Azure Official Terraform Module for Azure Naming convention


Azure Official Terraform Module for Azure Naming convention


Good News
A few hours back Microsoft released the first official Terraform Module for Azure Naming convention.

This module helps you to keep consistency on your resources names for Terraform The goal of this module it is that for each resource that requires a name in Terraform you would be easily able to compose this name using this module and this will keep the consistency in your repositories.

from 3tallah’s Blog https://ift.tt/2Vfo6dK

MS-500 Microsoft 365 Security Administration Exam Preparation

MS-500 Microsoft 365 Security Administration Exam Preparation

I’ve recently joined a Facebook group for Microsoft cloud technologies and notice that many people are looking to take this exam (MS-500: Microsoft 365 Security Administration Certification) which has just passed and added a new badge to my Acclaim (Microsoft 365 Certified: Security Administrator Associate), while the original preparation guide available on the exam registration page (link) as well as my previous blog about (Microsoft 365 Fundamentals 4 hours Learning Path), I thought that I can add some more deep insights to target the core exam objectives that needed to be addressed. Below I’m sharing with you the preparation notes and the current objectives as of the time of posting exam, along with resources that should help you prepare.

However, for starters, I would recommend taking the fundamentals first. by considering MS-900 and MS-101 if you have the time, But if you haven’t – or you just decide to go for it, then better to give it a try by hands-on experiences on Microsoft E5 security bundle like (Windows Defender ATP, Office 365 ATPs, AIP & Unified Labeling, DLP, PIM, Intune or Cloud App Security just get your Microsoft E5 trial tenant using this (link) and get into the deep dive and technologies details

Domains Covered in MS-500 Exam 

This exam measures your ability to accomplish the following technical tasks:

  • Implement and manage identity and access (30-35%)
  • Implement and manage threat protection (20-25%)
  • Implement and manage information protection (15-20%)
  • Manage governance and compliance features in Microsoft 365 (25-30%)

Exam Core topics 

URL

Title

Description

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#mfa-service-settings

Configure Azure Multi-Factor Authentication – Azure Active Directory

Learn how to configure settings for Azure Multi-Factor Authentication in the Azure portal

https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/location-condition

Location condition in Azure Active Directory Conditional Access

Learn how to use the location condition to control access to your cloud apps based on a user’s network location.

https://docs.microsoft.com/en-us/azure/active-directory/devices/device-management-azure-portal

How to manage devices using the Azure portal

Learn how to use the Azure portal to manage devices.

https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-device-writeback

Azure AD Connect: Enabling device writeback

This document details how to enable device writeback using Azure AD Connect

https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-user-risk-policy

Risk policies – Azure Active Directory Identity Protection

Enable and configure risk policies in Azure Active Directory Identity Protection

https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins

Sign-in activity reports in the Azure Active Directory portal

Introduction to sign-in activity reports in the Azure Active Directory portal

https://docs.microsoft.com/en-us/azure/active-directory/users-groups-roles/groups-lifecycle

Set expiration for Office 365 groups – Azure Active Directory

How to set up expiration for Office 365 groups in Azure Active Directory

https://docs.microsoft.com/en-us/azure/information-protection/configure-policy-protection

Configure an Azure Information Protection label for protection – AIP

You can protect your most sensitive documents and emails when you configure a label to use Rights Management protection.

https://docs.microsoft.com/en-us/azure/information-protection/prepare

Prepare users and groups for Azure Information Protection

Check that you have the user and group accounts that you need to start classifying, labeling, and protecting your organization’s documents and emails.

https://docs.microsoft.com/en-us/azure/security/fundamentals/steps-secure-identity

Secure your Azure AD identity infrastructure – Azure Active Directory

This document outlines a list of important actions administrators should implement to help them secure their organization using Azure AD capabilities

https://docs.microsoft.com/en-us/exchange/policy-and-compliance/ediscovery/ediscovery?view=exchserver-2019

In-Place eDiscovery in Exchange Server

Summary: Learn about In-Place eDiscovery in Exchange Server 2016 and Exchange Server 2019.

https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/apply-retention-policy#use-the-eac-to-apply-a-retention-policy-to-multiple-mailboxes

Apply a retention policy to mailboxes

You can use retention policies to group one or more retention tags and apply them to mailboxes to enforce message retention settings. A mailbox can’t have more than one retention policy.

https://docs.microsoft.com/en-us/exchange/security-and-compliance/messaging-records-management/create-a-retention-policy#step-2-create-a-retention-policy

Create a Retention Policy

In Exchange Online, you can use retention policies to manage email lifecycle. Retention policies are applied by creating retention tags, adding them to a retention policy, and applying the policy to mailbox users.

https://docs.microsoft.com/en-us/mem/intune/apps/app-protection-policy

App protection policies overview – Microsoft Intune

Learn how Microsoft Intune app protection policies help protect your company data and prevent data loss.

https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-windows-10#reporting-and-telemetry

Device restriction settings for Windows 10 in Microsoft Intune – Azure

See a list of all the settings and their descriptions for creating device restrictions on Windows 10 and later devices. Use these settings in a configuration profile to control screenshots, password requirements, kiosk settings, apps in the store, Microsoft Edge browser, Microsoft Defender, access to the cloud, start menu, and more in Microsoft Intune.

https://docs.microsoft.com/en-us/mem/intune/protect/advanced-threat-protection

Use Microsoft Defender ATP in Microsoft Intune – Azure

Use Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) with Intune, including setup and configuration, onboarding of your Intune devices with ATP, and then use a devices ATP risk assessment with your Intune device compliance and conditional access policies to protect network resources.

https://docs.microsoft.com/en-us/mem/intune/protect/conditional-access-integrate-jamf

Integrate Jamf Pro with Microsoft Intune for compliance – Microsoft Intune

Use Microsoft Intune compliance policies with Azure Active Directory Conditional Access to help integrate and secure Jamf-managed devices.

https://docs.microsoft.com/en-us/mem/intune/protect/endpoint-protection-windows-10

Protection settings for Windows 10 devices in Microsoft Intune – Azure

On Windows 10 devices, use or configure endpoint protection settings to enable Microsoft Defender features, including Application Guard, Firewall, SmartScreen, encryption and BitLocker, Exploit Guard, Application Control, Security Center, and security on local devices in Microsoft Intune.

https://docs.microsoft.com/en-us/microsoft-365/admin/security-and-compliance/set-up-multi-factor-authentication?view=o365-worldwide

Set up multi-factor authentication for users – Microsoft 365 admin

Learn how to set up multi-factor authentication for your organization.

https://docs.microsoft.com/en-us/microsoft-365/compliance/supervision-policies?view=o365-worldwide

Supervision policies – Microsoft 365 Compliance

Learn about using supervision policies in Microsoft 365 to capture employee communications for examination by designated reviewers.

https://docs.microsoft.com/en-us/microsoft-365/compliance/use-your-free-azure-ad-subscription-in-office-365?view=o365-worldwide

Use your free Azure Active Directory subscription – Microsoft 365 Compliance

Learn how to access Azure Active Directory, which is included in your organization’s paid subscription.

https://docs.microsoft.com/en-us/microsoft-365/compliance/what-the-dlp-policy-templates-include?view=o365-worldwide

What the DLP policy templates include – Microsoft 365 Compliance

Data loss prevention (DLP) in the Security & Compliance Center includes ready-to-use policy templates that address common compliance requirements, such as helping you to protect sensitive information subject to the U.S. Health Insurance Act (HIPAA), U.S. Gramm-Leach-Bliley Act (GLBA), or U.S. Patriot Act. This topic lists all of the policy templates, what types of sensitive information they look for, and what the default conditions and actions are.

https://docs.microsoft.com/en-us/microsoft-365/compliance/working-with-compliance-manager?view=o365-worldwide

Work with Microsoft Compliance Manager (Preview) – Microsoft 365 Compliance

Microsoft Compliance Manager is a free workflow-based risk assessment tool. Use it to track, assign, and verify regulatory compliance activities related to Microsoft products.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/attack-simulator?view=o365-worldwide

Attack Simulator in ATP – Office 365

Learn how to use Attack Simulator to run simulated phishing and password attacks in your Microsoft 365 E5 or ATP Plan 2 organization.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/dynamic-delivery-and-previewing?view=o365-worldwide

Dynamic Delivery and previewing with ATP Safe Attachments – Office 365

When you set up your ATP safe attachments policies, you choose Dynamic Delivery to avoid message delays and enable people to preview attachments that are being scanned.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/integrate-office-365-ti-with-wdatp?view=o365-worldwide

Integrate Office 365 ATP with Microsoft Defender ATP – Office 365

Integrate Office 365 Advanced Threat Protection with Microsoft Defender Advanced Threat Protection to see more detailed threat management information.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/manage-quarantined-messages-and-files?view=o365-worldwide

Manage quarantined messages and files as an admin – Office 365

Admins can learn how to view and manage quarantined messages for all users in Exchange Online Protection (EOP). Admins in organizations with Office 365 Advanced Threat Protection (Office 365 ATP) can also manage quarantined files in SharePoint Online, OneDrive for Business, and Microsoft Teams.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/permissions-in-the-security-and-compliance-center?view=o365-worldwide

Permissions – Microsoft 365 Security & Compliance Center – Office 365

Admins can learn about the permissions that are available in the Microsoft 365 Security & Compliance Center.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-a-custom-blocked-urls-list-atp?view=o365-worldwide

Set up a custom blocked URLs list using ATP Safe Links – Office 365

Learn how to set up a list of blocked URLs for your organization using Office 365 Advanced Threat Protection.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-anti-phishing-policies?view=o365-worldwide

Anti-phishing policies – Office 365

Admins can learn about the anti-phishing policies that are available in Exchange Online Protection (EOP) and Office 365 Advanced Threat Protection (Office 365 ATP).

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/set-up-atp-safe-links-policies?view=o365-worldwide

Set up Office 365 ATP Safe Links policies – Office 365

Set up Safe Links policies to protect your organization from malicious links in Word, Excel, PowerPoint, and Visio files, as well as in email messages.

https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/view-reports-for-atp?view=o365-worldwide#what-permissions-are-needed-to-view-the-atp-reports

View reports for Advanced Threat Protection – Office 365

Find and use reports for Office 365 Advanced Threat Protection in the Security & Compliance Center.

https://docs.microsoft.com/en-us/office365/enterprise/fix-problems-with-directory-synchronization

Fixing problems with directory synchronization for Microsoft 365

Describes common causes of problems with directory synchronization in Office 365 and provides a few methods to help troubleshoot and resolve them.

https://docs.microsoft.com/en-us/office365/enterprise/view-service-health

How to check Microsoft 365 service health

View the health status of Microsoft 365 services before you call support to see if there is an active service interruption.

https://docs.microsoft.com/en-us/onedrive/user-external-sharing-settings

Change the external sharing setting for a user’s OneDrive – OneDrive

Learn how to change the OneDrive external sharing setting for a user in the Microsoft 365 admin center.

https://docs.microsoft.com/en-us/powershell/module/exchange/set-auditconfig?view=exchange-ps

Set-AuditConfig

You need to be assigned permissions in the Security & Compliance Center before you can use this cmdlet. For more information, see Permissions in the Security & Compliance Center.

https://docs.microsoft.com/en-us/powershell/module/exchange/set-mailbox?view=exchange-ps

Set-Mailbox

You can use this cmdlet for one mailbox at a time. To perform bulk management, you can pipeline the output of various Get- cmdlets (for example, the Get-Mailbox or Get-User cmdlets) and configure several mailboxes in a single-line command. You can also use the Set-Mailbox cmdlet in scripts. You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they’re not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

https://sharepointmaven.com/how-to-set-a-retention-policy-on-a-sharepoint-site/

How to set a Retention Policy on a SharePoint site – SharePoint Maven

If you are looking for an explanation and instructions on how to set up a Retention Policy on a SharePoint site – this article will help.

https://support.microsoft.com/en-us/office/create-and-manage-sensitivity-labels-2fb96b54-7dd2-4f0c-ac8d-170790d4b8b9?ui=en-us&rs=en-us&ad=us

Create and manage sensitivity labels – Office Support

Sensitivity labels allow you to classify and protect content that is sensitive to your business. Learn how to create a sensitivity label and make it available to your users.

https://support.microsoft.com/en-us/office/overview-of-data-loss-prevention-in-sharepoint-server-2016-80f907bb-b944-448d-b83d-8fec4abcc24c?ui=en-us&rs=en-us&ad=us

Overview of data loss prevention in SharePoint Server 2016 – SharePoint

Learn how you can use data loss prevention (DLP) features such as DLP queries and DLP policies to identify, monitor, and automatically protect your sensitive information from inadvertent leaks.

https://support.microsoft.com/en-us/office/protect-against-phishing-attempts-in-microsoft-365-86c425e1-1686-430a-9151-f7176cce4f2c?ui=en-us&rs=en-us&ad=us#ID0EAABAAA=Try_it

Protect against phishing attempts in Microsoft 365 – Office Support

Protect your email from phishing attacks by setting up ATP anti-phishing in Microsoft 365 Business and Enterprise.

https://support.pingidentity.com/s/article/PingOne-How-to-troubleshoot-an-AD-Connect-Instance

PingOne: How to troubleshoot an AD Connect Instance

Helpful information for an Administrator that is troubleshooting AD Connect. Includes information on how to review the log data in Event Viewer and how to use the config.aspx page.

https://www.maadarani.com/office-365-classification-and-retention-labels/

Office 365: Classification and Retention Labels – O365 Mike Office 365: Classification and Retention Labels – O365 Mike

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/atp-advanced-audit-policy

Azure Advanced Threat Protection Advanced Audit Policy check

This article provides an overview of Azure ATP’s Advanced Audit Policy check.

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-event-forwarding

Configure Windows Event Forwarding in Azure Advanced Threat Protection

Describes your options for configuring Windows Event Forwarding with Azure ATP

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/configure-port-mirroring

Configure Port Mirroring when deploying Azure Advanced Threat Protection

Describes port mirroring options and how to configure them for Azure ATP

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step5

Configure Azure ATP sensor settings conceptual

Step five of installing Azure ATP helps you configure settings for your Azure ATP standalone sensor.

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/install-atp-step6-vpn

Install Azure Advanced Threat Protection VPN Integration

Collect accounting information for Azure ATP by integrating a VPN.

https://docs.microsoft.com/en-us/azure-advanced-threat-protection/workspace-portal

Understanding the Azure Advanced Threat Protection portal

Describes how to log into the Azure ATP portal and the components of the portal

https://docs.microsoft.com/en-us/cloud-app-security/activity-filters

Visibility into cloud app activities – Cloud App Security

This article provides a list of activities, filters and match parameters that can be applied to activity policies.

https://docs.microsoft.com/en-us/cloud-app-security/file-filters

Understanding file data and filters available in Cloud App Security

This reference article provides information about the types of files and file filters used by Cloud App Security.

https://docs.microsoft.com/en-us/cloud-app-security/session-policy-aad

Create session policies in Cloud App Security

This article describes the procedure for setting up a Cloud App Security Conditional Access App Control session policy gain deep visibility into user session activities and block downloads using reverse proxy capabilities.

https://docs.microsoft.com/en-us/exchange/permissions-exo/permissions-exo

Permissions in Exchange Online

Exchange Online in Office 365 includes a large set of predefined permissions, based on the Role Based Access Control (RBAC) permissions model, which you can use right away to easily grant permissions to your administrators and users. You can use the permissions features in Exchange Online so that you can get your new organization up and running quickly.

https://docs.microsoft.com/en-us/microsoft-365/compliance/alert-policies?view=o365-worldwide

Alert policies in the security and compliance centers – Microsoft 365 Compliance

Create alert policies in the security and compliance center in Office 365 and Microsoft 365 to monitor potential threats, data loss, and permissions issues.

https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-labels-to-personal-data-in-office-365?view=o365-worldwide

Apply labels to personal data – Microsoft 365 Compliance

Learn how to use Office labels as part of your General Data Protection Regulation (GDPR) protection plan.

https://docs.microsoft.com/en-us/microsoft-365/compliance/apply-sensitivity-label-automatically?view=o365-worldwide

Apply a sensitivity label to content automatically – Microsoft 365 Compliance

When you create a sensitivity label, you can automatically assign a label to a document or email, or you can prompt users to select the label that you recommend.

https://docs.microsoft.com/en-us/microsoft-365/compliance/assign-ediscovery-permissions?view=o365-worldwide

Assign eDiscovery permissions in the Security & Compliance Center – Microsoft 365 Compliance

Assign the permissions required to perform eDiscovery-related tasks using the Security & Compliance Center.

https://docs.microsoft.com/en-us/microsoft-365/compliance/content-search?view=o365-worldwide

Content Search – Microsoft 365 Compliance

Use the Content Search tool in the compliance center in Office 365 or Microsoft 365 to search for content in a variety of Office 365 services.

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-activity-alerts?view=o365-worldwide

Create activity alerts – Microsoft 365 Compliance

Add and manage activity alerts in the Security & Compliance Center so that Microsoft 365 will send you email notifications when users perform specific activities

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-report-on-and-delete-multiple-content-searches?view=o365-worldwide

Create, report on, and delete multiple Content Searches – Microsoft 365 Compliance

Learn how to automate Content Search tasks like creating searches and running reports via PowerShell scripts in the Security & Compliance Center in Office 365.

https://docs.microsoft.com/en-us/microsoft-365/compliance/create-test-tune-dlp-policy?view=o365-worldwide

Create, test, and tune a DLP policy – Microsoft 365 Compliance

In this article, you’ll learn how to create, test, and tune a DLP policy according to your organizational needs.

https://docs.microsoft.com/en-us/microsoft-365/compliance/data-loss-prevention-policies?view=o365-worldwide

Overview of data loss prevention – Microsoft 365 Compliance

With a data loss prevention (DLP) policy in the Security & Compliance Center, you can identify, monitor, and automatically protect sensitive information across Office 365.

https://docs.microsoft.com/en-us/microsoft-365/compliance/enable-mailbox-auditing?view=o365-worldwide

Manage mailbox auditing – Microsoft 365 Compliance

Mailbox audit logging is turned on by default (also called default mailbox auditing or mailbox auditing on by default). This means that certain actions performed by mailbox owners, delegates, and admins are automatically logged in a mailbox audit log, where you can search for activities performed on the mailbox.

https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/set-spotenant?view=sharepoint-ps

Set-SPOTenant

You can use the Set-SPOTenant cmdlet to enable external services and to specify the versions in which site collections can be created. You can also use the Set-SPOSite cmdlet together with the Set-SPOTenant cmdlet to block access to a site in your organization and redirect traffic to another site. You must be a SharePoint Online administrator or Global Administrator to run the cmdlet.

https://docs.microsoft.com/en-us/sharepoint/control-access-from-unmanaged-devices

Control access from unmanaged devices – SharePoint in Microsoft 365

Learn how to block or limit access to SharePoint and OneDrive content on devices that aren’t compliant or joined to a domain.

https://docs.microsoft.com/en-us/sharepoint/turn-external-sharing-on-or-off

Manage sharing settings – SharePoint in Microsoft 365

Learn how global and SharePoint admins can change the organization-level sharing settings for SharePoint and OneDrive in Microsoft 365.

https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-groups

Create and manage machine groups in Microsoft Defender ATP – Windows security

Create machine groups and set automated remediation levels on them by confiring the rules that apply on the group

https://docs.microsoft.com/en-us/windows-server/remote/remote-access/vpn/ad-ca-vpn-connectivity-windows10

Conditional access for VPN connectivity using Azure AD

In this optional step, you can fine-tune how authorized VPN users access your resources using Azure Active Directory (Azure AD) conditional access.

https://events.collab365.community/configure-data-loss-prevention-policies-in-exchange-online-in-office-365/

Configure Data Loss Prevention policies in Exchange Online in Office 365 – Collab365 Events

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/privileged-identity-management/pim-how-to-change-default-settings.md

azure-docs/pim-how-to-change-default-settings.md at master · MicrosoftDocs/azure-docs · GitHub

Open source documentation of Microsoft Azure. Contribute to MicrosoftDocs/azure-docs development by creating an account on GitHub.

https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/active-directory/users-groups-roles/groups-dynamic-membership.md

azure-docs/groups-dynamic-membership.md at master · MicrosoftDocs/azure-docs · GitHub

Open source documentation of Microsoft Azure. Contribute to MicrosoftDocs/azure-docs development by creating an account on GitHub.

https://help.bittitan.com/hc/en-us/articles/115008104507-How-do-I-assign-the-elevated-admin-role-Organization-Management-to-the-account-that-is-performing-a-Public-Folder-migration-

How do I assign the elevated admin role ‘Organization Management’ to the account that is performing a Public Folder migration? – BitTitan Help Center

​How do I assign the elevated admin role ‘Organization Management’ to the administrative account that is performing a Public Folder…

https://lazyadmin.nl/office-365/how-to-setup-mfa-in-office-365/

How-to Setup Multi-Factor Authentication in Office 365 — LazyAdmin

Howto enable Office 365 MFA, tips on rolling it out in your organisation and Office 365 MFA License details explained.

https://docs.microsoft.com/en-us/microsoft-365/compliance/export-search-results?view=o365-worldwide

Export Content Search results – Microsoft 365 Compliance

Export the search results from a Content Search in the Security & Compliance Center to a local computer. Email results are exported as PST files. Content from SharePoint and OneDrive for Business sites are exported as native Office documents.

https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide

Get started with core eDiscovery cases in Microsoft 365 – Microsoft 365 Compliance

This article describes how to get started using core eDiscovery in Microsoft 365. After you assign eDiscovery permissions and create a case, you can add members, create eDiscovery holds, and then search for and export data that’s relevant to your investigation.

https://docs.microsoft.com/en-us/microsoft-365/compliance/get-started-core-ediscovery?view=o365-worldwide#step-4-place-content-locations-on-hold

Get started with core eDiscovery cases in Microsoft 365 – Microsoft 365 Compliance

This article describes how to get started using core eDiscovery in Microsoft 365. After you assign eDiscovery permissions and create a case, you can add members, create eDiscovery holds, and then search for and export data that’s relevant to your investigation.

https://docs.microsoft.com/en-us/microsoft-365/compliance/keyword-queries-and-search-conditions?view=o365-worldwide

Keyword queries and search conditions for Content Search – Microsoft 365 Compliance

Learn about email and file properties that you can search in Exchange Online mailboxes and in SharePoint or OneDrive for Business sites using the Content Search tool in the Security & Compliance Center.

https://docs.microsoft.com/en-us/microsoft-365/compliance/labels?view=o365-worldwide

Learn about retention labels – Microsoft 365 Compliance

Learn how retention labels classify data across your organization for governance, and enforce retention rules based on that classification. You can also use retention labels to implement a records management solution for Microsoft 365.

https://docs.microsoft.com/en-us/microsoft-365/compliance/manage-gdpr-data-subject-requests-with-the-dsr-case-tool?view=o365-worldwide#more-information-about-using-the-dsr-case-tool

Manage GDPR data subject requests with DSR case tool in Security & Compliance Center – Microsoft 365 Compliance

The GDPR gives EU citizens (called data subjects) specific rights to their personal data; these rights include obtaining copies of it, requesting changes to it, restricting the processing of it, deleting it, or receiving it in an electronic format. A formal request by a data subject to take an action on their personal data is called a Data Subject Request or DSR. You can use DSR Cases in the compliance center in Office 365 and Microsoft 365 to manage your organization’s DSR investigations.

https://docs.microsoft.com/en-us/microsoft-365/compliance/meet-data-protection-and-regulatory-reqs-using-microsoft-cloud?view=o365-worldwide

Meet data protection and regulatory requirements with Compliance Manager for Microsoft cloud services – Microsoft 365 Compliance

The Compliance Manager in the Microsoft Service Trust Portal provides tools to track, implement, and manage the controls to help your organization reach compliance with security and data protection industry standards (such as GDPR, ISO 27001 and 27018, and HIPAA) when measured against Microsoft cloud services, such as Office 365 and Microsoft Azure. The Compliance Manager helps the person who oversees the data protection and privacy strategy for your organization manage your compliance and risk assessment process.

https://docs.microsoft.com/en-us/microsoft-365/compliance/retention-policies?view=o365-worldwide

Learn about retention policies to automatically retain or delete content – Microsoft 365 Compliance

Use a retention policy to decide proactively whether to retain content, delete content, or both – retain and then delete the content; apply a single policy to the entire organization or specific locations or users; and apply a policy to all content or content meeting specific conditions.

https://docs.microsoft.com/en-us/microsoft-365/compliance/search-the-audit-log-in-security-and-compliance?view=o365-worldwide

Search the audit log in the Security & Compliance Center – Microsoft 365 Compliance

Use the Security & Compliance Center to search the unified audit log to view user and administrator activity in your organization.

https://docs.microsoft.com/en-us/microsoft-365/compliance/sensitivity-labels?view=o365-worldwide

Learn about sensitivity labels – Microsoft 365 Compliance

Use sensitivity labels from the Microsoft Information Protection framework to classify and protect your organization’s data, without hindering user productivity and collaboration.

Also, please share the post within your circles so it helps them to prepare for the exam.

The free online CSS cleaner tool helps you to organize style files for websites.

from 3tallah’s Blog https://ift.tt/3hqVvM0

Free Microsoft 365 Fundamentals 4 hours Learning Path


Microsoft 365 Fundamentals 4 hours Learning Path.

Microsoft 365 is a productivity cloud that delivers innovative and intelligent experiences, rich organizational insights, and a trusted platform to help people and organizations get more done. Learn how it supports your organization’s digital transformation.

  • Modules: 9
  • Target: Beginner, Administrator, Microsoft 365 Engineer
  • Prerequisites: Basic understanding of cloud computing.

Modules in this learning path

  1. What is Microsoft 365?
  2. Introduction to Microsoft 365 core services and features
  3. Introduction to teamwork in Microsoft 365
  4. Move to a modern desktop with Microsoft 365
  5. Introduction to Microsoft 365 unified endpoint management
  6. Introduction to security in Microsoft 365
  7. Introduction to compliance tools in Microsoft 365
  8. Manage your Microsoft 365 subscription
  9. Select a cloud deployment model

Join using this link

from 3tallah’s Blog https://ift.tt/3diOHgU

For a limited time, Microsoft is offering a free six-month for M365 Business Basic plan

In response to the increased need for employees to work from home (WFH) in response to the COVID-19 (coronavirus) outbreak, Microsoft offers small businesses six free months of Microsoft 365 Business Basic, allowing them to cope with the increasing need to communicate virtually with their customers. However, the offer is only valid for new subscriptions. Microsoft announced the limited-time offer on its Community website
As small businesses adapt to the increased need to have people work remotely and connect with their customers virtually, new subscribers to Microsoft 365 Business Basic can get the first six months free of charge. Get a custom email domain, access to Office web apps (Outlook, Word, Excel, and more), cloud storage, and host meetings with up to 250 people via Teams.
 
Microsoft 365 Business Basic features
 
 
 
  • [noalt]

    Email and calendars

    Get business-class email with a 50 GB mailbox per user and send attachments up to 150 MB.

  • [noalt]

    Office apps

    Access always up-to-date web versions of Office apps, including Outlook, Word, Excel, PowerPoint, and OneNote on up to five phones and five tablets.4

  • [noalt]

    Professional-looking email

    Use your own custom domain name, such as yourname@yourcompany.com.

  • [noalt]

    Phone and online support

    Get help anytime with around-the-clock phone and web support from Microsoft.

  • [noalt]

    Information protection

    Control who and when someone has access to your business information with security groups and custom permissions.

  • [noalt]

    1 TB secure cloud storage

    Get 1 TB of OneDrive cloud storage per user, to edit and share documents from anywhere, on all your devices.

  • [noalt]

    Easy collaboration

    Real-time coauthoring so multiple users can work in the same document simultaneously.

  • [noalt]

    Simplified management

    Set up new user emails, restore deleted accounts, create custom scripts, and more, from anywhere.

  • [noalt]

    Enterprise-grade security

    Get end-to-end security, administrative control, and compliance—all powered by Microsoft 365.

  • [noalt]

    Compliant with standards

    Meets key international, regional, and industry-specific standards and terms, with more than 1,000 security and privacy controls.

 

Get started today with six months free

from 3tallah’s Blog https://ift.tt/2zjs5y9

Join Our Telegram channel for your must-read Microsoft Cloud technologies coverage



Join Our Telegram channel for your must-read Microsoft Cloud technologies coverage


Would you like some of our coverage with key information on the Microsoft Could Technologies for free each day?

We will send you a maximum of three stories every weekday.


I already have a Telegram. How do I join the  Microsoft Could KT channel?

Join the Microsoft Could KT channel (https://t.me/MicrosoftCloud_KT)


I don’t use Telegram. What do I need to do?

1. Click this link on your phone to create a new account.

2. Search for “Microsoft Could KT“ or join the channel here

You need to download the app to your phone, and then follow the instructions. There are versions for all the main systems – iPhone, Android, and Windows.


Can I stop the service?

Yes, tap the “info” icon on top of your channel screen and click on “delete and exit”.


What about my phone number?

Telegram does not allow the MSKT access to users’ phone numbers — only names.

MSKT maintains the highest standards of data protection and we will only use this information for the purposes of administering the Telegram channel.

 

from 3tallah’s Blog https://ift.tt/2TBZjQ0

#MicrosoftTeams! is coming in June! with 3×3 video 9 participants at a time.

It’s coming in June! 3×3 video in #MicrosoftTeams! Best Message Center announcement this week!


The much-requested feature of more than 4 video feeds at one time should start rolling out in late April, and finish by early May.

Based on recent feedback, Microsoft is accelerating to increase the number of participants shown in the main meeting window.


Microsoft today announced that 3X3 gallery view support is coming to Teams later this month (late April). With this support, you can see 9 participants at a time.


For the recent MS Teams updates and announcement, please refer to the below link:

https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=63341

#conference #Cloud #collaborationsolutions #wfh #remotework #covid19 #staysafe #msteams #msftadvocate

from 3tallah’s Blog https://ift.tt/3cmNapu

Migrate Windows Virtual Desktop to the new WVD ARM Portal Spring Release 2020


Just had a chance to try that Awesome tool developed by Marcel Meurer to #migrate one of our customer Windows Virtual Desktop Environment from #WVD Fall to Spring with a few clicks, I was thinking about how can we move existing host pools to the new ARM-based Management UI to the new a full ARM which is natively in the Azure Portal.
Even with the new WVD ARM Portal you still require that Awesome tool to benefit of the following
  • Administrate all resources with a Windows GUI
  • Create “golden images” from template/master VMs
  • Rollout several session hosts into differents host pools (in both WVD releases)
  • Re-use you created WVDAdmin images without any change
  • Higher flexibility rolling out new session hosts in different ways (you can use different VMSizes and images in one host pool)
  • Easy to use user administration to send messages, logoff, disconnect or shadowing users over the full environment (filterable)
For Step by Step Guide and Downloading the tools please refer to the below link.

from 3tallah’s Blog https://ift.tt/3fDRpin

MS Major update Announcement: New My Apps and My Account Portal Experiences


MS Major update Announcement: New My Apps and My Account Portal Experiences


Based on customer feedback and votes Microsoft planned for developing a new design for My Apps portal, and right now this portal is available for all customer to migrate their users and start experiencing the new portal before automatically switched over on July 20th 2020.

Please note that the updated My Apps and My Account offer the same functionality as the current experiences, but with an improved user interface on top of new capabilities to enable your users to be productive.

How does this affect me?
If your organization’s users are using the current Apps experience for app launching or Profile for account management, you should notify them of the upcoming change. Additionally, we recommend you turn on the new My Apps experience in the Azure portal as soon as possible to give users the opportunity to try out the updated user interface. Turning on the new My Apps experience will allow your users to access the new My Account experience from My Apps.

On July 20th 2020, users will no longer be able to access the current Apps or Profile experiences and will be automatically redirected to the updated My Apps and My Account experiences.

Previous Apps experience:

 MS Major update Announcement: New My Apps and My Account Portal Experiences

New Apps experience:

 MS Major update Announcement: New My Apps and My Account Portal Experiences

Previous Profile experience:

 MS Major update Announcement: New My Apps and My Account Portal Experiences

New Profile experience:

 MS Major update Announcement: New My Apps and My Account Portal Experiences

What do I need to do to prepare for this change?
We recommend you migrate your users to the updated experiences prior to the July date. Please note that you can do so via staged rollout by allowing a certain group of users to access the updated experiences prior to migrating all users. If you’d like to provide additional guidance to your users about this update, we hope you find the following resources helpful.
For turning on the new My Apps experience:

For communicating the update to your users:

from 3tallah’s Blog https://ift.tt/2VFl0Am

BUILD HIGH AVAILABLE REMOTE DESKTOP GATEWAY INTEGRATED WITH AZURE MFA

    •  
     

    Build High Available Remote Desktop Gateway integrated with Azure MFA

    Implemented parts

    The following parts have been implemented:

    • On-Premises Infrastructure
    1. Microsoft Windows Server 2016 Standard Edition (3 Servers)
    2. A Highly Available Load Balanced RD Gateway Server Farm (RDG).
    3. Network Policy Server (Centralized NPS).
    • Enterprise Mobility + Security E3
    1. Microsoft Azure Multi-Factor Authentication

    Solution Requirements

    Prerequisites

    • Remote Desktop Gateway (RD Gateway) infrastructure
    • Azure MFA License
    • Windows Server software
    • Network Policy and Access Services (NPS) role
    • Azure Active Directory synched with on-premises Active Directory
    • Azure Active Directory GUID ID

    Network requirements

    The following table shows the required ports between RD Gateway, NPS Server, Internal network and WAN, and these ports must be opened for outbound and inbound

    Source Destination Protocol/Port
    Internet Gateway WAN NIC TCP: 443, 80

    UDP: 3391 (You have to enable UDP on the RD Gateway)Gateway LAN NICInternal networkTCP / UDP: 3389

    TCP: 5504

    TCP: 5985Gateway LAN NICDomain ControllersTCP / UDP: 88

    TCP: 135

    UDP: 123

    UDP 137

    TCP: 139

    TCP / UDP: 389

    TCP: 3268

    TCP / UDP: 53

    TCP / UDP: 445

    TCP: 5985

    TCP Dynamic Ports (NTDS RPC service)RD GatewayNPS ServerUDP: 1812

    UDP: 1813RD GatewayPerimeter network, should be opened for allowing HTTPS traffic from the client sitting on the Internet to the RD Gateway server in the perimeter network.TCP/ 443, 80

    Certificate requirements

    Public Certificate will be required that should contain the following SAN Names.

    Item

    SAN Names

    Domain Certificate

    RDS.3TALLAH.COM

    System requirements

    The following table shows the required subscription and license that should be provided by the time of the deployment:

    Product Name

    QTY

    Microsoft 365 subscription (E3 plan) or equivalent (MFA License)

    All users

    Microsoft Windows Server 2016 Standard Edition

    3

    The following table summarizes Microsoft products that will be deployed

    Product Name

    QTY

    Microsoft Windows Server 2016 Standard Edition

    3

    Network Policy and Access Services (NPS) role

    2

    Remote Desktop Gateway (RD Gateway) infrastructure

    2

    Authentication Flow

    1. F5 or any load balancer receives an Access request from a remote desktop user.
    2. F5 or any load balancer route the request to one of the RD Gateway serves.
    3. The Remote Desktop Gateway server receives an authentication request to connect to a resource, such as a Remote Desktop session. Acting as a RADIUS client, the Remote Desktop Gateway server converts the request to a RADIUS Access-Request message and sends the message to the RADIUS (NPS) server where the NPS extension is installed.
    4. The username and password combination are verified in Active Directory and the user is authenticated.
    5. If all the conditions as specified in the NPS Connection Request and the Network Policies are met (for example, time of day or group membership restrictions), the NPS extension triggers a request for secondary authentication with Azure MFA.
      1. Azure MFA communicates with Azure AD, retrieves the user’s details, and performs the secondary authentication using supported methods.
      2. Upon success of the MFA challenge, Azure MFA communicates the result to the NPS extension.
      3. The NPS server, where the extension is installed, sends a RADIUS Access-Accept message for the RD CAP policy to the Remote Desktop Gateway server.
    6. The user is granted access to the requested network resource through the RD Gateway.

    Deploy High-Available RD Gateway Server Farm

    Remote Desktop Gateway Server enables users to connect to remote computers on a corporate network from any external computer. The RD Gateway uses the Remote Desktop Protocol & the HTTPS Protocol to create a secure encrypted connection.

    RD Gateway server uses port 443 (HTTPS), which provides a secure connection using a Secure Sockets Layer (SSL) tunnel.

    Accounts

    All the following accounts have been used.

    Account or group name Source Description
    Guest001 Local AD Account for RD Gateway Access
    Office365 – EndUsers Local AD M365 Users License group
    Guest001@3tallah.Com Local AD Account to connect with Azure AD

    Environment

    Server details.

    Server Name IP Address Role
    RDG01P 192.168.1.16 Remote Desktop Gateway server role

    Network Policy Server (NPS) roleRDG02P192.168.1.17Remote Desktop Gateway server role

    Network Policy Server (NPS) role

    Install RD Gateway servers farm

    Install RD Gateway server role on both RD Servers farm

    Deploy NPS Role for NPS Extension server

    The Network Policy Server (NPS) extension for Azure Multi-Factor-Authentication (Azure MFA) provides a simple way to add cloud-based MFA capabilities to your authentication infrastructure using your existing NPS servers. With the NPS extension, you’ll be able to add phone call, SMS, or phone app MFA to your existing authentication flow without having to significantly increase your existing authentication infrastructure.

    Accounts

    All the following accounts have been used.

    Account or group name Source Description
    Guest001 Local AD Account for RD Gateway Access
    Office365 – EndUsers Local AD M365 Users License group
    Guest001@3tallah.Com Local AD Account to connect with Azure AD

    Environment

    Server details.

    Server Name IP Address Role
    NPSEx01 192.168.1.18 Network Policy Server (NPS) role

    NPS Extension for Azure MFA


    The next steps will install the NPS role in your new server:

    NPS Extension for Azure installation

    As a part of the configuration of the NPS extension, you need to supply admin credentials and the Azure AD ID for your Azure AD tenant. The following steps show you how to get the tenant ID:

    Get Azure AD ID

    Install the NPS extension

    1. Copy the setup executable file to the NPS server.
    2. On the NPS server, double-click the executable. If prompted, click Run.
    3. In the NPS Extension for Azure MFA dialog box, review the software license terms, check I agree to the license terms and conditions, and click Install.
    4. On the NPS Extension for Azure MFA dialog box, click Close.

    Configure certificates for use with the NPS extension

    In this step, you need to configure certificates for the NPS extension to ensure secure communications. The NPS components include a Windows PowerShell script that configures a self-signed certificate for use with NPS.

    This script performs the following actions:

    • Creates a self-signed certificate
    • Associates public key of certificate to service principal on Azure AD
    • Stores the cert in the local machine store
    • Grants access to the certificate’s private key to the network user
    • Restarts Network Policy Server service

    To use the script, provide the extension with your Azure AD Admin credentials and the Azure AD tenant ID that you copied earlier. Run the script on each NPS server where you installed the NPS extension. Then do the following:

    Configure NPS components on RD Gateway server

    Once you have an NPS server running on your RDS environment, you need to configure the RD Gateway connection authorization policies to work with the NPS server. The authentication flow requires that RADIUS messages be exchanged between the RD Gateway and the NPS server.  This means that RADIUS client settings must be configured on both RD Gateway and NPS server.

    Configure RD Gateway connection authorization policies to use a central store

    Remote Desktop connection authorization policies (RD CAPs) specify the requirements for connecting to a RD Gateway server. By default, RD CAPs are stored locally, and MFA requires that they be stored in a central RD CAP store that is running NPS. Follow the steps below to configure the use of a central store.

    On the RD Gateway server, open Server Manager.

    Configure RADIUS client on RD Gateway NPS

    NPS service

    The NPS server with the NPS extension for Azure needs to be able to exchange messages with the RD Gateway. To enable this message exchange, you need to configure the NPS components on the NPS server.

    Hence you must define an NPS client on the RD Gateway server to allow it to communicate to the NPS server with the NPS extension.

    Configure RADIUS timeout value on RD Gateway NPS

    To ensure there is time to validate users’ credentials, perform two-step verification, receive responses, respond to RADIUS messages, and if necessary, adjust the RADIUS timeout value.

    1. In the NPS (Local) console, expand RADIUS Clients and Servers, and select Remote RADIUS Server Groups. In the details page, double-click TS GATEWAY SERVER GROUP.
    1. Click OK two times to close the dialog boxes.

    Configure connection request policies on RD Gateway 1

    By default, when you configure the RD Gateway to use a central policy store for connection authorization policies, the RD Gateway is configured to forward CAP requests to the NPS server. The NPS server, along with the Azure MFA extension, processes the RADIUS access request. You need to perform the following tasks:

    • Create from MFA policy to determine what happens when you receive a request from the NPS server.
    • Create to MFA policy to determine when to forward a request to the NPS server
    • Disable the default connection request policy.
    Verify policies’ status and processing order.

    Create “From MFA” connection request policy

    Create “To MFA” connection request policy

    Disable default connection request policy

    Verify connection request policies list

    Once you have added the two new policies and disabled the default one, you need to ensure that the policies’ status and processing order are correct. Your policy list should look like the picture below:

    Configure Connection and Resource Authorization policies on RD Gateway 2

    Register server in Active Directory

    For the NPS server to function properly in this scenario, it needs to be registered in Active Directory.

    Create RADIUS client

    The RD Gateway needs to be configured as a RADIUS client to the NPS server.

    Create RADIUS server group

    You need a RADIUS server group to establish communication with the RD Gateway server.

    Create connection request policies

    Just like with the RD Gateway server, you must define policies to handle messaging exchange to/from the RD Gateway server.

    Create “From RD Gateway” connection request policy

    Create “To RD Gateway” connection request policy

     

    Verify connection request policies list

    Once you have added the two new policies, you need to ensure that the policies’ status and processing order are correct. Your policy list should look like the picture below:

    Configure Network Policy

    Because the NPS server with the MFA extension was designated as the central policy store for RD CAPs, you need to implement a new policy on the NPS server to authorize valid connections requests.

    Verify configuration

    To verify the configuration, you need to connect to your RD deployment through the RD Gateway server. Be sure to use an account that is allowed by your RD CAP.

    Open any of the available resources It may ask you to enter your credentials.

     

    References

    The following articles are references used in this design document:

    Title

    Reference

    Azure Active Directory

    https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-whatis

    Custom Domain Name

    https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/add-custom-domain

    Integrate your Remote Desktop Gateway infrastructure using the Network Policy Server (NPS) extension and Azure AD

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension-rdg

    Remote Desktop Services – Multi-Factor Authentication

    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-plan-mfa

    Add high availability to the RD Web and Gateway web front

    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-rdweb-gateway-ha

    Remote Desktop Services – High availability

    https://docs.microsoft.com/en-us/windows-server/remote/remote-desktop-services/rds-plan-high-availability

    Integrate your existing NPS infrastructure with Azure Multi-Factor Authentication

    https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-nps-extension

    END OF DOCUMENT

By 3tallah

Building A Highly Available Remote Desktop Gateway Farm integrated with Azure MFA

Many people are being forced to work from home for the first time during the coronavirus outbreak. That could have negative impacts on our productivity.

Microsoft and many other Tech vendors start to provide different aspects to help people to work from home with more productivity.

We as Partner trying to utilize the tools and solutions to provide our customers with the best secure remote work with some added value which giving the users the same feeling as the office environment for higher productivity

Hence we started building RD Gateway with Azure MFA for secure work and familiar experience across a variety of devices or web browsers. hashtag

For more information, you can read and download from here.

from 3tallah’s Blog https://ift.tt/3biKEzO