Tag Archives: microsoft
Remote Connection Manager (RDMon)
For those who use Remote Desktop Connection Manager, v2.93
I’m trying to utilize the feature of Hot Keys.
From the menu -> Tools -> Options -> Hot Keys (tab) -> Previous session.
I use the ctrl-alt-insert for full screen all the time.
Problem is the ctrl-alt-rightarrow / left arrow are not working.
I’m expecting it to cycle to the next open VM.
I’ve used this in the past but now it doesn’t seem to work anymore.
For those who use Remote Desktop Connection Manager, v2.93 I’m trying to utilize the feature of Hot Keys.From the menu -> Tools -> Options -> Hot Keys (tab) -> Previous session.I use the ctrl-alt-insert for full screen all the time.Problem is the ctrl-alt-rightarrow / left arrow are not working.I’m expecting it to cycle to the next open VM. I’ve used this in the past but now it doesn’t seem to work anymore. Read More
Moving Teams Android Devices to AOSP Device Management
We are pleased to announce that Microsoft Teams Android devices will be moving to Intune Android Open Source Project (AOSP) device management later this year. AOSP device management will be the mobile device management (MDM) platform for Teams devices going forward. This move will bring a more reliable experience, an improved deployment experience for admins, and it will serve as the platform for future innovation and richer management scenarios for Microsoft Teams Android devices.
AOSP Device Management is the replacement for the legacy Android Device Administrator solution used for managing Teams Devices.
This mandatory migration will take place over several months and will not start until Q3CY24. We’ve taken great care to minimize the end user and IT admin impact with this migration, but there is action required for you as the IT admin. Following our published guidance for migration will only take a few minutes and will ensure your devices are seamlessly migrated between MDM platforms with a simple firmware upgrade. End users will notice no difference in device functionality.
There are two parts to a successful migration to AOSP Device Management:
Step 1: Create new enrollment profiles & configuration/compliance policies in Intune. This step can be completed starting in Q3 CY24 and can be completed even before the firmware updates are available. Performing these steps will have no impact on existing devices but please note that failing to create enrollment profiles before performing step 2 will result in signed out Teams Devices.
Step 2: Take firmware updates containing the new AOSP agent and Authenticator app, for each of the supported Teams Devices. This firmware update will automatically unenroll the device from Device Administrator and re-enroll the device with AOSP device management with your newly created enrollment profile. This entire process will be done while the device remains signed into Teams. These firmware updates will be made available from Teams Admin Center as a manual update to allow you time to slowly migrate your devices. Availability is expected later in Q3 CY24.
Step by step guidance on how to complete steps 1 and 2 can be found in the AOSP migration admin guide.
FAQ:
My organization does not enroll our Teams Android Devices in Intune today, do we need to do anything?
No, if your organization does not enroll its Teams Devices into Intune today and currently has the Intune license unassigned from accounts signing into Teams Devices, there will be no impact when you install the new device firmware which supports AOSP device management. Your devices will get the new management applications, but no action is required beyond updating the devices to the new firmware once released.
What happens if I don’t do anything?
Devices will receive the firmware update through Teams Admin Center eventually regardless of admin action through automatic updates.
If your organization does enroll its Teams devices into Intune, then by not creating an enrollment profile, devices will fail to enroll properly in Intune and will thus not be able to sign in (or sign out if they were already signed in before). Not creating new AOSP policies could lead to unexpected issues in your environment, as Device Administrator policies will not be migrated automatically.
This blog post mentions that I need to wait until Q3CY24 to create enrollment profiles, I already see the option in my Intune admin portal, why should I wait?
The current enrollment profile creation has a 90-day expiration date. If you create the profile now, you will need to extend it every 90 days, we are working to improve this experience with a much longer expiration period prior to Q3CY24.
Wait, I don’t have to enroll my devices in Intune at all? Why would I want to use Intune?
Intune provides a security wrapper around your devices allowing you to set security controls as well as detect if the device is compliant with your organization security requirements prior to allowing the device to sign in to your M365 instance.
Are there devices that will not migrate to AOSP Device Management?
All devices currently certified and supported for Microsoft Teams will be migrated, those devices can be found here:
Teams Rooms on Android
Teams Phones, Panels, & Displays
There are some Teams Android Devices that were previously supported, but are now end of life, which you may still have in your environment, those devices specifically not migrating are listed here:
AudioCodes C448HD (Teams Phone)
AudioCodes C450HD (Teams Phone)
AudioCodes RXV80 (Teams Rooms on Android)
Yealink VP59 (Teams Phone)
Yealink MP52 (Teams Phone)
Yealink VC210 (Teams Rooms on Android)
Crestron UC-2 (Teams Phone)
Crestron UC-P8 (Teams Phone)
Crestron UC-P8-I (Teams Phone)
Crestron UC-P10 (Teams Phone)
Crestron UC-P10-I (Teams Phone)
Crestron UC-P8-C (Teams Phone)
Crestron UC-P8-C-I (Teams Phone)
Crestron UC-P10-C (Teams Phone)
Crestron UC-P10-C-I (Teams Phone)
Crestron UC-P8-TD (Teams Display)
Crestron UC-P8-TD-I (Teams Display)
Crestron UC-P10-TD (Teams Display)
Crestron UC-P10-TD-I (Teams Display)
EPOS Expand Vision 3T (Teams Rooms on Android)
What happens with those devices that will not migrate?
The devices listed above will remain on Android Device Administrator. These devices can still be used once Android Device Administrator is fully deprecated but will be considered legacy and unsupported where features may be removed at any time. To use the device you will need to unenroll from Intune and then sign the device back in without an Intune license assigned to the account, more information about this can be found here: Manage Intune devices with Android device administrator | Microsoft Learn
Will I notice anything different with the devices after the migration?
No, the devices will not look any different from an end user perspective. As an IT admin you will see two new applications installed on your devices (visible in the software health tab in Teams Admin Center), these two applications are the “Authenticator” app and the “Microsoft Intune” app these applications replace the previous “Company Portal” application.
Why not use Android Enterprise?
Android Enterprise specifically requires Google Mobile Services, and since Teams Devices do not contain Google Mobile Services, AOSP Device Management is our solution.
What if once this migration is complete, I take a device out of storage that has not been through the migration? Will I be able to upgrade it?
Yes, there will be out of box updates available to ensure devices are able to receive the latest apps.
I’m a GCC-High customer and I don’t see the option for Teams Devices in the AOSP Device Management enrollment profile?
This is expected, this feature will be released to GCC-High customers at the end of June.
Who do I contact if I need more support or information?
Please reach out to your Microsoft account representatives or open a support case for more details.
Microsoft Tech Community – Latest Blogs –Read More
Stream features I don’t understand
I’m just starting to use Stream this month. There are some things I don’t understand.
What use is the Recommended bar on the home screen? I don’t need recommendations. I just need a searchable list of my Streams.Why don’t my most recent Streams show up on the home screen? I’ve made a dozen new Steams over the last few days, but they don’t show up under All or Created by me, etc.Why, when I try to add a Stream to my favorites, does it come back with “Something went wrong…”Why is Microsoft spending a zillion dollars on AI to help me plan a dinner party, when I just want to get my work done?
I’m just starting to use Stream this month. There are some things I don’t understand.What use is the Recommended bar on the home screen? I don’t need recommendations. I just need a searchable list of my Streams.Why don’t my most recent Streams show up on the home screen? I’ve made a dozen new Steams over the last few days, but they don’t show up under All or Created by me, etc.Why, when I try to add a Stream to my favorites, does it come back with “Something went wrong…”Why is Microsoft spending a zillion dollars on AI to help me plan a dinner party, when I just want to get my work done? Read More
Category Color Coding not viewable by Delegate on New Mode
Ran into an issue when helping a user today of not being able to see the color coding of a shared calendar. User is a delegate for someone that has their calendar items color coded. I’ve toggled permissions and we’ve removed/re-added the shared calendar in question. This happens in New Mode. When reverting to Legacy Mode, the colors are viewable on the shared calendar.
I’ve tried most things except for a complete reinstall of Outlook. Any thoughts?
JB
Ran into an issue when helping a user today of not being able to see the color coding of a shared calendar. User is a delegate for someone that has their calendar items color coded. I’ve toggled permissions and we’ve removed/re-added the shared calendar in question. This happens in New Mode. When reverting to Legacy Mode, the colors are viewable on the shared calendar.I’ve tried most things except for a complete reinstall of Outlook. Any thoughts?JB Read More
Disable Copilot Pro ad on Word 365 toolbar
Recently this icon appeared on my toolbar in Word 365 on iPad. It’s an ad for Copilot Pro, and it is in the first position on the top-right toolbar. Not only that but it obscures the center toolbar.
I have less than zero interest in Copilot Pro, and I will never purchase it. How do I remove this intrusive ad that Microsoft is foisting on me?
Recently this icon appeared on my toolbar in Word 365 on iPad. It’s an ad for Copilot Pro, and it is in the first position on the top-right toolbar. Not only that but it obscures the center toolbar. I have less than zero interest in Copilot Pro, and I will never purchase it. How do I remove this intrusive ad that Microsoft is foisting on me? Read More
How can i avoid that Onedrive executes after Pressing ” PrintScreen ” in keyboard in this POST OS?
Please say me how to do that for this Windows OS: Windows 11 Pro Versión 23H2 Compilación 22631.3527
Please say me how to do that for this Windows OS: Windows 11 Pro Versión 23H2 Compilación 22631.3527 Read More
ADO YAML question re: ‘enabled’ and variable
– powershell: |
write-host $(CxDebug)
displayName: Test Debug Var
enabled: true
The above code works.
I’d like to leverage a pipeline variable on the last line. When I add a variable and set it to ‘true’ – I get a YAML error prior to running the pipeline.
– powershell: |
write-host $(CxDebug)
displayName: Test Debug Var
enabled: $(CxDebug)
- powershell: |
write-host $(CxDebug)
displayName: Test Debug Var
enabled: true The above code works. I’d like to leverage a pipeline variable on the last line. When I add a variable and set it to ‘true’ – I get a YAML error prior to running the pipeline. – powershell: |
write-host $(CxDebug)
displayName: Test Debug Var
enabled: $(CxDebug) Read More
Copilot using wrong date
Hi All
I live in New Zealand, so the timezone is UTC+13.
I have noticed that Copilot is using UTC as its standard gauge for time, which is problematic when I query my schedule in the morning as it shows the previous day in the results. When I ask it what the date is, it tells me its the previous day today because it is in UTC. As soon as UTC timezone moves into the next day (my current day), then all is well.
Any ideas as to how I can resolve this?
Hi All I live in New Zealand, so the timezone is UTC+13. I have noticed that Copilot is using UTC as its standard gauge for time, which is problematic when I query my schedule in the morning as it shows the previous day in the results. When I ask it what the date is, it tells me its the previous day today because it is in UTC. As soon as UTC timezone moves into the next day (my current day), then all is well. Any ideas as to how I can resolve this? Read More
Notification when video encoding is done
Is there a way to notify the user(s) when encoding of the video is complete? I’ve uploaded videos and they don’t show up in the Stream Library for quite some time. It would be helpful to see some type of placeholder in the library that provides an update when the video will finish processing OR maybe an email to notify the user that it has started and when it is done.
Is there a way to notify the user(s) when encoding of the video is complete? I’ve uploaded videos and they don’t show up in the Stream Library for quite some time. It would be helpful to see some type of placeholder in the library that provides an update when the video will finish processing OR maybe an email to notify the user that it has started and when it is done. Read More
Add printer twice to Azure
Is it possible to Add a UP ready all in one printer twice in Universal Print? I want to have two options for users to print to the same printer depending on if they want to direct print or use Secure Release when needed.
Is it possible to Add a UP ready all in one printer twice in Universal Print? I want to have two options for users to print to the same printer depending on if they want to direct print or use Secure Release when needed. Read More
Latest updates appear to have broken VB6 Applications / Runtime Error 372
Microsoft updates installed on my system last night. Since that point my VB6 application will not open:
Microsoft updates installed on my system last night. Since that point my VB6 application will not open: Read More
New Blog | Organizing rule collections and rule collection groups in Azure Firewall Policy
Firewall Policy is the recommended method to manage Azure Firewall security and operational configurations. When using Firewall Policy, any rules must be part of a rule collection and rule collection group. Rule collections are sets of rules that share the same priority and action, and can be of type DNAT, Network, or Application. Rule collection groups are containers for rule collections of any type and are processed first by Azure Firewall based on priority. To learn more about rules, rule collections, and rule collections groups, see Azure Firewall Policy rule sets.
This article provides some best practices for configuring and organizing Firewall Policy rules into rule collections and rule collections groups.
Rule processing logic
The first thing to note is that if threat intelligence-based filtering is enabled, those rules are evaluated first and may deny traffic before any configured rules are processed.
For configured rules, the following logic applies:
All DNAT rules are processed first, followed by Network rules, and lastly, by Application rules.
For each rule type stated in 1., the firewall evaluates rules based on priority. It will look at the rule collection group with the highest priority, and within that rule collection group, at the rule collection with the highest priority. Keep in mind that priority is any number between 100 (highest priority) and 65,000 (lowest priority).
If there are rules inherited from a parent policy, these will take precedence over rules configured in the child policy. Thus, the logic described in step 2. will apply to inherited rules first.
For detailed examples of this rule processing logic, see Rule processing using Firewall Policy.
Read the full post here: Organizing rule collections and rule collection groups in Azure Firewall Policy
By BeatrizSilveira
Firewall Policy is the recommended method to manage Azure Firewall security and operational configurations. When using Firewall Policy, any rules must be part of a rule collection and rule collection group. Rule collections are sets of rules that share the same priority and action, and can be of type DNAT, Network, or Application. Rule collection groups are containers for rule collections of any type and are processed first by Azure Firewall based on priority. To learn more about rules, rule collections, and rule collections groups, see Azure Firewall Policy rule sets.
This article provides some best practices for configuring and organizing Firewall Policy rules into rule collections and rule collections groups.
Rule processing logic
The first thing to note is that if threat intelligence-based filtering is enabled, those rules are evaluated first and may deny traffic before any configured rules are processed.
For configured rules, the following logic applies:
All DNAT rules are processed first, followed by Network rules, and lastly, by Application rules.
For each rule type stated in 1., the firewall evaluates rules based on priority. It will look at the rule collection group with the highest priority, and within that rule collection group, at the rule collection with the highest priority. Keep in mind that priority is any number between 100 (highest priority) and 65,000 (lowest priority).
If there are rules inherited from a parent policy, these will take precedence over rules configured in the child policy. Thus, the logic described in step 2. will apply to inherited rules first.
For detailed examples of this rule processing logic, see Rule processing using Firewall Policy.
Read the full post here: Organizing rule collections and rule collection groups in Azure Firewall Policy
New Blog | Securing your API Management service from day one with Defender for APIs
By Walner Dort
Introduction
We are excited to announce that you can now secure your Azure API Management (APIM) managed APIs from day one with Defender for APIs. This allows you to enable security as soon as you create your APIM service within the Azure portal. This means that security for APIs is no longer an afterthought and API management administrators do not need to leave the Azure API Management portal experience to turn on protection for their APIs which is a critical entry point into the API attack surface.
Defender for APIs provides full lifecycle protection, detection, and response coverage. Defender for APIs includes unified visibility across your APIM Services within the Azure subscription, security insights with hardening recommendations, classification of sensitive data exposure, and continuous monitoring of APIs with machine learning and threat intelligence-based detections to alert against top OWASP API risks.
Enabling Defender for APIs from APIM instance creation experience in Azure portal
Step 1 – Create a new API Management Service
From the Azure Portal, select Create a resource. You can also select Create a resource on the Azure Home page.
Read the full post here: Securing your API Management service from day one with Defender for APIs
By Walner Dort
Introduction
We are excited to announce that you can now secure your Azure API Management (APIM) managed APIs from day one with Defender for APIs. This allows you to enable security as soon as you create your APIM service within the Azure portal. This means that security for APIs is no longer an afterthought and API management administrators do not need to leave the Azure API Management portal experience to turn on protection for their APIs which is a critical entry point into the API attack surface.
Defender for APIs provides full lifecycle protection, detection, and response coverage. Defender for APIs includes unified visibility across your APIM Services within the Azure subscription, security insights with hardening recommendations, classification of sensitive data exposure, and continuous monitoring of APIs with machine learning and threat intelligence-based detections to alert against top OWASP API risks.
Enabling Defender for APIs from APIM instance creation experience in Azure portal
Step 1 – Create a new API Management Service
From the Azure Portal, select Create a resource. You can also select Create a resource on the Azure Home page.
Read the full post here: Securing your API Management service from day one with Defender for APIs
365 whitelist from being quarantined as malware
Greetings. I am looking for some assistance with allowing a few specific external senders as their emails keep getting blocked in quarantine as “Malware” and these senders are already allowed in the anti-spam policy.
When I release the email to the intended recipient, I do report the message to MS for a false positive and wait for 30 days, but it is not effective. Just today, I had to send email from one sender three times.
I have tried creating a transport rule, but the only option there is to skip spam filtering, but there is nothing to skip malware detection.
How can I allow a sender so that no emails from them get blocked in quarantine due to malware?
Greetings. I am looking for some assistance with allowing a few specific external senders as their emails keep getting blocked in quarantine as “Malware” and these senders are already allowed in the anti-spam policy. When I release the email to the intended recipient, I do report the message to MS for a false positive and wait for 30 days, but it is not effective. Just today, I had to send email from one sender three times. I have tried creating a transport rule, but the only option there is to skip spam filtering, but there is nothing to skip malware detection. How can I allow a sender so that no emails from them get blocked in quarantine due to malware? Read More
Auto forwarding alternative?
The organisation I work for will not allow auto-forwarding of emails at all. Nor will they let me access the email account from my phone.
Is there any way I can get my work computer to send an alert to my phone even just to let me know there’s an email in my work inbox?
Thanks in anticipation.
Dave
The organisation I work for will not allow auto-forwarding of emails at all. Nor will they let me access the email account from my phone. Is there any way I can get my work computer to send an alert to my phone even just to let me know there’s an email in my work inbox?Thanks in anticipation. Dave Read More
Chart issues
Hello,
My chart is not picking up the correct cell. However, there is data in the cell.
Hello, My chart is not picking up the correct cell. However, there is data in the cell. Read More
Steam features I don’t understand
I’m just starting to use Stream this month. There are some things I don’t understand.
What use is the Recommended bar on the home screen? I don’t need recommendations. I just need a searchable list of my Streams.Why don’t my most recent Streams show up on the home screen? I’ve made a dozen new Steams over the last few days, but they don’t show up under All or Created by me, etc.Why, when I try to add a Stream to my favorites, does it come back with “Something went wrong…”Why is Microsoft spending a zillion dollars on AI to help me plan a dinner party, when I just want to get my work done?
I’m just starting to use Stream this month. There are some things I don’t understand.What use is the Recommended bar on the home screen? I don’t need recommendations. I just need a searchable list of my Streams.Why don’t my most recent Streams show up on the home screen? I’ve made a dozen new Steams over the last few days, but they don’t show up under All or Created by me, etc.Why, when I try to add a Stream to my favorites, does it come back with “Something went wrong…”Why is Microsoft spending a zillion dollars on AI to help me plan a dinner party, when I just want to get my work done? Read More
Can you add attachments in bookings?
Hello,
I need to send a few file attachments to the people either before they book the appointment or after. I am currently doing this manually – is there anywhere I can add this in within bookings?
Thank you
Hello, I need to send a few file attachments to the people either before they book the appointment or after. I am currently doing this manually – is there anywhere I can add this in within bookings? Thank you Read More
Easily detect CVE-2024-21427 with Microsoft Defender for Identity
The recently published CVE-2024-21427 Windows Kerberos Security Feature Bypass Vulnerability fixed the potential bypass of authentication policies configured in Active Directory. We strongly recommend that you deploy the latest security updates, including the most recent patch, to your servers and devices to help ensure you have the latest protections available.
As with every vulnerability or attack surface disclosure, our research teams actively investigate possible exploits, working to patch potential issues and provide out-of-the-box detection methods. Before being made generally available, these detections undergo rigorous testing in our lab environments as well as experimental deployments to ensure they meet our performance and accuracy standards. Additionally in this instance, the Microsoft Defender for Identity team has added a new activity to the Advanced Hunting experience in the Defender portal which can help you spot potential attempts to exploit this vulnerability.
Using the advanced hunting activity:
To help you better identify whether this vulnerability has been exploited in your environment and alert you to future attempts we added a new activity within Advanced Hunting that monitors Kerberos AS authentication. With this data customers can now easily create their own custom detection rules within Microsoft Defender XDR and automatically trigger alerts for this type of activity.
We recommend using the query below to monitor Kerberos AS authentication and use the following custom detection rule to trigger an alert:
Access Defender XDR portal -> Advanced Hunting -> Queries -> Community queries -> Kerberos AS authentication
Now, click on “Create detection rule” and fill in the details.
For example:
The advanced hunting query:
IdentityLogonEvents
| where Application == “Active Directory”
| where Protocol == “Kerberos”
| where LogonType in(“Resource access”, “Failed logon”)
| extend Error = AdditionalFields[“Error”]
| extend KerberosType = AdditionalFields[‘KerberosType’]
| where KerberosType == “KerberosAs”
| extend Spns = AdditionalFields[“Spns”]
| extend DestinationDC = AdditionalFields[“TO.DEVICE”]
| where Spns !contains “krbtgt” and Spns !contains “kadmin”
| project Timestamp, ActionType, LogonType, AccountUpn, AccountSid, IPAddress, DeviceName, KerberosType, Spns, Error, DestinationDC, DestinationIPAddress, ReportId
An example of an alert triggered by this custom detection:
For more information on this vulnerability please check back on the MSRC page and to stay on top of the latest Defender for Identity capabilities follow our What’s New documentation page.
Microsoft Tech Community – Latest Blogs –Read More
Slash Your Azure Bill: Top Tips for Startups
Understanding Azure Reservations and Savings Plans
For bootstrapped startups, every dollar counts. Wasting money on cloud resources can stifle your growth. But fear not, cloud ninjas! This post dives into two powerful tools – Azure Reservations and Savings Plans – that can help you slash your Azure bill and optimize your cloud spending.
Imagine getting a discount on your favorite takeout app… but only if you order the same thing every week from the same location. That’s kind of like Azure Reservations. You commit to using a specific amount of Azure resources for a set period (think virtual machines) and get a sweet discount (up to 72% off!).
Azure Savings Plans are more flexible. It’s like a pre-paid gift card for your cloud resources. You commit to spending a certain amount per hour for one or three years, and you get discounts (up to 65% off!) on eligible compute costs across different regions and instance types.
Choosing the Right Option
Here’s a breakdown of the advantages, drawbacks, ideal use cases, and penalties for each option to help you decide which is best for you:
Azure Reservations (Learn more about Azure Reservations)
Advantages:
Cost Savings: Up to 72% off compared to pay-as-you-go pricing.
Predictable Billing: Provides a predictable expenditure model.
Automatic Application: Discounts automatically apply to matching resources.
Drawbacks:
Limited Flexibility: Best for stable, predictable workloads.
Resource Specificity: Tied to specific regions and instance families.
Penalties: “Use-it-or-lose-it” – unused resources are forfeited. Limited cancellation and exchange options (Azure Reservations Exchange Policy).
Ideal Use Cases:
Consistent, uninterrupted workloads with minimal variation (e.g., core web server).
Azure Savings Plans (Learn more about Azure Savings Plans)
Advantages:
Flexible Savings: Applies across a wide range of compute resources.
Global Application: Works across different regions and instance families.
Drawbacks:
Limited Scope: Discounts only apply to compute costs, not storage, network, or licensing.
Non-Cancellable Commitment: Purchases are final, with no cancellation or exchange options (Canceling Azure Savings Plans).
Ideal Use Cases:
Fluctuating workloads, varied instance families, or workloads spanning multiple regions.
Bonus Tip: Don’t forget the Free Tier!
Azure has a generous free tier with a ton of services that are perfect for getting started. Check it out before you dive into Reservations or Savings Plans.
By leveraging these tools and the free tier, you can build a scalable and cost-efficient cloud infrastructure that fuels your startup’s growth. Ready to explore? Check out Microsoft’s cost calculators to see how much you can save!
Here are some additional resources:
Microsoft Azure Reservations: https://azure.microsoft.com/en-us/pricing/reservations
Microsoft Azure Savings Plans: https://learn.microsoft.com/en-us/azure/cost-management-billing/savings-plan/
Microsoft Azure Pricing Calculator: https://learn.microsoft.com/en-us/azure/cost-management-billing/cost
Microsoft Tech Community – Latest Blogs –Read More