Interlink Cloud Blog
Matt Scherocman

Microsoft Rights Management – Three Different Options to Best Fit Your Information Needs and Budget

Microsoft Rights Management – Three Different Options to Best Fit Your Information Needs and Budget

Microsoft has three different levels of functionality around controlling access to critical intellectual property with rights management. 

Here is a quick summary of Microsoft's Rights Management offerings:

1) Rights Management Service for Office 365

Included in the E3 Service

This option is for those who want base level security and the ability to keep documents that are stored in the cloud secure. It does not protect documents stored locally on a file share, but there is a connector available for Exchange and SharePoint.

[...]
Eric Inch

"Stay Out Unless I Say So!" - The Sweetness of Azure AD Conditional Access

"Stay Out Unless I Say So!" - The Sweetness of Azure AD Conditional Access

I talk to a lot of customers using Office 365 that would like to have granular control on who can access the hosted services and only allow access to these services from corporate owned and managed devices. Enter Azure AD Conditional Access. “Keep out.. Unless of course you meet certain conditions!”

For example, with Azure AD device access rules you can restrict access to Exchange Online to only domain joined machines.

“Wait?! What?! That sounds just like what I’m looking to do.

What does that look like?”

 

When a user attempts to access Outlook Web App from a personal computer, they go to the OWA URL and enter their username and password.


The conditional access policy will look to verify that the device being used to access OWA is domain joined and registered in Azure AD. Since the computer is a personal computer, the user is denied access.


After closer examination using the “More details” link, you can see the access rules set require the device to be domain joined for access. In the scenario of personal computers, this will show as Unregistered.

Your access to corporate resources was swatted away like Dikembe Mutumbo. “Not in my house!”

“Good Eric, that’s all great but how about the full Outlook client? I would really like to see what options we have to prevent our users from connecting their personal Outlook client to our corporate email.”


When a user attempts to connect the Outlook client on a non-domain machine, the Outlook client will open and prompt the user for authentication.


The user will enter their username and password and the authentication process will look for a registered device.


Once again the user will be gently reminded that they need to be on a corporate owned device.

“Wow Eric, I’m really impressed by Conditional Access and the device access restrictions available in the Microsoft security suite. Anything else we should know? What about users that want to access OWA from other browsers?”

 

First and foremost, under no circumstance should you ever use anything other than Microsoft technology. Ever!

But, in the event some of your users want to go against my recommendation, to access corporate resources protected with device access rules they would need to use a supported browser. Conditional access support for applications: https://azure.microsoft.com/en-us/documentation/articles/active-directory-conditional-access-supported-apps/


The behavior when attempting Outlook Web App using the Google Chrome browser would be as follows:

The user enters their username and password from a non-domain machine.

Since the user is trying to use a browser that doesn’t support conditional access, it gives the user a warning that the browser is not supported and to use Microsoft Edge or Internet Explorer.

The device based access rules are configured within Azure AD Premium and have the following options.

  • Enable Access Rules – On or Off. (self-explanatory)
  • Apply To – Specific groups that you want to scope the access rules to. You also have the ability to except specific users from the scope.
  • Device Rules – The access rules you want to enforce for access to the corporate resources.
  • Application Enforcement – “For browser and native applications” OR “For only native applications” Exchange ActiveSync – Require a compliant device to access email

For more information on Azure AD Conditional access, please read the official Microsoft blog article AzureAD Conditional Access Policies for iOS, Android and Windows are in Preview!

 

Matt Scherocman

Free Windows Licensing for Azure: How to Get It with Windows Hybrid Use Benefit

Free Windows Licensing for Azure: How to Get It with Windows Hybrid Use Benefit

What is Windows Hybrid Use Benefit?

Microsoft has a relatively unknown benefit called Hybrid Use Benefit (HUB). If you already own Windows Servers with Software Assurance, you can use it to run workloads in Azure on Windows without paying for Windows in Azure. For those that license Windows Servers utilizing the Data Center version, you can continue to use that Windows Server to run on-premises workloads, as well as different workloads in Azure with the same license. This allows you to double the functionality of each Windows Server Data Center license! 

A few important facts:

  • Both versions of Windows Server - Standard and Datacenter -  license with Software Assurance are eligible for the Hybrid Use Benefit

    Hybrid Use Benefit entitlements

  • A Windows Server Standard Edition license cannot be used simultaneously in on-premises deployments while utilizing Hybrid Use Benefit in Azure
  • Windows Server Datacenter licenses can utilize the Hybrid Use Benefit and continue to be deployed in parallel on-premises
  • All uses of HUB must be done by importing a customer’s image file into Azure

For Azure deployments of HUB, each eligible license has an entitlement to run Windows Server VM’s at the lower non-Windows VM rates. Through leveraging HUB, some deployments in Azure can offer end-customers a savings up to 50%.  

Hybrid Use Benefit Sample - Full Time

Example scenario with customer running two D2v2 VMs using the Hybrid Use Benefit.

Hybrid Use Benefit savings sample

*EA Level D in USD, US East 2; full-time usage on demand
**Second Azure instance is included with Windows Server Standard Edition Software Assurance, EA level A

If you want to learn more about how Azure has leveraged this benefit, please follow these links:

We look forward to explaining more about this benefit, and how it can save you money with your existing investments in Microsoft infrastructure.  Contact Interlink today!  

Mike Wilson

Archiving Data in Azure Just Got Way More Affordable with Azure Blob Storage

Archiving Data in Azure Just Got Way More Affordable with Azure Blob Storage

Azure Blob storage, which is the ability for Azure to store all your unstructured data, now has an offer which provides a low cost to store archival and less used information. The cost of the first 100 Terabytes for local redundant storage is only 1 penny per month. Holy cow!   

Azure Blob storage is divided into two tiers - hot and cold.


Hot Tier

The hot tier stores the data you access and rely on the most. Hot storage has a higher storage cost but much lower access and transactional costs.

Cold Tier

The cold storage tier is the opposite: data you don’t access frequently that costs less to store but more to access. Azure Blob also gives you complete control over your data needs and storage priorities, allowing you to change your blobs of data from hot to cold (and vice versa) all within your Azure environment.

The best thing about Blob Storage in Azure is that the temperature of your data doesn’t impact access performance. There’s an insignificant difference (milliseconds) between data performance on hot and cold tiers. So, when you find yourself in a situation where cold data has suddenly become hot, you won’t face any delay in accessing the cold data like Azure’s major competitor. And like everything in Azure, the security, scalability, and durability of data operations doesn’t change between data temperatures.

With Azure Blob Storage, the focus is on optimizing your data, not the processes required to use the data effectively.

The business case for Azure Cloud Storage is strong.

infographic Microsoft Azure Datcenter Planning

Want more?

Below is a short video - Get started with Azure Storage that coveres how to get started using Azure Storage services including blobs, tables, files, and queues from Windows and Linux.

Click Here to learn more about the costs around Azure Hot and Cool Storage and contact us for the best advice on how to build your workloads in Azure including setting up new blobs.

Mike Wilson

ON-DEMAND WEBINAR | Azure Data Center: Understanding the Real Costs & ROI

ON-DEMAND WEBINAR | Azure Data Center: Understanding the Real Costs & ROI

On-Demand Webinar & Slides

Azure Datacenter On Demand Webinar view cta


 Azure Datacenter On Demand Webinar playConfused (or curious) on how to determine the true cost of moving your data center workloads to the cloud?

In this on-demand event, Microsoft and Interlink Cloud Advisors walk you through our key methodology for evaluating which workloads you should move, their dependencies, and how to price out workloads for Azure.

During this online event, we'll review what is possible with Azure, where other clients are finding positive ROI after their move to the cloud, and:

  • Pricing scenarios, major options, and creating accurate estimates
  • Determining ROI factors
  • Moving to the cloud when you have physical hardware that you need to maintain
  • Cloud vs On-Premises
  • Leveraging Microsoft Funding: How to leverage Microsoft paid for assessments and proof of concepts

Register now to instantly watch this information-packed webinar and download the slide deck.


PRESENTER

mike wilson

Mike Wilson

Vice President + Managing Consultant
Interlink Cloud Advisiors

Welcome to the Interlink Cloud Blog

All content provided on this blog is for informational purposes only. The owner of this blog makes no representations or warranties regarding the information from our partners or other external sources.

Blog Categories

Interlink Cloud
Interlink Cloud
6 post(s)
Tips and Tricks
Tips and Tricks
2 post(s)
Outlook
Outlook
2 post(s)
Reporting
Reporting
1 post(s)
Cloud Storage
Cloud Storage
2 post(s)
Webinars
Webinars
15 post(s)
OneDrive
OneDrive
5 post(s)
Yammer
Yammer
3 post(s)
Azure
Azure
21 post(s)
SharePoint
SharePoint
10 post(s)
Microsoft
Microsoft
6 post(s)
SQL 2016
SQL 2016
1 post(s)
Lync
Lync
8 post(s)
Office 365
Office 365
59 post(s)