Month: November 2024
Finding Inactive Mailboxes Based on Message Trace Data
Many Ways Exist in Microsoft 365 to Find Inactive Mailboxes
On Tuesday, I posted a link to an old (2018) article explaining how to use message trace data to identify inactive distribution lists. Almost by return, I received a request to ask if it’s possible to use the same technique to find inactive mailboxes. The answer is yes, but before we go any further along that path, we should recognize that other methods exist to detect underused mailboxes, such as analyzing mailbox statistics and Entra ID sign in records or even looking through historical message trace searches to analyze message traffic for the last 90 days.
Looking past email, the Graph usage reports API reveals a ton of data about user activity that can be combined to reveal an in-depth view of how active accounts are across multiple workloads. You could also investigate activity by extracting audit log data for accounts and build a very granular view of exactly what people do in Microsoft 365 over a period. In other words, many ways exist to find inactive mailboxes using different data available to tenant administrators.
Changing the Script to Find Inactive Mailboxes
Not being a great fan of recreating wheels, I took the script written to detect inactive distribution lists and made the necessary changes. You can download the script from GitHub. The major changes are in two areas:
First, the script creates an array of user mailboxes rather than distribution lists. If you want to check activity for shared mailboxes, modify the script to include shared mailboxes in the receipt type details parameter for Get-ExoMailbox:
[array]$Mbx = Get-ExoMailbox -ResultSize Unlimited -RecipientTypeDetails 'UserMailbox', 'SharedMailbox' | Sort-Object DisplayName
Second, the script extracts message trace Delivered events rather than Expanded events. Expanded events are good for distribution lists because they happen when Exchange Online resolves the distribution list membership to create bifurcated copies of messages for delivery to individual recipients. Delivered events occur when Exchange Online successfully delivers a message. The script extracts details of the sender for these events on the basis that an active mailbox sends messages (which is what Figure 1 shows the script reporting). Inactive mailboxes might receive a ton of messages, but unless they send a message, they’re not really active.
Generating Report Files
The script checks for the availability of the ImportExcel module. If found, the output file generated by the script is an Excel worksheet. Otherwise, the script creates a CSV file. The ImportExcel module is very easy to use and the worksheets it creates are nicer to work with in Excel than the CSV equivalent.
The code is straightforward. The Get-Module cmdlet checks for the module. If found, the output file name in the Downloads folder for the current user is generated. It’s easier to use the Downloads folder instead of checking for an arbitrary folder like “c:temp” and creating the folder if not available.
# Generate report
If (Get-Module ImportExcel -ListAvailable) {
$ExcelGenerated = $True
Import-Module ImportExcel -ErrorAction SilentlyContinue
$OutputXLSXFile = ((New-Object -ComObject Shell.Application).Namespace('shell:Downloads').Self.Path) + "InactiveMailUsers.xlsx"
$Report | Export-Excel -Path $OutputXLSXFile -WorksheetName "Inactive Mail Users Report" -Title ("Inactive Mail Users Report{0}" -f (Get-Date -format 'dd-MMM-yyyy')) -TitleBold -TableName "InactiveMailUsers"
} Else {
$OutputCSVFile = ((New-Object -ComObject Shell.Application).Namespace('shell:Downloads').Self.Path) + "InactiveMailUsers.csv"
$Report | Export-Csv -Path $OutputCSVFile -NoTypeInformation -Encoding Utf8
}
If ($ExcelGenerated) {
Write-Host ("An Excel report is available in {0}" -f $OutputXLSXFile)
} Else {
Write-Host ("A CSV report is available in {0}" -f $OutputCSVFile)
More to Do to Improve the Script
I’m sure that people will find ways to improve the script. For instance, you might decide to include details of the account that owns each mailbox, like their country or department. The beauty of PowerShell is that it’s easily changed. Go for it!
subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.
Learn how to exploit the data available to Microsoft 365 tenant administrators through the Office 365 for IT Pros eBook. We love figuring out how things work.
Microsoft Changes Names for Sensitivity Label Permissions
New Names for Sensitivity Label Permissions Clarify Usage
Every time you look around, something is changing with sensitivity labels, like the introduction of dynamic watermarking. More prosaic but still important, a recent update posted by Microsoft covers changes to the names for the four default permissions used for sensitivity labels. The new names for the permissions are:
- Co-owner is now Owner.
- Co-author is now Editor.
- Reviewer is now Restricted Editor.
- Viewer retains the same name.
Microsoft changed the names to make their usage more apparent to end users. I think the change makes sense. Co-author was always a name that troubled me. If you’re the co-author of a document, surely it makes sense to share equal ownership rights for the document with the other authors?
Sensitivity Label Permissions and Usage Rights
Each permission is a set of usage rights deemed appropriate for a certain level of interaction with a file or email. Figure 1 shows the set of default usage rights for the Editor role. Notably, the Export usage right is excluded from the permission set, so anyone holding this role is unable to save a copy of a labelled item to remove encryption. They also can’t replace or remove a sensitivity label from an item.
It’s always best to assign sensitivity label permissions to groups, including the special groups defined for sensitivity labels like everyone in your organization and all authenticated users. The caveats are that everyone in your organization includes guests, and all authenticated users means anyone who can authenticate with Entra ID or a federated directory service, like Google. If you want to assign a permission to all full-time employees (or a similar category), use a dynamic Microsoft 365 group or security group to identify the recipients.
Changing the Usage Rights for Sensitivity Label Permissions
If you don’t like the usage rights assigned in one of the four default permissions, you can create a custom permission and include whatever rights you think users need. For example, you might decide that the OBJMODEL (right to run macros) is not required for the Viewer permission. This right was needed when Azure Information Protection displayed an information protection bar in the Office apps. That need disappeared when the Office desktop apps introduced the sensitivity bar. The Viewer permission allows people to read, edit, and save documents and doesn’t (as far as I see) need the right to run macros any longer.
The EXTRACT usage right gets a lot of attention these days because Microsoft 365 Copilot uses this right to copy content from protected documents to use to ground prompts to the LLM. Copilot runs in the context of the signed-in user, so if a sensitivity label assigns that person the right to extract content, Copilot can use the content in its generated responses, such as document summaries. For this reason, some organizations have removed the Extract right from all but the Owner and Editor permissions.
Stopping Copilot using content from sensitive documents won’t stop Copilot finding those documents. To hide documents from Copilot, you must limit search in some way, like blocking search results for sites or document libraries. Microsoft limits Copilot with the Restricted SharePoint Search (an allow list for sites available to Copilot) and Restricted Content Discoverability (a deny list for sites blocked for Copilot) features.
Figuring Out the Best Usage Rights for Sensitivity Labels
In any deployment, it’s important to make sure that sensitivity labels grant users the usage rights necessary to get their jobs done. Part of the design process to create sensitivity labels is to understand what information they will likely protect and how people interact with that content. This knowledge then guides the selection of permissions to define in each label. The change in permission names is a prompt to reflect on whether the permissions for existing labels are still the best mixture of protection and usability. If not, it’s easy to adjust.
Granting Owner permission for everyone in the organization is a step on the sorry path to oversharing while restricting people to Viewer permission is likely to be overly restrictive. Restricted Editor looks like the new baseline sensitivity label permission to give everyone, with higher level permissions assigned as dictated by what interaction people need with protected documents.
Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365.
Matrix Unleashes A New Widespread DDoS Campaign
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals.
Aqua Nautilus researchers uncovered a new and widespread Distributed Denial-of-Service (DDoS) campaign orchestrated by a threat actor named Matrix. Triggered by activities detected on our honeypots, this investigation dives deep into Matrix’s methods, targets, tools, and overall goals. Read More
The Problem of Document Mismatches and Cloudy Attachments
Odd Document Mismatch Notifications For No Apparent Reason
Sensitivity label mismatches occur when a user applies a sensitivity label to a document in a SharePoint Online site that has a higher priority to the container management label applied to the site. When this happens, SharePoint Online sends a document mismatch notification email to the user who caused the mismatch and to the site owners.
It’s a simple and effective way to draw attention to the potential danger of data leakage caused when sensitive information is stored in sites intended for material that perhaps isn’t so confidential.
A Flood of Document Mismatch Notifications
Recently, I noticed that some accounts were receiving a flood of document mismatch notifications. This seemed strange. The accounts receive document mismatch notifications for the entire tenant because I use a mail flow rule to centralize processing of mismatch notifications, but the volume was abnormal (472 in a week). It’s not as if many people in the tenant apart from me apply sensitivity labels to protect content!
When I examined the email, I saw that the mismatch was accurate (the Confidential -User Assigned label has a higher priority than the Confidential access container management label), but the notifications were for Word documents with odd names that humans were unlikely to have created (Figure 1).
Clicking the link to open the document brought me to the SharedVersions folder in the preservation hold library of the owning site. This is the location used by SharePoint Online to hold copies of cloudy attachments (aka “modern attachments”, or the sending of links rather than actual files) when an auto-label retention policy is in place to capture copies of cloudy attachments for eDiscovery purposes. The auto-label policy covers cloudy attachments shared in Exchange Online email and Teams and Viva Engage conversations. It also covers situations where Microsoft 365 Copilot extracts and uses content from a document in its responses, such as creating a set of key points from a document.
For instance, Figure 2 shows Microsoft 365 Chat (BizChat) extracting key points from a document. If a retention policy for cloud attachments is in force when this happens, a background SharePoint Online job captures a copy of the referenced document as a cloudy attachment and assigns the retention label defined in the policy. It can take up to an hour before SharePoint creates the copy of the cloudy attachment in the preservation hold library.
The purpose of retaining copies of cloudy attachments is to make sure that eDiscovery can find the exact content at the time it was shared through email, Teams, or Viva Engage rather than the current content. A document might be very different now to what it was when its author circulated it to peers for their review and comment. Because SharePoint Online knows what version of the file was shared, it can locate the correct copy for eDiscovery. In Figure 3 we can see that this copy of a cloudy attachment is for version 5.0 of the shared file.
The Problem with Document Mismatches in Cloudy Attachments
The idea behind retaining copies of cloudy attachments is great, but the implementation runs into a problem when a sensitivity label mismatch exists. SharePoint captures a complete copy of cloudy attachments, including the assigned sensitivity label and that’s what provokes the document mismatch notification.
There’s no way to fix the problem. You cannot change the assigned label for a file captured in the preservation hold library when a retention policy is in force because SharePoint Online blocks any attempt to change the label. Likewise, SharePoint blocks any attempt to delete (or move) labelled items, even by site or global administrators.
In summary, you can open the document and view its content, but you can’t change anything. If this wasn’t the case, it would be possible to compromise the integrity of files retained in the preservation hold library. You can exclude the site(s) from the cloudy attachment retention policy, but this only prevents the capture of future cloudy attachments.
The result is that SharePoint Online keeps on sending document mismatch notifications to the author of the cloudy attachments and the site owners. The flood of notifications continues until the retention period set for the label finishes and SharePoint Online moves the copies of the cloudy attachments to the second stage of the site recycle bin and eventually permanently deletes the files.
The simple solution would be for SharePoint Online to ignore document mismatches for anything stored in the preservation hold library.
Fix Cloudy Attachment Storage Before the Problem Gets Worse
No one seems to have protested (in a public forum) about the problem of protected cloudy attachments ending up in the preservation hold library. I guess not many tenants that use a cloudy attachment retention policy have hit the problem with document mismatches. Maybe they don’t use sensitivity labels or perhaps their users are very disciplined at how they assign sensitivity labels to files. However, as time goes on, sensitivity labels are likely to become more popular and more Microsoft 365 apps might generate cloudy attachments.
Now’s a good time to fix this particular problem. I’ve made that point to Microsoft. Let’s see if they fix the issue.
Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.
The Impact of Generative AI on Technology Websites
AI Harvesting of Information Lowers Traffic and Reduces Revenue for Websites
The administrators of many websites and blogs have complained about a decline in traffic (page views), especially over the last year. Office365ITPros.com is not immune to what’s happening across the internet. We’ve seen a drop of about 50% in traffic since the summer of 2023. There’s lots of theories being explored for why the drop in traffic happened. Thinking about the situation, I believe that technical, human, and disruptive change combine to deliver what we see today with the impact of generative AI on technology websites being felt and not in a good way.
Many point to the effect of Google Analytics 4 (GA4) and say that the results for website traffic reported by GA4 are markedly different to its predecessor (here’s an example). I don’t pretend to be an expert on Google Analytics, but when everyone’s talking about the impact of a change, it’s hard not to conclude that the introduction of GA4 has had some effect.
In addition, search engine result pages (SERPs) now include snippets of information that might be sufficient to answer user queries (Figure 1). If an answer is found in a snippet, there’s no need to follow the link to the source web site to find more information. Snippets are great for users while contributing to declining page views.
User behavior is also changing. More mobile devices are used, so if an article doesn’t seize the attention of the reader within the first few paragraphs, the user will move on and not follow links in the text. Another factor is that mobile devices can favor the consumption of video content rather than traditional articles.
But the biggest change affecting websites covering technology is the impact of generative AI tools like ChatGPT and Microsoft Copilot. AI tools build large language models (LLMs) using information from the internet and can regurgitate that knowledge in a more approachable fashion than regular search results (Figure 2).
I used Bing.com for the SERP example in Figure 1 because Microsoft Copilot uses Bing search to gather information for its responses. What you see in Figure 2 is the Copilot equivalent of the Bing result in Figure 1. Interestingly, Copilot dropped the reference to the article used in the Bing SERP. I wrote that article some years ago and it’s very outdated now. It seems like Copilot favored more recent articles in its output.
What we learn from this demonstration is that AI gathers the knowledge that people would have found through web searches and serves it up without the need to go anywhere near the source sites. The result is a dramatic fall in website traffic with the only page views counted by Google being those that occur when someone clicks a link in an AI response.
The Lesson of Stack Overflow
Stack Overflow is a stark example of what can happen to a thriving technology website. For years, Stack Overflow was the place for developers to go when they had a coding problem or needed an example to know how to do something. Then ChatGPT came along and the effect on the traffic handled by Stack Overflow was dramatic (Figure 3).
Simply because technologists adopt new technology faster than the general public, technology sites were always likely to experience an impact as generative AI began to have an effect. In the case of Stack Overflow, the people who used it to seek answers are prime candidates to adopt new technologies like ChatGPT. The numbers don’t lie.
An analysis of the effect of ChatGPT on Stack Overflow and Reddit published on nature.com noted, “We estimate that Stack Overflow’s daily web traffic has declined by approximately 1 million individuals per day, equivalent to approximately 12% of the site’s daily web traffic just prior to ChatGPT’s release.” The report also noted a decrease in posting activity on the site. In time, Stack Overflow bowed to the inevitable loss in revenue and laid off 28% of its staff in October 2023.
GitHub Copilot
The success of GitHub Copilot and other AI-based developer tools increased the pressure on sites that offer answers to developers. The advantages of having a tool that can literally write code (and comments) to meet the needs of a developer cannot be understated. I’ve used GitHub Copilot for about a year and although I am not a professional developer and only write PowerShell scripts, GitHub Copilot has removed much of the need to lookup code examples.
GitHub Copilot shows generative AI off at its best. The users know what they are looking for, recognize errors, the source material for the LLMs is based on working code, and the output must always meet the acid test that it either works or not. It’s much easier for a tool like GitHub Copilot to cope with code than it is for its Microsoft 365 Copilot counterpart, which must deal with the vagaries of writing styles and content found in Office documents.
Users can’t be blamed for switching focus. From their perspective, it’s much easier to use a tool like ChatGPT than clicking through multiple threaded posts seeking a definitive answer to a problem. Leaving aside the salient fact that generative AI is quite capable of producing horrendously inaccurate answers, the user experience is easier, especially when AI delivers what seems to be well-crafted and complete answers.
Killing the Goose that Lays the Golden Eggs
All of this is great for those who sell generative AI products. At least, it is for now. The danger exists that the source material ingested by the LLMs used by generative AI will dry up over time as websites close because of a lack of traffic and declining revenue. In the Microsoft 365 space, we’ve seen this happen earlier this year with the demise of the Tekki Gurus site.
If no new content is created and published in blogs and articles on websites, ChatGPT and Microsoft Copilot will increasingly rely on aging information. This might be fine for answering questions of historical interest; it won’t be for questions about technology.
In October, I commented that errors and hallucinations generated by Microsoft 365 Copilot run the risk of corrupting the Microsoft Graph by being included in documents and files that are subsequently included in Microsoft Search and the semantic index. Once in the Graph, the bad information becomes available for Copilot to reuse and spread. No doubt users will pay attention to what Copilot generates in its responses and will attempt not to reuse erroneous content. But humans are humans and sometimes the pressure of work leads to mistakes.
Some websites won’t be affected. I think sites that offer very specific product content are less likely to see dramatic falls in website traffic patterns than those which specialize in covering general-purpose technology, like Microsoft 365. Sites offering news coverage and other time-dependent content will be less affected because of the time required to populate the LLMs with new material. Sites selling products won’t be affected because generative AI just doesn’t do this kind of thing (yet), and so on.
In-Person Technology Conferences Score
In a weird sort of way, in-person technology conferences become more important in the new world. Human interaction with conference attendees, asking questions at sessions, and the ability to have offline conversations with experts to explore their knowledge are real advantages that artificial intelligence cannot deliver. Virtual conferences offer the chance to learn and share knowledge too, but that in-person connection is where magic happens.
With that in mind, I look forward to meeting people at the ESPC event in Stockholm next month. Perhaps someone there can convince me that AI won’t continue to kill websites that publish valuable information about how technology works, but given the evidence available today, I can see only one outcome.
Memaknai Hari Guru Nasional dalam Refleksi Transformasi Pendidikan Berbasis Teknologi AI
Dok. Marheni Widya Retna, Plan International Indonesia Foundation/Temmy Subrata, Mansur
Read in English here.
Laju adopsi dan inovasi di era transformasi AI telah membawa perubahan dalam berbagai aspek kehidupan, termasuk pendidikan. Menurut LinkedIn Future of Work Report 2023, walaupun lebih dari separuh pekerjaan pendidik melibatkan people skills yang paling baik dilakukan langsung oleh manusia—seperti manajemen kelas dan pengajaran—AI dapat meningkatkan produktivitas dalam tugas-tugas seperti perencanaan pelajaran dan pengembangan kurikulum, yang nyatanya menjadi 45% dari tanggung jawab pendidik. Bantuan ini memberikan pendidik lebih banyak waktu untuk fokus melakukan hal-hal yang hanya dapat dilakukan manusia—seperti terhubung dengan murid—di dunia nyata dan dalam waktu nyata, guna membuat perbedaan positif dalam proses pembelajaran para murid.
“AI memiliki potensi besar dalam dunia pendidikan. Misalnya, untuk mempersonalisasi materi dan proses pembelajaran, membantu guru merancang rencana pelajaran, menyederhanakan proses administratif, serta menyediakan wawasan berbasis data tentang kinerja murid dan tren pendaftaran. Guna mewujudkan potensi tersebut, kita perlu mengatasi tantangan seperti akurasi, efikasi, dan ketergantungan yang berlebihan; serta memberikan dukungan yang cukup kepada para pendidik. Di Microsoft, kami berfokus untuk menempatkan para pendidik sebagai pakar yang memegang kendali, dan mengintegrasikan pengalaman AI ke dalam alur kerja mereka untuk benar-benar meringankan beban kerja,” ujar Arief Suseno, Education Lead Microsoft Indonesia.
Di Indonesia, Bapak Ibu guru dari berbagai daerah telah secara aktif mempelajari teknologi AI. Menembus zona nyaman masing-masing, para guru gigih belajar dan berinovasi dengan AI agar dapat menciptakan pembelajaran yang semakin menyenangkan bagi para murid, sembari mempersiapkan generasi penerus bangsa dalam memasuki dunia kerja yang kini memerlukan keterampilan AI. Menyambut Hari Guru Nasional 2024, berikut adalah tiga kisah inspiratif dari guru-guru Indonesia dalam memanfaatkan AI di ruang kelas, yang patut diapresiasi.
Berawal dari Peserta Pelatihan hingga Menjadi Juara – Kisah Inovasi Tim AI MISS YOU asal Probolinggo
Dok. Yayasan Plan International Indonesia/Temmy Subrata. (dari kiri ke kanan) Suci, Fafan, dan Sigit sedang mempresentasikan inovasi AI MISS YOU di ajang regional hackathon AI TEACH.
Tiga guru visioner bernama Fafan Adisumboro, Suci Romadani, dan Sigit Hadi W., asal Probolinggo, Jawa Timur, mengambil langkah inovatif dalam mengajarkan keterampilan berpikir kritis kepada murid melalui penerapan AI. Melalui konsep “AI MISS YOU” (Artificial Intelligence untuk Meningkatkan Bernalar Kritis Siswa Yang Original dan Unik), para guru ini mengajarkan murid bukan hanya untuk menerima informasi, tetapi juga untuk menciptakan, berinovasi, dan memecahkan masalah.
Dari konsep tersebut, para murid diperkenalkan dengan metode pembelajaran “TEBALKAN” (Temukan, Bayangkan, Lakukan, dan Bagikan), di mana murid diajak menggunakan teknologi AI seperti Microsoft Copilot dan Designer, untuk mengeksplorasi topik pembelajaran tertentu, membayangkan ide secara kreatif, mengimplementasikan ide secara praktis, dan membagikan hasil karya mereka.
“Kami terinspirasi dari pemikiran filosofis Ki Hadjar Dewantara yang menekankan bahwa setiap anak bukanlah ‘kertas kosong’ yang hanya menerima informasi, melainkan insan kreatif yang perlu diberdayakan. Dalam semangat ini, metode TEBALKAN mendorong siswa untuk aktif dan kritis,” ujar Sigit.
Selama beberapa bulan terakhir, guru-guru visioner ini mempraktikkan langsung metode TEBALKAN pada Proyek Penguatan Profil Pelajar Pancasila (P5), suatu pembelajaran multidisipliner untuk membangun karakter murid yang inovatif dan adaptif terhadap lingkungan sekitar mereka. Dalam proyek tersebut, para guru mengajak murid untuk mengolah daun mangga menjadi teh herbal, dan meminta murid menemukan resep serta cara terbaik pengolahannya dengan menggunakan AI.
“Kami memilih daun mangga karena mangga merupakan tanaman pangan khas daerah kami di Probolinggo. Menggunakan teknologi AI, para murid melakukan komparasi dari setiap percobaan agar mendapatkan cara bagaimana menghasilkan teh berbahan dasar daun mangga dengan cita rasa terbaik. Di sini, guru berperan dalam melakukan bimbingan serta memperkuat pemahaman mereka dalam berinovasi,” kata Suci.
Proyek tersebut tidak hanya menumbuhkan keterampilan teknis dan kritis para murid, tetapi juga membuka peluang ekonomi baru yang memiliki potensi pasar. Fafan, Suci, dan Sigit awalnya merupakan peserta program pelatihan AI TEACH, sebuah inisiatif yang dilakukan oleh Plan Indonesia dan didukung oleh Microsoft. Tekad dan kreativitas pada akhirnya membawa mereka menjadi salah satu tim pemenang ajang hackathon AI TEACH tingkat Asia Tenggara. Ketiganya tidak hanya berperan sebagai fasilitator teknologi, melainkan juga sebagai pendamping yang memberikan arahan dan dukungan moral bagi murid. Mereka memastikan bahwa AI memperkuat peran mereka sebagai pendidik, bukan menggantikan.
Mudah Memahami Matematika dengan Bantuan AI – Sebuah Transformasi Pembelajaran oleh Mansur dari Sulawesi Selatan
Menerapkan pendekatan inovatif dengan teknologi AI untuk membuat pelajaran matematika lebih menyenangkan adalah motivasi tersendiri bagi Mansur, seorang guru matematika di SMP Negeri 2 Pangsid, Sidenreng Rappang, Sulawesi Selatan. Dengan pendekatan inovatif, Mansur mengajak para murid menggunakan Copilot untuk memahami elaborasi rumus jawaban dari soal-soal yang ia bagikan. Menurut Mansur, yang terpenting bukan hanya jawaban akhir murid, melainkan apakah murid bisa menjelaskan bagaimana mereka mendapatkan jawaban tersebut. Di sini lah AI berperan: mendampingi murid melatih penalaran dan pemahaman mereka akan tahapan pemecahan soal matematika, tanpa perlu merasa rendah diri jika perlu bertanya berulang kali, atau memiliki kecepatan pemahaman berbeda.
“Kami mengajak siswa-siswi untuk menggunakan AI sebagai sarana menyelesaikan soal matematika dengan cara yang menyenangkan dan menenangkan. Tentunya, kami juga meminta mereka menjelaskan alur rumus matematika yang mereka peroleh dari AI, untuk membentuk pemahaman dan penalaran yang bisa dipertanggungjawabkan,” ujar Mansur.
Dengan pendekatan ini, Mansur menginspirasi murid untuk melihat matematika bukan hanya sebagai kumpulan rumus, tetapi sebagai kesempatan untuk mengasah kemampuan berpikir analitis dan logis. Ia juga mengajak para guru untuk terbuka dalam pemanfaatan teknologi AI, dengan memberikan kesempatan bagi murid untuk mengeksplor cara baru dalam berteman dengan matematika.
Dok. Mansur
Sejak 2016, Mansur telah aktif berperan sebagai anggota Microsoft Innovative Educator Expert (MIEE), komunitas pendidik global yang menggunakan teknologi Microsoft secara inovatif untuk meningkatkan pengalaman belajar dan kolaborasi di kelas. Tidak hanya gebrakan di sekolah, Mansur juga mencatatkan pencapaian dalam mendirikan Komunitas Guru Inovatif Microsoft pada platform Merdeka Mengajar dan menjadi representasi guru dari Indonesia dalam Education Exchange di Singapura pada tahun 2018.
Mansur menambahkan “Sudah setahun lebih kami mendirikan Komunitas Guru Inovatif Microsoft di platform Merdeka Mengajar. Sejauh ini sudah ada 4.000 anggota dan setiap minggu aktif mengadakan webinar untuk membahas topik AI dalam pendidikan serta topik-topik berbeda lainnya yang berbeda agar bisa menambah wawasan dan keterampilan pendidik.”
Meningkatkan Minat Literasi dan Kemampuan Berbahasa Inggris dengan AI – Kisah Marheni Widya Retna dari Semarang
Di Semarang, Jawa Tengah, Marheni Widya Retna, guru kelas 6 di SD Negeri Sendangmulyo 04, menjadi salah satu guru SD yang berkesempatan untuk mengikuti pelatihan AI gelaran Microsoft Indonesia, Balai Pengembangan Teknologi dan Komunikasi (BPTIK) Jawa Tengah, dan Kementerian Pendidikan dan Kebudayaan RI di tahap pertama.
Sebagai guru kelas 6 SD, Marheni khususnya memanfaatkan fitur Reading Progress pada Microsoft Teams untuk meningkatkan minat literasi dan keterampilan membaca murid terhadap teks berbahasa Inggris. Reading Progress pada Microsoft Teams didukung teknologi AI untuk membantu guru menilai perkembangan kemampuan membaca murid secara lebih akurat. AI menganalisis hasil rekaman video atau audio pada saat murid membaca sebuah teks, lalu memberikan data tentang performa membaca murid, sehingga membantu meningkatkan keterampilan membaca secara efisien.
Dok. Marheni Widya Retna
Diketahui, fitur tersebut juga memiliki fungsi reading comprehension yang secara otomatis dapat membuat pertanyaan beserta kunci jawaban berdasarkan variasi teks yang dipilih. Hal ini memudahkan guru dalam menyusun materi pembelajaran yang disesuaikan dengan kebutuhan murid sesuai jenjang kelas. Marheni paham bahwa untuk meningkatkan minat baca murid sejak dini, guru perlu memberikan sebuah bacaan yang tidak hanya menarik, tetapi juga variatif dan sesuai dengan tingkat kemampuan murid.
“Dengan menggunakan Reading Progress, saya bisa memperoleh teks berbahasa Inggris yang lebih variatif untuk diperkenalkan kepada anak-anak, agar mereka mendapatkan suatu bacaan yang baru dan menarik, serta tidak membosankan. Itu berkat dari apa yang saya dapatkan selama pelatihan menggunakan Microsoft Teams,” jelas Marheni.
Melalui inisiatif ini, Marheni berharap agar murid lebih termotivasi dalam meningkatkan budaya literasi dan kemampuan berbahasa Inggris mereka. Hal ini akan membantu murid untuk menyiapkan diri ke jenjang pendidikan berikutnya, sekaligus membuka wawasan mereka terhadap literatur dalam Bahasa Inggris yang lebih luas.
“Selain membantu murid, fitur Reading Progress juga memberikan transparansi lebih bagi orang tua dalam menilai kemajuan akademis anak mereka. Orang tua senang melihat hasil pembelajaran yang saya bagikan melalui Microsoft Teams, dan banyak dari mereka mulai tertarik dengan teknologi ini,” pungkas Marheni.
Mengintegrasikan AI ke Dalam Dunia Pendidikan, Langkah Menuju Indonesia Emas 2045
Indonesia memerlukan transformasi pendidikan yang bertumpu pada teknologi sebagai penggerak perubahan dan peningkatan kualitas sumber daya manusia. Memasuki era baru AI, sudah saatnya mempersiapkan generasi yang berdaya saing dan cakap akan penggunaan AI. Terbaru, Microsoft telah menghadirkan situs AI Skills Navigator, sebuah platform pembelajaran bertenaga AI, yang dapat membantu setiap individu, termasuk guru, untuk menemukan tujuan, jenjang, dan gaya pembelajaran masing-masing. Platform ini diharapkan dapat membantu setiap individu untuk mencapai kesuksesan di era AI.
-SELESAI-
Commemorating National Teacher’s Day: A Reflection of AI-Powered Educational Transformation
Doc. Marheni Widya Retna, Plan International Indonesia Foundation/Temmy Subrata, Mansur
The rapid adoption and innovation of AI in today’s transformative era have significantly impacted various facets of life, including education. According to the LinkedIn Future of Work Report 2023, while more than half of an educator’s role involves human-centric skills like classroom management and teaching—best delivered through direct interaction—AI can play a pivotal role in enhancing productivity for tasks such as lesson planning and curriculum development, which account for 45% of teachers’ responsibilities. By assisting in these areas, AI frees up educators to focus on what only they can do—connecting with students in meaningful, real-time ways to make a lasting, positive impact on their learning journey.
“AI holds immense potential in education. From personalizing learning materials and processes to assisting with lesson planning, simplifying administrative tasks, and delivering data-driven insights on student performance and enrollment trends, AI can be a game-changer. To fully harness these benefits, we must address challenges such as accuracy, efficacy, and over-reliance on AI, while also providing adequate support for educators. At Microsoft, our goal is to empower teachers as the experts in control, integrating AI into their workflows to genuinely alleviate their workload,” said Arief Suseno, Education Lead Microsoft Indonesia.
In Indonesia, teachers from various regions have been embracing AI technology with enthusiasm and resilience. These educators are stepping outside their comfort zones, learning, and innovating with AI to create more engaging learning experiences while preparing students for a workforce that increasingly demands AI-related skills. In celebration of National Teacher’s Day 2024, here are three inspirational stories of Indonesian educators who have harnessed AI in the classroom, demonstrating innovation and dedication.
From Trainees to Champions – The Inspiring Journey of the AI MISS YOU Team from Probolinggo
Doc. Plan International Indonesia Foundation/Temmy Subrata. (from left to right) Suci, Fafan, and Sigit presenting their MISS YOU AI innovations at the AI TEACH regional hackathon.
Three visionary teachers—Fafan Adisumboro, Suci Romadani, and Sigit Hadi W.—from Probolinggo, East Java, have taken innovative steps to teach critical thinking skills to their students through the application of AI. Their project, “AI MISS YOU” (Artificial Intelligence to Improve Original and Unique Student Critical Reasoning), encourages students not only to consume information but also to create, innovate, and solve problems.
This initiative is built upon the TEBALKAN method—Temukan (Discover), Bayangkan (Imagine), Lakukan (Do), and Bagikan (Share)—which invites students to use AI tools like Microsoft Copilot and Designer to explore specific learning topics, imagine creative ideas, implement those ideas practically, and share their outcomes.
“We drew inspiration from Ki Hadjar Dewantara’s philosophy, which emphasizes that children are not ‘blank slates’ merely absorbing information but are creative individuals who need empowerment. Through this philosophy, the TEBALKAN method encourages students to be active and critical participants,” Sigit explained.
Over the past few months, the team has implemented the TEBALKAN method as part of the Pancasila Student Profile Strengthening Project (P5), a multidisciplinary initiative aimed at developing students’ innovative and adaptive character. For example, students were challenged to process mango leaves, a local agricultural product in Probolinggo, into herbal tea. Using AI, students explored recipes and techniques to produce the best-tasting mango leaf tea.
“We chose mango leaves because they are a staple crop in Probolinggo. By utilizing AI, students could compare the results of different experiments to determine the optimal way to create high-quality mango leaf tea with the best taste. Our role as teachers was to guide their innovation process and strengthen their understanding,” said Suci.
This project not only honed students’ critical thinking and technical skills but also uncovered new economic opportunities with market potential. Fafan, Suci, and Sigit began as participants in the AI TEACH training program, conducted by Plan Indonesia and supported by Microsoft. Their determination and creativity eventually led them to win the Southeast Asia AI TEACH hackathon. Beyond facilitating technology, they act as mentors, providing direction and moral support to ensure that AI enhances their role as educators without replacing it.
Making Mathematics Fun and Easy to Understand with AI: Mansur’s Story from South Sulawesi
For Mansur, a mathematics teacher at SMP Negeri 2 Pangsid in Sidenreng Rappang, South Sulawesi, AI offers a way to make math lessons more accessible and enjoyable for his students. By integrating Microsoft Copilot into his teaching, Mansur provides students with step-by-step assistance to solve math problems, focusing not just on the final answer but on the reasoning and processes involved. According to Mansur, the most important thing is not only the student’s final answer, but whether the student can explain how they got the answer. This is where AI comes into play: it helps students practice their reasoning and understanding of the stages of solving math problems without feeling inferior if they need to ask questions repeatedly or have different comprehension speeds.
“We invite students to use AI as a means of solving math problems in a fun way. Of course, we also ask them to explain the flow of mathematical formulas they get from AI, to form understanding and reasoning that can be accounted for,” said Mansur.
Mansur’s innovative approach motivates students to see math as an opportunity to develop logical and analytical thinking skills rather than merely memorizing formulas. He encourages fellow teachers to embrace AI technology, offering students new ways to engage with mathematics.
Doc. Mansur
Since 2016, Mansur has been an active member of Microsoft Innovative Educator Experts (MIEE), a global community of educators who use Microsoft technologies innovatively to enhance learning experiences and collaboration in the classroom. Mansur also recorded achievements in establishing the Microsoft Innovative Teacher Community on the Merdeka Teaching platform and became a representative of teachers from Indonesia at the Education Exchange in Singapore in 2018.
Mansur added, “It has been over a year since we established the Microsoft Innovative Teacher Community on the Merdeka Teaching platform. So far, there are 4,000 members, and every week, actively holds webinars to discuss the topic of AI in education and other different topics in order to add insight and skills to educators.”
Boosting Literacy and English Skills with AI: Marheni Widya Retna’s Initiative in Semarang
In Semarang, Central Java, Marheni Widya Retna, a 6th grade teacher at SD Negeri Sendangmulyo 04, became one of the few elementary school teachers who had the opportunity to take part in AI training held by Microsoft Indonesia, the Central Java Technology and Communication Development Center (BPTIK), and the Indonesian Ministry of Education and Culture in the first phase.
As a 6th-grade elementary school teacher, Marheni uses the Reading Progress feature on Microsoft Teams to increase students’ interest in literacy and reading skills in English texts. Reading Progress in Microsoft Teams is supported by AI technology to help teachers assess the progress of students’ reading skills more accurately. AI analyzes the results of video or audio recordings when students read a text and then provides data about students’ reading performance, helping to improve reading skills efficiently.
Doc. Marheni Widya Retna
It is known that the feature also has a reading comprehension function that can automatically create questions along with answer keys based on the variety of selected text. This makes it easier for teachers to compile learning materials that are tailored to the needs of students according to the grade level. Marheni understands that to increase students’ interest in reading from an early age, teachers need to provide a reading that is not only interesting but also varied and in accordance with the student’s ability level.
“By using Reading Progress, I can get more varied English texts to introduce to children, so that they get a new and interesting reading, and not boring. That’s thanks to what I got during the Microsoft Teams training,” explained Marheni.
Through this initiative, Marheni hopes that students will be more motivated to improve their literacy, culture, and English language skills. This will help students prepare for the next level of education and open their horizons to a wider range of English literature.
“In addition to helping students, the Reading Progress feature also provides more transparency for parents in assessing their child’s academic progress. Parents are happy to see the learning results I share through Microsoft Teams, and many of them are starting to be interested in this technology,” concluded Marheni.
Integrating AI into the World of Education, a Step Towards a Golden Indonesia 2045
Indonesia needs an educational transformation that relies on technology as a driver of change to improve the quality of human resources. As we enter a new era of AI, it is time to prepare a generation that is competitive and capable of using AI. Microsoft has presented the AI Skills Navigator website, an AI-powered learning platform that can help every individual, including teachers, find their own goals, levels, and learning styles. This platform is expected to help every individual thrive in the AI era.
-END-
Microsoft’s Simple Message at Ignite: It’s All About AI
Copilot Branding Applied Liberally Across All Product Announcements at Ignite 2024
I decided to stay away from the Ignite 2024 conference in Chicago this week. The monetary investment to fly to Chicago, stay in a hotel, meals, lost time, and the conference fee outweighed the potential return. I would have liked to meet up with people, but the cost to attend what’s essentially a marketing event was way too high.
What’s clear from the announcements made at Ignite is that Microsoft is heavily focused at recouping the massive investments they’ve made to build out the datacenter infrastructure to deliver artificial intelligence functionality. That’s understandable in light of quarterly investments of around $20 billion in hardware, software, and datacenter fabric. Another factor is the need to extract more revenue from the Microsoft 365 installed base to offset a slowing in the growth of overall user numbers.
A Slew of AI Announcements at Ignite 2024
The net result is a slew of announcements for AI-infused functionality helpfully captured in the Ignite 2024 “Book of News.” The online document mentions Copilot 259 times and AI 278 times, which is a clear statement of where Microsoft’s PR priorities lie.
The announcements range from general availability for features that are already shipping (like Agents in SharePoint Online) to some very interesting developments for Teams, like the ability for Copilot in Teams to analyze information shared on-screen during meetings. Another thing that seized my attention was how Copilot can schedule focus time or 1:1 meetings similar to the way that the now-defunct Cortana Scheduler attempted to help users select optimum meeting slots. The ability to have live translation for multilingual meetings (rather than just from a single language into other languages) should also be popular in multinational organizations.
A welcome development is the introduction of detection of prompt injection in Purview Communication Compliance. After researchers at Black Hat 2024 described some vulnerabilities in Microsoft 365 Copilot Chat, including prompt manipulation, Microsoft said that they had addressed the issue without giving details. Now, Communication Compliance will detect and report attempts to inject prompts to “elicit unauthorized behavior from the large language model (LLM).”
Restricting Access to Information
On the tenant administrative side, the work to help organizations restrict the ability of Microsoft 365 Copilot to process documents continues. For example, a new DLP rule condition based on the sensitivity label assigned to documents can prevent Copilot summarizing information from documents or using content from documents in its responses. On the downside, it’s unbelievable that Microsoft can justify calling one new rule condition “Microsoft Purview Data Loss Prevention for Microsoft 365 Copilot.”
At a broader scale, Restricted Content Discoverability (RCD) will stop Copilot accessing documents in sites on a deny list. RCD is a more sensible and scalable approach than the 100-curated site allow list implemented in Restricted SharePoint Search.
I was pleased to hear that Microsoft plans to make SharePoint Advanced Management (SAM) licenses available to tenants with Microsoft 365 Copilot. I called for this to happen in an October 3 post. It didn’t make sense to ask customers to pay the $3/user/month fee for SAM to control aspects of Microsoft 365 Copilot that they pay $30/user/month for. Apparently, the roll-out of SAM licenses to eligible tenants will happen in early 2025.
Also in SharePoint Online, a new sensitivity label option will extend SharePoint site permissions to downloaded documents. The new configuration handles situations like when a user loses access to a site, or a file is deleted from a site. In these situations, the sensitivity label will recognize that the situation for a document has changed and block access. To implement the protection, you’ll need both an E5 license (to set a default sensitivity label for the site) and a SAM license.
Conditional Access for Generative AI
Not to be outdone by announcements by other development groups, the Entra ID team released details of Protect AI with a Conditional Access Policy, which is all about limiting access to AI services like Microsoft 365 Copilot and Security Copilot through conditional access policies.
To make the block work, Microsoft asks tenants to create two service principals to represent the Enterprise Copilot Platform and Security Copilot apps. The service principals represent the instantiation of the apps used by Copilot within a tenant and allow conditional access policies to monitor connections to the apps (read this article to discover more about sign-in activity for service principals). Conditional access policies can apply restrictions to app connections like enforcing multifactor authentication (MFA) or a certain type of strength for multifactor authentication, like requiring the use of a FIDO2 key.
I created a conditional access policy to require MFA for Copilot. It works, but the user experience isn’t great. For instance, Figure 1 shows what the user sees when an account that doesn’t use MFA attempts to connect to Microsoft Copilot.
It seems like the user-facing experience doesn’t cope well with the error that results when the browser attempts to connect to the Enterprise Copilot Platform app. No doubt the chat client will get an update to resolve the problem.
Great Technology Revealed at Ignite 2024, But Someone’s Got to Pay
It’s great that Microsoft continues to push the boundaries of how AI can help Microsoft 365 tenants. However, we shouldn’t lose sight of the fact that Microsoft 365 Copilot is not ass widely used within the 400-million plus installed base of Office 365 paid seats. It’s definitely in Microsoft’s interest to convince more of that installed base to buy Copilot, but it would be nice if every new feature that arrives didn’t come with the requirement for a new license, license upgrade, or add-on.
Support the work of the Office 365 for IT Pros team by subscribing to the Office 365 for IT Pros eBook. Your support pays for the time we need to track, analyze, and document the changing world of Microsoft 365 and Office 365.
Use the Microsoft Graph to Report Service Principal Sign-In Activity
Gain Insight from Service Principal Sign-in Activity
Before an app can be used in an Entra ID tenant, it must be registered and have a unique identifier. Apps can be owned by the tenant or created by third parties. In both cases, a service principal for the app is required to access tenant resources. The service principal is the security principal for the app and defines who can access the app and what resources the app can access. Managed identities also have service principals to allow them to access resources.
All Microsoft 365 tenants have many service principals created for apps, including many created for Microsoft first-party apps. To find out how many Microsoft apps are known within your tenant, you can run this code to find the service principals belonging to the tenant used by Microsoft to host its services.
[array]$ServicePrincipals = Get-MgServicePrincipal -All -PageSize 500 | Sort-Object AppId
$MicrosoftApps = $ServicePrincipals | Where-Object {$_.AppOwnerOrganizationId -eq 'f8cdef31-a31e-4b4a-93e4-5f571e91255a'}
$MicrosoftApps.count
563
This isn’t the full picture because Microsoft uses other tenants to host its apps, like 9188040d-6c67-4c5b-b112-36a304b66dad (Microsoft accounts). In any case, many apps owned by Microsoft show up in Microsoft 365 tenants. The more Microsoft services you consume, the more apps you’ll find.
The Entra Admin Preview Feature for Service Principal Sign-in Activity
A recent discussion on BlueSky (my account is @tonyredmond.bsky.social) alerted me to an Entra ID preview Usage & insights feature (Figure 1) to give administrators a view into service principal sign-in activity. This is important because if an attacker can compromise a privileged account in a tenant, they can create an app, give it permissions, and use the app to exfiltrate data. Keeping a wary eye on app activity is a good idea, as is reviewing the set of permissions held by apps (here’s a PowerShell script to report app permissions).
Whenever a feature turns up in the Entra admin center, there’s usually a Graph API (listServicePrincipalSignInActivities), and wherever there’s a Graph API, there might be a Microsoft Graph PowerShell SDK cmdlet (Get-MgBetaReportServicePrincipalSignInActivity), and with a cmdlet, we can retrieve and analyze data.
Writing a Script to Report Service Principals Sign-in Activity
The script I wrote (downloadable from GitHub) does the following:
- Runs Get-MgServicePrincipal to retrieve the set of service principals known in the tenant.
- Build a hash table of application identifiers and display names (sign-in records for service principals don’t include the app name).
- Runs Get-MgBetaReportServicePrincipalSignInActivity to find sign-in activity for service principals when the last sign-in date is more than a year old.
- Creates a report about the service principals and exports the data to a CSV file.
- Generates some statistics such as the tenants that own apps, total service principals, etc.
Here’s what I found in my tenant:
Some notes about service principals for the Office 365 for IT Pros tenant ------------------------------------------------------------------------- Service Principals by owning tenant Tenant Name Tenant ID Number of Apps ----------- --------- -------------- Microsoft Services f8cdef31-a31e-4b4a-93e4-5f571e91255a 563 Office 365 for IT Pros a662313f-14fc-43a2-9a7a-d2e27f4f3478 58 Microsoft 72f988bf-86f1-41af-91ab-2d7cd011db47 19 Microsoft Accounts 9188040d-6c67-4c5b-b112-36a304b66dad 2 PRDTRS01 cdc5aeea-15c5-4db6-b079-fcadd2505dc2 2 trustportal 7579c9b7-9fa5-4860-b7ac-742d42053c54 2 Adobe Inc f889b897-fa4a-4d20-b6dd-182555a5b308 1 Apple Inc. e0fad04c-a04c-41ab-b35e-dc523af755a1 1 Office 365 Customer Success Center d25014ba-ff6e-4f21-a7a7-698d6e524490 1 Microsoft Community & Event Tenant b4c9f32e-da17-4ded-9c95-ce9da38f25d9 1 Microsoft 0d2db716-b331-4d7b-aa37-7f1ac9d35dae 1 PnP 73da091f-a58d-405f-9015-9bd386425255 1 LinkedIn Production 658728e7-1632-412a-9815-fe53f53ec58b 1 AdobeExternal 55aa7ab7-a04b-4623-ba3b-04cda52e667f 1 Credly 54e44946-b280-4ccf-b102-2224d7008f17 1 Merill 10407d69-1ba5-4bec-8ebe-9af2f0b9e06a 1 eventpoint 0e45e1a3-686e-44ec-8f47-5daa29692074 1 mspmecloud 975f013f-7f24-47e8-a7d3-abc4752bf346 1 Adobe fa7b1b5a-7b34-4387-94ae-d2c178decee1 1 Total Service Principals 668 Service Principals with no sign-ins in the last year 90 Service Principals with sign-ins in the last year 578 Number of apps with no service principal 46
The tenant names include Apple (used to reset authentication methods for Apple devices during the Exchange basic authentication retirement project) and several for Adobe (one of which is likely to connect SharePoint Online to the Adobe Cloud). The LinkedIn tenant likely hosts the app to connect LinkedIn data with the Microsoft 365 profile card. The PnP tenant is for the app used by the PnP PowerShell module, and the Merill tenant is home of many tools authored by Merill Fernando. This entry might be used to document conditional access policies in PowerPoint.
A total of 46 sign-in activity records for service principals could not be associated with a current service principal. This might be due to a bug in the preview feature, but it could also be due to the removal of apps by developers.
A list of the identifiers for Microsoft apps is available online. From the list I found a number of apps that are no longer in the set of service principals, including Office Online Client Microsoft Entra ID- Augmentation Loop (2abdc806-e091-4495-9b10-b04d93c3f040), OfficeShredderWacClient (4d5c2d63-cf83-4365-853c-925fd1a64357), Office Online Client Microsoft Entra ID- Loki (b23dd4db-9142-4734-867f-3577f640ad0c), and Microsoft Authentication Broker (29d9ed98-a469-4536-ade2-f981bc1d605e).
New Tools, New Insights
The nice thing about new tools is that they open up new opportunities to use data to gain additional insights into what happens in a tenant. Now that I can monitor and analyze service principal sign-in activity with PowerShell, I’ll be doing it regularly.
Need more help to write PowerShell for Microsoft 365? Get a copy of the Automating Microsoft 365 with PowerShell eBook, available standalone or as part of the Office 365 for IT Pros eBook bundle.
Track Sensitivity Label Downgrades and Removals with Audit Log Data
Sensitivity Label Downgrades and Removals Could be Potentially Suspicious User Behavior
The publication of message center notification MC934733 on November 15, 2024 (Microsoft 365 roadmap item 466742) provoked some thought. The notification is about an update to Purview Insider Risk Management, a compliance solution to detect activities that might potentially expose the organization to risks like IP theft or data leakage. The solution is part of Microsoft’s E5 Compliance Suite and is also included in Office 365 E5/Microsoft 365 E5.
In this case, the update covers the detection of risk that might be indicated if people downgrade or remove sensitivity labels from files stored in SharePoint Online sites. This kind of behavior could indicate that a user is preparing to exfiltrate files from the organization, perhaps when they leave in the near future.
By removing sensitivity labels from files, they remove the block that Microsoft Information Protection would otherwise place on people who cannot prove their right to access the files. Normally, proof is secured by authentication, which is then compared against the set of rights defined for a file. Downgrading a label can have the same effect if the chosen label allows free access to files through a right like “any authenticated user.”
The ability to remove or change a sensitivity label for a file is governed by the rights assigned to a user in a label. If the user can edit the rights for a file, they can change or remove a sensitivity label. This right is included in the co-author role that is sometimes assigned to everyone in the organization or everyone in a group.
Use the Audit Log to Track Sensitivity Label Downgrades and Removals
This kind of check is very useful, but it might not be enough for an organization to invest in license add-ons or upgrades. If your tenant has Purview Audit Standard (check this PDF for product licensing information), then you can use PowerShell to analyze the events captured in the unified audit log to track and report sensitivity label downgrades and removals.
The idea is simple. Here’s what has to happen in a script.
- Connect to Exchange Online.
- Connect to the compliance endpoint.
- Run the Get-Label cmdlet to fetch details of the sensitivity labels used with files and store them in a hash table. In fact, two hash tables are used for fast lookup. One resolves label identifiers to return label display names. The other resolves label identifiers to return the label priorities. Each label has a priority number from 0 (least sensitive) up. By comparing the priority numbers when a label update occurs, you know if the update is a downgrade or an upgrade.
- Run the Search-UnifiedAuditLog cmdlet to look for FileSensitivityLabelRemoved and FileSensitivityLabelChanged events over whatever lookback period seems appropriate. See this article for more information about reporting sensitivity label events.
- Process each event to decide what happened and capture details in a PowerShell list.
- Do some analysis to figure out if an abnormal number of label downgrades or removals have happened and which accounts are involved.
- Report the details.
I put together a script to illustrate the principles involved in finding and analyzing the audit event information. You can download the script from GitHub. Figure 1 shows the results reported by the script when I ran it in my tenant. Clearly, the tenant administrators only have to worry about me…
Container Management Labels Are Changed Too
The sensitivity labels discussed so far are information protection labels that can apply rights management encryption to protect files. The other type are container management labels, which are used to apply settings to “containers” (teams, sites, and groups). Unhappily, just like someone can change a sensitivity label for a file, a container owner can change the assigned container management label. There’s no way for an organization to lock a label for a container.
However, you can monitor container label changes using the audit log using audit events and reapply the original label if a change is detected. The original article uses Exchange Online management PowerShell, and it’s also possible to monitor container management changes with the Graph APIs, albeit in a more complicated arrangement because of the need to store original label assignments for containers in a Graph-accessible location.
Detecting Sensitivity Label Downgrades Proves the Value of the Audit Log
Being able to track sensitivity label changes and removals for files is another example of how audit log information can prove useful for tenant administration. If you know what’s happening inside a tenant, there’s probably an audit log event captured for the action, and once you can find the audit log event, you can analyze it.
Learn about using the unified audit log and the rest of Microsoft 365 by subscribing to the Office 365 for IT Pros eBook. Use our experience to understand what’s important and how best to protect your tenant.
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming capture tools and duplicate the broadcast on their illegal server, thus conducting stream ripping. In this blog, we explain how our threat hunting operation helped us uncover this and how we analyzed this attack using Aqua Tracee and Traceeshark.
To keep up with the ever-evolving world of cybersecurity, Aqua Nautilus researchers deploy honeypots that mimic real-world development environments. During a recent threat-hunting operation, they uncovered a surprising new attack vector: threat actors using misconfigured servers to hijack environments for streaming sports events. By exploiting misconfigured JupyterLab and Jupyter Notebook applications, attackers drop live streaming capture tools and duplicate the broadcast on their illegal server, thus conducting stream ripping. In this blog, we explain how our threat hunting operation helped us uncover this and how we analyzed this attack using Aqua Tracee and Traceeshark. Read More
Ignite 2024: Alasan mengapa hampir 70% Fortune 500 sekarang menggunakan Microsoft 365 Copilot
Read in English here.
Dua hal bisa sama-sama benar pada waktu yang sama.
Dalam konteks AI, benar bahwa industri bergerak pesat dan berkembang sangat cepat. Benar bahwa terdapat ratusan ribu pelanggan menggunakan teknologi AI Microsoft saat ini, dan dengan menggunakan platform ini sejak dini, mereka sekarang melihat manfaat besar serta memastikan kapabilitas mereka untuk menerima manfaat dari adanya gelombang penyempurnaan AI selanjutnya.
Microsoft Ignite adalah acara tahunan kami yang menyoroti pembaruan serta kreasi yang memungkinkan para pelanggan, mitra, dan developer untuk menunjukkan potensi penuh teknologi Microsoft, serta mengubah cara kita bekerja.
Tahun ini, kami mengumumkan sekitar 80 produk dan fitur baru, termasuk kapabilitas baru pada Microsoft 365 Copilot, penambahan pada Copilot + AI stack, serta penawaran perangkat baru Copilot+. Di balik setiap inovasi tersebut, ada komitmen kami terhadap keamanan. Sejak meluncurkan Secure Future Initiative (SFI) setahun yang lalu, kami telah menjadikan keamanan sebagai pekerjaan Nomor 1 bagi setiap karyawan di Microsoft, mendedikasikan 34.000 engineer untuk fokus pada keamanan. Di Ignite, kami akan mengumumkan inovasi yang berakar pada prinsip SFI kami: secure by design, secure by default, dan secure operations.
Lebih dari 200.000 orang telah mendaftar untuk bergabung dengan kami di Ignite tahun ini, dengan lebih dari 14.000 peserta menghadiri acara kami secara langsung di Chicago. Peserta dapat memilih lebih dari 800 sesi, demo, dan lab yang dipandu oleh para ahli Microsoft dan mitra kami. Sebagian besar konten seputar Ignite akan tersedia secara on demand bagi mereka yang tidak dapat menghadiri acara secara langsung
Momentum Copilot
Microsoft 365 Copilot adalah asisten AI untuk membantu Anda bekerja. Kami telah melihat momentum yang terus berkembang seiring dengan semakin banyaknya organisasi yang beralih ke Copilot, dan bagaimana mereka menggunakannya dengan sukses. Secara keseluruhan, hampir 70% Fortune 500 kini menggunakan Microsoft 365 Copilot.
Hal tersebut mencerminkan suatu tren industri: di mana sebuah studi IDC terbaru menunjukkan bahwa penerapan AI generatif sedang meningkat, dengan tingkat adopsi di antara perusahaan yang disurvei pada tahun 2024 mencapai 75%. Selain itu, perusahaan memperoleh pengembalian sebesar $3,70 dari setiap $1 yang diinvestasikan. Berdasarkan studi tersebut, para pemimpin perusahaan mengatakan mereka mendapatkan pengembalian hingga sebesar $10.
Investasi yang Microsoft lakukan terhadap Copilot telah membuahkan hasil yang menguntungkan bagi pelanggan kami.
Kami baru-baru ini menyoroti lebih dari 200 kisah pelanggan tentang percepatan Transformasi AI dengan Copilot, yang membantu banyak pelanggan untuk menghadirkan inovasi dan mengubah organisasi mereka menjadi lebih baik. Beberapa contoh meliputi:
- Eaton, sebuah perusahaan di bidang manajemen daya, menggunakan Microsoft 365 Copilot untuk menyederhanakan dan mengotomatisasi operasional, meningkatkan akses data, memusatkan pengetahuan, serta memperkuat tim pekerja untuk fokus pada pekerjaan yang bernilai tinggi. Copilot membantu pengelolaan keuangan Eaton dalam mendokumentasikan lebih dari 9.000 prosedur operasi standar (SOP), menghasilkan penghematan waktu sebesar 83% untuk setiap SOP yang didokumentasikan.
- Firma konsultan McKinsey & Company menciptakan agen untuk mempercepat proses onboarding klien. Pilot agen tersebut menunjukkan bahwa masa pemrosesan (lead time) dapat berkurang hingga 90% dan pekerjaan administratif bisa berkurang hingga 30%. Agen ini mengotomisasi proses-proses yang kompleks, seperti mengidentifikasi kemampuan tenaga ahli yang tepat dan penempatan tim, serta bertindak sebagai wadah satu-satunya di mana karyawan dapat bertanya dan meminta penindakkan lebih lanjut. Dengan menyederhanakan tugas serta mengurangi input secara manual, agen ini dapat memungkinkan penghematan waktu bagi konsultan, membuat mereka bisa menghabiskan waktu lebih banyak bersama klien.
Meningkatkan Produktivitas dengan Microsoft 365 Copilot
Microsoft terus meningkatkan produktivitas melalui kapabilitas baru pada Microsoft 365 Copilot yang dirancang untuk membantu menyederhanakan pekerjaan sehari-hari.
Copilot Actions, kini dalam mode private preview, memungkinkan siapapun untuk mengotomatisasi pekerjaan sehari-hari dengan prompt sederhana, baik untuk mendapatkan rangkuman harian dari hasil rapat di Microsoft Teams, menyusun laporan mingguan, atau menerima email yang merangkup rapat, diskusi obrolan, dan pesan email yang terlewat selepas kembali dari liburan.
Siapa saja dapat dengan mudah mengatur Actions langsung di aplikasi Microsoft 365 mereka, memungkinkan pengguna untuk fokus pada pekerjaan yang lebih berdampak, menghemat waktu, dan meningkatkan produktivitas.
Agen baru di Microsoft 365 dirancang untuk membantu meningkatkan dampak individu dan mengubah proses bisnis. Di Ignite, kami akan memperkenalkan:
- Agents in Sharepoint: Asisten AI dengan kapabilitas natural language ini mendasarkan kecerdasan mereka pada situs, file, dan folder Sharepoint terkait untuk memudahkan menemukan jawaban dari konten tersebut, serta membuat keputusan yang lebih cepat. Kini tersedia untuk umum, setiap situs Sharepoint akan menyertakan agen yang disesuaikan dengan kontennya. Pengguna juga dapat membuat agen khusus untuk memilih file, folder, atau situs Sharepoint hanya dengan sekali klik.
- Interpreter: Agen di dalam Teams ini membantu pengguna mengatasi hambatan bahasa dengan memungkinkan interpretasi transkrip dalam rapat secara real-time. Tersedia dalam mode public preview pada awal 2025, peserta rapat juga akan memiliki opsi untuk membuat agen dengan menirukan suara masing-masing peserta.
- Employee Self-Service Agent: Agen yang tersedia dalam mode private preview di Business Chat ini dapat mempercepat pemberian jawaban atas pertanyaan terkait kebijakan paling umum, serta menyederhanakan pekerjaan divisi HR dan IT yang penting – seperti membantu karyawan memahami benefit yang mereka dapatkan atau meminta unit laptop baru. Ini dapat disesuaikan di Copilot Studio untuk memenuhi kebutuhan organisasi yang lebih spesifik.
- Agent lainnya dalam mode preview public membuat catatan rapat secara langsung di Teams dan mengotomatisasi manajemen proyek dari awal hingga akhir di Planner.
Copilot + AI Stack
Copilot Stack memberdayakan penggunanya untuk membuat produk yang lebih ambisius dengan memanfaatkan teknologi canggih pada setiap lapisan stack. Untuk menciptakan pengalaman terpadu di mana pelanggan dapat merancang, menyesuaikan, dan mengelola aplikasi serta agen AI, kami memperkenalkan Azure AI Foundry, yang memberikan pelanggan akses ke semua layanan dan alat Azure AI yang sudah ada, ditambah kemampuan baru seperti:
- Azure AI Foundry SDK, yang kini tersedia dalam mode preview, menyediakan toolchain terpadu untuk merancang, menyesuaikan, dan mengelola aplikasi serta agen AI melalui kontrol dan penyesuaian di perusahaan. Dengan tools yang membantu organisasi meningkatkan skala aplikasi mereka secara bertanggung jawab, Foundry juga menyediakan 25 template aplikasi siap pakai dan pengalaman coding sederhana yang dapat diakses dari tools yang sudah dikenal seperti GitHub, Visual Studio, dan Copilot Studio.
- Azure AI Foundry Portal (sebelumnya Azure AI Studio), yang kini tersedia dalam mode preview, merupakan visual user interface yang komprehensif untuk membantu developer menemukan model, layanan dan tools AI. Dengan experience pusat manajemen baru yang menghadirkan informasi langganan penting dalam satu dashboard, portal ini juga membantu admin IT, tim operasional, dan tim Compliance untuk mengelola aplikasi AI dalam skala besar.
- Azure AI Agent Service, segera hadir dalam mode preview, akan memungkinkan developer profesional untuk mengatur, menerapkan, dan memperluas agen enterprise siap pakai untuk mengotomatisasi proses bisnis.
Kami juga terus mendukung komitmen Trustworthy AI kami dengan tools terbaru. Hari ini, kami mengumumkan laporan AI dan evaluasi risiko serta keselamatan untuk gambar, guna membantu organisasi memastikan aplikasi AI aman dan patuh. Laporan AI akan membantu organisasi meningkatkan kemampuan observasi, kolaborasi dan tata kelola bagi aplikasi AI dan model yang telah disesuaikan, sementara evaluasi untuk konten gambar akan membantu pelanggan menilai frekuensi dan keberatan konten berbahaya pada output yang telah dihasilkan oleh aplikasi AI mereka.
Perangkat Copilot+
Saat organisasi memindahkan lebih banyak beban kerja ke cloud untuk meningkatkan keamanan dan fleksibilitas, Microsoft memperluas solusi Cloud PC-nya dengan memperkenalkan kelas perangkat baru yang dirancang khusus untuk terhubung dengan aman ke Windows 365 dalam hitungan detik.
Windows 365 Link adalah perangkat yang sederhana, aman, dan dibuat khusus untuk perangkat Microsoft 365. Perangkat ini sekarang dalam mode preview dan akan tersedia secara umum untuk pembelian mulai April 2025 di market tertentu dengan MSRP $349, memungkinkan pengguna untuk bekerja dengan aman di desktop Windows yang sudah dikenal di Microsoft Cloud, dengan pengalaman yang responsif dan berkualitas tinggi.
Windows 365 Link aman secara desain. Perangkat ini tidak memiliki data lokal, tidak memiliki aplikasi lokal, dan admin-less users, sehingga data perusahaan tetap terlindungi di dalam Microsoft Cloud.
Kemampuan baru lainnya pada Copilot+ PCs untuk pelanggan komersial mencakup pemanfaatan kekuatan unit pemrosesan asli (NPU) bawaan, guna menghadirkan AI secara lokal. Dengan Improved Windows Search, dan Recall (mode pratinjau) yang baru, menemukan apa yang dibutuhkan di PC Anda lebih mudah dari sebelumnya, hanya dengan mendeskripsikan apa yang Anda cari. Fitur-fitur ini dirilis pertama kali untuk komunitas Windows Insider kami di Copilot+ PCs, sebelum diluncurkan lebih luas kepada pelanggan kami.
Momentum BlackRock
Empat tahun lalu, BlackRock, salah satu perusahaan manajemen aset terkemuka di dunia, membentuk aliansi strategis dengan Microsoft untuk memindahkan platform Aladdin-nya ke Microsoft Azure. Dengan fondasi di Azure, BlackRock meluncurkan tools AI generatif untuk klien global dengan Aladdin Copilot. Melalui AI generatif, Aladdin Copilot berfungsi untuk memperkuat konektivitas di seluruh platform, memanfaatkan teknologi Microsoft untuk membantu pengguna secara instan, guna membuka efisiensi baru dan menemukan wawasan bisnis penting dengan lebih cepat. Aladdin Copilot membuat platform Aladdin BlackRock menjadi lebih pintar dan responsif. Hal ini menghasilkan produktivitas yang lebih baik, memungkinkan peningkatan skala yang lebih besar, dan membuat penggunanya tetap terinformasi.
Langkah BlackRock ke Azure dan peluncuran Aladdin Copilot hanyalah dua dari sekian banyak pencapaian yang sedang berlangsung dalam kemitraan jangka panjang, yang juga mencakup kesepakatan untuk 24.000 akun Microsoft 365 Copilot di seluruh perusahaan. Saat ini, ada sekitar 60% pengguna Copilot BlackRock yang memanfaatkan Copilot setiap minggunya. Ditambah lagi, BlackRock juga baru-baru ini memutuskan untuk memindahkan solusi CRM on-premise ke cloud menggunakan Dynamics 365, mengutip integrasi aslinya dengan Teams dan Outlook sebagai salah satu faktor pengambilan keputusan yang utama.
Kekuatan pada Keamanan
Kami tahu bahwa lanskap ancaman berkembang sangat cepat, sehingga sangat penting bagi kami untuk tetap berada di garda terdepan dalam menghadapi para pelaku kejahatan. Di Microsoft, kami percaya bahwa keamanan adalah pekerjaan bersama. Kami menjadi lebih kuat ketika bermitra sebagai komunitas keamanan utuk berbagi informasi, berkolaborasi, dan menghentikan para pelaku kejahatan.
Dalam semangat itu, dan juga sebagai bagian dari Secure Future Initiative (SFI), kami akan mengumumkan acara riset keamanan publik terbesar dalam Sejarah: Zero Day Quest, di acara Ignite. Acara ini, yang berfokus pada keamanan AI dan cloud, akan menawarkan hadiah terbesar di industri ini sebesar $4 juta, di samping hadiah tahunan kami yang sudah ada sebesar $16 juta. Kompetisi ini bertujuan untuk menarik para ahli keamanan terbaik di dunia untuk menangani skenario yang berdampak bagi keamanan pelanggan kami, dengan penghargaan multiplier, mulai hari ini.
Seiring perubahan lanskap ancaman, kami melihat adanya perkembangan metode penyerang siber dalam mengeksploitasi kelemahan dalam sistem – khususnya dengan menavigasi grafis hubungan antara identitas, file, dan perangkat untuk mengungkap jalur serangan. Penyerang yang berpikir dalam grafik menyebabkan kerusakan yang lebih luas dari titik pertama penyusupan. Produk keamanan tradisional, dengan penglihatan yang terbatas ke dalam hubungan grafik, seringkali lebih cocok melindungi perangkat atau media tertentu – seperti laptop atau kotak masuk – daripada cakupan penuh dari potensi permukaan serangan.
Peluncuran Microsoft Security Exposure Management hari ini merupakan langkah penting dalam mengubah keamanan siber dengan data mumpuni dan strategi berbasis AI. Dalam konteks terkait data dari tools keamanan pihak ketiga milik pelanggan lainnya, kekuatan penggabungan data grafik Microsoft menciptakan satu panel kaca yang kuat untuk memvisualisasikan jalur serangan sebelum pelaku melakukannya. Dengan kekuatan komputasi dan kinerja berskala cloud untuk menyaring pemetaan aset dan risiko yang akurat secara real-time, Exposure Management membantu tim keamanan dalam mencegah gangguan dan menyediakan data real-time kepada pimpinan divisi IT, operasional, serta manajemen risiko untuk mendukung pengambilan keputusan risiko siber.
Ini hanyalah sebagian kecil dari banyaknya fitur dan pembaruan menarik yang akan kami umumkan di Ignite. Untuk diingat, Anda dapat melihat sesi keynote dari para eksekutif Microsoft termasuk Satya Nadella, Rajesh Jha, Scott Guthrie, Charlie Bell, dan Vasu Jakkal, baik secara langsung maupun secara on-demand.
Selain itu, Anda dapat memperoleh informasi lebih dari semua pengumuman ini dengan menjelajahi Book of News, ringkasan resmi semua berita hari ini, dan blog produk di bawah ini.
###
Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot
Two things can be true at the same time.
In the case of AI, it is absolutely true that the industry is moving incredibly fast and evolving quickly. It’s also true that hundreds of thousands of customers are using Microsoft AI technology today and, by making early bets on the platform, are seeing big benefits now and future-proofing their ability to benefit from the next big wave of AI improvements.
Microsoft Ignite is our annual event that spotlights the updates and creations that enable customers, partners and developers to unleash the full potential of Microsoft’s technology and change the way we approach work.
This year, we are announcing about 80 new products and features, including new capabilities in Microsoft 365 Copilot, additions to the Copilot + AI stack and new Copilot+ devices offerings. Underpinning each of these innovations is our commitment to security. Since launching our Secure Future Initiative (SFI) one year ago, we have made security the No. 1 job of every employee at Microsoft, dedicated 34,000 engineers to this focus and, at Ignite, we will announce innovations that are rooted in our SFI principles: secure by design, secure by default and secure operations.
More than 200,000 people have registered to join us for this year’s Ignite, with more than 14,000 attendees at our in-person events in Chicago. Attendees can choose from more than 800 sessions, demos and expert-led labs from Microsoft and our partners. Most of the Ignite content will be available on demand for those who can’t attend the live event.
Copilot momentum
Microsoft 365 Copilot is your AI assistant for work, and we have seen the momentum grow as more organizations are moving to Copilot and deploying it to great success. All up, nearly 70% of the Fortune 500 now use Microsoft 365 Copilot.
That echoes an industry trend: A recent IDC study showed that generative AI is on the rise, with 75% adoption among companies surveyed in 2024. In addition, for every $1 invested, companies are realizing a return of $3.70, and leaders are saying they are realizing as much as a $10 return, according to the study.
The investments that Microsoft has made in Copilot are paying dividends for our customers.
We recently highlighted some of the more than 200 customer stories of accelerated AI Transformation, with Copilot helping many of them spark innovation and transform their organization for the better. Several examples include:
- Power management company Eaton used Microsoft 365 Copilot to streamline and automate operations, improve data access, centralize knowledge and empower teams to focus on higher-value tasks. Copilot helped Eaton’s Finance operations document over 9,000 standard operating procedures (SOPs), an 83% time savings for each SOP documented.
- Consulting firm McKinsey & Company is creating an agent to speed up the client onboarding process. The pilot showed lead time could be reduced by 90% and administrative work reduced by 30%. The agent automates complex processes, such as identifying the right expert capabilities and staffing teams and acts as a single place where colleagues can ask questions and request follow-ups. By streamlining tasks and reducing manual inputs, this agent could potentially save consultants many hours, allowing them to spend more time with clients.
Boosting productivity with Microsoft 365 Copilot
Microsoft is continuing to supercharge productivity with new capabilities in Microsoft 365 Copilot designed to help simplify the workday.
Copilot Actions, now in private preview, enable anyone to automate everyday tasks with simple, fill-in-the-blank prompts, whether it’s getting a daily summary of meeting actions in Microsoft Teams, compiling weekly reports or getting an email upon return from vacation that summarizes missed meetings, chats and emails.
Anyone can easily set up Actions right in their Microsoft 365 app, allowing users to focus on more impactful work, save time and boost productivity.
New agents in Microsoft 365 are designed to help scale individual impact and transform business process. At Ignite we will introduce:
- Agents in SharePoint: These natural language AI assistants are grounded on relevant SharePoint sites, files and folders to make it easy to find answers from that content, and to make quicker decisions as a result. Now generally available, every SharePoint site will include an agent tailored to its content. Users can also create customized agents scoped to select SharePoint files, folders or sites with as little as one click.
- Interpreter: This agent in Teams helps users overcome language barriers by enabling real-time, speech-to-speech interpretation in meetings. Available in public preview in early 2025, meeting participants will also have the option to have the agent simulate their personal voice.
- The Employee Self-Service Agent: An agent available in private preview in Business Chat expedites answers for the most common policy-related questions and simplifies action-taking on key HR and IT-related tasks — like helping employees understand their benefits or request a new laptop. It can be customized in Copilot Studio to meet an organization’s unique needs.
- Other agents in public preview take real-time meeting notes in Teams and automate project management from start to finish in Planner.
Copilot + AI Stack
The Copilot stack empowers users to build more ambitious products by leveraging advanced technology at each layer of the stack. To create a unified experience where customers can design, customize and manage AI applications and agents, we are introducing Azure AI Foundry, which gives customers access to all existing Azure AI services and tooling, plus new capabilities like:
- Azure AI Foundry SDK, now available in preview, provides a unified toolchain for designing, customizing and managing AI apps and agents with enterprise-grade control and customization. With tools that help organizations responsibly scale their applications, Foundry also provides 25 prebuilt app templates and a simplified coding experience they can access from familiar tools like GitHub, Visual Studio and Copilot Studio.
- Azure AI Foundry portal (formerly Azure AI Studio), now available in preview, is a comprehensive visual user interface to help developers discover AI models, services and tools. With a new management center experience that brings essential subscription information into a single dashboard, the portal also helps IT admins, operations and compliance teams manage AI applications at scale.
- Azure AI Agent Service, coming soon to preview, will enable professional developers to orchestrate, deploy and scale enterprise enterprise-ready agents to automate business processes.
We also continue to back up our Trustworthy AI commitments with new tools. Today we’re announcing AI reports and risk and safety evaluations for images to help organizations ensure AI applications are safe and compliant. AI reports will help organizations improve observability, collaboration and governance for AI apps and fine-tuned models, while evaluations for image content will help customers assess the frequency and severity of harmful content in their app’s AI-generated outputs.
Copilot+ devices
As organizations move more workloads to the cloud to enhance security and flexibility, Microsoft is expanding its Cloud PC solution by introducing the first in a new class of devices purpose-built to connect securely to Windows 365 in seconds.
Windows 365 Link is the simple, secure, purpose-built device for Windows 365. It is in preview now and will become generally available for purchase starting in April 2025 in select markets with an MSRP of $349, allowing users to work securely in a familiar Windows desktop in the Microsoft Cloud with responsive, high-fidelity experiences.
Windows 365 Link is secure by design. The device has no local data, no local apps and admin-less users so corporate data stays protected within the Microsoft Cloud.
Other new capabilities for Copilot+ PCs for commercial customers include harnessing the power of inbuilt native processing units (NPUs) to deliver local AI. With improved Windows Search, and the new Recall experience (preview), finding what you need on your PC is easier than ever by just describing what you are looking for. These features are releasing first to our Windows Insider community on Copilot+ PCs before rolling out more broadly to our customers.
BlackRock momentum
Four years ago, BlackRock, one of the world’s pre-eminent asset management firms, formed a strategic alliance with Microsoft to move its Aladdin platform to Microsoft Azure. With this foundation on Azure, BlackRock rolled out generative AI tools for global clients with Aladdin Copilot. Through generative AI, Aladdin Copilot serves to strengthen the connective tissue across the platform, leveraging Microsoft technology to help users receive answers instantly to unlock new efficiencies and discover important business insights even faster. Aladdin Copilot makes BlackRock’s Aladdin platform even more intelligent and responsive. That results in enhanced productivity, enables scale and keeps users more informed.
BlackRock’s move to Azure and launch of Aladdin Copilot are just two of the many ongoing milestones in a long-term partnership that also includes an enterprise-wide deal for 24,000 seats of Microsoft 365 Copilot. Today, about 60% of BlackRock’s Copilot user population is leveraging Copilot on a weekly basis. Additionally, BlackRock also recently made the choice to move its on-prem CRM solution to the cloud with Dynamics 365, citing its native integration with Teams and Outlook as one of its primary decision-making factors.
Strength in security
We know that the threat landscape is rapidly evolving, and it’s imperative that we stay ahead of bad actors. At Microsoft we believe that security is a team sport, and we are stronger when we partner as a security community to share information, collaborate and stop bad actors.
In that spirit, and as part of our Secure Future Initiative (SFI), at Ignite we are announcing the largest public security research event in history: the Zero Day Quest. This event, which focuses on AI and cloud security, will offer the largest award pool in the industry at $4 million, in addition to our existing $16 million annual bounty program. This competition aims to attract the world’s best security minds to tackle high-impact scenarios critical to our customers’ security, with award multipliers, starting today.
As the threat landscape has changed, we have seen rapid evolution in the way attackers exploit weaknesses within systems — particularly by navigating graph relationships between identities, files and devices to uncover attack paths. Attackers thinking in graphs cause wider damage from the first point of intrusion. Traditional security products, with limited visibility into these graph relationships, are often better suited to protect specific devices or mediums — like laptops or inboxes — rather than the full scope of potential attack surface.
Today’s Microsoft Security Exposure Management launch is a pivotal step in transforming cybersecurity with savvy data and AI-based strategies. The power of incorporating Microsoft graph data, in context with data from customers’ other third-party security tools, creates a powerful single pane of glass to visualize attack paths before threat actors do. With computing power and cloud-scale performance to distill powerful real-time mapping of assets and evolving risks, Exposure Management assists security teams in preventing intrusions and provides IT, operations and risk leaders with real-time data to support cyber risk decision-making.
This is only a small section of the many exciting features and updates we will be announcing at Ignite. As a reminder, you can view keynote sessions from Microsoft executives including Satya Nadella, Rajesh Jha, Scott Guthrie, Charlie Bell and Vasu Jakkal, live or on-demand.
Plus, you can get more on all these announcements by exploring the Book of News, the official compendium of all today’s news.
The post Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot appeared first on The Official Microsoft Blog.
Two things can be true at the same time. In the case of AI, it is absolutely true that the industry is moving incredibly fast and evolving quickly. It’s also true that hundreds of thousands of customers are using Microsoft AI technology today and, by making early bets on the platform, are seeing big benefits…
The post Ignite 2024: Why nearly 70% of the Fortune 500 now use Microsoft 365 Copilot appeared first on The Official Microsoft Blog.Read More
Microsoft Details Progress Towards a More Secure Exchange Online
Exchange Online Security Updates Focus on EWS, Public Folders, Mail Transport, and More
On November 18, as interest in the Microsoft community turned to the marketing fest at the Ignite conference in Chicago, Microsoft released an interesting technical community post covering security updates for Exchange Online. Given the fundamental role that email plays within Microsoft 365, this is a topic that every tenant needs to pay attention to.
Many of the items listed are restatements of previous news, like the February 2025 deprecation of the App Impersonation RBAC role (I covered this point as a footnote in yesterday’s article). Basically, this is a role that allows Exchange Web Services (EWS) apps to access mailboxes. Microsoft wants to remove the role because it can be a vector to potential mailbox compromise. The problem is that tenants might be unaware that the role is used by an app or script. Microsoft has a PowerShell script to locate accounts that hold the role. It’s worth running the script, just in case.
It’s worth noting that equivalent Graph permissions are available to access content in user mailboxes. Microsoft answer is that tenants should use RBAC for Applications to restrict app access to the set of mailboxes that need to be processed. I agree.
Microsoft restated the plan to remove EWS from Exchange Online in October 2026, noting that the change will break any app based on EWS. Originally, Microsoft originally planned to implement an exception to allow their own EWS-based apps to continue running, but now they say that they’ll phase out EWS well before October 2026.
Gaps in Graph Coverage for EWS Functionality
More interestingly, Microsoft points to known gaps where Microsoft Graph APIs are not capable of taking over from EWS today. They say that they are working to support access to archive mailboxes, but don’t have a delivery date. I imagine that the Exchange admin center will need this API to perform tasks like enabling archives, reporting archive mailbox size, and so on.
Microsoft also noted that they will soon release Graph support for Application settings for Exchange client applications to cover user configuration and folder associated information (FAI). User configurations and FAIs are stored in mailboxes and used to hold settings needed by applications. I imagine that this work involved an extension of the current Graph support for mail items.
The big news in the announcement is that Microsoft says that they cannot deliver Graph support for “several admin features that are available to developers via EWS,” such as setting folder permissions or managing delegates for user mailboxes. Once EWS is deprecated, developers who implement these features in their apps will have to find a different way, perhaps by calling PowerShell using Azure functions.
Exchange Online Management – After much investigation, we have concluded we are unable to provide Graph API access to several admin features that are available to developers via EWS. Once Microsoft removes EWS from Exchange Online, to perform tasks such as setting folder permissions or managing delegates for a user, you will need to call PowerShell in code or use alternative ways to deliver this functionality.
The Final Demise of Public Folders
In addition, Microsoft says that they will no longer provide APIs to programmatically manage public folders after the removal of EWS in October 2026. I assume Microsoft thinks it’s simply not worthwhile to recreate public APIs for public folders because of low usage. Public folders were hot technology when Exchange 4.0 appeared in 1996 and have been on a downhill slope ever since. Despite suitable efforts to eradicate public folders over many years, use persists in a small number of Exchange Online tenants. Microsoft will continue to provide access via “supported” Outlook clients and for bulk import/export.
I presume that the new Outlook for Windows will support public folders. An option is available to add one or more public folders to Outlook favorites but the button to actually add the folder is missing. Maybe Copilot for Outlook didn’t like it. No doubt the button will show up before Microsoft removes for support for Outlook classic sometime after 2029.
I’m not sure if tenants will take the news as a broad hint that they should get off public folders (they should). It’s just sad that the tools to analyze the data in public folders and move what needs to be kept to a more modern alternative are so weak.
Exchange Online Security Updates in Mail Transport
Rounding out the post, Microsoft covers a bunch of recent improvements around DNSSEC and DANE. The news is that Mandatory Outbound SMTP DANE is coming in May 2025 with per-tenant and per-domain settings. Microsoft didn’t cover other efforts to increase the security of the Exchange Online email service, like the introduction of the external recipient rate limit (due on January 1, 2025) or the continuing effort to force hybrid tenants to upgrade on-premises servers to a supported version before email can flow across a connector to Exchange Online.
Finally, Microsoft notes that they recently added OAuth support to the preview of the High Volume Email feature (HVE). This summer, I spent some time working with HVE and ECS, the Azure Email Communication service. Both can do a job for tenants that needs to send bulk email, with HVE a better option for internal-focused email and ECS more suitable for outbound communications. You can read more, including sample PowerShell to send email via HVE and ECS, on Practical365.com.
Insight like this doesn’t come easily. You’ve got to know the technology and understand how to look behind the scenes. Benefit from the knowledge and experience of the Office 365 for IT Pros team by subscribing to the best eBook covering Office 365 and the wider Microsoft 365 ecosystem.
Indonesian Teachers Won AI TEACH Regional Hackathon with Generative AI-Powered Learning Applications
Two teacher groups from Indonesia—the AI-ASIS (student assistant) team from Sorong, West Papua and AI MISS YOU team from Probolinggo, East Java have secured 1st place and 2nd runner up of AI TEACH Regional Hackathon, an event held by ASEAN Foundation. Both groups earned triumph for their generative AI projects, created after learning about AI through the AI TEACH programme held by Yayasan Plan International Indonesia (Plan Indonesia) in collaboration with Microsoft Indonesia.
Dini Widiastuti, Executive Director of Plan Indonesia, explained that the participation of the Indonesian groups in this event serves as a proof of the teachers’ and students’ proficiency in using generative AI.
“Plan Indonesia is proud of the achievements of the three AI TEACH groups in this regional event. We hope that the development of AI can help improve workforce absorption, so that vocational students and educators can enjoy the same benefits. This is crucial, considering that vocational graduates, especially alumni of Vocational High Schools, still contribute the highest share to the Open Unemployment Rate in Indonesia, at 9.01 percent (BPS, 2024). After the competition, it is expected that teachers and students can share their knowledge with even more people,” said Dini.
AI TEACH is a program to improve generative AI fluency for vocational educators and students in the ASEAN region. AI TEACH is implemented in Indonesia by Plan Indonesia, in Malaysia by the Biji-Biji Initiative, and is monitored regionally by the ASEAN Foundation. This initiative is fully supported by Microsoft, aimed at shaping the region’s tech future where AI proficiency is a cornerstone of success.
“Empowering individuals through AI skilling is at the heart of Microsoft’s mission, ensuring everyone has the tools and knowledge to thrive in a digital future. By equipping teachers with AI skills, we enable them to inspire and guide the next generation in navigating an increasingly complex technological landscape. We are both thrilled and grateful to see the teachers’ enthusiasm in learning and innovating with AI,” said Supahrat Juramongkol, Philanthropies Lead, Microsoft ASEAN.
Indonesian Educators Transforming Learning with AI
First-place winner, the AI-ASIS team, leveraged the usage of generative AI[1] in creating a learning application that will automatically answer student questions about specific school subjects based on the teachers’ curated learning materials. Markus Dwiyanto Tobi, teacher-chief of the team explained how the idea came from the will to help students learning more independently, while also enabling teachers to become facilitators, as required by the Merdeka curriculum.
“We have tested this application in three different schools, including those in the most remote part of Indonesia (3T), and saw how it helped the teachers and the students. We hope to extend the use of this application, so it may benefit more Indonesian students, including those with disabilities,” said Markus at the ASEAN Secretariat on Thursday (14/11).
Meanwhile, Suci Romadani, teacher-representative of the AI MISS YOU (Artificial Intelligence to Improve Students’ Original and Unique Critical Reasoning) team explained, her team explored the probability of teaching generative AI to high school students, while also still incorporating teachers’ guidance. The AI MISS YOU team and its students utilized several AI tools to research, experiment, and finally create a beverage called ‘The Dahaga’ from mango leaves—known as Probolinggo’s special delicacy. “We created the AI MISS YOU project so the students will not take suggestions by AI blindly, but to observe them critically. Our team believe that the future is not controlled by AI, but by those who master the AI,” Suci said.
The hackathon was carried out just in time, especially as Microsoft and LinkedIn’s Work Trend Index 2024 shows that as many as 92 percent of knowledge workers[2] in Indonesia already use generative AI at work, surpassing global (75 percent) and Asia Pacific (83%) averages. Meanwhile, Kearney predicts that AI can contribute to increasing Indonesia’s GDP by up to 12 percent or around 366 billion US dollars by 2030.
After the regional hackathon event, the AI TEACH program will enter its final round of implementation in Indonesia. Up to November 2024, this program has reached 2,500 teachers and students from across Indonesia.
—
[1] Prompt-based AI tool used to generate visual, text, or audio instantly based on machine repository.
[2]Those who typically work at a desk (whether in an office or at home). This group includes those who are in person or working remotely in some capacity.
__
Indonesian Team Profile – Participants in the AI TEACH Regional Hackathon
Group 1
“Implementation of AI ASIS (Student Assistant) to Improve Assessment and Learning in the Independent Curriculum in Vocational High Schools”
Main Teacher/Group Leader: Markus Dwiyanto Tobi Sogen
Region of Origin: Sorong, West Papua
Markus Dwiyanto and his team developed AI ASIS to automatically answer student questions. Its use is considered easy, because the application is integrated into existing devices, so teachers do not need to switch applications.
Although students are more involved as users and not developers, this project is considered ready to be implemented more widely. The total duration of application development is 6 months, with trials on 50 students.
Group 2
“AI MISS YOU (Artificial Intelligence to Improve Students’ Original and Unique Critical Reasoning)”
Main Teacher/Group Leader: Fafan Adisumboro
Region of Origin: Probolinggo, East Java
Fafan and his team created the AI MISS YOU project to teach students not to immediately accept information obtained through AI, but to process and think about its contents first. This process is considered important so that students remain critical and creative in gaining knowledge.
The AI MISS YOU team succeeded in creating an interesting project concept by actively involving students. Their presentation was also clear, easy to understand, and very relevant to current learning.
Group 3
“Team-Based Learning (TBL) Assisted by AI”
Main Teacher/Group Leader: M. Elfin Noor
Region of Origin: Jepara, Central Java
Starting from the concerns of students and teachers, Elfin Noor and a team consisting of teachers and students created TBL Assisted by AI to facilitate the teaching and learning process in schools. The team utilizes effective collaboration between teachers and students to complete the project, starting from the ideation stage to prototyping and testing.
Elfin Noor and his team’s project use the Team-Based Learning (TBL) method, which is a type of learning that involves both teachers and students to form a learning team to strengthen each student’s hard and soft skills. By combining the TBL method and the use of AI, this project aims to make it easier for teachers to teach, as well as help students find achievements, learning styles, and provide healthy competition to achieve learning targets. This grouping allows provision of materials and assignments that are suitable for each group’s level of abilities. In addition, the project provides flexibility and versatility that allows usage of AI-assisted TBL across various levels of education and subjects.
Guru Indonesia Memenangkan Hackathon Regional AI TEACH melalui Aplikasi Pembelajaran Berbasis AI Generatif
Read in English here.
Dua kelompok pendidik dari Indonesia—tim AI-ASIS (student assistant) dari Sorong, Papua Barat dan tim AI MISS YOU dari Probolinggo, Jawa Timur—berhasil meraih posisi juara 1 dan juara 3 dari ajang hackathon regional AI TEACH, acara yang diselenggarakan oleh ASEAN Foundation. Kedua kelompok ini meraih kemenangan melalui penciptaan proyek pembelajaran berbasis kecerdasan buatan (Artificial Intelligence atau AI) Generatif—sebuah kemampuan yang didapat melalui program AI TEACH yang diselenggarakan oleh Yayasan Plan International Indonesia (Plan Indonesia) dengan dukungan Microsoft Indonesia.
Dini Widiastuti, Direktur Eksekutif Plan Indonesia menjelaskan, keikutsertaan kelompok Indonesia dalam ajang regional ini merupakan bukti dari kefasihan para guru dan murid dalam menggunakan alat AI Generatif di bidang pendidikan vokasi.
“Plan Indonesia turut berbangga atas pencapaian ketiga kelompok AI TEACH di ajang regional ini. Kami berharap, perkembangan AI dapat membantu meningkatkan penyerapan tenaga kerja, sehingga pelajar dan pendidik vokasi dapat menikmati manfaat yang sama. Ini penting, mengingat lulusan vokasi, khususnya alumni Sekolah Menengah Kejuruan, masih menjadi penyumbang Tingkat Pengangguran Terbuka tertinggi di Indonesia, yaitu sebesar 9,01 persen (BPS, 2024). Setelah perlombaan, diharapkan para guru dan murid dapat berbagi pengetahuan kepada lebih banyak pihak lagi,” ujar Dini.
AI TEACH merupakan program peningkatan kemampuan penggunaan AI generatif agar pendidik dan murid vokasi di wilayah ASEAN dapat meningkatkan pengalaman mereka. AI TEACH di Indonesia dilaksanakan oleh Plan Indonesia, di Malaysia oleh Biji-Biji Initiative, dan dipantau secara regional oleh ASEAN Foundation. Inisiatif ini didukung penuh oleh Microsoft, sebagai bentuk dukungan pemerataan kemampuan AI di wilayah Asia Tenggara.
“Mendukung pemberdayaan individu melalui kemampuan AI adalah inti dari misi Microsoft. Terutama, agar semua orang memiliki alat dan pengetahuan yang diperlukan untuk meraih kesuksesan di masa depan. Dengan membekali para guru dengan kemampuan AI, kita mendukung mereka untuk menginspirasi dan membimbing generasi penerus dalam mengarungi lanskap teknologi yang kian kompleks ini. Kami sangat senang dan berbangga karena dapat melihat antusiasme para pengajar dalam mempelajari dan berinovasi dengan AI,” ujar Supahrat Juramongkol, Philanthropies Lead, Microsoft ASEAN.
Transformasi Pendidikan melalui AI oleh Para Guru Indonesia
Pemenang pertama hackathon regional AI TEACH, tim AI-ASIS, memanfaatkan penggunaan AI generatif[1] dalam membuat aplikasi pembelajaran yang secara otomatis akan menjawab pertanyaan murid berdasarkan materi pembelajaran yang telah dipilih oleh guru mereka. Markus Dwiyanto Tobi, guru sekaligus ketua tim AI-ASIS, menjelaskan bahwa ide ini berasal dari keinginan untuk membantu murid belajar lebih mandiri, sekaligus memungkinkan guru untuk menjadi fasilitator, seperti prinsip kurikulum Merdeka.
“Kami telah menguji aplikasi ini di tiga sekolah yang berbeda, termasuk yang berada di bagian paling terpencil di Indonesia (3T), dan melihat bagaimana aplikasi AI-ASIS membantu para guru dan murid. Kami berharap dapat memperluas penggunaan aplikasi, sehingga dapat bermanfaat bagi lebih banyak murid Indonesia, termasuk para murid dengan disabilitas,” kata Markus di Gedung Sekretariat ASEAN, Kamis (14/11).
Sementara itu, Suci Romadani, perwakilan dari tim AI MISS YOU (Artificial Intelligence to Improve Students’ Original and Unique Critical Reasoning) menjelaskan, timnya mengeksplorasi kemungkinakan mengajarkan AI generatif kepada murid SMA, sambil tetap memastikan adanya bimbingan guru. Tim AI MISS YOU dan para murid yang berpartisipasi menggunakan beberapa alat AI untuk meneliti, bereksperimen, dan akhirnya membuat minuman yang disebut ‘Teh Dahaga’ dari daun mangga—yang dikenal sebagai buah khas Probolinggo. “Kami membuat proyek AI MISS YOU agar murid tidak akan menerima saran AI mentah-mentah, tetapi agar mereka juga bias menilai informasi yang ada dengan kritis. Tim kami percaya bahwa masa depan tidak dikendalikan oleh AI, tetapi oleh mereka yang menguasai AI,” kata Suci.
Ajang hackathon regional ini dapat dikatakan dilakukan tepat waktu, terutama karena Microsoft dan LinkedIn Work Trend Index 2024 menunjukkan bahwa sebanyak 92 persen Pekerja Berpengetahuan[2] di Indonesia sudah menggunakan AI generatif di tempat kerja mereka. Angka ini melampaui rata-rata global (75 persen) dan Asia Pasifik (83 persen). Sementara itu, Kearney memprediksi AI dapat berkontribusi dalam meningkatkan PDB Indonesia hingga 12 persen atau sekitar 366 miliar dolar AS pada tahun 2030.
Setelah ajang hackathon regional, program AI TEACH memasuki fase implementasi terakhirnya di Indonesia. Hingga November 2024, program ini telah menjangkau 2.500 orang pendidik dan murid dari berbagai wilayah di Indonesia.
—-
Profil Tim Nasional –Partisipan Hackathon Regional AI TEACH
Kelompok 1
“Implementasi AI ASIS (Asisten Siswa) untuk Meningkatkan Asesmen dan Pembelajaran dalam Kurikulum Merdeka di SMK”
Guru Utama/Ketua Kelompok: Markus Dwiyanto Tobi Sogen
Asal Daerah: Sorong, Papua Barat
Markus Dwiyanto dan tim mengembangkan AI ASIS untuk menjawab pertanyaan murid secara otomatis. Penggunaannya tergolong mudah, karena aplikasi ini diintegrasikan ke dalam perangkat yang sudah ada, sehingga guru tidak perlu berganti-ganti aplikasi.
Meskipun murid terlibat lebih sebagai pengguna dan bukan pengembang, proyek ini dinilai sudah siap diterapkan lebih luas. Total durasi pengembangan aplikasi adalah selama 6 bulan, dengan ujicoba kepada 50 murid.
Kelompok 2
“AI MISS YOU (Artificial Intelligence untuk Meningkatkan Bernalar Kritis Siswa Yang Original dan Unik)”
Guru Utama/Ketua Kelompok: Fafan Adisumboro
Asal Daerah: Probolinggo, Jawa Timur
Fafan dan tim membuat proyek AI MISS YOU untuk mengajarkan murid agar tidak langsung menerima informasi yang diperoleh lewat AI, melainkan mengolah dan memikirkan isinya terlebih dulu. Proses ini dinilai penting agar murid tetap kritis dan kreatif dalam memperoleh ilmu.
Tim AI MISS YOU berhasil menciptakan konsep proyek yang menarik dengan melibatkan murid secara aktif. Presentasi mereka juga jelas, mudah dipahami, serta sangat relevan bagi pembelajaran saat ini.
Kelompok 3
“Team-Based Learning (TBL) Berbantuan AI”
Guru Utama/Ketua Kelompok: M. Elfin Noor
Asal Daerah: Jepara, Jawa Tengah
Berangkat dari keresahan murid dan guru, Elfin Noor dan tim yang terdiri dari guru dan murid membuat TBL Berbantuan AI untuk mempermudah proses belajar-mengajar di sekolah. Hal ini dilakukan dengan kolaborasi yang efektif antara guru dengan murid, mulai dari tahap ideasi hingga prototyping dan testing.
Proyek Elfin Noor dan tim ini menggunakan metode Team-Based Learning (TBL), yaitu jenis pembelajaran yang melibatkan sekelompok murid untuk membentuk tim belajar guna memperkuat hard skill dan soft skill setiap murid. Dengan menggabungkan metode TBL dan pemanfaatan AI, proyek ini bertujuan memudahkan guru dalam mengajar, serta membantu murid menemukan prestasi, gaya belajar, dan memberikan persaingan yang sehat untuk mencapai target belajar. Pengelompokan ini memungkinkan pemberian materi dan tugas yang sesuai dengan tingkat kemampuan masing-masing kelompok. Selain itu, fleksibilitas dan keserbagunaannya memungkinkan penggunaan TBL berbantuan AI di berbagai tingkat pendidikan dan mata pelajaran.
[1] Teknologi AI yang menggunakan teknik prompting untuk membuat visual, teks, hingga audio secara instan berdasarkan repositori mesin yang ada.
[2] Pekerja yang biasanya bekerja di balik meja, baik di kantor maupun di rumah.
8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society
As fans of books, especially in their physical format, it is our great pleasure to launch 8080 Books, an imprint of Microsoft. Our first title, No Prize for Pessimism, is authored by Sam Schillace, deputy chief technology officer at Microsoft, and is available today. Our second title, Platform Mindset, by Marcus Fontoura, will be available later this year.
Computing has become an essential ingredient to almost every endeavor on our planet, and, as students of both Microsoft and technology, our goal with 8080 Books is to publish original research, ideas and insights at the intersection of science, technology and business, and, in doing so, to help advance discourse on this important landscape.
The name of our imprint takes its inspiration from the 8080 microprocessor — a foundation for the company’s earliest software breakthroughs. Not coincidentally, 8080 is also the last four digits of Microsoft’s corporate headquarters phone number.
With a combined tenure of, well, let’s just say a long time, we’re both acutely aware of the rich well of talent at Microsoft from which we can draw upon and publish under the 8080 Books imprint over time. However, our intention is that we will seek to use this not just as a platform for Microsoft authors but also to showcase minds and ideas from outside of the company.
While we are not currently accepting unsolicited manuscripts, our website does provide more details about our plans, such as evaluating out of print titles that we feel remain relevant to today’s leaders, and why we feel the time is right to launch this imprint.
We hope you enjoy our launch title, which is available here, and we look forward to hearing your feedback, questions and ideas as we embark on this new adventure.
For anyone in the Puget Sound area, we invite you to Schillace’s first reading and signing at Brick & Mortar Books, on Wednesday, Dec. 11 in Redmond, Washington. Check here for details. Space is limited.
The post 8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society appeared first on The Official Microsoft Blog.
As fans of books, especially in their physical format, it is our great pleasure to launch 8080 Books, an imprint of Microsoft. Our first title, No Prize for Pessimism, is authored by Sam Schillace, deputy chief technology officer at Microsoft, and is available today. Our second title, Platform Mindset, by Marcus Fontoura, will be available…
The post 8080 Books, an imprint of Microsoft, launches, offering thought leadership titles spanning technology, business and society appeared first on The Official Microsoft Blog.Read More
Mandatory MFA Requirement for Microsoft 365 Admin Center
Mandatory MFA for Microsoft 365 Admin Center Connections from February 3, 2025
After their communications triumph around the announcement of the imposition of an MFA requirement to sign into Azure administrative endpoints like the Entra admin center earlier this year, Microsoft is moving to its next target. According to a Microsoft Technical Community post of November 11, 2024, they will roll out the requirement for connections to the Microsoft 365 admin center to pass a mandatory multifactor challenge beginning on February 3, 2025.
Rolling out a change like this to hundreds of thousands of Microsoft 365 tenants can’t be done overnight. Microsoft says that tenant administrators will receive notification 30 days before the restriction commences.
The last time round, people panicked when they assumed that all connections to Azure, including those from non-privileged user accounts, would need to use MFA. However, the set of affected endpoints featured sites that few “normal users” go near simply because they have no need to connect to administrative portals like the Intune admin center or PowerShell modules like Azure.
The same rules apply here. Only accounts holding administrative roles that need to connect to the Microsoft 365 admin center are affected. There’s probably a broader set of roles involved, and the new restriction means that staff like help desk personnel might be required to use MFA for the first time. But here’s the thing: anyone accessing the Microsoft 365 admin center to perform administrative tasks for a tenant should already be using MFA. Those who don’t are inviting compromise of their accounts by attackers that leads to potential compromise of the entire tenant depending on the roles held by the account.
Figuring Out Who Might be Affected by the Mandatory MFA Requirement
If you have Entra P1 licenses, you can use PowerShell to analyze Entra Audit sign-in logs to determine the set of accounts that use MFA. Audit logs only go back 30 days, but it’s enough to have a good idea. Alternatively, you could use PowerShell to interrogate the sign-in logs to find successful connections to the app used by the Microsoft 365 admin center (the app name reveals its roots), reduce the set to find unique user accounts, and check each user account to validate if it uses MFA. In this example, I use the Get-MgServicePrincipal cmdlet to find the identifier of the app. You could also scan the sign-in logs in the Entra admin center to find a record for a connection to the Microsoft 365 admin center. The beta version of the Get-MgAuditLogSignIn cmdlet is used to fetch sign-in records because it returns information about authentication requirements. Here’s some code to do the job (available from GitHub):
Connect-MgGraph -Scope AuditLogs.Read.All
$M365AdminCenterId = (Get-MgServicePrincipal -Filter "displayName eq 'Microsoft Office 365 Portal'").AppId
Write-Host "Checking for sign-ins to the Microsoft 365 Admin center..."
[array]$M365PortalSignIns = Get-MgBetaAuditLogSignIn -Filter "AppId eq '$M365AdminCenterId' and status/ErrorCode eq 0" -All -PageSize 500
[array]$UniqueUsers = $M365PortalSignIns | Sort-Object UserPrincipalName -Unique
$Report = [System.Collections.Generic.List[Object]]::new()
ForEach ($User in $UniqueUsers) {
$MFA = "Not enabled"
If ($User.authenticationRequirement -eq 'multifactorauthentication') {
$MFA = "Enabled"
}
$ReportLine = [PSCustomObject] @{
User = $User.UserDisplayName
'MFA Status' = $MFA
'Last sign-in' = $User.createdDateTime
}
$Report.Add($ReportLine)
}
$Report
User MFA Status Last sign-in
---- ---------- ------------
Hans Geering (Project Management) Enabled 09/11/2024 20:50:47
Ken Bowers Enabled 16/11/2024 13:20:40
Lotte Vetler (Paris) Enabled 15/11/2024 13:23:06
Paul Robichaux (Office 365 for IT Pros) Not enabled 29/10/2024 19:46:04
Tony Redmond Enabled 03/11/2024 15:30:24Another approach is in the user passwords and authentication report script, which generates a comprehensive report about user accounts, passwords, sign-ins, and registered MFA methods. You can check this report to make sure that the users detected using the Microsoft 365 admin center have suitable MFA methods registered.
Another helpful script generates a report about accounts holding administrative role assignments. You can use the information in the report (and the CSV file generated by the script) to focus on the accounts that will be affected by the new mandatory MFA requirement. For example, accounts holding the user administrator role (Figure 1) will need to satisfy the mandatory MFA requirement to connect to the Microsoft 365 admin center after Microsoft deploys the change to your tenant.
Essentially, PowerShell is your friend when it comes to finding out who uses MFA in a tenant.
The Ongoing Need to Accelerate the Adoption of MFA
According to a Microsoft research report, MFA reduces the risk of account compromise by 99.22% across all accounts and by 98.56% for leaked account credentials (usernames and passwords). The last figures shared by Microsoft said that only 38% of Entra ID monthly active users use MFA (February 2024). Microsoft is on a campaign to get that number to at least 80% and enforcing mandatory requirements for MFA to connect to different sites is a good way to drive that message home.
One thing’s for sure. Microsoft is not going to stop imposing mandatory MFA requirements to connect to Microsoft 365. I expect the campaign to continue and spread to user-focused applications like Teams and Outlook. Quite when that will happen is anyone’s guess, but the important thing is to get ahead of the game by accelerating the adoption of MFA to protect Microsoft 365 user accounts, preferably using strong authentication methods like the Microsoft Authenticator app, FIDO2 keys, or software passkeys.
Another Big Change Coming in February 2025
Another big thing that will happen in February 2025 is the deprecation of the ApplicationImpersonation role in Exchange Online. This might not seem important to you, but it might be. Many bespoke and third-party tools use this role with Exchange Web Services (EWS) to access mailboxes. If you don’t check now, you might have an unpleasant surprise early in 2025. The Microsoft post references some tools to help check a tenant. It’s worth taking the time to do so.
So much change, all the time. It’s a challenge to stay abreast of all the updates Microsoft makes across the Microsoft 365 ecosystem. Subscribe to the Office 365 for IT Pros eBook to receive monthly insights into what happens, why it happens, and what new features and capabilities mean for your tenant.
GovAI Hackathon Produces Five Generative AI Solutions to Improve the Quality of Government Services in Indonesia
The Ministry of Finance, in collaboration with the Ministry of Foreign Affairs and the Ministry of Health, along with Microsoft Indonesia, Association of State-Owned Banks (Himbara/Himpunan Bank Negara), and Telkom Indonesia, have successfully concluded the 2024 GovAI Hackathon series. The innovative competition, open to all Indonesians, aimed to drive AI breakthroughs in artificial intelligence (AI) – especially generative AI – across four critical themes in government services. This year’s event attracted 191 teams comprising 495 participants, an increase of more than 100 percent compared to the previous year’s event with 93 teams from 271 participants.
The four themes addressed during the competition included: (1) stunting prevention and improving school children’s nutrition, (2) integrated and responsive digital public services, (3) economic diplomacy and empowerment of MSMEs for exports, as well as (4) transparent and accountable state financial management. Additional institutions, such as MoF-DAC, BPS, BRAIN IPB, KORIKA, University of Indonesia, and PKN STAN, also played active roles in organizing the 2024 GovAI Hackathon.
Agus Rofiudin, OBTI Expert Staff and CIO of the Ministry of Finance said, “Indonesia has entered the digital era at an accelerated pace. With internet penetration exceeding 72%, the potential for leveraging technology, especially AI, in the public sector to enhance the quality of life is immense. That’s why we organized the GovAI Hackathon—to gather innovative, AI-driven ideas from Indonesia’s brightest talents to assist the government in delivering higher-quality public services.”
The event series, which began in October 2024, was inaugurated with AI training open to the public. These included seven online classes led by speakers from Microsoft and Nawatech, attended by over 1,000 participants. Armed with the training, a total of 147 teams submitted their generative AI solution ideas, with 10 selected teams receiving further assistance from Microsoft, the Ministry of Finance – Data Analytics Community (MoF-DAC), and other Ministries and Institutions to create Minimum Viable Products (MVPs)[1] for their ideas, using Microsoft Azure technology. Of the 10 MVPs, 5 have now been selected, and their MVPs will be realized in government programs.
Acep Somantri, Expert Staff for Management of the Ministry of Foreign Affairs said, “The highest appreciation for the participants of the GovAI Hackathon 2024 who have provided inspiration for various improvements to government services based on generative AI technology. The ideas with a complete technology architecture from the participants are proof of the great potential of AI in Indonesia. We believe that collaboration between the government, the private sector, and academia will drive greater progress in Indonesia’s digital transformation, for the well-being of the Indonesian people.”
Five Selected Solutions for Indonesia
Here are the five selected solutions, which have realized their ideas into the form of MVPs:
UINNOVATOR with NuSantap, an innovative solution that integrates generative AI technology and computer vision. By utilizing AI algorithms, NuSantap is able to provide menu recommendations that are tailored to the nutritional needs of each individual and the availability of local food resources. Computer vision technology is used to accurately detect signs of nutritional deficiencies.
AI network with DIPLOMAT-AI, a generative AI for market intelligence analysis, mapping MSME export potential and foreign market penetration. The platform provides a one-stop solution with various analysis tools and AI-based prediction models, which are used to estimate market potential in various accreditation countries. In addition, DIPLOMAT-AI also offers comprehensive trade indicators, covering the role and direction of trade, trade structure, applicable regulations, and trade barriers in the destination country. DIPLOMAT-AI is equipped with a Retrieval-Augmented Generation (RAG)-based interactive chatbot generate Market Intelligence Report feature. This feature allows users to get market reports automatically compiled in PDF format as an easily accessible reference, as well as an interactive chatbot service that can answer questions about regulations, tariffs, and market opportunities in real time.
Project Ember with an AI-based solution that assesses carbon sequestration potential using satellite imagery. Data from satellite imagery that contains visual information about specific areas, such as vegetation and land conditions, is used as a raw material to map areas that have the potential to absorb carbon. Furthermore, the AI works to identify areas of interest by classifying which areas of vegetation and non-vegetation are highly accurate. Once the area of interest is identified, the analysis continues with the calculation of carbon potential based on plant type and area. Then adjustments will be made based on the density and health of the vegetation so that the resulting values are close to the actual conditions. The results of the analysis were converted into economic value estimates based on carbon price information in the current market.
AI4Indonesia with Trace.AI (Transparent Review and Cost Evaluation Powered by Gen-AI), an innovative generative AI-based solution to review and evaluate budgets effectively and transparently. This solution is automatically able to check proposal documents, as well as compare prices with internal and external data to detect indications of markup (adjusted to Government Regulation Number 12 of 2021 concerning the procurement of goods and services). Furthermore, the systems in this solution will provide data-driven recommendations and necessary actions, increasing efficiency, transparency, and accountability in every step of the procurement process.
Timses AITIES with Ainara, an innovative solution that integrates blockchain technology, smart contracts, and generative AI to create real-time transparency and accountability in village fund management. Every transaction is permanently recorded on the blockchain and smart contracts; ensuring that the disbursement of funds only occurs when conditions are met, thereby reducing the risk of corruption. With LaporNara, project progress reports are automatically compiled and can be accessed by the public through the PantauNara dashboard to facilitate monitoring. In addition, AwasNara detects expenditure anomalies that ensure funds are used according to standards. Ainara supports more open and participatory oversight and contributes to building a transparent and accountable future for villages.
In addition to the five selected solutions, special appreciation was also given to the other five finalists, namely:
- Sigma with the development of multi-agent AI in providing harmonized system code recommendations
- Sasyaditomonica with GARDA, Generative AI for Risk and Threat Detection
- Tomodachi with Mool Intelligence, a generative AI-powered government services marketplace
- NUTRI TEAM with NutriCare 1000, nurturing the first 1,000 days with AI
- Treasury Data Lab with FORTRESS-ID, Forecasting Overseas Risks and Threat Responses
Maya Arvini, Director of Public Sector at Microsoft Indonesia, stated, “We are honored to participate in the 2024 GovAI Hackathon. The surge in the number of participants this year indicates the rapid adoption of generative AI technology in Indonesia. This speed is in line with the findings of the 2024 Work Trend Index from Microsoft and LinkedIn, where 92% of knowledge workers in Indonesia are recorded to have used generative AI in the workplace, surpassing global (75%) and Asia Pacific (83%) figures. It is not only about speed; the ideas in the proposal and recommendations for a comprehensive technological architecture reflect real solutions to various critical issues in Indonesia. These ideas will create strong pillars to support Indonesia’s journey towards a Golden Indonesia 2045.”
###
[1]An early version of the product with the most basic features needed to meet the needs of early users. The goal of an MVP is to test business assumptions and get feedback from users quickly, so that developers can iterate and make improvements based on real data.
GovAI Hackathon Cetak Lima Solusi Generative AI untuk Tingkatkan Kualitas Layanan Pemerintahan di Indonesia
Read in English here
Kementerian Keuangan bersama Kementerian Luar Negeri dan Kementerian Kesehatan, dalam kerja sama dengan Microsoft Indonesia, Himbara (Himpunan Bank Negara), dan Telkom Indonesia, baru saja menyelesaikan rangkaian GovAI Hackathon 2024. Kompetisi penciptaan solusi inovatif yang terbuka bagi seluruh masyarakat Indonesia dengan tujuan membuat terobosan AI–terutama generative AI–di empat tema besar layanan pemerintahan ini berhasil menarik 191 tim yang terdiri dari 495 peserta. Jumlah tersebut meningkat 100 persen lebih dibandingkan penyelenggaraan tahun sebelumnya dengan 93 tim dari 271 peserta.
Keempat tema besar yang dikompetisikan yakni: (1) pencegahan stunting dan peningkatan gizi anak sekolah, (2) pelayanan publik digital terintegrasi dan responsif, (3) diplomasi ekonomi dan pemberdayaan UMKM untuk ekspor, (4) serta pengelolaan keuangan negara yang transparan dan akuntabel. Dalam prosesnya, sejumlah lembaga lain juga mengambil peranan aktif dalam penyelenggaraan GovAI Hackathon 2024, seperti MoF-DAC, BPS, BRAIN IPB, KORIKA, Universitas Indonesia, dan PKN STAN.
Agus Rofiudin, Staf Ahli OBTI dan juga CIO Kemenkeu mengatakan, “Indonesia telah menapaki era digital dengan laju yang sangat pesat. Dengan penetrasi internet mencapai lebih dari 72%, potensi pemanfaatan teknologi, khususnya AI, di sektor pemerintahan untuk meningkatkan kualitas hidup masyarakat sangatlah besar. Itulah sebabnya kami menyelenggarakan GovAI Hackathon, untuk mengumpulkan ide inovatif berbasis AI dari para talenta terbaik di Indonesia yang dapat membantu pemerintah meningkatkan kualitas layanan publik”.
Rangkaian kegiatan yang dilakukan sejak Oktober 2024 tersebut diawali dengan pelatihan AI untuk umum melalui tujuh kelas online bersama pembicara dari Microsoft dan Nawatech, dengan total peserta mencapai lebih dari seribu orang. Berbekalkan pelatihan yang diperoleh, sebanyak 147 tim mengumpulkan ide solusi generative AI mereka, dengan 10 tim terpilih mendapatkan pendampingan lanjutan dari Microsoft, Kementerian Keuangan – Komunitas Analisis Data (MoF-DAC), serta Kementerian Lembaga lain untuk menciptakan Minimum Viable Products (MVP)[1] atas ide mereka, dengan menggunakan teknologi Microsoft Azure. Dari 10 MVP tersebut, kini terpilih 5 yang MVP-nya akan diwujudkan dalam program pemerintah.
Acep Somantri, Staf Ahli Bidang Manajemen Kemenlu mengatakan, “Apresiasi tertinggi untuk para peserta GovAI Hackathon 2024 yang telah memberikan inspirasi ide akan berbagai peningkatan layanan pemerintahan berbasis teknologi generative AI. Ide dengan arsitektur teknologi yang lengkap dari para peserta menjadi bukti akan besarnya potensi AI di Indonesia. Kami percaya bahwa kolaborasi antara pemerintah, sektor swasta, dan akademisi akan mendorong kemajuan yang lebih besar dalam transformasi digital Indonesia, demi kesejahteraan rakyat Indonesia.”
Lima Solusi Terpilih untuk Indonesia
Berikut adalah kelima solusi terpilih, yang telah merealisasikan ide mereka ke dalam bentuk MVP:
UINNOVATOR dengan NuSantap, solusi inovatif yang mengintegrasikan teknologi generative AI dan computer vision. Dengan memanfaatkan algoritma AI, NuSantap mampu memberikan rekomendasi menu yang disesuaikan dengan kebutuhan gizi setiap individu serta ketersediaan sumber daya pangan lokal. Teknologi computer vision digunakan untuk mendeteksi tanda-tanda defisiensi nutrisi secara akurat.
Network AI dengan DIPLOMAT-AI, suatu generative AI untuk analisis market intelligence pemetaan potensi ekspor UMKM dan penetrasi pasar luar negeri. Platform ini menyediakan one-stop solution dengan berbagai alat analisis dan model prediksi berbasis AI, yang digunakan untuk memperkirakan potensi pasar di berbagai negara akreditasi. Selain itu, DIPLOMAT-AI juga menawarkan indikator perdagangan yang komprehensif, meliputi peran dan arah perdagangan, struktur perdagangan, regulasi yang berlaku, dan hambatan perdagangan di negara tujuan. DIPLOMAT-AI dilengkapi dengan dengan fitur generate Market Intelligence Report dan chatbot interaktif berbasis Retrieval-Augmented Generation (RAG). Fitur ini memungkinkan pengguna untuk mendapatkan laporan pasar yang disusun secara otomatis dalam format PDF sebagai referensi yang mudah diakses, serta layanan chatbot interaktif yang dapat menjawab pertanyaan seputar regulasi, tarif, dan peluang pasar secara real time.
Ember Proyek dengan solusi berbasis AI yang melakukan penilaian potensi serapan karbon menggunakan citra satelit. Data dari citra satelit yang berisi informasi visual mengenai wilayah tertentu seperti vegetasi dan kondisi lahan digunakan sebagai bahan mentah untuk memetakan area yang berpotensi menyerap karbon. Selanjutnya, AI bekerja untuk mengidentifikasi area of interest dengan mengklasifikasikan mana area vegatasi dan non-vegetasi berakurasi tinggi. Setelah area of interest teridentifikasi, analisis dilanjutkan dengan perhitungan potensi karbon berdasarkan jenis tanaman dan luas. Kemudian akan dilakukan penyesuaian berdasarkan kerapatan dan kesehatan vegetas sehingga nilai yang dihasilkan mendekati kondisi yang sebenarnya. Hasil analisis dilakukan konversi estimasi nilai ekonomi berdasarkan informasi harga karbon di pasar saat ini.
AI4Indonesia dengan Trace.AI (Transparent Review and Cost Evaluation Powered by Gen-AI), sebuah solusi inovatif berbasi generative AI untuk meninjau dan mengevaluasi anggaran secara efektif dan transparan. Solusi ini secara otomatis mampu memeriksa dokumen proposal, serta membandingkan harga dengan data internal dan eksternal untuk mendeteksi indikasi mark-up (disesuaikan dengan PP Nomor 12 Tahun 2021 tentang pengadaan barang dan jasa). Selanjutnya, sistem dalam solusi ini akan memberikan rekomendasi berbasis data dan tindakan yang diperlukan, meningkatkan efisiensi, transparansi, dan akuntabilitas dalam setiap langkah proses pengadaan.
Timses AITIES dengan Ainara, solusi inovatif yang mengintegrasikan teknologi blockchain, smart contracts, dan generative AI untuk menciptakan transparansi dan akuntabilitas real time dalam pengelolaan dana desa. Setiap transaksi dicatat permanen di blockchain dan smart contracts; memastikan penyaluran dana hanya terjadi saat syarat terpenuhi, sehingga mengurangi risiko korupsi. Dengan LaporNara, laporan progres proyek disusun otomatis dan dapat diakses publik melalui dashboard PantauNara untuk memudahkan pemantauan. Selain itu, AwasNara mendeteksi anomali pengeluaran yang memastikan dana digunakan sesuai standar. Ainara mendukung pengawasan yang lebih terbuka dan partisipatif serta berkontribusi dalam membangun masa depan desa yang transparan dan akuntabel.
Selain kelima solusi terpilih tersebut, apresiasi khusus juga diberikan kepada lima finalis lainnya, yaitu:
- Sigma dengan pengembangan multi agent AI dalam memberikan rekomendasi kode harmonized system
- Sasyaditomonica dengan GARDA, Generative AI untuk Risiko dan Deteksi Ancaman
- Tomodachi dengan Mool Intelligence, sebuah generative AI-powered government services marketplace
- NUTRI TEAM dengan NutriCare 1000, nurturing the first 1.000 days with AI
- Treasury Data Lab dengan FORTRESS-ID, Forecasting Overseas Risks and Threat Responses
Maya Arvini, Direktur Sektor Publik Microsoft Indonesia mengatakan “Kami merasa terhormat dapat berpartisipasi dalam penyelenggaraan GovAI Hackathon 2024. Lonjakan jumlah peserta tahun ini mengindikasikan cepatnya tingkat adopsi teknologi generative AI masyarakat Indonesia. Kecepatan ini selaras dengan temuan Work Trend Index 2024 dari Microsoft dan LinkedIn, di mana 92% knowledge workers di Indonesia tercatat sudah menggunakan generative AI di tempat kerja; lebih tinggi dibandingkan angka global (75%) dan Asia Pasifik (83%). Tidak hanya soal kecepatan, ide-ide yang ada di dalam proposal, berikut rekomendasi arsitektur teknologinya yang komprehensif, juga menujukkan solusi nyata dari berbagai isu kritikal di Indonesia. Berbagai ide tersebut akan menciptakan pilar kuat untuk mendukung perjalanan Indonesia menuju Indonesia Emas 2045.”
###
[1]Versi awal produk dengan fitur paling dasar yang diperlukan untuk memenuhi kebutuhan pengguna awal. Tujuan MVP adalah menguji asumsi bisnis dan mendapatkan umpan balik dari pengguna dengan cepat, sehingga pengembang dapat melakukan iterasi dan perbaikan berdasarkan data nyata.
