help. For more information about how we are responding together to COVID-19, visit our Remote Work site. We’re here to help in any way we can. Stay safe!
Thank you!
Sesha Mani – Principal Group Product Manager (GPM)
Microsoft 365, SharePoint and OneDrive, Security & Compliance
by Scott Muniz | Sep 22, 2020 | Azure, Technology, Uncategorized
This article is contributed. See the original author and article here.
We are delighted to announce the availability of a major release for solutions to run Oracle WebLogic Server (WLS) on Azure Linux Virtual Machines. The release is jointly developed with the WebLogic team as part of the broad-ranging partnership between Microsoft and Oracle. The partnership also covers joint support from Oracle/Microsoft and a range of Oracle software running on Azure. Software available under the partnership includes Oracle WebLogic, Oracle Linux and Oracle Database as well as interoperability between Oracle Cloud Infrastructure (OCI) and Azure. This major release covers various common use cases for WLS on Azure, such as base image, single working instance, clustering, load balancing via App Gateway, database connectivity and integration with Azure Active Directory. WLS is a key component in enabling enterprise Java workloads on Azure. Customers are encouraged to evaluate these solutions for full production usage and reach out to collaborate on migration cases.
Use Cases and Roadmap
The partnership between Oracle and Microsoft was announced in June of 2019. Under the partnership, we announced the initial release of the WLS on Azure Linux Virtual Machines solutions at Oracle OpenWorld 2019. The solutions facilitate easy lift-and-shift migration by automating boilerplate operations such as provisioning virtual networks/storage, installing Linux/Java resources, setting up WLS as well as configuring security with a network security group. The initial release supported a basic set of use cases such as single working instance and clustering. In addition, the release supported a limited set of WLS and Java versions.
This release expands the options for operating system, Oracle JDK, and WLS combinations. The release also automates common Azure service integrations for load-balancing, databases and security. The database integration feature supports Azure PostgreSQL, Azure SQL as well as the Oracle Database running on OCI or Azure. The release is aimed to enable a majority of WLS on Azure Linux Virtual Machines migration cases.
A subsequent release by the end of calendar year 2020 will deliver distributed logging via Elastic Stack as well as distributed caching via Oracle Coherence. Oracle and Microsoft are also working on enabling similar capabilities on the Azure Kubernetes Service (AKS) using the WebLogic Kubernetes Operator.
Solution Details
There are four offers available to meet different scenarios.
- Single Node
- This offer provisions a single Virtual Machine and installs WLS on it. It does not create a domain or start the Administration Server.
- This is useful for scenarios with highly customized domain configuration.
- Admin Server
- This offer provisions a single Virtual Machine and installs WLS on it. It creates a domain and starts up the Administration Server, which allows you to manage the domain.
- Cluster
- This offer creates an n-node highly available cluster of WLS Virtual Machines, ready for Java EE session replication. The Administration Server and all managed servers are started by default, which allow you to manage the domain.
- Dynamic Cluster
- This offer creates a highly available and scalable dynamic cluster of WLS Virtual Machines. The Administration Server and all managed servers are started by default, which allow you to manage the domain.
The solutions will enable a variety of robust production-ready deployment architectures with relative ease, automating the provisioning of most critical components quickly – allowing customers to focus on business value add.
These offers are Bring-Your-Own-License. They assume you have already procured the appropriate licenses with Oracle and are properly licensed to run offers in Azure.
You have a choice of pre-validated, supported OS/JDK/WLS stacks. The offers enable both Java EE 7 and Java EE 8, letting you choose from a variety of base images including WebLogic 12.2.1.3.0 with JDK8u131/251 and Oracle Linux 7.4/7.6 or WebLogic 14.1.1 with JDK11u01 on Oracle Linux 7.6. All base images are also available on Azure on their own. The standalone base images are suitable for customers that require very highly customized Azure deployments.
Summary
Customers interested in WLS on Azure Virtual Machines should explore the solutions, provide feedback and stay informed of the roadmap, including upcoming WLS enablement on AKS. Customers can also take advantage of hands-on help from the engineering team behind these offers. The opportunity to collaborate on a migration scenario is completely free while the offers are under active initial development.
by Scott Muniz | Sep 22, 2020 | Azure, Technology, Uncategorized
This article is contributed. See the original author and article here.
The cloud has simplified and reduced the operational expense (OpEx) and management burden in numerous areas of IT. Many systems that previously ran on-premises and were complex to maintain are now simple ‘point & click’ services in the cloud.
Likewise, running virtual machines (VMs) in Microsoft Azure opens the door to a wealth of convenient services that simplify and automate day-to-day operational requirements in areas such as security, anti-malware, compliance, disaster recovery, etc. We also provide best practices guidance outlining the services that we recommend you onboard your VMs to including each service’s respective configuration. You can find this actionable guidance in the Microsoft Cloud Adoption Framework for Azure.
A new service known as Azure Automanage reduces the OpEx burden for VMs further by automating the guidance mentioned above. Through its virtual machine best practices capability, select services are discovered, onboarded, and configured across the entire lifecycle of both dev/test and production VMs. You can add VMs individually or do so at scale safe in the knowledge that if your VMs deviate from best practices, Azure Automanage will detect and automatically correct it.
Specifically, the VM best practices capability of Azure Automanage does the following five things:
- Intelligently onboards to select best practices Azure services
- Automatically configures each service per Azure best practices
- Configures guest operating system per Microsoft baseline configuration
- Automatically monitors for drift and corrects for it when detected
- Simple experience: Point, click, set, forget -> done
The capabilities of Azure Automanage translate into the following customer benefits:
- Reduced cost by automating Windows Server management
- Improved workload uptime with optimized operations
- Implementation of security best practices
How does it work?
Configuration profiles
Azure Automanage uses configuration profiles to determine what Azure services will be enabled for that VM. At launch, there are two configuration profiles:
- Azure virtual machine best practices – Production
- Azure virtual machine best practices – Dev/Test
Each profile onboards a set of services that fit the workload type. For example, dev/test VMs will not be onboarded to Azure Backup since dev/test VMs are typically short-lived and of low or no direct business impact. Hence, paying for backup storage is unnecessary. On a production VM, however, Azure Backup is configured. For more details about configuration profiles and the services they automatically configure, see the detailed documentation here.
NOTE: While Azure Automanage is currently available only for Windows Server VMs, it will be extended to Linux VMs in the future.
You can assign a configuration profile to a VM using any of the methods:
Configuration profile preferences
Some of the services that the configuration profiles onboard VMs to support a variety of best practice configurations. For example, Azure Backup best practices might require a daily backup with a 6-month retention. However, a twice daily backup with a 3-month retention still conforms to best practices. In scenarios like these, configuration profile preferences provide a way to override the default best practices.
Like configuration profiles, preferences are Azure resources and are assigned to a VM the same way configuration profiles are.
Automanage account
An Automanage account is an Azure System Managed Service Identity (MSI) under which Automanage operations are performed on VMs. You must have at least one Automanage account before you can assign a configuration profile to a VM. When using the Azure portal, an Automanage account will be automatically created if one does not already exist; existing Automanage accounts will be used if permitted for the logged-on user.
Get started
You can assign a configuration profile to both new and existing VMs.
To begin using Azure Automanage VM best practices, visit the Azure portal and search for Automanage as shown below:
For new VMs, after the deployment is complete, you will see this recommended next step to enable Automanage.
For more information, please take a look at the full documentation here.
by Scott Muniz | Sep 22, 2020 | Azure, Technology, Uncategorized
This article is contributed. See the original author and article here.
Windows Admin Center, your favorite server management tool, is now available in preview in Azure. This new capability allows you to manage the Windows Server OS running on Azure IaaS VMs seamlessly and at a more granular level. This in-built functionality provides the opportunity for greater oversight of your workloads right from the Azure Portal.
Get the job done with simplicity and convenience
Windows Admin Center in Azure unlocks incredible capabilities for the Azure Portal by providing you with an interface to manage the OS of your Windows Server VMs. In the past, the Azure Portal provided a singular view for VM management, giving access to only infrastructure level management. With the addition of Windows Admin Center, we have opened up opportunities for true granular virtual machine management. This will reduce the need for you to Remote Desktop into your Azure VM for administration offering the same experience for VMs with or without a GUI.
Familiar UI
You can now configure, troubleshoot, and perform maintenance tasks with the same Windows Admin Center UI that you know and love using on your Windows Server in your datacenters. Manage your files, view expired certificates, monitor performance, view critical events, use an in-browser RDP session and so much more without leaving the Azure Portal. We now provide cloud capabilities that were once only available to Windows Admin Center users on-premises.
Always up to date
We are continuously adding new capabilities to improve the experience of our customers. On Azure, Windows Admin Center is always kept up to date with the latest and greatest features. In addition, as we enter public preview, Windows Admin Center will be backed by the support infrastructure that provides reliability for all other Azure services. You now have a great way to manage your Windows Server virtual machines in Azure.
Get started
Windows Admin Center in the Azure Portal is available to all Windows Server customers on Azure running Windows Server 2016 or 2019 virtual machines in the public cloud.
Join the preview today!
Please email all questions and feedback to wacazp@microsoft.com.
Learn more
New to Windows Admin Center? Check out this intro video.
Already a Windows Admin Center pro? Check out our blog post announcing general availability of Windows Admin Center v2009 and these skilling videos from Ignite 2020.
Recent Comments