by Contributed | May 19, 2021 | Technology
This article is contributed. See the original author and article here.
Today, I am excited to share how you can improve your Conditional Access policies and ensure compliance with data regulations thanks to the public preview of GPS-based named locations. This feature helps admins strengthen their security and compliance posture and allows them to restrict access to sensitive apps based on the GPS location of their users.
I have asked Olena Huang, a PM on the Identity team, to tell you more. Let us know what you think!
Alex Weinert
————————————-
Hello,
With the public preview of GPS-based named locations, admins can refine their Conditional Access policies by determining a user’s location with even more precision. GPS-based named locations allow you to restrict access to certain resources to the boundaries of a specific country. Due to VPNs and other factors, determining a user’s location from their IP address is not always accurate or reliable. Leveraging GPS signals enables admins to determine a user’s location with higher confidence. This is especially helpful if you have strict compliance regulations that limit where specific data can be accessed.
When the feature is enabled, users will be prompted to share their GPS location via the Microsoft Authenticator app during sign-in.
Create a policy to allow or restrict access based off a user’s GPS location
There are two simple steps:
- Create a GPS-based named location.
- Create or configure Conditional Access with this named location.
You’ll first need to create a countries named location and select the countries where you want the policy to apply. Configure the named location to determine the location by GPS coordinates instead of by IP address.
Next, create a Conditional Access policy to restrict access to selected applications for sign-ins within the boundaries of the named location.
For more information, check out our admin documentation or our Graph API documentation.
Test out the location-sharing experience
First, make sure you have the Microsoft Authenticator app installed and set up with your test account.
Next, try to access the files or data restricted by the Conditional Access policy. You’ll be prompted to share your geolocation from the Authenticator app.
The first time you encounter this prompt, you will need to grant location permissions to the Authenticator app.
iOS
Android
For the next 24 hours, your location will be shared silently once per hour from that device, so you won’t keep getting notifications.
After 24 hours, you will be re-prompted when trying to access the same resource. However, you will not need to grant permissions again (unless you’ve disabled them).
If you have questions, check out our FAQ page.
We’d love to hear from you! Feel free to leave comments below or reach out to us on Twitter.
Learn more about Microsoft identity:
by Contributed | May 19, 2021 | Technology
This article is contributed. See the original author and article here.
The future of Internet Explorer (“IE”) on Windows 10 is in Microsoft Edge. What does this mean for commercial organizations, IT admins, developers, and end users? Microsoft Edge brings you a faster, more secure, and more modern web experience than Internet Explorer. Also, Microsoft Edge with Internet Explorer mode (“IE mode”), is the only browser with built-in compatibility for legacy IE-based sites and apps.
As announced today, Microsoft Edge with IE mode is officially replacing the Internet Explorer 11 desktop application on Windows 10. As a result, the Internet Explorer 11 desktop application will go out of support and be retired on June 15, 2022 for certain versions of Windows 10.
Which platforms will be affected when the IE11 desktop application is retired and goes out of support on June 15, 2022?
In scope at the time of this announcement (will be retired):
- Internet Explorer 11 desktop application delivered via the Semi-Annual Channel (SAC):
- Windows 10 client SKUs (version 20H2 and later)
- Windows 10 IoT (version 20H2 and later)
Out of scope at the time of this announcement (unaffected):
- Internet Explorer mode in Microsoft Edge
- Internet Explorer platform (MSHTML/Trident), including WebOC
- Internet Explorer 11 desktop application on:
- Windows 8.1
- Windows 7 Extended Security Updates (ESU)
- Windows 10 Server SAC (all versions)
- Windows 10 IoT Long-Term Servicing Channel (LTSC) (all versions)
- Windows 10 Server LTSC (all versions)
- Windows 10 client LTSC (all versions)
What about Windows 10 LTSC and Windows Server?
In-market Windows 10 LTSC and Windows Server are out of scope (unaffected) for this change.
What if Microsoft Edge is already installed?
Great! You already have a faster, more secure, and more modern browser than Internet Explorer and have completed some of the steps to help with your migration. If you’re an organization, the next steps will be to determine if your organization has legacy browser dependencies. To enable legacy browser support in Microsoft Edge, you’ll need to set up Internet Explorer mode. Learn more on our Internet Explorer mode webpage and read the Getting Started guide.
What does this announcement mean for my organization?
If your organization has legacy apps and sites dependent on IE11, you can follow the Getting Started Guide to start configuring IE mode. You may be concerned about change management, so please check out the Internet Explorer Retirement Adoption Kit for ready-made content to help you notify users and leaders in your organization about the upcoming changes and help move them to Microsoft Edge.
What does this announcement mean for developers?
Apps developed for IE should work in Microsoft Edge through IE mode. If you encounter an issue, contact App Assure for remediation assistance (ACHELP@microsoft.com).
For developers working on modern websites or applications, we understand that it has been increasingly difficult to support Internet Explorer side-by-side with modern browsers. While this announcement will start the transition of moving users from Internet Explorer to the more modern Microsoft Edge browser, it will take time and we recommend that you develop a plan to end support for Internet Explorer. Read this Moving users to Microsoft Edge from Internet Explorer article to learn how we can help.
What does this announcement mean for end users?
Microsoft Edge offers a faster, more secure, and modern browsing experience than Internet Explorer, and a growing number of websites no longer support Internet Explorer. After the Internet Explorer desktop application is retired on June 15, 2022, it will be out of support. After this date, the IE11 desktop application will be disabled and will redirect to Microsoft Edge if a user tries to access it.
If a user encounters a broken website that requires IE11, they should open it in IE mode. They can open websites that require Internet Explorer without leaving Microsoft Edge. Learn more about Internet Explorer mode in Microsoft Edge.
What is the MSHTML (Trident) engine? How does that relate to IE mode?
The MSHTML (Trident) engine is the underlying platform for Internet Explorer 11. This is the same engine used by IE mode and it will continue to be supported (in other words, unaffected by this announcement). WebOC will also continue to be supported. If you have a custom or third-party app that relies on the MSHTML platform, you can expect it to continue to work. For future app development, we recommend using WebView2.
How long will IE mode be supported?
IE mode support follows the lifecycle of Windows client, Server, and IoT releases at least through 2029. Additionally, Microsoft will give one year of notice before retiring the IE mode experience when the time comes. Windows support dates are documented on the Product Lifecycle page. Some editions of Windows may require an ESU license, if available, to receive operating system security updates beyond end of support dates. End of service dates for currently supported versions of Windows are as follows:
Platform
|
Windows release
|
End of service
|
Windows client
|
Windows 10 Enterprise, version 20H2
|
5/9/2023
|
Windows 10 Enterprise, version 2004
|
12/14/2021
|
Windows 10 2019 LTSC
|
1/9/2029
|
Windows 8.1
|
1/10/2023
|
Windows 7 (ESU required)
|
1/10/2023
|
Windows Server
|
Windows Server, version 20H2 (SAC)
|
5/10/2022
|
Windows Server, version 2004 (SAC)
|
12/14/2021
|
Windows Server 2019 (LTSC)
|
1/9/2029
|
Windows IoT
|
Windows 10 IoT Enterprise, version 20H2
|
5/9/2023
|
Windows 10 IoT Enterprise, version 2004
|
12/14/2021
|
Windows 10 IoT 2019 LTSC
|
1/9/2029
|
Windows Server IoT 2019
|
1/9/2029
|
If I reach out to Microsoft for an exception to this timeline, can I continue to use the Internet Explorer 11 desktop application after June 15, 2022?
Microsoft Edge provides a dual engine advantage of Internet Explorer mode for compatibility with legacy websites and the Chromium project–the technology that powers many of today’s browsers–for world-class compatibility and performance with modern websites.
As such, we’re not allowing exceptions or providing extended support to continue using the IE11 desktop application on the in-scope platforms after June 15, 2022.
For those using IE11 at home, you can run IE mode in Microsoft Edge by following the steps outlined on this support page: Internet Explorer mode in Microsoft Edge.
Commercial IT pros will need to set up IE mode in Microsoft Edge to enable access to legacy IE-based sites and apps for their commercial users. To set up IE mode, use the resources in the Getting Started guide.
Supporting IE mode through at least 2029 is not long enough. Can I get an extension?
IE mode will continue to be supported through at least 2029 and Microsoft will give one year notice before deprecating the IE mode experience in-market when the time comes.
What IE functionality is available in IE mode?
IE mode supports all document and enterprise modes, Active X controls (such as Java or Silverlight), and more. For a list of what is supported and what is not supported, see the What is Internet Explorer (IE) mode Docs page.
Are there any changes to the Microsoft Edge lifecycle?
There are no changes to the Microsoft Edge lifecycle. Microsoft Edge continues to be supported. For more details, please visit the Microsoft Edge Lifecycle page.
How do I set up Internet Explorer mode in my organization?
You can get detailed guidance on how to set up Internet Explorer mode through our Getting Started guide or by visiting our IE mode documentation.
Will the Internet Explorer 11 desktop application be removed from devices?
No. The IE11 desktop application will not be removed from devices, as the IE11 engine is required for IE mode to function. However, after the IE11 desktop application is retired on June 15, 2022, it will be disabled permanently.
Will iexplore.exe be removed from devices?
No, but if a user tries to access it, they will be unable to open IE11 and will be redirected to Microsoft Edge.
If my browser default isn’t Internet Explorer 11, will the retirement affect my browser default?
No, this retirement will only change your browser default if your default had been set to Internet Explorer 11. If IE11 is set as your browser default, you will now have Microsoft Edge.
Will Internet Explorer-based sites and apps open automatically in Microsoft Edge after the Internet Explorer 11 desktop application is retired on June 15, 2022?
After the IE11 desktop application is retired, IE11 will redirect to Microsoft Edge. To open Internet Explorer-based websites and apps, you will need to either set up Internet Explorer mode (as an organization) or enable Internet Explorer mode (as a consumer at home).
If you’re an organization, you can set up IE mode using the Getting Started guide.
If you are an end user, you can enable IE mode by following the steps in this Internet Explorer mode in Microsoft Edge support article.
What if some of my sites don’t work in Microsoft Edge using Internet Explorer mode? How do I get help for website compatibility issues?
If you’re an organization and experience compatibility issues such as an error loading a site, please connect with the App Assure team for remediation assistance. You can submit a request for assistance through their website or reach out via email (ACHELP@microsoft.com).
If you’re a consumer at home and encounter an error loading a page, try loading it in IE mode by following the instructions in this Internet Explorer mode in Microsoft Edge support article. If the issue persists, please notify us by sending feedback through the in-product feedback tool found in the three-dot settings menu under ‘Help and feedback’ or by using the shortcut Alt + Shift + I. When submitting feedback, please check the box to ‘Send diagnostic data’.
Will the IE Group Policies work in IE mode?
We are committed to have IE Group Policies work in IE mode. If for any reason you encounter an issue, please connect with us at AppAssure for assistance. You can submit a request for assistance through their website or reach out via email (ACHELP@microsoft.com).
Continue the conversation. Find best practices. Visit the Windows Tech Community.
Stay informed. For the latest updates on new releases, tools, and resources, stay tuned to this blog and follow us @MSWindowsITPro on Twitter.
by Contributed | May 19, 2021 | Technology
This article is contributed. See the original author and article here.
Welcome back to Reconnect, the biweekly series that catches up with former MVPs and their current activities.
This week we are thrilled to be joined by none other than four-time titleholder Praveen Nair! Hailing from Kochi, India, Praveen is a passionate technology enthusiast who believes in giving back to the community in the form of knowledge.
Praveen currently works as the Program Director for Adfolks LLC, a full-service catalyst for transformation in the cloud. Most recently, Praveen has been working on architect business applications and data management projects, as well as working with pre-sales and marketing teams to provide business and technology solutions, largely in Azure and .NET.
When he’s not working, Praveen remains active with his regional tech community. The tech professional volunteers with the Kerala Microsoft Users Group (K-MUG) as a regular speaker and event organizer. Praveen says his ethos is to “help and get help,” and that he enjoys inspiring and working alongside fellow members of the community.
For newcomers to the MVP program, Praveen advises: “Not to worry or desire for the result but perform one’s karma. Recognitions will flow automatically when you concentrate on the objectives.” Looking forward, Praveen hopes to conduct more technology events, write more articles and help online communities.
For more information on Praveen, check out his Twitter @ninethsense and blog.
by Contributed | May 19, 2021 | Technology
This article is contributed. See the original author and article here.
Customers rely on the Microsoft Information Governance and Records Management solutions to help govern the lifecycle of content and manage content to meet compliance regulations. Our goals are to make it easy for customers to address compliance in Microsoft 365 and tailor our solutions to meet unique business needs. We are committed to helping organizations manage risk through appropriate governance and today we are accelerating our investments in these areas.
Today, we are excited to announce the following items:
Announcing multi-stage disposition approval
Many compliance requirements or organizational policies require approval before the deletion of records. Often this review process has multiple phases and involves numerous groups of people. Previously, Microsoft Records Management allowed only one stage of review.
Today, we are announcing the public preview of multi-stage disposition approval. Multi-stage disposition approval is available today worldwide in all commercial tenants. Please try these features and give us your feedback. This release includes several groups of new features, including:
- The ability to specify a multi-stage approval process in retention label settings
- Improvements to the reviewer experience
- Additional features for records management admins
We will cover each of these areas in-depth in the following sections.
Configure a multi-stage approval process
Records management administrators can now configure up to five stages of disposition approval in a retention label’s settings. This ability allows you to customize the disposition process to meet the needs of your organization. For each stage, you can specify users or mail-enabled security groups that should be solicited for their approval.
Figure 1: The multi-stage disposition settings screen, showing three stages and configuration options
If you already have retention labels configured for disposition review, then you can edit it to use multi-stage disposition.
You can learn how to configure a retention label to use multi-stage disposition in our documentation.
Disposition review experience improvements
Firstly, we overhauled the disposition experience for approvers to make it faster and easier to use. When reviewers visit the disposition review area, we trim the file list to show them only the items they need to approve, rather than all files awaiting approval. Reviewers can also sort the list of available files by location, such as a specific SharePoint site or mailbox.
Figure 2: The review disposition screen, showing the list of items requiring approval and a document preview
Next, we improved the view of files for reviewers. Users can click on a file to view its contents in a mini-preview pane directly in the review experience. We also added the ability for reviewers to add other reviewers to approve certain items in addition to the existing actions of approving disposition, retention extension, or relabeling the item.
Lastly, reviewers now have more context to help with their review decision. The new history and details tabs enable reviewers to see an item’s review history, including who has approved the item before and their comments.
To learn more about the disposition reviewer experience, please see our documentation.
Enhancements for records managers
We enhanced the records manager experience with the multi-stage disposition release. Records managers can now customize the email sent to reviewers letting them know that there are items pending review. Records managers can append text to the standard system message. This feature allows the records manager to highlight specific processes and documentation within their organization. The customization of the message will apply to all labels. Learn more about customizing the disposition reviewer email here.
Next, while reviewers only see items that require their approval, records managers will be able to see all items pending disposition. To configure this view, the records manager will need to complete a one-time setup. Please see our documentation for the setup instructions.
Lastly, the new multi-stage disposition review process fully supports multi-geo environments. If needed, reviewers can review content not located in their geographical location.
Expansion of Microsoft Teams message retention and deletion
With the rise in remote work, organizations want to govern Teams messages using retention and deletion policies. Today we are excited to announce that Teams retention policies are available to all paid Office 365 licenses, including F1, F3, E1, G1, business basic, and business standard. Organizations can use retention policies to keep or delete Teams messages according to their policies.
This update includes managing messages in Teams chats, conversations, private channels (currently in private preview) and connect channels when they launch. It consists of both commercial and government cloud environments. Please note that for users with one of the above licenses, the supported minimum retention or deletion period is 30 days. For more information about the timings for Teams retention policies, see How retention works with Microsoft Teams.
For instructions to set up a retention policy, see Create and configure retention policies.
Sign up for the private preview of adaptive policy scopes
Today, we are also announcing the private preview for adaptive policy scopes. This new functionality allows admins to create attribute-based retention or label policies that can be scoped to geography, department, other user, group, or site attribute. For example, admins can create a policy specifically for users in the UK’s human resources team using an adaptive policy scope.
Adaptive policy scopes are especially useful for retention policies where you want to exclude or include specific users, sites, or groups. Currently, when manually including or excluding locations there are limits per policy. However, adaptive policy scopes are not subject to these per-policy limits and will automatically and dynamically manage policy membership as users change roles without any manual intervention.
This private preview program is open to all qualified organizations who are interested in early access to this feature and help shape the future of it. Completing the form does not guarantee access to the private preview. If you would like to participate in this preview, please complete this form: https://aka.ms/MIPC/AdaptiveScopes-Preview
Our latest SharePoint governance performance improvements
Some solution releases are not evident in the user interface of a product but have an enormous impact on our customers. Throughout the last year, we invested heavily in performance improvements for the service powering Microsoft Information Governance and Records Management for SharePoint and OneDrive.
The specific performance improvements are related to increasing the number of items we can label and delete per tenant in one week. Initial telemetry in SharePoint and OneDrive from this update has shown an increase of approximately 700 times more deletions per week and 10 times more items labeled per week compared to a year ago. For some large organizations this means over 75 million items deleted and well over 200 million files labeled per week.
The improvements released are aimed at exponentially increasing the scalability of the service within each tenant. This helps large organizations when they first begin to use Microsoft Information Governance and Records Management. It is also useful when configuring a new action with a large scope and there is a lot of content to initially label and delete.
Other recent Microsoft Information Governance feature releases
Since September 2020, we have also released several other Microsoft Information Governance and Records Management features, including:
- Yammer retention. Admins can now create retention policies to manage Yammer messages when the Yammer network is in native mode. Yammer retention is rolling out worldwide now
- Ability to delete an unused record label. Previously, admins could not delete retention labels marked as a record. Now, you can delete these labels if they are not applied to content or used in a policy. This feature is now available worldwide
- Target a Microsoft 365 group policy to only SharePoint or Exchange. Previously, when you had a retention or labeling policy targeting Microsoft 365 groups, the policy would always apply to both the SharePoint site and the Exchange group mailbox associated with the group. Now you can target the retention policy to both or just one location through PowerShell. This feature is rolling out worldwide now
- A modernized accessible user experience. As we continue delivering on our promise of accessibility across all Microsoft’s products, the user interfaces for Microsoft Information Governance and Records Management are now WCAG 2.1 compliant
- SharePoint Syntex content processing integration. Continuing our investments integrating compliance scenarios with SharePoint Syntex intelligence, users can now automatically apply a retention label to content that matches a forms processing model. SharePoint Syntex content processing helps you to automate capture, ingestion, and categorization of content and streamline content-centric processes using Power Automate. A common example is using SharePoint Syntex to process invoices
We hope these announcements make it easier for you to govern your content and use the Microsoft Information Governance and Records Management solutions. We cannot wait for you to try these features! Please let us know in the comments if you have any questions. We would also love to hear how you plan to use these features!
by Contributed | May 19, 2021 | Technology
This article is contributed. See the original author and article here.
When a race that Chris Dinnel had been training for was canceled in 2020, he used the time for a different kind of training and earned the first of three Microsoft Certifications. Not long after, the effort paid off in a new job more closely aligned to his career goals.
We recently spoke with Dinnel, now Dynamics 365 Administrator/IT Technician at SBS CyberSecurity, to find out more about how preparing for and earning certifications helped his career and how he worked with the exam prep content on Microsoft Learn.
“Let’s see what happens!”
As a system administrator with a cybersecurity background, Dinnel was looking for something new. “My interest was shifting more to cloud infrastructure,” he explains. Dynamics 365 caught his eye when he researched it for a possible project at the company where he previously worked. Even though the project didn’t pan out, his interest remained.
Around this time, his summer vacation plans fell through—like so many plans in 2020. Instead of competing in a challenging physical endurance race, he used the time off to challenge himself mentally and began studying for the Microsoft Certified: Azure Administrator Associate certification, which required that he pass Exam AZ-104.
He studied the course content on Microsoft Learn. “There’s a ton of valuable materials there, and it’s free. I told myself, ‘Let’s see what happens!’”
To stay on track, he used the lure of certification. He spent a few months studying the Azure Administrator coursework before taking—and passing—the exam. When he saw that this material was a prerequisite for Microsoft Certified DevOps Engineer Expert certification (Exam AZ-400), he decided to study that next and see if he could earn another certification.
“I just studied hard and kept asking myself, ‘Is this something I want to get into?’” The exam prep became a way of exploring career paths and assessing his next steps as he looked for a new job. “Along the way, I realized that I didn’t want to go back to the type of programming I used to do,” he notes.
“If there’s an opportunity, I’m open!”
When Microsoft sponsored a free Virtual Training Day event for Microsoft Certified: Dynamics 365 Fundamentals certification (Exam MB-901), Dinnel signed up. These types of events give participants the opportunity to expand their skill sets and to connect with Microsoft experts, which he did.
“Once I got into Dynamics 365 fundamentals, I was really impressed with the quality of the training and how engaging the content was,” he explains. “It sparked this new interest in the whole concept of the ‘dataverse.’”
Dinnel was so impressed with the Virtual Training Day event for Dynamics 365 that he posted about it on LinkedIn, praising the instructor, Microsoft Technical Trainer Chelsea Lee.
Lee noticed the post and replied, as did an old programming friend of his. The friend wondered how interested Dinnel was in Dynamics 365, because it just so happened that his company wanted to add an in-house Dynamics 365 administrator to its workforce.
“I said, ‘That sounds like a great pivot,’” Dinnel remembers. “I said, ‘If there’s an opportunity, I’m open!’” After a round of interviews, he landed the job—just a few months after starting his self-directed learning odyssey.
“A very good way of presenting the content in a concise, down-to-earth way”
Microsoft started Virtual Training Days in 2020 to provide a free resource to people who wanted to know more about Microsoft products, like Dynamics 365. The fundamentals event is two half-days of training that prepare the participants for certification exams.
Dinnel mentioned the convenience of the half-day programs. “The scheduling made it easy to get time off, rather than a whole day where you’re completely unavailable.”
He points out that not only did the format work well, but also the quality of the training was impressive. “Chelsea was very engaging, and she had a very good way of presenting the content in a concise, down-to-earth way that also was easily understandable in real-world terms. That’s what mattered to me.”
Next year, Microsoft plans to roll out more Virtual Training Days to include additional Dynamics 365 technologies.
Virtual Training Days are free to all participants. Microsoft creates the content, and experienced technical trainers like Lee teach the classes.
In addition to the two-day fundamentals trainings, five-day instructor-led programs are available, based on organizational roles, such as administrator, system architect, and developer. These role-based certifications guide participants along a learning path specific to the role they have or aspire to.
In addition, Microsoft Learning Partners can help individuals and organizations meet their training and development goals. Learning Partners are expert consultants that can customize a program uniquely suited to individual and group needs. Many offer hands-on labs, a mix of self-paced and classroom training, custom content, role-based learning paths, exam and certification prep, and more.
“One of the most valuable things I’ve learned so far”
The Dynamics 365 fundamentals training gave Dinnel more insight into relational database structures—something he hadn’t studied in the past. “I’m not a database administrator, but technically, that’s been one of the most valuable things I’ve learned so far,” he explains. “Just drawing the lines between tables, getting exposure to different aspects of data structures—I’m really enjoying that.”
“A great way to get exposed to technology and learn new things”
Dinnel may have missed that race last summer, but he came out ahead anyway with three Microsoft Certifications that led to a better paying position as a Dynamics 365 system administrator. He spent about two months studying before he earned his first certification. Within six months, he had a new job that he loves.
“When I started interviewing, I had a gap in my résumé in hands-on experience with different technologies,” he explains. “Ultimately the certifications were the foundation on which I could build practical experience.”
When asked to offer advice to others looking to move in a new direction, Dinnel notes that there’s no substitute for hands-on experience. “But certification is a great way to show people that you can take initiative and communicate that kind of abstract concept, like self-motivation, that is otherwise hard to show on a résumé.”
Want to pursue your own learning journey in Dynamics? Check out other Dynamics 365 certifications. As Dinnel points out, “The majority of employers know that the skills will have to be taught on the job, regardless of the amount of training. But the certifications are a great way to get exposed to technology and learn new things.”
Recent Comments