• Latest
  • Trending
  • All
  • News
  • Business
  • Politics
  • Science
  • World
  • Lifestyle
  • Tech
Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues

Windows virtual desktops: How you can manage, monitor and virtualise devices remotely

November 20, 2020
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

February 23, 2021
How to use Microsoft Sysmon, Azure Sentinel to log security events

OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

February 22, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

February 22, 2021
8×8 makes raft of updates to platform

Indonesian Mobile Operator Selects NTT for Microsoft Security Project

February 22, 2021
Microsoft To Build New Azure Cloud Data Centers In Greece

NTT completes Microsoft security project for Indonesian mobile operator

February 19, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Data insights without limit, security without compromise

February 18, 2021
8×8 makes raft of updates to platform

What Is Object Storage?

February 17, 2021
Microsoft To Open Azure Cloud Data Center Region In Spain

EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

February 17, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

Azure Firewall Premium now in preview

February 17, 2021
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Wednesday, February 24, 2021
  • Login
Azure Security News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
    • Home – Layout 4
    • Home – Layout 5
  • News
    • All
    • Business
    • Politics
    • Science
    • World
    Innovative solutions for IT workers at home

    ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

    A moment of reckoning: the need for a strong and global cybersecurity response

    ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

    Innovative solutions for IT workers at home

    SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Affirms Solorigate Attackers Saw Azure, Intune and Exchange Source Code

    8×8 makes raft of updates to platform

    Indonesian Mobile Operator Selects NTT for Microsoft Security Project

    Microsoft To Build New Azure Cloud Data Centers In Greece

    NTT completes Microsoft security project for Indonesian mobile operator

    A moment of reckoning: the need for a strong and global cybersecurity response

    Data insights without limit, security without compromise

    8×8 makes raft of updates to platform

    What Is Object Storage?

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Firewall Premium now in preview

    Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

    Global Industrial Cybersecurity Market By Offering Type, By Security Type, By End User, By Region, Industry Analysis and Forecast, 2020 – 2026

    Trending Tags

    • Donald Trump
    • Future of News
    • Climate Change
    • Market Stories
    • Election Results
    • Flat Earth
  • Tech
    • All
    • Apps
    • Gear
    • Mobile
    • Startup
    How to use Microsoft Sysmon, Azure Sentinel to log security events

    OPS101 – Securing your Hybrid environment – Part 1 – Azure Security Center

    A moment of reckoning: the need for a strong and global cybersecurity response

    Microsoft Ending Azure Information Protection Connections to Microsoft Defender for Endpoint

    Microsoft To Open Azure Cloud Data Center Region In Spain

    EMC Corporation Townsend security Hewlett-Packard Enterprise Gemalto N.V. Microsoft Azure Google Thales e-security International Business Machines (IBM) Broadcom

    A moment of reckoning: the need for a strong and global cybersecurity response

    Azure Engineer at VillageMD

    Innovative solutions for IT workers at home

    How to Sync On-Premise Active Directory Passwords with Office 365 and Google Apps in Real-Time

    Microsoft Azure Forms Collaboration to Enhance AI in Healthcare

    Azure Defender is now available for all IoT and OT devices

    Telecom Provider Migrates Confidently to Microsoft Azure with Fortinet’s Dynamic Cloud Security Solutions

    Google and Microsoft ID Group Targeting Security Researchers

    Innovative solutions for IT workers at home

    Microsoft Releases Application Guard for Office, Plus Azure Security Center and Azure Defender for IoT Products

    Microsoft spins off security, compliance bits from Microsoft 365’s priciest plan for E3 customers

    Show your HR backups the back door

    How to use Microsoft Sysmon, Azure Sentinel to log security events

    The Hack Roundup: Biden Orders Intel Assessment of Suspected Russian Malfeasance

    Trending Tags

    • Flat Earth
    • Sillicon Valley
    • Mr. Robot
    • MotoGP 2017
    • Golden Globes
    • Future of News
  • Entertainment
    • All
    • Gaming
    • Movie
    • Music
    • Sports
    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Microsoft Flight Simulator Continues to Look Stunning in New Snow Video

    Meet the woman who’s making consumer boycotts great again

    New campaign wants you to raise funds for abuse victims by ditching the razor

    Twitter tweaks video again, adding view counts for some users

    A beginner’s guide to the legendary Tim Tam biscuit, now available in America

    People are handing out badges at Tube stations to tackle loneliness

    Trump’s H-1B Visa Bill spooks India’s IT companies

    Magical fish basically has the power to conjure its own Patronus

    This Filipino guy channels his inner Miss Universe by strutting in six-inch heels and speedos

    Oil spill off India’s southern coast leaves fisherman stranded, marine life impacted

  • Lifestyle
    • All
    • Fashion
    • Food
    • Health
    • Travel
    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Offers More ‘Solorigate’ Advice Using Microsoft 365 Defender Tools

    A moment of reckoning: the need for a strong and global cybersecurity response

    Solar Winds, Office 365 & Shipbuilding…

    Aruba ClearPass Policy Manager Integrates with Microsoft

    Imprivata Expands Collaboration with Microsoft on New Digital Identity Innovations

    Microsoft Seriously Beefs Up Security in Windows Server 2019

    Microsoft Canada’s 10 biggest stories of 2020

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    FAA issues new proposed Boeing 737 MAX pilot training procedures

    AMD breaks revenue records for 2019 and 4Q

    AMD breaks revenue records for 2019 and 4Q

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft and Analog Devices pair on 3D imaging tech

    Microsoft is killing off insecure Cloud App Security cipher suites

    Microsoft is killing off insecure Cloud App Security cipher suites

    Rap group call out publication for using their image in place of ‘gang’

    Meet the woman who’s making consumer boycotts great again

    Trending Tags

    • Golden Globes
    • Mr. Robot
    • MotoGP 2017
    • Climate Change
    • Flat Earth
No Result
View All Result
Azure Security News
No Result
View All Result
Home Uncategorized

Windows virtual desktops: How you can manage, monitor and virtualise devices remotely

by AZURE SECURITY NEWS EDITOR
November 20, 2020
in Uncategorized
0
Azure Advanced Threat Protection Now Provides Alerts on NTLM Relay Issues
497
SHARES
1.4k
VIEWS
Share on FacebookShare on Twitter

With laptops and VPN bandwidth in short supply, Windows Virtual Desktop and Microsoft Endpoint Manager come into their own as ways to keep staff not just working, but also productive and secure.

The point-and-click deployment tools in the Spring Update of the Windows Virtual Desktop (WVD), the technical preview for Config Manager 2004 that makes it easier to manage on-premise devices from the cloud in the new Microsoft Endpoint Manager admin centre in Azure, and the way Endpoint Manager and Azure AD now use the same control plane to manage both devices and access: these remote-friendly features, have been in development for a while – but they’re certainly timely.

Microsoft set up 32,000 desktops in WVD for its own developers in two days and many WVD customers are doing even larger deployments. One WVD partner alone (Nerdio, which has its own WVD management service) has deployed virtual desktops for over 300,000 enterprises since March, ranging from 150,000 to a million desktops.

With so many people working from home, VDI and Desktop as a Service (DaaS) has suddenly become relevant to organizations that are used to physical devices and that don’t necessarily have experience in managing and securing virtual desktops, so managing it needs to be easier. When WVD first launched, setting it up required understanding Azure resources and manually connecting it to your Azure AD tenant; you could only monitor and manage your WVD tenant through PowerShell or by hosting your own Azure WebApps, and scaling out for more users meant running the same deployment again.

“Customers who did have that expertise were able to spin up 10,000 VMs really quickly and get a lot of benefit from that,” Melissa Grant, director of product marketing for Microsoft 365, told TechRepublic. “But we can make it a simpler scenario for folks who may be endpoint managers but who don’t have experience with Azure, who didn’t need to do that before but who need to do that now, because virtual machines are going to be the best solution for their employees who didn’t have a corporate-procured laptop or weren’t able to take it with them when they went home. They’re having to enable people to work on personal machines and they’re trying to acquire and remotely provision and deploy new machines.”

The friendly new Windows Virtual Desktop interface in the Azure portal.
Image: Microsoft

Now that WVD is an Azure Resource Manager (ARM) service, you can deploy, manage and scale it from the Azure portal using a simple new interface.

As an ARM service, WVD is also easier to connect to other Azure services that you may already be using. Using ARM you can publish RemoteApps and desktops not just to individual users, but also to Azure AD Groups, and you can use Azure RBAC to control permissions for every WVD ARM object, giving you a lot more granularity for delegating control than you get with the four admin roles in WVD itself.

You can also monitor WVD through Log Analytics rather than having to trawl through logs with PowerShell, so you can run Kusto queries or Power BI reports on the data. (If you’re still using PowerShell to manage WVD, the RDS module has been replaced with AzWvd; run Install-Module Az.DesktopVirtualization to add the new commands.)

ou can monitor WVD desktops with Microsoft Defender ATP like any other device, and combine that information with the Windows event logs and the WVD diagnostic logs in Azure Sentinel so you can do full threat hunting across virtual desktops, VMs and other resources. The process for setting that up is much simpler if you’re managing WVD with the new Azure Resource Manager objects than with the existing tools.

Although you can start using it now, the Spring Update is still in preview and you can’t manage existing WVD desktops with the new tools; Microsoft will have a conversion tool to migrate them to ARM before general availability later in 2020.

Also coming later in the year is the option to choose where the metadata and configuration information for your WVD tenants is stored: that’s now separate from the operational WVD data. So far that’s just in the US, only with the choice of more US regions, but you will soon be able to choose locations in Europe and later globally.

Create specific RDP settings for WVD in the Azure portal.
Image: Microsoft

Connecting cloud and Config Manager

Connecting many more staff by VPN isn’t always easy to scale quickly and some organisations have told staff to limit work during core hours or consider slowing down security patching or reducing their disaster recovery options to protect VPN capacity. Setting up split tunnelling for Office 365 and Config Manager traffic and doing more device management from the cloud reduces VPN usage without increasing security risks. Microsoft estimates that getting the Patch Tuesday updates to Windows from Config Manager using the Azure Cloud Management Gateway would cost eight cents per PC and not put any load on your VPN.

The next step is the new tenant attach in Endpoint Manage; that’s a halfway house between using Config Manager on-premises and full co-management with Intune that Grant says will act as “a lower barrier to entry”.

“This allows you to take those traditionally managed devices, and get the benefits of a cloud service,” Grant said. “IT pros have a consolidated view of all the devices in their estate, whether those devices were managed by Config Manager, or whether they’re managed by Intune. They can see one viewpoint of all the devices, and take actions that apply to all of those devices directly from the Microsoft Endpoint Manager admin centre. You don’t have to go to separate portals, and you don’t have to take separate actions to use cloud services and cloud management across all of those devices.”

Microsoft has worked with some organisations provisioning 100,000 new laptops through Endpoint Manager and Autopilot so they could send them straight to employees’ homes. “Now they can manage all of those in a single unified console and take action against those to ensure they’re all secure, ensure that there’s no data leakage, and ensure that identities are guaranteed as well,” said Grant.

SEE: Cross-training toolkit (TechRepublic Premium)

The ability to use MFA and single sign-on for as many cloud apps as you want (whether that’s a MongoDB database, a Cisco Meraki IT dashboard or Salesforce) will be useful for organisations who have to move away from on-premise apps quickly.

That’s available to any customer with an Azure AD Premium licence. “Any Microsoft customer with a subscription for a commercial online service can use single sign-on and then be able to protect access with multi-factor authentication at no extra cost, because identity is that first jumping off point to making sure that you can have a secure and reliable remote-work scenario,” Grant said. “We guarantee the identity, we can then apply management, whether that is co-management in Endpoint Manager or cloud only [Intune] and ensure we have the right set of applications getting out to those users, whether those are corporate and line-of-business applications, or education applications.”

But having Azure AD and Endpoint Manager use the same control plane for identity and access is a much bigger step forward than just enabling SSO. Whether they’re using a virtual desktop or a cloud app, collaborating on documents or joining a Teams meeting, all those devices can do things like attesting to their level of security before getting access: you can make sure that the device is managed, that it’s patched and has up-to-date anti-malware and encryption turned on, or even that there’s a timeout to lock the device and have the user enter a PIN if they walk away and come back. That’s a big step towards implementing ‘zero trust’ security that offers much more protection than applying group policies to lock down device features, and has much less impact on how quickly PCs boot up.

Check if your employees have good connectivity to cloud services.
Image: Microsoft

More apps on more devices with less bandwidth 

Intune is also getting a long-awaited expansion of the management controls for macOS devices, and more control over Outlook Mobile through Intune, because lockdown means dealing with a wider range of devices.

The macOS management doesn’t replace Microsoft’s partnership with JAMF, which will continue, Grant confirmed. “This adds some additional controls customers have been asking for to do scripting and task automation that make configuring Macs easier within the Endpoint Manager console.”

The Intune app protection policies for Outlook Mobile – limiting which storage work and school accounts can access on iOS and Android – are to protect both company data and employee privacy as work and home overlap so very much, Grant explained.

“When people are going between personal and work on a mobile device, or in a BYOD scenario — whether they intended it to be BYOD or that’s just what they’re left with — we’re providing security so they don’t accidentally attach a personal file to a work email in Outlook Mobile. Maintaining privacy is still really important and people are multitasking; they’re working in new ways they’re less familiar with. We want to make sure that we’re not allowing malicious content into the corporate environment, but we’re also protecting people’s privacy by helping them to keep their personal and their work estates separate.”

Unified app delivery is partly about removing confusion by combining two app galleries, Config Manager Software Centre and Azure AD My Apps, in the new Company Portal from Intune. Normally, having those separate might make sense, Grant suggests. “Maybe part of the organisation is a highly mobile workforce that’s really used to using Company Portal and the folks back at headquarters were using Software Centre. But now those headquarters folks are also out in the field, so to speak, so we just wanted to make it easier for an IT admin to deploy apps securely regardless of what portal they’re going through.”

But it also works with the new Network Connectivity and Endpoint Analytics in Endpoint Manager’s Productivity Score to let IT admins help speed up employees.

“We’re able to provide visibility into which worksite locations have network challenges, and take a look at whether or not there is some sort of issue with the network that could be preventing people from getting their work done,” said Grant. Previously that was useful to apply policies to office locations with poor connectivity or latency issues; now it lets IT staff make suggestions. “If you’re seeing connectivity issues in an area, you might want to recommend that folks utilise web apps, you might reduce packet size, you might go about your patching in a different ways to put less pressure on the broadband. If they’re noticing that their home broadband is slow they might suggest to that employee, ‘why don’t you use Company Portal on your mobile phone to get access to that application?'”

Endpoint Analytics will show not just the health of devices, but also what is slowing them down, before a frustrated employee raises a help-desk ticket. “They can see where things like Group Policy, or the lack of an update or maybe a really klugey application is slowing down performance,” Grant said.

Strip away the unnecessary agents and the draconian policies, and Microsoft suggests any SSD-based laptop should be able to match the 23 seconds from cold boot to being able to open a web browser that Microsoft 365 corporate vice-president Brad Anderson boasts about getting on his PC.

Reference: https://www.techrepublic.com/article/windows-virtual-desktops-how-you-can-manage-monitor-and-virtualise-devices-remotely/

Share199Tweet124Share50
AZURE SECURITY NEWS EDITOR

AZURE SECURITY NEWS EDITOR

Related Posts

Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

Azure Digital Twins now generally available: Create IoT solutions that model the real world

by AZURE SECURITY NEWS EDITOR
December 18, 2020
0

Today, organizations are showing a growing appetite for solutions that provide a deeper understanding of not just assets, but also...

What’s New: Reduce alert noise with Incident settings and alert grouping in Azure Sentinel

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

This installment is part of a broader series to keep you up to date with the latest features in Azure...

What’s New: Cross Workspace Incident View in Public Preview!

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

This installment is part of a broader series to keep you up to date with the latest features in Azure...

Microsoft Seriously Beefs Up Security in Windows Server 2019

Get to know cloud IoT services on AWS, Azure and Google Cloud

by AZURE SECURITY NEWS EDITOR
December 6, 2020
0

AWS, Microsoft and Google offer a range of cloud IoT services, as each tries to gain a foothold in this...

  • Trending
  • Comments
  • Latest
Microsoft’s CyberX Acquisition Boosts Security of Azure IoT Lineup

AZURE DEFAULT RESOURCE GROUP AND DEFAULT WORKSPACE: WHAT ARE THEY?

December 14, 2020
Microsoft Seriously Beefs Up Security in Windows Server 2019

TCS Launches Cloud Exponence on Microsoft Azure

January 21, 2021
Microsoft Launches Host of Security Products in Time for RSA

Microsoft to add two new Microsoft 365 security, compliance bundles to its line-up

November 26, 2020

Lady Gaga Pulled Off One of the Best Halftime Shows Ever

0

Barack Obama’s Now Mainly Focusing on Wearing This Casual Backwards Hat

0

Watch Justin Timberlake’s ‘Cry Me a River’ Come to Life in Mesmerizing Dance

0
Innovative solutions for IT workers at home

ZEDEDA Announces Integration with Microsoft Azure IoT to Seamlessly and Securely Orchestrate Distributed Edge Computing Workloads at Scale

February 24, 2021
A moment of reckoning: the need for a strong and global cybersecurity response

ZEDEDA integrates with Microsoft Azure IoT to provide full lifecycle management capabilities

February 24, 2021
Innovative solutions for IT workers at home

SolarWinds Attack: Proof That On-Premises Active Directory Still an Effective Initial Access Vector

February 23, 2021
Azure Security News

Copyright © 2020 - Azure Security

Navigate Site

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Follow Us

No Result
View All Result
  • Home
  • News
    • Politics
    • Business
    • World
    • Science
  • Entertainment
    • Gaming
    • Music
    • Movie
    • Sports
  • Tech
    • Apps
    • Gear
    • Mobile
    • Startup
  • Lifestyle
    • Food
    • Fashion
    • Health
    • Travel

Copyright © 2020 - Azure Security

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In