Weekly Round-Up (pre-Inspire edition)
Shout out to our VP of Sales, Cathy Redford, for getting things rolling this week with Cloud PC! Oh what's that, you've never heard of it either? Expect to hear a lot of buzz around this possibly as early as this week @ Inspire, but from what I can gather it looks like the culmination of AVD managed with Intune and pre-packaged into some standard configs. We know it's real because the link works. Is Cloud PC set to augment (or replace) MMD? Microsoft 365 customers can now benefit from 1 year of audit logs! That's a huge bump that does not require an E/A/G5 or Advanced Auditing that should be welcome news to all admins. Well not all admins, because it only works in PowerShell. Scott Hanselman gives a great walkthrough of the Windows 11 UI, which I'm sure we'll see a lot more of at Inspire. I mentioned last time that I think the firmware TVM acquisition was really to own a mass-validation tool for W11 deployments, but that hasn't slowed down the security marketing engine. A lot is being made of the current wave of firmware attacks. Oh yeah: if you're not signed up for Inspire, fix that! There's going to be a huge amount of content delivered over 2 days (July 14 & 15).
Printnightmare remains top of mind in its 2nd week, though it seems Microsoft has now released a patch for Server 2016. Additionally, Microsoft has updated their guidance in a new blog post, updated the FAQ in the CVE, and updated their documentation for restricting installation of new printer drivers. In all cases, DEPLOY THE PATCH.
Entitlement Management is getting some really awesome new capabilities: Separation of Duties is in Public Preview, and will allow orgs to define access packages that are not compatible with each other, so one user cannot hold incompatible roles, like having your CISO also be your Compliance Officer. Dynamic / auto assignments will enter private preview very soon. Bear in mind that EM is a component of AAD P2.
Azure AD Conditional Access has a really cool "Insights & Reporting" dashboard. It pulls straight from Log Analytics, so you can see impact for the entire history of your logging (not just the 30-day content displayed in the AAD GUI). It looks a whole lot like Sentinel data because it kinda is, except you don't need Sentinel to get this one: just AAD Audit Log integration with Azure Monitor. This is so cool, and I'm disappointed to say it's been there for a year:
Speaking of Sentinel, if you're tired of setting up connectors and rolling out workbooks and chasing down next steps, you're not alone, and Microsoft has your back. Solutions are in preview to enable basically 1-click end-to-end deployment of 3rd party integrations. This will be a huge play for pilot deployments and customers who want it to 'just work' without any real configuration. Final note on Sentinel deployments: there's a new monitoring agent available for on-prem devices that allows granular filtering of data at the client side, so you only ingest as much log data as you want. This could allow dramatic savings for customers who are pulling all Windows logs into Sentinel because the OMS agent only has 4 settings that range from flood-gates to insufficient.
I don't remember who said it, but someone told me a few months ago not to use Policy Sets in Endpoint Manager/Intune. They've always been in preview and they don't support the more modern category-based 'Endpoint Security' management profiles. Well they're not going away any time soon, as Microsoft just announced support for adding Settings Catalog profiles to them. Settings Catalog profiles allow Intune admins to deploy a wide array of configurations to Windows 10 and MacOS through a single profile, much like we used to do in AD to speed up logons. While I don't personally advocate pushing all settings through a single profile, it can be very helpful if you have a bunch of individual settings that don't fit in a single category but all need to be pushed together to support a single app.
Don't forget Skype for Business goes end-of-life this month. Microsoft has been known to shift deadlines in the past, but this one feels pretty solid. If you know people who are still resisting the transition to Teams, they're gonna have a bad time real soon.