Windows features on the command line

Different ways for installing Windows features on the command line

To install a certain Windows feature on the command line there are many options

• Enable-WindowsOptionalFeature
• Install-WindowsFeature
• Add-WindowsFeature
• Dism.exe
• Pkgmgr.exe

Microsoft Cloud App Security

Deploy Microsoft Cloud App Security

Every Day more and more business activity takes place in the cloud and even if your company doesn’t use cloud base solutions. You implement properly did.

Legacy security solution simply designs to manage. So how can you maintain Visibility, Control, and Protection of your company data?

So, the answer is simple ……….

Microsoft Cloud App Security takes the concept of visibility, control and protection.

Microsoft Cloud App Security can help you take advantage of the benefits of cloud application while maintaining control of your corporate resources.

It works by improving visibility of cloud activity, and helping to increase the protection of corporate data.

Firstly Organization must have a license to use Cloud App Security.  You do not need an Office 365 license to use Cloud App Security.

To access the portal

Go to, https://portal.cloudappsecurity.com

Alternatively you can access the portal through the office 365 Admin Center by clicking the Admin Center icon followed by Cloud App Security.

Getting Started

Step1. Set up Cloud Discovery

Require task: Upload traffic logs To Create a continuous Cloud Discovery report

-      From the settings cog, select Cloud Discovery Settings

           -      Choose Automatic log upload

           -      On the Data sources tab, add your sources

           -      On the Log collector tab, configure the log collector

    To create a snapshot Cloud Discovery report

           -      Go to Discover > Snapshot report and follow the steps shown.

Why should you configure Cloud Discovery reports?

Having visibility into shadow IT in your organization is critical. After logs are analyzed, you can easily discover which cloud apps are being used, by which people, and on which devices.

Step2.  Set instant visibility, protection, and governance actions for your apps

Require task: Connect apps

          -      From the setting cog, select App connectors

          -      Click the plus sign to add an app and select an app

          -      Follow the configuration steps to connect the app

Why connect an app?

After you connect app, you can gain deeper visibility so you can investigate activities, files and accounts for the apps in your cloud environment.

Step3. Control cloud apps with policies

Require task: Create Policies

       -      Go to Control > Templates

       -      Select a policy template from the list, and then Choose plus sign Create Policy

       -      Customize the policy (select filters, actions, and other settings), and then choose                 Create.

       -      On the Policies tab, choose the policy to see the relevant matches, (activities, files,             alerts). To cover all your cloud environment security scenarios, create a policy for               each risk category.

How can policies help your organization?

You can use policies to help you monitor trends, see security threats, and generate customized reports and alerts. With policies you can create governance actions, and set data loss prevention and file-sharing controls.

Thanks For Learning
SOE THWIN OO

Single Sign-On with Azure Active Directory

Single Sign-on with Azure Active Directory?

Single sign-on means being able to access all of the applications and resources that you need to do business, by signing in only once using a single user account.

Nowadays organizations rely upon software as service (SaaS) applications such as Office 365, Box, etc… IT staff needs to individually create and update user accounts in each SaaS application, and user have to remember a password for each SaaS application.

Azure Active Directory extends on-premises Active Directory into the cloud, enabling users to use their primary organizational account to not only sign in to their domain-joined devices and company resources, but also all of the web and SaaS applications needed for their job.

Azure AD enables easy integration to many of today’s popular SaaS applications. It provides identity and access management, and enables user to single sign-on to applications directly, or discover and launch them from a portal such as Office 365 or the Azure AD access panel.

Azure AD supports three different ways to sign in to applications:

  §  Federated single sign-on

  §  Password-based single sign-on

  §  Linked single sign-on

  

     Federated single sign-on

Users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from Azure AD.

Password-based single sign-on

Users in your organization to be automatically signed in to a third-party SaaS application by Azure AD using the user account information from the third-party SaaS application. When you enable this feature, Azure AD collects and securely stores the user account information and the related password.

Linked single sign-on

This option simply allows the administrator to create a link to an application, and place it on the access panel for selected users. E.g. if there is an application that is configured to authenticate users using Active Directory Federation Services and administrator can use the “Linked Single Sign-On” option to create a link to it on the access panel. When user access the link, they are authenticated using Active Directory Federation Service, or whatever existing single sign-on solution is provide by the application.

Azure AD Application Gallery

Provides a listing of application that are known to support a form of single sign-on with Azure Active Directory.

Adding an unlisted application

Sing in to Azure Portal using your Azure Active Directory administrator account. Browse to the Azure Active Directory > Enterprise Applications > New application > Non-gallery application > Select Application > Add > Configure a Single Sign-On > Choose Sign-On option.

Thanks for Learning 

SOE THWIN OO

Azure Active Directory (Azure AD)

What is Azure Active Directory (Azure AD)?

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant, cloud-base directory, and identity management service. Azure AD combines core directory services, application access management, and identity protection in a single solution.

Standards based platforms that helps developers deliver access control to their, based on centralized policy and rules.

Benefits:

Create and manage a single identity for each user across your entire enterprise, keeping users, groups, and devices in sync with Azure AD Connect.

• Provide single sign-on access to your apps, including thousands of pre-integrated SaaS apps, and to provide more secure remote access to on-premises SaaS application using the Azure AD Application Proxy.
• Allow application access security by enforcing rules-based Multi-Factor Authentication policies for both on-premises and cloud apps.
• Improve user productivity with self-service password reset and group and application access request using the MyApps portal.
• Take advantage of the high-availability and reliability of worldwide, enterprise-grade, cloud based identity and access management solution.

Who uses Azure AD

Azure AD is intended for IT admins, app developers and for users of Office 365, Azure, or Dynamics CRM Online.

All Microsoft Online business services rely on Azure AD for sign-in and other identity needs. If you subscribe to any Microsoft Online business services (for example, Office 365 or Microsoft Azure), you automatically get Azure AD with access to the entire free feature. Using the Azure Active Directory Free edition, you can manage users and groups, synchronize with on-premises directories, get single sign-on across Azure, Office 365, and thousands of popular SaaS apps like Salesforce, Workday, Concur, DocuSign, Google Apps, Box, ServiceNow, Dropbox, and more.

    

    To enhance your Azure AD implementation, you can also add paid capabilities upgrading to Azure Active Directory Basic, Premium P1 or Premium P2 editions.

Integrate Azure AD with Windows Server Active Directory

Azure AD Connect Express Settings is used when you have a single-forest topology and password hash synchronization for authentication. Express Settings is the default option and is used for the most commonly deployed. You are only a few short clicks away to extend your on-premises directory to the cloud.

     

     Before you start installing Azure AD Connect, make sure to download Azure AD Connect.

1.  Sing in as a local administrator to the server you wish to install Azure AD Connect on.

2.     Double click AzureADConnect.msi

3.  Welcome screen, select the box agreeing to the licensing terms and click Continue

4.     Click Use Express settings

5.  Enter username and password of a Global Administrator for your Azure AD.

6.  Click Next

7.  Ready to configure screen, click Install.

Azure AD Connect?

Integrating your on-premises directories with Azure AD makes your users more productive by providing a common identity for accessing both cloud and on-premises resources. Users and organizations can take advantage of the following:

      

•    Users can use single identity to access on-premises applications and cloud services such  as Office 365.
•     Single tool to provide an easy deployment experience for synchronization and sign-in.
•     Provides the newest capabilities for your scenarios. Azure AD Connect replaces older  versions of identity integration tools such as DirSync and Azure AD Sync.

Azure AD Connect Health for ADDS

Azure AD Connect Health for Active Directory Domain Service provides monitoring for domain controllers that are installed on Windows Server 2008R2, Windows Server 2012, Windows Server 2012R2 and Windows Server 2016. The Health Agent installation you to monitor your on-premises ADDS environment from the cloud.

Thanks For Learning

Remote Desktop Services (Terminal Services)

Part-1

Remote Desktop Service (Terminal Service)

Remote Desktop Service ဆိုတာ အေဝး တစ္ေနရာက ေန Computer ကို အသံုးျပဳျခင္းျဖစ္ပါတယ္။

အဲ့လို အသံုးျပဳ လို႔ ရတဲ့ RDS ေတြမွာ အေျခခံအားျဖင့္ အမ်ိဳးအစား (၄) မ်ိဳး ခြဲလို႔ ရပါတယ္။

1.    Remote Desktop Connection
2.    Remote Assistance
3.   Remote Desktop Web Connection
4.   Telnet

     အစရိွသည္တို႔ ျဖစ္ပါတယ္။ ထို Service ေတြက တစ္ခုနဲ႕ တစ္ခု Configuration ျပဳလုပ္ပံုေတြမတူ ညီၾက   ပါဘူး။

     1.    Remote Desktop Connection

အဆိုပါ Service မွာဆိုရင္ Remote Desktop အသံုးျပဳခြင့္ ေပးမဲ့ စက္က “System Properties” ကေန Remote Desktop ကို “Allow” ျပဳလုပ္ေပးရပါတယ္။ အသံုးျပဳခ်င္တဲ့ စက္က “Remote Desktop Connection” (mstsc) ကေန Connect ျပဳလုပ္ၿပီး မိမိ လုပ္ေဆာင္ခ်င္တာေတြကို လုပ္ေဆာင္လို႔ ရပါတယ္။ ထို Service ကို အသံုးျပဳၿပီး Data Copy, Printer, Media အစရိွတာေတြ အသံုးျပဳ လုပ္ေဆာင္လို႔ရပါတယ္။ တစ္ခု သတိထားရမွာက DOS version ကေန DOS version ကို အသံုးျပဳရင္ေတာ့ အသံုးျပဳခံ ရတဲ့ စက္က “Logoff” ျဖစ္ပါတယ္။ DOS version ကေန NOS version ကို အသံုးျပဳမယ္ဆိုရင္ ေတာ့ အသံုးျပဳခံရတဲ့ စက္က “Logoff” မျဖစ္ပါဘူး။ NOS version က Session ခြဲေပးႏိုင္လို႔ ျဖစ္ပါတယ္။ ဒါေပမဲ့ ပံုမွန္ Computer (၂) လံုးဘဲ တစ္ၿပိဳင္နက္ထဲ အသံုးျပဳလို႔ရပါတယ္။ (၂) လံုးထက္ပိုသံုးခ်င္ရင္ေတာ့ RDS Role ကိုတင္ေပးၿပီးေတာ့ မိမိ ဘယ္ေလာက္ေပးသံုးခ်င္လဲ သတ္မွတ္ေပးလို႔ရပါတယ္။

     2.    Remote Assistance

အဆိုပါ Service မွာဆိုရင္ အသံုးျပဳခြင့္ ေပးခ်င္တဲ့ စက္က Remote Assistance Invitation File တစ္ခု ထုတ္ေပးရပါတယ္။ ထို Invitation File နဲ႕ အတူ Key တစ္ခုပါ ပါဝင္ပါတယ္။

အဲ့ဒီ File ႏွစ္ခုကို မိမိ ဆီကို Connect လုပ္ေစခ်င္တဲ့ သူဆီကုိ Mail ဒါမွမဟုတ္ Network ကေန ပို႔ေပးရပါမယ္။ Connect လုပ္မဲ့ စက္က အဆိုပါ Invitation File ကို Run ၿပီး Key ေတာင္းတဲ့ အခ်ိန္မွာ ပို႔ေပးထားတဲ့ Key ကုိရိုက္ထည့္ေပးရပါတယ္။ ဒါဆိုရင္ ဟိုဘက္စက္ကို Connect Request ေရာက္ၿပီး တစ္ဖက္က ခြင့္ျပဳေပးရင္ Help Desk အေနနဲ႔ ကူညီေပးလို႔ ရပါတယ္။ အလြယ္ ေျပာရရင္ “TeamViewer” လိုမ်ိဳးပါ။ တစ္ခုသတိထားရမွာက ထို Invitation File ကုိ Run ထားၿပီး ပိတ္လို႔ မရပါဘူး။ အကယ္၍ ပိတ္လိုက္မယ္ဆိုရင္ေနာက္တစ္ခါ Invitation File ထပ္လိုပါတယ္။ တစ္ႀကိမ္မွာ တစ္ခါဘဲ Invitation File ကို အသံုးျပဳလို႔ရပါတယ္။

     3.    Remote Desktop Web Connection (Remote Web Access)

အဆိုပါ Service ကို အသံုးျပဳမယ္ဆိုရင္ အသံုးျပဳခြင့္ေပးမဲ့ စက္က Role ကိုတင္ေပးဖို႔ လိုပါတယ္။ Role တင္ေပးၿပီးရင္ေတာ့ မိမိ ေပးသံုး ခ်င္တဲ့ Sercie, Application ကို RemoteApp အေနနဲ႔ Publish လုပ္ေပးရပါတယ္။ အသံုးျပဳမဲ့စက္ဘက္က Web Base ကေန လွမ္းအသံုးျပဳရပါတယ္။ ဥပမာ Browser တစ္ခုခုထဲ

ဝင္ ၿပီး http://svr1.sto.com/rdweb ဆိုၿပီး အသံုးျပဳရပါမယ္။

     4.    Telnet

အဆိုပါ Service ကို အသံုးျပဳမယ္ဆိုရင္ ေတာ့ အသံုးျပဳခြင့္ ေပးမဲ့ စက္ေကာ၊ အသံုးျပဳခ်င္တဲ့စက္ဘက္ကပါ Telnet Feature ကို Install လုပ္ေပးထားဖို႔လိုပါတယ္။ Feature တင္ၿပီး ရင္ေတာ့ အသံုးျပဳခ်င္တဲ့ စက္ဘက္က Command Prompt ထဲကေန Connect ျပဳလုပ္ရပါမယ္။ အသံုးခံရတဲ့ ဘက္က ကိုယ့္စက္ကို အသံုးျပဳေနတဲ့ စက္ကို Manage ျပန္လုပ္ခ်င္ရင္ Command Prompt ထဲဝင္ၿပီး “tlntadmn” command အသံုးျပဳၿပီး စာပို႔တာ၊ အသံုးျပဳခြင့္ ျဖတ္ေတာက္တာ၊ ဘယ္စက္ေတြက အသံုးျပဳေနလဲ စသျဖင့္ Manage ျပန္လုပ္လို႔ရပါတယ္။

RDS Service ေတြမွာ Session ဆိုတာရိွပါေသးတယ္။ ထို Session ေတြကေတာ့

         1.    Active Session

         2.    Idle Session

         3.    Disconnect Session

         4.    End Session တို႔ျဖစ္ပါတယ္။

သူတို႔ ရဲ႕ အလုပ္လုပ္တဲ့ ပံုစံက “Active Session” က RDS အသံုးျပဳတာကို ID သတ္မွတ္ေပးတာျဖစ္ပါတယ္။ “Idle Session” ကေတာ့ Connected ျဖစ္ၿပီး အသံုးမျပဳဘဲ ဒီအတိုင္းထားရင္ Idle ျဖစ္ပါတယ္။ ဒါကို က်ေတာ္တို႔ အေနနဲ႕ အရင္က Gtalk မွာျမင္ဖူးၾကမွာပါ။ Disconnect နဲ႔ End Session ကေတာ့ ဥပမာ က်ေတာ္က တစ္ၿပိဳင္နက္ထဲ Computer (၄) လံုးေပးသံုးထားတယ္ဆိုပါေတာ့၊ အဲ့ အခ်ိန္မွာ တစ္ေယာက္ေယာက္က Active ID ယူၿပီး အသံုးမျပဳဘဲ သတ္မွတ္ထားတဲ့ မိနစ္ ေရာက္တာနဲ႕ Disconnect လုပ္မွာလား၊ End လုပ္မွာလားသတ္မွတ္တာပါ။ Disconnect ဆိုရင္ေတာ့ Active ID က်န္ခဲ့တာျဖစ္တဲ့ အတြက္ ခြင့္ျပဳထားတဲ့ အေရအတြက္ ျပည့္ေနရင္ ေနာက္ Computer တစ္လံုးက ထပ္သံုးဖို႔အဆင္မေျပႏုိင္ပါဘူး။ End Session ဆိုရင္ေတာ့ Active ID မက်န္ခဲ့ပါဘူး။

Thanks For Learning