Microsoft is gearing up to revolutionize Windows enterprise update management by unifying Windows Autopatch with the Windows Update for Business deployment service (WUfB-DS). This integration, set to begin in mid-September 2024 and complete by mid-October 2024, aims to streamline the update management experience within Microsoft Intune. By consolidating update capabilities into three main categories—Windows Updates, Tenant Management, and Windows Autopatch Reports—Microsoft is making it easier for users to automate and deploy updates seamlessly.
The Windows Updates category will allow users to create and assign policies for Quality, Feature, and Driver updates, ensuring devices are always up-to-date. Tenant Management will enable the organization of devices into different update rings, such as pilot, production, or test, using Autopatch groups. Additionally, the Support requests blade will facilitate the creation of tickets for further assistance. The Windows Autopatch Reports category will provide various reports to analyze update performance and troubleshoot any issues, enhancing the overall reliability of devices.
Existing customers will retain their current licensing rights, including Microsoft Intune, Entra ID Premium, and Microsoft 365/Windows 11 Enterprise E3/E5, and Microsoft 365 F3, with these rights extending to Windows 365 Enterprise. Organizations with A3, A5, and Microsoft 365 Business Premium subscriptions will also maintain their license rights for WUfB-DS capabilities.
To prepare for these changes, organizations should inform their teams and visit the Intune admin center for support. If assistance is needed, service requests can be filed through the Intune admin center. Additional details will be provided on the Microsoft documentation site post-release. This update is designed to make PC update management more efficient and user-friendly, ensuring that all necessary functionalities are maintained while simplifying the overall process.
This update is poised to make PC update management more efficient and user-friendly, ensuring all necessary functionalities are maintained while simplifying the overall process. Organizations should prepare by informing their teams and utilizing the Intune admin center for support and service requests.
Permanent link to this article: https://www.robertborges.us/2024/08/windows/unification-of-microsoft-autopatch-and-windows-enterprise-update-management/
Starting on or after October 15, 2024, Microsoft will implement a significant security enhancement by mandating multi-factor authentication (MFA) for admins accessing the Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. This requirement will also extend to any services accessed through the Intune admin center, such as Windows 365 Cloud PC. The introduction of MFA is a proactive measure to bolster security, providing an extra layer of protection against unauthorized access. Microsoft strongly recommends enabling MFA as soon as possible to take full advantage of its security benefits. For detailed guidance, admins are encouraged to review the document “Planning for mandatory multifactor authentication for Azure and admin portals.”
This change will have a direct impact on organizations by necessitating the activation of MFA for their tenants. Admins will need to ensure that MFA is enabled to maintain access to the Azure portal, Microsoft Entra admin center, and Intune admin center post-implementation. The transition to mandatory MFA underscores Microsoft’s commitment to enhancing security protocols and safeguarding sensitive information.
To prepare for this change, organizations must set up MFA before the October 15, 2024 deadline. This proactive step will ensure that admins can seamlessly access the necessary portals without interruption. In cases where setting up MFA before the deadline is not feasible, organizations have the option to apply for a postponement of the enforcement date. However, it is crucial to note that if MFA is not configured before the enforcement begins, admins will be prompted to register for MFA upon their next sign-in to the Azure portal, Microsoft Entra admin center, or Intune admin center.
The introduction of mandatory MFA is a strategic move by Microsoft to enhance the security framework of its admin portals. By requiring an additional authentication factor, Microsoft aims to mitigate the risks associated with single-factor authentication, such as password breaches and unauthorized access. This initiative reflects a broader industry trend towards strengthening security measures in response to evolving cyber threats.
Organizations are advised to communicate this upcoming change to their admin teams and ensure that all relevant documentation is updated accordingly (see Planning for mandatory multifactor authentication for Azure and admin portals). By doing so, they can facilitate a smooth transition to the new security requirements and minimize any potential disruptions. The implementation of MFA is not just a compliance measure but a critical step towards safeguarding organizational data and maintaining the integrity of admin operations.
Microsoft’s decision to mandate multi-factor authentication for admin access to key portals is a pivotal enhancement in its security strategy. This change, effective from October 15, 2024, will require organizations to enable MFA to ensure uninterrupted access for their admins. By taking proactive steps to implement MFA, organizations can significantly bolster their security posture and protect against unauthorized access. Admins are encouraged to familiarize themselves with the new requirements and prepare accordingly to leverage the full benefits of this enhanced security measure.
By mandating MFA, Microsoft is taking a significant step towards bolstering the security of its admin portals. Organizations should prepare for this change to ensure seamless access and enhanced protection for their admin operations.
Our lives have become intricately intertwined with the digital realm in a world dominated by technology. From personal communications to financial transactions, our reliance on online platforms has grown exponentially. However, as we immerse ourselves in this digital revolution, we must also acknowledge the vulnerabilities that come with it. This is where Multi-Factor Authentication (MFA) swoops in, like a magical key, to unlock the digital fortress and empower us on our journey toward a secure and seamless digital experience.
Unleashing the Digital Revolution: Embrace the MFA Magic!
The power of MFA lies in its ability to fortify our online presence by adding additional layers of security. Gone are the days when a simple password was sufficient to keep our digital lives safe. MFA combines multiple authentication factors, such as passwords, biometrics, and one-time codes, to ensure that only authorized individuals gain access to our sensitive information. By embracing MFA, we protect ourselves and contribute to the collective effort of building a more secure digital ecosystem.
Beyond the realm of personal security, MFA opens the doors to a multitude of opportunities. It enables us to explore the vast landscape of the digital world without fear of falling victim to cyber threats. With MFA, we can confidently venture into e-commerce, online banking, and remote working, knowing that our digital fortress is impenetrable. By embracing this powerful tool, we empower ourselves to embrace the infinite possibilities of the digital age.
Blast Open the Gates: Let MFA Empower Your Digital Journey!
By embracing MFA, we unleash the true potential of the digital revolution. We liberate ourselves from the constraints of traditional security measures and step into a world where innovation and creativity thrive. MFA not only protects our digital identities but also provides a solid foundation for developing groundbreaking technologies. As we secure our digital lives, we can confidently explore emerging fields such as artificial intelligence, blockchain, and the Internet of Things.
Moreover, MFA bridges the gap between user experience and security. While traditional security measures often come at the cost of convenience, MFA strikes a harmonious balance between the two. With its diverse authentication factors, MFA ensures that our digital journey remains seamless and hassle-free, allowing us to focus on what truly matters – our aspirations and ambitions in the digital realm.
In a world where our lives are increasingly intertwined with the digital realm, it is essential to embrace the power of Multi-Factor Authentication. When we enhance the security of our online presence by adding extra layers of protection, we not only safeguard ourselves but also help to establish a more secure digital environment. With MFA, we can confidently embark on our digital journey, exploring new horizons and embracing the boundless possibilities of the digital revolution. So let us unlock the digital fortress, empower ourselves, and embrace the magic of MFA!
How to Enable MFA in Windows
Implementing MFA on Windows can be done in a few steps. First, you need to enable MFA in the account settings of the online service you are using. Major services like Microsoft Accounts or Azure Active Directory provide the option to enable MFA. After enabling, you will be prompted to verify your identity using a secondary method, such as a phone call, text message, or an authenticator app.
Once you’ve enabled MFA on your account, the setup on your Windows device will mostly be automatic. After entering your password, you’ll be prompted for your secondary authentication factor. Depending on the setup, this could be a code from your authenticator app, a fingerprint scan, or a prompt on your mobile device. Your device will remember your MFA setup and use it for future logins.
How to Enable MFA on an iPhone
To implement MFA on an iPhone, you first need to head to the ‘Settings’ app. Then, tap on your name at the top of the screen to access Apple ID settings. Scroll down to ‘Password & Security’ and tap it. Here, you can turn on ‘Two-Factor Authentication’.
After turning on two-factor authentication, you’ll be asked to enter your trusted phone number. This number will be used to send verification codes when you sign in on a new device or browser. Once you’ve verified your phone number, two-factor authentication will be turned on. You’ll now receive a verification code every time you sign into your Apple ID on a new device.
How to implement MFA on Android
Enabling MFA on an Android device is a straightforward process. If you’re using Google services, start by visiting the ‘Google Account’ section in your phone’s settings. Under the ‘Security’ tab, find the ‘2-Step Verification’ option and tap on it.
After tapping ‘2-Step Verification’, you’ll be prompted to enter your password. Once your password is entered, you’ll be directed to a screen where you can choose how you’d like to receive your second form of authentication: through a Google prompt, a text, or a call to your backup phone, or by using an authenticator app. Choose the option that suits you best, follow the prompted steps, and voila! You’ve enabled MFA on your Android device.
In the business world just a couple of decades ago, a certain amount of occasional downtime was almost expected in business systems. It wasn’t uncommon for email systems, web servers, and file/applications servers to need occasional reboots, fall victim to memory leak errors, succumb to internet outages, or crash all together. Avoiding unplanned downtime was possible, but doing so tended to be very costly for a truly redundant solution. This limited the highly coveted 4 and 5 nines (9.999% and 9.9999%) of uptime to the large enterprise environments which could afford this level of redundancy.
Since then, even the smallest businesses have become less and less accepting of unplanned downtime in our production environment. After all, our internet provider connections have become much more affordable to allow redundant connections, power protection is the norm, and operating systems have become much more reliable (though at times it doesn’t always feel that way).
SaaS (software as a service) and PasS (platform as a service) solutions like Microsoft 365, Azure SQL services, Azure Virtual Desktop, Azure Front Door, and others, often build in redundancies or make them easily deployable. But what if you are still running virtual machines in the Azure cloud or in your on-premises environment?
It also goes without saying that taking the appropriate posture on cybersecurity and employing a good data backup solution is critical, but for the purpose of this discussion, I will stick to redundancy options.
Protecting Virtual On-Prem
Whether you’ve invested in Hyper-V or VMware for your virtualization hypervisor platform, there are a few things to consider.
Redundant networks – Multiple physical host adapters for management and VM traffic, preferably all connecting to different network switches.
Redundant power – Multiple power supplies in each virtualization host, each connected to a different UPS (uninterruptible power supply). Having a backup generator on top of this is a plus for any power outage beyond a few minutes.
Scale-out file server / SAN – Storage used by the hypervisors should be well thought out, allowing for resiliency not just within disk sets, but between disk arrays. Don’t just plan on individual disks failing. Disk controllers and even entire arrays can have critical issues.
VM (virtual machine) clustering – Just like everything else, virtualization hosts are not immune to having issues. Failover clustering allows a VM to automatically (or sometimes manually) start up on a different host when its primary host is either down unexpectedly or needs maintenance. Clustering in the VMware world is pretty simple leveraging vSphere. In Hyper-V, clustering is a little more complicated, but Microsoft has a lot of great resources to help you along the way. There are also some really great 3rd party tools to manage failover and make failback a cinch.
Storage Redundancy and SLAs
Storage in Azure has multiple resiliency options depending on your uptime requirements. Here are a few of Microsoft’s SLA (service level agreement) guaranteed uptimes for Azure Storage:
At least 99.99% (99.9% for Cool and Archive* Access Tiers) of the time, we will successfully process requests to read data from Read Access-Geo Redundant Storage (RA-GRS) accounts, provided that failed attempts to read data from the primary region are retried on the secondary region. Rehydration is not supported in the secondary region.
At least 99.9% (99% for Cool and Archive* Access Tiers) of the time, we will successfully process requests to read data from Locally Redundant Storage (LRS), Zone Redundant Storage (ZRS), and Geo Redundant Storage (GRS) accounts.
At least 99.9% (99% for Cool and Archive* Access Tiers) of the time, we will successfully process requests to write data to LRS, ZRS, GRS accounts, and RA-GRS accounts.
Protecting Azure Virtual Machines
Simple VMs in Azure should have at least a 95% uptime guarantee from Microsoft without any additional work. If 95% uptime is not quite good enough, there are plenty of options to improve this score considerably.
For example, you can expect a 99% SLA simply by using Premium SSD, Ultra Disk, or Premium SSD v2 for all Operating System Disks and Data Disks.
An Availability Set is two or more VMs deployed across different Fault Domains to avoid a single point of failure. When deploying two or more VM instances in the same Availability Set or in the same Dedicated Host Group, you can expect an SLA of up to 99.95%.
Availability Zones are fault-isolated areas within an Azure region, providing redundant power, cooling, and networking. They can make reliability even better with an SLA of up to 99.99% when two or more instances are deployed across two or more Availability Zones in the same Azure region.
Availability Sets and Availability Zones can be leveraged for VMs and also with Azure Virtual Desktop (AVD) to ensure a significant reduction in any single point of failure.
If you are planning an AVD deployment, then also consider On-Demand Capacity Reservations, since it will guarantee you will receive compute capacity up to the reserved quantity of VMs at least 99.9% of the time.
Microsoft has announced several changes to the Microsoft 365 cloud. These new features will be of interest to both end users and companies alike. If you’ve opted in to see preview features, some of these items may be visible now.
Microsoft Viva Connections
At this point, many people are familiar with Microsoft’s existing product, Viva Insights. Microsoft is releasing a new module to the Viva family called Viva Connections. Viva Connections helps users stay connected with the latest and greatest communications. The goal is to empower users to take a more active role in their data and collaboration and allow users to interact with content more than ever before by commenting and reacting.
The main interface to Viva Connections is the dashboard, which is customizable. The interface becomes a gateway to a more modern employee experience. Viva Connections allows users to save a SharePoint article for later consumption and provides a platform for the company to push announcement videos to users. Viva Connections is currently in public preview and can be viewed from within Microsoft Teams. Here are some examples of the new interface (courtesy of Microsoft):
While Viva Connections is the hot topic making the headlines, there are several other new features coming to the Microsoft 365 cloud.
One Player Video Playback in OneDrive/SharePoint
Changes to the video controls in SharePoint and OneDrive for Business will allow you to pop-out video for a more immersive experience. The new pop-out video provides new options to change playback speed from 0.5x up to 2x, and skip forward and back by 10 seconds. This new functionality makes reviewing videos, such as recorded meetings, easier and more efficient.
For example, Whiteboards will no longer be stored in SharePoint, but rather in the OneDrive of the creator. Also, Yammer now allows for nested replies, which improves conversation experience and keeps things in context.
Teams – Reply to Message
Microsoft Teams now allows users to respond to a specific message within a thread or conversation. Previously, you could reply to a whole conversation, but this was confusing when someone replied to a message further in the past. When replying to a specific message, a copy of the original message is quoted for reference.
Changes to SharePoint Online
The text web part in SharePoint is getting a minor update. Now you can paste images into a text web part. This automatically creates a gap around the pasted image so that text wraps as desired. There are also options to align to the left, right, and center. Also, formatting is updated so that spacing between headers and body, and between bullet points, is reduced slightly.
SharePoint Navigation in team sites can be switched between vertical and horizontal. You can now choose the design (left or top navigation) that works best for your team.
Share a list with a hyperlink. Now, the same rules that apply to sharing files/folders now also apply to sharing a list.
Microsoft Lists applied filters are being updated. You can now see which filters are applied. With a single click, you can view and adjust your filters, making this process a little more seamless.
Changes to Microsoft Planner
Microsoft is updating Recommended Plans in the Planner service. Now you can discover plans that are relevant to your work. This makes it easier to find tasks that are assigned to you but you haven’t noticed yet. Recommended Plans can be found in the left pane between Favorites and Recent.
There are also new options for managing Planner tasks. Previously, you could only move tasks between plans within the same team. Now users can move tasks to any Planner plan across Teams. To use this, click on the ellipse menu in the upper right corner of a task, and select Move task.
While most of these are not gigantic leaps forward, this shows a constant evolution that makes the Microsoft cloud better for everyone.
Since the Microsoft Ignite conference in early November, I have been reviewing the Surface Go device to see how useful it is to someone like me. For this review unit, I opted for the matching surface keyboard and pen. My daily driver laptop is a Lenovo ThinkPad T460 which is rock solid and where I run my work applications. The purpose of using the Surface Go was not for it to be a replacement for my work computer, but rather an in-between device. Something that can handle most of my personal computing needs. There are a few different models available, but I chose a model with an Intel Pentium 4415Y CPU, 128 GB of storage, and 8 GB of RAM. This device comes with Windows 10 Home in S-Mode. For this testing period, I kept Windows in this mode so that I was testing an out-of-the-box experience.
Windows S Mode
If you aren’t familiar with S-Mode, you’re not alone. This is a relatively new mode in Windows Home and Pro which only allows the system to run applications from the Windows Store. This means no downloading and installing applications or games from vendor websites. All applications must come from the Windows Store. This has a few different benefits:
The store is somewhat curated, so it is less likely that you will download malicious software.
Running Windows Store applications only means the computer will run more efficiently. This results in very few apps running in the background. On most Windows 10 computers, background applications normally kill battery life, slow the system by taking up compute resources, and slow the boot process (since all these apps need to load when you log in).
With the efficiencies of Windows in S-Mode, the Surface Go boots up very quickly so you can start working quickly. Battery life is also pretty good for such a small battery.
If Windows S-Mode isn’t for you, it can be disabled so you can run whatever Windows applications you’d like. However, given that this device has such low-end specs, it may not be advisable to do so.
Display
Screen size is smaller than the other members of the Microsoft Surface family, but I found it adequate for most tasks. At 1800×1200, the resolution is not bad for a screen this size. The drawback is when you zoom in more than 125%, as your apps don’t fit normally on the screen vertically. I have been keeping my screen zoom at 150%, and deal with the screen real estate loss by hiding ribbon bars and such. I find this zoom level perfect for me so I’m not straining to read text with or without my glasses. Overall, I was pleasantly surprised by the screen.
Performance
As you may expect, a 1.6 GHz Pentium processor does not provide very much horsepower in this day and age. It is no secret that the Surface Go does not have the power you’d need to run applications like SolidWorks or Photoshop. For example, I ran into issues filtering data on a rather large Excel spreadsheet. Then again, this device isn’t designed to be your daily driver. The performance shortcomings are saved by Windows S-Mode and how it handles applications.
When connected to a USB-C hub with an external monitor, I did notice graphic distortions when the system was being taxed, even if the screen showed nothing other than the Windows desktop.
Surface Type Cover
As with the other Surface tablets, the Surface Go Type cover protects the screen when closed, and has a built-in keyboard. When open, the keyboard can either lay flat on the table or be wedged up against the screen for a more comfortable typing experience. Surprisingly, the biggest hurdle for me was not Windows running in S-mode or the low-end processor installed, but rather the keyboard. The Surface Go’s Type keyboard is smaller than just about any other computer keyboard I’ve ever used. Not only are keys re-arranged to maximize the use of space, but the keys are considerably smaller and the throw is shorter. It took me a couple of days to get to a point where I could type a complete sentence without typos.
The keyboard is also loud. This isn’t noise from the key travel, but the fact that there is a void between the keyboard and the table below it, resulting in a drum-like sound when typing.
Surface Pen
Like previous Surface tablets, the Surface Pen (sold separately) can magnetically attach to the side of the screen. This keeps it handy for whenever you want it. When storing the Surface Go in my bag, the pen would pop off. Storing the device on its side with the pen side up, resolved this problem. Long term, it probably makes more sense to keep the pen in a safe place (like a pen holder slot) in the bag.
Small Footprint
I found the Surface Go’s size was great for meetings. The smaller footprint is less intrusive in a meeting than a laptop. If you’re a person who prefers using the pen, then there are obvious benefits there as well. Even with the keyboard, I found it very easy to store the Surface Go in my bag along with my laptop.
The size and weight (about 1.15 lbs.) of this device make it very portable and relatively easy to hold for long periods. I decided to test this device by running a meeting PowerPoint presentation, and it went better than I expected. I was able to easily connect to the wireless display (Wi-Di) and control my PowerPoint slides by holding the tablet in my hand. It also put my notes right in front of me, making the conversation with the audience more natural. I found this much less distracting and more seamless. This is my new preferred way to control slide decks during meetings.
One issue I ran into while presenting was screen auto-rotate. Whenever I moved the tablet so that It auto rotated from landscape to portrait, the wireless display would refresh resulting in the audience staring at a Windows desktop instead of the presentation. I don’t know if this issue was caused by Windows or PowerPoint, but disabling auto-rotate prevented this from happening.
I read that the Surface pen can also be used to change slides by clicking a button, but I didn’t have time to get that working.
Storage and Communication
The Surface Go comes with either a 64 GB or 128 GB solid-state drive (SSD), depending on the model you choose. The model I am using has the latter. I did not run into any storage issues during my testing, but there is also a Micro SD slot on the back for additional local storage.
I opted for the WiFi-only model, but there is a model available with a 4G radio as well. Since I was using this where I knew there was reliable Wi-Fi or could put my phone into a Wi-Fi hotspot mode, I didn’t feel I needed this. If you re considering the Surface Go as a device always on the go and need to stay connected, then you may want to splurge for the 4G model.
Price
As of the time I’m writing this, all Surface Go models come with an Intel Pentium 4415Y processor.
The Surface Go keyboard, pen, and mouse are all optional and are available in various colors.
Overall, I found that this is a useful size whether you are presenting, taking notes, or just need a lightweight computer to use around the house. I was expecting to hate this device because of the performance, but I didn’t. The Surface Go is by no means a replacement for a high-end daily driver, but it might meet the needs of those times when you don’t need that heavy computing power.
Traditionally Windows VMs (virtual machines) in Azure would include a Windows Server Datacenter license. The cost of this license was built into the hourly/monthly fee for that VM. This made systems easy to roll out using the GUI wizards and made licensing a cinch. If you are moving existing virtual machine workloads to the cloud, this can be expensive since you paying again for licenses you’ve already purchased.
According to their new announcement, Microsoft says “now you can move your existing Windows Server licenses to Azure when you extend your datacenter to the cloud. With the Azure Hybrid Use Benefit, you can use on-premises Windows Server licenses that include Software Assurance to run Windows Server virtual machines in Azure at the base compute rate.” Continue reading
One of the more controversial features of Windows 10 is Wi-Fi Sense. Though it has been on Windows Phone for some time, this is a new feature of Windows 10. Wi-Fi Sense allows you to share access to a wireless network with your friends on social media sites like Facebook. Wi-Fi Sense also allows you to connect to wireless networks shared by your social media friends. Continue reading
Imagine if you could set up single sign-on for your online services with just the check of a box, and allow all of your users to authenticate to services such as Office 365 automatically. Imagine you could do this without the complexity of ADFS and the many hours of planning and implementation that go along with it.
On Wednesday, Microsoft announced the public preview of Azure Active Directory Connect pass-through authentication. This new method of authentication allows for a single sign-on (SSO) experience without the need for Active Directory Federation Services (ADFS). Continue reading
Permanent link to this article: https://www.robertborges.us/2016/12/cloud-computing/public-preview-azure-active-directory-connect-pass-through-authentication/
In my previous post titled Backing Up Azure ARM VMs with new Azure Recovery Services, I discussed a new feature set which was in Preview (A.K.A. beta). Before the Preview of Azure Recovery Service, we could backup “Classic” Azure VMs (virtual machines) by using Azure Backup, but not VMs created with the newer Azure Resource Monitor (ARM). Azure Recovery Service was not feature-complete, but it was the first time we could backup Azure VMs built using the new Azure Resource Monitor (ARM).
The public preview of Azure Recovery Service was a success, and now we have a final version with a new name: Backup and Site RecoveryContinue reading
Up until now, Microsoft has guaranteed a 99.5% uptime SLA for IaaS (Infrastructure as a Service) virtual machines. While this level of uptime is very good, it is not enough for critical applications which require 24×7 access. Continue reading
Today, in an announcement by Microsoft’s Remote Desktop Team, Azure RemoteApp is being retired. Microsoft Azure RemoteApp is an application virtualization platform in the cloud. Using Remote Desktop technology, applications can be presented to users without the need of installing anything on the user’s computer. In addition to ease of management, it allows users to access applications securely on just about any device with internet access. Azure RemoteApp was launched less than two years ago. Continue reading
Microsoft has introduced the new Azure Preview Portal to create and manage your Microsoft Azure environment. This new portal is not only easier to use, but provides more detailed information and lots of new functionality.
While there are still a few items which cannot yet be managed using the new portal (such as Azure Backup), most can. There is even a new generation of many object types giving additional levels of security and usability. Continue reading
If you’re an Office 365 Enterprise customer, there is news from Microsoft. OneDrive for Business storage will be increased from 1 TB to 5 TB allocated storage per user. This is some good news in the wake of Microsoft announcing it was not going to honor its claim of unlimited storage for OneDrive (personal not business). Continue reading
Have you ever noticed how a server tends to slow down over time? No, this isn’t simply your server getting old and tired. This is often caused by the same server needing more and more memory (RAM) as time passes. There are good reasons why this happens, and ways to minimize the effects. Here are a few common reasons why a server requires more memory as time goes on. Continue reading