Co-Speaking at .Net Conference in Singapore 2019 – Coming soon

It is my honor to volunteered as the co-speaker for one of the .Net topic. I would say, I am more of a PowerShell and Linux person, so .Net is something new to me, this is a route that I feel uncomfortable of but it is a good route for me to learn and gain the experience. Last weekend, I took my free time to understand one of the demonstration from the topic’s slide. Play around with it and manage to get it working on the 3rd attempt. I had this as my reference, Windows Form C#. The feeling of getting it working drives me ahead to learn more about it.

71224932_2677180875635974_1636426584665620480_n.jpg

Do check it out more about this up coming conference via this link .Net Conference Singapore 2019 registration is already open and feel free to register. See you there ! 🙂

Differences of AzInfoProtection and AzInfoProtection_UL client application

When unified labeling was announce that it is no longer in Preview mode, and here it comes the new application called, AzInfoProtection_UL, you could find the link to download this application at the references below of this post. There is the Preview application called, AzInfoProtection_UL_Preview.

Before unified labeling, the only application has for Azure Information Protection is AzInfoProtection (Classic client). So what so different about them? Before we jump into getting to know what are the differences, let’s understand the definition or meaning.

Classic client

Azure Information Protection is a new enhancement of rights management and it is manage from Azure portal. If you need scanner and HYOK (your own key) then you install AzInfoProtection.exe (User Profile based installer) or AzInfoProtection_MSI_for_central_deployment (System installer) client application.

word01
Classic client
word03
Classic client
word04
This part shows Azure labels and Office 365 Sensitivity labels. Let’s take “DLP View Only” is a label custom created from Office 365.

 

Unified labeling

Azure Information Protection with Unified Labeling was just announce somewhere the month of June or July 2019. Unified Labeling means that your labels can be manage either from the Azure portal or from Office 365 Security and Compliance portal. This feature is enabled by default. You can migrate your labels from Azure to Office 365 Security and Compliance. Unified Labeling supports for more Office 365 products, such as Microsoft Teams. If you do not need HYOK protection (your own key)  or the scanner, then you install AzInfoProtection_UL.exe (User Profile) or AzInfoProtection_UL_MSI_for_central_deployment (System installer) client application.

word05
This is how it looks like first install, notice the icon is different
word06
Select on the “Sensitivity” icon and click “Show Bar”
word07
These are my Office 365 Sensitivity labels

If you would like to deep-dive the comparison of these 2 application here is a helpful link.

 

References;

  1. https://www.microsoft.com/en-us/download/details.aspx?id=53018
  2. https://docs.microsoft.com/en-us/azure/information-protection/rms-client/unifiedlabelingclient-version-release-history

 

Azure Community Singapore First Live YouTube Video! Topic: Azure Information Protection and Azure Sphere

Good day everyone! Keep staying positive even the day is bad. As a community member for Azure Community Singapore since the month of July or August 2019, this community is not just answering questions, this community has a monthly speaking meetup and yea I joined, I was “like yea, I would like to join and share about Information Protection”. However, the downside is that I can’t travel to Singapore every month just for this speaking meetup. Discuss and Discuss and they reach an end result, “let’s try doing it as YouTube Live!”.

The community set up 2 sessions, Azure Information Protection by Sabrina Kay and Azure Sphere by Snake Chia.

We went through twice of the rehearsal after working hours, the first rehearsal was to test out how we can do YouTube live with multiple users, we faced challenges like internet congestion and delay, try out implement QoS on the machine, hopes to improve connectivity and communication. On the last rehearsal, we did a dry run and getting the timeline and order of switching speaker, making sure everything fines. Thanks for pulling this rehearsal together.

The first YouTube Live just below this link:

[September 2019 Meetup] Azure Information Protection and Azure Sphere

Thanks, Marvin Heng, Goh Chun Lin, and Snake Chia! 🙂

PowerShell: Goodbye old Azure Rights Management module

Today I decided to say goodbye to a PowerShell command module, its name is Azure Rights Management, for short AADRM. Why? If you remember or read my old blog post about Rights Management in Azure then you know why I am saying Goodbye to it. Remember the old Azure Portal? https://manage.windowsazure.com

Before saying Goodbye, I was glad to experience this generation of Azure Rights Management, in 2017 and seeing the improvement and growth of it makes me happy. Now I am moving forward to the AIP Service module, where the new Rights Management named “Azure Information Protection”. AADRM End-of-life is on July 2020. During my first experience with AADRM, it was quite complicated to understand and manage it, because of its commands different from what I usually do.

Alright to install AIP Service module, what you should do first? When you already have AADRM installed, you have to uninstall it via PowerShell Run as Administrator. If you try to install the AIP Service module before uninstalling AADRM, it will give you an error saying “You already have the following commands ‘Get-AADRM and etc…’“.

This new AIP Service Module contains the new commands which are the AIP Service commands, don’t worry this new module still has the AADRM commands.

aip01.PNG If you happen to have MFA enabled, AADRM module and the new AIP service module does support.

 

 

PowerShell: Understading the use of Format-Table and Select

Just past a few days one of my colleagues was having trouble exporting the result that he wants. So I help him out to clarify what he must do and what must not do.

His PowerShell command was;

Get-Team | Format-Table DisplayName, MailNickName
  • Format-Table or ft command is used for formatting the selected properties into table form.
  • Gives you a nice view of the table form of the properties in the PowerShell console only.
  • If you were to export the Format-Table into a CSV, it will look like one whole chunk together in a column.

09.PNG

To export the result into CSV you got to use the “Select” command and then pipe with the Export-Csv command.

  •  “Select” or “Select-Object” command it serves the purpose of selects specified properties of an object or set of objects.
Get-Team | Select DisplayName, MailNickName | Export-Csv "<filename.csv>"

OR

Get-Team | Select DisplayName, MailNickName > "<filename.csv>"

 

PowerShell to detect Packet Loss

A friend of mine has been asking assistance from me to clarify with him on his PowerShell coding, he said he only knows one person does PowerShell and that is why he came to me. Anyway, thanks and I am feeling a little shy, HAHAHA! Glad to help out a good friend.

He has been trying to code out packet loss detection via PowerShell, and yes I do agree that sometimes it is tricky when comes to understanding the variables, example how is this reading and the outputting is a different thing?

So back and forth of clarification, he finally did it! Congratulations! You could check it out his program he has written and posted up on GitHub;

Cheah Eng Soon – Packet Loss Detection

C-level talk: M365 Security and Compliance

This post is going to be slightly different. Last week (21st August 2019), I got invited to give a talk about M365 Security and Compliance. This is really a test on my confidence and how I communicate with the audience. Another thing is that I cannot be technical, that is the biggest challenge! Standing out is always my biggest fear. Stepping into the room, trembling, all I can tell myself “Sabrina you can do it”. Everyone is looking at me and some smiling at me, probably because they are thinking “Why is this kid presenting?”. Anyway, the show must go on!

I am just someone wants to learn interesting things and stepping out from my comfort zone. I may not score well in this talk, but I willing to learn to be better. Another thing is I don’t blame my mentor, I only blame myself because I am the one on the stage. So mentor, don’t feel bad, I fall I still climb back up.

I don’t like to be a show-off, I just want to share what M365 can do better for an organization. Throughout my experiences with M365 Security and Compliance, I find that leveraging on their features and capability has helped quite a lot of my customer’s frustrations with auditors or lawbreakers in the company. To gather justification takes longer time and takes up energy, why not M365 right?

Just to summarize, minority audience clapped, it is a great experience and opportunity given, thanks very much, especially my mentor, for investing the time in me. Guess is still a long way for me to improve. I had a great time talking with some of the audience, there was 1 audience has been wanting to talk to me but afraid (I have no idea why, do I look scary? I’m just joking) and told me he liked the aOS KL 2018 talk that I gave about Azure Information Protection. With a little gratitude from the audience drives me to keep going, thanks.

0.jpg

Don’t be a smart-arse, Be unique! – From My Dear Parents

M365 Multi-Factor Authentication: Modern Authentication vs App Password

What is Modern Authentication?

Modern Authentication applies to Office 2013 application and above version. Modern Authentication is enabled by default. Modern Authentication does by keeping your credentials and you do not have to re-key your credential whenever you launch your Office applications. For ADFS environment, Modern Authentication will use the OATH2 to authenticate to ADFS (via the addition of ADFS into the trusted local intranet sites) on the client’s behalf, and will SSO the user.

 

outlook01
Modern Authentication supported, grey-out the settings

 

What happens MFA enabled in Modern Authentication?

On your next login to your workstations/laptops/computers, you will be prompt to key in your authentication code for each Office applications, example Outlook, OneNote, OneDrive and so on.

Where can you get Authentication code?

Download the Microsoft Authenticator app from your mobile’s PlayStore app.

1200x630bb.jpg

What is App Password?

App Password applies to Office 2013 application and below version. Is in the form of a randomly generated password with a combination of symbols and alphanumeric, which requires you to paste into each of your Office applications. For short, App Password is for legacy office application.

What happens when MFA is enabled in App Password?

When the next login to your workstation/computer/laptop, and the first launch of your Office application, example Outlook, you will be prompt to key in your credential but for the password, you must paste the app password instead of using your usual password.

 

As you can see the behavior is almost the same.

 

 

Azure Information Protection and Unified Labeling (No longer in Preview)

This post has been in my draft, just got too much to handle this few months and I am terribly embarrassed about holding this post in draft. *Gomeinasai*

Last few weeks, I notice that there is a new Azure Information Protection version of the client, it was released on 14th July 2019, stating that it comes with unified labeling. I was a slight surprise “Is it true? that unified labeling is no longer in preview mode?”.

Capture

Before it was announced that it is no longer in preview mode, I had to do the manual integration and it will cause the Security and Compliance’s Data Leak Protection Policy to crash via GUI. I had to use force command to remove the Data Leak Protection policy, via PowerShell.

Manual integration involving SharePoint settings, Security and Compliance, and Azure Information Protection. However, this may win theoretically but technically is not working that well for me though. Well, it was a tough experience but good to go through it.

I tried many ways to get it working but it will crash. “Updating…” status will just stay there for more than 48 hours! *faint*

Anyway, is good to know that Unified labeling is no longer in preview mode. You can manage your labeling in Security and Compliance too by migrating the Azure Information Protection Labeling (AIP). Just to make sure no duplicates labeling in Security and Compliance before migrating.

 

Symantec ATP SEDR from 3.x to 4.1 version: High RAM usage in 8840

This is the exhausting, and longest case I have ever encounter. When the 4.1 version notified my ATP device, before I jump into upgrading it, I read the white-papers and the prerequisites to upgrade. After a month of upgrading it, I kept getting high RAM usage from monthly to weekly notifications. Experiencing RAM high usage problem in 8840. Even the system activity logs or the logs from the Symantec ATP administrator management interface can’t help at all. I had to raise a ticket to Symantec Support when the behaviour reoccurring.

The temporary solution from Symantec article is to reboot when the RAM usage warning appears.

Back and forth emails with Symantec Support, they themselves have no idea too.  Anyway, just to cut from the exhaustion and tolerance that I went through with the Support, so this is what they suggested is to gather the logs about the appliance health you have to do it this way.

After the Support got the logs (twice), they analyzed and informed me to wait for version 4.2 and it will resolve this issue. Version 4.2 release date 29th August 2019. Hopefully, it will.

Requirements

  1. SSH or Terminal console from ATP Appliance
  2. A firewall is allowed SSH for the ATP Appliance
  3. VGA from ATP Appliance to the LCD monitor
  4. Raise a case to Symantec Support

SSH console

If you have enabled SSH for your Symantec ATP appliance, then you could run the command below via SSH in the same environment.

If you haven’t enabled SSH yet, then you could always go to the Symantec ATP Appliance and launch the terminal console, key in the login credential and run this command;

sshconfig enabled

ATP terminal console via LCD

  1. Login the ATP physical device with your ATP credential
  2. key in the following command
    • gather_evidence -u <your email address> -c <case number> -v
  3. It will prompt to enter a password, the password is given by Symantec support
  4. After that, it will show the progress dashboard about the reporting uploading to the Symantec support site

This takes an hour to or more complete the upload.

Appendix

  1. -u is username
  2. -c is case number
  3. -v is verbose