Announcing the new Microsoft and Open Source Partner Community

open

It’s known for years now that Microsoft’s affair with Open source. Day by day this bound has been grown and now it’s obviously a blessed marriage. Microsoft’s one of the biggest strength is partner and technical community eco system. Unlike any other parties, Microsoft has done a lot to build the community eco system which connects every individual in the world with products and technologies in various ways.

In the other hand, Open source parties had this flaw where the community and support contribution to the product stack were very low.

Azure grown unbelievably faster unlike any other cloud service in past few years and open source migrations to the Azure has increased massively. Infect 1 in 3 VMs in Azure are Open source. This drastic growth rang the bells to Microsoft for the next button to be pressed. While open source resources are being moved to Azure, it is also a critical point to implement connectivity between open source vendors, partners and technical communities with Microsoft Partners and Technical Communities. This is a long due marriage which could have happened before but finally here we are.

At Microsoft Worldwide Partner Conference 2016, Microsoft announced the launch of Microsoft and Open Source partner community on Microsoft Partner Network, the place for us to connect and collaborate with the vast and diverse ecosystem of partners who develop and distribute open source solutions and services on Microsoft Azure.

This community is open to discuss about diverse range of open technologies runs on Azure. It will allow anyone to stay tuned with updates, Share information on various criteria’s of open technologies and even to simply start a discussion on your own topic which shall be responded by the community.

Eventually, Microsoft has implemented another bridge between open source and Microsoft community across the globe. 

Original Announcement on MPN

Azure AD Conditional Access for Office 365 (Exchange and SharePoint Online) Preview Release

Yesterday Microsoft announced one of the most awaited feature for Office 365, “Azure AD Conditional Access Preview” for SharePoint Online and Exchange.

What is Conditional Access and What it is for ?

Security has been one of the key elements in systems for decades but for the present time it needs to be much more comprehensive than ever before with the evolvement of the cloud and mobile era. With the rise of devices used by a person and the ability to access corporate resources from anywhere in the world, there is a massive demand of securing corporate resources. Ultimately the latest strategies of securing corporate resources are defined by the new ways which users are used to accessed them.

Microsoft has taken another big leap of security capabilities with this release today. Azure Active Directory Conditional Access Features Allows you to secure and manage your corporate resources in simple ways in cloud or even on premise. If you want to ensure an stolen user credential or unmanaged device will not harm your corporate resources, Azure AD Conditional Access if made for you.

clip_image001

How is the access Enforced

Generally when a user signs in to a service, Azure Active Directory checks whether the security inputs of this user meets the access requirements you defined. and if the requirements are met, user will be authorized to access the service or application.

The enforcement can be done in two ways. You can define policies to configure the access either way, for users or devices.

  • User based Access (Control who you want to allow access)

User Attributes – User Attributes level can be used to define policies of which users can access organization’s resources.

Group Membership of a User – or either based on the Group/Groups of user which he/she represents in.

Multifactor Authentication (MFA) – Multifactor Authentication can be configured to ensure better security. User has to provide more than one factor (Password) which could be either a PIN or Phone Number. That ensures extra level of security for your organization’s resources.

Sign-in and User Risk – This capability known as “Conditional Access Risk Policies” comes with Azure AD Identity protection. This will allow you to track unusual sign in activities and risk events based on the access trends and implement advance protection. Global and Multi-region companies will benefit a lot with the capability.

  • Device Based Access (Control what you want to allow access)

Enrolled Devices – Using Microsoft Intune, you can use Device Level Access to control only MDM (Mobile Device Management) Enrolled devices are allowed to access resources. Intune is capable to validate if the device is enrolled with MDM. Also device level access will ensure that only the matched devices with the policies (such as force file encryption on a granted device) you have configured are allowed to access. Even you can flush out the content of a device remotely which was stolen or misused using MDM solutions.

The best part is, It’s not just limited to the cloud, you can also use device based access policies to control your on premise resources or even cloud based SaaS or line of business applications.

What does this Preview Brings you?

This release is a much awaited capability for most of the organizations and a huge step on the Access Policy framework. Conditional Access for CRM and Yammer been already there but Specially for SharePoint and exchange, the call has been ringing there for quite long time.

These three conditions are released for SharePoint and Exchange online as preview. Microsoft Recommends to enable these policies alongside risk based conditional access policy available with Azure Identity Protection.

  • Always require MFA
  • Require MFA when not at work
  • Block access when not at work

Conditional Access Policies are supported in Browser based access to Exchange Online, SharePoint Sites and OneDrive and even for Desktop Applications that uses modern authentication mechanisms.

Across the mobile devices, these are the tested desktop and mobile applications connects to Exchange and SharePoint so far by Microsoft.

  • For Windows 10, Windows10 Mobile, Windows 8.1, Windows 7 and Mac
  • Outlook, Word, Excel and PowerPoint in Office 2016
  • Outlook, Word, Excel and PowerPoint in Office 2013 (with modern authentication enabled)
  • OneDrive Sync Client (with modern authentication)

For IOS

  • Outlook Mobile App

Resources:

Detailed Explanation of Azure Ad Conditional Access

Conditional Access Policy Support for Mobile Devices

Original Announcement

Enabling Multi-Factor Authentication in Office 365 (MFA)

MFA or Multifactor Authentication been there for quite some time now. Everyone on the internet already used to it which provides better security on the applications over the internet.

The name describes it all, basically the MFA allows you to have more than one method of signing in to a service or application such as your Outlook.com account, Facebook or Gmail or even your e-banking login. This means, you have multiple factors to verify your identity in order to sign you in.

Beyond the traditional single password you supposed to use, MFA allows you to have more than one method to sign in such as Phone Number, Passcode in addition to the password. With this capability, even if your password was stolen, stealer won’t be able to use it to sign in to your account without knowing the phone number or passcode which is required to sign in.

Microsoft is massively investing on security and compliance day by day with lots of new improvements on these criteria’s. Yet this isn’t very new for O365, MFA for O365 was first introduced in February 2014 through this blog article.

Now let’s see how we can set this up and let our users to utilize the service in a more secure way as they waited for it.

You need to login to Office 365 as Global administrator and open up Admin Panel. New Admin Panel makes this pretty easy for us.

Before start, let’s not forget this insightful article on MFA here. you can get a good briefing through this one to get started.

clip_image001

Direct to Users and open up Active users in this case. Under More Dropdown, Click on “Setup Azure multi-factor auth” link. This will take you to the MFA configuration page.

clip_image002

Select the User you want to force MFA for.

clip_image003

From the right pane, click “Enable” link to enable MFA. You can perform this as a bulk operation too by selecting everyone or several.

clip_image004

Click “Enable” to perform the operation

clip_image005

Hit on “enable multi-factor auth” to start the enabling. This is just a few seconds work. Before this step, ensure that you have taken necessary actions to inform users on what they need to do when they sign in to portal next time and when using other devices.

clip_image006

Successful message will indicate that everything went well.

clip_image007

At the very next login to the portal by the selected user/s, it will prompt to insert the security code texted or given via a call on the user’s mobile phone number.

By selecting Different verification option, user/s can select whether it’s a text message or a voice call which provides the security code. Pretty simple !

clip_image008

Then we can Enforce the MFA. Enforcing and Enabling are two different things. You need to enable MFA first before Enforcing. Enforcing Option will only appear after enabling.

With Enforcing, you are as a admin enforcing end users to have APP Passwords for their non-browser application such as Outlook, Skype for Business or Lync.

clip_image009

Simply select User/s as same as we did before and click on “Enforce” Link on right pane. Click Enforce again on the prompt message.

clip_image010

Just in a few seconds, Success message will indicate that you are done.

clip_image011

Additionally, If you click on “Manage User Settings” Link on the right pane, there are few more features to ensure better security.

You can Enforce to provide contact methods for selected users again.

Delete all app passwords created by the selected users.

Or restore MFA on all devices which are remembered.

These options can be utilized in special events as you need.

clip_image012