Month: September 2024
Excel formula with commission based tiers
Hello!
I can’t wrap my head around how to create this formula.
In cell I20 I have an employee’s net sales. In I21 I want to create a formula that will give their commission earnings.
So for example, if the employee has $132,000 in annual sales, their commission tier would be 2%, BUT they wouldn’t just get a blanket 2% on their annual sales. They would have 0% commission on the first $50,000, 1% on the $50k-100k, etc.
Thank you!
Hello! I can’t wrap my head around how to create this formula. In cell I20 I have an employee’s net sales. In I21 I want to create a formula that will give their commission earnings. So for example, if the employee has $132,000 in annual sales, their commission tier would be 2%, BUT they wouldn’t just get a blanket 2% on their annual sales. They would have 0% commission on the first $50,000, 1% on the $50k-100k, etc. Thank you! Read More
Can anyone shed some light on what happened with SharePoint lists? SUPER slow to non-functional
Hi. We currently update a SP list using an Excel spreadsheet that compares new stuff to what’s already in the list. Anything new in the spreadsheet that isn’t in the list gets copied/pasted to the bottom of the list. That still works. But we also identify anything that needs to be removed (i.e., it’s in the SP list but not in the updated Excel sheet, and the only way to transfer that info to the SharePoint list is to copy from the Excel sheet and paste into the SP list (grid view). Then the list can be filtered on flagged items to remove them. That part is no longer working.
Prior to June 2024, that process did work, albeit very slowly and poorly; could paste in only ~100 records at a time. Then in June, something changed with SP, and the look of list changed, but so did the performance – to the better! Still not 100% great, but way better than before. But, sometime during the first week of September, Microsoft rolled SharePoint back, and now I don’t seem to be able to paste in anything. At all.
This is a major impact and setback to our processes. Does anyone have any information on what MS did and why? I’ve even got a ticket in with a Microsoft Support Escalation Engineer, and she said, “I have not found anything indicating why they made the change but I know they made a lot of changes to the Lists recently.”. I appreciate any information folks may have – including a better way to update a SP list. Thank you!
Hi. We currently update a SP list using an Excel spreadsheet that compares new stuff to what’s already in the list. Anything new in the spreadsheet that isn’t in the list gets copied/pasted to the bottom of the list. That still works. But we also identify anything that needs to be removed (i.e., it’s in the SP list but not in the updated Excel sheet, and the only way to transfer that info to the SharePoint list is to copy from the Excel sheet and paste into the SP list (grid view). Then the list can be filtered on flagged items to remove them. That part is no longer working. Prior to June 2024, that process did work, albeit very slowly and poorly; could paste in only ~100 records at a time. Then in June, something changed with SP, and the look of list changed, but so did the performance – to the better! Still not 100% great, but way better than before. But, sometime during the first week of September, Microsoft rolled SharePoint back, and now I don’t seem to be able to paste in anything. At all. This is a major impact and setback to our processes. Does anyone have any information on what MS did and why? I’ve even got a ticket in with a Microsoft Support Escalation Engineer, and she said, “I have not found anything indicating why they made the change but I know they made a lot of changes to the Lists recently.”. I appreciate any information folks may have – including a better way to update a SP list. Thank you! Read More
What the latest Copilot enhancements mean for Small and Medium-sized Businesses
Hey Everyone! In case you missed it, Microsoft made a slate of announcements earlier today discussing the next phase of Copilot for work.
These include improvements in Excel with the integration of Python unlocking the ability to use everyday language to analyze data, new features such as Prioritize my inbox in Outlook, and Narrative builder in PowerPoint, and the addition of Copilot Pages within BizChat to foster collaboration while using AI generated content. Read more about these enhancements and more in this blog from Brenna Robinson.
What are you most interested in trying out first? Sound off in the comments.
Hey Everyone! In case you missed it, Microsoft made a slate of announcements earlier today discussing the next phase of Copilot for work.
These include improvements in Excel with the integration of Python unlocking the ability to use everyday language to analyze data, new features such as Prioritize my inbox in Outlook, and Narrative builder in PowerPoint, and the addition of Copilot Pages within BizChat to foster collaboration while using AI generated content. Read more about these enhancements and more in this blog from Brenna Robinson.
What are you most interested in trying out first? Sound off in the comments. Read More
Can you change the visualization of the Group Calendar web part?
Good afternoon, is it possible to change the Group Calendar web part’s layout to reflect a 30/31 day view, instead of event-by-event? I am shocked there is not an OOTB option for this…
Thank you in advance!
Morghan C.
Good afternoon, is it possible to change the Group Calendar web part’s layout to reflect a 30/31 day view, instead of event-by-event? I am shocked there is not an OOTB option for this… Thank you in advance! Morghan C. Read More
Intune enrollment – deploying an IPAD same configuration 50 clients
I work in a manufacturing warehouse and we are moving from a handheld scanner Windows mobile to an ipad with a bluetooth scanner. I dont want to configure these as a shared device in intune , but a managed device in intune that will run at most 3 apps. I’m trying to understand the best way to configure the device with a single account and then the ipad will be locked down with a wifi connection and run the apps internally, mostly a url in a browser. The plan is to configure these devices in fully supervised mode in intune
I work in a manufacturing warehouse and we are moving from a handheld scanner Windows mobile to an ipad with a bluetooth scanner. I dont want to configure these as a shared device in intune , but a managed device in intune that will run at most 3 apps. I’m trying to understand the best way to configure the device with a single account and then the ipad will be locked down with a wifi connection and run the apps internally, mostly a url in a browser. The plan is to configure these devices in fully supervised mode in intune Read More
Partner Blog | Microsoft partners: Driving economic value and AI maturity
By Nicole Dezen, Chief Partner Officer and Corporate Vice President, Global Partner Solutions
the past year we experienced significant transformation, driven by AI, impacting the world and the tech industry in dynamic ways. In nearly every conversation I have with partners, we discuss how AI is delivering faster time to value for customers across nearly every industry and opening new possibilities and huge economic potential. In fact, IDC projects that generative AI will add nearly $10 trillion to global GDP over the next decade.
As we look toward Microsoft’s 50th year, we remain committed to empowering every person and every organization on the planet to achieve more. We are proud to lead AI transformation and deliver a trustworthy AI platform for customers and partners to enhance their services, increase productivity, and drive business success. Microsoft Copilot, the Copilot stack, and Copilot+ PCs are pioneering the way in alignment with our commitment to security. Together, these tools provide the most sophisticated platform for leveraging data and developing AI solutions that deliver secure, transformative experiences that were previously beyond our imagination.
Continue reading here
Microsoft Tech Community – Latest Blogs –Read More
Is there any way to set the language of transcripts on meeting recordings?
We’re using MS teams to record our meetings and autimatically generate transcripts in spanish (Mexico) which teams automatically sets to spanish(spain) and butchers the entire conversation. It works well, great even, when spanish (Mexico) is set manually, but Its a massive hassle to do that every single meeting. I want to know if theres a way to set the language of the meeting to be spanish (Mexico) and have it stay that way unless its manually changed.
We’re using MS teams to record our meetings and autimatically generate transcripts in spanish (Mexico) which teams automatically sets to spanish(spain) and butchers the entire conversation. It works well, great even, when spanish (Mexico) is set manually, but Its a massive hassle to do that every single meeting. I want to know if theres a way to set the language of the meeting to be spanish (Mexico) and have it stay that way unless its manually changed. Read More
Edit pages in Copilot pro
is “edit pages” available for personal users with MS 365 family subscription if they also purchase Copilot Pro?
is “edit pages” available for personal users with MS 365 family subscription if they also purchase Copilot Pro? Read More
Unable to Restrict Sensitive Data Access by Microsoft Edge via Endpoint DLP Policy
Hello everyone,
I’ve been running into a peculiar issue where actions we have configured to be blocked via our Endpoint DLP policies do not apply to the Microsoft Edge browser. Currently, we have a DLP policy configured to block attempts to access protected files by a list of restricted apps. Our restricted apps include “firefox.exe”, “chrome.exe”, “msedge.exe” and “msedgewebview2.exe“. When the sensitive content is accessed by either Chrome or Firefox, the DLP policy works correctly (Block with override), but the policy completely refuses to work in any scenario that involves Edge. The data we are using as an example is able to be accessed by the Edge executables without restriction.
Has anyone else run into this issue? It’s strange to me that for some reason Edge is just completely exempt from the DLP policy actions we have implemented.
Thank you!
Hello everyone, I’ve been running into a peculiar issue where actions we have configured to be blocked via our Endpoint DLP policies do not apply to the Microsoft Edge browser. Currently, we have a DLP policy configured to block attempts to access protected files by a list of restricted apps. Our restricted apps include “firefox.exe”, “chrome.exe”, “msedge.exe” and “msedgewebview2.exe”. When the sensitive content is accessed by either Chrome or Firefox, the DLP policy works correctly (Block with override), but the policy completely refuses to work in any scenario that involves Edge. The data we are using as an example is able to be accessed by the Edge executables without restriction. Has anyone else run into this issue? It’s strange to me that for some reason Edge is just completely exempt from the DLP policy actions we have implemented. Thank you! Read More
Microsoft Lists with approvals…just doesn’t work…need help
I created a list called “Content Scheduler with approvals,” which automatically incorporates approvals. However, it has been a struggle from the beginning, with zero customization options, and this has pushed me to the point where I am looking at other products to replace this.
My first and most significant problem is that when approval is requested or even approved, the approval is canceled as soon as you change any fields in the item, and you lose all data. This is a significant problem because, firstly, when approval is requested, the publish status should be updated to “Draft needs approval.” Similarly, when the approval request is approved, the status should be updated to “Ready to publish.”. This is, unfortunately, not possible because a status change resets and deletes the approval activity! This makes no sense, and we cannot properly track the status of the content. Does anyone know how to fix this?
Secondly, approvals only work in Teams, so users are only notified of approval requests in the “Activity” section. Sorry, but nobody uses this feature, so these requests get lost and buried quickly in the activity thread, and interaction is terrible. We want to send an email notification, but I have not found a way to enable this. Do you have any ideas here? Do I have to start from scratch and build a custom approval app myself?
Any help would be appreciated.
I created a list called “Content Scheduler with approvals,” which automatically incorporates approvals. However, it has been a struggle from the beginning, with zero customization options, and this has pushed me to the point where I am looking at other products to replace this. My first and most significant problem is that when approval is requested or even approved, the approval is canceled as soon as you change any fields in the item, and you lose all data. This is a significant problem because, firstly, when approval is requested, the publish status should be updated to “Draft needs approval.” Similarly, when the approval request is approved, the status should be updated to “Ready to publish.”. This is, unfortunately, not possible because a status change resets and deletes the approval activity! This makes no sense, and we cannot properly track the status of the content. Does anyone know how to fix this? Secondly, approvals only work in Teams, so users are only notified of approval requests in the “Activity” section. Sorry, but nobody uses this feature, so these requests get lost and buried quickly in the activity thread, and interaction is terrible. We want to send an email notification, but I have not found a way to enable this. Do you have any ideas here? Do I have to start from scratch and build a custom approval app myself? Any help would be appreciated. Read More
New alerts for Windows updates in Microsoft Intune
You can now better find and troubleshoot devices that aren’t reporting Windows update progress in Microsoft Intune reports. It might not have been evident before, but devices that aren’t sending diagnostic data to Microsoft can’t show detailed device status in the deployment process.
Two new alerts will give you better insights into these issues: DeviceDiagnosticDataNotReceived and MinimumOSBuildNotMet. You can find them integrated into Intune reporting just as they are in Windows Update for Business reports and Log Analytics. Let’s learn what these alerts mean, where to find them, and how to troubleshoot and remediate the underlying issues.
Reporting issues and causes
Have you ever faced any of the following issues while monitoring Windows update deployment?
Devices appear “offline,” preventing the update installation process, while other times they are updated successfully.
Devices in a deployment appear stuck in the “scheduled” or “offer-ready” states for a prolonged period, sometimes even after the update has been successfully installed. That is, they never show correct progress, such as “installing,” “waiting for a restart,” etc.
Devices don’t appear in Windows Update for Business reports after enrollment. This happens if the device never communicated diagnostic data in the first place or had not done so in more than 28 days.
These issues occur when a device fails to communicate client data. Some of the top causes are device inactivity or misconfigured client data settings. Another possible cause is that the device may not be on the required minimum OS build to qualify for report enrollment. You can gauge deployment success and monitor the overall health of your organization more effectively with device compliance alerts related to diagnostic data.
Device compliance alerts
Whatever reporting tool you use, it’s critical to see the true state of devices in your organization. Windows diagnostic data allows you to pinpoint a device’s progress through the deployment process and detect any issues that trigger alerts. Alerts provide details about what prevents devices from updating and give clear guidance on resolving these issues with targeted solutions. Here are the insights you can get with the two new alerts and the existing alert in Microsoft Intune.
New DeviceDiagnosticDataNotReceived alert
The DeviceDiagnosticDataNotReceived alert identifies devices that fail to send diagnostic data and thus their client status appears incorrectly in reports.
Meaning: Device is not communicating diagnostic data. This is a generic signal, and the reasons include but are not limited to:
Incorrect diagnostic data configuration
No configuration to send diagnostic data
Blocked network endpoints
Recommended action: Make sure that the device is correctly configured to share diagnostic data. Enable use of Windows diagnostic data by Intune and see the troubleshooting and remediation section below.
Reporting availability: Microsoft Intune (new), Windows Update for Business reports
Note: The DeviceDiagnosticDataNotReceived alert does not mean that the device is incapable of installing the updates offered to it. The report simply cannot represent the true state of the device since it’s dependent on receiving diagnostic data from the device.
New MinimumOSBuildNotMet alert
The MinimumOSBuildNotMet identifies a subset of missing devices that fail to qualify for report enrollment.
Meaning: Device does not meet the minimum servicing requirement for enrollment into reports due to the missing Windows diagnostic data processor configuration.
Recommended action: Ensure that the device has at least the January 2023 non-security update or February 2023 cumulative update installed. Learn more about Windows diagnostic processor support.
Reporting availability: Microsoft Intune (new), Windows Update for Business reports (new)
Important: The minimum OS build requirement is the January 2023 non-security update or later cumulative update for clients to enroll into Intune reports and Windows Update for Business reports.
Existing InsufficientUpdateConnectivity alert
A related alert that you might be more familiar with is InsufficientUpdateConnectivity. While not new, it complements the understanding of the bigger picture.
Meaning: Device is inactive, or its diagnostic data is not enough to validate sufficient activity to successfully update the device.
Recommended action: Make sure that the device is active and connected to the internet.
Reporting availability: Microsoft Intune, Windows Update for Business reports
The three alerts are mutually exclusive. An active DeviceDiagnosticDataNotReceived alert only provides a general overview of devices missing from reports for a variety of unspecified reasons. Devices with a known reason, such as not meeting the OS build prerequisite, would be instead identified by an active MinimumOSBuildNotMet alert. Likewise, the InsufficientUpdateConnectivity alert is more specific than the generic alert. These specific alerts would never appear as active together with DeviceDiagnosticDataNotReceived on the same device.
Let’s see how you can use these alerts in Microsoft Intune just as you do in Windows Update for Business reports or Log Analytics.
Integration with Microsoft Intune reporting
Whether you’re managing a few devices or thousands, Microsoft Intune helps you ensure that Windows update deployments run smoothly. Imagine that you want to monitor groups of devices associated with specific deployment policies. You can do so for the active devices that meet the prerequisites for enrollment to reports and consistently communicate diagnostic data. Here’s how you can locate and troubleshoot these scenarios with the new alerts.
Like all other alerts in Intune, view these alerts in the main status report and failure reports in Intune.
Log in to the Microsoft Intune admin center.
Navigate to Reports.
Under Device management, select Windows updates.
Switch to the Reports tab.
Select to open the desired report from the available tile list. Note: We’re using an expedited updates report as an example here, but you can apply the following steps to the feature update and driver update reports as well.
Select the desired Update policy and Update aggregated status.
Select the Generate report button to view the results.
Failure reports bring together devices under specific policies that have errors or alerts. To view the failure reports:
Start in the Microsoft Intune admin center.
Navigate to Devices.
Under Manage updates, select Windows updates.
Switch to the Monitor tab.
Select the KPI card of the desired policy for a detailed view.
Select a profile from the list.
Select any of the policy profiles to view its list of devices with an active alert.
(Optional) Select specific alerts from the Alert filter.
Select the alert message for a specific device to view the error description, relevant details, and recommendations.
Other reports to use these alerts
Using Windows Update for Business reports? You can also find these alerts there using Azure Workbooks or Log Analytics. Both alerts are currently available in the Azure Workbook Overview tab, within the Total devices KPI card. Just select View details and then Missing devices, as shown.
Use the following query if you’d like to view the data from the Windows Update for Business reports workbooks in Log Analytics:
UCDeviceAlert
| where AlertSubtype in (“DeviceDiagnosticDataNotReceived”, “MinimumOSBuildNotMet”)
| project DeviceName, AzureADDeviceId, AlertSubtype, StartTime, AlertData, Description, Recommendation
For more guidance on these reporting options, follow the instructions in Missing devices in Windows Update for Business reports?.
Troubleshoot and remediate diagnostic data issues
Please ensure that devices with these alerts are active and correctly configured to send Windows diagnostic data. To do that, verify that the following settings are configured correctly:
Default Windows diagnostic data settings. Check your Windows diagnostic data settings. In most cases, the default settings of “Required” or “Basic” are sufficient. If you’ve previously configured these settings to anything other than the default, check whether that configuration might affect diagnostic data behavior.
Intune diagnostic data settings. Check that you’ve correctly enabled Intune setting for diagnostic data.
Group Policy settings. Check any Group Policy settings you’re deploying. If the required settings are incorrectly set via Group Policy, they’ll override Intune settings. Pay special attention to any leftover Group Policies on the device. To resolve any conflicts, follow instructions in Allow diagnostic data Group Policy.
Configuration Manager co-management. If using Configuration Manager co-management, check your Diagnostic data settings in System Center Operations Manager.
OneSettings service. Make sure that the DisableOneSettingsDownload is enabled. The default is to never disable this configuration policy. To learn more and double-check this policy, visit System Policy CSP.
Important: If you have not enabled Windows diagnostic data or have other policies that disable this data for all devices, you’ll likely see this alert for all devices in your tenants. This is intentional. If you don’t intend to enable these settings, you can still use the reports to know when the update was made ready for devices or any service side alerts, like for Microsoft Entra-registered or other devices that don’t meet prerequisites for Windows Update for Business deployment service.
Start using the new alerts in Microsoft Intune today
Collecting and utilizing diagnostic data is essential for enhancing overall system reliability and efficiency.
Gain a more comprehensive view of Windows update deployment success using the two new alerts, DeviceDiagnosticDataNotReceived and MinimumOSBuildNotMet. This new capability within Microsoft Intune builds on the existing functionality in Windows Update for Business reports and Log Analytics, offering even more flexibility and control over your device management strategy.
In the spirit of continually making improvements, we’re happy to help you gain more insight into the subset of devices that were not easily identifiable before. Try out these new reporting enhancements and check out these additional resources:
Missing devices in Windows Update for Business reports?
Microsoft Intune troubleshooting
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.
Microsoft Tech Community – Latest Blogs –Read More
How do i turn off new booking in Microsoft booking ?
Hello how would i block the new booking tab that is sent out when a customer schedule a booking . The issue I’m running into is that customers just rescheduling their booking with another agent who has an available time even though they already have a booking
Hello how would i block the new booking tab that is sent out when a customer schedule a booking . The issue I’m running into is that customers just rescheduling their booking with another agent who has an available time even though they already have a booking Read More
Sharepoint task list integration with planner coming?
In SharePoint (classic) you can still create a Tasks list, link it to Outlook and update / view / sort tasks in either location. Very powerful.
These Sharepoint tasks assigned to me, do not show in Planner.
Will there be a Planner linked tasks list coming to SharePoint in the future, or will planner read SharePoint Tasks?
Or am I not looking in the correct spot?
In SharePoint (classic) you can still create a Tasks list, link it to Outlook and update / view / sort tasks in either location. Very powerful. These Sharepoint tasks assigned to me, do not show in Planner. Will there be a Planner linked tasks list coming to SharePoint in the future, or will planner read SharePoint Tasks? Or am I not looking in the correct spot? Read More
CollabDays New England (October 18, 2024)
We’d like to extend an invitation to join us for a wonderful day of sharing, listening, and connecting at the 2024 edition of CollabDays New England. We hope you’ll join us on Friday, October 18 in Burlington, MA.
CollabDays New England is a premier event that brings together Microsoft enthusiasts, IT professionals, and developers to learn, network, and share knowledge about the latest trends and innovations in Microsoft technologies. The event features a diverse range of sessions, workshops, and keynote speeches delivered by industry experts and community leaders.
Everyone gets the opportunity to deepen their understanding of topics such as Azure, Office 365, SharePoint, Teams, and more. Whether you are a seasoned professional or just starting your journey in the Microsoft ecosystem, CollabDays New England offers valuable insights and connections to help you stay ahead in the rapidly evolving tech landscape. Review the full schedule of sessions.
CollabDays New England is one of the older continuous Microsoft-oriented community events. Originally SharePoint Saturday Boston, we’ve expanded and renamed over the years to better reflect the topics we cover and how the technologies have evolved.
This year, we’re shifting to Friday (from our usual Saturday) to try something new based on feedback. The event will be on October 18th at the Microsoft Technology Center in Burlington, MA from 8:00am – 5:00pm EDT. We’ll follow up the event with a great SharePint, where we can socialize and rehash our favorite sessions, guidance, and tips from the day.
😎 Register for CollabDays New England today so you can reserve your spot; space is limited.
The sessions and speakers are posted on the event site. We have a great lineup, which includes folks like MVPs who have spoken many times in the past as well as some newcomers from the community. That’s the ethos of this event and others like it: it can be a place where someone who wants to start speaking in the community can find a welcoming and supportive audience.
We’ve got a great lineup of speakers, including several Microsoft folks joining us as speakers this year:
Chris Bortlik, Principal Technical Architect
Bob German, Cloud Developer Advocate
Mike Miller, Senior Data Security Technical Specialist
Jenna Hong, Product Manager, Microsoft Loop (Working on Copilot in Loop)
Patrick Gan, Principal Product Manager, Microsoft Loop
Bryan Hart, Senior Customer Experience Product Manager
CollabDays New England couldn’t happen without the generous support of our sponsors. We appreciate their financial support. Many of our sponsors will also be on-site the day of the event so you can meet them and learn about their solutions and products.
And last, we wish to thank our roots. CollabDays New England is a collaborative effort with the following user groups:
Boston Office 365 User Group (BOS365)
Granite State M365 User Group (NHSPUG)
👀 Follow the action on Twitter: @CollabDaysNE, #M365Community, and #CDNE.
Hope to see you there, Marc Anderson and Julie Turner
Microsoft Tech Community – Latest Blogs –Read More
REGISTER TODAY: Microsoft Nonprofit Virtual Partner Summit on September 30th
Hello Partners,
Join us for the Microsoft Nonprofit Virtual Partner Summit on September 30th, 7:30 AM – 9:30 AM PST where you’ll have the opportunity to hear directly from Microsoft nonprofit industry leaders about the latest updates in the nonprofit sector.
Open to all partners, this is your opportunity to:
Hear about nonprofit sector updates directly from Microsoft nonprofit industry leaders.
Gain insights into Tech for Social Impact FY25 Solution Plays directly from our Subject Matter Experts on Azure, BizApps, and Modern Work
Learn strategies for collaboration and growth for your nonprofit business practice: Tips for working with Sales, TSI ISV Digital Natives: How they can help your business grow, and Steps to build your nonprofit practice
Hello Partners,
Join us for the Microsoft Nonprofit Virtual Partner Summit on September 30th, 7:30 AM – 9:30 AM PST where you’ll have the opportunity to hear directly from Microsoft nonprofit industry leaders about the latest updates in the nonprofit sector.
Open to all partners, this is your opportunity to:
Hear about nonprofit sector updates directly from Microsoft nonprofit industry leaders.
Gain insights into Tech for Social Impact FY25 Solution Plays directly from our Subject Matter Experts on Azure, BizApps, and Modern Work
Learn strategies for collaboration and growth for your nonprofit business practice: Tips for working with Sales, TSI ISV Digital Natives: How they can help your business grow, and Steps to build your nonprofit practice
REGISTER HERE Read More
Displaying the Earliest (Min) and Latest (Max) Dates in the Chart Title
Good Afternoon,
I have a Report where one of the Chart’s Heading Textbox must display the Earliest (Min) and Latest (Max) Dates pertaining to the Dataset so that one will know which period the chart is dealing with..
Rather than hardcoding every week the dates in to the Heading Textbox, is it possible to obtain the Earliest (Min) and Latest (Max) Dates from the Dataset and display these automatically ?
I would appreciate any tips.
Good Afternoon, I have a Report where one of the Chart’s Heading Textbox must display the Earliest (Min) and Latest (Max) Dates pertaining to the Dataset so that one will know which period the chart is dealing with.. Rather than hardcoding every week the dates in to the Heading Textbox, is it possible to obtain the Earliest (Min) and Latest (Max) Dates from the Dataset and display these automatically ? I would appreciate any tips. Read More
Excel Baseball 1st Batter Out Formula Help
Attached is an example file I use for tracking pitchers statistics. I’m struggling with finding a formula that works for figuring out if the pitcher got the first batter out in the inning.
I’ve successfully built a formula which identifies if it is the 1st batter of the inning (column BH).
However, the issue is that the at bat rarely finishes on the first pitch. So I need excel to look for if the Outcome (column P) of that 1st batter was a safe/positive result or an out/negative. You can tell when the batter changes based on column E. But I’m struggling to connect the “1” produced in column BH with the Outcome in column P since they are rarely in the same row.
I’ve thought about trying to get the “1” produced in column BH to only be there when the batter in column E changes. But again, not sure where to start with that.
If you need an example for the formula for safe/out result, you can look in BL/BM when I calculate Last Batter Safe and Out.
Attached is an example file I use for tracking pitchers statistics. I’m struggling with finding a formula that works for figuring out if the pitcher got the first batter out in the inning. I’ve successfully built a formula which identifies if it is the 1st batter of the inning (column BH). However, the issue is that the at bat rarely finishes on the first pitch. So I need excel to look for if the Outcome (column P) of that 1st batter was a safe/positive result or an out/negative. You can tell when the batter changes based on column E. But I’m struggling to connect the “1” produced in column BH with the Outcome in column P since they are rarely in the same row. I’ve thought about trying to get the “1” produced in column BH to only be there when the batter in column E changes. But again, not sure where to start with that. If you need an example for the formula for safe/out result, you can look in BL/BM when I calculate Last Batter Safe and Out. Read More
Integration with SuccessFactors
Hi Community
We have SuccessFactors and we have four different Azure’s.
SuccessFactors can only connect to one of these (Its for SuccessFactors Recruitment Integration to Outlook)
Does anyone know a way that I can connect the three other Azure’s to our main company one, so that SuccessFactors can connect to our main one, then can see / post to Outlooks that exist on the other three?
Hi Community We have SuccessFactors and we have four different Azure’s. SuccessFactors can only connect to one of these (Its for SuccessFactors Recruitment Integration to Outlook) Does anyone know a way that I can connect the three other Azure’s to our main company one, so that SuccessFactors can connect to our main one, then can see / post to Outlooks that exist on the other three? Read More
OpenHCL: Evolving Azure’s virtualization model
Azure Boost is a revolutionary accelerator system designed by Microsoft that offloads server virtualization processes traditionally performed by the hypervisor and host OS onto purpose-built software and hardware. This offloading frees up CPU resources for virtual machines, resulting in improved performance and a secure foundation for your cloud workloads.
In this blog, we will talk about some of the advances we’ve made within Azure Host OS that allow us to provide the industry-leading benefits of Azure Boost and improve the security of our customers with other features. Azure Host OS (aka Cloud Host), if you recall, is a purpose-built minimal version of Windows that powers Azure in the data center. These Azure Host advancements in conjunction with Azure Boost have enabled features like Confidential VMs, Trusted Launch, to improve IO performance, harden security, and introduce VM compatibility for seamless feature delivery. These features are powered by a completely new transparent para-virtualized layer that runs within each guest VM instance, named “OpenHCL”. OpenHCL is a para-virtualization layer built from the ground-up in the Rust programming language. Rust is designed with strong memory safety principles, making it ideally suited for the virtualization layer.
Chris Oo from our team has a talk on OpenHCL at the “Linux Plumbers Conference 2024”, which has more technical design and details. The talk titled “OpenHCL: A Linux based paravisor for Confidential VMs” is available [here].
In the upcoming sections, we’ll start by exploring the virtualization landscape and how Azure’s infrastructure has evolved over time to take advantage of the modern hardware architecture. We’ll then talk about the internals of this para-virtualized layer and how it supports some of the core Azure features that our customers depend on.
Virtualization models
Azure Host OS provides core virtualization services for managing compute and memory resources, as well as virtualizing devices for VMs. Under the hood, it partitions physical hardware into logically separated virtual environments, each with their dedicated (virtual) processors, memory, and view of devices (storage, networking).
Traditional device virtualization
In traditional virtualization architecture, the host operating system handles most of the communication between the guest operating system (VM) and the underlying physical hardware (CPU, memory, device IO). For example, if the VM wishes to perform a network or storage operation (i.e. send a packet over the network, read/write data to storage), the guest communicates with the host OS (over a shared channel called VMBus) and the host facilitates the IO operation on the guest’s behalf.
This device virtualization model is referred to as a Para-virtualized IO model [wiki]. The guest OS is “enlightened” or aware that its running virtualized and runs special drivers to communicate with the host. This model is simple, efficient, and widely used across most cloud providers.
One drawback of this mode is that there is significant interaction with the host OS to do IO, which can add latency, affect throughput, or result in noisy neighbor side-effects. The performance of this mode can be significantly improved by allowing the guest VM to directly access the PCIe device instead of relying on the host for communication. Bypassing the host OS data path allows for lower latency, reduced jitter, and improved VM responsiveness. This is typically called “discrete device assignment” in Microsoft documentation or sometime referred to as accelerated device model.
Accelerated Device IO
As explained to achieve higher IO performance, the virtualization stack supports a direct assigned device or accelerated IO mode, where VMs can directly access and communicate with devices without Host intervention. If the VM wishes to perform an IO operation, the guest leverages special drivers that live within its context to communicate directly with the physical device.
In the same example above, if the VM needs to perform a network operation, it can perform it more efficiently by communicating using the direct path to the network device. This VM is considered fully enlightened– it possesses the right drivers for direct communication with device hardware. The direct data path reduces overhead in comparison to the additional translations found in the para-virtualized IO model. This leads to improved performance and throughput that is comparable to physical devices running without virtualization.
Discrete Device Assignment (DDA) and Single Root I/O Virtualization (SR-IOV) are two types of accelerated device models used in virtualization. DDA assigns an entire device to a VM and is mostly used in GPU assignment scenarios to provide VMs full access to the GPU’s capabilities for workloads such as AI training and inferencing. SR-IOV divides a single physical device’s resources into multiple virtual interfaces for different VMs. SR-IOV is typically used for network and storage IO devices, as it allows multiple virtual machines to share the same physical hardware resources most efficiently
Some examples in the Azure fleet today include, GPU acceleration via Discrete Device Assignment, Accelerated networking via SR-IOV, and NVMe Direct VMs for storage.
In the next section, we will talk about OpenHCL which is another evolution of the device IO virtualization.
OpenHCL: A privileged guest compatibility layer
Building on the advancements of the accelerated model, we introduced OpenHCL, a new virtualization layer that can transparently provide guest VMs with facilities such as accelerated IO and other security features. This lightweight virtualization environment runs privileged within the guest virtual machine and isolated from the guest operating system. Instead of sharing para-virtualized components exposed by host interfaces, each VM runs its own virtualization instance which enhances security isolation and efficiency. As we’ll discuss below, OpenHCL is essential for Azure Boost guest compatibility scenarios, in which VMs require the appropriate drivers and orchestration to leverage performance enhancements from Boost’s NVMe storage and MANA network accelerated device.
This environment consists of two main components: a minimal Linux kernel and a Rust-based VMM that provides device emulation and I/O translation. This layer equips VMs with the necessary software and drivers to light up functionality such as SR-IOV device assignment for Azure Boost network and storage optimized accelerators without needing any change in the guest OS. This is hugely beneficial to our customers who can now use the same VM image while getting the benefits of Azure Boost – continuing to show our customers how much Microsoft invests in application compatibility.
To do this, we leverage Virtual Secure Mode (VSM) technology, a set of Hyper-V capabilities that enable new security boundaries (or “virtual trust levels”) within a VM context. By creating a new isolated Virtual Trust Level (VTL2) within the guest environment, we establish a higher privilege execution environment that can transparently host code in the VM. This allows us to run privileged security functionality like a virtual TPM for Trusted Launch VMs and paravisor for Azure Confidential VMs (we’ll cover these topics in later sections). Within this layer, we can also run device virtualization facilities that enlighten VMs to communicate with Azure Boost hardware.
The VSM isolation model and reduced data path from VM to device adds protective measures by providing more robust multi-tenant isolation and reducing the Trusted Computing Base (TCB) on the Azure Host. By confining the virtualization stack to the tenant’s VM and reducing dependencies on the Host for IO operations, we can eliminate shared host components which narrow down the potential attack surface and enhance security. Shifting the architecture from host providing para-virtualized interface to each VM instance running its own virtualization, additionally allows for greater performance isolation and efficiency. Reiterating this point since its so important with the OpenHCL architecture, each VM receives its own para-virtualized layer and doesn’t share anything with the Host or other VMs. This isolation hugely improves the customer VM experience and isolation.
Zooming into the components that make up this layer, the VTL2 environment is made up of a completely newly written Rust based virtualization stack running on a minimal Linux kernel that provides device emulation and I/O translation. Rust system programming language has emerged as one of the leading memory safe programming languages. Rust’s memory safety & type system features help prevent common vulnerabilities like buffer overflows and dangling pointers. Its concurrency model enhances security in multi-threaded environments by preventing data race conditions. Rust offers robust security benefits making it especially advantageous and critical for sensitive workloads. Together these components make up the para-virtualized VTL2 environment that underpins some of Azure’s key technologies.
In the next section we’ll describe some of the uses of this technology in Azure Boost, Trusted Launch VMs, and Azure Confidential VMs. This virtualization environment was first introduced with Trusted Launch VMs and was later extended to introduce additional capabilities around I/O compatibility and paravisor support for Azure Boost and Azure Confidential VMs respectively.
OpenHCL in Azure Boost
As mentioned, Azure Boost is Microsoft’s hardware acceleration solution that offers industry leading network and storage optimization via Microsoft Azure Network Adapter (MANA) and NVMe storage, by offloading networking and storage operations onto specialized FPGA hardware and software.
Offloading networking and storage tasks onto dedicated Azure Boost hardware frees up CPU for guest VMs and eliminates I/O virtualization bottlenecks. The result is a network capable of 200 Gbps bandwidth via Microsoft’s next generation network interface, Microsoft Azure Network Adapter (MANA), local storage operations reaching 17.3GBps with 3.8 million IOPs, and remote storage operations reaching 12.5 GBps throughput with 650K IOPs. Enhancing Azure’s infrastructure by isolating it from hypervisor and host resources boosts performance while reducing latency and jitter.
Using the OpenHCL para-virtualized layer, VMs receive the necessary MANA and NVMe drivers and virtual functions to bootstrap accelerated IO connections. As a result, the guest can begin direct communication with the specialized Azure Boost hardware. On enlightened guest VMs, which come with pre-installed drivers and VMBus support to communicate with the accelerated hardware, the model sets up initial communication and reduces latency and downtime for networking and storage devices as it allows guest VMs to fall back to the software networking path in case of disconnection to the acceleration path.
For unenlightened guest VMs that come with default inbox virtualization drivers, OpenHCL transparently provides the necessary drivers to enable these guest VMs to communicate with the new accelerated hardware without the need to install new images or update the operating system. This allows the existing VM types to get the power of Azure Boost, with no changes to their images. To achieve optimal performance, we recommend adding the appropriate drivers to VM image.
Azure Boost VM SKUs are available today in preview across a variety of VM series to optimize for the demands of varying workloads. To learn more, see Overview of Azure Boost | Microsoft Learn
OpenHCL in Trusted Launch VMs
The OpenHCL virtualization layer also helped launch Trusted Launch for Azure virtual machines on Generation 2 VMs. Trusted Launch VMs introduced virtual Trusted Platform Module (vTPM) and secure boot with guest attestation. Secure Boot establishes a “root of trust” and verifies that only VMs with properly signed OS code can boot, preventing rootkits and boot kits from infecting the OS boot process with malware. A virtual Trusted Platform Module is virtualized hardware that serves as a dedicated storage vault for key and measurements. The vTPM measures and seals the VM’s entire boot chain (UEFI, OS, system, drivers), which allows the guest VM to perform remote guest attestation. Everything from the firmware through the OS drivers are “measured” and chained to a hardware root of trust. The VM can then establish trust with a 3rd party by cryptographically “attesting” or proving its boot integrity and compliance.
Leveraging the privileged OpenHCL VTL2 layer allows us to run a virtualized TPM and execute remote attestation processes directly from within the guest operating system. A virtual TPM cannot run and perform attestation if its running at the same privilege as the rest of the guest operating system as it stores and persists secrets.
OpenHCL in Azure confidential VMs
Confidential VMs provide enhanced security features that allow customers to protect their most sensitive data in use by performing computation inside a hardware based, attested Trusted Execution Environment (TEE). The Trusted Execution Environment is a secure, isolated environment that prevents unauthorized access or modification of applications and data while in use. This increases the security level of organizations that manage sensitive and regulated data.
Azure confidential VMs use the concept of a paravisor to implement enlightenment on behalf of the guest OS so that the guest OS can run mostly unmodified inside a CVM across various hardware providers. With the paravisor, the guest OS does not need to be fully enlightened to run confidential in Azure, meaning that we can support older OS versions on Azure confidential VMs. Without this paravisor, Azure confidential VM support would be limited to specific OS versions with the necessary features. This allows for easier “lift and shift” of sensitive workloads.
OpenHCL is an implementation of the paravisor for Confidential VMs in Azure, that will soon be available in the Azure fleet. Similarly to the virtualized TPM on Trusted Launch VMs, the OpenHCL VTL2 partition is used to securely host the guest paravisor firmware layer for confidential VM support. As mentioned above, OpenHCL will effectively allow guest VMs to run as confidential VMs in Azure, adding support across a wide variety of guest OS’s and confidential hardware providers.
To learn more about Confidential VMs, visit our other blog: Confidential VMs on Azure – Microsoft Community Hub.
Learn more
In this blog, we’ve explored the evolution of Azure’s virtualization architecture which help power industry-leading technologies like Azure Boost, Trusted Launch VMs, and Azure confidential VMs. We’ve outlined key benefits of this model across hardware acceleration, security isolation, performance, and seamless feature compatibility. As you read through the blog and the links within, if you have any questions, please feel free to comment below.
Hari and Marysia (on behalf of the entire OpenHCL team)
Microsoft Tech Community – Latest Blogs –Read More