Month: July 2024
Problems with the Update Window
Hello im using Win 11 Version 23H2 (Build 22635.3720) and i cant see any Update Features pls help 🙁
Hello im using Win 11 Version 23H2 (Build 22635.3720) and i cant see any Update Features pls help 🙁 Read More
look up
Worrich, Ron (7) 3 4 4 3 5
Claus, Santa (9)
I want to look up the information for Worrich, Ron and put into another cell. How do I get the information and ignore what is in the paratheses
Worrich, Ron (7) 3 4 4 3 5 Claus, Santa (9)I want to look up the information for Worrich, Ron and put into another cell. How do I get the information and ignore what is in the paratheses Read More
Bookings Service Calendar Issue
Hallo All,
New to Bookings. Seems like something we might really use, but our first experience has been a bit rough. While my user account can create Services and Shared Bookings and they display correctly, another key user can create a Service okay, but the selected dates only partially appear. The event should run Jul 9-12 and Jul 16-19, but only the Jul 9-12 appears:
We have tried creating a new Service then deleting the old one but that has not helped. As I said, this could be a really useful feature for us, but could use some troubleshooting guidance on this fault. The dates which can be selected seem to function okay, but of course the missing ones make it a bit problematic. Any assistance would be appreciated!!
Hallo All, New to Bookings. Seems like something we might really use, but our first experience has been a bit rough. While my user account can create Services and Shared Bookings and they display correctly, another key user can create a Service okay, but the selected dates only partially appear. The event should run Jul 9-12 and Jul 16-19, but only the Jul 9-12 appears: We have tried creating a new Service then deleting the old one but that has not helped. As I said, this could be a really useful feature for us, but could use some troubleshooting guidance on this fault. The dates which can be selected seem to function okay, but of course the missing ones make it a bit problematic. Any assistance would be appreciated!! Read More
.NET solution generator
We have released a free version of our product //entity.services that allows you to generate .NET solutions (including the fully customizable source code) based on simple definitions of your data models. You can find a quick start guide on the GitHub page https://github.com/axlln/es-quick-start
Please try it and let us know what you think
Thanks,
Goran
We have released a free version of our product //entity.services that allows you to generate .NET solutions (including the fully customizable source code) based on simple definitions of your data models. You can find a quick start guide on the GitHub page https://github.com/axlln/es-quick-startPlease try it and let us know what you think Thanks,Goran Read More
Excel Calculations
Hello,
I need help creating benchmarks to measure my performance. Specifically, I want to calculate the percentage of assignments completed within three days. In one column, I have the “date of service,” and in the next column, I have the “date the note was submitted.” How can I determine the percentage of notes submitted within three days of the service date?
Thank you!
Hello, I need help creating benchmarks to measure my performance. Specifically, I want to calculate the percentage of assignments completed within three days. In one column, I have the “date of service,” and in the next column, I have the “date the note was submitted.” How can I determine the percentage of notes submitted within three days of the service date? Thank you! Read More
Long loading times in sharepoint “Add new item” dropdown list for lookup column
Hi everyone, I currently have a sharepoint list which includes a lookup column, whereby a scanner scans in a [code] into the “Add new item” form, and it will return a [name] in a seperate column in the list. There are currently about 1K – 2K items in the lookup list.
When i press the lookup column, it is able to generate the full list without issue.
However, if i try to search for the exact [code], the search/filter function in the dropdown list is not able to find the exact code (see below image). Previously there wasn’t any issue with this, but it seemed to appear after the new UI update of sharepoint list.
If edit using grid view, the list is able to search/filter without any issues
Does anyone have any potential solution to the long search times when using the “add new item” button/form? Much appreaciated!
Hi everyone, I currently have a sharepoint list which includes a lookup column, whereby a scanner scans in a [code] into the “Add new item” form, and it will return a [name] in a seperate column in the list. There are currently about 1K – 2K items in the lookup list.When i press the lookup column, it is able to generate the full list without issue. However, if i try to search for the exact [code], the search/filter function in the dropdown list is not able to find the exact code (see below image). Previously there wasn’t any issue with this, but it seemed to appear after the new UI update of sharepoint list. If edit using grid view, the list is able to search/filter without any issues Does anyone have any potential solution to the long search times when using the “add new item” button/form? Much appreaciated! Read More
W11 Enterprise Factory reset, cannot log on with personal account
Good afternoon all
New boy here after advice. We had an employee leave last week, they had a Dell XPS on Windows 11 Enterprise that they were allowed to keep.
On Friday before they left, we reset the device:
Settings > System > Recovery > Reset PC >REMOVE EVERYTHING > Cloud Download
Which re-booted the device and went through the “Resetting this PC” and worked fine
The user has contacted my today to say that they cannot log on to the PC, they turned it on and it says “Lets set things up for your work or school”
Where it prompts for a username it still has our company logo, I presumed it would remove all of that, and under all that it says “[Company name] uses Azure AD”
I have a couple of questions really.
Although it prompts for a work/school password, should they be able to use a (personal) Microsoft account e.g. [name]@outlook.comIs it because it is W11 Enterprise that it prompts for work/school accountDo you NEED a Microsoft account to log on to Windows 11, e.g. you need an apple account to log on to Apple stuff and a gmail to log on to android stuff, is it the same for thisDo they need a personal Microsoft account and to buy a different product key? How do they enter that product key if they cannot log on
The user was remote, I am not able to physically sit with the device, and they are unable to bring it to the office, and as they are not able to log in, we cannot do anything remotely.
Thanks for any help you can offer.
Dan
Good afternoon allNew boy here after advice. We had an employee leave last week, they had a Dell XPS on Windows 11 Enterprise that they were allowed to keep.On Friday before they left, we reset the device:Settings > System > Recovery > Reset PC >REMOVE EVERYTHING > Cloud DownloadWhich re-booted the device and went through the “Resetting this PC” and worked fineThe user has contacted my today to say that they cannot log on to the PC, they turned it on and it says “Lets set things up for your work or school”Where it prompts for a username it still has our company logo, I presumed it would remove all of that, and under all that it says “[Company name] uses Azure AD” I have a couple of questions really.Although it prompts for a work/school password, should they be able to use a (personal) Microsoft account e.g. [name]@outlook.comIs it because it is W11 Enterprise that it prompts for work/school accountDo you NEED a Microsoft account to log on to Windows 11, e.g. you need an apple account to log on to Apple stuff and a gmail to log on to android stuff, is it the same for thisDo they need a personal Microsoft account and to buy a different product key? How do they enter that product key if they cannot log on The user was remote, I am not able to physically sit with the device, and they are unable to bring it to the office, and as they are not able to log in, we cannot do anything remotely.Thanks for any help you can offer.Dan Read More
Securely design your applications and protect your sensitive data with VBS enclaves
In November 2023, Microsoft’s Brad Smith and Charlie Bell announced the Secure Future Initiative (SFI), a new initiative to pursue our next generation of cybersecurity protection. At Microsoft and Windows, we have a unique responsibility and leading role to play in securing the future for our customers and our community. As you saw in David Weston’s blog post on Windows 11 security, we have a longstanding commitment to security in Windows. We introduced the Secured-core PC to help secure from chip to cloud and that critical layer of computing. In Windows 11, hardware and software work together to help shrink the attack surface, protect system integrity, and shield valuable data. Windows 11 comes with several security advances that protect our customers from Credential and identity theft, such as Local Security Authority protection, Advanced key protection using VBS, Windows Hello hardening etc.
Along with credential protection, we also prioritized helping app developers better protect people from phishing attacks and malware. One of the key advances we have made in this area is a feature called VBS enclaves. With Windows 11 and Windows Server 2025, VBS enclaves are now available to third-party application developers.
The next sections of this blog post will describe VBS Enclaves, its internals and how to use VBS Enclaves as a developer.
VBS enclaves
A VBS enclave is a software-based trusted execution environment (TEE) inside a host application. This is a revolutionary change in our security model for the application, allowing an app to protect its secrets using the power of VBS, from admin-level attacks.
Some background: Virtualization Based Security (VBS) is the core feature of Windows used to the high value secrets stored within Windows (e.g., Credential Guard). VBS utilizes the Hyper-V hypervisor to create an environment that is higher privileged than the rest of the system kernel. Like VM isolation, the hypervisor sets memory protections in the second level address tables and IOMMU tables to isolate this environment from the rest of the system kernel. The secure kernel (part of VBS) can also provide memory integrity protection to the system kernel, ensuring the system loads only signed drivers that are not tampered with.
We are now extending the isolated user mode in the VBS environment to allow developers to protect portions of application data in a software-based trusted execution environment (TEE) known as a VBS enclave.
As mentioned, a VBS enclave is a software-based TEE inside the address space of a host application. It is a Dynamic Link Library (DLL) loaded by a standard Windows application. VBS enclaves can help secure secrets and sensitive operations in memory. The basic premise is that a VBS enclave can isolate a portion of your application that you want to secure while it is in memory – for example, to securely decrypt and process sensitive information. To understand how a VBS enclave isolates secrets, you’ll need to understand the underlying technology it leverages, VBS. As mentioned earlier, VBS uses the Windows Hyper-V hypervisor to create an isolated, privileged virtual environment known as Virtual Trust Level 1 (or VTL1) that becomes the root of trust of the OS. The traditional Windows environment is called VTL0. VTL1 is further split into isolated user mode and the secure kernel. Windows uses VTL1 to host many of its security features. The hypervisor uses the second level address tables to maintain access and privileges for these virtual trust levels. The higher the number, the higher the privilege level. This means everything in a higher VTL is isolated from everything in a lower VTL.
The isolation provided by VBS is the core technology that allows a VBS enclave to isolate a portion of an application in higher-privilege VTL1, inaccessible to VTL0. Let’s look at what an application hosting a VBS enclave looks like:
The enclave hosting application lives in VTL0 and calls into the enclave when it needs to perform sensitive operations. Control is transferred to the VBS enclave, and the CPU register state is cleaned (except for specific parameter and result registers). Note that code and data inside a VBS enclave is inaccessible to VTL0 (including its own host application) and to other processes in VTL1. Code and data inside of a VBS enclave is visible only to the enclave itself, the VTL1 secure kernel, and the hypervisor.
At this point, you might be thinking “What’s stopping an attacker from exploiting the enclave in VTL1?” Good question! Though there is usually a process boundary between a non-Enclave application and a malicious actor in VTL0, by moving part of the application into VTL1, we add an additional boundary for the attacker to cross. This additional boundary is enforced by the hypervisor and is designed to be much more rigid. Think of VBS enclaves as a way to further harden your applications. VTL1 is a privileged space, aThe boundary between VTL0 and VTL1 is much more rigid to ensure that we can maintain this high bar.
This strong boundary doesn’t come for free. Accessing VTL1 is – at least more expensive than accessing VTL0 (we’re talking fractions of a millisecond here). Additionally, unlike VTL0 which has a lower barrier to entry, VTL1 requires all code to be signed. So, although VTL1 is a higher-privileged space, this privilege is maintained by requiring additional efforts by developers who wish to leverage VTL1. The nature of these efforts can be illustrated through some of the tenets VBS enclaves were designed with:
Limited API Surface
This is by design and serves a couple of purposes. Firstly, the smaller the range of functionality is within an enclave, the smaller the attack surface becomes. This ensures we can maintain the integrity of VTL1. Secondly, having a small API surface requires that you, the developer, think about how to best design your application so you only isolate what is critical in VTL1. Again, accessing VTL1 is comparatively expensive, so design your application wisely.
Code Integrity
Only code signed by Microsoft using a Trusted Signing VBS enclave certificate profile is permitted to run in an enclave. This includes loaded DLLs into the enclave. When control is handed from the VTL0 host application to the enclave, the VTL1 secure kernel will first verify that all the enclave code and data are authentic and are authorized to run inside of an enclave using image signature verification on the enclave image. This allows us to maintain our high bar for what we allow into VTL1.
This requirement means that developers are required to use Trusted Signing to obtain a certificate to production-sign their enclaves.
Attestation
Together with code integrity, VBS enclaves can generate attestation reports to attest to the state of the host system, the enclave itself, all DLLs that may have been loaded into the enclave, and whether the enclave is executing in debug mode. Note that once an enclave is initialized by the host application, the host can no longer modify the enclave and , to maintain the attestation state of the enclave throughout its lifetime. Attestation ensures that the code running in the enclave is exactly what you expect. Using a VBS enclave-generated attestation report and the MAA attestation service, you can attest to the state of the Enclave.
How do I use a VBS enclave?
You can use VBS enclaves to store secrets, seal data and perform decrypt operations, all in an isolated environment. The first step, as with any security feature, is thinking about secure design. VBS enclaves limit what you can do to maintain their security guarantees, so it isn’t as simple as moving the bulk of your application to live inside one.
Some considerations as you design an enclave:
A VBS enclave can be loaded by any application, not just the intended host application. Design your enclave without placing trust in the host .
VBS enclaves operate by isolating from VTL0. To maintain the security promises of a VBS enclave, treat VTL0 as an untrusted environment. This includes not sending sensitive data outside of a VBS enclave. Only trust the enclave itself.
Ensure you understand the APIs available to you from within the enclave. Networking, for example, is not supported.
A sample use case of a VBS enclave is in Azure SQL or SQL Server (AE with secure enclaves).
AE protects the confidentiality of sensitive data from the database engine and administrators, placing trust only in the database clients to whom the data belongs. In the database, the sensitive data exists in an encrypted state. The data is only decrypted on the client side, where operations can be performed on it. In the database engine, operations are limited to equality checks.
AE with secure enclaves, however, adds a VBS enclave to the database engine. When the database engine encounters computations on encrypted data, it delegates these computations to a VBS enclave, where the enclave decrypts the data and performs computations on plaintext. Employing a VBS enclave here makes it so database administrators cannot see the data inside the VBS enclave. With the use of VBS enclaves, AE with secure enclaves can perform richer confidential queries and in-place cryptographic operations than AE without secure enclaves, all without having to place trust in the database administrators.
The database client establishes a secure channel with the database engine containing the VBS enclave and identifies which columns are encrypted and manages encryption of these parameters in both directions. Now, when the database engine encounters operations on encrypted columns, it can delegate these to the VBS enclave. In the enclave the data can securely be decrypted if needed, and the operation can be performed.
SQL AE with secure enclaves is a fantastic use case of VBS enclaves:
The VBS enclave never reveals the decrypted information to the host application – the database engine in this case. It only trusts itself.
The database engine hosting t.
By utilizing VBS enclaves, the database client no longer performs all of the operations on sensitive data client-side after decrypting them.
The SQL AE with secure enclaves use case illustrates the importance of secure design when thinking about how to employ VBS enclaves in your application. When used effectively, VBS enclaves are a powerful tool.
Now that you understand VBS enclaves and all that they can do, jump into the docs here, or read on for a guide on how to build your first VBS enclave by following the development guide here
We hope this blog has you as excited as we are to begin developing secure applications with VBS Enclaves on Windows 11 and Windows Server 2025! We look forward to your feedback! Also take a look at the Windows Security Book to learn more about Windows Security technologies.
Hilal Asmat, Akash Trehan, and Hari (on behalf of the enclaves team)
Microsoft Tech Community – Latest Blogs –Read More
June 2024 update on Azure AD Graph API retirement
One year ago, we shared an update on the completion of a three-year notice period for the deprecation of the Azure AD Graph API service. This service is now in the retirement cycle and retirement (shut down) will occur in incremental stages. In the first stage of this retirement cycle, newly created applications will receive an error (HTTP 403) for any requests to Azure AD Graph APIs. We’re revising the date for this first stage from June 30 to August 31, and only applications created after August 31, 2024 will be impacted. After January 31, 2025, all applications – both new and existing – will receive an error when making requests to Azure AD Graph APIs, unless they’re configured to allow extended Azure AD Graph access.
We understand that some apps may not have fully completed migration to Microsoft Graph. We’re providing an optional configuration through the authenticationBehaviors property, which will allow an application to use Azure AD Graph APIs through June 30, 2025. Azure AD Graph will be fully retired after June 30, 2025, and no API requests will function at this point, regardless of the application’s configuration.
If you develop or distribute software that still uses Azure AD Graph APIs, you must act now to avoid interruption. You’ll either need to migrate your applications to Microsoft Graph (highly recommended) or configure the application for an extension, as described below, and ensure that your customers are prepared for the change. If you’re using applications supplied by a vendor that use Azure AD Graph APIs, work with the software vendor to update to a version that has migrated to Microsoft Graph APIs.
How do I find Applications in my tenant using Azure AD Graph APIs?
The Microsoft Entra recommendations feature provides recommendations to ensure your tenant is in a secure and healthy state, while also helping you maximize the value of the features available in Entra ID.
We’ve provided two Entra recommendations that show information about applications and service principals that are actively using Azure AD Graph APIs in your tenant. These new recommendations can support your efforts to identify and migrate the impacted applications and service principals to Microsoft Graph.
Figure 1: Microsoft Entra Recommendations for Azure AD Graph migration
For more information, reference Recommendation to migrate to Microsoft Graph API.
Configuring an application for an extension of Azure AD Graph access
To allow an application created to have an extension for access to Azure AD Graph APIs through June 30, 2025, you must make a configuration change on the application after it’s created. This configuration change is done through the AuthenticationBehaviors interface. By setting the blockAzureADGraphAccess flag to false, the newly created application will be able to continue to use Azure AD Graph APIs until further in the retirement cycle.
Note: In this first stage, only Applications created after August 31, 2024 will be impacted. Existing applications will be able to continue to use Azure AD Graph APIs even if the authenticationBehaviors property is not configured. Once this change is rolled out, you may also choose to set blockAzureADGraphAccess to true for testing or to prevent an existing application from using Azure AD Graph APIs.
Microsoft Graph REST API examples
Read the authenticationBehaviors property for a single application:
GET https://graph.microsoft.com/beta/applications/afe88638-df6f-4d2a-905e-40f2a2d451bf/authenticationBehaviors
Set the authenticationBehaviors property to allow extended Azure AD Graph access for a new Application:
PATCH https://graph.microsoft.com/beta/applications/afe88638-df6f-4d2a-905e-40f2a2d451bf/authenticationBehaviors
Content-Type: application/json
{
“blockAzureADGraphAccess”: false
}
Microsoft Graph PowerShell examples
Read the authenticationBehaviors property for a single application:
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scopes “Application.Read.All”
Get-MgBetaApplication -ApplicationId afe88638-df6f-4d2a-905e-40f2a2d451bf -Property “id,displayName,appId,authenticationBehaviors”
Set the authenticationBehaviors property to allow extended Azure AD Graph access for a new Application:
Import-Module Microsoft.Graph.Beta.Applications
Connect-MgGraph -Scopes “Application.ReadWrite.All”
$params = @{
authenticationBehaviors = @{
blockAzureADGraphAccess = $false
}
}
Update-MgBetaApplication -ApplicationId $applicationId -BodyParameter $params
What happens to applications using Azure AD Graph after August 31, 2024?
Any existing applications that use Azure AD Graph APIs and were created before this date will not be impacted at this stage of the retirement cycle.
Any applications created after August 31, 2024 will encounter errors when making requests to Azure AD Graph APIs, unless the blockAzureADGraphAccess attribute has been set to false in the authenticationBehaviors configuration for the application.
What happens to applications using Azure AD Graph after January 31, 2025?
After January 31, 2025, all applications – new and existing – will encounter errors when making requests to Azure AD Graph APIs, unless the blockAzureADGraphAccess attribute has been set to false in the authenticationBehaviors property for the application.
What happens to applications using Azure AD Graph after June 30, 2025?
Azure AD Graph APIs will no longer be available to any applications after this point, and any requests to Azure AD Graph APIs will receive an error, regardless of the authenticationBehaviors configuration for the application.
Current support for Azure AD Graph
Azure AD Graph APIs are in the retirement cycle and have no SLA or maintenance commitment beyond security-related fixes.
About Microsoft Graph
Microsoft Graph represents our best-in-breed API surface. It offers a single unified endpoint to access Entra and Microsoft 365 services such as Microsoft Teams and Microsoft Intune. All new functionalities will only be available through Microsoft Graph. Microsoft Graph is also more secure and resilient than Azure AD Graph.
Microsoft Graph has all the capabilities that have been available in Azure AD Graph and new APIs like identity protection and authentication methods. Its client libraries offer built-in support for features like retry handling, secure redirects, transparent authentication, and payload compression.
What about Azure AD and Microsoft Online PowerShell modules?
As of March 30, 2024, AzureAD, AzureAD-Preview, and Microsoft Online (MSOL) PowerShell modules are deprecated and will only be supported for security fixes. These modules will be retired and stop working after March 30, 2025. You should migrate these to Microsoft Graph PowerShell. Please reference this update for more information.
Available tools
Migrate from Azure Active Directory (Azure AD) Graph to Microsoft Graph
Azure AD Graph app migration planning checklist
Azure AD Graph to Microsoft Graph migration FAQ
Kristopher Bash
Product Manager, Microsoft Graph
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Microsoft Entra News and Insights | Microsoft Security Blog
Microsoft Entra blog | Tech Community
Microsoft Entra documentation | Microsoft Learn
Microsoft Entra discussions | Microsoft Community
Microsoft Tech Community – Latest Blogs –Read More
Windows 365 Cross-region Disaster Recovery generally available
Disaster recovery is a critical consideration for any IT desktop strategy. When it comes to remote desktops, the majority of organizations consider disaster recovery a primary objective. Since its introduction, Windows 365 has provided robust business continuity and disaster recovery options. Whether for compliance requirements, natural disasters, technical failure, or human error, putting greater distance between your primary and backup environments can add an extra sense of security and peace of mind to any IT desktop strategy.
We are excited to introduce Windows 365 Cross-region Disaster Recovery, a Windows 365 add-on feature that creates “snapshots” of Cloud PCs. These snapshots are placed in customer-defined, geographically distant locations, and they can be recovered to Cloud PCs running in the selected location during a disaster recovery event.
Windows 365 Cross-region Disaster Recovery is especially relevant for industries and organizations that are highly regulated, or that have users or workflows that require geographic distance between primary and backup locations.
Configuration and use
Unlike many traditional disaster recovery solutions, Windows 365 Cross-region Disaster Recovery was designed to be configured and used with minimal—or even no—prior disaster recovery experience. Configuration can be completed in a few minutes. In the event of an outage, recovery may be activated with just a few clicks and typically in less than five minutes.
In addition to configuration and activation, Windows 365 Cross-region Disaster Recovery has been integrated into various reports and flows. Reports alert administrators if an outage has taken place and provide full context of the configuration and status of each Cloud PC using Windows 365 Cross-region Disaster Recovery. After the outage is resolved, administrators are notified and can deactivate Cross-region Disaster Recovery in minutes.
How do I get the Windows 365 Cross-region Disaster Recovery add-on?
Windows 365 Cross-region Disaster Recovery is provided as an add-on license to Windows 365 Enterprise SKUs. It is not currently available for any other Windows 365 SKU.
In the United States, pricing for the Windows 365 Cross-region Disaster Recovery add-on is $5 per user, per month. It can be applied to the Enterprise Cloud PCs that the user is licensed to use. Please contact sales for pricing in other regions.
FAQ
Q: Are the geographies and regions available for Windows 365 Cross-region Disaster Recovery limited?
A: In general no, because any geography or region where Windows 365 is available may be used as a backup region, and any of those areas can be selected by the administrator. Administrators should carefully consider the location of Cloud PC users, as well as data sovereignty, when selecting backup regions.
Q: If a user has multiple Cloud PCs, can each device have a different Windows 365 Cross-region Disaster Recovery configuration?
A: No. At this time, all Cloud PCs associated with a user will have the same Windows 365 Cross-region Disaster Recovery configuration.
Q: What is the restore time objective (RTO) and restore point objective (RPO) for Windows 365 Cross-region Disaster Recovery?
A: RPO is defined by the cadence of point-in-time restore snapshots. The RTO is four hours for Cloud PC tenants with up to 50,000 Cloud PCs in a region. The performance of Cross-region Disaster Recovery is anticipated to increase as actual deployment sizes increase to maintain an RTO of four hours.
Next Steps
Learn more about:
Windows 365 Cross-region Disaster Recovery
Point-in-time restore for Windows 365 Enterprise
Windows 365 and Azure network connections
Azure regions and zones
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.
Microsoft Tech Community – Latest Blogs –Read More
Connection Reliability in Azure Virtual Desktop Insights
We are thrilled to announce that the Connection Reliability tab in Azure Virtual Desktop Insights is now generally available. IT administrators can now monitor the connection resilience between users and Azure Virtual Desktop host pools. This gives administrators a simpler experience when it comes to understanding disconnection events and correlations between errors that affect their end users.
The Connection Reliability tab provides two primary visuals.
The first is a graph that analyzes and plots the number of disconnections over the concurrent connections during a given time range. This allows administrators to easily detect clusters of disconnects that are impacting connection reliability. Administrators can also analyze connection errors by different pivots—for example client version and IP range—to determine the root cause of disconnects and improve connection reliability.
The second visual provides a table of the top 20 disconnection events and lists the top 20 specific time intervals where the most disconnections occurred. Administrators can select a row in the table to highlight specific segments of the chart to view the disconnections that occurred during those time segments.
To experience the benefits of the Azure Virtual Desktop Insights Connection Reliability tab, sign in to Azure Virtual Desktop Insights and navigate to the Connection Reliability tab. More information can be found here.
Our team is dedicated to enhancing Azure Virtual Desktop Insights and expanding its capabilities to address the evolving needs of our users. We encourage you to explore the features of the Connection Reliability tab and share your experiences to help us guide future development of this and other Azure Virtual Desktop Insights features.
Stay up to date! Bookmark the Azure Virtual Desktop Tech Community.
Microsoft Tech Community – Latest Blogs –Read More
How to remove the credential for legacy Threat Detection feature from Azure SQL Database
(Written on May 30th, 2024)
If you come across a credential named something like ‘https://xxyyzz.blob.core.windows.net/sqldbtdlogs‘ in the sys.database_scoped_credentials table of your Azure SQL Database and are unsure of its purpose. it is likely related to the Threat Detection feature. This feature monitored and detected threats to your Azure SQL Database, generating reports stored in the sqldbtdlogs container in the storage account xxyyzz.
You can further verify this by checking the container for a folder named like ‘SqlDbThreatDetection_Audit_xxxxx’:
Previously, this credential was automatically added to the sys.database_scoped_credentials table when Threat Detection was enabled and removed when it was disabled. However, Threat Detection has been deprecated and replaced by Microsoft Defender for Azure SQL, which offers more extensive and holistic monitoring and threat detection capabilities.
If you find this credential still present in your Azure SQL Database, it might have been missed during the transition from Threat Detection to Microsoft Defender for Azure SQL. If you confirm it is no longer in use and want to remove it, note that you cannot simply use the DROP DATABASE SCOPED CREDENTIAL command, as it will result in an error:
This design likely prevents the unintended removal of the credential, which would cause Threat Detection to fail. The credential should automatically be dropped once Threat Detection is disabled.
Since Threat Detection can no longer be enabled or disabled through the Azure Portal due to its deprecation, you can use the following command to disable it: az sql db threat-policy.
Here’s a demonstration:
1. Confirm the Credential Exists:
2. Check Threat Detection Status:
(If it shows ‘Disabled’, but the credential is present, you can still proceed to the next step to disable the feature again to drop the credential.)
3. Run the command to disable the feature to drop the credential:
4. Confirm the credential is no longer present:
(The end of this post)
Microsoft Tech Community – Latest Blogs –Read More
Stateflow – functions not connected to other blocks
Hi!
I am trying to create a vehicle body on Simulink, and I am using Stateflow for the gearbox control (following the MathWorks example: https://uk.mathworks.com/help/sdl/ug/about-the-complete-vehicle-model.html)
I have trouble creating the Stateflow subsystem, as the UP/DOWN in my Bloc 1 don’t seem to be connected to the ones in the selection state. From the model available online (link above), it seems like I am only missing the yellow colour on these words in order for them to be linked and refered to in the gear selection state. The Stateflow models and examples available online all use this "yellow" feature, so I think it is quite easy to use once you know how to do it, but I can’t see how to do it.
Would anyone be able to help me?
Thanks in advance!Hi!
I am trying to create a vehicle body on Simulink, and I am using Stateflow for the gearbox control (following the MathWorks example: https://uk.mathworks.com/help/sdl/ug/about-the-complete-vehicle-model.html)
I have trouble creating the Stateflow subsystem, as the UP/DOWN in my Bloc 1 don’t seem to be connected to the ones in the selection state. From the model available online (link above), it seems like I am only missing the yellow colour on these words in order for them to be linked and refered to in the gear selection state. The Stateflow models and examples available online all use this "yellow" feature, so I think it is quite easy to use once you know how to do it, but I can’t see how to do it.
Would anyone be able to help me?
Thanks in advance! Hi!
I am trying to create a vehicle body on Simulink, and I am using Stateflow for the gearbox control (following the MathWorks example: https://uk.mathworks.com/help/sdl/ug/about-the-complete-vehicle-model.html)
I have trouble creating the Stateflow subsystem, as the UP/DOWN in my Bloc 1 don’t seem to be connected to the ones in the selection state. From the model available online (link above), it seems like I am only missing the yellow colour on these words in order for them to be linked and refered to in the gear selection state. The Stateflow models and examples available online all use this "yellow" feature, so I think it is quite easy to use once you know how to do it, but I can’t see how to do it.
Would anyone be able to help me?
Thanks in advance! stateflow, performance MATLAB Answers — New Questions
.CSV plugin for EEGlab that isn’t mentalab?
Mentalab plugin requires 3 .CSV files that are imported in tandem. I am not using a mentalab system and was wondering if there were any other plugins that allow EEGLAB to import data from a singular .csv file.Mentalab plugin requires 3 .CSV files that are imported in tandem. I am not using a mentalab system and was wondering if there were any other plugins that allow EEGLAB to import data from a singular .csv file. Mentalab plugin requires 3 .CSV files that are imported in tandem. I am not using a mentalab system and was wondering if there were any other plugins that allow EEGLAB to import data from a singular .csv file. eeglab MATLAB Answers — New Questions
Location data when exporting from MS Lists to Excel
Hi Everyone
I am just working with Lists and I need some advice on formatting the location information so it looks more presentable.
This is an example of what is exporting:
{“EntityType”:”LocalBusiness”,”LocationSource”:”Bing”,”LocationUri”:”https://www.bingapis.com/api/v6/localbusinesses/YN1029x7555097221641136189“,”UniqueId”:”https://www.bingapis.com/api/v6/localbusinesses/YN1029x7555097221641136189“,”IsPreviouslyUsed”:fal
Does anyone have any advice or a solution to this?
Thanks in advance !
Hi Everyone I am just working with Lists and I need some advice on formatting the location information so it looks more presentable. This is an example of what is exporting: {“EntityType”:”LocalBusiness”,”LocationSource”:”Bing”,”LocationUri”:”https://www.bingapis.com/api/v6/localbusinesses/YN1029x7555097221641136189″,”UniqueId”:”https://www.bingapis.com/api/v6/localbusinesses/YN1029x7555097221641136189″,”IsPreviouslyUsed”:fal Does anyone have any advice or a solution to this? Thanks in advance ! Read More
Attack surface reduction – check trigger if possible
Hello,
I configured ASR rules and now reviewing exceptions.
Is it possible to find out what triggers “sc.exe” or “conhost.exe” without checking event viewer on the specific machine? Or we can just exclude paths that we actually see as exceptions and that’s it?
That way we could define the exception more precisely instead of putting “sc.exe” or “conhost.exe” as exception.
Here are 2 paths blocked by the same rule:
C:WindowsSystem32conhost.exe
Block process creations originating from PSExec and WMI commands
C:WindowsSystem32sc.exe
Block process creations originating from PSExec and WMI commands
Thank you!
Hello,I configured ASR rules and now reviewing exceptions.Is it possible to find out what triggers “sc.exe” or “conhost.exe” without checking event viewer on the specific machine? Or we can just exclude paths that we actually see as exceptions and that’s it?That way we could define the exception more precisely instead of putting “sc.exe” or “conhost.exe” as exception.Here are 2 paths blocked by the same rule:C:WindowsSystem32conhost.exeBlock process creations originating from PSExec and WMI commandsC:WindowsSystem32sc.exeBlock process creations originating from PSExec and WMI commandsThank you! Read More
Project for the web – actual start and finish dates
Hello,
I have started using MS project for the web/ new planner for a development project for a team of 10 people. I know there already are the fields start and finish date. However, I was wondering how to add fields or a way to track/report the actual start date and the actual finish date. Ideally I will like that when the user sets a task to “in progress” it automatically records the actual start date, and when the user marks it as “completed”, it will also record the actual finish date.
Thank you!
Hello, I have started using MS project for the web/ new planner for a development project for a team of 10 people. I know there already are the fields start and finish date. However, I was wondering how to add fields or a way to track/report the actual start date and the actual finish date. Ideally I will like that when the user sets a task to “in progress” it automatically records the actual start date, and when the user marks it as “completed”, it will also record the actual finish date.Thank you! Read More
Focused Inbox for Contacts Only
I have been searching for an idea listing to have the option of configuring the focused inbox to show only email from contacts and the Other show everything else. I get an enormous number of unsolicited emails into my focused inbox. I have spent hours trying to “always move them to other”, but that is not effective, efficient or user friendly. I’d rather add to my contact the emails that I have agreed to receive. My important emails are getting lost in all the clutter.
I have been searching for an idea listing to have the option of configuring the focused inbox to show only email from contacts and the Other show everything else. I get an enormous number of unsolicited emails into my focused inbox. I have spent hours trying to “always move them to other”, but that is not effective, efficient or user friendly. I’d rather add to my contact the emails that I have agreed to receive. My important emails are getting lost in all the clutter. Read More
Saving custom prompts to copilot lab
I’ve asked both Copilot and ChatGPT for instructions on how to save a custom prompt to Copilot lab. (We have Copilot for Microsoft 365). I am not an admin for our account so I cannot see how your account is set up but I don’t know if I’m not seeing the option to do this because it’s not available or it’s not set up in our account. Can anyone confirm if this is even possible?
I’ve asked both Copilot and ChatGPT for instructions on how to save a custom prompt to Copilot lab. (We have Copilot for Microsoft 365). I am not an admin for our account so I cannot see how your account is set up but I don’t know if I’m not seeing the option to do this because it’s not available or it’s not set up in our account. Can anyone confirm if this is even possible? Read More
