Another Adrian Weekly Monday Round-up!
I'm back after a much-needed week of vacation, and it seems I didn't really miss much? :D Lol jk: I missed the GA launch of Windows 365 AND my chance to get demo licensing, but I guess it was worth it to unwind for a week. Maybe. But since we'll be covering that product in greater detail in this month's webinar (it's next week!), I'll leave it for now.
Most folks know I'm a big proponent of ditching Active Directory, but it's a nuanced opinion. I spent 15 years being a huge fan of AD, but its development is dead. That doesn't mean you need to be done with it or make emergency plans to abandon it - it's just reached the end of its development lifecycle. What I often find is that there's a need to continue managing on-prem resources that may last for years, but that doesn't mean you have to continue managing new users and computers that way. My demo environment has both an Active Directory with "old" users and an Azure AD with cloud-only users & devices. Both things are valid and both work, and they can even work together with no fuss, and will likely be the topic of a future blog/event. But a question I often hear is how to let cloud users & devices access on-prem servers, and the assumption is generally that the device has to be Hybrid Azure AD joined. Turns out that's not necessarily the case (and that's GREAT news!).
Monthly updates are out, and get 'em done, because Microsoft says this time PrintNightmare is fully patched... or is it? Look for a blog about this, but suffice it to say some of the vulnerabilities have been remediated, but non-admins lose some functionality.
Late press announcement: Microsoft now offers a Top Secret cloud. I can pretty well promise that 1: you don't need it "yet," and 2: you can't buy it "yet." It's air-gapped and currently limited to 60 services (73 in regular plain-ol vanilla secret) and is way above and beyond what DFARS & ITAR customers need to worry about. But in case you DO want something to worry about, how about attackers stealing backups instead of attacking servers directly? Lots of options of how to play with the data offline and unmonitored, so make sure your backups (and backup serv-ers/-ices) are protected and only talking to trusted systems.
Stepping out of the security space for a minute, looks like Teams is getting a bunch of love from education to commercial to government. Parent connection in Teams for Education will allow Teams to leverage SDS parent/guardian attributes to enable engagement thru Teams chat, while commercial toast notifications will warn you of likely spam callers, and early next year GCC-H & DoD customers will see improvements around pre-meeting breakout room creation. I don't have specific links for these, but they're all on the published roadmap.
Ever heard of 'plus-addressing' in email? I hadn't, but it seems a great way to deal with the age-old problem of needing burner addresses for subscriptions & the like (though some web forms are already savvy to the ruse). Support has evidently been in place for Exchange Online since September 2020, but you do need to turn it on. Might be worth checking first to ensure there are no addresses with a literal plus-sign first, though, because they will break.
By: Adrian Amos