Regaining Control Over Unmanaged GenAI Apps: New Microsoft Purview Enhancements in Edge

on
Many organizations are growing increasingly concerned about the widespread use of unsanctioned Generative AI (GenAI) tools. These apps, often accessed through unmanaged browsers, pose significant risks to data security and compliance. To help with this, Microsoft is now updating some features in  Microsoft Purview that will enhance policy enforcement for unmanaged cloud apps accessed via the Edge browser.  What’s Changing? Previously, enforcing Purview Data Loss Prevention (DLP) and Collection policies required manual creation of Edge configuration policies. These policies were often complex and needed to be scoped correctly to block unsupported browsers or apply protections. With this update, Microsoft automates much of that process: Collection Policies now apply directly within Edge without needing a separate blocking configuration. DLP Policies automatically generate Edge configuration policies that align with the scope of the DLP rules. DLP policies can operate in two mode...

Missing Meet URL for users of Lync Hoster Pack v2

on
The company I work for deployed Lync Hoster Pack v2 in the fall of 2013. At first, all things seemed fine, but after a while we received incident tickets regarding users who did not get the meet url published when creating a new meeting.

It has been a long road tring to find the root cause of this issue, especially since we at first saw no difference between the users we created where it worked, and users where it did not work. All users were deployed through the Citrix Cortex service for provisioning.

All users were provisioned correctly with Domainmap, TenentID and ObjectID. And if we moved users from one place to another it started working again.

It all turned out to be a rights issue in Active Directory. The root OU had it's correct settings, but when we deployed several resellers through the Cortex service, these reseller OU's did not inherit the rights from the parent OU. Applying the correct rights to all the sub OU's in the tree fixed the issue for all customers.

Here's a quick script to set the correct rights for hosting on all OU's in a tree:

Import-Module activedirectory
Import-Module lync
$counting = 0
$moreISH = Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase `
'ou=reseller,ou=hosting,dc=domain,dc=net'| select DistinguishedName
foreach ($ou in $moreISH){
Grant-CsOuPermission -OU $ou.DistinguishedName -Verbose -ObjectType user
$counting ++
}
Write-Host "Set rights on $counting OU's" -ForegroundColor Green

The commands above must be run a computer where the Active Directory and the Lync module is available.

These are the changes made by the command http://technet.microsoft.com/en-us/library/hh849655(v=ocs.14).aspx