Public Preview: Leverage Azure Active Directory Kerberos with Azure Files for hybrid identities

Public Preview: Leverage Azure Active Directory Kerberos with Azure Files for hybrid identities

by | Aug 30, 2022 | Technology

This article is contributed. See the original author and article here.

We are excited to announce Azure Files integration with Azure Active Directory (Azure AD) Kerberos for hybrid identities. With this release, identities in Azure AD can mount and access Azure file shares without the need for line-of-sight to an Active Directory domain controller.


 


Until now, Azure Files supported identity-based authentication over Server Message Block (SMB) through two types of Domain Services: on-premises Active Directory Domain Services (AD DS) and Azure Active Directory Domain Services (Azure AD DS). On-premises AD DS requires clients to have line-of-sight to the domain controller, while Azure AD DS requires deploying domain services onto Azure AD and domain joining to Azure AD DS. Azure AD Kerberos is a new addition to these identity-based authentication methods. Azure AD Kerberos allows Azure AD to issue Kerberos service tickets over HTTPS for service applications in Azure AD. This removes the need to setup and manage another domain service, while also removing the line-of-sight requirement to the domain controller when authenticating with Azure Files. For this experience, the clients connecting to Azure Files need to be Azure AD-joined clients (or hybrid Azure AD-joined), and the user identities must be hybrid identities, managed in Active Directory.


 


This experience builds on what we previously announced for FSLogix profiles support. Now, the experience is much simpler, and the use cases are no longer limited to Azure Virtual Desktop user profiles.


 


blogteaser.jpg


 


To learn more and get started, visit our documentation page.

The AI-powered contact center, part 4: Enhance contact center security with biometric authentication

The AI-powered contact center, part 4: Enhance contact center security with biometric authentication

by | Aug 30, 2022 | Dynamics 365, Microsoft 365, Technology

This article is contributed. See the original author and article here.

When a customer needs support, they not only expect fast, convenient ways to get help, but also to have their personal information protected. However, when verifying that people are who they say they are, many contact centers use traditional authentication methods that are no longer fit for purpose. That’s why the biometric security on the Microsoft Digital Contact Center Platform is so essentialwith biometrics, contact centers can provide intelligent fraud prevention and fast, effortless customer authentication. 

Why contact center security must change

The classic methods for verifying customer identities and weeding out fraudsters depend on knowledge-based authentication (KBA)the PINs, passwords, and security questions we are all familiar with.

However, KBA causes problems in multiple ways:

  1. It’s very easy for fraudsters to steal, buy, or phish for customers’ information, which makes it simple for them to pass KBA checks.
  2. Lengthy authentication processes add friction to the customer journeyand often have to be performed multiple times as customers move between channels.
  3. Customers expect brands to know who they are; they don’t want to sit through an interrogation to prove their identity.
  4. Customers often lose or forget the authentication information they need, increasing the time, effort, and frustration of the interaction as they search for usernames and passwords.

That is why biometric security is so important for helping organizations protect their customers and their business.

With biometrics, organizations can leave the issues of KBA in the past by enabling fast, frictionless, and accurate authentication for genuine customers while quickly detecting fraudsters and preventing fraud in every channel.

By layering voice, behavioral, and conversational biometrics (how people sound, how they behave, and what they say) with non-biometric factors, a central AI risk engine can make intelligent assessments of authentication and fraud risk. By using biometrics, the system can identify the actual person behind the interaction, rather than just the information they have or the device they are using.

And now that Nuance Gatekeeper biometric security is closely integrated with Microsoft products on the Microsoft Digital Contact Center Platform, our combined solutions will multiply the benefits for all our customers.

Seamless authentication

The combination of Gatekeeper and Microsoft Dynamics 365 Customer Service on the Microsoft Digital Contact Center Platform will help strengthen the overall identification and verification (ID&V) process and give agents tools that help them provide seamless service across any channel. While customer relationship management (CRM) data provides the customer ID, multimodal biometrics bolsters verification to validate customer identities quickly and accurately. Meanwhile, call validation detects common fraud tactics like Automatic Number Identification (ANI) spoofing, and environment detection interrogates the trustworthiness of device and network signals.

Stronger fraud prevention

As stated earlier, biometric security has a dramatic impact on organizations’ ability to detect and prevent fraud in customer engagements across any channel. Dynamics 365 Fraud Protection is a perfect complement to biometricsproviding an adaptive AI tool that guards organizations against payment fraud, account takeovers, and many other transactional fraud threats.

With these technologies working in unison, the AI has an enriched data set to make better-informed decisions about when to use step-up authentication or flag a transaction or individual as suspicious. Gatekeeper identifies the human behind the transaction while Dynamics 365 examines the transaction itselfa powerful combination that delivers a unique offering in the fraud protection market.

Enhanced personalization

With biometric authentication, it is also much simpler to personalize customer engagements from the beginning; particularly with passive voice biometrics, where customers can be identified and their experience tailored within seconds as they explain their need to an agent or a conversational interactive voice response (IVR).

Voice biometrics solutions make it simpler to offer personalized service and specialized support to a variety of customers. For example, Telefnica, the leading Spanish telco needed a way to prioritize vulnerable customers at the start of the pandemic, when call volumes skyrocketed. It used voice biometrics to identify seniors based on numerous voice characteristics and route them directly to a priority service line, offering a more personalized experience for seniors who depend on Telefnica to keep them connected.

There is also an opportunity to create more personalized experiences for employees. Another exciting benefit of bringing Nuance and Microsoft products together on the Microsoft Digital Contact Center Platform is the integration between Gatekeeper and Azure Active Directory (Azure AD). Employees at many enterprises across the globe use Azure AD to log into their accounts every day, and that will become even simpler by using biometric authentication instead of usernames and passwords.

Create a more secure contact center

Our vision for the future of the digital contact center is one where biometric security is built into all customer engagements to streamline, personalize, and protect every interaction.

By integrating our products on a single platform, we are bringing that vision to life, empowering customer engagement teams to serve and sell more effectively and enabling fraud teams to detect and prevent more fraud.

Learn more about our contact center solution

Throughout this series, we have explored how to create engaging, personalized digital experiences, achieve superior self-service voice support, and build conversational AI applications with the protection of advanced biometric security solutions. This is the contact center of the future, made possible through the Microsoft Digital Contact Center Platform.

The post The AI-powered contact center, part 4: Enhance contact center security with biometric authentication appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

New transactable offers from Audioburst, Fivetran, Skkynet, and YData Labs

New transactable offers from Audioburst, Fivetran, Skkynet, and YData Labs

by | Aug 29, 2022 | Technology

This article is contributed. See the original author and article here.

Microsoft partners like Audioburst, Fivetran, Skkynet, and YData Labs deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about these offers below:


 





















Audioburst-logo.jpg Audioburst – Audio Content Analysis: Audioburst’s enhanced content analysis tools extract actionable data points, enhance search and discovery, improve recommendations, and provide monetization opportunities using NLP and AI on Azure.
Fivetran-logo.png

Fivetran Data Pipelines: Fivetran automatically ingests and centralizes your data from hundreds of data sources using over 180 data connectors. Fivetran data pipelines support a variety of data warehouses, including Microsoft Azure Synapse Analytics, Azure Blog Storage, Azure Databricks, and Snowflake.
Skkynet-logo.jpg

Skkynet DataHub: With the Skkynet DataHub, you can integrate live IoT processes using standard protocols, including OPC, MQTT, and Modbus, as well as connect SCADA systems, Azure Data Lake, and more for real-time OT/IT integration and remote data access.
YData-logo.png

YData – Accelerate Development and Increase ROI of Your AI Solutions: YData helps data science teams collaborate, build great training data sets, and exponentially accelerate AI and ML projects while preserving security, privacy, and data fidelity without leaving Azure.

Discover how Microsoft Teams Phone keeps 12 million PSTN users connected

Discover how Microsoft Teams Phone keeps 12 million PSTN users connected

by | Aug 29, 2022 | Business, Microsoft 365, Technology

This article is contributed. See the original author and article here.

With Microsoft Teams Phone, we have been unabashed in our belief that the future of calling is built on VoIP calling that delivers rich voice and video experiences across organizational boundaries. Teams Phone VoIP calling capabilities are complemented by an enterprise-grade PSTN service that provides customers with the ultimate flexibility in how they communicate and collaborate.

The post Discover how Microsoft Teams Phone keeps 12 million PSTN users connected appeared first on Microsoft 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Azure PaaS Database Root CA Certificate Changes

by | Aug 26, 2022 | Technology

This article is contributed. See the original author and article here.

Introduction


Transport Layer Security (TLS) provides server authentication and channel defenses (encryption and integrity verification) for communication between two applications such as a web browser and a web server. Optionally, TLS can provide client authentication, too.


Most TLS connections today use X.509 certificates, and core to certificates are root Certificate Authority (CA) certificates. For a client to successfully establish a secure connection to a server using TLS, the client system must trust the CA that issued the server’s certificate. The word ‘trust’ in this scenario means the client has the CA’s root certificate installed in the client system.


Later this year, we will update the root CA certificates used by all Azure services, including the database services such as Azure SQL Database, Cosmos DB, Azure Database for PostgreSQL, and Azure Database for MySQL.


 


This root certificate change might have implications for you as an Azure database user.


What is Changing?


Azure is changing the set of root certificates used by Azure services. Right now, almost all Azure services use one root CA certificate for TLS:



  • Baltimore CyberTrust Root


By the end of the calendar year 2022, Azure services will chain up to one of the following CAs:



  • DigiCert Global Root G2

  • DigiCert Global Root CA

  • Baltimore CyberTrust Root

  • D-TRUST Root Class 3 CA 2

  • Microsoft RSA Root Certificate Authority 2017

  • Microsoft ECC Root Certificate Authority 2017


What’s the Impact?


Most Azure database users will see no impact because the new set of root CA certificates are commonly installed on systems including mobile devices. Their client code will continue to make secure connections to back-end databases on Azure.


The potential issue is if developers design their code in a way that restricts which root CA certs are valid and trusted. This is called Certificate Pinning. You could have, for example, a dozen roots on a device, but your application only trusts one specific root. So, in your code, you explicitly check for that certificate when making a TLS connection. This is usually performed by checking the thumbprint of the certificate in your code.


 


At the time of its invention, pinning seemed like a good idea, but it has since fallen out of favor as it leads to fragility. You can read one point of view from DigiCert at Stop Certificate Pinning | DigiCert.com.


 


A more concrete example is if your code pins the Baltimore CyberTrust Root CA certificate, but Cosmos DB uses the DigiCert Global Root CA certificate, then the client will not connect to Cosmos DB. If your code is C/C++ Windows code, another way to mimic certificate pinning is to use Certificate Trust Lists (CTL).


 


You can learn more about the certificates we will use at Azure TLS Certificate Changes | Microsoft Docs and the Cosmos DB specific post is at Upcoming changes to Azure Cosmos DB TLS certificates – Azure Cosmos DB Blog.


 


What You Need to Do


Review all your code that interacts with Azure services, including our PaaS database products and make sure TLS connections do not limit which root CA certificates are valid. For Windows C/C++ code, make sure there is no use of CTLs.


 


Installing Root CA Certificates


You probably won’t need to add the new root CA certificates to your clients, but if you do, here is how to do it on Ubuntu Linux Installing a root CA certificate in the trust store | Ubuntu and how to use Global Policy on Windows to deploy certificates to your enterprise Distribute Certificates to Client Computers by Using Group Policy | Microsoft Docs or manually How to install Windows 10/11 root certificates. Some applications might have their own root CA store and not rely on the operating system, however.


SQL Server IaaS is not Affected


Note that SQL Server running in a Windows or Linux Virtual Machine is not affected by this change because you can configure any certificate and root used by the database server within the operating system. You cannot do this when using PaaS Azure databases because certificates are handled by Azure.


 


Summary


Most people will see no issues at all with this update. Just perform a little due diligence on your client-side code to make sure it is not restricting CA certs.


 


Thanks to Ashutosh Korde for his review of this post.