Security defaults in Microsoft Entra ID

Quelle: Link

Security defaults make it easier to help protect your organization from identity-related attacks like password spray, replay, and phishing common in today’s environments.

Microsoft is making these preconfigured security settings available to everyone, because we know managing security can be difficult. Based on our learnings more than 99.9% of those common identity-related attacks are stopped by using multifactor authentication and blocking legacy authentication. Our goal is to ensure that all organizations have at least a basic level of security enabled at no extra cost.

These basic controls include:

Who’s it for?

  • Organizations who want to increase their security posture, but don’t know how or where to start.
  • Organizations using the free tier of Microsoft Entra ID licensing.

Who should use Conditional Access?

  • If you’re an organization with Microsoft Entra ID P1 or P2 licenses, security defaults are probably not right for you.
  • If your organization has complex security requirements, you should consider Conditional Access.

Move from security defaults to Conditional Access

While security defaults are a good baseline to start your security posture from, they don’t allow for the customization that many organizations require. Conditional Access policies provide a full range of customization that more complex organizations require.

Security defaults Conditional Access
Required licenses None At least Microsoft Entra ID P1
Customization No customization (on or off) Fully customizable
Enabled by Microsoft or administrator Administrator
Complexity Simple to use Fully customizable based on your requirements


Commercial preview of Microsoft Office LTSC 2024 is now available

Quelle: Link

We are pleased to announce that the commercial preview of Microsoft Office LTSC 2024 is now available for both Windows and Mac. Office LTSC is built for specialized use cases that require a long-term servicing channel such as regulated devices that cannot accept feature updates for years at a time, manufacturing process control devices that are not connected to the internet, or medical testing equipment running embedded apps that must stay locked in time.  


Office LTSC 2024 will include features from past Office releases as well as a subset of new features already available in Microsoft 365 Apps for enterprise. As we announced in March, Office LTSC will be supported for five years under the Fixed Lifecycle Policy, in parallel with Windows 11 LTSC, which will also launch later this year. And because we know that many customers deploy Office LTSC on only a subset of their devices, we will continue to support the deployment of both Office LTSC and Microsoft 365 Apps to different machines within the same organization using a common set of deployment tools: Click-to-Run on Windows and Apple Package format (pkg) on Mac, just like Office LTSC 2021.  


Microsoft 365 continues to deliver the most secure, productive, and cost-effective Office experience, and positions customers to unlock the transformative power of AI with Microsoft Copilot. And with device-based licensing and extended offline access, Microsoft 365 offers deployment options for scenarios like computer labs and submarines that require a solution other than a user-based, always-online service. However, Office LTSC 2024 will be a valuable upgrade for customers who need to keep their Office apps on-premises.  

The following products are available as part of this preview program: 


  • Microsoft Office LTSC Professional Plus 2024 (includes Word, Excel, PowerPoint, Outlook, OneNote, and Access) 
  • Microsoft Office LTSC Standard for Mac 2024 (includes Word, Excel, PowerPoint, Outlook, and OneNote)  
  • Microsoft Project Professional 2024  
  • Microsoft Visio Professional 2024         

For instructions on how to install and activate the previews of Office LTSC, Project, and Visio on a Windows device, visit Install Office LTSC Preview. 


For instructions on how to install and activate the Office LTSC for Mac Preview, visit Overview of Office LTSC for Mac Preview. 

Windows 11 an Windows 10 release information

Quelle: Link


Windows 11 current versions

(All dates are listed in ISO 8601 format: YYYY-MM-DD)

Servicing channels

Version Servicing option Availability date Latest revision date Latest build End of servicing: Home, Pro, Pro Education and Pro for Workstations End of servicing: Enterprise, Education, IoT Enterprise, and Enterprise multi-session
23H2 General Availability Channel 2023-10-31 2024-02-13 22631.3155 2025-11-11 2026-11-10
22H2 General Availability Channel 2022-09-20 2024-02-13 22621.3155 2024-10-08 2025-10-14
21H2 General Availability Channel 2021-10-04 2024-02-13 22000.2777 End of servicing 2024-10-08


Windows 10 current versions by servicing option

(All dates are listed in ISO 8601 format: YYYY-MM-DD)

Servicing channels

Version Servicing option Availability date Latest revision date Latest build End of servicing: Home, Pro, Pro Education and Pro for Workstations End of servicing: Enterprise, Education, IoT Enterprise, and Enterprise multi-session
22H2 General Availability Channel 2022-10-18 2024-02-13 19045.4046 2025-10-14 2025-10-14
21H2 General Availability Channel 2021-11-16 2024-02-13 19044.4046 End of servicing 2024-06-11

How licensing works for work and school accounts in the new Outlook for Windows

Quelle: Link

How licensing works for work and school accounts in the new Outlook for Windows

The new Outlook for Windows is bringing a wave of innovation to the next version of Outlook. As we continue on our journey, we’ve received several questions about how licensing works for work and school accounts in the new Outlook for Windows. This post will answer these questions and provide details about a recent improvement which updates the new Outlook to match the behavior of classic Outlook for multi-account scenarios.


Using Outlook in single account scenarios

To use the Outlook for Windows desktop app (either the classic or new version) with a Microsoft 365 organizational email address, you need to purchase a plan that includes the desktop versions of the Microsoft 365 apps. We offer various different pricing options for Small BusinessesEnterprises, Schools and Governments, either directly on our website or through partners. Using the Microsoft 365 plans for small business as an example, a Business Standard or Business Premium plan provides access to a Microsoft 365 email address and the desktop versions of Outlook (and the rest of the Microsoft 365 apps). The Business Basic plan provides access to our productivity tools through the web and mobile versions of Outlook and Microsoft 365.

thumbnail image 1 of blog post titled How licensing works for work and school accounts in the new Outlook for Windows


Using Outlook in multiple ‘work or school’ account scenarios

Some organizations choose to provide multiple email addresses with different licenses to their users. In the classic Outlook for Windows today, users could install and activate the desktop app with an initial account that was properly licensed for desktop use (e.g. Business Standard, Enterprise E3). Once Outlook was properly licensed by that initial account, users could add additional accounts like Business Basic and Enterprise E1 as secondary accounts.


Previously, the new Outlook for Windows didn’t allow adding accounts with Business Basic and Enterprise E1 license as secondary accounts, regardless of what other accounts were added to the app. We recognized this would be a temporary gap for the new Outlook, which is why we’ve focused on giving users and organizations the choice of when to toggle back and forth between classic and new version of Outlook. We prioritized this work alongside the various other important requests from users, and are excited to share that the update rolling out now will update the new Outlook to match the behavior of classic Outlook. Thank you for your patience and understanding while we got there!


How multi-account licensing will work in the new Outlook going forward

When you add your first account to the new Outlook for Windows, this account will be set as your primary account. This account is currently used for storing app-wide settings like theme and layout, diagnostic data, connected experiences, and policies configured by an administrator. With this update, the primary account will now also be used for determining the license that applies when adding additional secondary accounts.

thumbnail image 2 of blog post titled How licensing works for work and school accounts in the new Outlook for Windows

Figure 1: Option to set account as primary in Settings > Accounts > Email accounts.


For example, if you have a Business Standard account (which includes a license for desktop apps) added as your primary account, that license will apply, and you can now add any secondary email accounts regardless of licensing status (e.g. Business Basic). This also applies to personal accounts with a Microsoft 365 Personal or Family, as these plans include the license rights to the Microsoft 365 applications for desktop. Once one of these accounts is set as the primary account, you can add Business Basic, E1 or similar accounts as secondary accounts.



When will I see the capability change in the new Outlook for Windows?

We began rolling out these improvements on February 1st, 2024. They should reach all users by the middle of February.


What if the first account I add is a free personal email address like or Gmail?

The new Outlook provides a free, ad-supported version of the app for use with personal email addresses. At any time, you can add a Microsoft 365 work or school email address with rights to the Outlook desktop apps, or a personal email with a subscription to Microsoft 365 Personal or Family to upgrade to the premium version of Outlook adding additional features and removing ads.


If you would like to add other Microsoft 365 commercial accounts with web and mobile access only, you’ll first need to set one of the other accounts that have rights to desktop apps as the Primary Account.


Which commercial and personal licenses provide the rights to use the Outlook desktop applications on Windows and Mac, when set as the Primary Account?


Microsoft 365 Personal, Microsoft 365 Family


Work or school:

SMB: Microsoft 365 Business Standard, Microsoft 365 Business Premium, Microsoft 365 Apps for business

Enterprise: Office 365 E3, Office 365 E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 Apps for enterprise

Education: Office 365 A3, Office 365 A5, Microsoft 365 A3, Microsoft 365 A5, Microsoft 365 Apps for education

Government: Office 365 G3, Office 365 G5, Microsoft 365 G3, Microsoft 365 G5, Microsoft 365 Apps for enterprise


How do I add a Microsoft Account that was created with a non-Microsoft email address to the new Outlook for Windows?

When you create a Microsoft Account, you have the choice of creating an email address or using your existing non-Microsoft email as your username (e.g. Gmail, Yahoo). Currently, the new Outlook for Windows only supports adding Microsoft Accounts with an email address. You can do this in Settings > Accounts > Email Accounts, or by clicking the „Add Account” button in the bottom of the folder list.

thumbnail image 3 of blog post titled How licensing works for work and school accounts in the new Outlook for Windows


If you purchased a Microsoft 365 Personal or Family subscription with a Microsoft Account that was created with a non-Microsoft email address, you will need to add an alias in order to connect it to Outlook. To do so, follow the instructions here: How to add an email address or phone number to your Microsoft account – Microsoft Support.


We hope this update makes managing the new Outlook for Windows easier and, please, let us know if you have any feedback in the comments.




Mozilla Firefox – Wiederherstellen von fehlenden Nutzerdaten nach einem Update

Quelle: Link

Wiederherstellen von fehlenden Nutzerdaten nach einem Update

Wenn Firefox ohne Ihre Lesezeichen, Passwörter, gespeicherte Tabs und andere benutzerdefinierten Einstellungen startet, prüfen Sie, ob Ihre Daten in einem anderen Benutzerprofil abgelegt wurden. Das kann passieren, da Firefox nach einem Update ein neues gesondertes Profil für jede Firefox-Installation erstellt und damit startet.

So stellen Sie Ihre Firefox-Daten und -Einstellungen aus einem anderen Profil wieder her:

Tippen Sie about:profiles in die Adressleiste und drücken Sie die Eingabetaste. Die Seite Über Profile öffnet sich.
Profilverwaltung about profiles fx96

Diese Seite sollte mindestens ein Profil enthalten, es können aber auch mehrere sein. Das aktuell von Firefox verwendete Profil zeigt den Text:
Dieses Profil wird derzeit verwendet und kann daher nicht gelöscht werden.

Wichtig: Bitte löschen Sie keines der hier aufgeführten Profile und klicken Sie auch nicht auf eine der Löschen-Schaltflächen unter einem der Profile.

Wird auf dieser Seite auch ein anderes Profil angezeigt, enthält es möglicherweise Ihre verschwundenen Profildaten.

Um ein neues Firefox-Fenster zu öffnen, in welchem dieses Profil verwendet wird, klicken Sie auf die Schaltfläche Profil zusätzlich ausführen.

  • Enthält dieses Profil Ihre verschwundenen Daten nicht, schließen Sie das Fenster wieder.
  • Wenn es Ihre verschwundenen Daten enthält, können Sie es als das Profil einstellen, das standardmäßig von Firefox geöffnet wird, indem Sie bei diesem Profil auf die Schaltfläche Als Standardprofil festlegen klicken. Nun wird beim nächsten Öffnen von Firefox automatisch dieses Profil verwendet.

Wenn sich auf diese Weise Ihre verschwundenen Daten nicht zurückholen lassen, können Sie diese möglicherweise aus einem anderen Profil wiederherstellen. Lesen Sie dazu diesen Artikel.

Weitere Informationen zur Verwaltung von Benutzerprofilen erhalten Sie im Artikel Mithilfe der Profilverwaltung Firefox-Profile erstellen, löschen oder zwischen ihnen wechseln.


Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU

Quelle: Link

Plan for Windows 10 EOS with Windows 11, Windows 365, and ESU
Published Dec 05 2023 10:00 AM  9,871 Views

Windows 10 will reach end of support (EOS) on October 14, 2025. While two years may seem like a long runway, ensuring a modernized infrastructure will help keep your organization productive and its data secure. We’re encouraged to see organizations realizing the benefits of Windows 11 by upgrading eligible devices to Windows 11 well ahead of the EOS date. Consider joining organizations like Westpac who recently leveraged Microsoft Intune, Windows Autopatch, and App Assure to efficiently move 40,000 employees to Windows 11, while also incorporating new Windows 11 devices as part of a regular hardware refresh cycle.

In this post, learn about the various options you have to smoothly transition to Windows 11, including extended protection for those needing more time.

What does Windows 10 end of support mean?

When Windows 10 reaches end of support, Microsoft will no longer provide bug fixes for issues, security fixes for vulnerabilities, time zone updates, or technical support for problems that might occur.

As noted on the Windows 10 release information page, version 22H2 is the final version of Windows 10. All editions of Windows 10, version 22H2 will remain in support with monthly security updates through October 14, 2025. Note that the Windows 10 IoT Enterprise Long-Term Servicing Channel (LTSC) and Windows 10 IoT Enterprise will continue to receive updates based on their specific lifecycles.

With the EOS for Windows 10 coming in less than two years, now is the time to migrate to a modern OS. Ensure that your organization isn’t left running unsupported software that is no longer receiving security updates. Organizations running legacy software are vulnerable to significant security risk and potential compliance violations.

Your options to transition from Windows 10 to Windows 11

Windows 11 is the most secure Windows yet. Its extensive capabilities, including Copilot in Windows, are designed to help keep your organization protected and productive. These measures include built-in advanced encryption, data and credential protection, robust system security and network safety, and intelligent safeguards against evolving threats.

In addition to upgrading eligible PCs to Windows 11 using Windows Autopatch or Microsoft Intune, your options to adopt Windows 11 include:

  • Purchase new Windows 11 Pro PCs with all the great security features turned on by default. In addition, suppliers will ship new PCs directly to employees with Windows Autopilot, saving you time from staging them.
  • Migrate to the cloud and subscribe to Windows 365 to make Windows 11 available to users on any device with a Cloud PC.

Let’s walk through those in further detail and discuss our upcoming Windows 10 Extended Security Update program for Windows 10.

Refresh ineligible PCs to new Windows 11 eligible devices

Enable workers to get the most secure Windows ever with Windows 11. It’s AI-enhanced and easy to use with a 250% ROI.

Step 1. To get started, understand which devices in your install base are ineligible through Intune or other management tools.

Step 2. For devices that aren’t eligible for Windows 11, or older devices due for a refresh, now is the time to transition to new PCs running Windows 11. New modern devices from partners like Dell, HP, Lenovo, Acer, and Surface and the rest of the Windows ecosystem offer a wide range of options to suit different worker needs. Explore and purchase new Windows 11 PCs directly from your original equipment manufacturer (OEM) or reseller of choice.

See how Hakutsuru Sake Brewing Co., Ltd. is streamlining security management across countries and time zones with new Windows 11 Pro devices. For Hakutsuru, the deciding factor was out-of-the-box security, including hardware-backed protection like TPM 2.0. Now his teams can work anywhere while protecting trade secrets like brewing data and recipes.

Migrate to Windows 11 in the cloud with Windows 365

As you work on modernizing your endpoint estate, you can move workers with Windows 10 PCs to Windows 11 in the cloud with Windows 365. That way your employees will always be updated with the latest Windows 11 and the latest security protection available.

Windows 365 subscriptions will include Extended Security Updates (ESUs) at no additional cost for Windows 10 devices that access Windows 365.

You might have scenarios in your organization where you’re looking for options and the flexibility to continue using older Windows 10 PCs longer. Extending the life of Window 10 PCs with Extended Security Updates and Windows 365 becomes a real possibility to support certain worker cohorts and still migrate to Windows 11. You can extend the life of these devices for an additional 3 years.

Windows 365 recently made a new service option generally available for frontline and shift workers. If workers don’t use a dedicated personal computer, but rather use a device that is shared or an older device, they can access Windows 11 using Windows 365. In these scenarios, you can extend the use of older Windows 10 PCs.

Check out how we’re extending Windows to the cloud with Windows 365. Our Windows 365 blog posts provide in-depth information on the latest features, deployment guidance, and best practices.

Extended Security Update program for Windows 10

While we strongly recommend moving to Windows 11, we understand there are circumstances that could prevent you from replacing Windows 10 devices before the EOS date. Therefore, Microsoft will offer Extended Security Updates.

Like the Windows 7 ESU program, your organization will be able to purchase a yearly subscription to security updates. The yearly commitment is renewable for three years. Devices enrolled in ESUs will receive monthly security updates to keep these Windows 10 PCs secure.

The ESU program for Windows 10 will include critical and/or important security updates. ESUs do not include new features, customer-requested non-security updates, or design change requests. Technical support beyond the ESU itself is also not available.

  • For Windows 365 customers, ESUs will be provided for the Windows 10 devices that connect to a Cloud PC running Windows 11 at no additional cost.
  • If you run a Windows 10 instance in Azure Virtual Desktop, ESUs will also be available at no additional charge on those virtual machines (consumption not included).

Stay tuned for more ESU program updates as we approach availability, including an ESU program for individual consumers.

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.

[2023 October Tips & Tricks] Why deprecate L2TP over IPSec in the USG FLEX H Series?

Quelle: Link

Why deprecate L2TP over IPSec in the USG FLEX H Series?

L2TP over IPSec was a popular VPN protocol in the past, but it has become less common and is often deprecated and discouraged for several reasons:

Security Concerns: It does NOT provide encryption or confidentiality to traffic passing through it. It relies on other protocols like IPsec for encryption and security.

Limited Platforms: Not all platforms and devices support L2TP/IPSec. For example, some mobile devices and operating systems have moved away from supporting this protocol in favor of more modern and secure alternatives. Android has removed L2TP VPN in its version 12 onward so that consumers can enjoy better security, performance, and interoperability with other systems.

Performance: L2TP over IPSec can be less efficient in terms of performance compared to newer VPN protocols. The additional overhead introduced by the combination of L2TP and IPSec can result in reduced throughput, which may be a concern in high-speed or high-bandwidth scenarios.

Zyxel is determined to deprecate the L2TP over IPSec in favor of a more modern and secure VPN protocol like IKEv2 in our USG FLEX H series, while keeping L2TP over IPSec in the ZLD-based product lines USG FLEX series and ATP series. IKEv2 is a VPN protocol known for its security, reliability, and efficiency. The best part is it’s widely adopted and provides outstanding interoperability, working with different types of VPN clients, OS, and VPN gateway.

To help our customers migrate to IKEv2, we provide Remote VPN Wizard in every product (ZLD, uOS, Nebula firewall, and future SCR), which generates a VPN script for use with free OS native- IKEv2 VPN clients e.g., Windows, macOS, iOS, Android (StrongSwan) in just a few clicks. As a result, our customers can enjoy the benefits of IKEv2 without the additional cost of purchasing IKEv2 client software.

With the subscription-based Zyxel SecuExtender VPN client, we take a step further allowing customers to enjoy auto-provisioning by simply retrieving the VPN settings right from our firewalls.


Office versions and connectivity to Microsoft 365 services

Quelle: Link

Office versions and connectivity to Microsoft 365 services

The following table lists the Office versions that are supported for connecting to Microsoft 365 services. For example, connecting to Exchange Online, SharePoint Online, or OneDrive for Business.

Office version Supported for connecting until this date
Microsoft 365 Apps Supported as long as you’re using a supported version.
Office LTSC 2021 October 13, 2026
Office 2019 October 10, 2023
Office 2016 October 10, 2023


As stated in a April 2017 blog post, only perpetual Office versions in mainstream support are supported for connecting to Microsoft 365 services. Office 2016 is no longer in mainstream support, but we made an exception for it until October 2023, as stated in a September 2018 blog post.

Older Office versions not supported for connecting to Microsoft 365 services

Older Office versions might still be able to connect to Microsoft 365 services, but that connectivity isn’t supported.

In practical terms, what this means is that these older Office versions might not be able to use all the latest functionality and features of Microsoft 365 services. In addition, over time, these older versions might encounter other unexpected performance or reliability issues while using Microsoft 365 services. That’s because as we make improvements to Microsoft 365 services, we’re not taking into account or testing with these older Office versions.

We won’t take any active measures to block older Office versions from connecting to Microsoft 365 services if they’re in extended support and are kept up to date. This includes Office 2019 and Office 2016 after October 10, 2023. Both of these versions are in extended support until October 14, 2025.

Therefore, to provide the best experience with using Microsoft 365 services, we strongly recommend that you move off older Office versions to versions supported for connecting to Microsoft 365 services.