Infrastructure + Security: Noteworthy News (October, 2018)

Hi there! Stanislav Belov here, bringing you the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure
Announcing New Module ‘Az’
In August 2018 we released a new module, ‘Az’ which combines the functionality of the AzureRM and AzureRM.Netcore modules. Az runs on both PowerShell 5.1 and PowerShell Core. ‘Az’ ensures that the PowerShell and PowerShell Core cmdlets for managing Azure resources will always be in sync and up to date. In addition, Az will simplify and regularize the naming of Azure cmdlets, and the organization of Azure modules. Az is intended as a replacement for the AzureRM.Netcore and AzureRM modules. AzureRM will continue to be supported, and important bugs will be fixed, but new development and new Azure capabilities will be shipped only in Az starting December 2018.
Serial console for Azure VMs now generally available
For those new to serial console, you’ll likely recognize this scenario: You’ve made a change to your VM that results in you being unable to connect to your VM through SSH or RDP. In the past, this would have left you pretty helpless. Serial console enables you to interact with your VM directly through the VM’s serial port – in other words, it is independent of the current network state, or as I like to say, it’s “like plugging a keyboard into your VM.” This means that you can debug an otherwise unreachable VM to fix issues like a broken fstab or a misconfigured network interface, without needing to resort to deleting and recreating your VM.
Staying up to date with the Microsoft Azure roadmap (Ignite video)
Cloud services like Azure are evolving faster and unlike any other technology we use today. However, as a technologist, responsible for helping your organization keep up with this pace of change and make sense of it all, it is easy to be overwhelmed. In this session, the Azure Service Operations team shares how we track, manage, and communicate change – so you can stay ahead of new capabilities, changes, and deprecations in Azure.
Managing your IaaS resources in the Microsoft Azure Portal: What’s new in 2018
Azure changes fast, and it can be hard to keep up with the latest updates. Meet the Azure Portal IaaS Experiences team as we share our favorite updates to the Azure Portal for IaaS (Compute, Networking, Storage) resources, and provide your feedback on our ideas for the future.
Azure Active Directory: New features and roadmap (Ignite video)
Get an overview of Azure Active Directory capabilities, demos, and what’s new or coming soon! Hear about the newest features and experiences across identity protection, conditional access, single sign-on, hybrid identity environments, managing partner and customer access, and more.
Announcing password-less login, identity governance, and more for Azure Active Directory
Microsoft is ending the era of passwords! This week we announced that password-less phone sign in to Azure AD accounts via Microsoft Authenticator is now available in public preview. With this capability, your employees with Azure AD accounts can use the Microsoft Authenticator app to replace passwords with a secure multi-factor authentication option that is both convenient and reduces risk.
How Microsoft manages a hybrid infrastructure with Azure (Ignite video)
With over 95% of the Microsoft enterprise IT infrastructure in the cloud, the company is adopting Microsoft Azure monitoring, patching, backup, and security tools to create a customer-focused self-service management environment focused on DevOps and modern engineering principles. Learn from Microsoft Core Services Engineering and Operations (CSEO)—the experts who run the critical products and services that power Microsoft—how it is benefiting from the growing feature set of Azure management tools and is set to deliver a fully automated, self-service management solution that gives the experts visibility over the company’s entire IT environment. The result? Business groups at Microsoft will be able to adapt IT services to best fit their needs.
Windows Server
What’s new in Active Directory Federation Services (AD FS) in Windows Server 2019 (Ignite video)

Active Directory Federation Services (AD FS) continues to be the #1 federation provider to login to Office 365 and has grown to power logins for over 77M users globally! AD FS is also actively used to build modern applications to power the next generation of line-of-business applications that cater to the digital transformation for modern workplaces. Learn about the exciting new and upcoming capabilities in Windows Server 2019 to securely and seamlessly sign-in users from anywhere on a variety of devices. We primarily focus on securing extranet access and enabling logins without passwords, and discuss additional security features to protect password-based logins for extranet access. We focus on new capabilities introduced to support modern applications built using OpenID Connect and OAuth. We also discuss advances made to enable smooth sign-in experiences for end users.

Windows Server 2019: What’s new and what’s next (Ignite video)

Windows Server is a key component in Microsoft’s hybrid and on-premises strategy and in this session, hear what’s new in Windows Server 2019. Join us as we discuss the product roadmap, Semi-Annual Channel, and demo some exciting new features.

Windows Server 2019 deep dive (Ignite video)

Hybrid at its core. Secure by design. With cloud application innovation and hyper-converged infrastructure built into the platform, backed by the world’s most trusted cloud, Azure, Microsoft presents Windows Server 2019.

Windows Server Upgrade Center

Do you need guidance or advice on how to upgrade from one OS to another? What consideration needs to be taken before and after upgrading? When you upgrade a Windows Server in-place, you move from an existing operating system release to a more recent release while staying on the same hardware. Windows Server can be upgraded in-place at least one, and sometimes two versions forward. For example, Windows Server 2012 R2 and Windows Server 2016 can be upgraded in-place to Windows Server 2019.

What’s new in Remote Desktop Services on Windows Server 2019 (Ignite video)

Remote Desktop Services evolved along with Windows Server to become one of the main platforms for providing users centralized access to the applications they need. In this session, learn about the enhancements in Windows Server 2019 and how these combined with the power of Azure to fit your virtualization needs.

Other RDS related Ignite sessions:

New multi-session virtualization capabilities in Windows

Migrate your virtualized client application to Microsoft Azure

Windows Virtual Desktop overview

Windows Client
The value of the Microsoft Managed Desktop

Looking for an in-depth understanding of the new Microsoft Managed Desktop offering? This is the session for you. For the first time, you have a choice to either manage your modern desktops yourself or choose the Microsoft Managed Desktop as the easiest way to delight users and free up IT – providing the best experience for users with the latest technology that is backed by Microsoft.

Deploying Windows 10 in the enterprise using traditional and modern techniques (Ignite video)

With Windows 10, we introduced the concept of Windows as a service to allow companies to remain current with the rapid release of features every six months. The key to embracing this servicing model is to move from a project-based approach to a process-based approach. Learn how to leverage both traditional and modern deployment techniques and tools ranging from System Center Configuration Manager, Microsoft Intune, Windows Update for Business, and Windows Autopilot as part of a hybrid approach to effectively deliver the bits. Learn the how and why behind Windows as a service, but, more importantly, learn which scenarios work best in which situations so that you can optimize your deployment while minimizing user impact.

Ask the experts: Successfully deploying, servicing, and managing Windows 10 (Ignite video)

In this Q&A session, we’ll address your questions and some of the common challenges (perceived or otherwise) across Windows 10 deployment planning from phased rollouts to update management and device management. Cadence too fast? Deployment too challenging? What happened to Semi-Annual Channel (Targeted)? Let tackle these questions and other issues seen in real-world deployment situations.

Microsoft 365 adds modern desktop on Azure

Windows Virtual Desktop is the best virtualized Windows and Office experience delivered on Azure. Windows Virtual Desktop is the only cloud-based service that delivers a multi-user Windows 10 experience, optimized for Office 365 ProPlus, and includes free Windows 7 Extended Security Updates. With Windows Virtual Desktop, you can deploy and scale Windows and Office on Azure in minutes, with built-in security and compliance.

Security
Strengthen your security posture and protect against threats with Azure Security Center

Security Center is built into the Azure platform, making it easy for you start protecting your workloads at scale in just a few steps. Our agent-based approach allows Security Center to continuously monitor and assess your security state across Azure, other clouds and on-premises. It’s helped many customers strengthen and simplify their security monitoring. Security Center gives you instant insight into issues and the flexibility to solve these challenges with integrated first-party or third-party solutions. In just a few clicks, you can have peace of mind knowing Security Center is enabled to help you reduce the complexity involved in security management. On September 26, at Ignite Conference we announced several new capabilities that will help you strengthen your security posture and protect against threats across hybrid environments.

Microsoft Cloud App Security and Windows Defender ATP – better together
Microsoft Cloud App Security now uniquely integrates with Windows Defender Advanced Threat Protection (ATP) to enhance the Discovery of Shadow IT in your organization and extend it beyond your corporate network. Our CASB can now leverage the traffic information collected by the Windows Defender ATP, no matter which network users are accessing cloud apps from. This seamless integration does not require any additional deployment and gives admins a more complete view of cloud app- and services usage in their organization.
How Azure Advanced Threat Protection detects the DCShadow attack
A domain controller shadow DCShadow attack is an attack designed to change directory objects using malicious replication. During this attack, DCShadow impersonates a replicator Domain Controller using administrative rights and starts a replication process, so that changes made on one Domain Controller are synchronized with other Domain Controllers. Given the necessary permissions, attackers attempt to initiate a malicious replication request, allowing them to change Active Directory objects on a genuine Domain Controller to grant persistence in the domain.
Start using Microsoft 365 to accelerate modern compliance
With more than 200 updates from 750 regulatory bodies a day, keeping up to date with all the changes is a tremendous challenge. As privacy regulations, like the General Data Protection Regulations (GDPR), continue to evolve, compliance requirements can seem complex to understand and meet. However, when you store your data in the Microsoft Cloud, achieving compliance becomes a shared responsibility between you and Microsoft. Take the National Institute of Standards and Technology (NIST) 800-53 security control framework as an example—Microsoft helps you take care of 79 percent of the 1,021 controls, and you can focus your efforts on the remaining 21 percent. Additionally, Microsoft provides you with a broad set of security and compliance solutions to more seamlessly implement your controls.
Security baseline for Windows 10 v1809 and Windows Server 2019
We are pleased to announce the draft release of the security configuration baseline settings for Windows 10 version 1809 (a.k.a., “Redstone 5” or “RS5”), and for Windows Server 2019. Please evaluate these proposed baselines and send us your feedback via blog comments below.
Out of sight but not invisible: Defeating fileless malware with behavior monitoring, AMSI, and next-gen AV
As antivirus solutions become better and better at pinpointing malicious files, the natural evolution of malware is to shift to attack chains that use as few files as possible. While fileless techniques used to be employed almost exclusively in sophisticated cyberattacks, they are now becoming widespread in common malware, too. At Microsoft, we actively monitor the security landscape to identify new threat trends and develop solutions that continuously enhance Windows security and mitigate classes of threats. We instrument durable generic detections that are effective against a wide range of threats. Through AMSI, behavior monitoring, memory scanning, and boot sector protection, we can inspect threats even with heavy obfuscation. Machine learning technologies in the cloud allow us to scale these protections against new and emerging threats.
Ensure all your users have strong passwords with Azure Active Directory Password Protection (Ignite video)
One weak password is all a hacker needs to get access to your organization’s resources and data. Come to this session to learn about Azure Active Directory password protection and how we bring cloud-powered protection to ensure strong passwords that are invulnerable to compromise.
A world without passwords (Ignite video)
Learn how the security experts in Microsoft’s Core Services Engineering & Operations team are working to eliminate passwords. This advancement is both more secure and easier for people to use!
Attack discovery and investigation with Azure Advanced Threat Protection (Ignite video)
Azure Advanced Threat Protection is a critical solution for the security operations analyst during and after an incident by providing a real-time attack timeline for forensic analysis and deep investigation into attack methodologies. Join us as we walk you through an attack kill chain and demonstrate the role Azure Advanced Threat Protection plays as part of Microsoft 365 Security.
Become the hunter: Advanced hunting in Windows Defender ATP (Ignite video)
Windows Defender Advanced Threat Protection gives incident responders insights into endpoint activity they’ve always wished they had when incidents occur. In this theater session, learn how to use advanced hunting to gain insights into endpoint data going far beyond just responding to alerts.
Discover what’s new and what’s coming in Office 365 Message Encryption and Azure Information Protection (Ignite video)
Learn about the brand new features and capabilities in Microsoft Azure Information Protection and Office 365 Message Encryption. These solutions help protect you most sensitive and important data, and we continuously invest in providing the most comprehensive set of capabilities.
Vulnerabilities and Updates
Updated version of Windows 10 October 2018 Update released to Windows Insiders

In the beginning of October we paused the rollout of the Windows 10 October 2018 Update (version 1809) for all users as we investigated isolated reports of users missing files after updating. Given the serious nature of any data loss, we took the added precaution of pulling all 1809 media across all channels, including Windows Server 2019 and IoT equivalents. We intentionally start each feature update rollout slowly, closely monitoring feedback before offering the update more broadly. In this case the update was only available to those who manually clicked on “check for updates” in Windows settings. At just two days into the rollout when we paused, the number of customers taking the October 2018 Update was limited. While the reports of actual data loss are few (one one-hundredth of one percent of version 1809 installs), any data loss is serious.

Support Lifecycle
Get ready for Windows Server 2008 and 2008 R2 end of support (Ignite video)

Windows Server 2008 and 2008 R2 were great operating systems at the time, but times have changed. Cyberattacks are commonplace, and you don’t want to get caught running unsupported software. End of support for Windows Server 2008 and 2008 R2 means no more security updates starting on January 14, 2020. Join us for a demo-intensive session to learn about your options for upgrading to the latest OS. Or consider migrating 2008 to Microsoft Azure where you can get three more years of extended security updates at no additional charge.

Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions (PDF)

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Don’t let your infrastructure and applications go unprotected. We’re here to help you migrate to current versions for greater security, performance and innovation.

Microsoft Premier Support News
To support cloud platform growth, migrations to Azure IaaS, and evolving hybrid cloud scenarios, Microsoft Services has developed an Onboarding Accelerator – Azure Infrastructure offering. This offering provides customers a scalable framework that uses Azure best practices as a baseline so that customers can build their cloud based infrastructure without having to fear if they planned correctly. Azure Architecture Planning sessions with Microsoft Azure field engineers helps to understand the current and desired states and the key infrastructure components that are needed to run production workloads in Azure. Customers will plan their future state together with Microsoft Azure field engineers. This helps field engineer to understand the customer’s needs and priorities and helps the customer to understand required steps. Microsoft Azure field engineers create documentation outlining the process to migrating toward a current state with Microsoft proven practices.
All it takes is one weak password for a hacker to get access to your corporate resources. Hackers can often guess passwords because regular users are pretty predictable. Often users create easy to remember passwords, and they reuse the same passwords or closely related ones over and over again. Hackers use brute force techniques like password spray attacks to discover and compromise accounts with common passwords. We are pleased to announce the release of the “POP – Azure Active Directory: Password Protection” that helps you eliminate easily guessed passwords from your environment, which can dramatically lower the risk of being compromised by a password spray attack. This service applies to both Azure Active Directory and Active Directory Domain Services (AD DS).
We are pleased to announce the release of WorkshopPLUS – Microsoft Identity Manager: Introduction and Technical Overview. Microsoft Identity Manager (MIM) 2016 builds upon the identity management and user self-service capabilities introduced in Forefront Identity Manager (FIM) 2010/R2 while supporting the latest Microsoft software releases. This 3-day WorkshopPLUS introduces and explains the features and capabilities of MIM 2016. It also provides an overview of the solution scenarios that MIM addresses including user, group, and password management.
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.