In private browsing

I work across many different Office 365 (and Azure) tenants every day. Many times I need to be inside multiple tenants at the same time. How can I do that effectively? I use ‘private’ browsing modes inside each browser to keep login details isolated.

You can think of ‘private’ browsing as an isolated instance of surfing the web. When you start ‘private’ browsing you start with a ‘clean’ environment (no credentials, logins, etc) are remembered. When you close down the sessions everything is forgotten.

Here’s how you start ‘private’ browsing sessions across the major browsers.

Microsoft Edge

Right mouse click on the Microsoft Edge browser icon and select New InPrivate window from the menu that appears.

If you are already using Microsoft Edge, select the three dots in the upper right to display the above menu. Select the New InPrivate window option.

Google Chrome

Right mouse click on the Google Chrome browser icon and select New incognito window from the menu that appears.

If you are already using Google Chrome, select the three dots in the top right to display the menu shown above. From this menu select New incognito window.

Internet Explorer

Right mouse click on the Internet Explorer browser icon and select Start InPrivate browsing from the menu that appears.

if you are already using Internet Explorer, select the Cog icon in the top right, then from the menu that appears select Safety. From the fly out menu that then appears, select InPrivate Browsing.

Firefox

Right mouse click on the Firefox browser icon and select New private window from the menu that appears.

If you are already using Firefox, select the three lines in the top right to display the menu shown. From the menu that appears, select New Private Window.

Thus, between these four major browsers and their ‘private’ browsing modes, I can work with eight different tenants all at once. Barely enough, I’m telling you. Barely enough.

Need to Know Podcast–Episode 135

More interviews with speakers at the upcoming Microoft Ignite Australia. This time we feature Gino Barletta and speak about his two sessions:

What you need to know about Windows Server 2016 Security

Windows Server 2016 introduces more security features than any previously released Microsoft server operating system. Making your organization more secure is one of the big benefits of Windows Server. In this demo heavy session you’ll learn about new features included Credential Guard, Device Guard, Privileged Access Management (Just in Time Administration), Just Enough Administration, DNS policies, Guarded Fabrics, Shielded VMs as well as the security benefits of Nano Server, Windows Server and Hyper-V Containers. You’ll also learn how you can integrate Advanced Threat Analytics into your on-premises Windows Server deployment.

and

Azure Financial Management, Reporting and Subscription Hygiene through Power BI

This session, helps you understand your current Azure subscription, resources, billing and spend. Controlling spend through analytics and leveraging Microsoft Power BI to visually see your spend / consumption via powerful GUI dashboards.

Don’t forget to send us your feedback at feedback@needtoknow.cloud

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-135-gino-barletta/

or on Soundcloud here:

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show. Resources

@ginobarletta

@marckean

@directorcia

gino.barletta@andeim.com.au

https://cpem.io/tJ01Hzu2k.js?w=640&h=360

Need to Know Podcast–Episode 130

Marc and I have some brief news and cloud updates for you and then we are straight into our guest for this episode. I speak with MVP Alan Burchill all about his upcoming Microsoft Ignite presentations:

Using Edge in the Enterprise

Microsoft Edge is one of the most secure and web standards compatible browsers on the market. See how the new management features in Windows 10 can help IT Professional to provide support for legacy web sites while still allowing users to access web sites with the latest web standards.

Don’t forget to send us your feedback at feedback@needtoknow.cloud

You can listen to this episode directly at:

https://ciaops.podbean.com/e/episode-130-alan-burchill/

or on Soundcloud here:

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Office 365 German datacenters

Microsoft tech days online

Microsoft tech summit – Birmingham

Enabling Azure AD Domain Services

One of the last remaining pieces of infrastructure that was required to either stay on premises or be virtualised was the Active Directory Domain Controller (DC). That is no longer the case as Microsoft has made its Directory Services as a Service available from Azure.

What that effectively now means is that you no longer need a dedicated box (physical or virtualised) for Active Directory, you can simply consume it as a service directly from Azure.

Given that this is a new Azure service there are some challenges. The main one is that Azure Active Directory Services is only available in the older Service Manager portal, not the newer Resource Manager model where everything should really be created these days. Azure Active Directory Services will be coming to the Resource Manager, however at the moment, we need to deploy it using the older Service Manager.

In preparation, I’ve used Azure AD Connect to synchronise users from an existing on-premises Active Directory to Office 365. This has also created accounts for those users in Azure AD. I’ve then added a paid Azure subscription to my free Office 365 Azure AD to enable all the services required.

Next, I created a Virtual Network in both Service Manager and Resource Manager. I then connected these together using a site to site VPN. The idea is that the Service Manager network will simply be used for Directory Services, while the Resource Manager network will hold all the other services such as member servers and so on.

Now, with the site to site VPN between Azure Service Manager (ASM) and Azure Resource Manager (ARM) in place, I navigate to the ASM portal.

Here I select my Active Directory option and then name of the Active Directory.

I select the Groups option at the top of the page and create a new security group called:

AAD DC Administrators

It is to create a group EXACTLY as it appears above.

Into this new security group add all the users from your AD that you want to be effectively Domain Administrators in Azure AD Domain Services.

Now select the Configure option at the top of the page.

Scroll down the page until you locate the Domain Services area as shown above.

Select the Yes option to enable the service.

You’ll also need to check that the DNS Domain and Virtual Network options are correct. in this case I’ve select the custom domain I have in Office 365 and synchronised from an on-premises AD.

Select Save at the bottom of the page to complete the configuration.

Azure will now hum away for about 35 minutes enabling the service for you.

When the enablement process is complete you should now see two IP addresses at the bottom of the domain services area as shown above.

You should update the virtual network on the ARM network to point to these DNS servers on the ASM network. You can think of it like the Domain Controller for the whole network is now on the ASM network which is reached by the ARM network across the VPN.

So let’s say you now spin up a member server on the ARM network. You add this member server to the domain as you would normally. When you do, you’ll be prompted for credentials to allow this. Here you’ll need to use a member of the security group AAD DC Administrators you created earlier. Apart from that everything is exactly the same as if there was a physical domain controller in the network.

So your next question is probably going to be about to manage this ‘DC as a service’? Easy. Simply add the AD management tools to any member server and as you can see from the above, the domain appears exactly like it would if there as an on-premises server on the network. If you go in and look a the domain controllers on the network you’ll two, as see above. They have a random GUID and obvious correlate to the two IP addresses provided by the Directory Service during configuration.

If you then elect to say, remove the on-premises domain controller you’ll have all your users and a fully functioning domain in Azure. You’ll have your AD now as service rather than requiring dedicated equipment, which is far more flexible as easier to manage. You’ll be able to manage your users, group policy and the like just as you could on premises, but now totally in the cloud.

At the moment there is some extra configuration because of the necessity of an ASM network for Directory Services but in time everything will move to ARM which will make it even easier to have your domain controllers as a service!

For more information on Azure AD Domain Services visit:

https://azure.microsoft.com/en-us/documentation/articles/active-directory-ds-getting-started/

Thank you Mr Jeffrey Snover for telling me about OMS

After conducting a recent podcast with Jeff Snover from Microsoft I decided to spend a little time playing with Microsoft Operations Management Suite (OMS). What I didn’t realise, but was highlighted by Jeff in the podcast, was that fact that OMS comes with a free tier!

So I went ahead and created a workspace and then started to connect things like my local machines to it so that the status could be reported back to my OMS dashboard. Thanks to that ability i received the above email letting me know that I needed to update one of my machines.

However, OMS does more than just warn me about security patches, it also details what software changes have been made on my systems as shown above as well of lots of other stuff.

You can also connect it to your Office 365 tenant as you see above.

I can click on that Office 365 tile in the console to reveal further detail, like that for SharePoint as shown above.

If I drill in further I get detailed log information as you see above. All of this is also searchable from OMS.

From this I can then go in and create an email alert as shown above.

This therefore provides a lot more detail and functionality around Office 365 reporting than I’ve seen elsewhere. Best of all, it is totally free! I would expect to see its abilities continue to increase.

You’ll find a huge amount of solutions you can simply plug into your dashboard to monitor all kinds of things, and they are adding new ones all the time. Just go to the solutions gallery, as shown above, to see all the modules you can add.

You’ll also see from the above that you can get a free plan that provides a lot of functionality, certainly a no brainer as a starting point for low level Office 365 monitoring and log capture. From there you can upgrade to the full plan on a per node per month cost.

Microsoft OMS is probably not as comprehensive as some existing third party monitoring solutions I’ve see out there in the SMB space at the moment, however I can also see how powerful OMS is going to become very soon as Microsoft focuses more attention and resources on its development.

I’d therefore be suggesting that if you need to monitor on-premise or cloud services then you really need to have a look OMS and understand what it can do today and what it is going to be capable of in the future. If I were those third party monitoring solutions, I’d be pretty worried about my business model going forward as Microsoft is coming to town with something that is going to make a huge impact.

If you need to monitor or secure any sort of technology, take a look at Microsoft Operations Management Suite (OMS) can do for you. You can even get started for free, so there is no reason not to give it a try.

Need to Know podcast–Episode 111

In this episode we dive into the world of containers and Docker. We learn about what they are, why they are relevant to IT Pros and how Microsoft is providing more ways to utilise these technologies today. Our special guest subject matter expert is Trevor Sullivan who is a Microsoft MVP and able to explain to us why containers and Docker are so important in today’s technology landscape. Listen and learn.

You can listen to this episode at:

http://ciaops.podbean.com/e/episode-111-trevor-sullivan/

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show.

Resources

@marckean

@directorcia

Trevor Sullivan

https://blogs.msdn.microsoft.com/dotnet/2016/06/27/announcing-net-core-1-0/

https://azure.microsoft.com/en-us/blog/powershell-is-open-sourced-and-is-available-on-linux/

https://blogs.technet.microsoft.com/enterprisemobility/2016/06/23/azuread-conditional-access-for-office365-exchange-sharepoint-in-preview/

https://azure.microsoft.com/en-us/blog/alerting-and-monitoring-for-azure-backup/

Feedback to – feedback@needtoknow.cloud

Upgrading to PowerShell 5

A while back I wrote an article about how:

Life is far easier with PowerShell 5

where I details the step involved in upgrading a machine to run PowerShell 5. I’ve now also completed a video on that very same process to show you exactly how easy it is to.

You should now how no reason not to be using PowerShell. Go forth and script!