Translate

Friday, August 27, 2021

Windows365 is there

Update from 09/14/2021 (at the end of the article)!

Yeah I know from a timing perspective Windows365 is already here since July 15th 2021. But I had not yet time to write about it. I am glad to be a tester for Windows 365 since October last year. This was the most confidential TAP program we were ever involved. We were even not allowed to talk to German techy Microsofties about it. ;-)

So to make a long story short and demystify the "Windows got streamed to your device" marketing story. Yes it felt like something is "streamed" to your device. But in reality its:

  1. A Microsoft managed virtual machine 
  2. Sitting on Azure
  3. Dedicated for you
  4. Running all the time
  5. Enabled for regular management with Microsoft Endpoint Manager
  6. Part of your your own domain (hybrid domain joined, Azure AD only is on the roadmap)
  7. Paid on a single flat price (n $ per month)
  8. Accessed via RDP protocol on any device (Windows, IOS, macOS, Android, Browser, Linux)
  9. Very simple to setup and maintain!
And it is for whom?

Actually its not a default device you would give everybody in the whole company. But its a great complementary solution for specific use cases and that could be:

  • Regulated scenarios like banking, healthcare, government (outside of Germany ;-))
  • Changing demands like mergers & acquisitions, temps, contractors or partners
  • Bring your own device scenarios (very popular e.g. in Switzerland)
  • New hires (day one) until you get your real device
  • Device shortages (while you wait until your new or replacement device is there)
  • Working scenarios like retail workers or call center.
  • Special LOB applications
  • Design  & Development (even with hardware accelerated VMs for CAD)
  • Software testing
  • Pandemic situations

You may have heard of Azure Virtual Desktop. How is that related to Win365?



To learn more about it I gave 2 webcasts including demos:

GERMAN webcast held with my colleague Karsten Kleinschmidt in our own glueckkanja-gab AG webcast studio.
YOUTUBE - Windows 365 Cloud PC - German

ENGLISH webcast held with Ragnar Heil together from home office & vacation bus ;-)
YOUTUBE - Windows 365 Cloud PC - English



Pricing and plans are found here:
Windows 365 Plans and Pricing | Microsoft


Windows 365 Documentation found here:
Windows 365 Enterprise documentation | Microsoft Docs

And yes there is also a Business version available. Difference here:
  1. Azure AD only
  2. No network connection to on-premises
  3. No custom images
  4. Limited to max 300 users
So not really an option a larger enterprise would think of.

If you want to know what's new and currently available:
What's new in Windows 365 | Microsoft Docs

If you are interested in what's coming next then look here:
In development - Windows 365 | Microsoft Docs

In another post later I will talk about tips & tricks for deployment & troubleshooting. Stay tuned!

PS: Microsoft stopped the trial temporary due to overwhelming success and a large amount of requests for it. You can still "try" with a paid subscription. If you are seriously interested then the probably 32 US$ per month aren't too much for a paid test machine.

(UPDATE 9/14/2021):
To get a first glimpse here you get access to a interactive demo experience!
Interactive Demo (azureedge.net)

And if you want to see current feature requests, upvoting or adding a new one.
Windows 365 feature requests - Microsoft Tech Community

Tuesday, May 4, 2021

MS deprecates TLS 1.0 and TLS 1.1 in AzureAD

Microsoft announced they will deprecate TLS 1.0 and TLS 1.1 as authentication mechanism in AzureAD. This was already done with Office 365 with less impact. This time the impact will be much bigger!

Reason for this is security as there are serious vulnerabilities out there like Heartblead, POODLE, BEAST and others. Also other major vendors will deprecate the usage of TLS 1.0 and TLS 1.1 as also specified in RFC8996!

The MS cloud application catalog is reporting already more than 2.700 apps from the 17.000 apps not supporting TLS 1.0 or TLS 1.1.  If Azure AD is used for authentication for one of the affected apps they may fail after June 30th 2021!

Also old on-premises stuff will fail when used in combination with Azure Active Directory e.g. but not limited to: 

  • Use of outdated operating systems (Windows 7 / Window 8 without "extension", Servers older as Windows Server 2012 R2
  • Use of outdated browsers (used for app compat reasons)
  • New AzureAD device registration on older OSes
  • Older Versions of Azure AD connect, PTA agents oder AppProxy connectors
  • MFA extensions on ADFS servers with older OSes
  • NPS extensions for Azure MFA on older OSes
  • Azure AD integrated applications and PowerShell scripts based on older .Net Framework version not configure for use of TLS 1.2
  • Software as a Service (SaaS) applications or other Line of Business applications hosted on platforms without TLS 1.2 support
  • Webproxy with SSL inspection which are not supporting TLS 1.2
This list may not be complete but should show the full impact on this!

How you can solve this issue in certain scenarios you find here more information's:



You can do some testing on this also on: https://www.ssllabs.com/ssltest/
(Please keep in mind that more than one URL might be involved in an authentication process!)


If you have Microsoft's Cloud App Security you find with this advanced filter all the affected software!



And last but not least you can find for all authentications on your tenant a report showing outdated authentications. How reliable this report is, judge on your self in your environment. We found still some strange reports.

TLS deprecation report (every 2 days you see a new one. You only see the last 3 reports!)
https://servicetrust.microsoft.com/AdminPage/TlsDeprecationReport/Download

Wednesday, January 20, 2021

PSexec failing with no process on the other end of the pipe

Recently we had a new strange issue with current Windows versions and PSExec.



If you execute something like PSExec -s -i cmd.exe 

which is creating a CMD under local system context you may receive an error like this

Error communicating with PsExec service on [MACHINE_NAME]:
No process is on the other end of the pipe.

Solution: Simply update PsExec to the latest version!
Minimum here is 2.32!

Monday, January 11, 2021

Surface device - driver and firmware support lifecycle

Recently a friend ask me for an updated driver for an issue with an older device in the surface family. So I thougth it would be a good idea first to check if the device is still supported. As we have the row of devices now for a couple years.



The good news were the devices up to Surface 3 are still under "firmware and driver" support. So in this case I could open a case for this driver issue and still believe it may be served. Actually its not a guarantee that PG agrees with my issue and will fix it. But there is some how a legal basis for it according to their own support policies.

Checkout here the list!

DeviceRelease DateEnd of Servicing Date
Surface RT1October 26, 2012April 11, 2017
Surface Pro1February 9, 2013April 11, 2017
Surface 21October 22, 2013April 10, 2018
Surface Pro 21October 22, 2013April 10, 2018
Surface Pro 3June 20, 2014November 13, 2021
Surface 3May 5, 2015November 13, 2021
Surface BookOctober 26, 2015November 13, 2021
Surface Pro 4October 26, 2015November 13, 2021
Surface Book with Performance BaseNovember 10, 2016November 13, 2021
Surface Studio (1st gen)December 15, 2016November 13, 2021
Surface Laptop (1st gen)June 14, 2017November 13, 2021
Surface Pro (5th gen)June 15, 2017November 13, 2021
Surface Book 2November 17, 2017November 17, 2021
Surface Pro LTE (Model 1807)December 1, 2017December 1, 2021
Surface GoAugust 2, 2018August 2, 2022
Surface Studio 2October 2, 2018October 2, 2022
Surface Laptop 2October 16, 2018October 16, 2022
Surface Pro 6October 16, 2018October 16, 2022
Surface Go with LTE AdvancedNovember 20, 2018November 20, 2022
Surface Laptop 3October 22, 2019October 22, 2023
Surface Pro 7October 22, 2019October 22, 2023
Surface Pro XNovember 5, 2019November 5, 2023
Surface Go 2May 6, 2020May 6, 2024
Surface Book 3May 26, 2020May 26, 2024
Surface Pro X SQ2October 13, 2020October 13, 2024
Surface Laptop GoOctober 13, 2020October 13, 2024

1. Indicates devices with a previously declared end of firmware/driver servicing support date.


More details especially also the differentiation on device support and OS version support you will find here: https://docs.microsoft.com/en-us/surface/surface-driver-firmware-lifecycle-support


To dig deeper its also very helpful to checkout the surface update history which is found here: https://support.microsoft.com/en-us/help/4036283