We are pleased to announce the next major version of Simeon Cloud is ready! This new version, referred to as vNext, represents a significant overhaul of the underlying technology powering Simeon. This update has been under development for over a year and is the largest release of Simeon Cloud since our initial launch.
This article is designed to help users understand why this change is happening, what differences you can expect to see, and what is required to ensure a successful update process.
What is happening?
Simeon is releasing the next version of our software to all clients. This update contains significant changes to our underlying codebase, allowing us to improve the performance and efficiency of the tool, introduce exciting new features, establish support for many new providers and configurations, improve our user experience, and much more.
We will be rolling this update out to all customers in two phases. The first phase will update all clients to our new codebase by the end of May 2024. This initial update will provide parity with the current version of Simeon for supported configurations and features.
Once all users are updated to the new codebase, we will begin to introduce new features and support for additional providers. This includes Defender for Endpoint configurations followed by Azure Infrastructure configurations later this year.
What changes are expected?
This update will bring many changes to the core functionality of Simeon Cloud. Below are important changes that may impact how you use Simeon.
The structure of the tenant repository in Azure DevOps is changing.
To accommodate support for additional providers and configurations, and to improve handling of existing configurations, the DevOps repository structure is changing. The following are noteworthy changes users can expect to see to the DevOps repository:
- The path for Conditional Access policies has changed. These configuration files can now be found at MSGraph\Identity\ConditionalAccess\Policies. Any custom alerts through Log Analytics should be updated to utilize this new path.
- MSGraph/Groups will now have separate associated configurations for Group Members and Group Owners. This allows users to manage groups independently of their assigned users. These configurations can be found at the following paths: MSGraph/Groups/Members/Ref; MSGraph/Groups/Owners/Ref
Restoring configurations from an older or deprecated version of Simeon will require additional steps.
After the update to vNext, restoring configurations from a deprecated version of Simeon Cloud is no longer supported by the user interface. Since the structure of the repository is different between versions, restoring configurations will require mapping old configuration files to the new repository structure. If you need to restore a configuration from a deprecated version of Simeon, please email support@simeoncloud.com for assistance.
Support for the following configurations has been added or changed as part of this update:
- Support for the first Defender for Endpoint configurations, including Defender Email Notification settings, Advanced hunting shared queries, Defender Device Groups, and more! Additional Defender configurations will be released in the coming weeks.
- Support for hardwareOauth Authentication Methods
- Configurations with a rule priority property, such as DLP Compliance Policies, Transport Rules, and Advanced Threat Protection policies, are now handled more intelligently. Under this new version, the priority value will get automatically set to the next available value during the Sync. This avoids errors due to conflicting priority values; however, this also requires users to verify and adjust rule values after a Sync, as necessary.
Support for the following has been removed as part of this update:
- Mobile Threat Defense Connectors
- MdmWindowsInformationProtectionPolicies.ExemptAppLockerFile
- MdmWindowsInformationProtectionPolicies.ProtectedAppLockerFiles
- ExchangeOnline Role Groups
- MSStoreForBusiness, as it is being deprecated by Microsoft: Whats new in Microsoft Store for Business and Education | Microsoft Learn
What do I need to do?
The update process will occur automatically and does not require user intervention. The update is performed during the scheduled nightly Sync, or the next manual Sync of your tenants, beginning with the baseline tenant.
To receive this update, please ensure you meet the following prerequisites:
- All tenants must be using a compatible Simeon Cloud service principal. If any tenants are pending approval to deploy a change to the Simeon Cloud Sync service principal, or have not Synced successfully for many months, please follow the instructions in this guide to update the service principal.
- Your baseline tenant(s) must be Syncing successfully. This update requires baseline tenants be upgraded first, followed by downstream tenants. If the baseline tenant is not Syncing successfully, downstream tenants will skip the update process until the baseline has Synced successfully.
- Please ensure your downstream tenants are authenticated and Syncing successfully before this update. If a tenant is not Syncing successfully, the update will not be applied until the next successful Sync. It is recommended that all tenants are authenticated and Syncing successfully before this update begins.
What will happen after the update is complete?
After the update is complete and all tenants are Syncing under vNext, you should monitor your environment for any issues.
- The initial Sync that applies the update will run as export-only. This is to ensure that the update does not pend approval to make changes to the tenant. After a successful Sync, subsequent Syncs may pend approval to make changes unexpectedly. If your Syncs are pending approval for changes you did not make or do not want, do not approve the Sync! In this case, we ask that you contact support@simeoncloud.com for assistance.
Comments
0 comments
Please sign in to leave a comment.