Ειδική προσφορά MCSA Windows Server 2012 R2

Τώρα που ο Windows Server 2012 R2 δίνει την θέση του στον Windows Server 2016, είναι μια καλή στιγμή να εκπαιδευθείτε σε οικονομική τιμή. Προετοιμαστείτε για το MCSA στον Windows Server 2012 R2 με τα online σεμινάρια στα ΕΛΛΗΝΙΚΑ και σε αχτύπητη τιμή.

Τα σεμινάρια περιλαμβάνουν την εκπαίδευση στα ελληνικά σε video high definition, με απεριόριστη πρόσβαση, το επίσημο εκπαιδευτικό υλικό Microsoft και πρόσβαση στα επίσημα online labs της Microsoft.

Οι ειδικές τιμές ισχύουν για το 20410, 20411 και 20412 και η προσφορά θα είναι διαθέσιμη μέχρι 15 Ιουλίου 2017.

Με την αγορά του κάθε σεμιναρίου ξεκινάτε την εκπαίδευση από το σπίτι σας μέσα σε 2 ώρες, με το ίδιο ακριβώς υλικό που δίνουμε στις εκπαιδεύσεις σε αίθουσα.

Το πρώτο κεφάλαιο κάθε σεμιναρίου σας το προσφέρουμε ΔΩΡΕΑΝ.

Βιαστείτε! Οι ειδικές τιμές ισχύουν για το 20410, 20411 και 20412 και η προσφορά θα είναι διαθέσιμη μέχρι 15 Ιουλίου 2017.

New feature updates for #AzureAD Application Proxy, WorkFolders supported also

I’ve already presented Azure AD Application Proxy many times, it’s a great feature of Azure AD that you can use to publish your web apps to users outside of the company without VPNs. firewalls and the like.

If you don’t know what is Azure AD Application Proxy, please take a look at this recorded presentation that I did a few months ago. You can find the video here.

But today there are some great news: if you use the new connector version of App Proxy you can use it with applications that take up to 180 seconds to respond to a request. Use the new Backend Application Timeout setting in the Azure Portal to publish these applications by changing the value from “Default” (85 seconds) to “Long” (180 seconds. This setting is in the “Application Proxy” menu for your application.

If your application consistently responds in less than 85 seconds, it is recommended to keep the default setting. This ensures the Application Proxy Connector does not consume unnecessary resources. To learn how to manually upgrade your Connector or how the automatic updates will roll out, please see the Connector update documentation. If you already have the newest Connector, you can close all ports other than 443 and 80 and reduce your overhead.

Take also a look at the configuration documentation regarding the ports that you can now use.

 

But there is also another great feature. It is possible to use Azure AD App Proxy to give access to your users to the WorkFolders that you use internally. This article was somehow hidden in a Microsoft blog, so we’ve discovered it and …

 

Work Folders updates for Windows 10 version 1703, Android and iOS

In this recent announcement, we can see that is now possible to offer the following functionality:

  • Remote users can securely access their files on the Work Folders server using Azure Active Directory Application Proxy
  • Improved single sign on experience (fewer authentication prompts) when using Azure Active Directory Application Proxy
  • Group policy setting to manage the Work Folders directory location on Windows devices

Don’t waste more time! Click here to read all the documentation about how you can do it.

Enjoy!

Video: Single Sign On to Applications using #AzureAD

 

Single sign-on provides the capability of a common identity for user of Office 365, Azure, and SaaS applications integrated with Azure Active Directory, allowing users to be more productive across more apps.

Integration of #AzureAD with Workday is now in Public Preview

Well, these guys never stop giving us new features and technologies. So today the Azure AD Product Group announced that we have an integration of Azure AD with Workday.

Some of you probably do not know anything about Workday. Well, it’s a great application that can be used by the HR, the Finance and the IT department, and can unify finance and HR, giving you real-time insights, global visibility, and predictive analytics.

053117_0507_Useraccount1 

And here is the good part: Integration, meaning that when the employee information changes in Workday, like a name change or a title change, this information has to replicate to Azure AD, Windows Server AD on-premises, Office 365 and to third-party apps that use these identities. Additionally, key user attributes like email addresses need to be automatically written back to Workday when mailboxes are provisioned or updated in your organization’s email system.

By using Azure AD Connect and the existing library of SaaS app connectors in conjunction with these new features, we can now achieve end-to-end user provisioning from Workday to our identity systems and SaaS apps.

This feature is available in public preview today for all customers using Azure AD Premium P1. To get started, check out this Tutorial for Configuring Workday for Inbound Synchronization.

053117_0507_Useraccount2

 

You can learn more about Workday here.

Thanks!

EMS Conditional Access using #AzureAD: What is all about

 

It’s really not the first time that you see this feature, EMS Conditional Access, in this blog. Just try to make a search, just like this: https://spanougakis.wordpress.com/?s=conditional+access and you’ll get a lot of related information.

So as you can see, we need to find a way to protect our corporate data, while allowing our users to be productive, just using any device, giving them the best possible experience.

We should now start exploring what we can do using conditional parameters at the application, user or location layer. Take a moment to take a look at the following diagram:

 ems1

How to protect data using the Application layer in EMS
Some of your cloud applications might contain sensitive information, and you should consider control access. As you can see on the right side of the picture above, you could create policies that can ask for Multi-Factor Authentication, depending on the location it’s being accessed from. These policies can be applied to any cloud (SaaS) or on-premises app protected by Azure Active Directory, including their rich, mobile or browser-based clients.

User layer conditional access
That’s probably the easy part, because if you use Azure AD Premium as your identity management mechanism, you already know that you can specify to which users or groups these conditional access policies should apply. You can assign multiple conditions at the location, application or device information levels to users or multiple groups, You can also create exclusions.

Location layer conditional access 
Just define a set of trusted IPs, but also define what will happen when the user tries to access an application from an unknown location, for example you could ask for MFA.

Let’s see a common scenario that implements all the previous topics:

ems2

 

But what about devices?
You need device compliance, just to make sure that you allow only managed and compatible devices to access your data-sensitive applications. This can be done by using Device compliance policies to enforce device compliance requirements. Some of these could be device enrollment, domain join, passwords and encryption, but also the OS that runs on devices.

You can use compliance policy settings in Microsoft Intune to create a set of rules for and to evaluate the compliance of employee devices. When devices don’t meet the conditions set in the policies, the end user is guided though the process of enrolling the device and fixing the issue that prevents the device from being compliant.

In this scenario, when you use a conditional access policy in combination with a device compliance policy, only users with compliant devices—in addition to any other rules you’ve set—will be allowed to access the service.

This is how it works:

ems3

Microsoft recently partnered with Lookout, and this integration can give you all the information that you need, related to mobile device risks, including advanced mobile threats and app data leakage. If a device is found to be not compliant due to a mobile risk identified by Lookout, access is blocked and the user is prompted to resolve the issue with one-step guidance from Lookout before they can regain access. Note that Lookout licenses must be purchased separately from EMS:

ems4

But the same policies can be applied to on-premises apps also. Microsoft has now partnerships with popular network access providers such as Cisco ISE, Aruba ClearPass, and Citrix NetScaler. Now you can extend your Intune conditional access capabilities to work with these networks. Every time that a user tries to access an on-premises application, additional checks can be made for Intune-managed and compliant devices before allowing user access through these devices.

It’s also important to take into consideration some additional threats and risks, so we can use….

Risk-based conditional access
Today’s threats are really sophisticated, but the good thing is that after every attack we know that there is a pattern that fortunately can be analyzed. Every month Microsoft updates more than 1 billion PCs, services more than 450 billion authentications, and analyzes more than 200 billion emails for malware and malicious websites. They gather information about every kind of attack there is, and they push the data directly into the Microsoft Intelligent Security Graph.

So now that we have the data, we can use it as part of a conditional access policy we create. It’s important to know that in many cases these risks are automatically recognized by Microsoft, and when they are detected they could block user access.

The same happens when they detect the possibility of leaked credentials. Microsoft security researchers search for credentials that have been posted on the dark web, which usually appear in plain text. Machine learning algorithms compare these credentials with Azure Active Directory credentials and report any match as “leaked credentials.”

Can you travel from Europe to the US in just an hour? Probably not. So when two sign-ins originate from different geographic locations within a window of time too short to accommodate travel from one to the other, it’s probably an indication of someone else that used your credentials to sign-in.

Infected devices
The Microsoft Intelligent Security Graph maintains a list of IP addresses known to have been in contact with a bot server. Devices that attempt to contact resources from these IP addresses are possibly infected with malware and are therefore flagged.

Anonymous IP addresses
Why should you hide your IP address? Probably because you want to perform some malicious activities. In this scenario, a risk-based conditional access policy can require MFA as additional proof of identity.

IP addresses with suspicious activity
Multiple failed sign-in attempts that occur over a short period of time, across multiple user accounts, and that originate from a single IP address, also trigger a risk event. This scenario can be analyzed and enforce the correct conditional access policy if required.

To get a full picture of conditional access from EMS, you can download this white paper with a lot of additional information, so please cheek it out.

Thanks for your time!

#AzureAD Privileged Identity Management Approval Workflows are now in Public Preview

 

Some more great news today from the Azure AD Team! The public preview of some major updates to the Azure AD Privileged Identity Management service is now on. If you want to know more about Azure AD PIM, you can taka a look at this article: https://spanougakis.wordpress.com/2016/09/13/azuread-identity-protection-azure-ad-privileged-identity-management-and-azure-ad-premium-p2-available-sept-15th-2016/

But let’s see what’s new:

  • A new, improved user experience
  • New approval workflow for improved role security
  • Audit History for everyone in temporary role assignments

You should have all these new features available today, assuming that you have a paid Azure AD P2 subscription.

The new Approval Workflow 
Let’s try to logon to the Azure AD portal as a user that will request access to be a Global Administrator. So this is how it works: the user will request a Global Administrator role, but he will be notified that the approval is pending, as you can see below:

1

2

3

Now, the Global Administrator has to use the Azure AD Portal to approve the request:

4

5

As soon as the request is approved, you can ….

View all temporary role assignments with the new “My Audit History
Just navigate to the My Audit History, a new view in the updated user interface that lets you see status and activation history for all your temporary role assignments:

7

Don’t forget to check Audit History, which gives you a full log of all previous role approvals:

6

Thanks for your time!

Take a look at the new #AzureAD Admin Console, now in GA!

 

Back in September 2017 there was an announcement about the new Azure AD portal. which was in Public Preview at that time. We are very excited to see that today we have all the new functionality and features available, because it’s generally available to everybody! It’s really impressive to know that since September 750k admins from 500k organizations have tried it out and gave their feedback to the Azure AD guys.

First of all, you should take a look at this overview video, just to get the idea of what is available today:

As the official announcement says, the new Azure AD portal design focused on some specific customer needs:

  • Be simple and optimized for getting work done.
  • Provide insight to help the Azure AD Admin to make the right decisions.
  • Give to the Azure AD Admin easy access to information.
  • Give the Azure AD Admin information that wasn’t available before.

So let’s logon to http://aad.portal.azure.com and check the new functionality:

azuread1

Understanding what a user has access to, and when and how that access was granted, is essential for managing and securing your organization. So when you select a user, you can now immediately see a list of the enterprise apps that the user has access, either assigned or consented:

azuread2

Another really cool info that you get is audit and sign-in activity as streams of data with rich filtering and search capabilities. You can see the activity for the whole organization, or dive into a single user, group, or application. Just click the Audit Logs option for a user:

azuread3

It is also important to notice that the new portal does not require an Azure subscription, which streamlines access, especially for Office 365 admins.

One more feature is the ability to receive notifications about the status of the service, new features availability, or even weekly status e-mails:

azuread4

Thanks for your time, make sure that you check it out!