Author: albandrod

I consider myself as a person who loves music and sport and geek. I've been linked to the IT world since 2006 when I get my first job as helpdesk, since then, I've been working in many other IT jobs and in other departments, but today I'm working as Cloud Solutions Architect, focused on Azure and Microsoft Security products. I love IT and the new challenges that my work faces me every day

Admin App for Microsoft Teams

by albandrod, posted in Teams

Microsoft has announced the release of a new Admin App for Microsoft Teams. This app simplifies top management options and showcases them in one place.

  • Optimize ‎Microsoft Teams‎ meetings, messages, webinars, and more for everyone in your organization
  • Add and remove users and reset their passwords
  • Add and remove teams and manage team members
  • Assign and remove licenses for users

Discover advanced settings, training, and support resources

To get started with the new Admin app experience, you will first need to head to the Microsoft Teams app store. Then, search for “Admin” and download the app in Microsoft Teams.

Once you have installed the app, you can manage some tenant settings and Teams configurations:

Admin app It is a great step to put teams as a central hub for everything, making easier for IT Pros to access settings and perform key management tasks across Microsoft 365 and Teams, but keep in mind that the Admin app is available for all users in the App Store, but you must have administrative rights to use it.

Advertisement

Multilingual invitations for Teams Meetings

by albandrod, posted in O365

This new feature for Teams, allows administrator to customise meeting invitations, to display the information of meeting in up to two languages ton all email platforms

In order to enable this, we can apply a new policy in their admin portal by enabling the MeetingInviteLanguages parameter in the CsTeamsMeetingPolicy at the user or group level, or for the entire organization

To enable this, we must use PowerShell, so let’s go:

#connect to Teams PowerShell

Import-Module MicrosoftTeams

Set-ExecutionPolicy -ExecutionPolicy Unrestricted

Connect-MicrosoftTeams

#check the current configuration

Get-CsTeamsMeetingPolicy -identity global | fl *lang*

#apply the new config

Set-CsTeamsMeetingPolicy -Identity Global -MeetingInviteLanguages "en-US,es-ES"

It may take several hours before the policy becomes active, but in the end, we will be able to find this in a new teams meeting:

Hope that helps, till nex time!

You should remove that basic authentication from Exchange…

by albandrod, posted in AAD, security

Now more than ever, you should disable your legacy authentication in Exchange Online, last year Microsoft announced that they will remove that basic Authentication next October (https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-may-2022/ba-p/3301866)

Did you know that:

  • More than 99 percent of password spray attacks use legacy authentication protocols
  • More than 97 percent of credential stuffing attacks use legacy authentication
  • Azure AD accounts in organizations that have disabled legacy authentication experience 67 percent fewer compromises than those where legacy authentication is enabled
thumbnail image 1 of blog post titled New tools to block legacy authentication in your organization

Disabling legacy authentication for users is a must-do on your identity security checklist

Why? becasue is a security gap and Microsoft took a lot of effor to promote Modern Authentication. So, you can disable now this basic Authentication in very simple steps:

If you don’t want to use this option, you can block the access to those protocols by using Conditional Access, understanding in a very simple way the impact of the policy.

What are you waiting for?

Do you know how to debug Teams Diagnostics?

by albandrod, posted in Teams, troubleshooting

Having information about how Teams app is running is important, so this quick post will overview how a snapshot collection of important diagnostic logs for troubleshooting can be done

Important tips!

  • Read logs with text editor​
  • Latest entry on top of the list​
  • Use keywords!

Once you have enabled the diagnostic logs, those will be created in the downloads folder:

Hope that helps to troubleshoot your Teams deployment!

Meet Microsoft Entra

by albandrod, posted in AAD

Microsoft Entra will verify all types of identities and secure, manage, and govern their access to any resource. The new Microsoft Entra product family will:

Protect access to any app or resource for any user across hybrid, multicloud, and beyond;

  • Secure and verify every identity including for employees, customers, partners, apps, devices, and workloads;
  • Provide only necessary access by discovering and right-sizing permissions, and managing access lifecycles for any identity; and
  • Simplify the human experience with simple sign-in, intelligent security, and unified administration.

But, what it is really Microsoft Entra? A unified portal for securing and managing every identity – The admin center for Microsoft Entra facilitates identity and access management, multicloud permissions management, and administration of verifiable credentials, all in one place.

When Entra will take place? In May 31st

And what happens to my AzureAD? Azure AD continues to be the foundational infrastructure for all new products in Microsoft Entra family. Innovation and investment in Azure AD continues, including the popular Application Gallery, Conditional Access, multifactor authentication, passwordless, and more.

Will I still be able to access my Azure AD Admin portal? short answer yes, long answer see below:

  1. The Azure AD admin center (aad.portal.azure.com) will continue to function for the next 12-18 months, and then redirect to entra.microsoft.com in 2023 after extensive customer notice.
  2. The Azure portal at portal.azure.com will also continue to offer Azure AD for Azure customers.
  3. The M365 portal Azure AD admin page will be redirected to entra.microsoft.com later this summer.

So, can I Buy Microsoft Entra? Microsoft Entra is a product family. Products within Microsoft Entra are available for sale but there is no Entra bundle to purchase

This new product family has an impact on licenses or billing? No, but if you’re interested in sing Microsoft Entra Permissions Management will need to obtain a license for the solution. Microsoft Entra Verified ID is a free service but some scenarios, integrated with Azure AD capabilities, may require an Azure AD P1 or P2 license as a pre-requisite.

More info at: Secure access for a connected world—meet Microsoft Entra – Microsoft Security Blog

PassWordless Authentication with Fido 2 Keys – Part 3 – IDMelon

by albandrod, posted in O365

As you probably have seen in my previous posts, security keys are here to stay. They can be used as a separate authentication method beyond secondary authentication. There are multiple manufacturers that help us in our passwordless journey, for that reason, to the realization of this post, I used a IDMelon security key that also supports FIDO2

The main difference here with other security key, is that IDMelon uses is own security authenticator app which I will review during this post.

How it works

First of all, you need to download the app to your smartphone, which can be done in a very simply steps and then plug the security key and install the software.

Once you have done this, you can pair your smartphone and the key:

And you’re ready to go:

So, once you have done, you’re ready to go to https://aka.ms/setupmfa and configure the security key for your user account. I am not going to cover the process because it has been done in previous post, and the process is straightforward (PassWordless Authentication with Fido 2 Keys – Albandrod’s Memory (albandrodsmemory.com) PassWordless Authentication with Fido 2 Keys – Part 2 – Albandrod’s Memory (albandrodsmemory.com)

At first glance, what it takes my attention to, it was the push notification, I was expecting the typical push notification from authenticator, but in the IDMelon security key, it was provided by the application that you have installed in the smartphone earlier.

If you look deeper into this application, you can check the current plan that you have with the security key, and most important, the activity log of the security key, which I think is great!

Now, if we look into the AAD Sign in we are able to review the sign in information regarding the security Key:

To conclude, I found that IDMelon keys are a great product, because not only provides a password less journey to the users, also provides a simply way to manage the activity of the security token and also the signin process.

Thanks to IDMelon for providing this token to test out their solution

till nex time!