Up and down and all around up

I've written a blog post about it, but Windows 365 licensing will soon count unlicensed "grace period" devices in the active license count, meaning that if you have 20 licenses and they're all assigned, and you pull one from a user and assign it to another, the new user's machine will not provision until the grace period expires (7 days) or you manually end it. Currently there is no way to automate termination of the grace period, and while I expect that will change, there may be a short-term impact to licensing strategy for companies with high turn-over.

Teams continues to just blow it out of the water with new features and functionality. I don't know if you've played with "present content from camera" yet, but it's an amazing alternative to the native built-in Whiteboard app (which just got a huge overhaul last month Ignite). Content from Camera allows you to capture videos, physical documents, and real-life whiteboards to Teams meeting attendees. It will even square up and flatten an angled whiteboard and allow the presenter to appear translucent so the whiteboard content remains visible while the presenter moves around. It's seriously super cool stuff, but can get a little processor-hungry, which is why I don't have a screen-recording video of it in action. And it's not just the integrated camera, either: you can absolutely bring a higher-quality camera to the party, which is recommended if your built-in camera is 720p or lower. Interestingly, it's not available in Azure Virtual Desktop or Windows 365's media-optimized versions of Teams. Even after verifying that those two environments have the same version of Teams installed as my local physical PC, their share tray looks like the pre-Ignite experience.

Defender for Endpoint's EDR capabilities are coming to a legacy Windows Server OS near you! Currently in public preview, Microsoft is shipping a new new client package to replace the Microsoft Monitoring Agent we've relied on to get telemetry into Microsoft Defender for Cloud [formerly Azure Defender]. The new package will support all of our favorite native Defender for Endpoint capabilities, including Live Response, TVM, EDR, network protection, tamper control, and more. Notably, though, Microsoft has gone "all-in" on the idea that servers should have Internet access. Once the new package becomes generally available, the documentation implies that traditional landlocked server deployments with a proxy server or OMS Gateway will not be supported. I have to believe this means future deployments won't be supported, and that nothing will be actively de-supported in the short-term, but we're already seeing signal flares from customers who are concerned about future supportability of disconnected systems.

Speaking of EDR, looks like a recent Defender signature update caused a bit of a stir when it started detecting normal Office app behavior as malicious. I saw this happen to my machine, went hunting, found it on several others, and by the time I'd started querying the Internet, the reports were everywhere. On a lighter note, you can at least take assurance from the false positive that the tools are active! If you're updating your signatures regularly, you shouldn't see this issue, but there may be some lingering support requests over the next half-day or so.

 

Comments