by Contributed | Dec 17, 2020 | Technology
This article is contributed. See the original author and article here.
We are happy to announce the availability of a new data source in Microsoft 365 Defender Advanced Hunting.
We have just enabled streaming of Azure Active Directory audit logs into Advanced Hunting, already available for all customers in public preview.
These logs provide traceability for all changes done by various features within Azure AD. Examples of audit logs include changes made to any resources within Azure AD like adding or removing users, apps, groups, roles and policies.
At the moment, the data ingestion has a dependency on MCAS, so customers that have MCAS with the Office365 connector connected will be able to see this data. Our intent is to expand availability to more Microsoft 365 Defender customers going forward.
The new log data is available in the CloudAppEvents table:
CloudAppEvents
| where Application == “Office 365”
and contains activity logs useful for investigating and finding related activities.
We are publishing a handful of relevant queries to our Git as they can assist with recent nation state attack investigation.
Here’s an example query that helps you see when credentials were added to an Azure AD application after ‘Admin Consent’ permissions were granted:
CloudAppEvents
| where Application == “Office 365”
| where ActionType == “Consent to application.”
| where RawEventData.ModifiedProperties[0].Name == “ConsentContext.IsAdminConsent” and RawEventData.ModifiedProperties[0].NewValue == “True”
| extend spnID = tostring(RawEventData.Target[3].ID)
| parse RawEventData.ModifiedProperties[4].NewValue with * “=> [[” dummpy “Scope: ” After “]]” *
| extend PermissionsGranted = split(After, “]”,0)
| project ConsentTime = Timestamp , AccountDisplayName , spnID , PermissionsGranted
| join (
CloudAppEvents
| where Application == “Office 365”
| where ActionType == “Add service principal credentials.” or ActionType == “Update application – Certificates and secrets management “
| extend spnID = tostring(RawEventData.Target[3].ID)
| project AddSecretTime = Timestamp, AccountDisplayName , spnID
) on spnID
| where ConsentTime < AddSecretTime and AccountDisplayName <> AccountDisplayName1
Keep watching for our updates, we will publish more information and guidance on how to leverage Microsoft 365 Defender for investigations of this evolving advanced threat soon!
by Contributed | Dec 17, 2020 | Technology
This article is contributed. See the original author and article here.
Howdy folks,
We’ve heard from you over the years that while you’re always interested in capabilities that make your own IT experiences more seamless, you’re even more passionate about creating highly productive and secure experiences for your workforce. This is more relevant than ever, with a recent Microsoft study revealing that identity decision makers like you say that investing in end-user experiences is your top investment priority for the next year.
Your passion for your workforce is our passion, and so every identity experience that we build has a foundation of ensuring your end-users can be their most authentic and productive selves. Last year we introduced the refreshed My Apps portal, as a one-stop destination for app launching and discovery. With this refresh we introduced app collections, which let admins build role-based and functional app categories to aid with user discoverability in the My Apps portal.
To take app experiences to the next level, I’m happy to announce the public preview of user-based collections in the My Apps portal. Now your end-users can create their own personalized app collections without IT intervention, allowing them individually to organize their work apps in whichever intuitive way they see fit and allowing you to focus on other admin tasks.
Getting started
To try it out, simply visit https://myapplications.microsoft.com/?endUserCollections. Anyone with this link, can experiment with creating and managing collections. Once you’ve created a collection though, it’s yours and you no longer need to use this special link to use it.
If you want to share details around app collections with your workforce, you can access user-facing documentation on the feature here. You can also learn more about My Apps and app collections from the admin side from our training videos and documentation.
As always, we’d love to hear from you. Please let us know what you think in the comments below, on Twitter (@AzureAD), or on the Azure AD My Apps feedback forum.
Best regards,
Alex Simons (Twitter: @alex_a_simons)
Corporate Vice President Program Management
Microsoft Identity Division
by Contributed | Dec 17, 2020 | Technology
This article is contributed. See the original author and article here.
The Azure Sphere 20.12 OS quality release is now available in the Retail feed. This update includes enhancements and bug fixes in the Azure Sphere OS; it does not include an updated SDK.
The 20.12 release incorporates the following changes and bug fixes:
- Reduced the maximum transmission unit (MTU) from 1500 bytes to 1420 bytes.
- Improved device update in congested networks.
- Fixed an issue wherein the Wi-Fi module stops scanning but does not respond with a completion event if a background scan is running and the active Wi-Fi network is deleted.
- Fixed a bug wherein I2CMaster_Write() returns EBUSY when re-sideloading the app interrupts operation.
- Fixed an Ethernet connection issue for devices with both Wi-Fi and Ethernet enabled. In some cases, upon rebooting the device the Ethernet link-up appeared to be down when it is connected to a network.
- CVE-2020-17002 – a patch for this CVE addresses an issue where the Azure IoT C SDK did not enable host name validation when using wolfSSL to establish a TLS connection with Azure IoT.
For more information on Azure Sphere OS feeds and setting up an evaluation device group, see Azure Sphere OS feeds.
For self-help technical inquiries, please visit Microsoft Q&A or Stack Overflow. If you require technical support and have a support plan, please submit a support ticket in Microsoft Azure Support or work with your Microsoft Technical Account Manager. If you would like to purchase a support plan, please explore the Azure support plans.
by Contributed | Dec 17, 2020 | Technology
This article is contributed. See the original author and article here.
Power BI is the Magic Quadrant Leader among analytics and business intelligence platforms and over 200,000 customers around the world use Power BI and bring 40 petabytes of data into Power BI every month 1 and now, we’re building on that momentum with Power BI in Microsoft Search.
Microsoft Search transforms the way people in your organization find the info they need—no matter where you are in your cloud journey. Either integrated with Microsoft 365 or as a standalone solution, Microsoft Search is a secure, easily managed, enterprise search experience that works across all of your applications and services to deliver more relevant search results and increase productivity.
With Power BI search in Microsoft Search we’re making it easier to find Power BI artifacts such as reports and dashboards, by expanding the ability to search across these artifacts in your favorite productivity apps including , Office.com, Microsoft Bing, and the search box in .
Power BI search in Microsoft Bing
Power BI search in SharePoint
Power BI search expands the tenant-wide search scope through a built-in powerful search experience with Power BI content, to intelligently help search user to find the most work relevant information more productively.
- Built-in experience: Seamless out-of-box search experience to easily and quickly find Power BI dashboard and report across your organization without switching back and forth between search portal and Power BI site.
- Richer content: Modernized search experience to present Power BI data in the most useful way. Enrich Power BI search content beyond just hyperlinks to include more key information, such as type, owner.
- Maximize access to information with data protection: Show the search result with relevant Power BI data that’s authenticated to you based on your workplace identity.
- Unified search experience : Cohesive and coherent search experience to incorporate richer Power BI search content in bing.com, office.com, sharepoint.com. Search wherever you want to and get the consistent experience.
FaQ
Can I disable Power BI search ?
Power BI search is enabled for your organization by default. Your organizations’ Power BI admin can disable Power BI search in the Power BI admin portal if desired. In the Power BI admin portal, navigate to Tenant settings and then disable the Use global search for Power BI. To learn more refer to Administering Power BI in the admin portal.
Power BI admin
1 Source https://powerbi.microsoft.com/en-us/blog/microsoft-named-a-leader-in-gartners-2020-magic-quadrant-fo…
by Contributed | Dec 17, 2020 | Technology
This article is contributed. See the original author and article here.
Since its launch in 2019, Azure Lighthouse has become a best practice for cross- and multi-tenant management, allowing for higher automation, scalability, and enhanced governance across resources and tenants. The cross-tenant management experience offers the flexibility of managing multiple customers from within the service provider tenant, having a single pane of glass for enhanced scenarios and services available in the cloud. Azure Lighthouse is integrated with various services such as Azure Monitor, Azure Sentinel, and Azure Arc, to name a few. We are happy to announce the Azure Lighthouse integration with Azure Migrate for partners to manage migration projects at scale across multiple tenants.
Partners and customers engage in migration projects in diverse ways. Many use Azure Migrate tooling to discover, assess, and migrate on-premises environment to Azure. Usually, partners who perform migrations must access each customer subscription individually by using the CSP (Cloud Solution Provider) subscription model or by creating a guest user on customer tenant which can be quite time consuming. Reducing risk and security exposure is crucial when providing services to customers. Using the “admin on behalf of” model does not follow the least privilege access model as per the zero-trust security principles.
Azure Lighthouse streamlines these migration engagements by leveraging Azure resource delegation to provide a single view from the managed tenant to access all relevant Azure Migrate projects across multiple customer tenants and subscriptions. Azure Lighthouse integration with Azure Migrate simplifies the migration process, enabling service providers to discover, assess, and migrate workloads for different customers at scale while customers still have full visibility and control of their environments.
We have observed two commonly used scenarios from service providers who perform migrations via Azure Lighthouse:
Option 1: Create Azure Migrate project in the customer tenant
- In this scenario, no resources will be created or stored in the managing tenant.
- Discovery, assessment, and migration can be initiated from the managing tenant and set the customer tenant/subscription as target for the migrated resources.
- This approach minimizes context switching for service providers working across multiple customers, while letting customers keep all their resources in their own tenants.
Option 2: Create Azure Migrate project in the managing tenant
- In this scenario, Azure Migrate project and related resources for the project, including discovery and assessment data, will reside in the managing tenant. The assessments can be exported and shared with customers.
- Required actions will be initiated from the managing tenant while setting customer tenant/subscription as the target for migration resources.
- This approach enables services providers to start migration discovery and assessment projects quickly, abstracting away those initial steps from customer subscriptions and tenants.
You may choose to create the Azure Migrate project in the customer tenant or in your managing tenant depending on your customer contracts and what best fits their migration needs. For more information, please review our guide, How to: Manage migration projects at scale. Get started by creating an Azure Lighthouse Migration offer – a sample offer template is available for use in the Azure Lighthouse GitHub repo.
Finally, ensure you get partner recognition for the migrations performed on behalf of customer via Azure Lighthouse. As a member of the Microsoft Partner Network, you can link your partner ID with the credentials used to manage delegated customer resources. Partner Admin Link (PAL) enables Microsoft to recognize partners who drive Azure customer success based on the tasks performed for customers, including migration projects. For more information, see Link your partner ID to track your impact on delegated resources.
We are always awaiting your feedback to provide new and enhanced capabilities that will help you achieve more with Azure. Try managing your migrations projects at-scale with Azure Lighthouse and let us know what you think and would like to see in the future.
Recent Comments