Hi,

is there a way to show all existing errors when typed XML is validated?

I think MS SQL Server usues msxmlsql.dll to work with XML data.

https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-xml-preparedocument-transact-sql?view=sql-server-ver16

https://learn.microsoft.com/en-us/sql/relational-databases/sqlxml/sqlxml-4-0-programming-concepts?view=sql-server-ver16

But I haven’t found any information about this dll.

I’m wondering if there is an option in MS SQL Server like in:

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms767720(v=vs.85)

and

https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms763769(v=vs.85) -> MultipleErrorMessages = true

Can you give me some advice?

​Hi,is there a way to show all existing errors when typed XML is validated? I think MS SQL Server usues msxmlsql.dll to work with XML data.https://learn.microsoft.com/en-us/sql/relational-databases/system-stored-procedures/sp-xml-preparedocument-transact-sql?view=sql-server-ver16 https://learn.microsoft.com/en-us/sql/relational-databases/sqlxml/sqlxml-4-0-programming-concepts?view=sql-server-ver16But I haven’t found any information about this dll. I’m wondering if there is an option in MS SQL Server like in:https://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms767720(v=vs.85)andhttps://learn.microsoft.com/en-us/previous-versions/windows/desktop/ms763769(v=vs.85) -> MultipleErrorMessages = trueCan you give me some advice?  Read More

​

Hi,

I have a OneDrive for a deleted user that is still showing in my reports as using up to 60GB of space. Is there anyway i can access this users one drive to either export it or just delete it as i need to recover the used space and completely remove reference to that user. The retention period is set at 30 days but as i said it still shows in my reports, so i am assuming the data is still there. Thanks.

​Hi,I have a OneDrive for a deleted user that is still showing in my reports as using up to 60GB of space. Is there anyway i can access this users one drive to either export it or just delete it as i need to recover the used space and completely remove reference to that user. The retention period is set at 30 days but as i said it still shows in my reports, so i am assuming the data is still there. Thanks.  Read More

​

Tasks are disappearing from To Do (Microsoft 365 Enterprise). I have one list that is just a list (ie, I never mark entries as completed). I don’t know how many entries there were originally, but I would think close to 100. Recently I noticed it had dropped to 41, a few days later to 31, then 29 and today it has 27 entries. There’s no problem syncing between devices and platforms; they’re all showing the same items at any one point in time. Someone in another Microsoft community suggested they could be being automatically archived. I’ve asked our internal IT team to look at a policy that stops To Do items from being archived. If the items have been archived, my problem is that I don’t know where they’re being archived to so that I can recover them. I do have Online Archiving configured, but there’s no folder either in my main mailbox or in my online archive that looks like it would contain To Do items (eg, there’s no Tasks folder). Any help in either understanding what’s causing my To Do items to progressively disappear, or where my lost To Do items could be recovered from would be greatly appreciated.

​Tasks are disappearing from To Do (Microsoft 365 Enterprise). I have one list that is just a list (ie, I never mark entries as completed). I don’t know how many entries there were originally, but I would think close to 100. Recently I noticed it had dropped to 41, a few days later to 31, then 29 and today it has 27 entries. There’s no problem syncing between devices and platforms; they’re all showing the same items at any one point in time. Someone in another Microsoft community suggested they could be being automatically archived. I’ve asked our internal IT team to look at a policy that stops To Do items from being archived. If the items have been archived, my problem is that I don’t know where they’re being archived to so that I can recover them. I do have Online Archiving configured, but there’s no folder either in my main mailbox or in my online archive that looks like it would contain To Do items (eg, there’s no Tasks folder). Any help in either understanding what’s causing my To Do items to progressively disappear, or where my lost To Do items could be recovered from would be greatly appreciated.  Read More

​

Detecting browser anomalies is crucial for early identification and prevention of cyber threats, preventing data breaches and attacks by monitoring for unexpected browser activities. Browser anomaly detections can spot unusual session activities, preventing attackers from impersonating legitimate users. During Adversary-in-the-Middle attacks, it helps to identify unauthorized interceptions of a session cookie which can be used to gain access to user credentials. By responding swiftly to these early activities, organizations can address potential security incidents effectively, enhancing their overall security measures. Microsoft Defender XDR offers a variety of detections to detect browser anomaly and disrupt attacks automatically.

Microsoft Defender XDR’s automatic attack disruption stops in-progress attacks and minimizes their impact on organizational assets by isolating compromised assets and providing security teams with more time to fully remediate incidents. By disrupting attacks early, it helps prevent the spread of threats and reduces wider implications-such as associated financial costs and losses in productivity.

This blog post offers insights into utilizing browser anomalies and malicious sign-in traits to execute attack disruption at the earliest stages, preventing attackers from achieving their objectives.

Browser related information – such as the user-agent string acts as an identifier to ascertain the type of browser a client is using, its version, and the operating system. Detecting anomalies in browser usage can play a critical role in identifying malicious activities. For example, if a user’s account is accessed from a different browser or a distant geographical location unexpectedly, it might indicate that the account has been compromised. Furthermore, monitoring changes in browser usage is essential for detecting instances of session hijacking – where an attacker takes control of a user session after the user has authenticated. Session hijacking attacks result in a very critical attack paths like multi-stage AiTM phishing, Business Email Compromise (BEC), and Persistence through the creation of OAuth application. Maintaining the integrity of sessions requires ensuring consistency in a user’s attributes, including browser. Any sudden changes in these attributes could signal a potential security threat.

Identifying potential threats and unusual activities via browser anomalies demands a thorough analysis of the patterns and discrepancies observed in the browser related information, such as user-agent string during user sign-in events. Relying solely on browser related information discrepancies may not offer sufficient context to identify an anomaly. To ensure efficient detection, it typically involves correlating browser related information with additional behavioral and environmental data. Microsoft Defender XDR employs various techniques to detect browser anomalies, utilizing robust signals from Microsoft Entra to bolster confidence.

Here is the systematic approach used to detect browser anomalies:

Data collection – Gather data from user sign-in activities, focusing on browser related information such as user-agent strings, operating system, browser cookie, sessionId, IP address, and location.
Baseline establishment – Create a baseline profile of expected behavior for users or groups by analyzing historical data to identify normal patterns of Browser usage, location, and IP address, then flag deviations based on heuristic analysis.
Real-time monitoring and anomaly detection – Entra ID Protection continuously monitors and detects anomalies before, during, and after sign-in sessions in real-time using UEBA and machine learning algorithms. Enhance your security posture by implementing RBCA policies that integrate with Defender XDR, proactively assessing risks such as browser switching, unusual browser or user-agent, and geographical inconsistencies.
Correlating threat intelligence – Enhance detection by analyzing past attack patterns and monitoring infrastructures of known threat actors, focusing on user-agent strings linked to known threats or observed in previous real attacks.

By utilizing these high confident signals from Entra ID, Defender XDR provides multiple detectors that identifies high-confidence browser anomalies. These detectors are enabled for automatic attack disruption. Attack disruption disables the compromised user accounts in both Active Directory and Entra ID and prevents attack progression.

Below is a list of detections that automatically disrupt attacks based on browser anomalies.

Detection

Description

User signed in from suspicious browser and location

This XDR detection triggers based on successful sign in from suspicious browser and location.

User compromised through session cookie hijack

This detection triggers when it detects malicious sign-in activities involving multiple browsers and unusual browser switching within same session.

Read more about session hijack, how to prevent, detect, and respond to cloud token theft.

BEC-related authentication

This detection triggers by verifying the presence of threat actor based on previous attack patterns, malicious user-agent and detecting malicious browser anomaly based on real time sign-in risk.

Below is a real-world example of how these detectors will stop attack progression by performing early disruption.

Figure 1. Disrupt attack progression at earliest based on browser anomaly detections

The progression of a Business Email Compromise (BEC) attack started with malicious sign-in to Office Home with a browser anomaly, leading to subsequent account compromises and a phishing attack. Defender XDR disrupts the attack early on in the kill chain based on prevalent signals and anomaly detections to stop the progression without SOC intervention.

Microsoft’s XDR Effectively Contains Attacks, Thwarting Attacker Objectives

Figure 2. An example of a contained incident by user disruption, with attack disruption tag

To ensure SOC teams have full control, they can configure automatic attack disruption and easily revert any action from the security portal.

Get started

Make sure your organization fulfills the Microsoft Defender XDR pre-requisites

Check out our documentation to learn more about attack disruption prerequisites, available controls, and indications.  

Connect Microsoft Defender for Cloud Apps 
Deploy Microsoft Entra ID Protection.
Deploy Defender for Endpoint. A free trial is available here.
Deploy Microsoft Defender for Identity.

Learn more about other scenarios such as Business Email Compromise (BEC), Ransomware,

Adversary-in-the-middle (AiTM) supported by automatic attack disruption

​Microsoft Tech Community – Latest Blogs –Read More 

Hello

Is it possible to export Devops Stories to Planner?
I know you can do that from Planner to Devops but does it work

the other way around.

Regards

JFM_12

​HelloIs it possible to export Devops Stories to Planner?I know you can do that from Planner to Devops but does it workthe other way around.RegardsJFM_12  Read More

​

Hi, I’m looking to do following but am stuck:

Calculate the sum of a set of numbers. (These are laid out in a column.)Calculate a % of that sum.Round that % up to the nearest (in this case) 0.5.Spread that % out proportionally in a column next to the original one (but in increments of – in this case – 0.5).

I need advice from an Excel ninja.  It’s probably clearer if I show what I’m doing currently and why it’s not right:

I’m comparing the no.s highlighted in green.  The total for Value 2 is way higher than 25% of the Value 1 total due to multiple rounding-up errors.

I realise I could get the two numbers a lot closer if I rounded to the NEAREST no. on each row instead of rounding UP, but I don’t think that guarantees me a result where the 2 green no.s match every time. 

Is there a way to take that 1st green no. and spread it proportionally across the Value 2 column, rounding each Value 2 row up or down as needed, as per the unscientifically fudged version below? 

Thanks in advance, appreciated

​Hi, I’m looking to do following but am stuck:Calculate the sum of a set of numbers. (These are laid out in a column.)Calculate a % of that sum.Round that % up to the nearest (in this case) 0.5.Spread that % out proportionally in a column next to the original one (but in increments of – in this case – 0.5).I need advice from an Excel ninja.  It’s probably clearer if I show what I’m doing currently and why it’s not right:I’m comparing the no.s highlighted in green.  The total for Value 2 is way higher than 25% of the Value 1 total due to multiple rounding-up errors. I realise I could get the two numbers a lot closer if I rounded to the NEAREST no. on each row instead of rounding UP, but I don’t think that guarantees me a result where the 2 green no.s match every time.  Is there a way to take that 1st green no. and spread it proportionally across the Value 2 column, rounding each Value 2 row up or down as needed, as per the unscientifically fudged version below?  Thanks in advance, appreciated  Read More

​

Experts, how would I handle a #error output for some of the records? 

the below doesnt work since records still have #error: 

CurrAmount: IIf(IsNull([CurrAmt]),0,[CurrAmt])

thank you.  Let me know if not clear.  

my query looks like this:

​Experts, how would I handle a #error output for some of the records?  the below doesnt work since records still have #error: CurrAmount: IIf(IsNull([CurrAmt]),0,[CurrAmt]) thank you.  Let me know if not clear.   my query looks like this:    Read More

​

Hi

Trying to use new copilot GPT. I am on the demo website, and I keep getting the same error, which is:

“An error has occurred. Error code: AuthenticationNotConfigured Conversation Id: HvJXikXQmyp8Y8n4f8rkAP-eu Time (UTC): 2024-09-18T10:55:49.093Z.”

I have already set authentication required to none. Also tried publishing several times and waiting 24 hours but the error persists.

I find I can ask it general questions like “how are you” but as soon as I ask it questions relating to the uploaded test documents, this error comes. How to fix?

​HiTrying to use new copilot GPT. I am on the demo website, and I keep getting the same error, which is: “An error has occurred. Error code: AuthenticationNotConfigured Conversation Id: HvJXikXQmyp8Y8n4f8rkAP-eu Time (UTC): 2024-09-18T10:55:49.093Z.” I have already set authentication required to none. Also tried publishing several times and waiting 24 hours but the error persists. I find I can ask it general questions like “how are you” but as soon as I ask it questions relating to the uploaded test documents, this error comes. How to fix?   Read More

​

In today’s digital age, the security of applications, servers, and networks is paramount. One of the most significant threats to this security is Distributed Denial of Service (DDoS) attacks. These attacks can cripple your infrastructure, leading to downtime, loss of revenue, and damage to your reputation. Therefore, it is crucial to implement robust protection mechanisms to safeguard your digital assets.

Azure DDoS Protection offers a comprehensive solution to defend against these malicious attacks. It provides automatic attack detection and mitigation, ensuring that your applications and services remain available even during an attack. Azure DDoS Protection is seamlessly integrated with Azure’s native services, making it an ideal choice for businesses already leveraging the Azure ecosystem. Some of the salient features of Azure DDoS Protection include Adaptive Tuning, Attack Analytics and Metrics, DDoS Rapid Response etc. By leveraging Azure DDoS Protection, businesses can ensure the resilience and availability of their digital infrastructure, providing peace of mind in an increasingly hostile cyber environment.

In this blog we will be focusing on how to understand the current DDoS attacks landscape within our environment using Azure DDoS Workbook.

Investigating DDoS Attacks Landscape with Azure DDoS Workbook

When a DDoS attack occurs, it’s crucial to have the right tools to investigate and understand the attack’s impact. The Azure DDoS Workbook is an invaluable resource for this purpose. It provides detailed insights into DDoS attack traffic over a given period of time in a single dashboard. For more information on a deep dive investigation of a DDoS Attack, check the detailed steps mentioned here.

Setting up the DDoS Workbook: Outlined below are the necessary steps to set up and effectively utilize the DDoS workbook.

Configure Diagnostic Logging and Metrics: Ensure that diagnostic settings are enabled for the public IP addresses you want to monitor. This will allow you to collect the required DDoS mitigation flow logs, reports and Metrics as shown below.

Access the Azure DDoS Workbook: The Azure DDoS Workbook can be deployed from either installing the Sentinel Solution for Azure DDoS Protection or using the deployment template in the Azure Network Security GitHub repository as shown below. It provides a comprehensive view of DDoS attack metrics and logs in a single dashboard.

1. Sentinel Solution: Navigate to the Sentinel Blade’s Content Hub tab and install the Azure DDoS Protection Solution.

2. Net Sec GitHub Repository: Navigate to the Net Sec GitHub Repository and deploy the workbook using Azure Deploy button as shown below:

Configuring the Azure DDoS Workbook: The Azure DDoS Workbook needs to be provided with the Log Analytic Workspace, TimeRange and Public IP resource details as shown below:

Analyzing the Workbook Details:

Traffic Overview: This section offers comprehensive details on the total number of packets and the various categories of dropped packets during the DDoS attacks for the timeline defined in the above step.

Last Ten DDoS Attack Reports: This section provides the details of Attack reports, resources affected, attack vectors and packet information as we can see below.

Location and Protocol details: This section provides categorized details on the protocols involved in the DDoS attacks, the origins of these attacks, and the protocol violations that occurred during past DDoS incidents.

Raw DDoS Mitigation and Flow Logs: Furthermore, if we would like to take a look at the Raw DDoS Logs those are also available as part of the workbook so that we do not have to separately look for them in the log analytic workspace. DDoS mitigation flow logs listed here are based on the sampled data.

DDoS Metrics Tab: The DDoS Metrics Tab provides graphical representation of all the important metrics like Packet count, Syn packets threshold to trigger DDoS mitigation, inbound DDoS TCP/UDP packets and Under DDoS attack or not as shown below. For detailed information on these metrics, check the blog referenced here. Most of the metrics here are based on number of Packets Per Second and Packets/Byte Counts.

Investigation Tab: The Investigation Tab in the workbook offers specific details on the number of packets that were dropped or allowed during past DDoS attacks, including the ports involved. Additionally, this tab provides information on the top attacking IPs and the timeline of the mitigation activities, as illustrated below.

Conclusion:

Azure DDoS Protection is a powerful service that helps protect your Azure resources from DDoS attacks. By leveraging the Azure DDoS Workbook, you can gain valuable insights into attack traffic and mitigation actions, enabling you to respond effectively and maintain the availability of your applications. Stay vigilant and proactive in defending against DDoS attacks to ensure the resilience of your online services.

​Microsoft Tech Community – Latest Blogs –Read More 

In the Word title bar where the filename is shown, Office 365 Word has very recently stopped saying if the file is “saved” or “saved to pc”.    This feature seems to still exist in Excel.- see screenshots. 

          .   

This is a very useful feature.

In the version 2408 release notes for August 26 (https://learn.microsoft.com/en-gb/officeupdates/current-channel#word)  it says “We fixed an issue where a document displayed as saved instead of working offline.”   I wonder if this “fix” is the culprit!

Please can we have the information in the title bar about whether the file is saved or not back.

Thanks

​In the Word title bar where the filename is shown, Office 365 Word has very recently stopped saying if the file is “saved” or “saved to pc”.    This feature seems to still exist in Excel.- see screenshots.           .    This is a very useful feature.  In the version 2408 release notes for August 26 (https://learn.microsoft.com/en-gb/officeupdates/current-channel#word)  it says “We fixed an issue where a document displayed as saved instead of working offline.”   I wonder if this “fix” is the culprit! Please can we have the information in the title bar about whether the file is saved or not back.  Thanks  Read More

​