Last week was Microsoft Ignite 2020, 48 hours of Microsoft technology. Usually Microsoft makes a lot of announcements during this time and most of them are listed in the so-called Book of News.
Here are some highlights, I think are interesting.
Although I’m probably not going to use it, it’s worth mentioning; Azure Orbital. A managed service in Azure which provides communication and control of your satellite. You could call it a Ground Station As-a-Service, connected to the cloud. Not many organization will need this, but it’s awesome that for even these niches, Microsoft creates a good experience in Azure. This is now in preview.
Azure Arc for Servers
After being in public preview for about a year, Azure Arc enabled Servers is now GA. This means you can now use policies on your VMs outside of Azure, for a simpler governance model.
A new service! Now in preview. Azure Automanage basically gives you a profile for your VMs in Azure where you can set settings for Backup, Security Center, Monitoring and much more. Applying the profile to a VM makes sure the VM gets onboarded to the Azure services specified. This makes it (way!) easier to manage your VMs. If someone deletes the VM from a service like backup, Azure Automanage makes sure the VM is added automagically. And of course you can apply the Automanage profiles to VMs with Azure Policy.
Microsoft Graph PowerShell SDK
The Microsoft Graph PowerShell SDK is now GA! This means that you get everything in the Microsoft Graph in a single set of modules, in the same way the Az module does for ARM. The module is generated with autorest in a set of submodules under Microsoft.Graph. This means no seperate module needed for Intune, no custom rest calls from your PowerShell code to the Graph, etc. You can authenticate with device code flow, or create an App registration with certificate. I believe you can also pass in an accesstoken yourself if you already have a way to get that.
What makes this module so powerful is that it is updated regularly with always all the Microsoft Graph endpoints. The Microsoft Graph will continue to grow, and so this module will too. Development is public on GitHub.
Microsoft 365 Lighthouse for Managed Service Providers
Since Microsoft Inspire 2019 we’ve seen Azure Lighthouse. A way to see another tenants resources from within your own tenant. This means cross tenant management experiences. The first capabilities were around governance (Azure Policy) and Monitoring, to be able to govern and monitor your entire estate, or as an MSP be able to have a single pane of glass over all your customers. Microsoft is now building a similar experience for MSPs in Microsoft 365. This is first focused around small and medium businesses (SMBs), and is based on having access to the customer using Delegated Access Permissions (DAP). The goal is a single pane of glass for all your customers when it comes to, for example, device compliancy. Here’s the session.
Azure Communication Services
A brand new service, for all of your communication needs! You need calling capabilities? SMS? It’s there. Azure Communication Services gives you chat, SMS, voice calling, video calling telephony and other communication capabilities as an Azure service. It’s the same technology under the hood as Microsoft Teams uses. So now you can basically build your own Teams, with the same backend. Currently in Public Preview.
Windows Admin Center in Azure
If you spend time on Windows VMs, you’ll probably be familiar with Windows Admin Center. If not, find out! But wait, now we can actually use Windows Admin Center inside of azure. If you select a Windows VM in Azure, there’s an extra item in the list to see the VM’s Windows Admin Center. Inside are all the option the Admin Center inside the VM has. You can even connect to the VM inside the browser, without downloading an RDP file first.
Azure AD Application Proxy
Azure AD Application Proxy has been around for some time, but now it has some new capabilities.
- Support for header-based authentication in Azure Active Directory (AD) Application Proxy. Header based applications can now directly authenticate to AzureAD, instead of on-premises AD.
- Expansion of secure hybrid access integrations. This means there is support for integrated windows authentication (IWA), LDAP, SSH and non-http authentication.
Azure Backup Center
A new service currently in preview, which basically give you a view and management over multiple Azure Backup Vaults. Curious to see how this will develop.
The Conditional Access insights
In Public Preview: The Conditional Access insights. This workbook enables you to understand the impact of Conditional Access policies in your organization over time.
There are also new capabilities for managing Conditional Access policies as Code with the Microsoft Graph.
Azure Static Web Apps
Blazor webAssembly is now supported in Azure Static Web Apps! I created a uservoice for this some time ago, glad they listened :)
Azure Static Web Apps are still in preview though.
Cross-tenant Mailbox Migration
Tenant-to-tenant migration of mailboxes is now in Public Preview. This makes it so much easier to move your mailboxes across tenants. Now that companies are moving to Microsoft 365 more and more, the need is high for such a solution. Especially for cases like mergers or divestitures.
Other Exchange Stuff
The long-awaited plus-addressing is now available worldwide.
The next version of Exchange (on-premises) will be called Exchange Server vNext and is subscription based. It’s scheduled for second half of 2021.
Exchange Online Management PowerShell module is now GA (v2.0.3). I’d rather see the management capabilities of Exchange Online go to the Microsoft Graph, but this will do for the time being.
Entitled organizations can appoint Priority Users. Admin can use Priority Users to monitor their mailboxes for mail flow issues. The idea is to add the C-level management etc. to Priority users to make sure, as an admin, you see if mails fail to reach, or are delayed. Requirements:
- Office 365 E3 or Microsoft 365 E3, or Office 365 E5 or Microsoft 365 E5.
- At least 10,000 licenses and at least 50 monthly active Exchange Online users.
The new Exchange Hybrid Configuration Wizard will support connecting your Exchange on-premises environment to multiple tenants.
For more Exchange updates, see this blog.
Project Cortex was announced last year at Ignite. Microsoft’s way of saying they are going to expand Microsoft 365 with AI capabilities. This Ignite they introduced the very first product coming out of Project Cortex, called SharePoint Syntex. As the name implies, SharePoint now has AI integrated. You can train the AI to apply metadata to documents, based on the content of the documents. If you take it a step further you can then apply sensitivity labels to those metadata, making this a DLP solution on steroids. You can do this in the new Content Center within SharePoint. Syntex will be sold as an add-on for Microsoft 365 E3 and E5 plans, priced per user and will be available 1st of October 2020.
Microsoft Endpoint Manager stuff
Microsoft tunnel is a new service to deploy a VPN to iOS and Android to connect to on-premises resources. Full tunnel and per app tunnel are both an option as well as split-tunneling. It supports Conditional Access by design. Currently in Public Preview.
Microsoft Endpoint Manager (MEM) will support virtual endpoints. This means you can manage Windows Virtual Desktop endpoints with MEM! Public Preview by the end of this year.
Breakout rooms can be a huge benefit in for example education. As the organizer you can split the group up in smaller meetings, but the original meeting still is there. You can call them back to the original meeting again. This works perfectly when you want students to work in groups for some time in class. You can split the group randomly or assign meeting members to groups.
There are lots of Microsoft Teams Rooms features, like Teams Panels, to hang in front of your meeting room.
You can now build PowerApps natively within Teams. Internally it was called project Oakdale, and it seems they might keep this name, looking at the documentation.
Users will be able to upvote replies to a question in Yammer. This is a common feature in for example stackoverflow.com and will come to Yammer.
Community admin will be able to invite external users. This works with B2B accounts or so-called guest accounts.
Unsure why but Microsoft needs to rebrand stuff lots of time. This time all things Advanced Threat Protection (ATP) is now Defender.
An interesting concept. To have an identity on the internet that is not linked to an organization. That’s what this is. Being able to have a digital identity and be able to use this identity as sort of a passport to authenticate to services. Microsoft is developing this with other organizations. Interested to see where this goes. It even uses blockchain, so that sounds promising.