Azure – Configure Web App and Licenses

Deploying a web application and the difference between an F1 Dev/Test Free license and a B1 Dev/Test/ Production license features

Reference material

https://docs.microsoft.com/en-us/azure/app-service/app-service-web-configure-tls-mutual-auth

https://azure.microsoft.com/en-us/updates/app-service-and-functions-hosted-apps-can-now-update-tls-versions/

Prep – Lab Resource Group

Start in App Services. To create a basic test app in the free tier using I’m using the prep resource group – lab_study_2020

Deployment takes a minute or two, so patients before jumping to the next steps

Now you have a basic app running and accessible via a URL from the internet.

If you delete and recreate the app you can change the license options to include more advanced features, try selecting Production B1.

Dev/Test or Production B1 Features

  • Custom domain /SSL options
  • Manual Scale

Stop Web App, Delete Web App > Enter Web App name and Delete


Redeploy using B1 license for additional options


Now you will see additional options

“Encrypt” option in Outlook Error

Licenses and Limitations of Encryption and Exchange Online in you Microsoft 365 subscription.

Example Send a New message and there is an “Encrypt” button. Great feature but is there a gotcha you need to configure or another license version you require?

Slightly frustrating a button exists even if its not configured and gives your end users and error message.

“Your machine isn’t set up for Information Rights Management (IRM). To set up IRM, sign in to Office, open and existing IRM protected message or document, or contact your help desk.”

Reason

You created and new message in Outlook, clicked options, Encrypt, and Connect to Rights Management Servers and get templates

Solution

You received this message because RMS isn’t setup in your Microsoft 365 tenancy. Azure Information Protection is only included with certain licenses in Office 365. See License Data Sheet.

OME stands for Office 365 Message Encryption (OME).

OME is offered as part of “Office 365 Enterprise E3 and E5, Microsoft Enterprise E3 and E5, Microsoft 365 Business Premium, Office 365 A1, A3, and A5, and Office 365 Government G3 and G5.”

Microsoft provide this guide to choosing your activation method.

What is the difference in Microsoft 365 Enterprise Mobility + Security E3 and E5 Licenses

Today I’m looking at Microsoft 365 Enterprise Mobility + Security E3 and E5 Licenses and trying to work out which licenses I need and what the differences are. I’ve reviewed the guide on features and pricing, visit compare-plans-and-pricing

There are four key areas for Enterprise Mobility + Security:

  • Identity and access management
  • Managed mobile productivity
  • Information protection
  • Identity driven security

If you business it focused on Enterprise Mobility + Security E5 licenses but you need to save costs, its certainly worth reviewing what features your using and what is available / partially included in an Enterprise Mobility + Security E3 license. Microsoft would describe the differences as “Enterprise Mobility + Security E5 includes new and advanced security capabilities that make up our holistic and innovative approach to security for the mobile enterprise. Some E5 capabilities were previously only available as standalone products, such as Microsoft Cloud App Security, or as products in preview, such as Microsoft Azure Active Directory Identity Protection, Azure Active Directory Privileged Identity Management, and Azure Information Protection.”

A break down of the Key Additional Features in E5 and not in E3.

This is a quick break down of the additional features in the E5 license you don’t get in E3 currently. (Please check again, this is not a live feature list)

  • Risk-based conditional access (Explained further)
    • Register MFA – All Users
    • Password changed (High risk users)
    • Require MFA for medium to high risk users
  • Privileged identity management (PIM) – (Explained Futher)
    • Manage, Control and monitor important information or resources
  • Intelligent data classification and labelling (Azure Active Directory Identity Protection)
    • Automate the classification and labelling process ( Personal interpretation, not sure if that terminology is correct)
    • Azure identity Protection which can be leveraged in CA. Identity Protection Policies example
  • Microsoft Cloud App Security (Explained Further)
    • CASB Cloud Access Security Broker
  • Azure Advanced Threat Protection (ATP) – (Getting started with Azure ATP)
    • Detect, Identify Abnormalities, Advanced Attacks

So does you business have any other 3rd party tools already providing the features of E5? It might be worth noting some components Enterprise Mobility + Security E5 can be purchased separately, but the logic is a suite gives more value in a bundle.

Another good option to get hands on and try the full E5 license, why not run a PoC to see if the features of Enterprise Mobility + Security E5 with a free Trial (90 days offered when I wrote this)?

I hope this post helped, additional information is available direct from the Microsoft Site.

Apologise if any information is incorrect, this is just a personal review and no way related to Microsoft.

Intune – Mobile Device Management – Register and Assign a Intune License

Setting up Intune on your current Office365 subscription.

Things to know..

  1. Check your Pre Reqs/Supported devices
  2. More than 150 licenses for EMS? Check out FastTrack Center Benefit!
  3. DNS registration
  4. Users and Groups
  5. Intune license required
  6. Apps can be assigned to groups to be installed automatically
  7. You can create profiles on devices
  8. Define app policies / and restrictions

Getting started

Signup, Already using Office 365 = You already have an account

Yes, add it to my account

Try now

Continue

Check your email

Assign the license

Editing users (User Management) https://admin.microsoft.com

Add the Intune license

Save

You will now see the license is assigned to the user