Azure Private Link – a new feature for Enhanced Security

Azure is getting even more secure through the release of the Azure Private Link.

Azure Private Link provides private connectivity from a virtual network to Azure services, customer-owned or Microsoft partners services.

This means you can for example consume services like storages, databases, etc. within a VNet, without exposing the data to the Internet. All traffic to the service can be routed through the private endpoint, so no gateways, NAT devices, ExpressRoute or VPN connections, or public IP addresses are needed. Private Link keeps traffic on the Microsoft global network.

The configuration is straight forward. In the networking settings of the resource, you select Private endpoint for the connectivity method and create a new endpoint.

Note: at the time of this writing, Azure Private Link is available only in the US region.

Check here the availability for other regions.

Trying to configure Azure Private Link in a region where the feature is not available will generate this message:

Microsoft Azure Portal App for Windows, iPhone and Android

Microsoft has released a preview version of the Azure Portal app for Windows. I used it for some time now and it works quite well. You get rid of the browser, while the functionalities remain the same as in the Azure portal.

Download for Windows: https://portal.azure.com/App/Download

When on the go, I recommend the Microsoft Azure app for iOS or Android.

App Store Download: https://itunes.apple.com/app/microsoft-azure/id1219013620?ls=1&mt=8

Google Play Download: https://play.google.com/store/apps/details?id=com.microsoft.azure

Office 365: SharePoint classic lists and libraries shifted automatically to modern as a result of tenant opt-out starting April 2019

Starting April 1, 2019, it will no longer be possible to restrict an entire organization (tenant) to classic mode for lists and libraries. Lists and libraries may still use classic mode using the granular opt-out switches that we provide at the site collection, site, list, and library levels. Additionally, lists that use certain features and customizations that are not supported by modern will still be automatically switched to classic mode.

After April 1, lists and libraries that are in classic mode as a result of tenant opt-out will automatically be shifted to modern. Users will benefit from enhancements and new features such as attention views, PowerApps integration, Flow, column formatting, and the filters pane.

What should I do to prepare for this change?
The SharePoint Modernization scanner identifies sites and lists that have customizations that are not supported by modern UI. Although many of these lists will automatically remain in classic mode even after this change, you may wish to keep some sites running entirely in classic to avoid users switching between different experience modes within a single site.

Administrators can use a PowerShell script to enable or disable the modern experience for a single site collection or for a list of site collections as provided by the SharePoint Modernization scanner. Alternately, users can still use the “return to classic” option on modern views of lists or libraries to temporary return to classic, and list owners can use List Settings to configure that list to use the classic experience for all users.

PowerShell scripts to opt out of the modern list and library experience: https://docs.microsoft.com/en-us/sharepoint/dev/transform/modernize-userinterface-lists-and-libraries-optout

Source: Office 365 Message Center

Office 365 MCSA certification is being retired end of March 2019

Following exams which are the prerequisite for the MCSA Office 365 certification are being retired end of March 2019:

  • 70-346: Managing Office 365 Identities and Requirements
  • 70-347: Enabling Office 365 Services

Microsoft 365 Enterprise Administrator is the new certification whose content is even broader covering all the elements of Microsoft 365 and how they work together. It consists of following exams:

  • MS-100: Microsoft 365 Identity and Services
  • MS-101 Microsoft 365 Mobility and Security

Here are the other Microsoft 365 certifications available:

M365 Certified Fundamentals
Prove that you understand the options available in Microsoft 365 and the benefits of adopting cloud services, the Software as a Service (SaaS) cloud model, and implementing Microsoft 365 cloud service.

M365 Certified: Messaging Administrator Associate
Microsoft 365 Messaging Administrators deploy, configure, manage, and monitor messaging infrastructure, permissions, client access, mail protection, and mail flow in both on-premises, hybrid, and cloud enterprise environments.

M365 Certified: Teamwork Administrator Associate
Microsoft 365 Teamwork Administrators configure, deploy, and manage Office 365 workloads that focus on efficient and effective collaboration, such as SharePoint (online, on-premises, and hybrid), OneDrive, and Teams.

M365 Certified: Security Administrator Associate
Microsoft 365 Security Administrators proactively secure M365 enterprise and hybrid environments, implement and manage security and compliance solutions, respond to threats, and enforce data governance.

M365 Certified: Modern Desktop Administrator
Modern Desktop Administrators deploy, configure, secure, manage, and monitor devices and client applications in an enterprise environment.

M365 Certified: Enterprise Administrator
Microsoft 365 Enterprise Administrators evaluate, plan, migrate, deploy, and manage Microsoft 365 services.

O365 News: Security & Compliance Center is getting replaced

Office 365 Security & Compliance Center is getting replaced by 2 new sites:

The administrator experience will change, but this won’t impact your current security and compliance configurations.

The rollout happens February through March 2019.

Office 365 security: 3DES cipher comes to it’s end on February 28, 2019

As part of Microsoft’s plan to move all online services to TLS 1.2, they are retiring 3DES beginning February 28, 2019. As a result, connections using the ciper 3DES will not work.

You can get an overview of your TLS 1.0/1.1 and 3DES usage in Office 365’s Secure Score at http://securescore.microsoft.com

Remember that TLS 1.0 and TLS 1.1 are not supported since October 31, 2018. Fore more details see:

https://ranariblog.wordpress.com/2018/10/16/microsoft-office-365-will-remove-support-for-tls-1-0-and-1-1-starting-october-31-2018/

Office 365 will remove support for TLS 1.0 and TLS 1.1 starting October 31, 2018

As of October 31, 2018, Microsoft Office 365 will remove support for TLS 1.0 and 1.1. This means that if you have issues connecting to Office 365 services because of weaker protocols, no support tickets would be generated.

By October 31, 2018, all client-server and browser-server combinations should use TLS version 1.2 (or a later version) to ensure connection without issues to Office 365 services. This may require updates to certain client-server and browser-server combinations.

If you do not update to TLS version 1.2 (or later) by October 31, 2018, you may experience issues when connecting to Office 365. If you experience an issue related to the use of an old TLS version after October 31, 2018, you will be required to update to TLS 1.2 as part of the resolution.

The following are some clients that we know are unable to use TLS 1.2. Please update your clients to ensure uninterrupted access to the service.

•  Android 4.3 and earlier versions
•  Firefox version 5.0 and earlier versions
•  Internet Explorer 8-10 on Windows 7 and earlier versions
•  Internet Explorer 10 on Win Phone 8.0
•  Safari 6.0.4/OS X10.8.4 and earlier versions

Source: https://support.microsoft.com/en-us/help/4057306/preparing-for-tls-1-2-in-office-365

This change comes in the context where of all major web browsers, including Google Chrome, Apple Safari, Microsoft Edge, Internet Explorer, and Mozilla Firefox, altogether announced October 15, 2018 to remove support for TLS 1.0 (20-year-old) and TLS 1.1 (12-year-old) communication encryption protocols in the first half of 2020.

See the official articles here:

Google: https://security.googleblog.com/2018/10/modernizing-transport-security.html
Microsoft: https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
Apple: https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
Mozilla: https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/