Month: September 2024
Excel Baseball 1st Batter Out Formula Help
Attached is an example file I use for tracking pitchers statistics. I’m struggling with finding a formula that works for figuring out if the pitcher got the first batter out in the inning.
I’ve successfully built a formula which identifies if it is the 1st batter of the inning (column BH).
However, the issue is that the at bat rarely finishes on the first pitch. So I need excel to look for if the Outcome (column P) of that 1st batter was a safe/positive result or an out/negative. You can tell when the batter changes based on column E. But I’m struggling to connect the “1” produced in column BH with the Outcome in column P since they are rarely in the same row.
I’ve thought about trying to get the “1” produced in column BH to only be there when the batter in column E changes. But again, not sure where to start with that.
If you need an example for the formula for safe/out result, you can look in BL/BM when I calculate Last Batter Safe and Out.
Attached is an example file I use for tracking pitchers statistics. I’m struggling with finding a formula that works for figuring out if the pitcher got the first batter out in the inning. I’ve successfully built a formula which identifies if it is the 1st batter of the inning (column BH). However, the issue is that the at bat rarely finishes on the first pitch. So I need excel to look for if the Outcome (column P) of that 1st batter was a safe/positive result or an out/negative. You can tell when the batter changes based on column E. But I’m struggling to connect the “1” produced in column BH with the Outcome in column P since they are rarely in the same row. I’ve thought about trying to get the “1” produced in column BH to only be there when the batter in column E changes. But again, not sure where to start with that. If you need an example for the formula for safe/out result, you can look in BL/BM when I calculate Last Batter Safe and Out. Read More
Integration with SuccessFactors
Hi Community
We have SuccessFactors and we have four different Azure’s.
SuccessFactors can only connect to one of these (Its for SuccessFactors Recruitment Integration to Outlook)
Does anyone know a way that I can connect the three other Azure’s to our main company one, so that SuccessFactors can connect to our main one, then can see / post to Outlooks that exist on the other three?
Hi Community We have SuccessFactors and we have four different Azure’s. SuccessFactors can only connect to one of these (Its for SuccessFactors Recruitment Integration to Outlook) Does anyone know a way that I can connect the three other Azure’s to our main company one, so that SuccessFactors can connect to our main one, then can see / post to Outlooks that exist on the other three? Read More
OpenHCL: Evolving Azure’s virtualization model
Azure Boost is a revolutionary accelerator system designed by Microsoft that offloads server virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built software and hardware. This offloading frees up CPU resources for virtual machines, resulting in improved performance and a secure foundation for your cloud workloads.
In this blog, we will talk about some of the advances we’ve made within Azure Host OS that allow us to provide the industry-leading benefits of Azure Boost and improve the security of our customers with other features. Azure Host OS (aka Cloud Host), if you recall, is a purpose-built minimal version of Windows that powers Azure in the data center. These Azure Host advancements in conjunction with Azure Boost have enabled features like Confidential VMs, Trusted Launch, to improve IO performance, harden security, and introduce VM compatibility for seamless feature delivery. These features are powered by a completely new transparent para-virtualized layer that runs within each guest VM instance, named “OpenHCL”. OpenHCL is a para-virtualization layer built from the ground-up in the Rust programming language. Rust is designed with strong memory safety principles, making it ideally suited for the virtualization layer.
Chris Oo from our team has a talk on OpenHCL at the “Linux Plumbers Conference 2024”, which has more technical design and details. The talk titled “OpenHCL: A Linux based paravisor for Confidential VMs” is available [here].
In the upcoming sections, we’ll start by exploring the virtualization landscape and how Azure’s infrastructure has evolved over time to take advantage of the modern hardware architecture. We’ll then talk about the internals of this para-virtualized layer and how it supports some of the core Azure features that our customers depend on.
Virtualization models
Azure Host OS provides core virtualization services for managing compute and memory resources, as well as virtualizing devices for VMs. Under the hood, it partitions physical hardware into logically separated virtual environments, each with their dedicated (virtual) processors, memory, and view of devices (storage, networking).
Traditional device virtualization
In traditional virtualization architecture, the host operating system handles most of the communication between the guest operating system (VM) and the underlying physical hardware (CPU, memory, device IO). For example, if the VM wishes to perform a network or storage operation (i.e. send a packet over the network, read/write data to storage), the guest communicates with the host OS (over a shared channel called VMBus) and the host facilitates the IO operation on the guest’s behalf.
This device virtualization model is referred to as a Para-virtualized IO model [wiki]. The guest OS is “enlightened” or aware that its running virtualized and runs special drivers to communicate with the host. This model is simple, efficient, and widely used across most cloud providers.
One drawback of this mode is that there is significant interaction with the host OS to do IO, which can add latency, affect throughput, or result in noisy neighbor side-effects. The performance of this mode can be significantly improved by allowing the guest VM to directly access the PCIe device instead of relying on the host for communication. Bypassing the host OS data path allows for lower latency, reduced jitter, and improved VM responsiveness. This is typically called “discrete device assignment” in Microsoft documentation or sometime referred to as accelerated device model.
Traditional virtualization architectures rely on the Host OS to carry out device virtualization on behalf of the guest
Accelerated Device IO
As explained to achieve higher IO performance, the virtualization stack supports a direct assigned device or accelerated IO mode, where VMs can directly access and communicate with devices without Host intervention. If the VM wishes to perform an IO operation, the guest leverages special drivers that live within its context to communicate directly with the physical device.
In the same example above, if the VM needs to perform a network operation, it can perform it more efficiently by communicating using the direct path to the network device. This VM is considered fully enlightened– it possesses the right drivers for direct communication with device hardware. The direct data path reduces overhead in comparison to the additional translations found in the para-virtualized IO model. This leads to improved performance and throughput that is comparable to physical devices running without virtualization.
Discrete Device Assignment (DDA) and Single Root I/O Virtualization (SR-IOV) are two types of accelerated device models used in virtualization. DDA assigns an entire device to a VM and is mostly used in GPU assignment scenarios to provide VMs full access to the GPU’s capabilities for workloads such as AI training and inferencing. SR-IOV divides a single physical device’s resources into multiple virtual interfaces for different VMs. SR-IOV is typically used for network and storage IO devices, as it allows multiple virtual machines to share the same physical hardware resources most efficiently
Some examples in the Azure fleet today include, GPU acceleration via Discrete Device Assignment, Accelerated networking via SR-IOV, and NVMe Direct VMs for storage.
In the next section, we will talk about OpenHCL which is another evolution of the device IO virtualization.
OpenHCL: A privileged guest compatibility layer
Building on the advancements of the accelerated model, we introduced OpenHCL, a new virtualization layer that can transparently provide guest VMs with facilities such as accelerated IO and other security features. This lightweight virtualization environment runs privileged within the guest virtual machine and isolated from the guest operating system. Instead of sharing para-virtualized components exposed by host interfaces, each VM runs its own virtualization instance which enhances security isolation and efficiency. As we’ll discuss below, OpenHCL is essential for Azure Boost guest compatibility scenarios, in which VMs require the appropriate drivers and orchestration to leverage performance enhancements from Boost’s NVMe storage and MANA network accelerated device.
This environment consists of two main components: a minimal Linux kernel and a Rust-based VMM that provides device emulation and I/O translation. This layer equips VMs with the necessary software and drivers to light up functionality such as SR-IOV device assignment for Azure Boost network and storage optimized accelerators without needing any change in the guest OS. This is hugely beneficial to our customers who can now use the same VM image while getting the benefits of Azure Boost – continuing to show our customers how much Microsoft invests in application compatibility.
Guest compatibility virtualization software supports Azure Boost hardware acceleration & virtualized TPM
To do this, we leverage Virtual Secure Mode (VSM) technology, a set of Hyper-V capabilities that enable new security boundaries (or “virtual trust levels”) within a VM context. By creating a new isolated Virtual Trust Level (VTL2) within the guest environment, we establish a higher privilege execution environment that can transparently host code in the VM. This allows us to run privileged security functionality like a virtual TPM for Trusted Launch VMs and paravisor for Azure Confidential VMs (we’ll cover these topics in later sections). Within this layer, we can also run device virtualization facilities that enlighten VMs to communicate with Azure Boost hardware.
The VSM isolation model and reduced data path from VM to device adds protective measures by providing more robust multi-tenant isolation and reducing the Trusted Computing Base (TCB) on the Azure Host. By confining the virtualization stack to the tenant’s VM and reducing dependencies on the Host for IO operations, we can eliminate shared host components which narrow down the potential attack surface and enhance security. Shifting the architecture from host providing para-virtualized interface to each VM instance running its own virtualization, additionally allows for greater performance isolation and efficiency. Reiterating this point since its so important with the OpenHCL architecture, each VM receives its own para-virtualized layer and doesn’t share anything with the Host or other VMs. This isolation hugely improves the customer VM experience and isolation.
Zooming into the components that make up this layer, the VTL2 environment is made up of a completely newly written Rust based virtualization stack running on a minimal Linux kernel that provides device emulation and I/O translation. Rust system programming language has emerged as one of the leading memory safe programming languages. Rust’s memory safety & type system features help prevent common vulnerabilities like buffer overflows and dangling pointers. Its concurrency model enhances security in multi-threaded environments by preventing data race conditions. Rust offers robust security benefits making it especially advantageous and critical for sensitive workloads. Together these components make up the para-virtualized VTL2 environment that underpins some of Azure’s key technologies.
In the next section we’ll describe some of the uses of this technology in Azure Boost, Trusted Launch VMs, and Azure Confidential VMs. This virtualization environment was first introduced with Trusted Launch VMs and was later extended to introduce additional capabilities around I/O compatibility and paravisor support for Azure Boost and Azure Confidential VMs respectively.
OpenHCL in Azure Boost
As mentioned, Azure Boost is Microsoft’s hardware acceleration solution that offers industry leading network and storage optimization via Microsoft Azure Network Adapter (MANA) and NVMe storage, by offloading networking and storage operations onto specialized FPGA hardware and software.
Offloading networking and storage tasks onto dedicated Azure Boost hardware frees up CPU for guest VMs and eliminates I/O virtualization bottlenecks. The result is a network capable of 200 Gbps bandwidth via Microsoft’s next generation network interface, Microsoft Azure Network Adapter (MANA), local storage operations reaching 17.3GBps with 3.8 million IOPs, and remote storage operations reaching 12.5 GBps throughput with 650K IOPs. Enhancing Azure’s infrastructure by isolating it from hypervisor and host resources boosts performance while reducing latency and jitter.
Using the OpenHCL para-virtualized layer, VMs receive the necessary MANA and NVMe drivers and virtual functions to bootstrap accelerated IO connections. As a result, the guest can begin direct communication with the specialized Azure Boost hardware. On enlightened guest VMs, which come with pre-installed drivers and VMBus support to communicate with the accelerated hardware, the model sets up initial communication and reduces latency and downtime for networking and storage devices as it allows guest VMs to fall back to the software networking path in case of disconnection to the acceleration path.
For unenlightened guest VMs that come with default inbox virtualization drivers, OpenHCL transparently provides the necessary drivers to enable these guest VMs to communicate with the new accelerated hardware without the need to install new images or update the operating system. This allows the existing VM types to get the power of Azure Boost, with no changes to their images. To achieve optimal performance, we recommend adding the appropriate drivers to VM image.
Azure Boost VM SKUs are available today in preview across a variety of VM series to optimize for the demands of varying workloads. To learn more, see Overview of Azure Boost | Microsoft Learn
OpenHCL in Trusted Launch VMs
The OpenHCL virtualization layer also helped launch Trusted Launch for Azure virtual machines on Generation 2 VMs. Trusted Launch VMs introduced virtual Trusted Platform Module (vTPM) and secure boot with guest attestation. Secure Boot establishes a “root of trust” and verifies that only VMs with properly signed OS code can boot, preventing rootkits and boot kits from infecting the OS boot process with malware. A virtual Trusted Platform Module is virtualized hardware that serves as a dedicated storage vault for key and measurements. The vTPM measures and seals the VM’s entire boot chain (UEFI, OS, system, drivers), which allows the guest VM to perform remote guest attestation. Everything from the firmware through the OS drivers are “measured” and chained to a hardware root of trust. The VM can then establish trust with a 3rd party by cryptographically “attesting” or proving its boot integrity and compliance.
Leveraging the privileged OpenHCL VTL2 layer allows us to run a virtualized TPM and execute remote attestation processes directly from within the guest operating system. A virtual TPM cannot run and perform attestation if its running at the same privilege as the rest of the guest operating system as it stores and persists secrets.
OpenHCL in Azure confidential VMs
Confidential VMs provide enhanced security features that allow customers to protect their most sensitive data in use by performing computation inside a hardware based, attested Trusted Execution Environment (TEE). The Trusted Execution Environment is a secure, isolated environment that prevents unauthorized access or modification of applications and data while in use. This increases the security level of organizations that manage sensitive and regulated data.
Azure confidential VMs use the concept of a paravisor to implement enlightenment on behalf of the guest OS so that the guest OS can run mostly unmodified inside a CVM across various hardware providers. With the paravisor, the guest OS does not need to be fully enlightened to run confidential in Azure, meaning that we can support older OS versions on Azure confidential VMs. Without this paravisor, Azure confidential VM support would be limited to specific OS versions with the necessary features. This allows for easier “lift and shift” of sensitive workloads.
OpenHCL is an implementation of the paravisor for Confidential VMs in Azure, that will soon be available in the Azure fleet. Similarly to the virtualized TPM on Trusted Launch VMs, the OpenHCL VTL2 partition is used to securely host the guest paravisor firmware layer for confidential VM support. As mentioned above, OpenHCL will effectively allow guest VMs to run as confidential VMs in Azure, adding support across a wide variety of guest OS’s and confidential hardware providers.
To learn more about Confidential VMs, visit our other blog: Confidential VMs on Azure – Microsoft Community Hub.
Learn more
In this blog, we’ve explored the evolution of Azure’s virtualization architecture which help power industry-leading technologies like Azure Boost, Trusted Launch VMs, and Azure confidential VMs. We’ve outlined key benefits of this model across hardware acceleration, security isolation, performance, and seamless feature compatibility. As you read through the blog and the links within, if you have any questions, please feel free to comment below.
Hari and Marysia (on behalf of the entire OpenHCL team)
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Entra Internet Access now generally available
With the rise of hybrid work, identity and network security professionals are now at the forefront of protecting their organizations. Traditional network security tools fall short in meeting the integration, complexity, and scale requirements of anywhere access, leaving organizations exposed to security risks and poor user experiences. To address this, network security and identity must function as a unified force in defense. Only when identity and network controls deeply integrate into secure access, can we fully deliver on the core Zero Trust principles, where trust is never implicit and access is granted on a need-to-know and least-privileged basis across all users, devices, and applications.
Microsoft Entra Internet Access
On July 11th, 2024, we announced general availability (GA) of Microsoft Entra Suite, which includes Microsoft Entra Internet Access, part of the Security Service Edge (SSE) solution. Internet Access secures access to all internet and SaaS applications and resources with an identity-centric secure web gateway (SWG) solution, unifying identity and network access controls through a single Zero Trust policy engine to close security gaps and minimize the risk of cyberthreats. Our solution integrates seamlessly with Microsoft Entra ID, eliminating the need to manage users, groups, and apps in multiple locations. It protects users, devices, and resources with capabilities such as universal Conditional Access, context aware network security, and web content filtering, so you no longer need to manage multiple disconnected network security tools.
Figure 1: Secure access to all internet and SaaS applications and resources, with an identity-centric SWG.
Unified identity and network security
Our deep integration with Entra ID enables Conditional Access, and later continuous access evaluation (CAE), to be extended to any external destination, internet resource, and cloud application, even if they’re not integrated or federated with Entra ID. This integration with Conditional Access enables you to enforce granular controls, leveraging device, user, location, and risk conditions by applying network security policies tailored to the requirements of your enterprise. Additionally, Microsoft Entra Internet Access provides enhanced security capabilities, such as token replay protection and data exfiltration controls, for Entra ID federated applications.
Figure 2: Rich user, device, location, and risk awareness of Conditional Access for network security policy enforcement
Protect your users with context aware network security
With Microsoft Entra Internet Access you now can link your network security policies to Conditional Access, providing a versatile tool that can adapt to various scenarios for your SWG policy enforcement. Now with web category filtering, you can easily allow or block a vast range of internet destinations based on pre-populated web categories. For more granular control, you can use fully qualified domain name (FQDN) filtering to establish policies for specific endpoints or override general web category policies effortlessly.
For instance, you can create a policy that allows your finance team access to critical finance applications, while restricting access for the rest of your organization. Furthermore, you can add risk-based filtering policies that dynamically adapt to a user’s risk level with Entra ID protection to restrict access to these destinations for members whose user risk is elevated, providing additional protection for your organization. Another great example is just-in-time access to Dropbox, while blocking all other external storage sites, to leverage deep integrations between Microsoft Entra Internet Access, Conditional Access and Entra ID Governance workflows.
In the coming months, we’ll be adding new capabilities such as TLS inspection and URL filtering to provide even more granular control for your web filtering policies. Plus, we’ll be adding Threat Intelligence (TI) filtering to prevent users from accessing known malicious internet destinations.
Provide defense in depth against token replay attacks with Compliant Network check
With the addition of the new Compliant Network control, you can prevent token replay attacks across authentication plane by extending Compliant Network check with Conditional Access for any Entra ID federated internet application, including Microsoft 365 applications. This feature also ensures that users cannot bypass the SSE security stack while accessing applications. Compliant network eliminates inherent disadvantages of source IP based location enforcement – that of cumbersome IP management and traffic hair pinning of remote users through branch networks.
Protect against data exfiltration by enabling universal tenant restrictions (TRv2) controls
With Microsoft Entra Internet Access you can enable Universal Tenant Restriction controls across all managed devices and network branches, agnostic of OS and browser platform. Tenant Restriction v2 is a strong data exfiltration control enabling you to manage external access risks from your managed devices and networks by curating a granular allow or deny list of foreign identities and applications that can or cannot be accessed.
Figure 5: Universal tenant restrictions
Avoid obfuscating original user source IP
Traditional third-party SSE solutions hide the original source IP of users, only showing the proxy IP address, which degrades your Entra ID log fidelity and Conditional Access controls. Our solution proactively restores original end-user source IP context for Entra ID activity logs and risk assessment. It also maintains backward compatibility for source IP based location checks in your Conditional Access policies.
Deliver fast and consistent access at a global scale
Our globally distributed proxy, with multiple points of presence close to your user, eliminates extra hops to optimize traffic routing to the internet. You can connect remote workers and branch offices through our global secure edge that’s only milliseconds away from users. We have thousands of peering connections with internet providers and SaaS services, and for services like Microsoft 365 and Azure, you avoid performance penalties through additional hops and improve overall user experience by sending the traffic directly to Microsoft WAN infrastructure.
Figure 7: Microsoft’s global Wide Area Network (WAN)
Attain deep insights and network analytics using in-product dashboards:
Our comprehensive in-product reports and dashboards are designed to be easy to digest and share a complete holistic view of your entire ecosystem within your organization. You can monitor deployment status, identify emerging threats through comprehensive network and policy monitoring logging, and address problems quickly. Our dashboard delivers an overview of the users, devices, and destinations connected through Microsoft’s SSE solution. We show cross-tenant access within your enterprise, as well as the top network destinations in use and other policy analytics.
Figure 8: In-product dashboard
Microsoft Entra Internet Access architecture overview
Microsoft’s SSE architecture for client and branch connectivity streamlines network access and security. Global Secure Access standalone client on the endpoint is currently available for Windows and Android; MacOS and IOS are coming soon. Branch connectivity relies on site-to-site connections from network devices to Microsoft’s SSE edge services; Microsoft traffic is now available, with Internet Access Traffic being added soon. Traffic from both client and branch connectivity models is secured and tunneled through Microsoft’s SSE edges. Additionally, we have partnered with HPE Aruba and Versa to integrate our SSE solution with their SD-WAN offerings, with additional SD-WAN partners coming soon.
Side-by-side interoperability with third-party SSE solutions
One of the unique advantages of Microsoft’s SSE solution is its built-in compatibility with third-party SSE solutions where it allows you to acquire only the traffic you need to send to Microsoft’s SSE edges. For example, you can enable the Microsoft Traffic profile to manage Microsoft 365 and Entra ID traffic and optimize performance for your Microsoft applications while using other providers for remaining traffic. Configuring traffic forwarding profiles is straightforward, allowing for precise control over traffic for internet and SaaS traffic, including Microsoft 365. Traffic profiles are also user aware and can be directed to specific groups in your enterprise as appropriate.
Figure 9: Flexible deployment options
Conclusion
Microsoft Entra Internet Access offers a robust, identity-centric SWG solution that secures access to internet and SaaS applications. By unifying Conditional Access policies across identity, endpoint, and network, it ensures every access point is safeguarded, adapting to the needs of a hybrid workforce and mitigating sophisticated cyberattacks. This strategic shift not only enhances security but also optimizes user experience, demonstrating Microsoft’s commitment to leading the transition to cloud-first environments.
Learn more and get started
Stay tuned for more Microsoft Entra Internet Access blogs and for a deeper dive into Microsoft Entra Private Access. For more information, watch our recent Tech Accelerator product deep dives.
To get started, contact a Microsoft sales representative, begin a trial, and explore Microsoft Entra Internet Access and Microsoft Entra Private Access general availability. Share your feedback to help us make this solution even better.
Anupma Sharma, Principal Group Product Manager
Read more on this topic
Simplify your Zero Trust strategy with the Microsoft Entra Suite and unified security operations platform, now generally available
Microsoft’s Security Service Edge products now in General Availability
Microsoft Entra Internet Access
Microsoft Entra Private Access
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Microsoft Entra News and Insights | Microsoft Security Blog
Microsoft Entra blog | Tech Community
Microsoft Entra documentation | Microsoft Learn
Microsoft Entra discussions | Microsoft Community
Microsoft Tech Community – Latest Blogs –Read More
Microsoft’s Secure Future Initiative
Build a security-first organization with up-to-date cybersecurity skills
Like others around the globe, your organization is likely dealing with an ever-increasing number of cyberthreats and you need skilled team members to help address them. According to the World Economic Forum Future of Jobs Report 2023, cybersecurity is near the top of the list of the fastest-growing job roles. There’s an increasing need for professionals with cybersecurity skills—a need that will continue to grow in the future. In the world of business today, every member of every team must be ready to address cyberthreats.
At Microsoft, one of the ways that we help counter these threats is to promote a security-first culture—security above all else. We continuously apply what we’ve learned from security incidents to improve our methods and practices. To that end, we’ve created the Microsoft Secure Future Initiative (SFI), our commitment to advance the way we design, build, test, and operate our technology so our solutions can meet the highest possible security standards.
Empower your workforce to counter cyberthreats
Strengthening your organization’s cybersecurity posture and supporting a security-first culture involves upskilling across all roles to handle cyberthreats. Get started on Microsoft Learn for Organizations, where you can find the latest team training resources and opportunities, including cybersecurity training to build skills that your teams can put to work right away. Check out the self-paced, on-demand, Microsoft Official Plans highlighted there, including:
Learning for Microsoft cybersecurity architects
Learning for Microsoft data security administrators
Learning for Microsoft identity and access administrators
Learning for Microsoft security operations analysts
Microsoft Security for business leaders and CISOs
Plus, Microsoft Learn for Organizations offers a variety of practical insights, inspiring success stories, and additional resources for teams that are skilling up to keep pace with fast-evolving technologies and close the skills gap.
Join us for an important cybersecurity skills webinar
Jump-start a skill-building plan to help your organization address threats to your data, assets, systems, and more. Join us online for the Microsoft Secure Future Initiative Master Class: Red vs. blue skills to counter cyberthreats, on September 25, 2024, from 9:00 AM to 11:00 AM Pacific Time, a webinar that focuses on monitoring and detecting threats and accelerating remediation—all part of the SFI pillars. In this important webinar, you can:
Learn from experts. Hear from Microsoft Security experts, along with Microsoft Certified Trainers from our Training Services Partner NetCom Learning.
Experience a red versus blue team demonstration. See Microsoft Security solutions, like Microsoft Sentinel, Microsoft Defender for Endpoint, and Defender XDR in action through real-world cyberattack scenarios.
Discover skills to help secure your organization. Explore learning paths to upskill your team and protect against evolving cyberthreats.
Join a live Q&A with experts. Get answers to your security training questions from some of the best in the industry.
Reserve your spot for this webinar, and let’s build a more secure future together!
Microsoft Tech Community – Latest Blogs –Read More
SQL server compatible with macbook pro m3 max via Parallels VM?
I’m having problems in installing SQL server on my macbook pro m3 max via parallels virtual machine. But I have this downloaded together with the SQL server management studio on my macbook pro m1 via parallels virtual machine.
I feel like I’ve wasted so much money buying the m3 max and I couldn’t even install the SQL server and SQL server management studio.
I hope someone can help me.
I’m having problems in installing SQL server on my macbook pro m3 max via parallels virtual machine. But I have this downloaded together with the SQL server management studio on my macbook pro m1 via parallels virtual machine. I feel like I’ve wasted so much money buying the m3 max and I couldn’t even install the SQL server and SQL server management studio. I hope someone can help me. Read More
REGISTER TODAY: Azure Nonprofit Office Hours on September 26th
Hello Partners,
Microsoft’s Tech for Social Impact (TSI) team is pleased to invite you to our Azure Nonprofit Office Hours on September 26th. Join Narindi Chhan, Azure Solution Specialist, Microsoft TSI and Chris Zimney, Director, Industry Architecture, Microsoft TSI as they share their take on all things Azure during open office hours.
When: Thursday, September 26
Where: Digital Event – Microsoft Teams Meeting
Agenda Highlights
Explore new Azure programs such as Open Source (PostgreSQL, Linux) and Nonprofit Azure Landing Zones
Offer insights in Azure: stay ahead of the curve with insights into Azure’s solutions for nonprofits.
Share success stories: learn from real-world examples of how organizations have leveraged Azure for social good.
Explore best practices: discover practical strategies that can elevate your nonprofit’s efficiency using Azure.
Register Today
Option 1: Thursday, September 26th | 8:00am – 9:00am PT | Register here
Option 2: Thursday, September 26th | 4:00pm – 5:00pm PT | Register here
For our partners who cannot make this digital event, please register to receive the recording.
Speakers
Hello Partners,
Microsoft’s Tech for Social Impact (TSI) team is pleased to invite you to our Azure Nonprofit Office Hours on September 26th. Join Narindi Chhan, Azure Solution Specialist, Microsoft TSI and Chris Zimney, Director, Industry Architecture, Microsoft TSI as they share their take on all things Azure during open office hours.
When: Thursday, September 26
Where: Digital Event – Microsoft Teams Meeting
Agenda Highlights
Explore new Azure programs such as Open Source (PostgreSQL, Linux) and Nonprofit Azure Landing Zones
Offer insights in Azure: stay ahead of the curve with insights into Azure’s solutions for nonprofits.
Share success stories: learn from real-world examples of how organizations have leveraged Azure for social good.
Explore best practices: discover practical strategies that can elevate your nonprofit’s efficiency using Azure.
Register Today
Option 1: Thursday, September 26th | 8:00am – 9:00am PT | Register here
Option 2: Thursday, September 26th | 4:00pm – 5:00pm PT | Register here
For our partners who cannot make this digital event, please register to receive the recording.
Speakers
Research Drop: Empowering Managers to Take Action on Survey Results & Insights
We work in environments that can sometimes feel overly inundated with data points and knowing how to focus our scope on the most relevant and critical data points can be tricky. This can be especially difficult for managers, as they are faced with the responsibility of their team’s experience and performance in addition to their own job responsibilities. A source of information of high value to managers is employee feedback, which often takes shape in survey data and insights. But do managers feel equipped to understand and act on this feedback?
Inspired by questions that are top of mind for our customers, our latest research explores how managers interpret and act on employee survey feedback. The Viva People Science team conducted a study with 703 US-based managers across 10+ industries, each overseeing at least five direct reports, to gain a deeper understanding of their experience, from common practices to barriers when it comes to acting on employee feedback. The findings revealed three critical areas:
Qualities of critical data and insights: Managers emphasize the importance of relevant, context-specific data to drive action, particularly for operational tasks, which they view as critical for having the right insights.
Survey themes vary in perceived actionability: Survey topics vary in their perceived ability to drive action. When evaluated by ease of improvement and control, some themes emerge as strategic opportunities, while others are seen as broader organizational challenges.
Formal action taking processes don’t guarantee action: Managers tend to engage in informal action planning, citing insights, effort, and tools as key barriers. There’s a clear opportunity to invest in high-value resources that are inconsistently provided by organizations.
Let’s now dive deeper into each of these critical areas.
Qualities of critical data and insights
When we think about what types of data and insights managers are accessing and consuming, it can be helpful to think about 1) what activities they are hoping to use it for and 2) what characteristics make the data actionable. In our survey, we asked managers to select the top activities for which they seek the right data and insights.
The top three activities surfaced by our sample were all operational-based activities – these fundamental activities that are often expected of managers to execute. What we learn from this is that managers are seeking data to bolster their ability to be an effective manager, driving performance and productivity on their team. We also saw that relational activities ranked lower on the list, such as advocating for their team and providing recognition. This suggests that while these are still important managerial behaviors, managers don’t rely as heavily on data to perform them.
We also asked managers to select the top characteristics that make data and insights actionable.
As shown in the table, relevance was the top characteristic (by almost +10 percentage points) that makes data and insights feel actionable to managers. Without this connection point, managers may not understand what is expected of them in terms of acting on irrelevant pieces of information. Tied for second were two organizational purpose-based characteristics, indicating that managers are also looking for the data and insights to be contextualized in the broader goals, values, and priorities of the organization. This helps provide the ‘why’ behind acting on these data and insights and how they ladder up to wider initiatives.
Survey themes vary in perceived actionability
There are various topics that may be asked on your company’s surveys (e.g., growth, recognition, culture) so we sought to understand to what extent managers feel it is easy to make meaningful improvements on these topics and whether they are empowered to act on them. We presented managers with a list of survey topics and asked them to rate 1) how easy the topic was to impact and 2) how much control they felt they had over that topic. Below you can see these topics presented with their average ‘ease’ and ‘control’ scores.
We found four categories of topics based on how managers felt about them.
Manager Low-Hanging Fruit: Considered easier to improve and well within the control of the manager can help get quick wins and keep momentum.
Strategic Challenges: Still within the control of the manager but considered more difficult to move the needle on, might challenge momentum.
Collective Efforts: Sits in the middle of ease and control. These topics require coordination and often rely on more business-level leadership.
Organizational Undertakings: Themes considered outside of the control of the manager and hard to improve; often considered more organization-wide initiatives.
When reviewing these buckets with the earlier data on critical activities, we noticed a strong overlap between the Strategic Challenges bucket and the top activities managers reported needing the right data and insights for (i.e., prioritization, collaboration/performance). In other words, there is a sweet spot of activities that are critical to the manager but not necessarily the easiest to make impactful and sustained progress on, where organizations can consider providing an additional layer of support or data.
Formal action taking processes don’t guarantee action
We sought to better understand the current manager experience from receiving data, to action taking, to seeing improvements by asking managers how they felt about their organizational practices around action taking, how many action taking behaviors they engaged in in the last 6 months, and their top barriers and resources in this process.
What we found was that even though managers felt favorably about their organization’s action taking practices, the fact that they have formal processes doesn’t guarantee action. Most of our managers reporting struggling to turn insights into action.
Under half of the managers sampled for this study reported engaging in any behaviors associated with action taking after receiving survey results and insights. In addition to the numbers above, we also saw that:
only 42% of managers reported recognizing their team for progress made
only 38% of managers reported sharing key survey results and insights with their team
only 25% of managers reported tying action plans to broader business objectives
and only 21% of managers reported conducting pulse surveys to assess progress
What this tells us is that even though managers have a formal action taking process at their organization, they likely do not feel as though they have the right resources or time to engage in action taking behaviors. To dive deeper into this, we asked managers what barriers they felt they faced when trying to act on survey results and insights.
The top three types of barriers reported by managers were related to the insight experience, the amount of effort needed, and the tools they are currently provided to take action.
Improving the relevance of insights: Managers feel the themes they are asked to act on are not within their control. We saw earlier that there are varying levels of controllable topics, and it can feel challenging to engage in action taking when topics feel outside of this scope. Organizations should focus on more targeted insights that address topics that managers feel empowered to act upon.
Increasing confidence: Managers can feel overwhelmed with trying to keep momentum going on action taking between survey signals and when they don’t see how others are staying engaged, it can impact their motivation to keep action taking top of mind. Organizations should focus on increasing managers confidence in the action taking experience by offering cross-team support and collaboration opportunities to make it a team- and organization-wide investment.
Activating tools: Managers are seeking additional tools to help them through the action-taking process. While there may be a formal process, it may not be aligned with formal tools that support managers’ efforts. Organizations should focus on increasing investment in centralizing tools for tracking, seeking feedback, and staying on top of action taking behaviors.
When thinking about reducing these barriers that managers are facing when approaching action taking, it’s also important to consider what resources they value the most to help them engage in action taking. It’s also important to consider what resources they may wish they had to further bolster their experience. We asked managers to name the resources they are currently receiving and the resources that they value (regardless of whether they currently receive them).
What we saw was that, in general, managers are receiving the resources that they value the most, including templates, action recommendations, training in how to take action, and examples of action taking. The opportunity where organizations may consider further exploring lies in the region of resources to invest in. These are high value resources that are less frequently provided by organizations (e.g., gen AI tools, targeted insights, ways to collaborate in the action planning process). We see similarities in these investment opportunities to the top barriers managers face in those insight and tool categories. What we can learn from this data is how to optimize our investment areas to better support our managers that are trying to act on survey results and insights. It helps us clarify what resources to focus on and what barriers we can try to reduce.
Watch how we’ve presented some of these findings in our recent Ask the Experts series on Enabling Managers and Identifying Insights from Reports (Viva Glint: Ask the Experts – Microsoft Adoption) and stay tuned for future research drops from the Viva People Science team!
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Graph connectors update: Expand Copilot’s knowledge with 50 million items of external data
We’re excited to share that Microsoft 365 and Office 365 subscriptions will now receive a 50 million item index per tenant without any extra cost for data ingested via Microsoft Graph connectors. With this change, the index quota entitlement per license is removed, as is add-on cost for additional quota.
Applicable subscriptions: Office 365 E1, Office 365 E3, Office 365 E5, Microsoft 365 E3, Microsoft 365 E5, Microsoft 365 F1, Microsoft 365 F3, Office 365 F3, Microsoft 365 Business Basic, Microsoft 365 Business Standard, Microsoft 365 Business Premium, Office 365 G1, Office 365 G3, Office 365 G5, Microsoft 365 G3, Microsoft 365 G5, Office 365 A3, Office 365 A5, Microsoft 365 A3, Microsoft 365 A5
Why Microsoft Graph connectors?
Microsoft Graph connectors allow organizations to bring data from external sources into Microsoft Graph to be discoverable across Microsoft 365 experiences, including grounding Microsoft 365 Copilot’s responses in more of your work content and context.
Acting as a single platform for all your enterprise data, Microsoft Graph allows your end-users to enjoy uniform experiences with your external content, Word documents, PowerPoint presentations, and other Microsoft 365 content. Learn more about experiences that you can enable with Microsoft Graph connectors in our documentation.
Is my data secure with Microsoft Graph connectors?
One crucial aspect of bringing content into Microsoft 365 is maintaining security and data access controls. When implementing Microsoft Graph connectors, you map existing access control lists to objects in Microsoft 365 and Entra ID, ensuring that only individuals with the right permissions can access content. This allows organizations to keep centralized access to their data secure. To learn more, please review our documentation.
Why are we making this change?
Previously, to index third-party data into Microsoft Graph through Microsoft Graph connectors, you either needed to have a built-in entitlement through specific licenses or purchase add-on quota. We recognize that indexing more external data into Microsoft Graph is vital for many organizations to fully realize the power and value of Microsoft 365 Copilot. Removing quota restrictions reflects our dedication to offering the best Microsoft 365 experiences, responding directly to customer feedback about the need for increased data capacity with Microsoft 365 Copilot. Learn more about Microsoft 365 Copilot extensibility with Graph connectors in our documentation.
What does this mean for you?
This change enables organizations to bring an incredible amount of external data into Microsoft Graph. Each record from the data source that you add to Microsoft Graph is considered “an item,” and enables external content to be discoverable across a set of Microsoft 365 experiences, including as a unique citation in Microsoft 365 Copilot’s responses.
Depending on the data source, one item can be:
One document (Word, Excel, PPT, PDF, etc.) in a file share
One wiki page
One web page
One ticket/issue
Total quota is based on the total items stored in the tenant’s index, and updates to an item don’t alter its count (i.e., there are no implications of updating an item multiple times; it still counts as 1 item within the tenant).
Whether you are a new customer or already using Microsoft Graph connectors and have any of the subscriptions mentioned above, your tenant will automatically update to a 50 million item index by the end of September 2024. Subscribers with ‘Extra Graph Connector capacity’ will be contacted about their active plans.
Next steps and resources
Get started with Microsoft Graph connectors today! Information is everywhere and its growth is exponential across the multitude of applications we use to get work done. Safely index your external data in Microsoft Graph alongside content from your Microsoft 365 apps to deliver intelligent results across Microsoft 365 apps and services, regardless of where that information resides. Your users will thank you for it.
Review resources and documentation about Microsoft Graph connectors and consider which external data sources you’d want to connect to Microsoft 365. If you have questions, please reach out to Microsoft Graph | Support.
Resources:
Microsoft Graph connectors overview | Microsoft Learn
Build Microsoft Graph connectors for Microsoft Copilot for Microsoft 365 | Microsoft Learn
Set up Microsoft Graph connectors in the Microsoft 365 admin center | Microsoft Learn
Microsoft 365 Dev Center
Follow us on Microsoft 365 Developer (@Microsoft365Dev) / X for the latest news and announcements
Microsoft Tech Community – Latest Blogs –Read More
Disabling Viva Engage Email Notifications to specific accounts
We have just begun using Viva Engage in our organization, and we want to disable the email notifications to specific mailboxes (efax mailboxes, shared mailboxes, etc.). Is there a way to accomplish this? Can I use a 365 Group to do so? Any help is greatly appreciated!!!
Adam
We have just begun using Viva Engage in our organization, and we want to disable the email notifications to specific mailboxes (efax mailboxes, shared mailboxes, etc.). Is there a way to accomplish this? Can I use a 365 Group to do so? Any help is greatly appreciated!!! Adam Read More
Am I able to add control numbers (ie, Bates numbers) to all pages in a PDF at once in SharePoint?
For instance, I have a 100 page PDF. I know I can add text by editing each individual page and manually typing in a number. However, is there a way to add the numbering to each page all at once? thanks
For instance, I have a 100 page PDF. I know I can add text by editing each individual page and manually typing in a number. However, is there a way to add the numbering to each page all at once? thanks Read More
Become a Sponsoring Partner for the Microsoft AI Tour Bern – Apply Now!
We’re excited to invite partners to join the Microsoft AI Tour in Bern on Thursday, 28th November 2024 as a Sponsoring Partner! Showcase your company’s innovations and engage with key decision-makers at this high-profile event. Event website: Please find the event website here.
Sponsorship Packages:
All the details about our sponsorship options are attached. Please complete the application form to apply for your preferred package.
Application Deadline:
:calendar: Submit your application by October 18, 2024
:e_mail: Email applications to: chevents@microsoft.com
Successful applicants will be notified by October 31, 2024.
Let’s make this event unforgettable together!
For questions, contact us at chevents@microsoft.com.
We’re excited to invite partners to join the Microsoft AI Tour in Bern on Thursday, 28th November 2024 as a Sponsoring Partner! Showcase your company’s innovations and engage with key decision-makers at this high-profile event. Event website: Please find the event website here.
Sponsorship Packages:All the details about our sponsorship options are attached. Please complete the application form to apply for your preferred package.
Application Deadline::calendar: Submit your application by October 18, 2024:e_mail: Email applications to: chevents@microsoft.com
Successful applicants will be notified by October 31, 2024.
Let’s make this event unforgettable together!
For questions, contact us at chevents@microsoft.com.
Read More
I’m trying to run junit test cases from ado and i see 403 error in the results
I’m trying to run junit test cases from ado and i see 403 error in the results. currently our ADO is in central us region and we are using azure hosted agents. I have whitelisted the ip’s for central us and azure hosted agents. still getting the 403 error. can you please share me the ip which we need to whitelist and if I’m missing anything
I’m trying to run junit test cases from ado and i see 403 error in the results. currently our ADO is in central us region and we are using azure hosted agents. I have whitelisted the ip’s for central us and azure hosted agents. still getting the 403 error. can you please share me the ip which we need to whitelist and if I’m missing anything Read More
Teams audio quality issues on iOS18
I foolishly upgraded my iPhone (11pro) to iOS18 yesterday. I now notice that Teams audio quality is terrible, constant glitching! While on a Teams group call I tried listening on both my iPhone (via air pods pro 2s) and on my PC on wired head phones. PC and wired headphones were fine so it’s not just the quality of the actual call. Anyone else found this issue?
I foolishly upgraded my iPhone (11pro) to iOS18 yesterday. I now notice that Teams audio quality is terrible, constant glitching! While on a Teams group call I tried listening on both my iPhone (via air pods pro 2s) and on my PC on wired head phones. PC and wired headphones were fine so it’s not just the quality of the actual call. Anyone else found this issue? Read More
Error Installing Windows 11 Insider Preview 27695.1000 (rs_prerelease)
oxC1900101 -0x20017
The installation failed in the SAFE_OS phase with an error during BOOT operation.
Procedure done.. disabled Antivirus, mounted version for AMDx64.
Make it around 5 times and no way.
Drivers are updated. Can someone help?
Regards
oxC1900101 -0x20017The installation failed in the SAFE_OS phase with an error during BOOT operation. Procedure done.. disabled Antivirus, mounted version for AMDx64.Make it around 5 times and no way. Drivers are updated. Can someone help? Regards Read More
Copilot in Excel riddles
Hi everyone, over the last few weeks we have had a series of posts to show you some of the things that are possible to do with Copilot in Excel. Today we’re going to try something fun:
tell me a riddle about an Excel feature
Copilot in Excel pane with the above prompt
Sure! Here’s a riddle for you:
I can sum, I can average, I can count with ease, I can find the max and min, if you please. I live in a cell, but I’m not in jail, What am I? Can you unveil?
What Excel feature am I?
What is the answer?
Copilot in Excel pane with the above prompt
The answer to the riddle is a formula! 😊 Formulas in Excel can sum, average, count, find the maximum and minimum values, and perform many other calculations within a cell.
Give me a riddle where the answer is conditional formatting
Copilot in Excel pane with the above prompt
Sure! Here’s a riddle for you:
I change colors based on rules, Highlighting cells, making them cool. With red, green, and yellow hues, What Excel feature am I, can you deduce?
What am I? 😊
Maybe try with your friends or coworkers and test their Excel knowledge in a fun way.
Over the coming weeks I will continue to share more examples of what you can do with Copilot in Excel.
Thanks for reading,
Microsoft Excel Team
*Disclaimer: If you try these types of prompts and they do not work as expected, it is most likely due to our gradual feature rollout process. Please try again in a few weeks.
Hi everyone, over the last few weeks we have had a series of posts to show you some of the things that are possible to do with Copilot in Excel. Today we’re going to try something fun:
tell me a riddle about an Excel feature
Copilot in Excel pane with the above prompt
Sure! Here’s a riddle for you:
I can sum, I can average, I can count with ease, I can find the max and min, if you please. I live in a cell, but I’m not in jail, What am I? Can you unveil?
What Excel feature am I?
What is the answer?
Copilot in Excel pane with the above prompt
The answer to the riddle is a formula! 😊 Formulas in Excel can sum, average, count, find the maximum and minimum values, and perform many other calculations within a cell.
Give me a riddle where the answer is conditional formatting
Copilot in Excel pane with the above prompt
Sure! Here’s a riddle for you:
I change colors based on rules, Highlighting cells, making them cool. With red, green, and yellow hues, What Excel feature am I, can you deduce?
What am I? 😊
Maybe try with your friends or coworkers and test their Excel knowledge in a fun way.
Over the coming weeks I will continue to share more examples of what you can do with Copilot in Excel.
Thanks for reading,
Microsoft Excel Team
*Disclaimer: If you try these types of prompts and they do not work as expected, it is most likely due to our gradual feature rollout process. Please try again in a few weeks. Read More
HELP!!! Trying to populate a table based on first month of revenue.
Hi. I’m stuck and could really use some help. In the attached picture, I’m trying to populate the Month of First Revenue (in this case 4 — D7 value) into the corresponding month (in this case F14). I need the formula to be dynamic so if I change D7, the revenue aligns under the correct month on the Sales row (row 14). Any help is greatly appreciated!!!
Hi. I’m stuck and could really use some help. In the attached picture, I’m trying to populate the Month of First Revenue (in this case 4 — D7 value) into the corresponding month (in this case F14). I need the formula to be dynamic so if I change D7, the revenue aligns under the correct month on the Sales row (row 14). Any help is greatly appreciated!!! Read More
Identify users not using MFA
Hi Microsoft Community,
I’d like to identify users who are authenticating to our M365 tenant without MFA.
Currently we have MFA enforced by way of Conditional Access policy applying to a group. However, I’d like to verify that all users in the tenant are authenticating with MFA as I suspect there are some users, such as ‘service accounts’, that do not.
If I go to Sign In Logs I can see some instances of ‘Single Factor Authentication’ but for accounts I know and can verify are using MFA by way of our Conditional Access policy. So it would seem like I’m overlooking something, or looking in the wrong place.
TIA
Hi Microsoft Community, I’d like to identify users who are authenticating to our M365 tenant without MFA. Currently we have MFA enforced by way of Conditional Access policy applying to a group. However, I’d like to verify that all users in the tenant are authenticating with MFA as I suspect there are some users, such as ‘service accounts’, that do not. If I go to Sign In Logs I can see some instances of ‘Single Factor Authentication’ but for accounts I know and can verify are using MFA by way of our Conditional Access policy. So it would seem like I’m overlooking something, or looking in the wrong place. TIA Read More
