Yep, you read that headline correctly. Microsoft is making some Business Premium Office 365 licenses as well as some Business Basic Office 365 licenses available to US-Based 501c3 non-profit organizations, for free.
There’s a few steps to get these licenses.
The first step is to setup an Office 365 / Azure tenant for the nonprofit via
The second step is to register with Microsoft as a nonprofit. Once approved as a nonprofit, the licenses can be provisioned for you.
The third step is to contact DCAC (or another CSP, but we prefer if you go through DCAC) to provision your free Office 365 licenses. There will be some paperwork to sign to get the license setup, but it’s done quickly and easily through DocuSign.
That’s it, once the licenses are assigned you can setup everything that’s needed to move your email domain to Office 365.
If you are a 501c3 and are looking for an email solution, follow these three steps and you’ll be good to go.
If your User Group is registered as a 501c3 then you can get some free Office 365 licenses gifted from Microsoft. Contact Denny for more information (it’s a few step process that I’ll outline in a blog post later)
SQL Saturday Organizers
Download your registration lists from sqlsaturday.com
Download your sponsor contacts from sqlsaturday.com
Review DataSaturdays.com and see if this is a good fit for future events
Review callfordataspeakers.com and get signed up to help find speakers
A new non-profit (pending US IRS approval) community organization is being set up. The new organization is in the very early stages at the moment and we’re trying to get the word out to all the PASS members that a new org is being set up. The goal of this new organization is to handle legal matters, licensing, and to give sponsors a single point of contact to reach everyone. We’re envisioning that this new organization will be a very lightweight organization designed to handle the legal needs that come up, licensing of the Intellectual Property for the organization to the user groups, and a single point of contact for sponsors to work through.
At the moment the organization is simply collecting contact information for people that want to get more information once the organization is set up. The website that is set up is www.daug.io. Please ask people to submit their information there.
A summary of the URLs talked about here.
www.daug.io – New Data and Analytics User Group community (it’s really, really rough at the moment)
www.sqlugs.com – Free WordPress hosting for User Groups, Virtual Chapters, etc.
Recently there was news of another suspect breach of IT systems. This time the attack vector was via the Managed Service Providers (MSPs) that resell Office 365 licenses. Having an MSP that is going to help you manage your Azure or Office 365 environment requires having a lot of trust in the security systems that your MSP has put in place to ensure that the access to your environment that you have given to the MSP can’t be exploited by either an employee at the MSP, or by an unknown actor that compromised the MSP.
From a technical perspective, this requires that there are a few things in place. This includes Multi-Factor Authentication (MFA) as well as some sort of Just In Time (JIT) process.
Multi-Factor Authentication (MFA)
MFA involves using a third method for authentication. Normal authentication (and username and password) requires two pieces of information, both of which you know. Because these are things that are pieces that you know and are typed in, and they are the same every time, they can be copied. Multi-Factor Authentication introduces a third step to this, instead of being something that you know, it requires something that you have. In most cases a phone (either a landline or a cell phone, usually a cell phone). The cell phone either gets a text message, or it has an application installed on it which Azure Active Directory sends a push message to, and which then prompts you to approve the authentication, and this only happens after the username and password is entered successfully.
Having an MSP which manages your Office 365 environment involves giving the MSP access to your systems. Lots of MSPs request that you give a single account which all their staff uses access. This is a horrible idea as there’s no way to have multiple phones setup for MFA. Access should be granted to the accounts that each member of the MSP that would be managing the environment uses. While this does involve setting up more users with guest access into your environment it does mean that the users can have MFA setup on their accounts.
Just In Time (JIT) Access
In addition to having MFA setup, people shouldn’t be granted the Global Admin right, or any other admin rights within the Office 365 environment. People should have to request access to do the task witch they are going to perform. Once that access is granted those rights are taken away.
Even though the person requesting the access should have it, they don’t need to have it all the time. The fact that they are doing something should be logged somewhere; which involves the person that needs access requesting the access, so that the request can be logged; all while the person’s account is protected using MFA.
Everyone Should Have MFA Enabled
In order to protect against these attacks (and other attacks) everyone at MSPs (and when possible everyone) should have MFA enabled on their accounts. Having MFAs prevents at attacker from getting access to a users account, even if the password is compromised as the attack doesn’t have access to the users MFA device (such as their cell phone).
DCAC Does Exactly That
When DCAC does management of customers Azure and/or Office 365 platforms we always do what was described above. By default we have MFA enabled on all our accounts, no matter what the customer’s security requirements are.
We also pitch JIT to customers so that it is up to our customers as to weather they want us to use a JIT process to gain access to their environment. Some do and some don’t. Those that do, we can either configure the JIT process that it available through Active Active Directory P2 license, or we can build a custom JIT process. Which one we configure depends on what sort of permissions the user wants to give the DCAC team within their environment.
If you’d be interested in DCAC helping you manage your environments please contact our sales team and we can get the process started, securely right away.
Having a two cloud providers isn’t going to save you from an outage. The public cloud providers (Microsoft Azure, Amazon AWS, Google GCP, etc.) have specifically designed their networks so that an outage at one region doesn’t impact other regions.
The day before US Thanksgiving (November 25, 2020), AWS had a major outage where the east-us facility suffered an outage for several hours. But you’ll notice something very interesting about this outage. No other AWS region was impacted by this outage. This is a very important distinction, as it shows that having multiple regions within AWS would give a solid Disaster Recovery strategy a great fail-over experience.
This same applies to Microsoft Azure as they had an outage just a day or so after the AWS outage Microsoft Azure has its own issue. The North South Africa region had an outage due to torrential rain which cases flooding at some of the buildings which host the Azure data centers, according to the incident notices that sent out. Just like the AWS outage, the Microsoft Azure outage only affected the one region that was effected. None of the other regions were effected by this. This should that if hosted within Microsoft Azure in the North South Africa region and another region a successful Disaster Recovery fail-over could have been executed without issue.
But we really want to be in two clouds
Having cloud services in two different cloud platforms is going to be expensive, complex, and very limiting.
Building services in multiple cloud platforms makes for an expensive solution. Not only do you need to run all services in effectively an active/active configuration between the two cloud services, but the staff needs to be well versed in both cloud platforms. This means that either the company would need to have people on staff that know both platforms, which usually means two (sets) of people. This also means that any additional discounts that you may be able to get by paying for all the cloud hosting won’t be available due to the fact that the workload is spread across the two different clouds.
All the cloud providers also charge more to egress beyond the border of the cloud at a higher rate then between the different regions of the cloud. This means that the expense of moving data between the production and disaster recovery site will cost more then if both sites were hosted within the same cloud.
Having services in two different clouds makes the cloud solution incredibility complex. Failing over a website between clouds gets difficult. In order to redirect web traffic between web servers running in two different clouds you’d need some sort of global load balancer such as the Microsoft Azure Traffic Manager. This by its nature is going to give you a “single point of failure” (it won’t really because these things are designed to not give you a single point of failure) as you have to pick one of these services to use.
By using two different clouds you need to choose between only using Infrastructure as a Service (IaaS) only, or attempting to use the Platform as a Service (PaaS) offerings (for things like website hosting) but only using the features that exist within both of your cloud platforms. Limiting yourself to IaaS takes away a lot of the benefit of using the cloud.
By using the PaaS offerings that will require having two different deployment processes, as well as QA and testing platforms in both cloud platforms.
Websites are one thing, databases are a whole separate problem. In order to have databases in two different clouds your only real option is to use Infrastructure as a Service as syncing between the PaaS SQL Server database in any two cloud platforms is going to be basically impossible to setup scale out as well as support some sort of fail-over. All three of the major cloud platforms have multi-site options for their PaaS databases offerings, and they should as regional failures happen, and you need a way to fail-over the database to the other region which is configured for disaster recovery.
What this comes down to, is that you don’t need to build your solution to support multiple clouds. It’s going to be harder to configure, harder to implement, and give you less options when developing your solution. Using a consulting partner that is well versed in the various cloud platforms is a great way to not be lured into building a solution that scales multiple cloud platforms.
As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.
And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.