Tag Archives: mvp

All the news about #AzureAD @Ignite2017

MS Ignite 2017 is over, but if you need to know all the news about Azure Active Directory, you should definitely take a look at this article:

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/27/whats-new-with-azure-active-directory-ignite-2017/

Advertisements

GDPR Masterclass για ΙΤ Pros, τι πρέπει να κάνετε

gdprlogo

 

Τι είναι το GDPR Foundation Masterclass;

Πρόκειται για ένα νέο σεμινάριο που δημιουργήσαμε, με σκοπό να εξοικοιωθείτε με τις νέες απαιτήσεις του GDPR. Θα ενημερωθείτε για όλες τις αλλαγές που πρέπει να εφαρμόσετε στην εταιρία σας, καθώς και για την μεθοδολογία που πρέπει να ακολουθηθεί σε όλα τα επίπεδα της πληροφορίας, ώστε να είστε πλήρως συμβατοί με την νέα νομοθεσία, αποφεύγοντας το υπέρογκο πρόστιμο σε περίπτωση ελέγχου.

Πρόκειται για το μοναδικό σεμινάριο στην ελληνική αγορά, το οποίο ασχολείται και με το τεχνικό μέρος της συμμόρφωσης με το GDPR χρησιμοποιώντας τεχνολογίες Microsoft on-premises και cloud.

 

ΔΟΜΗ ΣΕΜΙΝΑΡΙΟΥ:

  • Ενότητα 1: GDPR context, definitions, penalties
  • Ενότητα 2: Βασικές αρχές
  • Ενότητα 3: Rights of the Data Subject
  • Ενότητα 4: Controller και processor
  • Ενότητα 5: Μεταφορά Προσωπικών Δεδομένων
  • Ενότητα 6: Αρχές εποπτείας
  • Πως μπορείτε να χρησιμοποιήσετε το Microsoft Azure και το Office 365 ώστε να είστε συμβατοί με το GDPR
    • Εντοπισμός προσωπικών δεδομένων στον οργανισμό με χρήση τεχνολογιών όπως Microsoft Azure Data Catalog, Cloudapp Security, Data Loss Prevention, Advanced Data Governance, Office 365 eDiscovery
    • Διαχείριση προσωπικών δεδομένων με χρήση τεχνολογιών Azure Active Directory, Azure Information Protection, Advanced Data Governance και Journaling, Data Classification Toolkit
    • Προστασία προσωπικών δεδομένων με χρήση τεχνολογιών Azure Key Vault, Intune, Advanced Threat Protection και Threat Intelligence, Windows Hello και Device Guard
    • Δημιουργία αναφορών σχετικά με τα προσωπικά δεδομένα με χρήση τεχνολογιών Service Trust Platform, Azure Auditing, Logging και Monitor, Information Protection, Service Assurance και Customer Lockbox

ΣΤΟΧΟΙ ΤΟΥ ΣΕΜΙΝΑΡΙΟΥ:

  • Ορισμοί
  • Κυρώσεις και πρόστιμα
  • Χρονοδιάγραμμα εφαρμογής GDPR
  • Οι 6 αρχές της επεξεργασίας δεδομένων και συγκατάθεση
  • Ειδικές κατηγορίες δεδομένων
  • Τα δικαιώματα των υποκειμένων των δεδομένων
  • Υπεύθυνοι επεξεργασίας και εκτελούντες την επεξεργασία
  • Προστασία Προσωπικών Δεδομένων
  • Ασφαλίζοντας τα προσωπικά δεδομένα
  • Αναφορά παραβίασης δεδομένων προσωπικού χαρακτήρα
  • Πως θα κάνουμε το DPIA (data protection impact assessment)
  • Ο ρόλος του DPO (Υπεύθυνος Προστασίας Δεδομένων)
  • Πιστοποιήσεις
  • Μεταφορά δεδομένων εκτός Ευρωπαϊκής Ένωσης
  • Ο ρόλος των εποπτικών αρχών
  • Ο ρόλος του EDPB (European Data Protection Board, Ευρωπαϊκό Συμβούλιο Προστασίας Δεδομένων)
  • Χρήση τεχνολογιών Microsoft για την συμβατότητα με το GDPR, είτε για τα δεδομένα on premises, είτε για τα cloud δεδομένα

Το σεμινάριο περιλαμβάνει και υλικό σε ηλεκτρονική μορφή, το οποίο μπορείτε να κρατήσετε με την ολοκλήρωση του σεμιναρίου. Επίσης σας παρέχουμε πρόσβαση στο online course, αξίας 150 ευρώ, ώστε να μπορείτε να ανατρέχετε ανά πάσα στιγμή στα videos που περιγράφουν τις βασικές έννοιες του GDPR.

 

Πληροφορίες και ημερομηνίες διεξαγωγής εδώ.

Retiring the Azure classic portal

We know that a lot of you were complaining about having two different portals to manage Azure AD. There were some actions that should be done using the old portal and some others that you had to use the new Azure Portal.

So guess what: on November 30, they’ll be retiring the Azure AD admin experience in the classic Azure portal. After that date, the administration of Azure AD has to be done using the new portal.

The Azure Information Protection (or AIP, formerly Rights Management Service) admin experiences will also be retired in the Azure classic portal on November 30, but can be found here in the new Azure portal.

To learn more about Azure Information Protection, read the related documentation. Additionally, after November 30, admin experiences for Access Control Services will be available at a different URL (but we don’t know that URL yet.)

Thanks for your time!

How they secure our data in #AzureAD

 

This is a question that I’m getting asked many times during IT projects and courses. The answer is here, so take a look at this article by @Alex_A_Simons, where he explains what they actually do:

https://blogs.technet.microsoft.com/enterprisemobility/2017/09/05/how-we-secure-your-data-in-azure-ad/

Enjoy!

Improvements to #AzureAD Connect Health sync error reporting

 

You should remember some previous blog posts related to the Azure AD Connect Health service, which allows you to monitor and gain insights into your hybrid identity infrastructure. The good thing about this service is that it also provides reports about synchronization errors that might occur while syncing data from on-premises AD to Azure AD using Azure AD Connect. So if you are an Azure AD Connect user, you should definitely check this link first: https://docs.microsoft.com/en-us/azure/active-directory/connect-health/active-directory-aadconnect-health-sync#object-level-synchronization-error-report-preview

You could also do a search in this blog to find older articles about this topic, you can click here.

So let’s talk about the improvements that we’ve got.

1. First of all, accessing the sync error report does NOT require Azure AD Premium (which is good because you don’t need to spend more money…)

1

 

2. The sync error report now includes errors due to the Duplicate Attribute Resiliency feature.

Duplicate Attribute Resiliency is a feature in Azure Active Directory that will eliminate friction caused by UserPrincipalName and ProxyAddress conflicts when running one of Microsoft’s synchronization tools.

2

 

3. You can see that now there is a dedicated category for the “FederatedDomainChange” errors.

3

 

In order to see these new reports, upgrade to the latest version of AAD Connect (also works with version 1.1.281.0 or higher) and then simply navigate to the Azure AD Connect Health Dashboard.

 

Thanks for your time!

A change in the token lifetime in #AzureAD

 

Another change these days, but only for new AD tenants. In fact, the default settings for Azure AD refresh tokens is now changed. This is because refresh token expirations seemed to frustrate some users, especially for those of them that haven’t been actively authenticating their clients. It’s obvious that Microsoft tried to eliminate unnecessary signin prompts while maintaining high level of security.

So the new settings for new tenants are:

  • Refresh Token Inactivity: 90 Days
  • Single/Multi factor Refresh Token Max Age: until-revoked
  • Refresh token Max Age for Confidential Clients: until-revoked

It’s also noted that you have the option to override these settings when needed.

If you want to learn more about how Azure AD tokens work, you can check this article here. As you can see, there are multiple types of tokens, and you should know that, although the refresh tokens now last longer, access tokens still expire on much shorter time frames.

 

How can you change the settings related to the token lifetime

1. Download the latest Azure AD PowerShell Module Public Preview release.

2. Run the Connect command to sign in to your Azure AD admin account:

connect-azuread –confirm

3. To see all policies that have been created in your organization, run the following command:

get-azureadpolicy

1

 

4. To create the policy, run the following command:

New-AzureADPolicy -Definition @(‘{“TokenLifetimePolicy”:{“Version”:1,”MaxInactiveTime”:”14.00:00:00″,”MaxAgeSingleFactor”:”90.00:00:00″,”MaxAgeMultiFactor”:”90.00:00:00″,”MaxAgeSessionSingleFactor”:”until-revoked”,”MaxAgeSessionMultiFactor”:”until-revoked”}}’) -DisplayName “OrganizationDefaultPolicyScenario” -IsOrganizationDefault $true -Type “TokenLifetimePolicy”

 

More details can be found here.

 

You can also revoke a user’s refresh token:

  • Download the latest Azure AD PowerShell V1 release.
  • Run the Connect command to sign in to your Azure AD admin account. Run this command each time you start a new session:

    Connect-msolservice

  • Set the StsRefreshTokensValidFrom parameter using the following command:

    Set-MsolUser -UserPrincipalName <UPN of the User> -StsRefreshTokensValidFrom (“<current date>”)

     

    Thanks for your time!

  • #AzureAD and Intune now support macOS in conditional access

     

    As the Azure AD Team says, “Conditional access is one of the fastest growing services in EMS and we are constantly getting feedback from customers about new capabilities they would like us to add to it. One of the most frequently requested is support for macOS. Customers want to have one consistent system for securing user accessing to Office 365 on all the platforms their employees are using.”

    If you want to refresh your knowledge and memory about what EMS is, just do a search in this blog and you’ll find some additional information.

    Starting from a few days ago, Azure Active Directory and Intune now support macOS platform for device-based conditional access, allowing you to restrict access to Intune-managed macOS devices using device-based conditional access according to your organization’s security guidelines.

    So practically now we have the ability to enroll and manage macOS devices using Intune, make them follow your organization’s compliance policies, but also restrict access to applications in Azure AD to only compliant macOS devices.

    Let’s see what do you need to do.

    1. Configure compliance requirements for macOS devices in Intune

    Use the Intune service in Azure Portal to create a device compliance policy for macOS devices in a few clicks:

    Select Device compliance –> Policies:

    1 

    Then, click the + sign to create a new policy:

    2

    Explore the various settings, as you can see you have the option to configure security settings, device health settings and device properties settings, such as the minimum and the maximum OS version.

     

    2. Restrict access to Azure AD applications for macOS devices

    You can create a targeted conditional access policy for macOS to protect the Azure AD Applications. Go to conditional access under Azure AD service in Azure portal to create a new policy for macOS platform:

    3

     

    A few more things that you need to remember:

    In the public preview, the following OS versions, applications, and browsers are supported on macOS:

    Operating Systems

    • macOS 10.11+

    Applications

    The following Office 2016 for macOS applications are supported:

    • Outlook v15.34 and later
    • Word v15.34 and later
    • Excel v15.34 and later
    • PowerPoint v15.34 and later
    • OneNote v15.34 and later

    Browsers

    • Safari

    Thanks for your time!