by Contributed | Feb 22, 2021 | Technology
This article is contributed. See the original author and article here.
In this series, Microsoft identity team members share their reasons for loving passwordless authentication (and why you should too!). In this post, Sue Bohn continues the series by sharing another benefit of passwordless.
I love passwordless because of how much customers benefit from the increased security and convenience that one passwordless option offers in particular—security keys. At Microsoft Ignite 2019, we showcased Azure Active Directory support for FIDO2 security keys. During an Ignite side chat with Joey Snow, I showed the audience my personalized security key with a bling decal, conveniently attached to my bracelet. It makes it so easy to quickly access it to sign into my personal or work accounts.
My security key provides not only strong authentication but also works with multiple online services in addition to Azure AD. With security keys, you simply insert the key into your Windows 10 machine (via USB, NFC, or Bluetooth), the key authenticates your identity, and you can start working right away. And it doesn’t require typing upper and lowercase letters, numbers, a special character, and your favorite emoji!! A security key is especially handy when devices are shared or when you cannot bring you phone into your place of work, such as a factory floor or retail store. Security keys are so portable you can even wear it!
In the past 18 months, thousands of organizations are trying the experience. Enterprise customers have been piloting passwordless authentication with their security departments and their executive teams to increase identity protection. For example, Keepmoat Homes wanted to modernize the authentication experience for their employees and make it portable, so they chose Windows Hello for Business and Yubikeys which they say provided “the most secure form of single sign on and multifactor authentication with a frictionless end user experience.” During the US election last year, we saw security key adoption by campaigns, thinktanks, and other government entities as part of Microsoft’s Account Guard program. Because security key uses FIDO2 standards, it mitigates phishing attacks and offers more security to use with digital services.
Top security keys
With a growing number of people interested in using security keys for authentication, our team recognizes the need to create a robust partner ecosystem. This gives our customers more choices in form factors including biometrics. You can check out the Microsoft Compatible Security Key partner list, a list of several devices from security key providers that have been tested with Azure Active Directory and Windows 10.
A broad ecosystem gives our customers choice in keys that deliver a higher fit to our customers’ needs. Today our customers tell us the key form factors they most often use are USB-based factor, NFC, and smartcards. Nearly 40% of the universally used security key models have a fingerprint reader. If you’re not sure which one to select, consider these top 7 security keys vendors, based on usage with Azure AD*:
- Yubico
Yubico’s Yubikey 5 NFC (Near Field Communication) (link)
|
Yubico’s Security Key (link)
|
|
|
If you are a Systems Integrator (SI) interested in building your passwordless practice, register for Yubico’s System Integrator Pilot Program.
- Feitian
Feitian BioPass K27 (link)
|
Feitian ePass FIDO2 NFC Authenticator (link)
|
|
|
Enterprise customers interested in piloting FIDO2 keys can register for Feitian’s Pilot Program.
- Ensurity
Ensurity ThincC (link)
|
|
- Thales
Thales IDCore FIDO2 Authenticator (link)
|
|
- TrustKey (Formerly eWBM)
TrustKey G310 (link)
|
|
- AuthenTrend
AuthenTrend ATKey.Pro FIDO2 (link)
|
AuthenTrend ATKey.Card (link)
|
|
|
Small business customers interested in piloting AuthenTrend’s FIDO2 key and card can register here.
- HID Global
HID Cresendo C2300 (link)
|
|
Get in touch!
I hope you find this blog useful, and perhaps I inspired you to glam up your own security key! Please get in touch with me (@Sue_Bohn) and our Security Key partners if would like more information about the ease of use and portability of FIDO2 security keys and how they might work in your own organization.
Cheers,
Sue
*Based on Security Key usage with Azure Active Directory is as of Feb 2021. We highlight up to two keys per brand. Microsoft takes privacy seriously. We remove all personal data and organization-identifying data, such as company name, from the data before using it to produce reports. We never use customer content such as the content of an email, chat, document, or meeting to produce reports.
Check out the other posts in this series:
Learn more about Microsoft identity:
by Contributed | Feb 22, 2021 | Technology
This article is contributed. See the original author and article here.
This blog post grew out of a conversation with one of my Microsoft colleagues about how one would push a Planner task to Azure DevOps – and the scenario was that they are very happy with the Message Center to Planner integration as a means to triage changes as they come through – but to actually execute on the changes they would normally use Azure DevOps. So I got my thinking cap on and took a look at what was available in Power Automate.
Planner is somewhat limited in direct actions and triggers, but of course you can use the Graph API too once you get a Flow started – but the trigger is what you need here and I wanted to avoid a timer job just looking in Planner. The “On completed” trigger seemed like the best approach, as if you were carrying out the work in Azure DevOps (or Project) then the plan task could be closed. Then with the number of supported labels increasing in the very near future I thought that, combined with a complete task, would get me started.
Power Automate then has an action to read the Planner labels, so I could check if the task needed to go to Azure DevOps – and if so use the “Create a work item” action.
In this example I decided to create as a Feature – and in the description I crafted a link that would navigate back to the Planner task to get the full information. A proper job here would probably involve a few more steps to read the information and populate it into Azure DevOps, but as a quick proof of concept it worked for what I needed.
And here is my newly created Azure DevOps feature.
My next thought was – that nice – but what if I want to use Project Online or the new Project to manage a Microsoft 365 change? (The eagle eyed may have already seen the :Send to Project Online and Send to PfW in my labels list) so I extended my Flow to also look at those labels and react accordingly.
It is important to mention here that I am creating these as projects in Project Online and Project for the web – and not as tasks – as the assumption is that you would use this when you needed more than just a task (otherwise why not leave in Planner?). Likewise for Azure DevOps – I created a feature but there may well be other entities added to deliver the change.
For the examples I’ve used I’ll admit that these could probably just have been handled in Planner – as I can’t imagine our adding of text predictions justifies a complete project plan to ready users…
And in the new Project we see the other task turned to a plan – in this case in a different environment than the default using the new flexible deployments option.
The Flow was pretty basic adding these two too – just a condition driven by the label that was applied, then the Create a new Project for Project Online (as the description doesn’t support HTML I didn’t create the href):
and for the new Project in the Dataverse environment I used the following:
The tricky piece here was working out what the GUIDs needed to be, and I used the option to open the datasets in Excel to get a good look at the GUIDs so I could test out and confirm what these needed to be. You can do this (permissions allowing) by going to make.powerapps.com, selecting the environment, then under Data, Tables select the table of interest (set filter to “All”) then use the “Edit data in Excel option (don’t get too excited – you can’t really edit the data for this Project stuff in Excel).
Calendar Id can be found from the Calendar column of the Work template table – in my case I only had one work template, the default – so not problem using just this one – you might need to have some way to choose if your config is more complex.
Contracting Unit can be found as the Contracting Unit column in the Project table – and again I just had one so ok to hard code – your mileage may vary (Don’t confuse it with the Contracting Unit (Lookup) field…).
Project Manager comes from the Project Manager column in the Project table, and has its origins in the User table and the User column. It is NOT the same as the AAD GUID.
Like the Azure DevOps example you’d probably want to add a few more steps to pull more information in – and I did skip a big “gotcha” on the Project Online side – as Project Online does not allow certain characters in a Project name I chose my example carefully. You’d need to swap out any occurenace of the following characters – : .(period) ” / : ; | ? ‘ < > * # ~ % { } +.
Finally – a screenshot of the whole Flow:
Let me know what you think – and what would make managing Microsoft 365 changes easier?
by Contributed | Feb 22, 2021 | Technology
This article is contributed. See the original author and article here.
Microsoft Access application development has been a favorite of mine for many years, because it lends itself to a rapid application development cycle and can provide a cost-effective custom solution for small businesses. I want to illustrate this with two examples of recent projects I have completed.
Client 1 – 2nd generation retail business taking over from 1st generation businesses
Problem – Payroll commission computation was time consuming and error prone. Inputs came from 2 different enterprise sources and were not in a clean format.
Solution – Access is terrific for merging Excel based exports from enterprise databases like point of sale and employee timecard systems.
- Prior to importing, the Excel workbooks were massaged with VBA code to cleanse and reformat.
- Saved Access imports were then used to import the data from Excel.
- Data was then merged via Access queries.
- A simple form was developed to step the payroll officer through the commission calculation process. This included 2 imports and 3 reports.
- The first report was designed to allow the payroll officer to review the computed commissions for accuracy.
- The second report split the first report up by sales rep and emailed the reports to the individual reps.
- The final report was an Excel based export in the format the accountant needed to complete the payroll.
Impact and Learnings – The payroll officer absolutely loved the end product! The steps of the solution follow the same process she was familiar with, but saved her hours of tedious work and provided greater accuracy in the resulting reports.
A strength of Access is its ability to easily integrate with other products in the Office platform and make use of the strengths of products like Excel and Outlook, and this project shows that the combination of Access queries and VBA code can be used to apply even complicated business rules.
Client 2 – Professional business needing to generate lots of client based letters
Problem – Letters have lots of data fields in them. Word mail merge was routinely failing and often error prone to set up. It also resulted in one document that included all clients’ letters. Documentation of what was sent to whom was problematic.
Solution – Word mail merge can be difficult to work with. This was further complicated in this instance since the data resided in an encrypted Access database due to the sensitive nature of the client data. The simpler solution was to push the data TO Word instead of pull it FROM Access.
- Since the business used a wide variety of letters, the solution allows them to add Word Templates (built in Word) to a table in Access
- They then map named Content Controls from the template to fields in an Access client query.
- A form was developed to allow the professional to run a premade Access Query, or filter on predefined fields in the client query, to find the clients whom they wished to create a letter for.
- Then they select the letter they want and the directory they want the resulting letters to be placed in.
- With VBA code behind the Form, the Word template is opened, and for each client selected, a Word document is produced with merged data from that client record using the previously setup mapping.
- Each letter is saved to the chosen directory with a standard naming convention.
Impact and Learnings – The business users of this solution love the ease at which they can now generate and archive client letters. Gone are crashing, error prone, or time consuming Word mail merges. The super user who sets up the templates and mappings finds the solution easy to use and right on target with their goals.
Again, this project shows the strength of Access’ easy integration with other products across the Office platform; this time with Word. Although Word mail merge allows you to select and filter data, Access is much stronger at organizing and querying data. Understanding and using the best tool for a project is key. This project also enables the user to self-serve by creating additional Word templates on their own, and then easily set those up to be used from the Access application.
Maria Barnes is the President of Barnes Business Solutions, Inc. She has 35 years of Software Design and Programming Expertise and specializes in Access and SQL Server databases. She has been named an Access MVP by Microsoft since 2018. Maria publishes a monthly newsletter and is the chapter president of AccessUserGroups.org Lunchtime chapter. You can reach Maria at mbarnes@BarnesBusinessSolutions.com
by Contributed | Feb 22, 2021 | Technology
This article is contributed. See the original author and article here.
In this video, we look at how to use Microsoft Partner Center Ingestion API for managing “Azure Application” offers in Azure Marketplace.
Document called “Partner Center submission API to onboard Azure apps in Partner Center” provides some high-level information on how to create a Service Principal, add it to the Partner Center account, and use it to obtain access_token from Azure Active Directory. The document also points to the Swagger defining the API methods, but it does not provide specific examples for the sequences for the API calls required to manage Azure Application offers.
In this video walkthrough, we go a bit deeper and look at how to use Postman to invoke the multiple REST methods of the Partner Center Ingestion REST API and how these calls “map” to the Partner Center Commercial Marketplace UI experience.
You can download my Postman collection here.
Note: This video is specifically about the “Azure Application” offer type. If you are looking at how to manage “Virtual Machine” offers, please see “Using CPP API for managing Virtual Machine offers in Azure Marketplace”.
Video Walkthrough
Tip: Play the video full screen to see all of the details.
Approximate Mapping of Partner Center UI to the Ingestion APIs
So, should we use Partner Center API or Cloud Partner Portal CPP API?
Answer: It depends on the “offer type”
- Azure Application Offers: api.partner.microsoft.com/ingestion/v1 (described in this article)
- VM Offers (and a few other types): cloudpartner.azure.com (described in the related article)
Originally published at https://arsenvlad.medium.com/using-partner-center-ingestion-api-for-managing-azure-application-offers-in-azure-marketplace-b47b290dd947 on September 10, 2020.
by Contributed | Feb 22, 2021 | Technology
This article is contributed. See the original author and article here.
Update 2102 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released. Configuration Manager ships with several hundred reports by default, and you may have added more to that list. Instead of continually searching for reports you commonly use, based on your UserVoice feedback, you can now make a report a favorite. This action allows you to quickly access it from the new Favorites node.
Favorite reports node
This preview release also includes:
Improvements to the collection relationships viewer – Starting in current branch version 2010, you can view dependency relationships between collections in a graphical format. The relationships for a collection were presented as two hierarchical trees, one for dependents and the other for dependencies. In this release, you can view both dependency and dependent relationships together in a single graph. This change allows you to quickly see an overview of all the relationships of a collection at once and then drill down into specific related collections. It also includes other filtering and navigation improvements.
Download Power BI report templates from Community hub – Community hub now supports contributing and downloading Power BI report template files. This integration allows administrators to easily share and reuse Power BI reports. Contributing and downloading Power BI report template is also available for current branch versions of Configuration Manager.
Improvements to BitLocker support via cloud management gateway – In current branch version 2010, you can manage BitLocker policies and escrow recovery keys over a cloud management gateway (CMG). This support included a couple of limitations. Starting in this technical preview release, BitLocker management policies over a CMG support the following capabilities:
- Recovery keys for removable drives
- TPM password hash, otherwise known as TPM owner authorization
Improvements to query preview – You now have more options when using the collection query preview. The following improvements have been made to previewing collection queries:
- Limit the number of rows returned.
- Omit duplicate rows from the result set.
- Review statistics for the query preview such as number of rows returned and elapsed time.
Improvements to collection evaluation view – The following improvements were made to the collection evaluation view:
- The central administration site (CAS) now displays a summary of collection evaluation status for all the primary sites in the hierarchy
- Drill through from collection evaluation status queue to a collection
- Copy text to the clipboard from the collection evaluation page
- Configure the refresh interval for the collection evaluation statistics page
TLS certificate pinning for devices scanning HTTPS-configured WSUS servers – Further increase the security of HTTPS scans against WSUS by enforcing certificate pinning. To enable this behavior, add certificates for your WSUS servers to the new WindowsServerUpdateServices certificate store on your clients and enable certificate pinning through Client Settings. This setting ensures that your clients will only be able to communicate with WSUS when certificate pinning is successful.
Change foreground color for Software Center branding – Software Center already provides various controls for you to customize the branding to support your organization’s brand. For some customers, their brand color doesn’t work well with the default white font color for a selected item. To better support these customers and improve accessibility, you can now configure a custom color for the foreground font.
Changes for CMPivot – We’ve temporarily disabled the Simplified CMPivot permissions requirements that were introduced in technical preview version 2101. If you removed the Read permission on SMS Scripts and the default scope permission, re-add the permissions.
Improvements to client setting for Software Center custom tabs – Technical preview version 2101 included a new client setting for displaying Software Center custom tabs. There are general improvements to this feature in this technical preview release.
Change default maximum run time for software updates – Configuration Manager sets the following maximum run time for these categories of software updates:
- Feature updates for Windows: 120 minutes
- Non-feature updates for Windows: 60 minutes
- Updates for Microsoft 365 Apps (Office 365 updates): 60 minutes
All other software updates outside these categories, such as third-party updates, were given a maximum run time of 10 minutes. Starting in this technical preview, the default maximum run time for these updates is 60 minutes rather than 10 minutes.
Update 2102 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2010 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the Microsoft Evaluation Center. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
We would love to hear your thoughts about the latest Technical Preview! Send us Feedback about product issues directly from the console and use our UserVoice page for ideas about new features.
Thanks,
The Configuration Manager team
Configuration Manager Resources:
Documentation for Configuration Manager Technical Previews
Try the Configuration Manager Technical Preview Branch
Documentation for Configuration Manager
Microsoft Endpoint Manager announcement
Microsoft Endpoint Manager vision statement
Configuration Manager Forums
Configuration Manager Support
Recent Comments