#ITPro in a DevOps world, Sr. Site Reliability Eng. @ MSFT. Montanan at ❤️! My tweets are my own & not a reflection of my employer. They are happy about that 👍
426 stories
·
2 followers

Microsoft launches digital skills initiative to help those hit by the COVID-19 economy

1 Comment
Microsoft is making available its learning content, certifications, and job-seeking tools to try to help the estimated 25 million people worldwide whose jobs have been impacted due to the coronavirus pandemic.
Read the whole story
jshoq
3 days ago
reply
Are you looking for training to get into a new position or bolster your current position? This learning initiative is an amazing opportunity for your personal knowledge base. I am going through the offerings to understand what is available. Better yet... It's free! And free as in free beer.
JS
Seattle, WA
Share this story
Delete

How Microsoft LAPS Can Help Improve Endpoint Security

1 Comment
Here’s a quick guide to using Microsoft LAPS, which stores the local administrator password securely in Active Directory.

Read the whole story
jshoq
3 days ago
reply
LAPS is a great technology to secure the enterprise installation base. I absolutely love what it can do and it can resolve a primary threat around some sort of standardized password scheme for the local administration account. Without this security, a bad actor can own the entire installation of an enterprise infrastructure. I recommend LAPS in combination with some other JIT (Just In Time) administration access system.
JS
Seattle, WA
Share this story
Delete

Microsoft’s Free New Tool to Recover Files in Windows

1 Comment

If you have never had to recover a file in Windows, you are in the minority. At some point in time, many of us have accidentally deleted a file on either a drive or removable storage like an SD card or USB stick.

While there are tons of third-party tools that Google will surface, you never quite know if these tools will work or worse, if they are installing malware or crypto mining software in the background. That’s where professional services come into play but those options can be expensive and depending on the task, completely overkill.

Microsoft has a new application that makes it easy to recover files and below you will find a tutorial about how to use the application. If you need additional documentation, you can find that here.

Application:

The first thing you will need to do is download the recovery tool and also make sure you are running Windows 10 2004 (Windows 10 version released Spring 2020) or later. You can download the application from the link below:

Download: Microsoft Windows File Recovery Tool

Recovery Modes:

It’s important to understand which file system your device is using as this will help to determine which mode you should use. The file recovery tool supports FAT/exFAT/ReFS/and NTFS. Us the table below to determine which mode you should be using.

Command Line Syntax:

When entering your commands, here is a breakdown of the parameters that you will need to know:

  • /r – Uses segment mode, which examines File Record Segments (FRS).
  • /n – <filter> – Scans for a specific file by using a file name, file path, or wildcards. For example:
    • File name: /n myfile.docx
    • File path: /n /users/<username>/Documents/
    • Wildcard: /n myfile.*
      /n *.docx
      /n *<string>*
  • /x -Uses signature mode, which examines file types and works on all file systems.
  • /y:<type(s)> – Scans for files with specific file types. Separate multiple entries by using commas. For a list of extension groups and corresponding file types, see the table, “Signature mode extension groups and file types” in the section, “About modes and file systems”.
  • /# – Shows signature mode extension groups and corresponding file types in each group.
  • /? – Shows a quick summary of syntax and switches for general users.
  • /! – Shows a quick summary of syntax and switches for advanced users.

How to Recover lost files on Windows 10

If you need to recover files in Windows 10, the first thing you will need to do is to download the app from the store.

  • After installing the app, press the Windows key, enter Windows File Recovery in the search box, and then select Windows File Recovery.
  • In the Command Prompt window, enter the command in the following format: winfr source-drive: destination-drive: [/switches]
    • Note: The source and destination files must be different to recover the object
  • The tool will automatically create a recovery folder for you called, Recovery_<date and time> on the destination drive.
  • To change ‘modes’ you use either /n for default /r for segment and /x for signature
  • Default Mode Example: To recover a file from you C: drive to your E: drive, you would enter the following command:
    • winfr C: E: /n \Users\<username>\Documents\Importantinfo.docx
  • If you want to recover an entire folder, use the following command:
    • winfr C: E: /n \Users\<username>\Documents\
  • Segment Mode Example: Recover PDF and Word files from your C: drive to the recovery folder on an E: drive.
    • winfr C: E: /r /n *.pdf /n *.docx
  • Signature mode example:
    • winfr C: E: /x /y:JPEG,PNG

Important to Remember:

If you are trying to recover a file from your device, you need to stop writing content to the disk immediately. For best results, once the file is deleted, you need to try and recover the contents at that time, the longer you wait, the harder it will be to retrieve the file

As a default, you should always create full backups of your devices and not depend on a tool such as this one to retrieve files. This type of application works best for immediately recovering contents, not trying to recover a file from three weeks ago.

 

The post Microsoft’s Free New Tool to Recover Files in Windows appeared first on Petri.

Read the whole story
jshoq
4 days ago
reply
I am interested in trying out this tool on some old drives I want to restore some items from. However, this is not a tool or method of recovery to depend a business or critical files on. Always have a good backup and business continuity plan.
JS
Seattle, WA
Share this story
Delete

Understanding Windows 10 and Microsoft 365 Passwordless Sign-In

1 Comment

Passwords are a pain and they are also a security risk. Microsoft has been trying to persuade IT, professionals and consumers, to do away with passwords in recent years. Social engineering techniques, like phishing and malware, make passwords vulnerable. Around 80 percent of successful attacks originate from compromised passwords.

Users also make passwords less secure by choosing passwords that are easy to guess and that can be hacked in dictionary attacks. Moreover, it’s common that people use the same password across multiple devices and services, increasing the damage if a password compromised. Multifactor authentication (MFA) helps protect passwords but it has a low adoption rate.

What is passwordless sign-in?

Microsoft’s answer to these security problems is passwordless authentication. With passwordless sign-in, passwords are replaced by something you have, like a security key, plus something you are or know. Something you are might be a biometric gesture like a fingerprint. Something you know might be a PIN.

If you read through Microsoft’s documentation on passwordless sign-in, it refers mainly to Azure Active Directory (Azure AD). Azure AD is the identity management platform used by Microsoft 365, Office 365, and of course Azure. To add to the complexity, Microsoft supports three different passwordless technologies in Azure AD and Windows 10:

  • Windows Hello for Business
  • Microsoft Authenticator app
  • FIDO2 security keys

Windows Hello

Designed for users that have a designated Windows 10 device, Windows Hello uses the PC itself as the ‘something you have’. Windows Hello can be used to sign in to Windows 10 and it also provides single sign-on (SSO) to services like Microsoft 365.

For devices that don’t have a built-in biometric device, like a fingerprint scanner, a PIN can be used. While PINs might not seem to offer an advantage over passwords, unlike passwords, Windows Hello PINs can only be used on the device where they are registered.

Microsoft Accounts

If you log in to Windows 10 using a Microsoft account and have Windows Hello set up, you can access Microsoft services, like Outlook.com, in supported browsers using Windows Hello.

Image #1 Expand
Understanding Windows 10 and Microsoft 365 Passwordless Sign-In (Image Credit: Russell Smith)

 

You will be required to enter a PIN or use a biometric gesture to complete the sign-in.

Image #2 Expand
Understanding Windows 10 and Microsoft 365 Passwordless Sign-In (Image Credit: Russell Smith)

Work or school accounts (Microsoft 365)

To use Windows Hello for Business with Microsoft 365, you must first sign in to Windows 10 using Windows Hello with your work or school account. To log in to Windows 10 from the lock screen using a work or school account, the device must be Azure AD joined. Once logged in, single sign-on works with Microsoft 365, so there’s no need to enter a password or confirm your identity again using a PIN or biometric gesture.

For more information on joining Windows 10 to an Azure Active Directory domain, see Join Windows 10 to Azure Active Directory During OOBE on Petri. It is also possible to join, or connect in Microsoft’s terminology, a Windows 10 device to Azure AD in the Settings app.

Image #3 Expand
Understanding Windows 10 and Microsoft 365 Passwordless Sign-In (Image Credit: Russell Smith)

Microsoft Authenticator app

Users with accounts registered for MFA will likely be familiar with the Microsoft Authenticator app or similar solutions like Google Authenticator. But the Microsoft Authenticator app can also be used for passwordless authentication in Microsoft 365.

Unlike Windows Hello, the Microsoft Authenticator app is a good solution for passwordless sign-in where users share PCs. The app runs on iOS 8.0 or later, and Android 6.0 or later. Microsoft Authenticator app passwordless authentication isn’t enabled in Azure AD by default.

If Microsoft Authenticator app passwordless is setup, after entering a username to log in to Microsoft 365, the user gets a message displaying a number that they must tap in the Authenticator app on their mobile device. To complete sign-in, the user must click Approve and provide a PIN or biometric gesture.

Image #4 Expand
Understanding Windows 10 and Microsoft 365 Passwordless Sign-In (Image Credit: Microsoft)

 

Before evaluating the Microsoft Authenticator app as a passwordless sign-in solution, your Azure AD tenant must have Azure MFA with push notifications enabled as a verification method. Azure AD MFA requires a premium Azure AD subscription.

FIDO2 security keys

If users that share PCs don’t want to or can’t use their mobile phones with the Microsoft Authenticator app, security keys are a hardware alternative. Security keys usually come in the form of small USB devices and they provide stronger security than software passwordless solutions like the Microsoft Authenticator app. Keys from manufacturers such as Yubico and Feitian are FIDO2 compatible and work with Azure AD, so allow passwordless sign-in to Microsoft 365.

Some security keys also support NFC so that they can be used with mobile devices. And a few can be used with Windows Hello. But using a security key with Windows Hello usually requires extra software to be installed on the Windows 10 device.

To sign in to a service like Microsoft 365 using a security key, the key must be plugged into a USB port on the Windows 10 device. Alternatively, if the key supports NFC, an NFC reader can be used. There is usually a touchpad or sensor on the device that the user must tap to complete a passwordless sign-in. Some keys replace the sensor with a fingerprint reader to further improve security.

Before you can use a FIDO2 security key to sign in to Microsoft 365, FIDO2 security key sign-in must be enabled in Azure AD. FIDO2 Microsoft-compliant security keys are supported for passwordless login in the Windows 10 May 2019 Update and later. A supported browser is required, like Microsoft Edge. Users can register compatible security keys without any help from IT.

Support for hybrid Azure AD-joined devices

The Windows 10 May 2020 Update (version 2004) supports signing in using FIDO2 security keys to devices that are hybrid joined to Azure AD. Hybrid-joined devices are joined to a Windows Server Active Directory (AD) domain and registered, not joined, to Azure AD. Using security keys with AD requires making some changes to extend AD’s Kerberos realm to Azure Active Directory.

In the rest of this series, I will look at each of the three passwordless sign-in options in more detail, starting with Windows Hello.

The post Understanding Windows 10 and Microsoft 365 Passwordless Sign-In appeared first on Petri.

Read the whole story
jshoq
9 days ago
reply
Passwordless login is the future of security. Getting users out of the process of configuration of the security is the best thing that IT Pros can do to secure the infrastructure. Using FIDO2 devices or Windows Hello. I have configured all of my systems using Windows Hello. My work is moving to FIDO2 tokens for production system access.
JS
Seattle, WA
Share this story
Delete

How to Install and Update Windows Subsystem for Linux 2 (Premium)

1 Comment

Though this process will be streamlined in the future, installing the Windows Subsystem for Linux (WSL) 2 today requires multiple steps.

The post How to Install and Update Windows Subsystem for Linux 2 (Premium) appeared first on Thurrott.com.

Read the whole story
jshoq
9 days ago
reply
I can't wait to update my WSL to WSL v2 on my systems. This article by Paul Thurrott is super helpful but only available to the Premium subscribers on this site. I will look for another author to provide similar information but not behind a pay wall.
JS
Seattle, WA
Share this story
Delete

Achieve higher performance and cost savings on Azure with virtual machine bursting

1 Comment

Selecting the right combination of virtual machines (VMs) and disks is extremely important as the wrong mix can impact your application’s performance. One way to choose which VMs and disks to use is based on your disk performance pattern, but it’s not always easy. For example, a common scenario is unexpected or cyclical disk traffic where the peak disk performance is temporary and significantly higher than the baseline performance pattern. We frequently get asked by our customers, "should I provision my VM for baseline or peak performance?" Over-provisioning can lead to higher costs, while under-provisioning can result in poor application performance and customer dissatisfaction. Azure Disk Storage now makes it easier for you to decide, and we’re pleased to share VM bursting support on your Azure virtual machines.

Get short-term, higher performance with no additional steps or costs

VM bursting, which is enabled by default, offers you the ability to achieve higher throughput for a short duration on your virtual machine instance with no additional steps or cost. Currently available on all Lsv2-series VMs in all supported regions, VM bursting is great for a wide range of scenarios like handling unforeseen spiky disk traffic smoothly, or processing batched jobs with speed. With VM bursting, you can see up to 8X improvement in throughput when bursting. Additionally, you can combine both VM and disk bursting (generally available in April) to get higher performance on your VM or disks without overprovisioning. If you have workloads running on-premises with unpredictable or cyclical disk traffic, you can migrate to Azure and take advantage of our VM bursting support to improve your application performance.

Bursting flow

VM bursting is regulated on a credit-based system. Your VM starts with a full amount of credits and these credits allow you to burst for 30 minutes at the maximum burst rate. Bursting credits accumulate when your VM instance is running under their performance disk storage limits. Bursting credits are consumed when your VM instance is running over their performance limits. For detailed examples on how bursting works, check out the disk bursting documentation

Visual showing example of bursting flow

Benefits of virtual machine bursting

  • Cost savings: If your daily peak performance time is less than the burst duration, you can use bursting VMs or disks as a cost-effective solution. You can build your VM and disk combination so the bursting limits match the required peak performance and the baseline limits match the average performance.
  • Preparedness for traffic spikes: Web servers and their applications can experience traffic surges at any time. If your web server is backed by VMs or disks using bursting, the servers are better equipped to handle traffic spikes.
  • Handling batch jobs: Some application’s workloads are cyclical in nature and require a baseline performance for most of the time and require higher performance for a short period of time. An example of this would be an accounting program that processes transactions daily that require a small amount of disk traffic, but at the end of the month does reconciling reports that need a much higher amount of disk traffic.

Get started with disk bursting

Create new virtual machines on the burst supported virtual machines using the Azure portal, PowerShell, or command-line interface (CLI) now. Bursting comes enabled by default on VMs that support it, so you don't need to do anything but deploy the instance to get the benefits. Any of your exisiting VMs that support bursting will have the capability enabled automatically. You can find the specifications of burst eligible virtual machines in the table below. Bursting feature is available in all regions where Lsv2-series VMs are available.

Size

Uncached data disk throughput (MB/s)

Max burst uncached data disk throughput (MB/s)

Standard_L8s_v2

160

1280

Standard_L16s_v2

320

1280

Standard_L32s_v2

640

1280

Standard_L48s_v2

960

2000

Standard_L64s_v2

1280

2000

Standard_L80s_v2

1400

2000

Next steps

Support for more VM types as well as IOPS bursting on VMs will be available soon.

If you’d like to learn more about how the bursting feature works for both our virtual machines and disks, check out the disk bursting documentation.

Please email us at AzureDisks@microsoft.com to share your feedback on our bursting feature, or leave a post in the Azure Storage feedback forum.

Read the whole story
jshoq
13 days ago
reply
Bursting technology is very interesting when it comes to the Public Cloud. I have wanted to utilize the B series servers for bursting and now this would be great for IOPS bursting.
JS
Seattle, WA
Share this story
Delete
Next Page of Stories