Month: October 2024
Coming soon: MS-4002: Prepare security and compliance to support Microsoft 365 Copilot
Course Name: MS-4002: Prepare security and compliance to support Microsoft 365 Copilot
Release Date: November 8th, 2024 (Release dates are subject to change)
Duration: 1-Day ILT
Solution Area: Modern Work
Credential: Applied Skills Assessment
Course Description:
This course examines the key Microsoft 365 security and compliance features that administrators must prepare for to successfully implement Microsoft 365 Copilot.
Audience:
Please note: This is not a support forum. Only comments related to this specific blog post content are permitted and responded to.
For ILT Courseware Support, please visit: aka.ms/ILTSupport
If you have ILT questions not related to this blog post, please reach out to your program for support.
Microsoft Tech Community – Latest Blogs –Read More
embedding value into dropdown option
Hi, I want to embed a value into a drop-down value.
I am trying to calculate the total cost of purchasing a product based on the price and the frequency. I have a column with the price and a column with the frequency of times purchased per year. Finally, I have a column with the total cost per year. For example, the price $20, purchased 2 times per year $40 for the annual cost. However, I want to select the frequency based on a drop-down box and have that be tied to a value that is inputted into the total annual cost formula. For example, the drop-down box would say quarterly, and it would be tied to the value 4 (meaning- purchasing four times per year). Selecting quarterly from the drop down frequency options would input the four into the formula.
Thanks.
Hi, I want to embed a value into a drop-down value. I am trying to calculate the total cost of purchasing a product based on the price and the frequency. I have a column with the price and a column with the frequency of times purchased per year. Finally, I have a column with the total cost per year. For example, the price $20, purchased 2 times per year $40 for the annual cost. However, I want to select the frequency based on a drop-down box and have that be tied to a value that is inputted into the total annual cost formula. For example, the drop-down box would say quarterly, and it would be tied to the value 4 (meaning- purchasing four times per year). Selecting quarterly from the drop down frequency options would input the four into the formula. Thanks. Read More
Use Coaching with Copilot suggestions on how to improve your content in Word
Coaching with Copilot is a new Copilot capability in Word to support you as you review content for improvements that go beyond grammar and spelling—helping you clarify ideas and giving you suggestions about additions, organization, a good tone for your audience, and more. Coaching with Copilot helps you review and rewrite your content so that it is clearer and more effective, to better engage your audience and to give you confidence that your writing reflects your best work.
You control what changes to make, and the suggestions are separate from your content so that nothing gets overwritten.
It’s quick and easy to get feedback, and you can choose whether Copilot reviews your entire document, or just a highlighted section. Maybe you wrote a strong explanation, but it feels like something might be missing. You can highlight the explanation and select Get coaching. You might get a suggestion to add a call to action and you can then decide whether that’s best for your audience.
How it works
1. Highlight a section of text or the entire document Screenshot of Copilot in Word quick actions menu showing Get Coaching button.
*Note: Copilot will expand your selection if you select less than the required minimum.
2.Select the Copilot icon in the document and select Get coaching.
3.Select the arrows to scroll through and review the suggestions.
Screenshot of Coaching with Copilot output dialog with suggestions
Scenarios to try
You can also get feedback on your entire document! Try selecting all of your document text and using Alt + i to invoke the Copilot menu, then select Get coaching.
Tips and tricks
Try copying the suggestions from Coaching and paste them into the Draft with Copilot prompt on that same selected text to see how Copilot can help you apply these suggestions to your document. While today there is no direct ability to apply these suggestions from the Coaching dialog, that is coming soon!
Feedback
We want to hear from you! Please submit your comments and feedback by using the Copilot thumbs up or down buttons available in the Get coaching dialog, or by selecting Help > Feedback in Word.
Availability
To use this feature, you must:
have a Copilot license (Get more details on licenses for consumers and for businesses.)
be using Word for the web
be located in the United States
have chosen English as your UI language
have selected English document content
This feature is rolling out as an early preview to some Word for the web customers who meet the requirements outlined above. As we improve this with more and richer capabilities, and expand language support, Coaching with Copilot will be released to more languages and markets in the coming months.
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Global Hackathon 2024: MVPs/RDs’ Innovation and Contribution
Each year, Microsoft hosts a company-wide, global hackathon. This multi-day event brings together employees from all over the world, both virtually and in-person, to create, innovate, and hack on ideas that inspire them. This year, for the second time, Microsoft’s Most Valuable Professionals (MVP) and Regional Directors (RD) were invited to participate.
With the opportunity to join over 20,000+ projects or lead their own, there was plenty for MVPs and RDs to engage in. Almost 400 MVPs and RDs expressed interest in participating in the hackathon. They could choose to collaborate with community program peers or Microsoft employees on a variety of projects, ranging from education and responsible AI to transportation, healthcare, and diversity and inclusion. Because this was a global event, the MVP and RD communities could participate from anywhere in the world. “It was really exciting to have the MVPs and RDs involved in these hacks. Their technical acumen, real-world experience and ability to mentor others drove a lot of innovative and creative solutions,” said Annie Pearl, CVP of Azure Experiences & Ecosystems whose organization manages the MVP and RD programs.
Inspired to explore an employee’s onboarding experience, MVP Lesley Crook led a project team. “The Hackathon was a great opportunity to work with fellow MVPs and Microsoft HR Advisors,” Crook said. She added, “during the collaborative and fast-paced week, we pushed our team to think creatively with out-of-the-box solutions. We explored an HR-related project using Viva, Mesh, AI-generated videos, and Copilot.”
The opportunities during the Hackathon were not limited to being part of a project team. MVPs and RDs were also invited to be Hack Advisors, helping project teams innovate, feed their creativity, and tackle technical questions and challenges.
MVP Mukhammadkarim Tukhtaboev was thrilled to have the opportunity to be part of this year’s internal event. “I found the Global Hackathon to be an inspiring experience. Working with teams from across the world to solve real-world challenges was both rewarding and exciting. As a Hack Advisor, I had the privilege of guiding teams and contributing my expertise to innovative projects” said Tukhtaboev.
After a week of intense hacking, many teams submitted videos summarizing their ideas to be judged by a panel of experts. However, for others, the Hackathon was not just about completing a project but also the learning and collaboration that took place along the way. MVP Jeremy Sinclair spent a week in a project team with Microsoft employees. He commented, “Let me tell y’all, this Microsoft Hackathon has been exhilarating. Working with so many brilliant minds, building something awesome, I’m so glad I decided to participate.”
“I was so impressed with the dedication, hard work and innovation of the MVP community. Many MVPs took a week of paid time off to participate and the feedback from the hack teams has been outstanding” said Claire Smyth, who oversaw the project for the MVP program team. “I am already looking forward to next year” Smyth added.
The Microsoft Global Hackathon began in 2014 when new CEO Satya Nadella tapped The Garage to produce the event for all employees companywide. Since then, the impact of the Hackathon has grown every year, in part due to innovating on collaboration opportunities with customers, nonprofits, and, more recently, the Microsoft Most Valuable Professionals community. “We find that MVPs and RDs bring meaningful perspectives and experiences to Hackathon, and this diversity can enhance the outcomes for project teams” says Susie Kandzor of The Garage, who runs the worldwide Hackathon program. “We are ‘hacking’ our own hackathon — inviting MVPs and RDs to bring their substantial expertise as we work toward innovative solutions to important challenges.”
The Microsoft Global Hackathon is the largest private hackathon on the planet with 70,000+ employees and select external guests, led by the Microsoft Garage worldwide. Hear about the history of the Hackathon at Microsoft.
Microsoft Tech Community – Latest Blogs –Read More
URGENT: Updated course release for MS-4015
Updated course release:
MS-4015: Build custom engine copilots for Microsoft Teams
NEW Release date: November 18th, 2024
Before MS-4015 can successfully launch, there are current features that are being reworked on to ensure functionality in the context of custom agents.
However, that functionality won’t be available and functional until November 18th. To avoid confusion for Learners on these functionalities, we’ve been instructed to delay the release until November 18th.
We apologize for any inconveniences this may cause in your deliveries.
Thank you
Please note: This is not a support forum. Only comments related to this specific blog post content are permitted and responded to.
For ILT Courseware Support, please visit: aka.ms/ILTSupport
If you have ILT questions not related to this blog post, please reach out to your program for support.
Microsoft Tech Community – Latest Blogs –Read More
Announcing Text PII Redaction Container Release
We are excited to announce the container support for pre-built Text PII services for redacting Personally Identifiable Information (PII). This release allows customers with stringent security and privacy requirements to detect and redact PII entities from text locally, ensuring that user data is secure and private.
This release includes both connected and disconnected container options, with the connected container offering both Pay as You Go and Commitment Tier pricing options and the disconnected container providing Commitment Tier pricing, allowing long-term customers to also benefit from cost savings based on their commitment. Learn more about our pricing options on our pricing page. The Text PII container also supports over 70 languages and additional support for Chinese, Japanese, Korean, and Thai are in progress.
This update provides a new option for our customers to redact PII in a secured on-premises environment and is one of several PII detection offerings in Azure AI Language. In the Azure-hosted service, Azure AI Language also offers PII detection optimized for speech-to-text transcripts (Conversational PII service) and native documents (Native Document PII service). Conversational PII provides better support for inputs like transcripts, chats, and other text written in a conversational style (i.e. text with “um”s, “ah”s, multiple speakers, and the spelling out of words for more clarity). We will be adding more of these capabilities to be supported by PII containers in the future based on customers’ needs.
These services enable our customers to adhere to the highest standards of data privacy, security, and compliance in scenarios such as anonymizing user data from customer support calls, from legal documents, or before sending it to LLMs, helping protect an individual’s identity and privacy in both generative and non-generative AI applications which are critical for highly regulated industries such as financial services, healthcare or government.
To get started with these updates, check out the following resources:
PII Container Documentation
Disconnected Container Documentation
Application request form for Disconnected Containers
Learn more about the Text PII service
Pricing for Azure AI Language services
Learn more about Azure AI Language
Learn more about Azure AI Language containers
We are looking forward to continuously improving our product offerings and features to meet customer needs and are keen to hear any comments and feedback.
Microsoft Tech Community – Latest Blogs –Read More
Make Azure AI Real is back – Join Microsoft AI experts for Season 2 with the Reactor!
Azure AI Studio is generally available: providing developers with a user-friendly platform and code-first experience to build and deploy custom copilots and large and small language model-powered applications.
Our new Phi-3-vision model: marking a significant advancement in multimodal AI, this model enables visual reasoning tasks that integrate text and image inputs for improved user interaction.
An exciting partnership with Khan Academy and Microsoft: announcing Khanmigo for Teachers, an AI-powered teaching assistant aimed at enhancing educational support for K-12 educators.
Coming up next! October 10: Building with Small Language Models (SLMs) – RSVP!
October 17: Working with Agents and Multi-agents using Azure OpenAI – RSVP!
October 31: Finetuning & Customizing your Generative AI Apps – RSVP!
November 7: Deploying AI Solutions with GitHub @azure and @workspace Agents – RSVP!
December 5: What is GenAIOps and how it can help you build better genAI apps – RSVP!
Make Azure AI Real limited livestream series will primarily go live on Thursdays at 9:00 AM Pacific Time. Be sure to check out the event page for updates as we add or update episodes in the lineup. Events are subjects to change.
Expert-Led Sessions: Learn directly from the experts as they share insights and demonstrate the latest Azure AI innovations.
Innovative Topics: Explore cutting-edge topics such as Phi-3, fine-tuning OpenAI models, working with new models available in our Model catalog, and GenAIOps.
Interactive Demos: Watch live demos and get hands-on experience with Azure AI services and models.
Q&A Opportunities: Have your questions answered by Microsoft experts in real-time.
Connect with other Developers: Build your community with others that are passionate about AI and share your ideas and feedback.
Have Fun: Enjoy learning new skills that can boost your career or your next great idea.
Continue Learning: Take home the Official Collection where you will find resources from the show to continue your AI building journey and watch past episodes on-demand on Microsoft Learn.
Join our official AI Discord server to meet and network and get support
Find a Meetup near you – Join the Global AI Community
Find a Microsoft AI Tour event near you
Subscribe to Microsoft Reactor events
Microsoft Tech Community – Latest Blogs –Read More
Network Connectivity for RISE with SAP S/4HANA Cloud Private Edition on Azure
In this article, we will explore different ways to connect to RISE with SAP S/4HANA Cloud Private Edition deployment on Azure, guiding you through the selection criteria and considerations for data migration. From this point forward, “RISE with SAP S/4HANA Cloud, Private Edition” will be referred to as “RISE with SAP“ for brevity.
1. Overview
1.1 Network Connectivity Options – RISE with SAP S/4HANA Cloud, Private Edition
The RISE with SAP offering includes an AI-powered cloud ERP that is managed by SAP. Microsoft Azure is one of the cloud infrastructure options for the RISE with SAP solution. On Azure, RISE with SAP leverages Microsoft’s global network infrastructure to provide connectivity to SAP applications in a secure and reliable way.
As customers migrate their SAP workloads to RISE with SAP on Azure, they need to consider the various network connectivity options. The connectivity option depends on multiple factors including the following:
Location where the existing SAP workload to be migrated is (on-premises or Azure)
Azure landing zone network architecture (hub and spoke, or Virtual WAN)
Bandwidth requirement during different stages of the SAP migration
Figure 1.1 Typical Hub and Spoke architecture for connecting to RISE with SAP
Many customers deploying RISE with SAP are already using Azure landing zones. A platform landing zone hosts shared services like connectivity and tooling services. An application landing zone hosts the application workloads.
1.2 RISE with SAP Networking Components
The RISE with SAP system is a fully-managed Azure subscription within the SAP tenant and consists of, but is not limited to, the following components:
Virtual network with subnet, routing and security configuration
Virtual network gateway for hybrid connectivity
DNS servers for internal and external DNS resolution
SAP S/4 HAHA for business applications
SAP BW/4 HANA – (Optional) data warehouse
SAP Cloud Connector for secure connectivity to external SAP systems
Figure 1.2 RISE with SAP components
Every standard RISE with SAP environment can be provisioned with an ExpressRoute gateway or a site-to-site VPN gateway to facilitate direct connectivity to on-premises. RISE with SAP customers can also use virtual network (VNet) peering to connect their RISE with SAP VNet to their Azure VNet.
Suggested further reading:
Connectivity during migration to RISE with SAP
RISE with SAP S/4HANA Cloud, Private Edition: Cybersecurity FAQ Explained
RISE with SAP: Multi-layer Defense in Depth Architecture of SAP S/4HANA Cloud, Private Edition
2. Connecting to RISE with SAP
2.1 Overview
Azure offers a broad range of networking services that provide networking and security capabilities. The following networking connectivity options are available for customers to connect to the RISE with SAP virtual network (VNet):
ExpressRoute connection
VPN Connection (Site-to-site and VNet-to-VNet)
Virtual network peering
Virtual WAN connection
Figure 2.1 is a general guide to help you select the appropriate way to connect to your RISE with SAP environment.
Figure 2.1 General guide for selecting RISE with SAP connectivity
* Microsoft peering and Azure Peering Service could provide more reliable public connectivity for site-to-site VPN. Some Azure Peering providers may offer SLA.
The method used to connect to the RISE with SAP VNet depends on whether a customer has an existing Azure platform landing zone or not.
Connectivity when there is no existing Platform Landing Zone
When a customer does not yet have an existing landing zone in Azure and need to migrate their SAP systems from on-premises to Azure, they will require direct connectivity from on-premises to the RISE with SAP VNet. ExpressRoute and site-to-site VPN are suitable options for connectivity as described further in these sections:
3. ExpressRoute Connection
4. VPN Connection
Connectivity through existing Platform Landing Zone
Many customers looking to migrate their SAP systems to RISE with SAP on Azure already have existing platform landing zones that are connected to their on-premises network. The existing platform landing zones are either virtual network (VNet) hubs or virtual WAN hubs. For VNet hubs, you can connect to the RISE with SAP VNet through VNet peering. For virtual WAN hubs, you can connect to the RISE with SAP VNet through a virtual WAN VNet connection. These are explained further in these sections:
5. Virtual Network Peering
6. Virtual WAN Connection
2.2 Network Connectivity for Business Continuity and Disaster Recovery
RISE with SAP systems are designed with high availability in a single region to ensure maximum service uptime across all system components. RISE with SAP also offers Business Continuity and Disaster Recovery (BCDR) solutions that replicate an entire SAP system to another region. With a BCDR solution, customers have continuous access to their services despite the failure of an entire SAP system in a region due catastrophic events like earthquakes or floods.
For disaster recovery (DR) deployments, networking connectivity to RISE with SAP DR region follows the same flowchart in Figure 2.1.
Suggested further reading:
Business Continuity with RISE and BTP: part 1 – Concept Explained
3. ExpressRoute Connection
3.1 ExpressRoute Overview
ExpressRoute is one of the options for connecting customer on-premises network directly to the RISE with SAP virtual network (VNet). This option is typically used when customers do not have existing Azure landing zone and therefore, need to connect their on-premises networks directly to their RISE with SAP VNet using ExpressRoute.
If a customer has an existing Azure landing zone, it is recommended to connect to RISE with SAP using VNet peering or virtual WAN connection as described in sections 5. Virtual Network Peering and 6. Virtual WAN Connection respectively.
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection. You can connect with the help of a network service provider that provides layer 2 or layer 3 network connectivity services.
Figure 3.1 ExpressRoute (Provider model) (source)
ExpressRoute Direct connects your on-premises network directly into the Microsoft global network at peering locations strategically distributed around the world. ExpressRoute Direct provides dual 10Gbps or 100Gbps connectivity that supports Active/Active connectivity at scale.
Figure 3.2 ExpressRoute Direct (direct connectivity model) (source)
Read more in this blog about Understanding ExpressRoute private peering to address ExpressRoute resiliency (by Cynthia Treger and David Santiago).
3.2 ExpressRoute from On-premises to RISE with SAP
Every RISE with SAP environment can be provisioned with an ExpressRoute gateway if required. An ExpressRoute circuit in a Microsoft peering location can be connected to the ExpressRoute gateway in the RISE with SAP VNet in order to allow connectivity to the on-premises network.
Use ExpressRoute from on-premises to RISE with SAP when:
There is no existing Azure platform landing zone
You can easily setup ExpressRoute to Azure via an ExpressRoute partner
It is common to have customers with on-premises SAP systems that need to be migrated to RISE with SAP before their Azure landing zone is ready. Such customers can connect directly to RISE with SAP using ExpressRoute as shown in Figure 3.3.
Figure 3.3 Connecting on-premises directly to RISE with SAP using an ExpressRoute Provider
Figure 3.3 shows a customer connecting from their on-premises network to the RISE with SAP VNet through an ExpressRoute provider. Here we assume that the customer has an existing on-premises WAN network that can be easily integrated into the Microsoft network through the ExpressRoute provider.
Data Migration
If you are migrating data from your on-premises datacentre to RISE with SAP, ensure that you have adequate bandwidth provisioned through your ExpressRoute provider. You should also ensure you have the right size of ExpressRoute circuit and ExpressRoute gateway to accommodate the bandwidth required for data migration.
Figure 3.4 ExpressRoute Provider: RISE with SAP data migration path and user traffic path
4. VPN Connection
4.1 Overview
IPsec VPN is another option for customers to connect their on-premises network directly to the RISE with SAP virtual network (VNet). This option is typically used when customers do not have existing Azure landing zone and therefore, need to connect their on-premises networks directly to RISE with SAP.
Every RISE with SAP environment can be provisioned with an VPN gateway if required. The gateway enables VPN connections to be established into the RISE with SAP VNet. There are two types of VPN connection – site-to-site and vnet-to-vnet connection. Both connectivity types use a VPN gateway to provide a secure tunnel using IPsec.
4.2 Site-to-site VPN from On-premises to RISE with SAP
Site-to-site (S2S) VPN connections can be used for connecting on-premises to your Azure virtual network (VNet). Site-to-site VPN connections offer a reliable, secure and quick way to connect directly to RISE with SAP environment.
Use site-to-site VPN to connect on-premises directly to RISE with SAP when:
There is no existing Azure landing zone (hub virtual network)
It is not feasible to deploy ExpressRoute due to time, cost or design constraints
Site-to-site VPN has sufficient bandwidth for data migration and application traffic
Customers without an existing Azure landing zone can connect their on-premises network directly to RISE with SAP using site-to-site VPN in situations where ExpressRoute is not feasible. Azure site-to-site VPN gateway is a highly available service with an SLA of 99.95%.
Figure 4.1 Site-to-site VPN from On-premises to RISE with SAP
Data Migration
If you are migrating data from your on-premises datacentre to RISE with SAP, ensure that you have sufficient dedicated Internet bandwidth to support the data migration. You should also ensure you have the right size of VPN gateway deployed in the RISE with SAP VNet to support the bandwidth required for data migration.
Figure 4.2 Data paths: Site-to-site VPN from On-premises to RISE with SAP
4.3 VNet-to-vnet Connection to RISE with SAP
A vnet-to-vnet connection allows you to connect a virtual network to another virtual network using IPsec VPN. This allows a customer to connect their VNet directly to the RISE with SAP VNet using IPsec VPN.
The recommended way to connect your VNet to the RISE with SAP VNet is by using virtual network peering. However, VNet-to-vnet VPN connection might be a more suitable way to connect your VNet to the RISE with SAP VNet in order to meet specific requirements. An example is a hub and spoke architecture where the on-premises and spoke networks use the VPN gateway in the customer hub VNet to access the RISE with SAP environment.
Figure 4.3 VNet-to-VNet connectivity to RISE with SAP
In this design shown in Figure 4.3, the VPN gateway acts as the single point of entry into the customer’s network; and can be used by a central network team to restrict the IP address ranges (of the RISE with SAP VNet) that are exposed to the on-premises network and Azure virtual networks.
Read more about RISE with SAP vnet-to-vnet-vpn.
5. Virtual Network Peering
5.1 Overview
Virtual network peering is the most common way to connect directly to the RISE with SAP virtual network (VNet). VNet peering enables you to seamlessly connect two or more Virtual Networks in Azure. The virtual networks appear as one for connectivity purposes. The traffic between virtual machines in peered virtual networks uses the Microsoft backbone infrastructure.
5.2 VNet Peering to RISE with SAP VNet
For RISE with SAP deployments, virtual network peering is the preferred way to establish connectivity from a customer’s VNet to the RISE with SAP VNet. For customers that already have a landing zone hub and spoke architecture, the hub VNet should be connected to RISE with SAP VNet through VNet peering.
Figure 5.1 Virtual Network Peering to RISE with SAP (source)
The RISE with SAP VNet is simply a spoke VNet connected to the customer’s hub VNet. The customer’s hub VNet could be connected to other Azure spoke VNets, as well as the on-premises network. The following sections show different network patterns for connecting on-premises network to the customer hub when using VNet peering to RISE with SAP.
Read more about virtual network peering with SAP RISE/ECS.
5.3 VNet Peering and Site-to-site VPN to On-premises
In this network pattern, the on-premises network is connected to the customer hub VNet using site-to-site VPN and the hub VNet is connected to the RISE with SAP VNet using VNet peering.
Use this network connectivity pattern when:
There is an existing Azure landing zone hub
It is not feasible to deploy ExpressRoute due to time, cost or design constraints
Site-to-site VPN has sufficient bandwidth for SAP migration
VNet peering to RISE with SAP is configured to allow transit connectivity via the VPN gateway in the hub. This allows traffic from the on-premises network to reach the RISE with SAP network via the hub.
Figure 5.2 VNet peering to RISE with SAP VNet and site-to-site VPN to on-premises
Data Migration
If you are migrating data from your on-premises datacentre to the RISE with SAP environment, ensure that you have sufficient dedicated Internet bandwidth to support the data migration over the site-to-site VPN. You should also ensure you have the right size of VPN gateway deployed in the Azure hub.
User traffic
The on-premises branch locations connect through the customer data centre to reach the Azure hub and RISE with SAP network.
Figure 5.3 Data paths: VNet peering to RISE with SAP and site-to-site VPN to on-premises
5.4 VNet Peering and SD-WAN Connectivity to On-premises
In this network connectivity pattern, the on-premises SD-WAN network is extended into the customer’s hub VNet and the hub VNet is connected to the RISE with SAP VNet using VNet peering.
Use this network connectivity pattern when:
There is an existing Azure landing zone hub
SD-WAN is used for the on-premises network connectivity
There is sufficient bandwidth for SAP data migration over the SD-WAN tunnels to Azure
It is practical for customers with SD-WAN to maximise their SD-WAN investments into the public cloud. Customers with an existing Azure hub VNet can extend their SD-WAN network into Azure, in the same capacity as their on-premises SD-WAN hub.
Figure 5.4 VNet peering to RISE with SAP and SD-WAN connectivity to on-premises
Data Migration
If you are migrating data from your on-premises data centre to the RISE with SAP environment, ensure that you have sufficient Internet bandwidth to support the data migration over the SD-WAN tunnels.
User Traffic
Customer branch locations can establish SD-WAN tunnels directly to the Azure hub and connect to the RISE with SAP network using VNet peering.
Figure 5.5 Data paths: VNet peering to RISE with SAP and SD-WAN connectivity to on-premises
5.5 VNet Peering and ExpressRoute to On-premises
In this network pattern, the on-premises network is connected to the customer hub VNet using ExpressRoute and the hub VNet is connected to the RISE with SAP VNet using VNet peering.
Use this connectivity pattern when:
There is an existing Azure landing zone hub
It is feasible to deploy ExpressRoute or there’s an existing ExpressRoute deployed into the landing zone hub
There is sufficient bandwidth over ExpressRoute for SAP data migration
Many small medium-sized companies use site-to-site VPN and SD-WAN because of the ease of deployment and cost effectiveness as described in section 5.3 and section 5.4. However, some customers already have ExpressRoute deployed into their landing zone hub VNet. The existing ExpressRoute could be used for connectivity from on-premises to RISE with SAP as shown in Figure 5.6.
Figure 5.6 VNet peering to RISE with SAP and ExpressRoute connectivity to on-premises
The VNet peering to RISE with SAP is configured to allow transit connectivity via the ExpressRoute connection in the hub VNet. This allows traffic from the on-premises network to reach the RISE with SAP network via the hub.
Data Migration
If you are migrating data from your on-premises datacentre to the RISE with SAP environment, ensure that you have sufficient bandwidth on the ExpressRoute circuit to support the data migration. You should also ensure the ExpressRoute gateway SKU is sized correctly to accommodate the bandwidth required.
Figure 5.7 Data paths: VNet peering to RISE with SAP and ExpressRoute connectivity to on-premises
6. Virtual WAN Connection
6.1 Overview
The Virtual WAN offers an alternative way to connect to the RISE with SAP virtual network (VNet). Virtual WAN is a hub and spoke architecture that offers integrated connectivity for virtual networks and on-premises networks. It consists of a virtual WAN hub which provides connectivity for virtual networks, site-to-site VPN, ExpressRoute and SD-WAN.
On-premises networks can be integrated into to the virtual WAN by deploying resources such as VPN gateway, ExpressRoute gateway and SD-WAN appliances in the customer’s virtual WAN hub. A virtual network (VNet) spoke connects to a virtual WAN hub using virtual network connection. The RISE with SAP VNet is a spoke VNet in the context of virtual WAN.
For customers that use virtual WAN, it is recommended to connect the RISE with SAP VNet to the virtual WAN hub using a virtual WAN connection. This allows full mesh connectivity from on-premises and existing application landing zones into the RISE with SAP environment.
6.2 Virtual WAN Connection to RISE with SAP and Site-to-site VPN to On-premises
In this network connectivity pattern, the on-premises network connects to the virtual WAN hub using site-to-site VPN.
Use this network connectivity pattern when:
There is an existing Azure landing zone hub (virtual WAN)
It is not feasible to deploy ExpressRoute due to time, cost or design constraints
Site-to-site VPN has sufficient bandwidth for SAP data migration
The virtual WAN VNet connection to the RISE with SAP VNet automatically allows transit connectivity via the VPN gateway in the hub. This allows traffic from the on-premises network to reach the RISE with SAP network via the hub.
Figure 6.1 Virtual WAN connection to RISE with SAP and site-to-site VPN to on-premises
Data Migration
If you are migrating data from your on-premises datacentre to RISE with SAP, ensure that you have sufficient dedicated Internet bandwidth to support the data migration over site-to-site VPN. You should also ensure you have the right size of VPN gateway deployed in the Azure virtual WAN hub.
User traffic
The on-premises branch locations connect through the on-premises data centre to reach the virtual WAN hub and RISE with SAP network.
Figure 6.2 Data paths: Virtual WAN connection to RISE with SAP and site-to-site VPN to on-premises
6.3 Virtual WAN Connection to RISE with SAP and SD-WAN to On-premises
In this network connectivity pattern, the on-premises network connects to the virtual WAN hub using SD-WAN tunnels.
Use this connectivity pattern when:
There is an existing Azure landing zone virtual WAN hub
SD-WAN is used for the on-premises network connectivity
There is sufficient bandwidth for SAP data migration over SD-WAN
It is practical for customers with SD-WAN to maximise their investments into the public cloud. Customers with an existing virtual WAN hub can extend their SD-WAN network into Azure, in the same capacity as their on-premises SD-WAN hub.
Figure 6.3 Virtual WAN connection to RISE with SAP and SD-WAN to on-premises
The VNet connection to the RISE with SAP VNet allows transit connectivity via the SD-WAN appliances in the virtual WAN hub. This allows traffic from the on-premises network to reach the RISE with SAP network via the hub.
Data Migration
If you are migrating data from your on-premises datacentre to the RISE with SAP environment, ensure that you have sufficient dedicated Internet bandwidth to support the data migration over SD-WAN.
User Traffic
Customer branch locations can establish direct SD-WAN tunnels to the Azure hub, and connect to RISE with SAP over the virtual WAN VNet connection.
Figure 6.4 Data paths: Virtual WAN connection to RISE with SAP and SD-WAN to on-premises
6.4 Virtual WAN Connection to RISE with SAP and ExpressRoute to On-premises
Some customers have either already deployed ExpressRoute into their landing zone (virtual WAN hub) or are currently in the process of doing so. In either case, ExpressRoute could be used to allow connectivity from on-premises to RISE with SAP.
Use this connectivity pattern when:
There is an existing Azure landing zone virtual WAN hub
It is feasible to deploy ExpressRoute or there’s an existing ExpressRoute deployed into the landing zone hub
There is sufficient bandwidth over ExpressRoute for data migration
Figure 6.5 Virtual WAN connection to RISE with SAP and ExpressRoute to on-premises
Data Migration
If you are migrating data from your on-premises datacentre to the RISE with SAP environment, ensure that you have adequate bandwidth on the ExpressRoute circuit to support the data migration. You should also ensure the ExpressRoute gateway SKU is sized correctly to accommodate the bandwidth required.
Figure 6.6 Data paths: Virtual WAN connection to RISE with SAP and ExpressRoute to on-premises
Summary
In this article, we explored different ways to connect to the RISE with SAP network in Azure. The connectivity method used depends on whether a customer has an existing Azure platform landing zone or not.
If there is an existing platform landing zone, you should connect to RISE with SAP using VNet peering or virtual WAN VNet connection. Connecting through VNet peering or virtual WAN connection is the recommended approach because it provides a more robust way to connect on-premises and Azure-native workloads to RISE with SAP.
If there is no existing platform landing zone, you can connect directly from on-premises to RISE with SAP using either ExpressRoute or site-to-site VPN.
Microsoft Tech Community – Latest Blogs –Read More
Azure Landing Zones – Policy Refresh Q1 FY25
ALZ – Policy Refresh Q1 FY25 is here!
As you may be aware, the ALZ team release cadence is now on quarterly basis to help customers and partners manage change in their environments. Additionally, based on feedback from our community, partners and customers that we will only introduce breaking changes every half-year, this release, being 3 months since the last breaking change (FY24 H2), therefore does not contain any breaking changes.
With the generally “quiet” time over the summer (in the northern hemisphere), the ALZ team have taken advantage and worked on enhancing security, quality and reliability of ALZ’s Policies.
Security
As a core priority for Microsoft, security comes first.
We’ve updated all our custom minimum TLS version policies to support TLS version 1.2 AND 1.3 as more Azure services roll out supporting TLS 1.3 (we are aware of built-in policies owned by other product teams that require updating and will be working with them in the months ahead).
Most significantly we’ve introduced the option to audit (for now but over time will increase to deny) the use of virtual network private subnets, via the built-in policy “Subnets should be private”. This is a key security feature that ensures resources in a subnet cannot access the internet directly but must either go through a firewall or NAT gateway to egress, reducing exfiltration options for potentially compromised resources. We encourage our partners and customers to review this in their environments, more information can be found here on this topic “Default outbound access in Azure – MS Learn”.
We’re also addressing other items like disabling local authentication for automation accounts, which is a best practice.
Quality
This involved a lot of backend work and scripting to improve testing of contributions to meet the high standards our consumers expect, including enhancements to testing of custom policy contributions but most notably a complete overhaul of deployment testing using the ARM reference implementation (driven through the portal experience). We can now do full deployments depending on the nature of changes from policy only to selected networking topologies, significantly reducing the many hours needed to do end to end testing with every release.
Whilst this doesnt directly benefit our consumers, it does mean we can complete more work as an ALZ team as testing is enhanced and more efficient which in turn means ALZ can add more in each release for our consumers to benefit from.
AI Ready
Microsoft is heavily invested in the AI space, and ALZ plays a part in driving it’s adoption at scale.
We’re working with internal teams preparing to provide prescriptive guidance for customers leveraging Azure AI Services in their tenants. To support these teams and ensuring customers are following best practices securing the Azure AI Services in their tenants, we are releasing significant updates to our recommended policies and initiatives for:
Azure OpenAI
Cognitive Services/Search -> AI Services
Machine Learning
Bot Service (new) -> AI Bot Services
| Note: some services are changing names (as indicated above)
For those using the portal accelerator, the options to configure this are under “Workload Specific Compliance”, which has been enhanced to provide a more friendly user experience journey and as before allows you to define the scope to apply:
For those just looking to benefit from our awesome policy work in the AI space, head to our wiki page that contains details and links to all of the policies mentioned above.
General
We have also made a number of small changes to policies and initiatives to update to the latest and greatest, or added much asked for features like adding the option to select either ALL or AUDIT only diagnostic settings logs to be sent to Log Analytics.
We updated initiatives to use a newer built-in policy versions, added additional configuration options – all driven by feedback from the field (please keep it coming!)
Closing
Do note that the ALZ Policy Refresh is released first to the portal experience (as this is where we currently host policy definitions & initiatives as a source of truth), and it takes a short time before these updates are incorporated in the other reference implementations like Terraform, Bicep, etc. Please do check the release notes on those repositories if you are using those implementations.
If you have suggestions for ALZ, please do submit a GitHub Issue over at https://aka.ms/alz/repo.
Please do also regularly review our What’s New (https://aka.ms/alz/whatsnew), as this includes all the details of what has changed, including any updates needed between major releases.
And finally make sure to attend our community call https://aka.ms/alz/communitycall which we host every 3 months and discuss releases and also catch-up on the recordings of the previous ones at the same link!
Microsoft Tech Community – Latest Blogs –Read More
Use community queries to hunt more effectively across email and collaboration threats
In the ever-evolving landscape of cybersecurity, staying ahead of threats is a constant challenge. Advanced hunting in Microsoft Defender XDR provides security teams with powerful tools to proactively search for threats, detect anomalies, and respond swiftly to incidents—even automatically. One of the most valuable and insightful resources within advanced hunting is the community queries feature. This collaborative repository can enhance your threat-hunting capabilities, streamline investigation processes, and empower your security operations center (SOC) team members with easily accessible shared knowledge.
Using a new set of pre-built community queries to investigate and respond to email and collaboration related security threats, you can now hunt even for more effectively.
What is the community queries feature?
Community queries in advanced hunting is a curated collection of Kusto Query Language (KQL) scripts contributed by Microsoft, industry experts, and the global security community. These queries are designed to address common security concerns, detect emerging threats, and automate the analysis of large datasets.
The repository serves as a starting point for both novice and seasoned threat hunters, offering pre-built queries that can be customized to fit specific organizational needs. By leveraging these community-contributed queries, SOC team members can quickly gain insights into potential threats without having to start from scratch.
Benefits of using community queries
Time efficiency – Community queries provide a wealth of ready-made queries that can be immediately utilized. This saves valuable time, allowing security teams to focus on analyzing results rather than writing queries from scratch.
Continuous learning – The repository is continuously updated with new queries that reflect the latest threat intelligence and security trends. This means that your threat-hunting efforts can evolve alongside the threat landscape.
Collaboration and knowledge sharing – By using and contributing to community queries, organizations can tap into the collective expertise of the global security community. This collaborative approach helps in identifying and mitigating threats that may not yet be on your radar.
Customization and flexibility – While the queries in the community are powerful out of the box, they are also highly customizable. You can tweak and modify them to suit the specific needs of your environment, ensuring that your threat detection efforts are tailored and precise.
How to access and use community queries
Users can access the community queries within Microsoft Defender XDR advanced hunting via:
Navigate to the Advanced hunting page – In Microsoft Defender XDR, go to the advanced hunting section. Here, you can run, save, and manage your KQL queries.
Explore Community queries – Look for the “Community queries” under the “Queries” tab. This is where you’ll find the collection of pre-built queries contributed by Microsoft and the security community. Email and collaboration security related queries which are relevant to Defender for Office 365 can be found under the “Email Queries” folder and its subfolders.
Select and run a query – Browse through the available queries and select one that matches your current needs. You can run the query as-is or customize it by modifying parameters, adding filters, or combining it with other queries.
Analyze and act on the results – Once the query is executed, analyze the results to identify potential threats, anomalies, or areas of interest. From here, you can take appropriate actions, such as creating incidents and alerts, creating and refining custom detection rules or even deleting email messages if necessary.
Pro Tip: Custom detection rules can be used to act on email messages based on your queries automatically. Select email delete action when saving the detection rule to not just generate Incidents in Microsoft Defender XDR but act automatically when the detection is triggered.
Popular use cases for Defender for Office 365 related community queries
Detecting phishing attacks – Use community queries to identify patterns of phishing emails, malicious links, or unusual email activity that could indicate a phishing campaign.
Identifying lateral movement – Leverage queries that detect unusual account activities or unauthorized access, helping to spot lateral movement within your network.
Investigating malware outbreaks – Utilize community queries to search for indicators of compromise (IOCs) related to known malware families, enabling rapid response to potential outbreaks.
Monitoring privileged accounts – Community queries can help you track the activities of privileged accounts, ensuring that any suspicious behavior is flagged and investigated promptly.
QR code – Hunt, investigate and respond to QR code related email security threats
URL clicks – Investigate potentially malicious URL clicks in emails, Microsoft Teams and Office Apps
Ensuring secure posture – Review the impact of admin and user created filter verdict overrides which may impact organization security posture negatively
Current query repository for Defender for Office 365
The full list of queries is available directly in Microsoft Defender XDR advanced hunting. The queries relevant to Defender for Office 365 are organized under the Email Queries folder using subfolders based on email and collaboration security topics.
Attachment, Authentication, General, Hunting, Malware, Override, Phish, QR code, Quarantine, Remediation, Spoof and Impersonation, Submissions, Top Attacks, URL, URL Click, and ZAP.
The queries are also available directly in the Microsoft Sentinel GitHub repository
Contribute to community queries
Anyone can contribute to community queries in advanced hunting. The strength of these queries lies in the diversity of its contributors. If you develop a query that proves valuable in your environment for email security, we strongly recommend considering sharing it with the wider community.
By doing so, you contribute to the collective defense against cyber threats and help other organizations enhance their security posture.
To start contributing simply follow the steps listed here and add your queries to the unified Microsoft Sentinel and Microsoft Defender XDR repository on GitHub.
Community queries is more than just a repository of scripts—it’s a dynamic, collaborative resource that empowers security teams to stay ahead of emerging threats. By leveraging and contributing to this community, organizations can enhance their threat-hunting capabilities, reduce time-to-detection, and foster a culture of continuous learning and collaboration.
In the ever-changing world of cybersecurity, having access to a community-driven repository of advanced queries is an invaluable asset. Whether you’re a seasoned threat hunter or just starting out, community queries are a resource you can’t afford to overlook. So, dive in, explore, and start unlocking the full potential of advanced hunting today.
More information:
Check out our documentation
Get expert training on advanced hunting
Take action on advanced hunting query results
Advanced hunting data schema including Defender for Office 365 tables
Microsoft Defender for Office 365 Security Operations Guide
Microsoft Tech Community – Latest Blogs –Read More
How to color folders in OneDrive and File Explorer
Users are able now to see folder colors applied from OneDrive on the web in the OneDrive folder in File Explorer and manage folder colors in File Explorer by right clicking a folder name and then selecting OneDrive Folder color.
#MicrosoftOneDrive #OneDrive #Microsoft365 #MPVbuzz
Users are able now to see folder colors applied from OneDrive on the web in the OneDrive folder in File Explorer and manage folder colors in File Explorer by right clicking a folder name and then selecting OneDrive Folder color.
#MicrosoftOneDrive #OneDrive #Microsoft365 #MPVbuzz Read More
Intune Kiosk – downloads
Hi,
I’m trying to setup a Intune kiosk that would allow the user to download a file which they would use to access our VDI (Citrix).
However, everytime the single-app kiosk downloads the .ica file it says ‘blocked’ – I can’t seem to find where we can change this so it allows downloads.
Any ideas?
Thanks
Hi, I’m trying to setup a Intune kiosk that would allow the user to download a file which they would use to access our VDI (Citrix). However, everytime the single-app kiosk downloads the .ica file it says ‘blocked’ – I can’t seem to find where we can change this so it allows downloads. Any ideas? Thanks Read More
Error Message – External Users with Multifacto Authentication – After successful Login
Dear Ladies and Gentlemen,
some external users receive error message after successful login also through the multi factor authentication in SharePoint Online, when they try to reach after this successful login another object in SharePoint Online for which they have permissions.
In German is written:
Das hat nicht funktioniert.
Die externe Freigabe ist für “Tenant URL Address” deaktiviert.
What I would translate into:
It has not worked.
The external release for the “Tenant URL Address” is deactivated.
The external users just want to access some object in the dedicated site not in tenant itself.
For me it seems as if during the authentication loop while trying to reach another object is some obstacle in the way.
Thank you for your help.
Ladislav Stupak
Dear Ladies and Gentlemen, some external users receive error message after successful login also through the multi factor authentication in SharePoint Online, when they try to reach after this successful login another object in SharePoint Online for which they have permissions. In German is written: Das hat nicht funktioniert.Die externe Freigabe ist für “Tenant URL Address” deaktiviert. What I would translate into: It has not worked.The external release for the “Tenant URL Address” is deactivated. The external users just want to access some object in the dedicated site not in tenant itself. For me it seems as if during the authentication loop while trying to reach another object is some obstacle in the way. Thank you for your help.Ladislav Stupak Read More
Outlook for Mac quote button
Hi all,
It has been a few months since I migrated to MacOS from Linux. During my days in Linux, I use Outlook web version and now I have been using Outlook app for Mac.
One feature that I missed is quote button, which I use quite a lot! It seems that the Outlook app in Mac doesn’t have quote button, for some reason.
What I usually do is copy pasting and then put an indentation and italic, which is OK, but not nearly as polished. It would be really great to have this feature added in.
In the meantime, is there any alternative to ‘save’ a style for quote that is similar to the web version?
Thanks!
Hi all, It has been a few months since I migrated to MacOS from Linux. During my days in Linux, I use Outlook web version and now I have been using Outlook app for Mac. One feature that I missed is quote button, which I use quite a lot! It seems that the Outlook app in Mac doesn’t have quote button, for some reason. What I usually do is copy pasting and then put an indentation and italic, which is OK, but not nearly as polished. It would be really great to have this feature added in. In the meantime, is there any alternative to ‘save’ a style for quote that is similar to the web version? Thanks! Read More
Microsoft 365 copilot
Hi
I have created an action for Microsoft 365 Copilot , using Copilot studio.
During testing i am getting error 400. What
HiI have created an action for Microsoft 365 Copilot , using Copilot studio.During testing i am getting error 400. What Read More
I need assistance with saving a Form template I created correctly
I recently created using Microsoft 365 app Forms a template for a university assessment. So it saved in Forms fine however when I attached it to the university assessment for marking I received a message back from the teacher advising that it wouldn’t open . Upon checking what they could see it only shows the title page and nothing more . How do I save this so I can attach it properly and the entire form can be viewed by others?
I recently created using Microsoft 365 app Forms a template for a university assessment. So it saved in Forms fine however when I attached it to the university assessment for marking I received a message back from the teacher advising that it wouldn’t open . Upon checking what they could see it only shows the title page and nothing more . How do I save this so I can attach it properly and the entire form can be viewed by others? Read More
Retention Events
I’ve been doing some testing with retention events and can’t seem to get them to work.
A Crawled Property has been added to RefinableString01 and I can get search results using this, and also get the correct amount of results when using Content Search. The event was created a month ago, but still showing as 0 items processed.
A second event was also created using ComplianceAssetID and this is also showing as 0 items processed after a month.
A couple of blogs on how to create the events have been followed, and all say the same thing about setting everything up and the fact the if the data appears in Content Search using the search string then you should get results with the event,
When would I expect to see items appear as being processed?
Is there something I’ve missed, maybe a licencing issue?
I’ve been doing some testing with retention events and can’t seem to get them to work. A Crawled Property has been added to RefinableString01 and I can get search results using this, and also get the correct amount of results when using Content Search. The event was created a month ago, but still showing as 0 items processed. A second event was also created using ComplianceAssetID and this is also showing as 0 items processed after a month. A couple of blogs on how to create the events have been followed, and all say the same thing about setting everything up and the fact the if the data appears in Content Search using the search string then you should get results with the event, When would I expect to see items appear as being processed?Is there something I’ve missed, maybe a licencing issue? Read More
Line under taskbar icons
There’s a weird line below some taskbar icons. Before, I knew that line indicates if app is open/focused, but there’s a line under closed apps now, for example third icon in my screenshot, while second icon is not underlined! And why is so longer – each line has a different width like it indicates something, but no clue what.
How to remove the line under apps which are not running?
What does the line means even? Why its so inconsistent and confusing?
Running latest 24H2 btw.
There’s a weird line below some taskbar icons. Before, I knew that line indicates if app is open/focused, but there’s a line under closed apps now, for example third icon in my screenshot, while second icon is not underlined! And why is so longer – each line has a different width like it indicates something, but no clue what. How to remove the line under apps which are not running?What does the line means even? Why its so inconsistent and confusing? Running latest 24H2 btw. Read More
I need to read the Alias in outlook using Graph API
In the previous version of the Outlook application, right-clicking on an email address provided an option labeled “Open Outlook Properties.” Upon selecting this option, users could view various tabs, including General, Organization, Phones, Member Of, and E-mail Addresses. Within the General tab, information such as the name and address is displayed. The name section includes fields for the first name, initials, last name, display name, and alias. I am interested in retrieving the alias using the Graph API. Could anyone provide guidance on how to accomplish this?
In the previous version of the Outlook application, right-clicking on an email address provided an option labeled “Open Outlook Properties.” Upon selecting this option, users could view various tabs, including General, Organization, Phones, Member Of, and E-mail Addresses. Within the General tab, information such as the name and address is displayed. The name section includes fields for the first name, initials, last name, display name, and alias. I am interested in retrieving the alias using the Graph API. Could anyone provide guidance on how to accomplish this? Read More
Can”t sign in
Trying to sign in to account. I just keep receiving the message: Something went wrong. please try again.
Tried on my phone, tried on my iPad.
Tried to reboot.
Any ideas?
Trying to sign in to account. I just keep receiving the message: Something went wrong. please try again. Tried on my phone, tried on my iPad.Tried to reboot.Any ideas? Read More
