by May 19th, 2015
If you have already played with Sway (member of Office 365) then I bet you’re in love with it, and if you have not yet then you’re going to love this. I thought of presenting a recap of the conference in the form of a Sway publicly available here. Sway is an app that lets you express and share ideas in a very new way, using any browser on a PC, Mac, or tablet.
Are you using Sway? If so – what do you think about it?
by May 14th, 2015
Microsoft Azure SQL Database is very similar to on-premises SQL Server, but there are a few key differences. One of these difference is that SQL Azure doesn’t support integrated authentication (i.e. when caller is identified by its domain account). I assume this is a technical limitation which could be explained by the lack of domain infrastructure in Azure cloud. Integrated authentication requires client and server to be in the same domain or in trusted domains, which would be complicated in the cloud scenario.
So, the only way to connect to Azure SQL is to provide a user name and password in connection string. This authentication method is traditionally considered to be less secure than integrated authentication because user name and password are exposed as a part of connection string which in most cases resides in application configuration file, unencrypted. The recommended mitigation for this security issue would be to store Azure SQL connection string in some secure place, like, for example, in Azure Web App settings. In this case, when Azure Web App (formerly – Web Site) is deployed to Azure, Azure settings taking precedence over deployed settings, so if Azure Web App have any stored connection strings then these connection strings will be used.
by May 12th, 2015
Did you know that Azure provides two different types of message queues? They each provide robust message queuing functionality but they have different features and capabilities.
Read the rest of this post »
by May 7th, 2015
Some very exciting new capabilities were announced here (Ignite conference) as part of the Office 365 suite powered by Azure AD and rights management service. I will share two of these here
• Cloud App Discovery
• Document Tracking
Cloud App Discovery
With 365 you’re already setup for SSO but if you require some advanced functionality like adding your third party or on-premises apps to this single sign on experience then this section of the Office 365 portal will be very valuable
Once you have synchronized users with Office 365
• In the Office 365 Admin portal go to azure AD. Go to Cloud App Discovery if you wish to add your apps to single sing on experience (Upgrade to Azure AD premium if u want self service)
• With cloud app discovery you can see how many users using which SAAS apps.
• You can view which users were denied access
• You can assign multi factor authentication (even if the app like twitter comes with single factor OOB)
Password rollover- Every week or two users passwords for SAAS apps is randomly changed. So admins also won’t be privy of user password. Initial password is changed instantaneously
Users can see log reports and incident report.
Document Tracking with Azure RMS
• Recipients can download a mobile RMS sharing app to view shared protected RMS document
• Allows doc owners to track activity on docs they sent
○ Who was denied or accessed
○ Various views – timeline view, category view, chart view, map view with geographically location where files were accessed
• Sender gets Notification email with link to tracking site and it will list all docs he shared externally or internally
• Sender can revoke access from document tracking site. Recipients get notification
There were many other features announced at the Ignite but I think these two at the very least deserve a round of applause !!
by May 7th, 2015
Family of NextGen portals
Notion of these portals is built on the following pillars
- Ready to go
NEXTGEN PORTAL MODEL
NEXTGEN PORTAL ARCHITECTURE
Office 365 Video
Powered by azure media services
Share ideas broadly (rich discoverable social video across devices with yammer embedded)
Secure & easy to manage (scalable, encrypted, cross-geo video streaming service)
Also powered by Office graph which means it learns from your behavior over time.
Using SP: storing nextgen portal data Read the rest of this post »
by May 6th, 2015
Service Fabric is a state-of-the-art distributed system that allows developers to easily build and manage Internet scale services. Translation = this is the underlying system that powers Azure services such as: Azure SQL, Bing Cortana, Intune, Skype for Business, Event Hubs, PowerBI, and many other core infrastructure in Azure.
And Microsoft just released it to the public. WHOA!
Yesterday I went to a session presented by Gopal Kakivaya, Corporate Vice President, at Microsoft. He has been leading the implementation of the Azure Service Fabric for the last 5 years. Over that time, his team has worked to fine tune and perfect the concepts necessary to implement this service. Read the rest of this post »
by May 5th, 2015
New Design Patterns
- Application Layer Encryption
- Encrypt storage data in your apps – auto encrypt and decrypt prior to receiving and after receiving storage. Key vault service is integrated for users to send their keys.
- Seamless integration – blobs (full blob upload)
- Direct Data Access (enables clients to access storage directly) using delegated AuthZ
- Shared access signature – Isolate containers, blobs, storage to set read/write permissions and set a time period for access, IP (address or range), Protocol (http or https)
- Large Scale Append
- New blob type called AppendBlob – Optimized for large scale logging scenarios
- High Availability Apps
Read only access to secondary delivers 99.99% on reads (code needs to support a read only mode)
Premium Storage is available now
- Tech support now available for Azure Files
- Storage support for new resource manager
- Client Side encryption library
- iOS Client Library
by May 5th, 2015
The following are my notes from the Next-Gen Information Protection announcements at Microsoft Ignite 2015.
Microsoft thinks about security in three ways:
- Being pervasive
Pervasive – policy applied to data level (when its created inside the ecosystem)
so it goes with data across devices.
Unified compliance – running data through compliance center across email, SP, messaging, etc.
Pervasive -Admin goes to compliance center
Sets up files and links with security
User opens links received via email. Malicious links redirect user to a threat warning page blocking access. Read the rest of this post »
by May 5th, 2015
The single biggest benefit of this new Migration PowerShell API is speed. Close to 5 times faster than CSOM calls. The new API was released today and is available for public consumption.
- Source – file share, SharePoint on-prem, potentially any other data source
- Package – create package for the API to be able to accept it
- Azure temporary holding storage – use power of Azure to bring content faster in MSFT network
- SharePoint /OD4b final destination – timer job based import in a scalable way that will not hurt the service using back-end resources
Who is it for?
IT admin and developers Read the rest of this post »
by May 4th, 2015
This guest post comes courtesy of our partner, Centrify.
Whether you are an SMB with hundreds of users or a large enterprise with tens of thousands of users, when it comes to making Office 365 deployments to be effective, it must be scalable to on-board existing & add new O365 users quickly and thereafter enable easy access to all users anytime, anywhere, and on any device.
This leads into several challenges:
- User provisioning – do I as the IT admin have to manually add hundreds or thousands of my employee accounts, assign their licenses, and manage their roles and access controls within these cloud apps?
- Easy 1-click access – will I as the end user have to supply my login credentials every time I try to access Office 365 wherever I am?
- Secure mobile access – If I do find a Single Sign-on (SSO) solution, how can it protect all the devices on which I would access Office 365 from, in the wake of those devices’ theft or compromise?
Thanks to Identity-as-a-Service (IDaaS) solutions, IT and end users can experience:
- Seamless integration with Active Directory and Office 365
- Automatic user provisioning from Active Directory based upon roles & groups
- Policy and role based access by location, time and device
- Password-free secure login to any SaaS app from anywhere
- Secure management and support for any mobile device
- All through a single, centralized IT management console
Meet the Centrify IDaaS solution — built on Microsoft Azure.
Read the rest of this post »