Here’s what you need to know about Microsoft security Updates

To help organizations protect all their assets against evolving digital security threats, Microsoft is unifying all Extended Detection and Response (XDR) technologies under the Microsoft Defender brand.

Microsoft Defender prevents, detects, and responds to threats across identities, endpoints, applications, email, IoT, infrastructure, and cloud platforms.

With Microsoft Defender, Microsoft is rebranding the existing threat protection portfolio and adding new capabilities, including additional multi-cloud (Google Cloud and AWS) and multi-platform (Windows, Mac, Linux, Android, and iOS) support.

Microsoft Defender is delivered in two tailored experiences:

Microsoft 365 Defender

  • Microsoft 365 Defender delivers XDR capabilities for identities, endpoints, cloud apps, email, and documents.
  • It uses artificial intelligence to reduce the SOC’s work items.
  • Built-in self-healing technology fully automates remediation more than 70% of the time, ensuring defenders can focus on other tasks that better leverage their knowledge and expertise.

The branding changes to unify the Microsoft 365 Defender technologies:

  • Microsoft 365 Defender (previously Microsoft Threat Protection)
  • Microsoft Defender for Endpoint (previously Microsoft Defender Advanced Threat Protection)
  • Microsoft Defender for Office 365 (previously Office 365 Advanced Threat Protection)
  • Microsoft Defender for Identity (previously Azure Advanced Threat Protection)

New features available within Microsoft 365 Defender:

  • Extending mobile threat defense capabilities in Microsoft Defender for Endpoint to iOS, Android and macOS.
  • Priority account protection in Microsoft Defender for Office 365 will help security teams focus on protection from phishing attacks for users who have access to the most critical and privileged information.

Customers can customize prioritized account workflows to offer these users an added layer of protection.

Microsoft 365 Defender

Azure Defender

Azure Defender delivers XDR capabilities to protect multi-cloud and hybrid workloads, including virtual machines, databases, containers, IoT, and more.

Azure Defender is an evolution of the Azure Security Center threat protection capabilities and is accessed from within Azure Security Center.

Microsoft has announced brand changes for these capabilities under Azure Defender as well:

  • Azure Defender for Servers (previously Azure Security Center Standard Edition)
  • Azure Defender for IoT (previously Azure Security Center for IoT)
  • Azure Defender for SQL (previously Advanced Threat Protection for SQL)

New features now available within Azure Defender:

  • To help defenders identify and mitigate unprotected resources, Microsoft is delivering a new unified experience for Azure Defender that makes it easy to see which resources are protected and which need further protection.
  • Added protection for SQL servers on-premises and in multi-cloud environments as well as virtual machines in other clouds, and improved protections for containers, including Kubernetes-level policy management and continuous scanning of container images in container registries.
  • Support for operational technology networks with the integration of Cyber X into Azure Defender for IoT.

Azure VM Updates: Want to reduce software licensing costs without impacting performance?

Azure adds new constrained vCPUs, capable virtual machines to reduce software licensing costs without impacting performance

Azure offers various VM sizes for which you can constrain the VM vCPU count to reduce the cost of software licensing, while maintaining the same memory, storage, and I/O bandwidth.

This may be crucial for some database workloads like SQL Server or Oracle that require high memory, storage, and I/O bandwidth, but not a high core count since many database workloads are not CPU-intensive.

So, by deploying the latest Azure Virtual Machines, you can further increase the efficiency of your cloud infrastructure.

The vCPU count can be constrained to one half or one quarter of the original VM size. These new VM sizes have a suffix that specifies the number of active vCPUs to make them easier for you to identify.

The Esv4, Edsv4, and Easv4 memory optimized Azure VM series now offer new constrained vCPU VM sizes.

For example, the current VM size ‘’E8s_v4’’ comes with 8 vCPUs, 64 GB RAM, 16 disks and 12,800 IOPs. The new VM sizes ‘’E8-4s_v4’’ and ‘’E8-2s_v4’’ comes with 4 and 2 active vCPUs respectively, while maintaining the rest of the specs of the ‘’E8s_v4’’ for memory, storage, and I/O bandwidth.

The licensing fees charged for SQL Server or Oracle are constrained to the new vCPU count, and other products should be charged based on the new vCPU count. This results in a 50% to 75% increase in the ratio of the VM specs to active (billable) vCPUs. These new VM sizes allow customer workloads to use the same memory, storage, and I/O bandwidth while optimizing their software licensing cost. Currently, the compute cost, which includes OS licensing, remains the same one as the original size.

Microsoft | Licensing SharePoint Hosting in SPLA

hosting

As it is known in Microsoft SPLA, SharePoint Server Standard and Enterprise licenses are provided under the Subscriber Access License, which means that each end customer’s internal users who can directly or indirectly access the SharePoint Server would need a license. Service Provider will use the software in this case to provide internal users access to content, information, and applications. Therefore, use of SharePoint Server software to provide content, information, and applications that are limited to internal users must be licensed under SharePoint Server SALs.

SharePoint Hosting – Licensing Based on Processors Used

In contrast and in order to provide SharePoint Server as a Website or Hosted and therefore, allowing an unlimited number of external users to access it, in this case, the licensing scheme would shift from SAL to Processor License. Customer may use the software to provide External Users access to content, information, and applications. Customer may also use the software to provide internal users access to content, information, and applications so long as that same content and information and those same applications are also accessible by External Users.

To run Instances of the server software in the Physical OSE on a Server, you need a license for each physical processor that the Physical OSE uses.

To run Instances of the server software in the Physical OSE on a Server, you need a license for each physical processor that the Physical OSE uses. 

Scenario 1

SharePoint Hosting roles are deployed on 1 physical server with 2 physical processors. Therefore, in this case, SharePoint Hosting would require a total of 2 licenses equal to the number of physical processors.

To run Instances of the server software in Virtual OSEs on a Server, you need a license for each virtual processor that each of those Virtual OSEs uses. If a Virtual OSE uses a fraction of a virtual processor, the fraction counts as a full virtual processor.

Scenario 2

SharePoint Hosting roles are deployed on 1 Virtual Machine with 8 Virtual Cores. This Virtual Machine is created on a Physical Server with 2 physical processors and 4 Cores per Processor. In this case partner would need 8 (Virtual Cores) / 4 (Cores per Processor) = 2 licenses.

Microsoft | Windows Server and System Center Core Licensing Update

server2016

Windows Server 2016 & System Center 2016 will be available in SPLA in October.

Licensing Summary:

  • Per core license model replaces processor license model on October SPUR.
  • Each physical processor needs a minimum of 8 core licenses.
  • Both Windows Server Standard & Datacenter Editions provide support for unlimited Windows Server containers.
  • Windows Server Standard Edition requires all physical cores to be licensed in order to run 1 Windows Hyper-V container (or Virtual Machine).
  • Windows Server Datacenter Edition requires all physical cores to be licensed in order to run unlimited Windows Hyper-V containers (or Virtual Machines).

New Licensing SKU’s:

Part Number Item Name
9EM-00562 WinSvrSTDCore ALNG LicSAPk MVL 2Lic Core
9EA-00039 WinSvrDCCore ALNG LicSAPk MVL 2Lic Core
9EN-00494 SysCtrStdCore ALNG LicSAPk MVL 2Lic Core
9EP-00037 SysCtrDatactrCore ALNG LicSAPk MVL 2Lic
9GA-00006 CISSteStdCore ALNG LicSAPk MVL 2Lic Core
9GS-00495 CISSteDCCore ALNG LicSAPk MVL 2Lic CoreL

Licensing Scenarios:

  • Scenario 1: A physical server with 2 Physical Processors and 4 Cores would require in the new licensing method:

In case of Windows Server Standard:

Part Number Item Name Quantity
9EM-00562 WinSvrSTDCore ALNG LicSAPk MVL 2Lic Core 8

 

In case of Windows Server Datacenter:

Part Number Item Name Quantity
9EA-00039 WinSvrDCCore ALNG LicSAPk MVL 2Lic Core 8

 

  • Scenario 2: A physical server with 2 Physical Processors, 4 Cores and 2 Virtual Machines would require in the new licensing method:

In case of Windows Server Standard:

Part Number Item Name Quantity
9EM-00562 WinSvrSTDCore ALNG LicSAPk MVL 2Lic Core 16

 

In case of Windows Server Datacenter:

Part Number Item Name Quantity
9EA-00039 WinSvrDCCore ALNG LicSAPk MVL 2Lic Core 8
  • Scenario 3: A physical server with 2 Physical Processors and 16 Cores would require in the new licensing method:

In case of Windows Server Standard:

Part Number Item Name Quantity
9EM-00562 WinSvrSTDCore ALNG LicSAPk MVL 2Lic Core 16

In case of Windows Server Datacenter:

Part Number Item Name Quantity
9EA-00039 WinSvrDCCore ALNG LicSAPk MVL 2Lic Core 16

*The total licenses needed is divided by 2 since each reporting SKU covers 2 core licenses

Partners whose Microsoft SPLA Agreement is not yet expired, can still report the Windows Server Per Processor License until the expiry date of their Agreement.

Microsoft | Licensing Update

update

Microsoft released a new licensing update for products that are licensed under the Per Core licensing method such as Microsoft SQL and Microsoft BizTalk. Microsoft discontinued the Core Factor when calculating the licenses required for these products. In the new Services Provider Use Rights, you calculate the number of cores on the physical server or the number of virtual cores on the VM. You just need to report a minimum of 4 cores per VM/physical core. You can find below the explanation from the SPUR Document.

For Products under the Per Core License Model, Customer must choose either licensing by Physical Core on a Server or licensing by Individual Virtual OSE. The terms for each are set forth below.

Server Licenses (per core) – Licensing by Physical Core on a Server
1. Customer may use the server software on a Licensed Server, provided it acquires sufficient Licenses as described below.
2. The number of Licenses required equals the number of Physical Cores on the Licensed Server subject to a minimum of four Licenses per Physical Processor.
3. For enterprise editions, Customer may use any number of Running Instances of the server software on the Licensed Server in the Physical OSE and/or any number of Virtual OSEs.
4. For other editions Customer may use any number of Running Instances of the server software only in the Physical OSE on the Licensed Server.

Server Licenses (per core) – Licensing by Individual Virtual OSE
1. Customer may use any number of Running Instances of the server software in any Virtual OSE on the Licensed Server, provided it acquires sufficient Licenses as described below.
2. The number of Licenses required equals the number of Virtual Cores in the Virtual OSE, subject to a minimum of four License per Virtual OSE.
3. If any Virtual Core is at any time mapped to more than one Hardware Thread, Customer needs a License for each Hardware Thread to which it is mapped.