Today's Guest Blogger is Eric Fritz, Managing Consultant
In our team meetings we take the time to share information about our latest exploits, issues, upcoming releases, and even general knowledge. In this world of information overload, you cannot know it all, so it is nice to be able to share. In 2021, we will share with you. Let us wrap up 2020 as we are all ready to do and look forward to dates to know.
Like most of us who have their head in the Cloud, we may overlook some of the basic blocking and tackling of on premises duties. This not really our forte, but it is more of a pass along from a customer story. In 2021, make time to check your SSD hard disk firmware and any bulletins from your vendors. This problem is across a number of vendors, so I will not call them out. I recommend do a blanket sweep of all your SSD hard disks. Apparently, there is firmware out there that will cease to let the drive function after 40,000 hours of runtime. That’s four plus years and it seems like a long time. I happened to be on a different project at a customer that experience this in December, 2020. Without updating to firmware released in early 2020 the disk will fail into an unrecoverable state. Data loss is highly likely. Check your firmware and check your backups!
The year 2020 brought a lot of bad stuff. One of the vulnerabilities we saw back in August of 2020, had us advising our clients to patch their domain controllers immediately. The vulnerability impacted every Windows server version. If you do not recall this vulnerability you can read up at this link CVE-2020-1472 . Hopefully, you did not stop with patching. We have also seen non-compliant devices bubble up when running DCDiag.exe as part of Active Directory health checks as of late.
We are not done with this vulnerability in 2021 as a second phase will happen in February 2021 with Microsoft enforcing a change to lock down this vulnerability. Here is an excerpt from Microsoft support article, How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472
To protect your environment and prevent outages, you must do the following:
Note Step 1 of installing updates released August 11, 2020 or later will address security issue in CVE-2020-1472 for Active Directory domains and trusts, as well as Windows devices. To fully mitigate the security issue for third-party devices, you will need to complete all the steps.
Warning Starting February 2021, enforcement mode will be enabled on all Windows Domain Controllers and will block vulnerable connections from non-compliant devices. At that time, you will not be able to disable enforcement mode.
Microsoft makes it easy to find non-compliant devices with a script to check domain controller event logs. Just follow the links in the above excerpt to take action. Not a lot of time left on this one.
Up next, Kari’s Law and the Ray Baum’s Act are not new, but the FCC adopted rules for implementing them in August 2019. However, there are compliance dates that were set forward. The law’s were forward looking and allowed for exemptions of legacy multiple line telephone systems (MLTS). With the arrival of February 16, 2020, the rules apply to all MLTS manufactured, imported, offered for first sale or lease, first sold or leased, or installed on or after the date. The rules also have some future compliance dates as outlined below.
Kari’s Law has to main components and they apply going forward from February 2020.
- A person must be able to dial 911 without having to dial any prefix or access code
- The MLTS must be configured to notify a central location on-site or off-site where someone is likely to see or hear the notification
Ray Baum’s Act has one main premise that is enforced new on all new after February 2020, but compliance dates are divided by the device used.
- MLTS must ensure that “dispatchable location” is conveyed with 911 calls to dispatch centers. Dispatchable location means location information with a 911 call that consists of the validated street address of the calling party, plus additional information such as suite, apartment, or similar information necessary to adequately identify the location of the calling party.
- As of January 6, 2021, this applies to on-premises and fixed devices
- As of January 6, 2022, this will apply to non-fixed devices and off premises devices.
Microsoft Teams has the features to comply with these rules if you use Microsoft calling plans. Setting up locations is straight forward. Notification is going to take some planning and configuration of policy by site or user. Depending how you rollout voice, you may have to get a third party E911 provider as would be case if you implement direct routing. The January 6, 2022 requirement will be the biggest change for those implementing Teams going forward. If you want to explore the requirements deeper, I suggest you go to the Federal Communications Commission web site on MLTS 911 requirements. Keep in mind that you should also be checking state and local requirements as well. Make sure E911 is part of your next Microsoft Teams project and let Magenium know if you need assistance.
That’s all for this edition. Good bye, 2020. Here we come 2021!