Santhosh Sivarajan's Blog

Time 2021-01-01 10:04:43

Web Name: Santhosh Sivarajan's Blog

WebSite: http://portal2.sivarajan.com

ID:152912

Keywords:

Santhosh,Sivarajan,Blog,

Description:

Source -https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience/What is Windows Admin Center?If you re an IT administrator managing Windows Server and Windows, you probably open dozens of consoles for day-to-day activities, such as Event Viewer, Device Manager, Disk Management, Task Manager, Server Manager the list goes on and on. Windows Admin Center brings many of these consoles together in a modernized, simplified, integrated, and secure remote management experience.Here s how Windows Admin Center helps IT admins:Simple and modern management experience:Windows Admin Center is a lightweight, browser-based GUI platform and toolset for IT admins to remotely manage Windows Server and Windows 10 machines.Hybrid capabilities:Windows Admin Center can manage Windows Server and Windows 10 instances anywhere including physical systems, virtual machines on any hypervisor, or running in any cloud. Connect to the cloud with optional value-added features like integration with Azure Site Recovery for protecting your virtual machines, and support for Azure Active Directory to control access with multi-factor authentication.Integrated toolset:Rather than switching between several different tools and contexts, with Windows Admin Center you get a holistic overview of your resources and the ability to dig into granular details. In addition to server and client machines, it allows you to manage failover clusters and hyper-converged infrastructure (HCI) deployments.Designed for extensibility:We ve been working with early-adopter partners to refine the extension development experience in a private preview of our SDK. That means soon you ll be able to extend Windows Admin Center s capabilities to 3rd-party solutions. For example, you ll start to see 3rd party hardware vendors use Windows Admin Center to provide management of their own hardware.Windows Admin Center is now generally available and is supported for use in production environments. We will continue with our commitment to add customer value by addressing user feedback and will continue to improve and update on a regular basis.The upcoming release of Windows Server 2019 is another important milestone for Windows Admin Center as we deepen our investments inhybrid scenarios and hyper-converged infrastructure management.Read more at source -https://cloudblogs.microsoft.com/windowsserver/2018/04/12/announcing-windows-admin-center-our-reimagined-management-experience/Source -https://blogs.msdn.microsoft.com/mvpawardprogram/2018/01/09/just-in-time-access-azure-vms/Azure Security Center is the central security management solution within the Azure landscape. It helps you to prevent, detect and respond to security breaches. There s also one new little feature that helps to prevent security breaches: Just-in-Time Access for Azure VMs. In fact by using it, I dramatically reduced the attack surface to my Azure environment.Azure IaaS architectural overviewLots of Azure environments I have seen so far have one or more RDP jump hosts up and running in an Azure VNet - be it to enable remote access for support partners, or as a fall back level for management access in case the VPN connection is faulty. Those servers should be protected using Network Security Groups (NSG) so access is restricted to only a few IP addresses. NSGs are a set of firewall rules that restrict or allow access to Azure network endpoints, such as VM NICs by opening or closing ports or port ranges for any source IP or a defined set of IP addresses or IP address ranges. It s sad to say that the restriction to only one or some IP addresses is not always implemented. Nevertheless, a typical Azure IaaS environment looks like this:Read more at Source -https://blogs.msdn.microsoft.com/mvpawardprogram/2018/01/09/just-in-time-access-azure-vms/Source -https://blogs.technet.microsoft.com/yuridiogenes/2018/03/24/exploring-the-identity-access-dashboard-in-azure-security-center/In Azure Security Center you can use the Identity Access dashboard to explore more details about your identity posture. In this dashboard you have a snapshot of your identity related activities as shown in the example below:ust by looking at this dashboard you can draw some conclusions, for example, all failed logons were due aninvalid username or password. However, by looking at the accounts underFailed logonssection, I can see that none of these accounts exist in my environment (off course, you need knowledge of the environment to conclude that).This can be an indication that there was attempt to brute force the authentication by trying different username and passwords. But what if this was a large organization, and you just don't know all accounts? The follow up question may be: is it possible to know if it was just the username that was wrong? Yes, there is! Follow the steps below to find out:1. In theIdentity Accessdashboard, click theFailed Logon Reasonschart.2. Log analytics search will open with the result for the following query:SecurityEvent| where AccountType == 'User' and EventID == 4625 and (FailureReason has '2313')Read more at source -https://blogs.technet.microsoft.com/yuridiogenes/2018/03/24/exploring-the-identity-access-dashboard-in-azure-security-center/In this comprehensive overview of the Microsoft 365 Security offering, Brad Anderson (CVP, Enterprise Mobility) shares how he talks to customers about the unique and powerful M365 Security story. Brad offers an in-depth look at identity-driven security, information protection, threat protection, and security management.Brad also speaks at length about how he describes M365, use cases, and he shows over two dozen demos in great detail. These demos include scenarios for Azure AD Identity Protection, Azure Active Directory MFA, Windows Hello, Intune enrollment, accessing/labeling/classifying/tracking sensitive content, Conditional Access, Cloud App Security, Azure ATP, threat remediation/mitigation with Office 365, and Windows Defender just to name a fewsource - https://www.youtube.com/watch?v=8321obNofgMSource -https://cloudblogs.microsoft.com/enterprisemobility/2018/03/15/the-intune-managed-browser-now-supports-azure-ad-sso-and-conditional-access/The Intune Managed Browser application on iOS and Android can now take advantage of SSO to all web apps (SaaS and on-premises) that are Azure AD-connected. When the Microsoft Authenticator app is present on iOS or the Intune Company Portal app on Android, users of the Intune Managed Browser will be able to access Azure AD-connected web apps without having to re-enter their credentials.Let s see how simple this is to have a better sign-in experience on iOS devices!Install the latestIntune Managed Browser. When using the app for the first time, you can take advantage of Single Sign-on by installing the Microsoft Authenticator app. Complete this step.Read more at source -https://cloudblogs.microsoft.com/enterprisemobility/2018/03/15/the-intune-managed-browser-now-supports-azure-ad-sso-and-conditional-access/Source -https://info.microsoft.com/ww-landing-Security-Intelligence-Report-Vol-23-Landing-Page-eBook.htmlLearn about the latest cyberthreats to make sure your company s security keeps up with the evolving threat landscape. The Microsoft Security Intelligence Report Volume 23 analyzes key security trends from the past year and provides actionable recommendations on how you can respond today.Download the latest Security Intelligence Report to learn about the top cyberthreat trends that recently dominated the security landscape:Botnets.These impact millions of machines globally and infect them with old and new forms of malware. Read about one highly publicized botnet disruption, Gamarue, that Microsoft helped defeat.Attacker methods.Attackers have been using low friction methods to infiltrate organizations. Learn about the approaches they re using to take advantage of weaknesses in organizations.Ransomware. Three global outbreaks affected corporate networks, bringing down critical services. The impact from these rapid, destructive attacks was unprecedented in 2017.Read more at souce -https://info.microsoft.com/ww-landing-Security-Intelligence-Report-Vol-23-Landing-Page-eBook.htmlSource -https://azure.microsoft.com/en-us/blog/heuristic-dns-detections-in-azure-security-center/We have heard from many customers about their challenges with detecting highly evasive threats. To help provide guidance, we publishedWindows DNS server logging for network forensicsand the introduction of theAzure DNS Analytics solution. Today, we are discussing some of our more complex, heuristic techniques to detect malicious use of this vital protocol and how these detect key components of common real-world attacks.These analytics focus on behavior that is common to a variety of attacks, ranging from advanced targeted intrusions to the more mundane worms, botnets and ransomware. Such techniques are designed to complement more concrete signature-based detection, giving the opportunity to identify such behavior prior to the deployment of analyst driven rules. This is especially important in the case of targeted attacks, where time to detection of such activity is typically measured in months. The longer an attacker has access to a network, the more expensive the eventual clean-up and removal process becomes. Similarly, while rule-based detection of ransomware is normally available within a few days of an outbreak, this is often too late to avoid significant brand and financial damage for many organizations.These analytics, along with many more, are enabled through Azure Security Center upon enabling the collection of DNS logs on Azure based servers. While this logging requires Windows DNS servers, the detections themselves are largely platform agnostic, so they can run across any client operating system configured to use an enabled server.A typical attack scenarioA bad guy seeking to gain access to a cloud server starts a script attempting to log in by brute force guessing of the local administrator password. With no limit to the number of incorrect login attempts, following several days of effort the attacker eventually correctly guesses the perceived strong password of St@1w@rt.Upon successful login, the intruder immediately proceeds to download and install a malicious remote administration tool. This enables a raft of useful functions, such as the automated stealing of user passwords, detection of credit card or banking details, and assistance in subsequent brute force or Denial-of-Service attacks. Once running, this tool begins periodically beaconing over HTTP to a pre-configured command and control server, awaiting further instruction.This type of attack, while seemingly trivial to detect, is not always easy to prevent. For instance, limiting incorrect login attempts appears to be a sensible precaution, but doing so introduces a severe risk of denial of service through lockouts. Likewise, although it is simple to detect large numbers of failed logins, it is not always easy to differentiate legitimate user activity from the almost continual background noise of often distributed brute force attempts.Read more at source - Source -https://azure.microsoft.com/en-us/blog/heuristic-dns-detections-in-azure-security-center/Source -https://docs.microsoft.com/en-us/azure/active-directory/admin-roles-best-practicesThe security of most or all business assets in the modern organization depends on the integrity of the privileged accounts that administer and manage IT systems. Malicious actors including cyber-attackers often target admin accounts and other elements of privileged access to attempt to rapidly gain access to sensitive data and systems using credential theft attacks. For cloud services, prevention and response are the joint responsibilities of the cloud service provider and the customer. For more information about the latest threats to endpoints and the cloud, see theMicrosoft Security Intelligence Report. This article can help you develop a roadmap toward closing the gaps between your current plans and the guidance described here.Read more at source - Source -https://docs.microsoft.com/en-us/azure/active-directory/admin-roles-best-practicesSource -https://cloudblogs.microsoft.com/enterprisemobility/2018/03/08/improvements-to-the-protection-stack-in-azure-information-protection/We re constantly striving to make the process of protecting information easier and simpler for both users and admins. To help with the initial step in protecting your information, we re happy to announce that starting February 2018 all Azure Information Protection eligible tenants will have Azure Information Protection on by default. Any organization which has Office E3 and above or EMS E3 and above service plans can now get a head start in protecting information through Azure Information Protection.The new version of Office 365 Message Encryption which was announced atMicrosoft Ignite 2017, leveraged the encryption and protection capabilities of Azure Information Protection. We have continued to make significant improvements in the product since it s initial launch and are excited to announce new capabilities in both Office 365 Message Encryption and Azure Information Protection.Protection on by defaultStarting February 2018, Microsoft will enable the protection capability in Azure Information Protection automatically for our new Office 365 E3 or above subscription. Tenant administrators can check the protection status in the Office 365 administrator portal.Read more at source -https://cloudblogs.microsoft.com/enterprisemobility/2018/03/08/improvements-to-the-protection-stack-in-azure-information-protection/Source -https://azure.microsoft.com/en-us/blog/azure-layered-approach-to-physical-security/Physical security refers to how Microsoft designs, builds and operates datacenters in a way that strictly controls physical access to the areas where customer data is stored. Our datacenters are certified to comply with the most comprehensive portfolio of internationally-recognized standards andcertificationsof any cloud service provider. We have an entire division at Microsoft devoted to designing, building and operating the physical facilities supporting Azure. This team is invested in maintaining state-of-the-art physical security.We take a layered approach to physical security. Datacenters managed by Microsoft have extensive layers of protection: access approval, at the facility s perimeter, at the building s perimeter, inside the building, and on the datacenter floor. This layered approach reduces the risk of unauthorized users gaining physical access to data and the datacenter resources.The first layer of physical security starts with requesting access prior to arriving at the datacenter. You must provide a valid business justification for your visit, such as compliance or auditing purposes. All requests are approved on a need-to-access basis by Microsoft employees. This is to help keep the number of individuals needed to complete a task in our datacenters to the bare minimum. Once permissions are granted, an individual only has access to the discrete area of the datacenter based on the approved business justification. Permissions are limited to a certain period of time and expire after the allowed time period.Read more at Source -https://azure.microsoft.com/en-us/blog/azure-layered-approach-to-physical-security/MSDN and TechNet Forums Recognition UpdateFor those of you active on either MSDN or TechNet forums, there will be a new recognition system rolling out on July 14th. Current System...Windows Server 2012 -Active Directory Schema Classes and AttributesSource - http://www.microsoft.com/en-us/download/details.aspx?id=23782 This download contains the classes and attributes in the Active Dir...Network Location Profile Changes From Domain to Public HotfixOn a computer that is running Windows 7 or Windows Server 2008 R2, the network location profile that is selected changes unexpectedly from D...MIM Service Accounts, Groups and Permission Details (MIM and AD Integration) Source: http://social.technet.microsoft.com/wiki/contents/articles/36005.mim-service-accounts-groups-and-permission-details-mim-and...Topologies for Azure AD ConnectSource - https://azure.microsoft.com/en-in/documentation/articles/active-directory-aadconnect-topologies/ Here is article from Andreas Kje...How to Restore Objects from Azure Recycle BinSource - http://social.technet.microsoft.com/wiki/contents/articles/35910.how-to-restore-objects-from-azure-recycle-bin.aspx Azure Recycle...Active Directory Vulnerability Disclosure Aorato s BlogSource - http://www.aorato.com/blog/active-directory-vulnerability-disclosure-weak-encryption-enables-attacker-change-victims-password-witho...Test Lab Guide: Windows Server 2012 Base ConfigurationSource - http://www.microsoft.com/en-us/download/details.aspx?id=29010 This Microsoft Test Lab Guide (TLG) provides step-by-step instructi...Microsoft Master Certifications (MCA, MCM, MCSA) are RetiringSource - http://blogs.technet.com/b/neiljohn/archive/2013/08/31/retiring-the-microsoft-master-certifications-and-training.aspx We are cont...What s New in Exchange 2013 PreviewSource - http://technet.microsoft.com/en-us/library/jj150540(v=exchg.150).aspx Microsoft Exchange Server 2013 Preview brings a new rich se...

TAGS:Santhosh Sivarajan Blog 

<<< Thank you for your visit >>>

Hot Websites