Looking back at my Happy New Year! post from the start of 2020, I of course, didn’t realize the brute force of the global pandemic that was about to hit. Even with the dumpster fire that was 2020, good things still occurred even in the midst of the world burning. Babies were born. Relationships started. New doors opened with new opportunities and the list continues. 2020 is behind us now and in the review mirror. Let’s focus on making 2021 a vast improvement from 2020.
With that said, I’m going to repeat my thoughts for the new year. They are still valid and hold true.
Here are some thoughts for the new year:
Don’t wait to start that project. Some day never comes around.
You are perfect the way you are. However, if you want to get healthy, know that you aren’t alone. You got this.
Tell those people close to you how you feel about them. Tomorrow may not come for some.
Tell your kids (fur babies count too!) that you love them as often as you can. My kids hear it from as often as I can.
Finally, be kind to each other. The world is harsh enough as it is without us beating each other up.
Hopefully this post comes at a time where we see the Covid vaccine rolling out to the masses. Until then, keep wearing a mask and stay safe out there.
Yep, you read that headline correctly. Microsoft is making some Business Premium Office 365 licenses as well as some Business Basic Office 365 licenses available to US-Based 501c3 non-profit organizations, for free.
There’s a few steps to get these licenses.
The first step is to setup an Office 365 / Azure tenant for the nonprofit via
The second step is to register with Microsoft as a nonprofit. Once approved as a nonprofit, the licenses can be provisioned for you.
The third step is to contact DCAC (or another CSP, but we prefer if you go through DCAC) to provision your free Office 365 licenses. There will be some paperwork to sign to get the license setup, but it’s done quickly and easily through DocuSign.
That’s it, once the licenses are assigned you can setup everything that’s needed to move your email domain to Office 365.
If you are a 501c3 and are looking for an email solution, follow these three steps and you’ll be good to go.
If your User Group is registered as a 501c3 then you can get some free Office 365 licenses gifted from Microsoft. Contact Denny for more information (it’s a few step process that I’ll outline in a blog post later)
SQL Saturday Organizers
Download your registration lists from sqlsaturday.com
Download your sponsor contacts from sqlsaturday.com
Review DataSaturdays.com and see if this is a good fit for future events
Review callfordataspeakers.com and get signed up to help find speakers
A new non-profit (pending US IRS approval) community organization is being set up. The new organization is in the very early stages at the moment and we’re trying to get the word out to all the PASS members that a new org is being set up. The goal of this new organization is to handle legal matters, licensing, and to give sponsors a single point of contact to reach everyone. We’re envisioning that this new organization will be a very lightweight organization designed to handle the legal needs that come up, licensing of the Intellectual Property for the organization to the user groups, and a single point of contact for sponsors to work through.
At the moment the organization is simply collecting contact information for people that want to get more information once the organization is set up. The website that is set up is www.daug.io. Please ask people to submit their information there.
A summary of the URLs talked about here.
www.daug.io – New Data and Analytics User Group community (it’s really, really rough at the moment)
www.sqlugs.com – Free WordPress hosting for User Groups, Virtual Chapters, etc.
Recently there was news of another suspect breach of IT systems. This time the attack vector was via the Managed Service Providers (MSPs) that resell Office 365 licenses. Having an MSP that is going to help you manage your Azure or Office 365 environment requires having a lot of trust in the security systems that your MSP has put in place to ensure that the access to your environment that you have given to the MSP can’t be exploited by either an employee at the MSP, or by an unknown actor that compromised the MSP.
From a technical perspective, this requires that there are a few things in place. This includes Multi-Factor Authentication (MFA) as well as some sort of Just In Time (JIT) process.
Multi-Factor Authentication (MFA)
MFA involves using a third method for authentication. Normal authentication (and username and password) requires two pieces of information, both of which you know. Because these are things that are pieces that you know and are typed in, and they are the same every time, they can be copied. Multi-Factor Authentication introduces a third step to this, instead of being something that you know, it requires something that you have. In most cases a phone (either a landline or a cell phone, usually a cell phone). The cell phone either gets a text message, or it has an application installed on it which Azure Active Directory sends a push message to, and which then prompts you to approve the authentication, and this only happens after the username and password is entered successfully.
Having an MSP which manages your Office 365 environment involves giving the MSP access to your systems. Lots of MSPs request that you give a single account which all their staff uses access. This is a horrible idea as there’s no way to have multiple phones setup for MFA. Access should be granted to the accounts that each member of the MSP that would be managing the environment uses. While this does involve setting up more users with guest access into your environment it does mean that the users can have MFA setup on their accounts.
Just In Time (JIT) Access
In addition to having MFA setup, people shouldn’t be granted the Global Admin right, or any other admin rights within the Office 365 environment. People should have to request access to do the task witch they are going to perform. Once that access is granted those rights are taken away.
Even though the person requesting the access should have it, they don’t need to have it all the time. The fact that they are doing something should be logged somewhere; which involves the person that needs access requesting the access, so that the request can be logged; all while the person’s account is protected using MFA.
Everyone Should Have MFA Enabled
In order to protect against these attacks (and other attacks) everyone at MSPs (and when possible everyone) should have MFA enabled on their accounts. Having MFAs prevents at attacker from getting access to a users account, even if the password is compromised as the attack doesn’t have access to the users MFA device (such as their cell phone).
DCAC Does Exactly That
When DCAC does management of customers Azure and/or Office 365 platforms we always do what was described above. By default we have MFA enabled on all our accounts, no matter what the customer’s security requirements are.
We also pitch JIT to customers so that it is up to our customers as to weather they want us to use a JIT process to gain access to their environment. Some do and some don’t. Those that do, we can either configure the JIT process that it available through Active Active Directory P2 license, or we can build a custom JIT process. Which one we configure depends on what sort of permissions the user wants to give the DCAC team within their environment.
If you’d be interested in DCAC helping you manage your environments please contact our sales team and we can get the process started, securely right away.
As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.
And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.