Hairless in the Cloud - Microsoft 365 - Security und Collaboration

Links:
- Pink Thumb 2023 https://emptydc.com/2022/12/09/pink-thumb-2023

• Musk kauf Twitter - nicht
• Pwn2Own (TrendMicro), Sandbox      Outbreak Teams: 450k $, aber auch privescalation Win11, Ubuntu und Sandbox      Outbreak Tesla Infotainment System
• Teams Collaborative      Annotations - https://www.microsoft.com/microsoft-365/roadmap?featureid=86732
• Google Pixel Ökosystem wie      Apple? - https://www.mobiflip.de/kommentar-google-pixel-oekosystem/
• New Outlook - https://techcommunity.microsoft.com/t5/outlook-blog/things-to-know-about-the-new-outlook-for-windows/ba-p/3383964
• MS Build vom 24. - 16.05.2022      - https://mybuild.microsoft.com/

Cross Tenant Access Policies

• Azure AD External Identities
• Azure AD B2B Collaboration      (2017)
• Azure AD B2B Direct Connect      (Shared Channels) - https://docs.microsoft.com/en-us/azure/active-directory/external-identities/b2b-direct-connect-overview
  • Wichtig: Es gibt kein AAD       Object in eurem Tenant mehr
• Conditional Access      funktioniert, aber denkt dran dass es keine User Objekt mehr gibt (Trusted      Guest Scenario)
• Tech Community Post zu XTAP: https://techcommunity.microsoft.com/t5/microsoft-teams-community-blog/teams-connect-with-your-partners-get-to-know-the-azure-ad-config/ba-p/3267140
• Trust Settings sind cool      besonders für Complex Orgs

Defender Updates

• TVM heißt jetzt Microsoft      Defender Vulnerability Management: https://docs.microsoft.com/de-de/microsoft-365/security/defender-vulnerability-management/defender-vulnerability-management-capabilities?view=o365-worldwide
• Stand alone oder als Add-On      zu P2
• P2
  • Device discovery
  • Device inventory
  • Vulnerability assessment
  • Configuration assessment
  • Risk based prio
  • Remediation tracking
  • Software assessment
• Add-on
  • Security Baseline Assessment
  • Block vuln apps
  • Browser extensions
  • Certificate assessment
  • Network Share Analysis
• MDE Troubleshooting Mode: https://jeffreyappel.nl/microsoft-defender-for-endpoint-troubleshooting-mode-how-to-use-it/

https://twitter.com/okieselb

Gibt ein Überblick über die Ankündigungen aus dem Windows Hybrid Work Event aus dem Bereich MEM und Windows 11 Hardware (Security)

Windows powers the future of hybrid work (microsoft.com)

#Windows11

- #MicrosoftPluton support

- #SmartAppControl

- Enhanced #DefenderSmartScreen

- #CredentialGuard by default

- Additional LSA protection by default

- #PersonalDataEncryption

- #ConfigLock

- (#HVCI) default enhancements

- #WDAC driver blocks

Federated identity credentials
https://docs.microsoft.com/en-us/graph/api/resources/federatedidentitycredentials-overview?view=graph-rest-beta

Managed Identities (System vs. Assigned):
https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview#managed-identity-types

Application Registration vs. Service Principal
https://docs.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals

Detection of abusing Azure AD Federated Identity Credentials in GitHub Actions
https://www.cloud-architekt.net/github-enterprise-monitoring-sentinel/

Gundog v2: install-module gundog https://emptydc.com/2022/02/08/gundog-2/

PowerShell um TenantID zu bekommen: https://github.com/jangeisbauer/MiscPowerShell/blob/main/Get-TenantIDbyName.ps1

Basic Logs (im Kontrast zu Analytic Logs)

• Große Datenmenen wie Netzwerklogs
• Günstigere Ingestions Kosten
• Dafür Kosten für Queries
• Retention 8 Tage (statt 90)
• Keine Alerts nur für Ad Hoc Hunting

Archived Logs

• 7 Jahre
• Low cost

IngestionTime Transformations: https://docs.microsoft.com/en-us/azure/azure-monitor/logs/ingestion-time-transformations

• Neue MS Roadmap (nur in EN-US) https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=
• Teams Rich Broadcasting – Cameo, Seaker Coach, Rich Q&A, Stream to linkedin https://techcommunity.microsoft.com/t5/microsoft-teams-blog/elevate-webinar-and-broadcasting-experiences-with-microsoft/ba-p/2784943
• Teams Recording Playback up to 2x - https://m365admin.handsontek.net/microsoft-stream-variable-playback-speed-0-5-2x-for-microsoft-teams-meeting-recordings/
• Backup and Restore Edge profile - https://regarding365.com/back-up-restore-and-migrate-microsoft-edge-browser-profiles-between-pcs-e953f7aa053d
• Stack Overflow Keyboard - https://stackoverflow.blog/2021/09/28/become-a-better-coder-with-this-one-weird-click/

OneDrive

• Files in O365
• Files On Demand
• No disk space waste, 3 states
• Office is always cloud first
• Mobile
• Features
• Differential Sync
• 250 GB files
• Easy sharing
• Best on windows
• Good to know
• TMP, desktop.ini, .ds_store files are not synced
• Sync for B2B is a thing (MFA will block)
• Invalid character " * : < > ? / \ |
• PST is now supported and solved by lower sync frequency and lower version history
• https://support.microsoft.com/en-us/office/restrictions-and-limitations-in-onedrive-and-sharepoint-64883a5d-228e-48f5-b3d2-eb39e07630fa
• Konnekt for the rescue – https://konnekt.io

Sentinel

• Data
• KQL Query
• Events
• Alerts
• Incidents

• Fußball EM202(0|1) Pride: https://mobile.twitter.com/Oly_Berlin/status/1394224565551828994
• Hunting Queries on https://github.com/jangeisbauer
• Teams Feature by Platform: https://support.microsoft.com/en-us/office/teams-features-by-platform-debe7ff4-7db4-4138-b7d0-fcc276f392d3?ui=en-US&rs=en-US&ad=US
• Dave Kennedy Playlist: https://twitter.com/HackingDave/status/1401545215157149696?s=20
• Viva Insights Wellbeing
• https://www.youtube.com/watch?v=DnQeo4KI3lM
• https://techcommunity.microsoft.com/t5/microsoft-viva-blog/introducing-headspace-a-new-focus-mode-and-quiet-time-settings/ba-p/2431919
• New Whiteboard for Hybrid Work: https://techcommunity.microsoft.com/t5/microsoft-365-blog/meet-the-new-microsoft-whiteboard-designed-for-hybrid-work/ba-p/2445539
• John McAfee ist tot
  • Und dann hat er ein Video hochgeladen: https://www.youtube.com/watch?v=bKgf5PaBzyg
• Teams Room System New: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/new-experiences-coming-to-microsoft-teams-rooms-to-allow/ba-p/2451553
• Pink thumb: search for pink thumb in google store: https://emptydc.com/2021/06/22/pink-thumb/
• Teams Webinar Webcast: https://youtu.be/74hwAOSV0gI?t=297
• Visio for everyone: https://www.microsoft.com/en-us/microsoft-365/blog/2021/06/09/bringing-visio-to-microsoft-365-diagramming-for-everyone/
• Visual Studio 2022 Preview: https://visualstudio.microsoft.com/vs/preview/vs2022/
• Rename your SharePoint tenant: https://docs.microsoft.com/en-us/sharepoint/tenant-rename
• M365 Free DNS Domain: https://www.myo365.site/

Windows 11

• Snaplayout
• Snapgroups
• Dock
• Widgets
• Store
• Android Apps
• Teams
• MSA Required for Home

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/staying-on-top-of-office-365-updates/ba-p/1201118

Ever Given - https://www.theverge.com/tldr/2021/3/25/22350300/suez-canal-ship-stuck-ever-given-boat-stuck

Yammer Guests - https://techcommunity.microsoft.com/t5/yammer-blog/guest-access-in-yammer-is-now-generally-available/ba-p/2218392

MVP Summit

Ignite Endpoint Manager - https://www.youtube.com/watch?v=bZUP1dh8AF8

I'm a PC wechselt die Seiten - https://www.thurrott.com/windows/windows-10/248213/justin-long-is-no-longer-a-mac-in-new-intel-ads?utm_source=rss&utm_medium=rss&utm_campaign=justin-long-is-no-longer-a-mac-in-new-intel-ads

Jan

Findtime

Remote Desktop aus dem Store

Power Toys Fancy Zone

Camtasia + Snagit

Marco

Zoomit

ShareX

Paint.net

PowerPoint Replace Image

https://m365maps.com/

Fun

https://www.youtube.com/watch?v=URqDE1l5XT4

https://www.youtube.com/watch?v=IbC1ZRPtOpY

https://news.microsoft.com/ignite-march-2021-book-of-news/

Azure

Niklas Bachmann

https://www.linkedin.com/in/niklas-bachmann-66a863158/

• Virtual WAN updates - User VPN and VMware SD-WAN Partnering
• Scalable Bastion Service
• Azure Backup Archive Tier Preview
• Azure Private Marketplace GA
• Azure Resource Mover GA
• Azure Firewall Premium Preview
• Azure Disks Performance Tiers

Collab

Marco Scheel

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-microsoft-ignite-2021/ba-p/2118226

• Meetings
  • Presenter View
• Video Layouts
• 1k interactive Meetings
• Microsoft Teams Connect
• Shared Channels based on B2B
• Teams Multi Geo
• Safe Links for Teams
• Operator Connect (Calling + Conferencing)
• Low Data Mode
• Teams + Azure Calling Services
• SharePoint Governance Reports (Anonymous Sharing Links)

Security

Jan Geisbauer

• Security Kram eben die Show notes liest eh keiner

Windows

Oliver Kieselbach

https://www.linkedin.com/in/oliver-kieselbach-a4a3409/

• 1 Application Reliability
• 2 Restart frequency
• 3 Productivity Score
• Windows Update for Business improvements
• 4 Driver and Firmware update policies
• 5 Expediting Quality Updates
• 6 Known Issue Rollback (KIR)
• Delivery Optimization
• 7 Cloud-based congestion detection -> prevent download storm -> service elects someone and then this device can be the super spreader
• client min. 2004 -> cloud -> later this year
• 8 Settings Catalog
• 9 Defender + Tunnel App combined
• 10 Setup Assistant iOS native MFA support -> henne ei trotzdem -> TAP

Das Ende ist Nahe - https://twitter.com/timpritlove/status/1362756062072422405?s=20

Pandemie Stay Alive Calls - https://mobile.twitter.com/vanhybrid/status/1358709192371154945

New file sharing in teams - https://m365admin.handsontek.net/new-file-sharing-experience-in-microsoft-teams/

Community Calls - https://developer.microsoft.com/en-us/office/blogs/microsoft-365-pnp-general-developer-sig-recording-18th-of-february-2021/

Microsoft Journal - https://www.microsoft.com/en-us/garage/blog/2021/02/an-ink-first-experience-with-journal-a-microsoft-garage-project/

Power Apps in Teams Milestones & Bulletins - https://techcommunity.microsoft.com/t5/microsoft-teams-blog/track-projects-and-share-news-in-teams-with-two-new-power-apps/ba-p/2118479

Dave Plummer - https://www.youtube.com/watch?v=f8VBOiPV-_M

TAP

https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-authentication-temporary-access-pass

https://goodworkaround.com/2021/02/12/checking-out-the-new-azure-ad-temporary-access-pass-preview-feature/

Microsoft Viva

https://www.microsoft.com/en-us/microsoft-viva

Insights = MyAnalyics (früher Delve) + MyWorkplace Analytics (Böse in deutschland)

Topics = Project Cortex ist Knowlegde Management mit Tags, Wiki, etc

Connections = Ist quasi ein SharePoint Intranet das man auch in Teams einbinden kann (früher Home Site App)

Learning = "iframe" um alle möglichen Lernplatformen in Teams anzuzeigen (LinkedIn Learning)

https://twitter.com/ragnarh

https://ragnarheil.de/

https://ragnar.blog/

Wer ist Ragnar Heil?

Ignite Ankündigung „MS Stream New Vision“

- Zurück zu SharePoint

- Gut oder schlecht? Deine Meinung

Microsoft Stream basierte Events

- Team Live Events vs Stream Live Events

Event Setup

- Software

- Hardware

- Tipps & Tricks

Links

https://streamyard.com/

https://obsproject.com/de

https://techcommunity.microsoft.com/t5/microsoft-stream-blog/a-new-vision-for-microsoft-stream/ba-p/1686304

• Trump
• Corona Gegner & der      Schülerbesuch in einer Lungenklink
• Blackfriday Woche!
• Pluton: https://www.techradar.com/news/microsoft-debuts-mysterious-new-processor-that-will-define-the-future-of-windows-pcs
• Hunt across cloud app      activities with M365 Defender :https://techcommunity.microsoft.com/t5/microsoft-365-defender/hunt-across-cloud-app-activities-with-microsoft-365-defender/ba-p/1893857
  • Exchange Online
  • Microsoft Teams
• KI Fundstück der Woche: Alexa      reagiert auf WC Spülung
• .NET Conf 2020 - https://www.youtube.com/watch?v=mS6ykjdOVRg
• .NET 5 - https://www.youtube.com/watch?v=o-esVzL3YLI
• DLP Policies & Sens Label      - https://office365itpros.com/2020/07/06/data-loss-prevention-with-sensitivity-labels/
• Bill Gates' neuer Podcast: https://www.gatesnotes.com/Podcast
• Security Voraussagen für 2021      (https://securelist.com/apt-predictions-for-2021/99387/)
  • APTs will buy initial       network access from cybercriminals
  • Von anderer Quellen: Zukunft       liegt in data exfiltration / not locking
• Canary Tokens: https://canarytokens.org/generate

Fritbox2Sentinel

• FritzBox2Sentinel: https://emptydc.com/2020/11/13/fritzbox-2-sentinel/

Productivity Score

• https://docs.microsoft.com/en-us/microsoft-365/admin/productivity/productivity-score?view=o365-worldwide

• STOP THE VOTE !1!!!
• KI Fussballkamera verwechselt      glatzköpfigen Linienrichter mit Ball: https://www.heise.de/news/Autonome-Fussballkamera-verwechselt-glatzkoepfigen-Linienrichter-mit-dem-Ball-4943323.html
• Teams Connector Sentinel: https://techcommunity.microsoft.com/t5/azure-sentinel/expanding-microsoft-teams-log-data-in-azure-sentinel/ba-p/1811827
• Mandalorian Staffel 2: https://www.kino.de/serie/the-mandalorian-2019/news/the-mandalorian-staffel-2-ab-freitag-geht-der-kampf-um-baby-yoda-weiter/
• Sign-ins Report for      Service-Principals: https://docs.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-all-sign-ins
• Advanced Password Spray      Attack Detection: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/advancing-password-spray-attack-detection/ba-p/1276936
  • Low and slow (many thousand       IP addresses as source) e.g. from a botnet
  • Diese Attacken gehen unter,       fallen fast nicht auf NUR
  • Wenn Microsoft über ALLE       TENANTS weltweit schaut
  • Password Spray Detection:       check single hash failing across multiple accounts worldwide
  • Das alles ist jetzt in ID       Protection
• Teams Meeting Recording 3x3: https://admin.microsoft.com/Adminportal/Home?ref=MessageCenter&id=MC225568
• Exchange + Adressing (no      groups): https://techcommunity.microsoft.com/t5/exchange-team-blog/plus-addressing-now-available-in-exchange-online/ba-p/1824651
• Xbox und Playstation next      gen: https://www.thurrott.com/games/xbox/xbox-series-x/243536/xbox-series-x-review?utm_source=rss&utm_medium=rss&utm_campaign=xbox-series-x-review
• Teams News: Spotlight (for      all) https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-october-2020/ba-p/1824864

Teams Display und Audio

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-teams-displays-now-available/ba-p/1810291

Jupyter Notebooks in Azure

https://docs.microsoft.com/en-us/azure/sentinel/notebooks

Follow Pawel on Twitter: https://twitter.com/Pawp81

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-microsoft-ignite-2020/ba-p/1665600

https://techcommunity.microsoft.com/t5/microsoft-stream-blog/a-new-vision-for-microsoft-stream/ba-p/1686304

https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/what-s-new-in-security-and-compliance-in-sharepoint-and-onedrive/ba-p/1696705

Security

- MTP = Microsoft 365 Defender

- MDATP = Microsoft Defender for Endpoint

- OATP= Microsoft Defender for Office 365

- AATP = Microsoft Defender for Identity

The Azure Security Center solutions are rebranded accordingly:

- Azure Defender for Servers

- Azure Defender for IoT (cool CyberX stuff for OT)

- Azure Defender for SQL

- Microsoft Defender for Endpoint (fka: MDATP) now supports Android (GA) and iOS (Preview) and macOS is now supported with TVM.

Microsoft Threat Protection == Microsoft 365 Defender + Azure Sentinel + Azure Defender

Neue Attack Simulator Szenarien:

- Credential Harvest

- Malware Attachment

- Link in Attachment

- Link to Malware

• Mimikatz: https://dirkjanm.io/digging-further-into-the-primary-refresh-token/
• Ignite 2020: https://www.microsoft.com/en-us/ignite
• Become a KQL Ninja: https://security-tzu.com/2020/08/07/become-a-kql-ninja/
• Teams: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-july-2020/ba-p/1551561
• SCC Report: https://github.com/jangeisbauer/SCCReport
• Booking "14 people are      currently watching this product" --> random()*12 + 3: https://twitter.com/RoninDey/status/1292002070363541505?s=20
• MCAS spoofing: https://stephanwaelde.com/2020/08/04/mitigate-mcas-issue-with-user-agent-spoofing/
• Überall tauchen DUOs auf: https://twitter.com/matvelloso/status/1291576776238305281?s=20

I LIKE TO MOVE IT

• Mover.io (2019 gekauft)
• "Alternativen"      SharePoint Migration Tool, ShareGate, AvePoint, …
• Viele Anbindungen (14): S3, AZ Blob, Box, Dropbox, G Suite, Gdrive, O365, OneDrive

User vs Admin

Self Service Migration

• OneDrive 2 OneDrive
• DropBox 2 OneDrive
• OneDrive 2 DropBox

Admin driven migration

• Immer noch die Rede von       User!
• User Mapping = Site Mapping       = Url 2 Url
• Permission Mapping (upn =       upn) - damit auch B2B machbar?

UX

• Anmelden an Service 1
• Anmelden an Service 2
• Auf jeder Seite den Ordner       wählen
• Im Ziel auch anlegbar

Tech

• 2 AAD Apps (alles       OIDC/Oauth)
• Anmeldung an zwei Tenants in derselben Browser Session
• Mover OneDrive (user consent)
• Office 365 Mover (admin consent)
• Keine "Lizenz"
• Performance: Mein OneDrive 45k 106 GB = 12 stunden

Use Case

• Blob to SharePoint über ein Schedule
• https://www.youtube.com/watch?v=vuo8kD5zF5I

BUT YOU ARE NOT ALLOWED TO: Microsoft Endpoint Data Loss Prevention

• Public Preview
• Native built into Windows (in MDATP component and edge)

Compliance.microsoft.com

• Sensitive Info Type: ex german passport number
• AND Share Condition: Is shared with somebody inside or outside my org

Audit or restrict activities      on windows devices

• Upload to cloudservices or       access by unallowed browsers
• Copy to clipboard
• Copy to USB
• Copy to network share
• Access by unallowed apps
• Print

https://techcommunity.microsoft.com/t5/microsoft-security-and/announcing-public-preview-of-microsoft-endpoint-data-loss/ba-p/1534085

• Collaboration Bar im Test
  https://glueckkanja.com/blog/collaboration/futureworkplace/teams/2020/06/yealink-vc210-product-review/
• Teams Breakout rooms
  https://myteamsday.com/2020/04/17/breakoutrooms-in-teams/
• Corona App
  https://mobile.twitter.com/ard_bab/status/1272909142819299330
• BLM
  https://www.hanselman.com/blog/EasilyRenameYourGitDefaultBranchFromMasterToMain.aspx
• gkgab
  https://www.gab.de/fuehrende-microsoft-partner-fusionieren/
  https://glueckkanja.com/de/unternehmen/media-kit

Neuer Tenant

• Name des Tenant
  Christian, wie hast du das "bulk" geprüft
• Services
  Exchange
  Teams
  SharePoint
  OneDrive
• Security
  Conditional Access
  All the ATP
• Migration
  O365
  Security
  AD

• Edge
• Sidebar search
• Pinterest integration
• Switch profiles
• Progressive Web Apps
• Lists
• Project Reunion
  • Desktop und UWP
• Neue Auth Api für MFA in https://techcommunity.microsoft.com/t5/azure-active-directory-identity/manage-your-authentication-phone-numbers-and-more-in-new/ba-p/1257359
• PowerToys
• Linux GUI apps
• Fluid Office Doc (Modularisierung von Content)
• Every Developer is welcome - Scott Hanselman - https://mybuild.microsoft.com/sessions/871ef73f-f04a-405b-a0fa-01d7433067d1

Windows 2004

• Graphic Card Temp in Task Manager
  • Only with dedicated GPU card
  • Only supported in Celsius
• Rename virtual desktops
• Reset from cloud
• Win Taste und Punkt für Emojis Menü   
• Windows Hello PIN in Safe Mode
• Recover from the cloud
• Restart Apps
• Many Notepad features      

Stephan Wälde (Lead Cloud Architect bei der Glück & Kanja Consulting AG)
Twitter: @stephanwaelde
Blog: https://stephanwaelde.com

Begriffserklärung

Access Token / bearer token

OAUTH

User vs. App

Besser Principal und Ressource Owner

Client != Device

Client eher Anwendung

Delegated vs App Permission

Basic

Ressource MS Graph

Ressource Owner

Client (Anwendung: Client ID)

Auth Server (AAD)

Access Token --> Resource

Refresh Token --> AAD

ID Token --> client

Username, Displayname, Email

Azure AD

PRT --> sso browser holt sich von OS

MSAL aware apps machen SSO

Enterprise Apps

Wie kann man die Tokens "anfassen"?

https://JWT.MS (ID und Access Token)

Fiddler

F12

Oder selber schreiben

Frage an Jan :)

RFC von OAUTH 2.0https://tools.ietf.org/html/rfc6749

• Microsoft 365 Consumer - Briefing: https://www.youtube.com/watch?v=0SkHWXH49js&feature=emb_title
• Stuntman on Twitter: https://mobile.twitter.com/gamaniak/status/1252663994629922823
• Teams Community Day: https://www.teamscommunityday.de/de/agenda-online/
• Bill Gates schreibt 13 Seiten über "Pandemic I": https://www.gatesnotes.com/Health/Pandemic-Innovation?WT.mc_id=20200423090000_Pandemic-Innovation_BG-TW_&WT.tsrc=BGTW
• Kontaktverfolgung per PEPP-PT: https://www.heise.de/newsticker/meldung/Corona-Kontaktverfolgung-und-PEPP-PT-Es-zaehlt-mehr-als-kryptographische-Eleganz-4708335.html
• CVE-2020-3952 bekam ein CVSS score von 10: https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
• Access Review Office Hour: https://twitter.com/fionnagan/status/1249772350725189643?s=20
• Cloudeight Event am 22. Mai: https://www.cloudeight.ch/?mec-events=session-16-go-hack-yourself-with-microsoft-advanced-threat-protection-mdatpmit mir, Ingo Gegenwarth, Hans Brender etc, organisiert von Drago Petrovic
• Trust in Tech am 29. April organisiert von Alex Benoit, sprechen wird diesmal Christian Müller von der Infowan über Sentinel und Co: https://www.meetup.com/de-DE/Trust-in-Tech-Cologne/events/270165772/?isFirstPublish=true
• GitHub for free: https://mobile.twitter.com/natfriedman/status/1250092565090562049

Attack Surface Reduction Rules 

https://techcommunity.microsoft.com/t5/microsoft-defender-atp/demystifying-attack-surface-reduction-rules-part-2/ba-p/1326565

Meetings Everywhere

• Anbieter
  • Zoom
  • WebEx
  • Skype
  • Google
  • Meet
  • Hangouts
  • Facetime?
  • Blue Jeans
  • GoToMeeting
  • Discord, Twitch, Mixer
  • Microsoft Teams
  • Free Version
  • Commercial

M365 Corona Einschränkungen: https://admin.microsoft.com/Adminportal/Home?source=applauncher#MessageCenter?id=MC207439

GK Home Office: https://mobile.twitter.com/glueckkanja/status/1242839888459976704

Pimp your Meeting with Scott: https://www.hanselman.com/blog/TakeRemoteWorkerEducatorWebcamVideoCallsToTheNextLevelWithOBSNDIToolsAndElgatoStreamDeck.aspx

Teams Background Noise Suppression and more: https://techcommunity.microsoft.com/t5/microsoft-stream-blog/new-and-coming-soon-background-noise-suppression-mobile-video/ba-p/1221048

Teams Collab Bars: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/the-first-collaboration-bar-for-microsoft-teams-is-now-available/ba-p/1231706

GK Future Workplace @ School: https://glueckkanja.com/blog/teams/realmjoin/intune/futureworkplace/collaboration/2020/03/modern-workplace-at-school/

Microsoft Teams Live Meeting

https://docs.microsoft.com/en-us/microsoftteams/teams-live-events/what-are-teams-live-events

Nicht das Meeting wie sonst (Meeting != Event)

Nicht Live (10-40 Sekunden Versatz)! Nur die Producer können sprechen!

Producer & Consumer

Ressourcen (CPU Power)

Am besten zwei Producer

Am besten vorher mal testen

Kein Client für die Consumer, Teams Client geht aber

Q&A, Live Transcription (Englisch, Türkisch, Spanisch, …), Recording

https://docs.microsoft.com/en-us/MicrosoftTeams/teams-live-events/plan-for-teams-live-events

License

An Office 365 Enterprise E1, E3, or E5 license or an Office 365 A3 or A5 license

A Microsoft Teams license

A Microsoft Stream license

Sentinel Fusion

https://docs.microsoft.com/en-us/azure/sentinel/fusion

correlation

More Stuff

Non Teams Meeting Demo: https://martinfowler.com/articles/effective-video-calls.html

• Corona
• HICnight: https://hairlessinthecloud.com
  • Alternativlos: https://alternativlos.org/45/
• https://www.heise.de/security/meldung/Troy-Hunt-will-seinen-Pruefdienst-Have-I-Been-Pwned-nun-doch-behalten-4676778.html
• Tweeter Fleets: https://www.heise.de/newsticker/meldung/Twitter-testet-selbstloeschende-Kurznachrichten-Fleets-4676631.html
• Betriebsrat und MDATP: https://glueckkanja.com/blog/security/microsoft/gk/2020/03/mdatp/
• MDATP for Linux: https://chrisonsecurity.net/2020/02/27/microsoft-defender-atp-for-linux/
• NFL nutzt Teams: https://www.microsoft.com/en-us/microsoft-365/blog/2020/03/03/empowering-nfl-microsoft-surface-microsoft-teams/
• Whats new in Teams (2020-02):      https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-february-2020/ba-p/1199785

MCAS

• Discovery: Shadow IT
  • Connect via App Connect
    • Salesforce
    • Box
    • Dropbox
    • Gsuite
    • etc
  • Connect via MDATP Client
• Investigate
  • Activity
  • Users & accounts
  • Oauth apps
  • MCAS: https://docs.microsoft.com/de-de/cloud-app-security/

Remote Work

• https://www.hanselman.com/blog/LoveInATimeOfCoronaVirusTipsTricksAndBestPracticesForWorkingRemotely.aspx
• Time zone Unterschiede
• Video sollte man an machen
• Blur your Background
• Vielleicht nur am Anfang
• Bandbreite
• Nicht alle wollen/können
• https://twitter.com/shanselman/status/1232747403133906944?s=20
• Timing (call delay)
• Laut sprechen wenn man im Raum mit mehreren Leute ist
• Nutzt einfach in Teams die Test Call Funktion um euer Audio zu checken
• MUTE!
• Achtung: Teams Mute vs. Telefon mute
• Vorbereiten
• Rüstzeiten
• PPTX, Browser, Login
• Meeting aufzeichen
• Verpasst
• Abgelenkt
• Nicht verstanden
• Verzögerung in der Kommunikation
• Chat ist nicht Telefonieren oder in Person
• Kommunikation auch auf dem Handy dabei haben
• Equipment
• Headset ist super hilfreich
• Achtet auch Echo
• Kann euer Device von daheim arbeiten
• Umgebung
• Familie bescheid geben
• Gesundes Essen
• Geht auch mal raus

• Neue Office App: https://www.mobiflip.de/shortnews/microsoft-office-app-android-ios/
• MTP ist GA, iOS und Android bekommt Defender: https://www.microsoft.com/security/blog/2020/02/20/microsoft-threat-protection-intelligence-automation/
• Gesichtsmaske mit deinem Gesicht: https://www.androidcentral.com/face-id-mask-lets-you-use-face-unlock-while-protecting-you-viruses
• Security Roadshow: https://glueckkanja.com/de
• Microsoft Teams wo wie wann: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-at-integrated-systems-europe-2020/ba-p/1177964
• Tesla gibt Gas: https://www.heise.de/newsticker/meldung/Klebeband-verwirrt-autonome-Teslas-4665187.html

BOT

• https://de.wikipedia.org/wiki/Bot
• https://powerva.microsoft.com
• https://azure.microsoft.com/en-us/services/bot-service
• https://dev.botframework.com/

PIM

• Edward Snowden
  • Just-in-time
  • Time-bound
  • Approval
  • Require mfa
  • Justification
  • Notifications
  • Access reviews
  • Audit history
• Assignment
  • Role
  • Activiation Duration
  • Mfa / Approval /       Notification
  • Eligible / Permanent
  • Justification
  • Ticket-Number !!
  • Powershell Module
• Access Review
  • Scheduled job that reviews       membership of all or certain roles
  • Reviewer kann dann       entscheiden, ob Leuten Permission weggenommen wird
               bzw. dies kann automatisch getan werden

https://twitter.com/KobyKoren

Azure Sentinel
https://azure.microsoft.com/en-us/services/azure-sentinel/

• HIC-NIGHT: https://hairlessinthecloud.com
  
• Anti-Phishing Vorschlag: https://twitter.com/janvonkirchheim/status/1224014388652314624?s=20
• Stephan Waelde blogged über AD Stuff: https://stephanwaelde.com/
• John Lambert @ Darknet  Diaries: https://twitter.com/janvonkirchheim/status/1219649342551793664?s=20
• Thomas Naunheim hat über App Consents geblogged:https://twitter.com/janvonkirchheim/status/1219635032517640193?s=20
• Panos to rule them all: https://www.zdnet.com/article/microsoft-to-combine-its-windows-client-and-hardware-teams-under-chief-product-officer-panos-panay/
• Jeff Teper bekommt Teams: https://mobile.twitter.com/jeffteper/status/1225266848586846209
• App Launcher updates for      admins: https://techcommunity.microsoft.com/t5/office-365-blog/updates-to-office-com-and-the-office-365-app-launcher/ba-p/1150503
• Yammer Native Mode: https://docs.microsoft.com/en-us/yammer/configure-your-yammer-network/overview-native-mode

Insider Risk

• Insider Trading ist nicht      neu: kurz vor dem Wallstreet Crash 1929 hat Albert Wiggin,
  Chef der Chase Bank 40k Aktien seiner Bank geshorted. Damals gabs noch kein Gesetz
  gegen das shorting gegen die eigene Company und der Typ hat 4Mio$ verdient - die ihm allerdings
  anschließend wieder abgenommen wurden. Aufgrund dieses Falles wurde dann ein paar Jahre später
  ein entsprechendes Gesetz erlassen.
• In den Folgejahren gab es      noch viele Beispiele wie dieses. Dabei ging es um Wissen darüber dass eine      Company
  gekauft wird oder dass z.B. ein Medikament, an dem ein Pharmaunternehmen gearbeitet hat nicht genehmigt wurde. Mit diesen Informationen kann man natürlich schnell Geld verdienen.
• Microsoft baut den Compliance      Bereich in Office 365 weiter aus
  • Insider Risk Management
  • Communication Compliance
  • departing employee data  theft & data leaks--> connect with HR
    • Sharepoint Sites hinzufügen
    • Sensitive info type 
    • Indicators

Office Templates

https://regarding365.com/how-to-create-an-organisation-assets-library-in-sharepoint-online-to-store-office-templates-b19e1a435191

Add-SPOOrgAssetsLibrary 

https://docs.microsoft.com/en-us/powershell/module/sharepoint-online/add-spoorgassetslibrary

HIER: Anmeldung für die HIGnight am 27.03.2020

New Edge - https://blogs.windows.com/windowsexperience/2020/01/15/new-year-new-browser-the-new-microsoft-edge-is-out-of-preview-and-now-available-for-download/

Jan ins Israel - https://mobile.twitter.com/vanhybrid/status/1217390532407844865

Fluid Framework - https://support.office.com/en-us/article/get-started-with-fluid-framework-preview-d05278db-b82b-4d1f-8523-cf0c9c2fb2df

MVP - https://mobile.twitter.com/janvonkirchheim/status/1201187426791804928

AAD Connect Cloud Provisioning - https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Bring-identities-from-disconnected-ADs-into-Azure-AD-with-just-a/ba-p/827835

Ignite News Recap - https://www.youtube.com/glueckkanja

MS by the numbers - https://news.microsoft.com/bythenumbers/en/homepage

Not yet reindeer - https://www.youtube.com/watch?v=827Zxpv1iGc&feature=youtu.be&list=PLFPUGjQjckXET1TSWuDoPjYljfedxrA04

AllAbout365 Podcast - MS move to teams - https://twitter.com/stevegoodman/status/1198865331713908736

Multi tage approval for entitlement management - https://www.youtube.com/watch?v=vorae895VTc&feature=youtu.be

MS Forms File Upload - https://www.microsoft.com/microsoft-365/roadmap?filters=&searchterms=59344

Retirement of SharePoint classic and Delve blogs (Mitte 2020 gelöscht) - Messeage center MC197403

Content Filter

MDATP

MCAS

Yammer 4.0

https://techcommunity.microsoft.com/t5/Yammer-Blog/The-Future-of-Yammer-Microsoft-Ignite-2019/ba-p/976710

New layout

New mobile app (inkusive Video upload)

Communities

New live events scheduling

Yammer in MS Teams

Yammer in Outlook (on the web)

Suite-wide coherence

Security & Compliance

Native Mode

• Ignite Rückblick: https://www.linkedin.com/pulse/hairless-cloud-ms-ignite-2019-jan-geisbauer-at-msignite/
• MDATP Training Videos (Onboarding, RBAC, Conditional Access, AIR, APIs, Advanced Hunting usw): https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Short-amp-sweet-educational-videos-for-Microsoft-Defender-ATP/ba-p/1021978
• @thorstenhenking hat eine Blogpost Serie zum Thema PowerBi Visulization der MDATP Daten gestarted: https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/Create-custom-reports-using-Microsoft-Defender-ATP-APIs-and/ba-p/1007684#.Xc0apSvn7Z0.twitter
• Ignite Tour (April 2020 Berlin): https://techcommunity.microsoft.com/t5/Microsoft-SharePoint-Blog/Microsoft-Ignite-The-Tour-2019-2020-guide-to-SharePoint-OneDrive/ba-p/1000731
• Mark Russinovich Inside Azure Datacenter: https://myignite.techcommunity.microsoft.com/sessions/82058?source=speakerdetail
• GeekSprech Ignite MVP WrapUp: https://geeksprech.de/geeksprech-podcast-folge-41-microsoft-ignite-mvp-recap/

Private Channel in Microsoft Teams

• Standard vs Private
• Ignite Session THR1080: https://myignite.techcommunity.microsoft.com/sessions/83912?source=sessions
• Ist in allen Tenants vorhanden
• Eigene Site Collection (TEAMCHANNEL#0) für Files
• Eigene Berechtigung für den Channel
• UI Änderungen (Org, Team, Channel)
• Probleme mit der UI in einigen Tenants
• Alle Änderungen werden zwischen den Sites gesynced (SharePoint, Classification, …)
• Management über den teams Admin (und PowerShell) möglich
• Policy für das Enrollment
• Team Owner kann entscheiden, ob Member Private Channels erzeugen können
• 30 private Channels + 200 Standard Channels in einem Team
• Nur Members können in einen Private Channel eingeladen werden
• 250 Benutzer Limit für ein Private Channel
• Kein Planner als Tab!
• Für die UI gibt es Sicherrungdmethoden damit der letzte Owner nicht entfernt werden kann oder aus dem Team austriff bevor er den Channel übergeben hat
• Site Management nicht über SharePoint Admin UI (absicht)
• Owner and Member Changes in Site Collection werden überschrieben!
• Info Protection für Private Channel Chat landet in der Usermailbox!

The new MTP Portal

• Single view für Office ATP Alerts, MCAS, AzureATP und MDATP