Microsoft’s Azure AD Identity Protection and Azure AD Conditional Access provides the ability to monitor user sign-in attempts and analyse them for risk. Reducing the risk of a compromised account or a risky sign-in attempt from successfully completing an authentication and authorisation attempt is quite important, but what if circumstances change after a user has successfully logged in?

An end user is issued with an OAuth 2.0 access token at the time of a successful authentication, and that token has a lifespan making the end user’s session valid until that token expires. Configurable Token Lifetime policy is one hour by default unless configured otherwise. Imagine, however, if you’re an admin who needs to block a specific user’s access immediately, or if the service detects that a user is now accessing authenticated driven data from a free Wi-Fi at a coffee shop instead of from their corporate office. The end user’s non-expired access token would need to be immediately revoked forcing them to re-attempt authentication and authorisation – which will fail if their account has been disabled or may present them with a multi-factor authentication challenge because of their new location.

This is addressed via Continuous Access Evaluation, which provides a standard way for an identity provider or a service (also known as the relaying party or resource provider) to stop honouring a valid token and to re-issue an authentication and authorisation attempt. Sonia Cuff has recently shared a brilliant writeup detailing how with Continuous Access Evaluation in place, the lifespan of a token is no longer important, as we can re-challenge a user whenever circumstances change, without having to wait for their token to expire.

As you are aware, our team thrives on IT Professionals feedback which inspires the content we create. This includes technical articles, demo videos and interviews. We are also actively monitoring and engaging with the #AzOps hashtag on twitter. Feel free to reach out with any of your questions as our team is always happy to help.

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• Getting started with Azure Kubernetes Service
• Azure Orbital, and why you should skill up for the future

The post Enforcing Azure Active Directory security via Continuous Access Evaluation appeared first on Microsoft Industry Blogs - United Kingdom.

Microsoft recently announced the public preview of OneDrive Sync Admin Reports in Microsoft 365 Apps admin center, providing more visibility into who within an organisation is running the OneDrive Sync client and any errors they might be experiencing. These insights into what’s happening with OneDrive Sync can proactively enable IT departments to reach out and educate people to resolve common issues and improve the end user experience.

When someone in your organisation reports a problem syncing files to OneDrive, the problem can be investigated quickly and without having to ask for additional details. Having these insights into sync errors hastens the response to requests for help and allows us to be more proactive in driving down the occurrence of common sync errors. All of this is provided via the OneDrive Sync health dashboard, which offers an executive summary of what’s going on with OneDrive Sync in your organisation.

OneDrive Sync Admin Reports is offered in Microsoft 365, is currently in public preview and currently only supports Windows machines. Setup and management documentation is also available.

As always, our team is grateful when the community shares input in helping us create technical articles, demo videos and interviews. Active conversations also take place on Twitter via the #AzOps hashtag. Feel free to reach out with any of your questions as our team is always happy to help. 

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• Manage OneDrive
• Manage OneDrive migrations and deployment

The post Get an at-a-glance view of OneDrive Sync across your organisation appeared first on Microsoft Industry Blogs - United Kingdom.

Remote work conducted by IT Professionals has increased in recent years due to cloud adoption. Managing cloud resources remotely are as easy as opening Azure Portal from almost any browser, and managing on-premises deployments can be just as easy via Remote Server Administration Tools. While both solutions work well, they only provide resource reporting on each separate implementation. In a world where hybrid infrastructure deployments are increasingly becoming the norm, reporting on resources separately just won’t cut it.

Enter Microsoft’s offering of Azure Arc and it’s ability to not only manage over hybrid deployments, but govern over them as well. This includes both Windows and Linux machines hosted on Azure, on-premises and even at another cloud provider. Each machine is treated as a resource within Azure Arc and is managed as a part of a group inside a subscription which can also adopt assigned governance policies, and all this can be managed from a single pain of glass from almost anywhere with only the Azure Connected Machine agent needed to be installed.

Fellow team member, Thomas Maurer, wrote a great post entitled How to Manage and Govern Hybrid Servers with Azure Arc as a great starter. His post details how you can remotely manage and govern servers with Azure Arc by using Azure Guest Configuration Policy.

Learn more

• New Azure features and functionality for August​ 2021
• Introduction to Azure Arc
• Integrate Azure Arc and Azure Stack HCI
• Azure Orbital, and why you should skill up for the future

The post Remotely Managing and Governing Hybrid Servers with Azure Arc appeared first on Microsoft Industry Blogs - United Kingdom.

At Microsoft Inspire 2021, Microsoft announced Windows 365, a cloud service that introduces a new way to experience Windows 10 and the upcoming Windows 11 for all types of workers. Windows 365 securely streams the full Windows experience—including all apps, data, and settings—to personal or corporate devices. All the building blocks are automated, and Microsoft ensures that the service scales the most optimised way possible for Microsoft 365 app use. 

The Cloud PC can be accessed anywhere providing personalised desktop, apps, settings, and content from any device and can scale with a user’s changing compute needs. A user could receive the self-service privileges to release an IT admin from assigning a license that provides more compute resources.  This enables organisations to lower their environment complexity as IT Administrators can deploy and manage virtual endpoints in Microsoft Endpoint Manager with no additional virtual desktop infrastructure (VDI) expertise or resources are needed. 

Christiaan Brinkhoff from the Windows 365 team recently released Getting Started with Windows 365 Guide for IT Professionals to help share more details surrounding deployment, management and security considerations that organisations should consider when harnessing cloud PCs. 

As always, our team is grateful when the community shares input in helping us create technical articles, demo videos and interviews. Active conversations also take place on Twitter via the #AzOps hashtag. Feel free to reach out with any of your questions as our team is always happy to help.  

Learn more

• This article was written for the Monthly TechNet UK IT Pro Newsletter – sign up today!
• Learn more about Windows 365
• New Azure features and functionality for June​ 2021
• 5 Topics from Microsoft Build 2021 you should catch up on

The post Deploying Windows 365 Cloud PCs appeared first on Microsoft Industry Blogs - United Kingdom.