Microsoft CMMC Acceleration

We are actively building acceleration by developing resources for both partners and Defense Industrial Base (DIB) companies to leverage in their Cybersecurity Maturity Model Certification (CMMC) journey. These tools cannot guarantee a positive CMMC adjudication, but they may assist Organizations Seeking Certification (OSC) by improving their CMMC posture going into a formal CMMC assessment in accordance with the DOD and Cyber Accreditation Body (Cyber-AB) standards.

For more information, please see Notices later in this article.

Here is a summary of the most recent resources to help get you started.

Home Page for CMMC

Want to start your CMMC compliance journey on the right foot?  We have a home page for CMMC at https://aka.ms/cmmc.  Found on the Microsoft Federal site, the home page includes an outline of resources available, including references to our Microsoft Cloud service offerings and an up-to-date list of blogs and documentation we release.  Please bookmark the site and leverage it as your launching point in all things Microsoft and CMMC.

While you are there on the Microsoft Federal site, also browse around and check out our Federal Segment on Defense and the Solutions we have for DoD Zero Trust Strategy and the Cybersecurity Executive Order.

Microsoft Product Placemat for CMMC

Microsoft Product Placemat for CMMC is an interactive view representing how we believe Microsoft cloud products and services satisfy requirements for CMMC practices.  The user interface resembles a periodic table of CMMC Practice Families.  The default view illustrates the practices with Microsoft Coverage that are inherited from the underlying cloud platform.  It also depicts practices for Shared Coverage where the underlying cloud platform contributes coverage for specific practices but requires additional customer configuration to satisfy requirements for full coverage.  For each practice that aligns with Microsoft Coverage or Shared Coverage, verbal customer implementation guidance and practice implementation details are documented.  This enables you to drill down into each practice and discover details on inheritance and prescriptive guidance for actions to be taken by the customer to try to meet practice requirements in the shared scope of responsibility for compliance with CMMC.

In addition to the default view, you may select and include products, features and suite SKUs to adjust how each cloud product is placed with CMMC.  For example, you may select the Microsoft 365 E5 SKU or “Select All” for maximum coverage of CMMC.  You may also use the blue-colored cell on the top left to select from a drop-down menu filtering the Placemat.  You may choose between three options:

Level 1 – Foundational: This option will display the practices associated with CMMC Level 1.
Note: there are 17 practices in this release, but will be updated soon to reflect the Final Rule’s trim to 15 practices.
Level 2 – Advanced: This filter will display 110 practices associated with CMMC Level 2. 
Note: aligns with the controls for NIST SP 800-171.
Level 3 – Expert: This filter displays the additional CMMC Level 3 practices that align with NIST SP 800-172.

The Microsoft Product Placemat for CMMC is currently in public preview.  It has been updated to include support for CMMC Level 3 and usability improvements based on public preview feedback.  In addition, the public preview release has been updated to include implementation guidance for every practice in alignment with the Technical Reference Guide.

Note: This release was issued prior to the final CMMC rule publication in this month (October 2024).  We are diligently working on a refresh to refine for the final rule.

You may download a copy at:

              https://aka.ms/cmmc/productplacemat

Please share feedback at https://aka.ms/cmmc/productplacematfeedback.

Microsoft Technical Reference Guide for CMMC

We are excited to update this significant artifact of CMMC Acceleration!  The Microsoft Technical Reference Guide for CMMC includes implementation statements for an organization pursuing CMMC while leveraging relevant Microsoft services. This includes brief descriptions of relevant Microsoft cloud services and products, and links to further implementation documentation. The guide focuses on CMMC Level 2 (L2) and Level 3 (L3) for this release.

If you think of the Microsoft Product Placemat for CMMC as being a level 100 document, the guide is level 200 and more.

The guide is organized in sections for each of the domains of CMMC, beginning with Access Control:

Access Control (AC)

AC.L1-3.1.1

Control Summary Information

NIST SP 800-53 Mapping: AC-2, AC-3, AC-17

Practice: Limit information system access to authorized users, processes acting on behalf of authorized users or devices (including other information systems).

Assessment Objectives:

[a] authorized users are identified;

[b] processes acting on behalf of authorized users are identified;

[c] devices (and other systems) authorized to connect to the system are identified;

[d] system access is limited to authorized users;

[e] system access is limited to processes acting on behalf of authorized users; and

[f] system access is limited to authorized devices (including other systems).

Primary Services

Secondary Services

Microsoft Entra ID
Azure RBAC
Intune/Intune Suite

Microsoft Information Protection
Conditional Access
Customer Lockbox
Privileged Identity Management (PIM)
Microsoft 365 Web Apps
M365 Groups

Microsoft Entra ID Multi-Factor Authentication

You may notice the guide has the same outline of Primary and Secondary Services as identified in the Microsoft Product Placemat for CMMC.  However, this document format lets us get into much more depth of the implementation statements as compared to the Placemat spreadsheet.

The Microsoft Technical Reference Guide for CMMC is currently in public preview. 

Note: This release was issued prior to the final CMMC rule publication in this month (October 2024).  We are diligently working on a refresh to refine for the final rule.

You may download a copy at:

              https://aka.ms/cmmc/techrefguide

Please share feedback at https://aka.ms/cmmc/techrefguidefeedback.

Notices

Microsoft CMMC Acceleration provides customers and partners with resources to pursue CMMC compliance while leveraging Microsoft products and services— It does not address security practices occurring outside of Microsoft products and services.

Please further note that the CMMC compliance standard has yet to be officially rolled out. As a result, there may be additional nuance or complexity associated with CMMC compliance that will only materialize through the practical application of the standard by the DoD and Cyber-AB. As a result, the information herein, including all Microsoft CMMC related offerings, are provisional and may be enhanced to align with future guidance.

Microsoft does not guarantee nor imply any ultimate compliance outcome or determination based on one’s consumption of this article or the resources linked from it — all CMMC certification requirements and decisions are governed by the DoD and Cyber-AB, and Microsoft has no direct or indirect insight into or bearing over compliance determinations. The associations between compliance domains, practices, and Microsoft CMMC Acceleration may change at any time.

Customers must individually determine the necessary steps required to ensure their organization fully satisfies each recommended CMMC compliance practice, in addition to or in place of what is described in program resources. This responsibility spans all Microsoft (Azure, Microsoft 365, etc.) consumption decisions, including, among other things, which Microsoft offerings to procure, as well as all configuration decisions associated with such use and consumption.

Appendix

Please follow me here and on LinkedIn. Here are my additional blog articles:

Blog Title

Aka Link

Microsoft Collaboration Framework

https://aka.ms/ND-ISAC/CollabFramework 

ND-ISAC MSCloud – Reference Identity Architectures for the US Defense Industrial Base

https://aka.ms/ND-ISAC/IdentityWP 

Microsoft CMMC Acceleration Update

https://aka.ms/CMMC/Acceleration

History of Microsoft Cloud Service Offerings leading to the US Sovereign Cloud for Government

https://aka.ms/USSovereignCloud

The Microsoft 365 Government (GCC High) Conundrum – DIB Data Enclave vs Going All In

https://aka.ms/AA6frar

Microsoft US Sovereign Cloud Myth Busters – A Global Address List (GAL) Can Span Multiple Tenants

https://aka.ms/AA6seih

Microsoft US Sovereign Cloud Myth Busters – A Single Domain Should Not Span Multiple Tenants

https://aka.ms/AA6vf3n

Microsoft US Sovereign Cloud Myth Busters – Active Directory Does Not Require Restructuring

https://aka.ms/AA6xn69

Microsoft US Sovereign Cloud Myth Busters – CUI Effectively Requires Data Sovereignty

https://aka.ms/CUISovereignty

Microsoft expands qualification of contractors for government cloud offerings

https://aka.ms/GovCloudEligibility 

​Microsoft Tech Community – Latest Blogs –Read More 

Hello, we have not changed the password for our service account that does the Client Push since the initial setup. According to the Microsoft documentation for “Accounts used in Configuration Manager”, it is recommended that you create a new account and assign it the Client Push role. Give it some time to propagate, then remove the original account. 

Is there a way to make the new account be the primary account that is used? I don’t really understand how the client will know that there are 2 accounts being used and if one does not exist to use the other.

Thank you,

Steve

​Hello, we have not changed the password for our service account that does the Client Push since the initial setup. According to the Microsoft documentation for “Accounts used in Configuration Manager”, it is recommended that you create a new account and assign it the Client Push role. Give it some time to propagate, then remove the original account.  Is there a way to make the new account be the primary account that is used? I don’t really understand how the client will know that there are 2 accounts being used and if one does not exist to use the other. Thank you, Steve   Read More

​

Overview

This is a step-by-step guided walkthrough of how to use a custom KQL Copilot for Security plugin for Identity SOC and forensics use cases and how it helps in implementing a consistent security policy for every user, employee, frontline worker, customer, and partner as well as apps, devices, and workloads across multi-cloud and hybrid.

Use case summary

Monitoring and governing Identities using Copilot for Security custom Identity Analyst Plugin:

User Risk Assessment: Monitor user risk levels based on their activities. This could include sign-in attempts from unfamiliar locations, repeated failed sign-in attempts, or other suspicious behavior.
Sign-in Monitoring: Track user sign-in activities. This includes successful sign-ins, failed attempts, and the location and device used for sign-in. Unusual sign-in activity could be a sign of a potential security threat.
Admin Activity Monitoring: Admin accounts have high-level access and can be a prime target for attackers. Monitor admin activities, especially those involving changes to security settings, user privileges, or access controls.
Application Usage Monitoring: Keep an eye on the usage of applications within your organization. Unusual application activity, such as a high number of downloads or an increase in usage outside of normal business hours, could indicate a potential security issue.
Privileged Identity Management: Monitor the lifecycle of privileged identities within your organization. This includes the creation, modification, and deletion of privileged accounts.
Access Review: Regularly review user access to various resources within your organization. This can help ensure that users only have access to the resources they need for their job functions, reducing the risk of insider threats.

In this guide, we will provide high-level steps to get started using the new tooling. We will start by adding the custom plugin and it’s recommended for organizations to test this in their dev environment first.

Installation

Use the following steps to obtain and install the custom Identity Analyst Plugin for Copilot for Security: Go to securitycopilot.microsoft.com
Download the IdentitySecurityAnalyst.yml file from here.
Select the plugins icon down in the left corner.

4. Under Custom upload, select upload plugin

5. Select the Copilot for Security plugin and upload the IdentitySecurityAnalyst.yml file

6. Click Add

7. Under Custom you will now see the plug-in. Ensure it is enabled.

The custom package contains the following prompts:

Let us get started with more use cases leveraging Copilot for Security capabilities:

User Risk Assessment

Fetches the user risk levels based on their activities. This could include sign-in attempts from unfamiliar locations, repeated failed sign-in attempts, or other suspicious behavior.

In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetUserRiskAssesment’ as shown below:

A sample result will be:

User Sign-In Activities

Fetches user sign-in activities. This includes successful sign-ins, failed attempts, and the location and device used for sign-in. Unusual sign-in activity could be a sign of a potential security threat.

In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetSignInMonitoring’  or prompt with ‘Get users signin activities using Identity analyst plugin’.

Admin Activities Monitoring

Fetches Admin Activity Monitoring logs. Admin accounts have high-level access and can be a prime target for attackers. Monitor all admin activities, especially those involving changes to security settings, user privileges, or access controls.

In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetAdminActivityMonitoring’  or prompt with ‘Get admin activities monitoring using Identity analyst plugin’. 

Applications Usage Monitoring

Fetches Application Usage Monitoring logs to keep an eye on the usage of applications within your organization. Unusual application activity, such as a high number of downloads or an increase in usage outside of normal business hours, could indicate a potential security issue.

In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetApplicationUsageMonitoring’  or prompt with ‘Get application usage monitoring using Identity analyst plugin’.

Privileged Identity Management (PIM) Monitoring

Fetches Privileged Identity Management logs to monitor the lifecycle of privileged identities within your organization. This includes the creation, modification, and deletion of privileged accounts.

In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityPIMMonitoring or prompt with ‘Get Privileged Identity Management monitoring using Identity analyst plugin’. 

Access Review Monitoring

Fetches Access Review logs to regularly review user access to various resources within your organization. This can help ensure that users only have access to the resources they need for their job functions, reducing the risk of insider threats.

In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityAccessReviewMonitoring or prompt with ‘Get Access Review monitoring using Identity analyst plugin’. 

Conclusion

This plugin is based on KQL that presents a relatively simple and scalable way to leverage the existing repositories of proven KQL queries within the Microsoft security ecosystem, One of the suggestions is you can customize the Custom KQL plugin YML file and make the time range to be as input parameter from Copilot for Security instead of specific hard-coded input. These can then be used as a basis to bring AI enrichment onto security data already present within Microsoft Identity for more details on Microsoft Copilot for Security custom plugins via KQL please visit  https://learn.microsoft.com/en-us/copilot/security/plugin-kql. Give it a go and give us your feedback so we can continuously improve the product for your benefit.

​Microsoft Tech Community – Latest Blogs –Read More 

Hi,

I have two sheets one in which patient attendance is tracked with which therapist has been attended. Another sheet that says the type of package that the patients has bought. 

Every day I need to calculate the revenue by each Therapist. I have attached both the sheets, to show the type of data that is being generated from the system. 

Patient Attendance Tracker 

Patient NamePatient IDTherapistDepartmentDateShyam Hani153RyaanOccupational Therapy02/10/2024Shyam Hani153RyaanOccupational Therapy04/09/2024Shyam Hani153RyaanOccupational Therapy06/09/2024Shyam Hani153SanjuSpeech Therapy02/10/2024Shyam Hani153SanjuSpeech Therapy04/09/2024Shyam Hani153SanjuSpeech Therapy05/10/2024Shyam Hani153SanjuSpeech Therapy06/09/2024Shyam Hani153SanjuSpeech Therapy07/09/2024Meera Hasan152SanjuSpeech Therapy09/10/2024Meera Hasan152SanjuSpeech Therapy09/10/2024Meera Hasan152SanjuSpeech Therapy10/08/2024Meera Hasan152SanjuSpeech Therapy11/09/2024Meera Hasan152SanjuSpeech Therapy11/09/2024Meera Hasan152SanjuSpeech Therapy11/10/2024Meera Hasan152SanjuSpeech Therapy11/10/2024Meera Hasan152SanjuSpeech Therapy12/10/2024Dev Mani112SanjuOccupational Therapy01/10/2024Dev Mani112SanjuOccupational Therapy02/10/2024Dev Mani112SanjuOccupational Therapy04/10/2024Dev Mani112SanjuOccupational Therapy08/10/2024Dev Mani112SanjuOccupational Therapy09/10/2024Dev Mani112SanjuOccupational Therapy10/09/2024Dev Mani112SanjuOccupational Therapy10/10/2024Dev Mani112RyaanOccupational Therapy11/09/2024Dev Mani112RyaanOccupational Therapy11/10/2024Dev Mani112RyaanOccupational Therapy12/09/2024Dev Mani112RyaanOccupational Therapy01/10/2024Dev Mani112RyaanOccupational Therapy04/10/2024Dev Mani112RyaanOccupational Therapy08/10/2024Dev Mani112RyaanOccupational Therapy10/10/2024

Patient Price Tracker

Patient NameTherapistPatient IDPackage FromPackage ToPackage PricePackageShyam HaniSanju153Wednesday, 2 October 2024Wednesday, 4 September 2024100Speech TherapyShyam HaniRyaan153Wednesday, 2 October 2024 0Occupational TherapyMeera HasanSanju152Wednesday, 9 October 2024Saturday, 12 October 2024200Occupational TherapyDev ManiSanju112Tuesday, 1 October 2024Tuesday, 8 October 2024300Occupational TherapyDev ManiRyaan112Saturday, 27 July 2024Tuesday, 27 August 2024400Occupational Therapy

​Hi,I have two sheets one in which patient attendance is tracked with which therapist has been attended. Another sheet that says the type of package that the patients has bought.  Every day I need to calculate the revenue by each Therapist. I have attached both the sheets, to show the type of data that is being generated from the system.   Patient Attendance Tracker Patient NamePatient IDTherapistDepartmentDateShyam Hani153RyaanOccupational Therapy02/10/2024Shyam Hani153RyaanOccupational Therapy04/09/2024Shyam Hani153RyaanOccupational Therapy06/09/2024Shyam Hani153SanjuSpeech Therapy02/10/2024Shyam Hani153SanjuSpeech Therapy04/09/2024Shyam Hani153SanjuSpeech Therapy05/10/2024Shyam Hani153SanjuSpeech Therapy06/09/2024Shyam Hani153SanjuSpeech Therapy07/09/2024Meera Hasan152SanjuSpeech Therapy09/10/2024Meera Hasan152SanjuSpeech Therapy09/10/2024Meera Hasan152SanjuSpeech Therapy10/08/2024Meera Hasan152SanjuSpeech Therapy11/09/2024Meera Hasan152SanjuSpeech Therapy11/09/2024Meera Hasan152SanjuSpeech Therapy11/10/2024Meera Hasan152SanjuSpeech Therapy11/10/2024Meera Hasan152SanjuSpeech Therapy12/10/2024Dev Mani112SanjuOccupational Therapy01/10/2024Dev Mani112SanjuOccupational Therapy02/10/2024Dev Mani112SanjuOccupational Therapy04/10/2024Dev Mani112SanjuOccupational Therapy08/10/2024Dev Mani112SanjuOccupational Therapy09/10/2024Dev Mani112SanjuOccupational Therapy10/09/2024Dev Mani112SanjuOccupational Therapy10/10/2024Dev Mani112RyaanOccupational Therapy11/09/2024Dev Mani112RyaanOccupational Therapy11/10/2024Dev Mani112RyaanOccupational Therapy12/09/2024Dev Mani112RyaanOccupational Therapy01/10/2024Dev Mani112RyaanOccupational Therapy04/10/2024Dev Mani112RyaanOccupational Therapy08/10/2024Dev Mani112RyaanOccupational Therapy10/10/2024  Patient Price Tracker Patient NameTherapistPatient IDPackage FromPackage ToPackage PricePackageShyam HaniSanju153Wednesday, 2 October 2024Wednesday, 4 September 2024100Speech TherapyShyam HaniRyaan153Wednesday, 2 October 2024 0Occupational TherapyMeera HasanSanju152Wednesday, 9 October 2024Saturday, 12 October 2024200Occupational TherapyDev ManiSanju112Tuesday, 1 October 2024Tuesday, 8 October 2024300Occupational TherapyDev ManiRyaan112Saturday, 27 July 2024Tuesday, 27 August 2024400Occupational Therapy  Read More

​

How can I get the “department” field in the AD log? I already have AD integrated with Wazuh! But the data from this field is not coming through!
thanks 

​How can I get the “department” field in the AD log? I already have AD integrated with Wazuh! But the data from this field is not coming through!thanks   Read More

​

Getting below error for planner task update operation
{“error”:{“code”:””,”message”:”The If-Match header contains an invalid value.”,”innerError”:{“date”:”2024-10-24T15:32:02″,”request-id”:”b976210d-9970-4997-9e64-bef1c6c8e9d5″,”client-request-id”:”b976210d-9970-4997-9e64-bef1c6c8e9d5″}}}

string currentETag = “W/”JzEtVGFzayAgQEBAQEBAQEBAQEBAQEBARCc=””; 
httpClient.DefaultRequestHeaders.Add(“If-Match”, currentETag);

Need help of right combination for passing the correct etag I tried removing backlash and adding double quotes and other combinations given across articles.

​Getting below error for planner task update operation{“error”:{“code”:””,”message”:”The If-Match header contains an invalid value.”,”innerError”:{“date”:”2024-10-24T15:32:02″,”request-id”:”b976210d-9970-4997-9e64-bef1c6c8e9d5″,”client-request-id”:”b976210d-9970-4997-9e64-bef1c6c8e9d5″}}}string currentETag = “W/”JzEtVGFzayAgQEBAQEBAQEBAQEBAQEBARCc=””; httpClient.DefaultRequestHeaders.Add(“If-Match”, currentETag); Need help of right combination for passing the correct etag I tried removing backlash and adding double quotes and other combinations given across articles.  Read More

​

Hello, could you please tell me, if I have the following data in the multiple worksheet then how can I consolidate the data as per prioriy category. Thank you

​Hello, could you please tell me, if I have the following data in the multiple worksheet then how can I consolidate the data as per prioriy category. Thank you   Read More

​

by Ganesh Ananthanarayanan, Xenofon Foukas, Bozidar Radunovic, Yongguang Zhang

Introduction to the Evolution of RAN

The development of Cellular Radio Access Networks (RAN) has reached a critical point with the transition to 5G and beyond. This shift is motivated by the need for telecommunications operators to lower their high capital and operating costs while also finding new ways to generate revenue. The introduction of 5G has transformed traditional, monolithic base stations by breaking them down into separate, virtualized components that can be deployed on standard, off-the-shelf hardware in various locations. This approach makes it easier to manage the network’s lifecycle and accelerates the release of new features. Additionally, 5G has promoted the use of open and programmable interfaces and introduced advanced technologies that expand network capacity and support a wide range of applications.

As we enter the era of 5G Advanced and 6G networks, the goal is to maximize the network’s potential by solving the complex issues brought by the added complexity of 5G and introducing new applications that offer unique value. In this emerging landscape, AI stands out as a critical component, with advances in generative AI drawing significant interest from the telecommunications sector. AI’s proficiency in pattern recognition, traffic prediction, and solving intractable problems like scheduling makes it an ideal solution for these and many other longstanding RAN challenges. There is a growing consensus that future mobile networks should be AI-native, with both industry and academia offering support for this trend. However, practical hurdles like data collection from distributed sources and handling the diverse characteristics of AI RAN applications remain obstacles to be overcome.

The Indispensable Role of AI in RAN

The need for AI in RAN is underscored by AI’s ability to optimize and enhance critical RAN functions like network performance, spectrum utilization, and compute resource management. AI serves as an alternative to traditional optimization methods, which struggle to cope with the explosion of search space due to complex scheduling, power control, and antenna assignments. With the infrastructure optimization problems introduced by 5G (e.g. server failures, software bugs), AI shows promise through predictive maintenance and energy efficiency management, presenting solutions to these challenges that were previously unattainable. Moreover, AI can leverage the open interfaces exposed by RAN functions, enabling third-party applications to tap into valuable RAN data, enhancing capabilities for additional use cases like user localization and security.

Distributed Edge Infrastructure and AI Deployment

As AI becomes increasingly integrated into RAN, choosing the optimal deployment location is crucial for performance. The deployment of AI applications in RAN depends on where the RAN infrastructure is located, ranging from the far edge to the cloud. Each location offers different computing power and has its own trade-offs in resource availability, bandwidth, latency, and privacy. These factors are important when deciding the best place to deploy AI applications, as they directly affect performance and responsiveness. For example, while the cloud provides more computing resources, it may also cause higher latency, which can be problematic for applications that need real-time data processing or quick decision-making. 

Addressing the Challenges of Deploying AI in RAN

Deploying AI in RAN involves overcoming various challenges, particularly in the areas of data collection and application orchestration. The heterogeneity of AI applications’ input features makes data collection a complex task. Exposing raw data from all potential sources isn’t practical, as it would result in an overwhelming volume of data to be processed and transmitted. The current industry approach of utilizing standardized APIs for data collection is not always conducive to the development of AI-native applications. The standard set of coarse-grained data sources exposed through these APIs often fail to meet the nuanced requirements of AI-driven RAN solutions. This limitation forces developers to adapt their AI applications to the available data rather than collecting the data that would best serve the application’s needs.

The challenge of orchestrating AI RAN applications is equally daunting. The dispersed nature of the RAN infrastructure raises questions about where the various components of an AI application should reside. These questions require a careful assessment of the application’s compute requirements, response latency, privacy constraints, and the varied compute capabilities of the infrastructure. The complexity is further amplified by the need to accommodate multiple AI applications, each vying for the same infrastructure resources. Developers are often required to manually distribute these applications across the RAN, a process that is not scalable and hinders widespread deployment in production environments.

A Vision for a Distributed AI-Native RAN Platform

To address these challenges, we propose a vision for a distributed AI-native RAN platform that is designed to streamline the deployment of AI applications. This platform is built on the principles of flexibility and scalability, with a high-level architecture that includes dynamic data collection probes, AI processor runtimes, and an orchestrator that coordinates the platform’s operations. The proposed platform introduces programmable probes that can be injected at various points in the platform and RAN network functions to collect data tailored to the AI application’s requirements. This approach minimizes data volume and avoids delays associated with standardization processes.

The AI processor runtime is a pivotal component that allows for the flexible and seamless deployment of AI applications across the infrastructure. It abstracts the underlying compute resources and provides an environment for data ingestion, data exchange, execution, and lifecycle management. The runtime is designed to be deployed at any location, from the far edge to the cloud, and to handle both AI RAN and non-RAN AI applications.

The orchestrator is the component that brings all this together, managing the placement and migration of AI applications across various runtimes. It also considers the developer’s requirements and the infrastructure’s capabilities to optimize the overall utility of the platform. The orchestrator is dynamic, capable of adapting to changes in resource availability and application demands, and can incorporate various policies that balance compute and network load across the infrastructure.

In articulating the vision for a Distributed AI-Native RAN platform, it is important to clarify that the proposed framework does not impose a specific architectural implementation. Instead, it defines high-level APIs and constructs that form the backbone of the platform’s functionality. These include a data ingestion API that facilitates the capture and input of data from various sources, a data exchange API that allows for the communication and transfer of data between different components of the platform, and a lifecycle management API that oversees the deployment, updating, and decommissioning of AI applications. The execution environment within the platform is designed to be flexible, promoting innovation and compatibility with major hardware architectures such as CPUs and GPUs. This flexibility ensures that the platform can support a wide range of AI applications and adapt to the evolving landscape of hardware technologies.

Moreover, to demonstrate the feasibility and potential of the proposed platform, we have internally prototyped a specialized and efficient implementation of the AI processor, particularly for the far edge. This prototype is carefully designed to work with fewer CPUs, optimizing resource use while maintaining high performance. It demonstrates that the AI processor runtime principles can be implemented effectively to meet the specific needs of the far edge, where resources are limited and real-time processing is crucial. This specialized implementation exemplifies the targeted innovation that the platform emphasizes, showcasing how the flexible execution environment can be tailored to address specific challenges within the RAN ecosystem.

Balancing Open and Closed Architectures in RAN Integration

The proposed AI platform is adaptable, capable of fitting into open architectures that adhere to O-RAN standards as well as proprietary designs controlled by RAN vendors. This flexibility allows for a range of deployment scenarios, from a fully O-RAN compliant implementation that encourages third-party development to a fully proprietary model, or to a hybrid model that offers a balance between vendor control and innovation. In each scenario, the distributed AI platform can be customized to suit the specific needs of the infrastructure provider or adhere to the guidelines of standardization bodies.

Concluding Thoughts on AI’s Future in 6G RAN

The integration of AI into the RAN is central to the 6G vision, with the potential to transform network management, performance optimization, and application support. While deploying AI solutions in RAN presents challenges, a distributed AI-native platform offers a pathway to overcome these obstacles. By fostering discussions around the architecture of a 6G AI platform, we can guide standards bodies and vendors in exploring opportunities for AI integration. The proposed platform is intentionally flexible, allowing for customization to meet the diverse needs and constraints of different operators and vendors.

The future of RAN will depend on its ability to dynamically adapt to changing conditions and demands. AI is essential to this transformation, providing the intelligence and adaptability needed to manage the complexity of next-generation networks. As the industry progresses towards AI-native 6G networks, embracing both the challenges and opportunities that AI brings will be crucial. The proposed distributed AI platform marks a significant step forward, aiming to unlock the full potential of RAN through intelligent, flexible, and scalable solutions.

Innovation in AI and the commitment to an AI-native RAN are key to ensuring the telecommunications industry and the telecommunications networks of the future are efficient, cost-effective, and capable of supporting advanced services and applications. Collaborative efforts from researchers and industry experts will be vital in refining this vision and making the potential of AI in 6G RAN a reality.

As we approach the 6G era, integrating AI into RAN architectures is not merely an option but a necessity. The distributed AI platform outlined here serves as a blueprint for the future, where AI is seamlessly integrated into RAN, driving innovation and enhancing the capabilities of cellular networks to meet the demands of next-generation users and applications. 

For more details, please check the full paper.

Acknowledgements

The project is partially funded by the UK Department for Science, Innovation & Technology (DSIT) under Open Network Ecosystem Competition (ONE) programme.

​Microsoft Tech Community – Latest Blogs –Read More 

Hello,

I need help with a few things.

1. When someone fills out the form (on the right), it then populates into the list (on the left). When I comment on the populated row within the list, the user I am tagging is not getting notifications. How can I fix this? I do not want anyone else having access to the full list, just my comment.

2. Is there a way to create a workflow for approvals? I.e. if it’s a primary buyer I want these 3 people to approve in order, but if it’s an investor then I want these 4 people to approve in order?

​Hello, I need help with a few things. 1. When someone fills out the form (on the right), it then populates into the list (on the left). When I comment on the populated row within the list, the user I am tagging is not getting notifications. How can I fix this? I do not want anyone else having access to the full list, just my comment. 2. Is there a way to create a workflow for approvals? I.e. if it’s a primary buyer I want these 3 people to approve in order, but if it’s an investor then I want these 4 people to approve in order?    Read More

​