ROUND-UP

Short list today as we finalize preparations for tomorrow's second webinar on Windows 365. We have no fewer than 5 remote desktop delivery mechanisms in a single environment, including 3 Azure Virtual Desktop deployments and 2 (I guess technically 3) different Windows 365 deployments. We're going to cover administration of the different toolsets, along with performance optimizations and security tuning and all sorts of great stuff.

a22d795b011547f2b7a1d4f204901e88

So what did we miss last week?

Patch Tuesday brought yet another promise of finally being done with PrintNightmare. Go patch your things and use Conditional Access policies to block machines that aren't patched. This is probably a good opportunity to review your Windows Update for Business & Intune Update Rings, feature update rings, delivery optimization methods, and app protection policies.

Twitter & LinkedIn have been buzzing with word over Microsoft moving to support passwordless authentication with news that the password can actually be eliminated from the account. That's amazing, but hold on just a second. The announcements deal specifically with outlook.com accounts, NOT Azure AD accounts (this is super confusing if you look at the actual URL in the first link). At the bottom of the blog post is a statement that Microsoft is beginning to develop the same capability for Azure AD, so for now 'passwordless' in corporate environments doesn't change. We can still use hardware tokens and the Authenticator app and all the tools we're already familiar with, but the actual password attribute isn't going anywhere for a while, at least not in Azure AD. The first article helpfully points out in its closing paragraph that Microsoft is going to "soon start the development work necessary to eliminate passwords for Azure AD accounts." That means they haven't dug in on this yet, so we have a while before this will be impactful to corporate customers.

Also? I'm 100% not convinced the attribute has been removed. I've probably talked about it before, but passwordless is functionally achievable in Active Directory with the SCRIL bit. Wrote a little blog about it. Like to read it? Here ya go! The important take-aways are that the using the SCRIL bit won't impact your cloud users (though "force password change at next logon" will), and that the bit sets daily randomized passwords on the account that users cannot actually use. My theory is this is doing exactly the same thing, but you have exactly as much information as I do. Week-2 fallout is revealing that Remote Desktop is not supported with passwordless Microsoft accounts, so tread with caution!

One of the most hotly-awaited features of co-authoring finally became generally-available last week, too. Co-authoring with sensitivity-labeled content was something I was confident would never be solved when I was first asked about it years ago, but if you throw enough time, engineering, and computing power at a problem, nothing stays unsolvable forever. Massive props to Microsoft for making this dream a reality!

 

Comments