Security and Compliance with Office 365

If you’ve signed up for Office 365 and kicking the tires? Consider checking some of the capabilities that you get with the Security and Compliance Portal within Office 365.  How do you get there? If you head over to https://protection.office.com you’ll be prompted to log in with your Work ID.  Once you’re in you’ll be able to configure components of your tenant for data loss prevention in addition to many additional capabilities.

For a quick overview of capabilities, head on over to the overview available here:

https://support.office.com/en-us/article/overview-of-security-and-compliance-in-office-365-dcb83b2c-ac66-4ced-925d-50eb9698a0b2

Office 365: Managing your users through PowerShell

If you’re like me, then you tend to find yourself wanting to automate as much as possible, or at least be able to work with sets of data in a way that quickly allows you to get to the root of an issue rather than clicking through endless screens of information.

In case you were curious, Office 365 makes use of Azure Active Directory behind the scenes for user managment. As Azure Active Directory is an enterprise resource for identity management for cloud hosted applications, Microsoft has gone to great length to create several interfaces to it. Granted, I could just use a REST call through the Microsoft Graph API to create or delete a user through a POST command, but I can also use PowerShell from a Windows based device.

For user management, our first step is to download the appropriate PowerShell Module.  This can be done simply by installing the module through PowerShell running

install-module -name azuread

This will install the PowerShell module specifically for Azure AD and allow you to manage your users. From there before you can make any changes to your user base you’ll need to authenticate. An easy way to do this is as follows:

$creds = get-credential -credential
connect-azure-ad -credential $creds

From there you can parse your users and make modifications to your hearts desire. Running “Get-AzureADUser” enumerates all user objects.  Load it into an array and work with the users as you wish.

Nevertheless, for more on this topic, check out the Microsoft Support docs over at:

https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-office-365-powershell

https://www.powershellgallery.com/packages/AzureAD/2.0.1.3

Office 365: How to become an Office Insider

Microsoft continues to provide iterative changes to the Microsoft Office productivity suite. At one point in time Microsoft was deploying changes on a very frequent basis. While this was helpful for many users that were excited to see new bits flowing to their computing desktops on a regular basis, the amount of change fatigue became overwhelming for some users. As such, Microsoft modified the way that updates are pushed to Office users through Office 365.  For those users however that still wanted to be on the bleeding edge with a few builds per month, Microsoft provides the Office Insiders program.

To learn more about how to have the latest and greatest capabilities on your desktop you can read up more about it here – https://products.office.com/en-us/office-insider?tab=Windows-Desktop. Be mindful that this link is for consumers and not enterprise users. To make these modifications to Enterprise users though requires using the Office Deployment Tools for 2016.

More on this topic about Enterprise users is available here – https://support.office.com/en-us/article/how-office-365-commercial-customers-can-get-early-access-to-new-office-2016-features-4dd8ba40-73c0-4468-b778-c7b744d03ead

If you need to revert back to a more stable build it’s merely a matter of changing the channel that you’re locked into by way of running the Office Deployment Tools once more. Keep on keepin’ on!

Don’t turn into a pumpkin because of DirSync with your Office 365 system

I feel like I may have already mentioned this on the Twitter, but I feel like I need to put out a reminder PSA for folks that perhaps were asleep at the terminal or looking at their iPhone playing Pokemon Go… DirSync and AzureAD Sync Service will no longer connect as of 1 January 2018. Only AzureAD Connect will actually be able to connect to AzureAD to allow for imports of projected identities from your on-premises Active Directory or other LDAP based system.

You have been informed.

Why would I be using DirSync you might ask yourself? The primary reason being so that you’ve got all of your users’ identities and attribute information showing up properly within Office 365 (or within other applications that you’re hosting within Azure and need an identity source to pull from). Where do these user identities show up you might ask yourself? Within any contact card or anything that tracks a user.

Moving on… About a year ago, in April 2016, Microsoft deprecated DirSync and Azure AD Sync Services in favor of AzureAD Connect. They did this in a blog post. Some people may have missed it. Others put a sticky note in their cubical and then forgot it when another sticky note was placed on top of it reminding them to renew an SSL certificate.

If you’re not familiar with AzureAD Connect, you probably haven’t logged into your Azure portal (oh, by the way, it’s no longer manage.windowsazure.com, but rather it’s portal.azure.com) or you haven’t logged into the Admin terminal of your Office 365 portal to check on your Directory Synchronization status. Regardless, the time has come to go and figure out what you’re going to do so that your directory synchronization with AzureAD doesn’t go offline and break because of lack of upgrading to what is supported.

How do you go about upgrading to AzureAD Connect? RTM… or read the manual for those that aren’t familiar with acronyms.

Where do I find the manual though?

I’m glad you asked… as a typical search using your favorite search engine probably wouldn’t bring up the results until you clicked on the Search button. . .

Okay, so seriously, where’s the guidance for upgrading?

Check it out here https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-deprecated.

Alternatively, Microsoft has additional documentation as a part of the AzureAD Connect installation documentation on how to upgrade over here –

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-dirsync-upgrade-get-started

All in all, it’s pretty simple to upgrade to your basic environments. If you have additional complex rule sets for performing combinations of actions while performing a projection into AzureAD from your on-premises AD, you’ll want to go in and figure out what they are within the MIIS Client so that you can recreate them or validate them within AzureAD Connect.

Good luck and hope that you’re able to make the deadline of midnight on the 31st of December as we ring in the new year!

Favorite Podcasts… 2017 List

It’s interesting to look back at the past year and realize that I haven’t really been listening to all that many podcasts – whether professionally or personally. There are a few that are epic that should be on everyone’s queues to include:

There are several others out there but the above are the ones you’ll probably find me listening to. Maybe.

And maybe at some point when life slows down we’ll have Brewery.fm come back to life… http://www.brewery.fm

Happy casting!

Azure’s Access Control Services Retiring

If you’ve been working with Azure for a while you may have come across a need to make use of Azure’s Access Control Services. This service offering or capability effectively allowed developers to create something that was hosted on Azure but have authentication and authorization to be completed performed outside of the application that a developer was building.

In many cases, developers that were looking to integrate with services like Facebook, Twitter, or another Active Directory would make use of ACS to handle the authentication and authorization and allow the developer to focus on what they were developing within their App. This was great in that it was effectively performing a lot of heavy lifting without a lot of code.

As Azure is continuing to evolve, change happens and in this case we see Access Control Services entering a deprecated state where it will no longer be support as of November 7, 2018. What’s all this mean to you? Perhaps nothing if you’re not using ACS. If you are however using ACS, it’s still fully operational, but similar to the Death Star, in the near future it will cease to exist.

More about this activity is available here on the Microsoft Azure Blog – https://azure.microsoft.com/en-us/blog/time-to-migrate-off-access-control-service/

If however you say to yourself, “I’ve been using ACS for a while and my app relies upon it heavily…” Fear not, there’s a published migration path that you can make use of… you can check it out here – https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-acs-migration

Nonetheless, consider yourself informed when you’re working with a client or with your fellow developers that you’ll need to consider how to begin building a transition plan to make use of something like Azure Active Directory or another offering of Azure’s per the migration guidance aforementioned. Happy developing!

Traveling in Style…

For those that don’t know me, I’m not a huge fan of flying. I’m not certain why to be honest… as a kid I flew across the Atlantic a few times, even across the Pacific to go to Hawaii. Nonetheless, recently on a flight to the midwest I was impressed at how much quieter flights are these days… granted the Bose QC35’s are pretty helpful. If only the flights could be shorter… guess what, companies are working on that.

Looking at some of the technological innovation to press forward toward supersonic flight is pretty darn cool. There’s the Elon Musk route of ferrying people up into sub orbital flight to get anywhere on the planet in 45 minutes. But for those that are looking for a slightly more affordable flight, several companies are working on supersonic or near supersonic flight.

If you’ve never heard a sonic boom – you’re missing out. It’s pretty loud. Check your newspapers for an air show and typically they’ll have a plane zoom by super fast and you’ll go, “Whoa that was amazing!”

Most supersonic flights that were on the Concorde were over the ocean so as to not cause too much noise pollution with the sonic boom. As someone that lives near an airport, I can say I definitely wouldn’t be a fan of hearing the window panes rattle every morning as flights started arriving.  Granted, I suppose it would be akin to the rattle that they make when the Millennium Falcon causes when it drops out of Hyperspace…

Nonetheless, aerospace engineering is working on getting you from point A to point B quicker.  More here if you’re interested… http://www.techradar.com/news/the-jet-age-is-over-here-comes-supersonic-hyper-mach-travel