March Microsoft 365 Webinar resources

image

The slides from this month’s webinar are available at:

https://github.com/directorcia/general/blob/master/Presentations/Need%20to%20Know%20Webinars/202403.pdf

If you are not a CIAOPS patron you want to view or download a full copy of the video from the session you can do so here:

http://www.ciaopsacademy.com.au/p/need-to-know-webinars

Watch out for next month’s webinar.

Recap from Copilot for Microsoft 365:

Main ideas:

Webinar overview: The document is a transcript of a webinar hosted by Robert Crane on March 20, 2021, about Microsoft 365 updates and forms.

Microsoft Copilot for Security: One of the major updates in Microsoft 365 is the launch of Microsoft Copilot for Security, a cloud-based AI service that analyzes security logs and helps detect and respond to threats.

Surface devices with Copilot button: Microsoft also announced new Surface devices with a Copilot button that can launch the AI assistant directly. The devices have a neural processing unit for local AI calculations.

Microsoft Forms update: Microsoft Forms has a new user interface and features, such as multilingual support, email receipts, and quick polls. There is also a Forms Pro version with more capabilities.

Forms integration with Stream: Forms can be integrated with Stream, Microsoft’s video platform, to add interactivity and feedback to videos. Users can embed forms in Stream videos and see the results in real time.

Centralised Microsoft 365 Add in deployments with PowerShell

Almost 4 years ago I wrote this article:

Centralised Office 365 Add in deployments with PowerShell

Upon review, it seems that the Finedtime addin is no longer available. I have therefore updated the script:

https://github.com/directorcia/Office365/blob/master/o365-addin-deploy.ps1

to remove this and prevent errors.

If you have any Office addins that you believe should be deployed as a ‘standard’ to all users in a tenant, please let me know and I’ll look at adding them to the script.

CIAOPS Brief 20240323

image

Follow the Breadcrumbs with Microsoft Incident Response and MDI: Working Together to Fight Identity –
https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/follow-the-breadcrumbs-with-microsoft-incident-response-and-mdi/ba-p/4089623

Advancing the new era of work with Copilot, Windows, and Surface –
https://www.microsoft.com/en-us/microsoft-365/blog/2024/03/21/advancing-the-new-era-of-work-with-copilot-windows-and-surface/

Introducing Microsoft Surface Pro 10 and Surface Laptop 6 for Business –
https://www.youtube.com/watch?v=uxHn2DMigb4

AI Data Drop: The 11-by-11 Tipping Point –
https://www.microsoft.com/en-us/worklab/ai-data-drop-the-11-by-11-tipping-point/

Collect information like a pro – New Microsoft Lists forms experience –
https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/collect-information-like-a-pro-new-microsoft-lists-forms/ba-p/4086659

How to chat with Microsoft Copilot in Word –
https://www.youtube.com/watch?v=9ewTQGTvtW0

Here’s what you missed from Microsoft Secure –
https://www.youtube.com/watch?v=n9lFglSnlzM

Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season –
https://www.microsoft.com/en-us/security/blog/2024/03/20/microsoft-threat-intelligence-unveils-targets-and-innovative-tactics-amidst-tax-season/

Microsoft Visio | The Ultimate Diagramming Tool –
https://www.youtube.com/watch?v=5XjwaDmire4

How to edit .vsd files in Visio for the web –
https://www.youtube.com/watch?v=fWBlv2amooo

Implementing Passwordless Authentication with Microsoft Entra ID for SMB – Part 2 –
https://www.youtube.com/watch?v=OIwsd572nnI

After hours

Why work doesn’t happen at work– https://www.youtube.com/watch?v=5XD2kNopsUs

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

CIAOPS Brief 20240316

image

Bringing Copilot to more customers worldwide—across life and work –

https://www.microsoft.com/en-us/microsoft-365/blog/2024/03/14/bringing-copilot-to-more-customers-worldwide-across-life-and-work/

What is the database behind ChatGPT? –

https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/what-is-the-database-behind-chatgpt/ba-p/4076750

Microsoft named as a Leader in three IDC MarketScapes for Modern Endpoint Security 2024 –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-named-as-a-leader-in-three-idc-marketscapes-for-modern/ba-p/4083116

Exposure Management: The Evolution of Vulnerability Management –

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/exposure-management-the-evolution-of-vulnerability-management/ba-p/4084587

Insider Risk in Conditional Access | Microsoft Entra + Microsoft Purview Adaptive Protection –

https://www.youtube.com/watch?v=C9jXvvZqVyI

Protect data used in generative AI apps with Microsoft Purview –

https://www.youtube.com/watch?v=dYzTyEcjHc0

Microsoft Copilot for Security: AI-Powered Security for All –

https://www.youtube.com/watch?v=sNaxv2zflmc

Security Exposure Management –

https://www.youtube.com/watch?v=cK8wSA6apk0

Microsoft introduces a preview of Copilot in Intune –

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-introduces-a-preview-of-copilot-in-intune/ba-p/4083276

From vision to value realization: A closer look at how customers are embracing AI Transformation to unlock innovation and deliver business outcomes –

https://blogs.microsoft.com/blog/2024/03/13/from-vision-to-value-realization-a-closer-look-at-how-customers-are-embracing-ai-transformation-to-unlock-innovation-and-deliver-business-outcomes/

Introducing Microsoft Security Exposure Management –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907

Security for AI: How to Secure and govern AI usage –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/security-for-ai-how-to-secure-and-govern-ai-usage/ba-p/4082269

Protect at the speed and scale of AI with Copilot for Security in Microsoft Purview –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/protect-at-the-speed-and-scale-of-ai-with-copilot-for-security/ba-p/4078785

New at Secure: Corpus of Intel Profiles Available in Defender XDR –

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/new-at-secure-corpus-of-intel-profiles-available-in-defender-xdr/ba-p/4083161

Behind the Scenes: Talking AI and Copilot with Microsoft Customer Support Engineers –

https://techcommunity.microsoft.com/t5/microsoft-365-blog/behind-the-scenes-talking-ai-and-copilot-with-microsoft-customer/ba-p/4081962

Microsoft Copilot for Security generally available on April 1 –

https://blogs.partner.microsoft.com/partner/microsoft-copilot-for-security-generally-available-on-april-1/

The new Planner in Teams is now in Public Preview –

https://techcommunity.microsoft.com/t5/planner-blog/the-new-planner-in-teams-is-now-in-public-preview/ba-p/4072525

Microsoft Copilot for Security is generally available on April 1, 2024, with new capabilities –

https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/

New Home Experience in OneNote for iPhone –

https://prod.support.services.microsoft.com/en-us/office/new-home-experience-in-onenote-for-iphone-f72fd07e-cdb7-407f-8277-f579a3077cea?preview=true

Audi is reimagining endpoint management and security with Microsoft Intune –

https://www.youtube.com/watch?v=WWlmWYQgqis

Unlock the power of video with Microsoft Stream –

https://insider.microsoft365.com/en-us/blog/unlock-the-power-of-video-with-microsoft-stream

Business Email Compromise –

https://www.youtube.com/watch?v=GnEGWzfxU8c

New Outlook for Windows: A Guide to Product Availability –

https://techcommunity.microsoft.com/t5/outlook-blog/new-outlook-for-windows-a-guide-to-product-availability/ba-p/4078895

After hours

GoPro: The Streets of Japan in 4K– https://www.youtube.com/watch?v=s0MDY9fl-IA

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

blockMsolPowerShell blocks all users if set to true

One of the options in the EntraID Authorization policy in the Default user permissions section is a setting blockMsolPowerShell which means when you dig into it:

Specifies whether the user-based access to the legacy service endpoint used by MSOL PowerShell is blocked or not.

Screenshot 2024-03-12 210611

Using my script:

https://github.com/directorcia/Office365/blob/master/graph-idauthpolicy-get.ps1

you can see whether this is enabled, which it is as shown above.

Screenshot 2024-03-12 205633

With this setting blockMsolPowerShell set to True, then all user access to the msolservice PowerShell commands are blocked as shown above. This applies to users, ordinary and administrators (even Global Administrators, which is the result I tested in the above screenshot). The user can connect to the service BUT they can’t run an msol commands as shown above.

Now given that the msolservice module will be deprecated on March 30, 2024 there shouldn’t be any issue disabling this for ALL users. However, you may want to make sure you test any Outlook add-ins or other third party apps you have in place that might have a dependency on the old msolservice module. The easiest way to achieve this is probably to simply disable the settings and see if problems arise. If they do, just make sure you know how to revert the setting back. I think is going to be the fastest way to determine if and what any dependencies you may have.

I would suggest that unless you have a dependency it should be disabled to improve the security of your environment.

CIAOPS M365 Best Practice Repo is now available

One of the big challenges I have found with securing a Microsoft 365 environment is determining and setting best practices settings for the environment. Recommendations can be found in many different locations from many different sources. I have always done my best to pull all these together and convert them into a single place that I can apply.

With that in mind I am happy to announce the availability of a new CIAOPS Best Practices repository for Microsoft 365here:

https://github.com/directorcia/bp/tree/main

The aim is for it to be the one place you can go that centralizes all the best practice information, security and otherwise, for Microsoft 365.

Let me give you an example of the benefits of this. In the repo you’ll find the following JSON file for an Entra ID authorization policy:

https://github.com/directorcia/bp/blob/main/EntraID/authorization.json

The idea is that you can use a script like I just uploaded:

https://github.com/directorcia/Office365/blob/master/graph-idauthpolicy-get.ps1

To read these settings and compare them to your own environment.

image

You can see the results above when you run this script. The items that are in red do not match the best practice settings that are in repo.

Not only can you use the repo to compare settings but you can also use it to apply settings. Again, you’d just read the JSON setting in the repo and apply that to your environment. Thus, you could take the Entra ID authorization policy JSON and use a script to actually apply, or write,  those settings to your environment. CIAOPS Patron subscribers will have access to the scripts that I develop that will do both the reading and setting of these parameters. Thus, if you don’t to actually write the code to do all this then become a CIAOPS Patron subscriber.

Having these settings available publicly also means people can examine and comment on them and help develop what is best practices in the Microsoft 365 environment. Remember, that best practices are not absolute, they are what works best for the majority of people. You may want to take these as a base and modify them to suit your needs. The benefits of using Github is that is easy to achieve. Thus, you could create your own repo, based on mine, and that as you base for your environment.

The repo also contains links to best practices I have found like this :

https://github.com/directorcia/bp/blob/main/best-practices.txt

That you can also use. Again, the idea is to bring all these resources for Microsoft 365 into a single location.

This best practices repo is far from complete but I wanted to get it out there so people can provide me feedback and we can all build this out to make all our lives easier. Going forward, I plan to spend time developing the repo wiki to provide documentation for all this. However, feel free to take a look at what is there and provide any suggestions for improvement or addition. I’m all ears.

CIA Brief 240309

image

More unified with Microsoft Intune –

https://www.youtube.com/watch?v=BKyCRvYnz8w

MDTI Standalone Portal Retirement and Transition to Defender XDR –

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/mdti-standalone-portal-retirement-and-transition-to-defender-xdr/ba-p/4077806

What’s New in Microsoft EDU | 22 updates for March 2024 –

https://techcommunity.microsoft.com/t5/education-blog/what-s-new-in-microsoft-edu-22-updates-for-march-2024/ba-p/4077642

Choose a Microsoft 365 for business subscription –

https://www.youtube.com/watch?v=eH0bqov5sgw

Data residency in the AI era: New capabilities to manage your data –

https://www.microsoft.com/en-us/microsoft-365/blog/2024/03/07/data-residency-in-the-ai-era-new-capabilities-to-manage-your-data/

Troubleshoot and Manage Microsoft Purview Data Loss Prevention for your Endpoint Devices –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/troubleshoot-and-manage-microsoft-purview-data-loss-prevention/ba-p/4077992

Reimagining the Microsoft Certification exam UI experience –

https://techcommunity.microsoft.com/t5/microsoft-learn-blog/reimagining-the-microsoft-certification-exam-ui-experience/ba-p/4075312

Improving Threat Hunting Efficiency using Copilot for Security –

https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/improving-threat-hunting-efficiency-using-copilot-for-security/ba-p/4077527

Introducing Restricted SharePoint Search to help you get started with Copilot for Microsoft 365 –

https://techcommunity.microsoft.com/t5/copilot-for-microsoft-365/introducing-restricted-sharepoint-search-to-help-you-get-started/ba-p/4071060

Navigate a seamless cloud modernization with Microsoft assessment tools –

https://azure.microsoft.com/en-us/blog/navigate-a-seamless-cloud-modernization-with-microsoft-assessment-tools/

Enhancing protection: Updates on Microsoft’s Secure Future Initiative –

https://www.microsoft.com/en-us/security/blog/2024/03/06/enhancing-protection-updates-on-microsofts-secure-future-initiative/

Announcing persistent views and UX enhancements in Threat Explorer –

https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/announcing-persistent-views-and-ux-enhancements-in-threat/ba-p/4075679

Use the new investigation and response capabilities for macOS and Linux –

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/use-the-new-investigation-and-response-capabilities-for-macos/ba-p/4054492

Permissions Management: Defender XDR’s RBAC Walkthrough for Microsoft Defender for Office 365 –

https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/permissions-management-defender-xdr-s-rbac-walkthrough-for/ba-p/4064288

Microsoft Defender XDR Monthly news –

https://techcommunity.microsoft.com/t5/microsoft-defender-xdr-blog/monthly-news-march-2024/ba-p/4075876

Securing the Clouds: Achieving a Unified Security Stance and threat-based approach to Use Cases –

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/securing-the-clouds-achieving-a-unified-security-stance-and/ba-p/4073446

Human-operated ransomware (HumOR) –

https://www.youtube.com/watch?v=q1UuDnBHgK8&t=6s

Defender XDR embedded Copilot to standalone Copilot investigation –

https://www.youtube.com/watch?v=iPtb5DZOWg0

Extended user account investigation with Copilot (accelerated) –

https://www.youtube.com/watch?v=Vd_URX7aRbA

Defender XDR embedded Copilot to standalone Copilot investigation –

https://www.youtube.com/watch?v=iPtb5DZOWg0

Defend against human-operated ransomware attacks with Microsoft Copilot for Security –

https://www.microsoft.com/en-us/security/blog/2024/03/04/defend-against-human-operated-ransomware-attacks-with-microsoft-copilot-for-security/

After hours

Caine’s Arcade– https://www.youtube.com/watch?v=faIFNkdq96U

Editorial

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

CIAOPS Need to Know Microsoft 365 Webinar – March

laptop-eyes-technology-computer_thumb

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at Microsoft Forms.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

March Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2403

The details are:

CIAOPS Need to Know Webinar – March 2024
Thursday 28th of March 2024
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.