Infrastructure + Security: Noteworthy News (November, 2018)

Hi there! This is Stanislav Belov here, and you are reading the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure
A window to the cloud: Microsoft unveils new Azure Cloud Collaboration Center

As more businesses around the world adopt Azure — including 95 percent of the Fortune 500 — Microsoft has introduced a powerful new solution to enhance the performance and security of its cloud. The Azure Cloud Collaboration Center (CCC) is a new, state-of-the-art, 8,000-square-foot facility on Microsoft’s Redmond, Washington corporate campus. The centralized workspace allows engineering teams to come together to resolve operational issues and unexpected events that could impact customers.

Microsoft Azure portal November 2018 update
This month, we’re introducing a new way for you to switch between different Azure accounts without having to log-off and log-in again, or working with multiple browser tabs. We’ve also made enhancements to the way you find what you need in the Azure Marketplace, to the management experience for Site Recovery, Access Control, and database services.
What’s new in PowerShell in Azure Cloud Shell
At Microsoft Ignite 2018, PowerShell in Azure Cloud Shell became generally available. Azure Cloud Shell provides an interactive, browser-accessible, authenticated shell for managing Azure resources from virtually anywhere. With multiple access points, including the Azure portal, the stand-alone experience, Azure documentation, the Azure mobile app, and the Azure Account Extension for Visual Studio Code, you can easily gain access to PowerShell in Cloud Shell to manage and deploy Azure resources.
Simplified restore experience for Azure Virtual Machines
Azure Backup now offers an improved restore experience for Azure Virtual Machines by leveraging the power of ARM templates and Azure Managed Disks. The new restore experience directly creates managed disk(s) and virtual machine (VM) templates. This eliminates the manual process of executing scripts or PowerShell commands to convert and configure the .VHD file, and complete the restore operation. There is zero manual intervention after the restore is triggered making it truly a single-click operation for restoring IaaS VMs.
Azure status
Check the current health of Azure services by region and product, or create your own personalized dashboard.
Holiday season is DDoS season
DDoS is an ever-growing problem, and the types of attacks are getting increasingly sophisticated. More importantly, DDoS attacks are often used as a “smokescreen,” masking more malicious and harmful infiltration of your resources. The technology to create DDoS attacks continues to increase in sophistication while the cost and ability to instigate these attacks get more and more accessible. Therefore, driving up the frequency and ease at which criminals can wreak havoc on businesses and users.
What is group-based licensing in Azure Active Directory?
Microsoft paid cloud services, such as Office 365, Enterprise Mobility + Security, Dynamics 365, and other similar products, require licenses. These licenses are assigned to each user who needs access to these services. To manage licenses, administrators use one of the management portals (Office or Azure) and PowerShell cmdlets. Azure Active Directory (Azure AD) is the underlying infrastructure that supports identity management for all Microsoft cloud services. Azure AD stores information about license assignment states for users.
Windows Server
Express updates for Windows Server 2016 re-enabled for November 2018 update

Starting with the November 13, 2018 Update Tuesday, Windows will again publish Express updates for Windows Server 2016. Express updates for Windows Server 2016 stopped in mid-2017 after a significant issue was found that kept the updates from installing correctly. While the issue was fixed in November 2017, the update team took a conservative approach to publishing the Express packages to ensure most customers would have the November 14, 2017 update (KB 4048953) installed on their server environments and not be impacted by the issue.

Use Azure Site Recovery to migrate Windows Server 2008 before End of Support

Don’t let the name fool you. Azure Site Recovery (ASR) can be used as an Azure migration tool for 30 days at no charge. It has been used for years to support migration of our 64-bit versions of Windows Server, and we are pleased to announce it now supports migration of Windows Server 2008 32-bit applications to Azure Virtual Machines.

Server Core and Server with Desktop: Which one is best for you

For most server scenarios, the Server Core installation option is the best (and recommended) choice. A Server Core installation is almost entirely headless, light weight, and ideally suited for large datacenters and clouds, both physical and virtual. Server Core’s smaller footprint comes with a smaller attack surface, making it less vulnerable than the Server with Desktop Experience option. That same smaller footprint means Server Core requires less disk space and consumes less of your network bandwidth (when you migrate VMs or roll out a large environment). With the new Windows Admin Center management capabilities, Server Core is easier than ever to manage, whether you like PowerShell scripts or a modern, graphical portal.

Windows Client
What’s new in Windows 10, version 1809

In this article we describe new and updated features of interest to IT Pros for Windows 10, version 1809. This update also contains all features and fixes included in previous cumulative updates to Windows 10, version 1803.

Security
Detecting fileless attacks with Azure Security Center

As the security solutions get better at detecting attacks, attackers are increasingly employing stealthier methods to avoid detection. In Azure, we regularly see fileless attacks targeting our customers’ endpoints. To avoid detection by traditional antivirus software and other filesystem-based detection mechanisms, attackers inject malicious payloads into memory. Attacker payloads surreptitiously persist within the memory of compromised processes and perform a wide range of malicious activities.

PAW deployment guide
There a few different options to deploy PAW, in this blogpost, we’ll focus on the solution which was evaluated in the PAW TAP program. The general feedback was positive, and customer liked the singled device configuration. The solution leverages the shielded VM built in Windows 10 1709 to run secure workload, it includes the client configuration (end user device) and server backend.
Leverage Azure Security Center to detect when compromised Linux machines attack
When an attacker compromises a machine, they typically have a goal in mind. Some attackers are looking for information residing on the victim’s machine or are looking for access to other machines on the victim’s network. Other times, attackers have plans to use the processing power of the machine itself or even use the machine as a launch point for other attacks. While on Linux virtual machines (VM) in Microsoft Azure we most commonly see attackers installing and running cryptocurrency mining software. This blog post will focus on the latter when an attacker wants to use the compromised machine as a launch point for other attacks.
The evolution of Microsoft Threat Protection, November update
At Ignite 2018, we announced Microsoft Threat Protection, a comprehensive, integrated solution securing the modern workplace across identities, endpoints, user data, cloud apps, and, infrastructure. Engineers across teams at Microsoft are collaborating to unlock the full, envisioned potential of Microsoft Threat Protection. Throughout this journey, we want to keep you updated on its development.
What’s new in Windows Defender ATP
We added new capabilities to each of the pillars of Windows Defender ATP’s unified endpoint protection platform: improved attack surface reduction, better-than-ever next-gen protection, more powerful post-breach detection and response, enhanced automation capabilities, more security insights, and expanded threat hunting. These enhancements boost Windows Defender ATP and accrue to the broader Microsoft Threat Protection, an integrated solution for securing identities, endpoints, cloud apps, and infrastructure.
Windows Defender Antivirus can now run in a sandbox
Windows Defender Antivirus has hit a new milestone: the built-in antivirus capabilities on Windows can now run within a sandbox. With this new development, Windows Defender Antivirus becomes the first complete antivirus solution to have this capability and continues to lead the industry in raising the bar for security. Putting Windows Defender Antivirus in a restrictive process execution environment is a direct result of feedback that we received from the security industry and the research community. It was a complex undertaking: we had to carefully study the implications of such an enhancement on performance and functionality. More importantly, we had to identify high-risk areas and make sure that sandboxing did not adversely affect the level of security we have been providing.
Vulnerabilities and Updates
ADV180028 | Guidance for configuring BitLocker to enforce software encryption

Microsoft is aware of reports of vulnerabilities in the hardware encryption of certain self-encrypting drives (SEDs). Customers concerned about this issue should consider using the software only encryption provided by BitLocker Drive Encryption™. On Windows computers with self-encrypting drives, BitLocker Drive Encryption™ manages encryption and will use hardware encryption by default. Administrators who want to force software encryption on computers with self-encrypting drives can accomplish this by deploying a Group Policy to override the default behavior. Windows will consult Group Policy to enforce software encryption only at the time of enabling BitLocker.

Resuming the rollout of the Windows 10 October 2018 Update

In early October, we paused the rollout of the Windows 10 October 2018 Update as we investigated isolated reports of users missing files after updating. We take any case of data loss seriously, and we have thoroughly investigated and resolved all related issues. For our commercial customers, the re-release date of the Windows 10 version 1809 is November 13, 2018 (this includes Windows Server 2019 and Windows Server, version 1809). This date marks the revised start of the servicing timeline for the Semi-Annual Channel (“Targeted”) release.

Support Lifecycle
End of Support for SCEP for Mac and SCEP for Linux on December 31, 2018

Support for System Center Endpoint Protection (SCEP) for Mac and Linux (all versions) ends on December 31, 2018. Availability of new virus definitions for SCEP for Mac and SCEP for Linux may be discontinued after the end of support. This discontinuation may occur without notice. If you are using any version of SCEP for Mac or SCEP for Linux, plan to migrate to a replacement endpoint protection product for Mac and Linux clients.

Extended Security Updates for SQL Server and Windows Server 2008/2008 R2: Frequently Asked Questions (PDF)

On January 14, 2020, support for Windows Server 2008 and 2008 R2 will end. That means the end of regular security updates. Don’t let your infrastructure and applications go unprotected. We’re here to help you migrate to current versions for greater security, performance and innovation.

Products reaching End of Support for 2018

Products reaching End of Support for 2019

Products reaching End of Support for 2020

Microsoft Premier Support News
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.