You Own M365, Now What? [M365 Meetup for Government]

by Contributed | Feb 22, 2021 | Technology

This article is contributed. See the original author and article here.

Microsoft 365 takes a “best-of-suite” approach to allow for organizations to securely enable collaboration, communication, and productivity without compromises. This session features a series of presenters who will help you understand the scope of the Microsoft 365 offerings and features, and how organizations can rapidly and effectively utilize and consolidate their investment in Microsoft 365.

WHEN: Tuesday, March 23rd, 2021 @ 5:00PM ET

REGISTER NOW: You Own M365, Now What? | Meetup

Speakers:
Presentation 1 – Understanding Office 365
Bob Ballard – Planet Technologies Principal Cloud Strategist
https://www.linkedin.com/in/bobballard/

Presentation 2 – M365 Security & Compliance Planning Considerations
Jay Bhalodia – Microsoft Specialist
https://www.linkedin.com/in/jbhalodia/

Marialino Bello – Managing Architect
https://www.linkedin.com/in/marialina/

10 Reasons to Love Passwordless #5 – The ease of use and portability of security keys

by Contributed | Feb 22, 2021 | Technology

This article is contributed. See the original author and article here.

In this series, Microsoft identity team members share their reasons for loving passwordless authentication (and why you should too!). In this post, Sue Bohn continues the series by sharing another benefit of passwordless. 

I love passwordless because of how much customers benefit from the increased security and convenience that one passwordless option offers in particular—security keys. At Microsoft Ignite 2019, we showcased Azure Active Directory support for FIDO2 security keys. During an Ignite side chat with Joey Snow, I showed the audience my personalized security key with a bling decal, conveniently attached to my bracelet. It makes it so easy to quickly access it to sign into my personal or work accounts.

My security key provides not only strong authentication but also works with multiple online services in addition to Azure AD. With security keys, you simply insert the key into your Windows 10 machine (via USB, NFC, or Bluetooth), the key authenticates your identity, and you can start working right away. And it doesn’t require typing upper and lowercase letters, numbers, a special character, and your favorite emoji!! A security key is especially handy when devices are shared or when you cannot bring you phone into your place of work, such as a factory floor or retail store. Security keys are so portable you can even wear it!

In the past 18 months, thousands of organizations are trying the experience. Enterprise customers have been piloting passwordless authentication with their security departments and their executive teams to increase identity protection. For example, Keepmoat Homes wanted to modernize the authentication experience for their employees and make it portable, so they chose Windows Hello for Business and Yubikeys which they say provided “the most secure form of single sign on and multifactor authentication with a frictionless end user experience.” During the US election last year, we saw security key adoption by campaigns, thinktanks, and other government entities as part of Microsoft’s Account Guard program. Because security key uses FIDO2 standards, it mitigates phishing attacks and offers more security to use with digital services.

Top security keys

With a growing number of people interested in using security keys for authentication, our team recognizes the need to create a robust partner ecosystem. This gives our customers more choices in form factors including biometrics. You can check out the Microsoft Compatible Security Key partner list, a list of several devices from security key providers that have been tested with Azure Active Directory and Windows 10.

A broad ecosystem gives our customers choice in keys that deliver a higher fit to our customers’ needs. Today our customers tell us the key form factors they most often use are USB-based factor, NFC, and smartcards. Nearly 40% of the universally used security key models have a fingerprint reader. If you’re not sure which one to select, consider these top 7 security keys vendors, based on usage with Azure AD*:

1. Yubico

Yubico’s Yubikey 5 NFC (Near Field Communication) (link)	Yubico’s Security Key (link)

If you are a Systems Integrator (SI) interested in building your passwordless practice, register for Yubico’s System Integrator Pilot Program.

2. Feitian

Feitian BioPass K27 (link)	Feitian ePass FIDO2 NFC Authenticator (link)

Enterprise customers interested in piloting FIDO2 keys can register for Feitian’s Pilot Program.

3. Ensurity

Ensurity ThincC (link)

4. Thales

Thales IDCore FIDO2 Authenticator (link)

5. TrustKey (Formerly eWBM)

TrustKey G310 (link)

6. AuthenTrend

AuthenTrend ATKey.Pro FIDO2 (link)	AuthenTrend ATKey.Card (link)

Small business customers interested in piloting AuthenTrend’s FIDO2 key and card can register here.

7. HID Global

HID Cresendo C2300 (link)

Get in touch!

I hope you find this blog useful, and perhaps I inspired you to glam up your own security key! Please get in touch with me (@Sue_Bohn) and our Security Key partners if would like more information about the ease of use and portability of FIDO2 security keys and how they might work in your own organization.

Cheers,

Sue

*Based on Security Key usage with Azure Active Directory is as of Feb 2021. We highlight up to two keys per brand. Microsoft takes privacy seriously. We remove all personal data and organization-identifying data, such as company name, from the data before using it to produce reports. We never use customer content such as the content of an email, chat, document, or meeting to produce reports.

Check out the other posts in this series: 

• 10 Reasons to Love Passwordless #1: FIDO Rocks


• 10 Reasons to Love Passwordless #2: NIST Compliance


• 10 Reasons to Love Passwordless #3: Why biometrics and passwordless are a dream combination


• 10 Reasons to Love Passwordless #4: Secure your digital estate, while securing your bottom line

Learn more about Microsoft identity: 

• Return to the Azure Active Directory Identity blog home 


• Join the conversation on Twitter and LinkedIn 


• Share product suggestions on the Azure Feedback Forum 

For those Microsoft 365 changes that need a project to implement

by Contributed | Feb 22, 2021 | Technology

This article is contributed. See the original author and article here.

This blog post grew out of a conversation with one of my Microsoft colleagues about how one would push a Planner task to Azure DevOps – and the scenario was that they are very happy with the Message Center to Planner integration as a means to triage changes as they come through – but to actually execute on the changes they would normally use Azure DevOps.  So I got my thinking cap on and took a look at what was available in Power Automate.

Planner is somewhat limited in direct actions and triggers, but of course you can use the Graph API too once you get a Flow started – but the trigger is what you need here and I wanted to avoid a timer job just looking in Planner.  The “On completed” trigger seemed like the best approach, as if you were carrying out the work in Azure DevOps (or Project) then the plan task could be closed.  Then with the number of supported labels increasing in the very near future I thought that, combined with a complete task, would get me started.

Power Automate then has an action to read the Planner labels, so I could check if the task needed to go to Azure DevOps – and if so use the “Create a work item” action.

In this example I decided to create as a Feature – and in the description I crafted a link that would navigate back to the Planner task to get the full information.  A proper job here would probably involve a few more steps to read the information and populate it into Azure DevOps, but as a quick proof of concept it worked for what I needed.

And here is my newly created Azure DevOps feature.

My next thought was – that nice – but what if I want to use Project Online or the new Project to manage a Microsoft 365 change?  (The eagle eyed may have already seen the :Send to Project Online and Send to PfW in my labels list) so I extended my Flow to also look at those labels and react accordingly.

It is important to mention here that I am creating these as projects in Project Online and Project for the web – and not as tasks – as the assumption is that you would use this when you needed more than just a task (otherwise why not leave in Planner?).  Likewise for Azure DevOps – I created a feature but there may well be other entities added to deliver the change.

For the examples I’ve used I’ll admit that these could probably just have been handled in Planner – as I can’t imagine our adding of text predictions justifies a complete project plan to ready users…

And in the new Project we see the other task turned to a plan – in this case in a different environment than the default using the new flexible deployments option.

The Flow was pretty basic adding these two too – just a condition driven by the label that was applied, then the Create a new Project for Project Online (as the description doesn’t support HTML I didn’t create the href):

 and for the new Project in the Dataverse environment I used the following:

The tricky piece here was working out what the GUIDs needed to be, and I used the option to open the datasets in Excel to get a good look at the GUIDs so I could test out and confirm what these needed to be.  You can do this (permissions allowing) by going to make.powerapps.com, selecting the environment, then under Data, Tables select the table of interest (set filter to “All”) then use the “Edit data in Excel option (don’t get too excited – you can’t really edit the data for this Project stuff in Excel).

Calendar Id can be found from the Calendar column of the Work template table – in my case I only had one work template, the default – so not problem using just this one – you might need to have some way to choose if your config is more complex.

Contracting Unit can be found as the Contracting Unit column in the Project table – and again I just had one so ok to hard code – your mileage may vary (Don’t confuse it with the Contracting Unit (Lookup) field…).

Project Manager comes from the Project Manager column in the Project table, and has its origins in the User table and the User column.  It is NOT the same as the AAD GUID.

Like the Azure DevOps example you’d probably want to add a few more steps to pull more information in – and I did skip a big “gotcha” on the Project Online side – as Project Online does not allow certain characters in a Project name I chose my example carefully.  You’d need to swap out any occurenace of the following characters – : .(period) ” / : ; | ? ‘ < > * # ~ % { } +.  

Finally – a screenshot of the whole Flow:

Let me know what you think – and what would make managing Microsoft 365 changes easier?

The Power of Access as a Small Business Solution

by Contributed | Feb 22, 2021 | Technology

This article is contributed. See the original author and article here.

Microsoft Access application development has been a favorite of mine for many years, because it lends itself to a rapid application development cycle and can provide a cost-effective custom solution for small businesses.  I want to illustrate this with two examples of recent projects I have completed. 

Client 1 – 2nd generation retail business taking over from 1st generation businesses 

Problem – Payroll commission computation was time consuming and error prone. Inputs came from 2 different enterprise sources and were not in a clean format. 

Solution – Access is terrific for merging Excel based exports from enterprise databases like point of sale and employee timecard systems.  

1. Prior to importing, the Excel workbooks were massaged with VBA code to cleanse and reformat. 


2. Saved Access imports were then used to import the data from Excel.   


3. Data was then merged via Access queries.   


4. A simple form was developed to step the payroll officer through the commission calculation process.  This included 2 imports and 3 reports.   


5. The first report was designed to allow the payroll officer to review the computed commissions for accuracy.   


6. The second report split the first report up by sales rep and emailed the reports to the individual reps.   


7. The final report was an Excel based export in the format the accountant needed to complete the payroll.   

Impact and Learnings – The payroll officer absolutely loved the end product! The steps of the solution follow the same process she was familiar with, but saved her hours of tedious work and provided greater accuracy in the resulting reports.  

A strength of Access is its ability to easily integrate with other products in the Office platform and make use of the strengths of products like Excel and Outlook, and this project shows that the combination of Access queries and VBA code can be used to apply even complicated business rules. 

Client 2 – Professional business needing to generate lots of client based letters 

Problem – Letters have lots of data fields in them. Word mail merge was routinely failing and often error prone to set up. It also resulted in one document that included all clients’ letters. Documentation of what was sent to whom was problematic. 

Solution – Word mail merge can be difficult to work with. This was further complicated in this instance since the data resided in an encrypted Access database due to the sensitive nature of the client data.  The simpler solution was to push the data TO Word instead of pull it FROM Access.   

1. Since the business used a wide variety of letters, the solution allows them to add Word Templates (built in Word) to a table in Access 


2. They then map named Content Controls from the template to fields in an Access client query.   


3. A form was developed to allow the professional to run a premade Access Query, or filter on predefined fields in the client query, to find the clients whom they wished to create a letter for.  


4. Then they select the letter they want and the directory they want the resulting letters to be placed in.   


5. With VBA code behind the Form, the Word template is opened, and for each client selected, a Word document is produced with merged data from that client record using the previously setup mapping.   


6. Each letter is saved to the chosen directory with a standard naming convention. 

Impact and Learnings – The business users of this solution love the ease at which they can now generate and archive client letters.  Gone are crashing, error prone, or time consuming Word mail merges.  The super user who sets up the templates and mappings finds the solution easy to use and right on target with their goals.   

Again, this project shows the strength of Access’ easy integration with other products across the Office platform; this time with Word. Although Word mail merge allows you to select and filter data, Access is much stronger at organizing and querying data. Understanding and using the best tool for a project is key. This project also enables the user to self-serve by creating additional Word templates on their own, and then easily set those up to be used from the Access application. 

Using Partner Center Ingestion API for managing Azure Application offers in Azure Marketplace

by Contributed | Feb 22, 2021 | Technology

This article is contributed. See the original author and article here.

In this video, we look at how to use Microsoft Partner Center Ingestion API for managing “Azure Application” offers in Azure Marketplace.

Document called “Partner Center submission API to onboard Azure apps in Partner Center” provides some high-level information on how to create a Service Principal, add it to the Partner Center account, and use it to obtain access_token from Azure Active Directory. The document also points to the Swagger defining the API methods, but it does not provide specific examples for the sequences for the API calls required to manage Azure Application offers.

In this video walkthrough, we go a bit deeper and look at how to use Postman to invoke the multiple REST methods of the Partner Center Ingestion REST API and how these calls “map” to the Partner Center Commercial Marketplace UI experience.

You can download my Postman collection here.

Note: This video is specifically about the “Azure Application” offer type. If you are looking at how to manage “Virtual Machine” offers, please see “Using CPP API for managing Virtual Machine offers in Azure Marketplace”.

Video Walkthrough

Tip: Play the video full screen to see all of the details.

Approximate Mapping of Partner Center UI to the Ingestion APIs

So, should we use Partner Center API or Cloud Partner Portal CPP API?

Answer: It depends on the “offer type”

• Azure Application Offers: api.partner.microsoft.com/ingestion/v1 (described in this article)


• VM Offers (and a few other types): cloudpartner.azure.com (described in the related article)

Originally published at https://arsenvlad.medium.com/using-partner-center-ingestion-api-for-managing-azure-application-offers-in-azure-marketplace-b47b290dd947 on September 10, 2020.