Microsoft has announced a new service: Azure Data Share. It is a new data service for sharing data across organizations. This can be used to easily share big files and data with external organisations instead of using FTP or other data sharing services.
If you have a ADFS server for your user authentication in Office 365 / Azure AD, and you want to use Pass Through Authentication and/or password Hash Synchronization we will need to change a few things and run a few Powershell commands.
So before we can change the domain to managed, verify if your domain has password sync enabled using the AD connect wizard:
If you have an AD Connect server, you sometimes require a faster sync than the default 30 minutes. This can be done very easily by entering one Powershell command. Open a Powershell window, and load the AD Connect Sync Powershell module:
Once imported, you have 2 options. For a full sync, type the following command:
Today I have given a hands on lab with Erik Loef on security and ethical hacking. We had created 5 different labs for the 21 participants to learn them more about security. This way we allowed them to think as a hacker, find out weaknesses in the system, and how to take measures against hackers. We did create the following 5 labs:
Wifi hacking (retrieve logindetails from end users by using a roque access point)
Create your own virus
Exploit a backdoor in Windows
Hack a webserver
From user to domain admin in 15 minutes
All sessions where created to learn about security. With Azure and Office 365 we do our outmost best to secure your environment. I hope to give you more information in the near future how to improve security in Azure and Office 365.
Wouldn’t be cool to migrate all your laptops and desktops to Azure AD, but still have your on-premise file server for the people that can’t say goodbye to their network drives?
Now it is possible! Azure is supporting out of the box, Azure AD domain joined devices to connect with their on-premise domain joined counterparts with credentials (Kerberos) to the good old file and print server!
To be able to set this up, you will still need a traditional domain controller with a file/print server. On top of that you will need to synchronize the identities to Azure AD. Make sure that you enable password sync, and start joining the devices to Azure AD.
One other important thing, your device needs to be Windows 10 1607 or higher! Older versions of Windows 10 do not support the Kerberos authentication.
If you now want to map a network drive with the existing NTFS permissions, just map the drive, and start using like you used to do before!
Last week we talked about why passwords are bad. Today we will continue with part 2, how to get the passwords gone, and we will zoom in on Windows Hello for Business!
So what is Windows Hello? Windows Hello is a modern way of authenticating users on their laptop, where this will be a two factor authentication. The first factor is the integrated TPM chip in the device, and the 2nd factor is the bio-metric of the user.
By enabling the TPM chip and the bio-metric data from the end user we will eliminate the need of a password on the users device. Off course the user can use his password to unlock the device in case bio-metric verification fails because of different reasons.
If you have a on-premise domain with Windows Hello for business enabled, it is also possible to enable the convenience PIN, however, I wouldn’t recommend it, as Microsoft has disabled this in Azure AD as well. In short:
Windows Hello for Business is: An asymmetric key-pair protected and stored in the TPM, unlock with PIN or Bio-metric Authentication
Did you ever wonder what’s new in Azure, or what is updated recently? Azure keeps all its updates to Azure in a cool overview, the Azure Heatmap! Check it out using the following url: https://azureheatmap.azurewebsites.net/
Recently I received the question if it is possible to monitor Azure Backup with PRTG. Now this might seem to be a bit weird, as we could use Azure monitoring. But in this case, it was a service provider that needed a single solution for all their services, including custom dashboards and monitoring.
So, challenge accepted, lets get this done! In this case the customer has a Azure Recovery Service Vault with 2 virtual machines, with a backup schedule of only once every 24 hours with a retention of 30 days.
Our goal will be to have 3 sensors in PRTG with the completed jobs, failed jobs and running jobs. If you follow the next steps you should be able to set this up your self as well.
Microsoft is working hard on improving Azure File sync. They just announced the new release of the v7 agent. For now only current installed agents get the update. Once all current clients have been updated, the update will be available on Microsoft Update and Microsoft Download Center
Improvements and issues that are fixed
Support for larger file share sizes
With the preview of larger, 100 TiB Azure file shares, we are increasing the support limits for file sync as well. In this first step, Azure File Sync now supports up to 50 million files in a single, syncing namespace. Other existing limits, for example the number of items per directory level, still apply.
Improved Azure Backup file-level restore
Individual files restored using Azure Backup are now detected and synced to the server endpoint faster.
Improved cloud tiering recall cmdlet reliability
The cloud tiering recall cmdlet (Invoke-StorageSyncFileRecall) now supports per file retry count and retry delay, similar to robocopy.
Support for TLS 1.2 only (TLS 1.0 and 1.1 is disabled)
Azure File Sync now supports using TLS 1.2 only on servers which have TLS 1.0 and 1.1 disabled. Prior to this improvement, server registration would fail if TLS 1.0 and 1.1 was disabled on the server.
Miscellaneous performance and reliability improvements for sync and cloud tiering
There are several reliability and performance improvements in this release. Some of them are targeted to make cloud tiering more efficient and Azure File Sync as a whole work better in those situations when you have a bandwidth throttling schedule set.
In the Azure portal you can reset the password of a user, but this is always a temporary password. But PowerShell to the resque again, lets set the password in Azure AD with PowerShell with a predefined password! On your Windows device open a PowerShell prompt and connect to Azure AD. (Click here if you don’t know how to)
First we need to get the object ID from the user where we want the password to be reset. Run the following command (replace emailadres):
In the past two years, Over 50 percent of businesses experienced an unforeseen interruption, and the vast majority (81%) of these interruptions caused the business to be closed for one or more days.
Did you know that 80 percent of businesses suffering a major disaster go out of business in three years, while 40 percent of businesses that experience a critical IT failure go out of business within one year. In the case of suffering a fire, 44 percent of enterprises fail to reopen and 33 percent of these failed to survive beyond 3 years…
It’s a common mistake to think that Microsoft takes core of backups for your Office 365 environment. Yes, they do make backups, every 12 hours with a retention of 14 days. However, this is only designed for emergency purposes, and if you need it your self, they will charge you for that.
But then you might think that there is a recycle bin and versioning, yes, but these are limited as well. For email the retention is just 30 days, and for SharePoint it is 90 days. This can extended with the E3 and E5 subscriptions. But is this a real backup? and can this guarantee save data retrieval in case of a disaster? the answer is NO!
Today Microsoft has announced Azure Bastion. With this new service you will get improved security features and simplified IT managemend with a single click from your webbrowser using the HTML5 web client. This will eliminate the need for a jump server. I am looking forward in using this service in preview and GA.
In Azure there are several ways to implement your VM storage. I get a lot of complaints about slow storage in Azure. In this article I will try to explain why this might be slow, and what you can do about it. There are multiple locations where the limit might be hit. So I will address all in the following topics.
Virtual machine type
The first limitation might be coming from your virtual machine. Each type has its own total IOPS limit. Thus by adding more disk or faster disk than the type and size allows will not make any speed difference in the end. One of the obvious reasons for faster disk performance is to use SSD disks instead of HDD.
But keep in mind, not all virtual machines do support Premium SSD Storage, with an effective limit of 500 IOPS per disk, like in the Av2 series. And then there is host caching, that effects performance as well. A few examples:
From the Office 365 Admin portal it is possible to deploy Office plugins to users, both specific as all users. With this manual we will deploy a plugin from the store, but you can deploy custom apps as well. The advantage of using plugins from the store is that the plugins get automatically updated, so nothing you have to worry about anymore!
Step 1: Login to the office portal, go to the admin center, and from there go to Settings, Services & add-ins, and Deploy Add-in
Today we will learn how to deploy Azure AD Domain services. So let’s go to the Azure portal and let’s get you started!
Step 1: Go to Azure AD Domain Services and create a new Azure AD Domain services!
Step 2: Now we can start te setup of ADDS, fill in your preferred domain name. You can leave the default which is the same as your Azure Active Directory name ending with .onmicrosoft.com, but I would recommend a public URL like in my case adds.2azure.nl.
Where Azure MFA is only included in the paid Azure Active Directory Premium subscriptions (P1/P2 and EM+S suites), there is a free version for the Office 365 apps.
It is always a good idea to enable multi factor authentication, in case your credentials get stolen, the thief will not be able to use them because of the 2nd authentication factor. Microsoft is encouraging all their users to start using MFA, so the made it free of charge for all the apps of the office 365 suite, including Outlook, Teams, Excel, Word and many more.
The 2 factor authentication can be setup up fairly easily by the end users self. This can be enforced by the administrator by requiring 2 factor authentication. The first time a user logs on, he or she will get a notification message to setup MFA. Or you can redirect your users to the following portal to setup MFA: https://aka.ms/mfasetup
How to setup MFA for your end users?
In the office 365 portal go to the Active Users tab, and go to the Setup multifactor authentication page (see below)
You still have your old network drives? Still need to setup a VPN to access your file shares? Or have you migrated all your files to Azure file share but you need a higher performance for your Autocad files?
Wait no longer, Azure File Sync to the rescue! Where you would have your Azure File Share for sharing files, you can use Azure File Sync to make a local cache of your Azure files, or sync your local file server to Azure Files. In this manual we will help you setup Azure File Sync with a existing Azure File Share. I already have a Azure File Share, mapped as a network drive Z: