Two Microsoft zero-day exploits in Windows disclosed – and one is being actively exploited
Follina and DogWalk: both vulnerabilities arising from the bundled Windows diagnostics toolset. Microsoft hasn’t released any patches for these yet, but Defender will block Follina and there are various other mitigations. Paul will be posting more details in an upcoming blog post.
Microsoft to Charge You for Your Data
As Tony wrote about yesterday on Practical 365, Microsoft will begin charging for the Microsoft Teams Export Graph APIs from July.
These APIs are most useful if you are using a third-party compliance product to either journal or act upon messages as they happen in Microsoft Teams, if you use a third-party backup product, or if you need to perform tenant-to-tenant migrations.
Whilst it will be software vendors who might be most frustrated by this, it doesn’t change the need a customer might have for their products – but it does make it much harder for you to plan and cost long-running migrations, or using backup or third-party compliance products over several years.
On the podcast we discuss what the APIs actually are; what the cost implications might be; if it’s possible to mitigate or predict the impact; and whether it’s a good thing for Microsoft or not.
Entra makes an Entrance
Microsoft launches a new product family to bring together all of Microsoft’s identity and access capabilities.
If you thought Azure AD was the product family that did that, then you are sorely mistaken. Entra includes the non-rebranded Azure AD plus “new product categories” – Cloud Infrastructure Entitlement Management (CIEM) and decentralized identity.
Microsoft’s launch announcement is focused on how the world has changed, Zero Trust, avoiding disjoined solutions, a need to be granulated and in real-time, and to work everywhere across different on-premises and cloud systems.
The vision from Microsoft is that the Entra suite – not simply Azure AD – will be the platform capable of securing, managing, and governing access to any resource.
We discuss on the podcast where Microsoft is today on that journey – especially with the CIEM aspect, Entra Permissions Management (from the acquisition of CloudKnox Security).
Microsoft Announced Exchange Server has a Future
Exchange vNext is coming, which is probably no surprise to anyone, but unlike SharePoint, doesn’t appear to be a subscription edition. You’ll need Software Assurance though to access it and Server and CAL licenses, much like Exchange Server 2019.
Windows Autopatch hit Public Preview
If you are confused as to what Windows Autopatch is – described as a “service that automates the process of managing and rollout out updates for Windows and Microsoft 365 apps” then listen to us work through our confusion about
Windows Server Update Services Config Manager Intune Windows Autopatch.
Microsoft Left Unanswered Questions about the Last Exchange Server, and responds with a FAQ for you
In case you missed it, you can remove your last Exchange Server. Whilst we’ve fielded a lot of questions about this and created a GUI tool to help you manage recipients using the supported cmdlets, it’s important that certain questions are answered by Microsoft.
It’s a useful FAQ but you might need an FAQ about the FAQ. We discuss these aspects on the show – particularly around Edge Transport, and installation of the management tools when you’ve already uninstalled Exchange Server.
This week’s Message Center is mostly delayed due to things that have previously been announced. For example, we were expecting the new co-organizer meeting role in late May but, in early June, MS belatedly admitted that it wouldn’t land until late June.
In more positive news, though, we are getting the ability to join meetings with a meeting ID and passcode, just like WebEx, Zoom, et al have inflicted on us for decades; coming in July.
And, fun new addition: call control through Bluetooth devices. If you can use your headset with your cellphone to answer calls or mute your mic, then it should work.