JumpCloud Community

Community Update  Becky Scott 

• Coming soon: We’re lining up some great career spotlights with some IT professionals that we hope you’ll find interesting and fun. We ask each person 5 questions about their career and it’s really great to see the variety of answers we’re getting.
• We’re starting to post previous IT Hours on the community, along with the Rapid Fire round notes so that you can go back and see what we referenced. Take a look!
• Reminder about the beta signups thread if you haven’t seen it; I’ll post a link again in the comments, but sign up if you’re interested.
• Email: community@jumpcloud.com 

Community Spotlight

• Group Management Across an Org - I not only wanted to call out NVergin’s question about how others are dealing with the issue of trying to organize and manage groups across their organization's IT/business systems, but Steven’s detailed reply in how they break things down in their organization. Fantastic job!
• JumpCloud API with HR & Asset Management - I promise this isn’t the Steven show, but he’s been on fire with the longer form helpful content recently. In this post he reviewed the various iterations of their dashboards and asset management tools.
• How to: Enable reply to posts by email - Occasionally we’ll post tips on using the community, and we just enabled a new feature that allows you to reply from email notifications. I wrote a blog post about how to do that, which we’ll link in the chat. So if you’re subscribed to a board or topic and want to quickly respond, this tells you how to make that happen since it’s (sadly) not enabled by default.

Meetup Update (Alexa)

• Had an exciting week in the meetup world 
• We had our first in-person meetup for our Chicago group - shoutout to Steve Larsen from the 1871 for hosting the event. The group had a great turnout with 11 attendees, enjoyed some refreshments, and got a chance to network and learn from fellow administrators
• We also had virtual kickoff meetups for our Houston, San Diego, and Raleigh groups which was a lot of fun, we got to meet some new admins and we also got some really good insight on some future discussion topics. We could talk about specific things like security and automation, but also talking more broadly about general IT is a theme we keep getting feedback on. So we’re exploring conversations around “a day in the life of an IT admin” and taking some time to just talk about the day to day - finding out if you’re facing the same kinds of situations as your peers and then seeing how we can maybe help each other through certain obstacles and challenges. 
• Looking ahead: 
• Mentioned last week about some sponsorship opportunities - let us know if you know abous some good tech communities that we could potentially get involved with
• Starting to plan for next month
• Make sure you’re a part of our member network to stay up to date on event announcements - https://www.meetup.com/pro/jumpcloud-admin-network/ 

JumpCloud Product/News Updates (Ben)

• JumpCloud Agent version 1.9.1, when the agent is updated and there is no JumpCloud Service Account detected, a service account creator app now prompts for an admin user and password to complete device enrollment on a Mac.
• Admins can now require mobile biometric as an additional user verification on the JumpCloud Protect app.
• User Verification is a security measure that verifies the person authenticating to a service is in fact who they say they are.
• The device must support biometric verification or PIN/Passcode verification.
• This can be enabled in the MFA Configurations page.
•  Account Page - A page where admins can view their billing information such as their subscription information, and soon, invoices.
• Admins will be able to see a new left-nav item called “account”.
• Admins will be able to see the following pieces of information:
• Their current plan and associated features
• Add-ons will appear as such
• Recommended upgrades if using features outside their plan
• Contract type (monthly/annual)
• Price per user
• Number of committed users (if exists)
• Number of “additional users”, AKA overages (if exists)
• Current high water mark
• Upcoming monthly billing estimate (based on the above information)
• This is where the credit card information, mailing address and billing address will live (no more modals)
• Invoices will live here soon! Team Eludium is adding that feature.
• We have 31 new features and updates around the entire product being delivered in the next 30 days. A lot of this work is focused on expanding Item

IT Trending Updates “Rapid Fire Round” (Ben)

• 9to5 Mac
• We’re two months away from Apple announcing iOS 16, but there are already some rumors about the update floating around the web. Bloomberg journalist Mark Gurman this week reported that iOS 16 will bring updates to the notification system, and code found in Apple’s latest beta software corroborates just that – among some other things.
• Microsoft Aims to Streamline Certificate Lifecycle Management with Endpoint Manager (Petri)
• Microsoft Endpoint Manager is getting a new cloud certificate lifecycle management solution for Public Key Infrastructure (PKI). The company says that this release will enable IT admins to deploy certificates directly within Endpoint Manager.
• For those unfamiliar, the Public Key Infrastructure (PKI) is an encryption framework that enables entities to protect communication between the client and server. It allows the owner to encrypt data, digitally sign documents, and authenticate users, devices, and services with certificates. The Public Key Infrastructure generally consists of elements such as a Digital certificate, Certificate authority (CA), Registration Authority (RA), as well as Certificate database.
•  
• Microsoft Endpoint Manager to get automating device vulnerability management feature for third-party apps
• Microsoft is also adding an automated device vulnerability management feature to Microsoft Defender for Endpoint and Endpoint Manager for third-party apps. This new capability brings “continuous detection, assessment, and automated app patching” to help IT teams reduce security risks in their organization.
• These new management capabilities were announced at Microsoft’s Windows 11 hybrid work event last week, though there is no precise ETA yet. The company will be sharing more specifics about these improvements over the coming months. Let us know in the comments if you think that the new automated device vulnerability management capability will help to protect enterprise customers from malicious applications.
• AWS Single Sign-On launches configurable synchronization for Microsoft Active Directory
• If you use Microsoft Active Directory (AD) as your identity source with AWS Single Sign-On (AWS SSO), you can now configure your list of users and groups to synchronize from AD into AWS SSO and pause synchronization. With configurable synchronization, you can synchronize users and groups consistent with your data sovereignty requirements. You can also pause synchronization when necessary and synchronize during desired hours.
• Previously, all your AD identities were available for AWS SSO assignments. Now you can limit which of your AD identities are available for assignment by specifying which users and groups to synchronize from AD into AWS SSO. Additionally, you now can synchronize and assign access to nested groups through the parent group, which means you can manage what is synchronized by controlling group membership in AD.
• Introducing the Professional Cloud Database Engineer certification
•  Google announced the new Professional Cloud Database Engineer certification, in beta, to help database engineers translate business and technical requirements into scalable and cost-effective database solutions. By participating in the beta, you will directly influence and enhance the learning and career path for other Cloud Database Engineers. And upon passing the exam, you will become one of the first Google Cloud Certified Cloud Database Engineers in the industry. 
• Critical Auth Bypass Bug Reported in Cisco Wireless LAN Controller Software (Hackernews)
• Cisco has released patches to contain a critical security vulnerability affecting the Wireless LAN Controller (WLC) that could be abused by an unauthenticated, remote attacker to take control of an affected system.
• Tracked as CVE-2022-20695, the issue has been rated 10 out of 10 for severity and enables an adversary to bypass authentication controls and log in to the device through the management interface of WLC.
• "This vulnerability is due to the improper implementation of the password validation algorithm," the company said in an advisory. "An attacker could exploit this vulnerability by logging in to an affected device with crafted credentials."
• Successful exploitation of the flaw could permit an attacker to gain administrator privileges and carry out malicious actions in a manner that allows a complete takeover of the vulnerable system.