Category: Microsoft
Category Archives: Microsoft
Running `mdatp device-control policy preferences list` on macOS results in “Operation not supported”
Running `mdatp device-control policy preferences list` (per this page) on macOS results in “Operation not supported”.
Other mdatp commands work fine such as mdatp health and mdatp scan quick.
Running `mdatp device-control policy preferences list` (per this page) on macOS results in “Operation not supported”.Other mdatp commands work fine such as mdatp health and mdatp scan quick. Read More
Intermittent AVD Host Pool Login issues with WhfB endpoint, SSO, Entra ID Auth & MFA via Cond. Acc.
Hi,
We have been suffering intermittent (once every few months) AVD Auth/Login issues to multiple Host Pools for multiple Users – the login gets stuck and just loops continually between the Authentication “Just a moment” screen, and then initiating/configuring/securing remote connection dialog box. It seems to just happen at random for just one of our users/admin and other users can login to the same Host Pool VM.
We have found that if we leave it for a couple of hours and try again, it will work for the user – but this is not really acceptable for an Enterprise System, so would like to get to the bottom of this.
We have pure Entra ID (only) joined Host Pool VMs, but the laptop endpoints that we connect from are Hybrid AD joined (with GPO and Intune polices). We have a conditional access policy that forces MFA if you are not accessing from a corporate network, we have Windows Hello for Business (WHfB) PIN set on the end points (setup via GPO), we have Entra ID & SSO enabled on the Host Pool properties. Users and Admins are in the respective Virtual Machine User/Admin RBAC role for the RG the Host Pool VMs are in. User/Admin is in the Desktop App Group.
The fact that it seems to sort itself out after a few hours makes me wonder if it is a AD replication / Entra ID Connect Sync issue with the WHfB PIN/Cert from AD (does this even get changed after you have set the PIN the first time though?)
Does anyone else see this or have any ideas as to what the cause is, or how to debug it?
Hi, We have been suffering intermittent (once every few months) AVD Auth/Login issues to multiple Host Pools for multiple Users – the login gets stuck and just loops continually between the Authentication “Just a moment” screen, and then initiating/configuring/securing remote connection dialog box. It seems to just happen at random for just one of our users/admin and other users can login to the same Host Pool VM. We have found that if we leave it for a couple of hours and try again, it will work for the user – but this is not really acceptable for an Enterprise System, so would like to get to the bottom of this. We have pure Entra ID (only) joined Host Pool VMs, but the laptop endpoints that we connect from are Hybrid AD joined (with GPO and Intune polices). We have a conditional access policy that forces MFA if you are not accessing from a corporate network, we have Windows Hello for Business (WHfB) PIN set on the end points (setup via GPO), we have Entra ID & SSO enabled on the Host Pool properties. Users and Admins are in the respective Virtual Machine User/Admin RBAC role for the RG the Host Pool VMs are in. User/Admin is in the Desktop App Group. The fact that it seems to sort itself out after a few hours makes me wonder if it is a AD replication / Entra ID Connect Sync issue with the WHfB PIN/Cert from AD (does this even get changed after you have set the PIN the first time though?) Does anyone else see this or have any ideas as to what the cause is, or how to debug it? Read More
Restore a Hard deleted group office 365 within 30 retention period
Hi,
Is there any way to restore a hard deleted group in office 365 after a hard delete? This is within the 30 days retention period. I have done this before but I cannot seem to find the command lets I used.
Thanks.
Hi, Is there any way to restore a hard deleted group in office 365 after a hard delete? This is within the 30 days retention period. I have done this before but I cannot seem to find the command lets I used. Thanks. Read More
Unable to delete Archived users from Viva Engage/yammer using powershell script
I want to delete Archived users who are there in VivaEnage/Yammer.
I’m able to export the list but not able to delete users.
Probably, some issues with this uri:
$uri = “https://graph.microsoft.com/v1.0/yammer/users/$userId“
Please suggest, what should I do.
I have created this script, but getting this error in csv:
Failed to remove: Response status code does not indicate success: BadRequest (Bad Request).
Script:
Set-ExecutionPolicy RemoteSigned$cred = Import-CliXml -Path ‘C:ScriptVautcred2.xml’
$cert_graph = Get-ChildItem Cert:LocalMachineMy49054ea0593c0920e42b99fe99e9892833e651ec
$appid_graph=”MY_APPID_GRAPH”
$tenantid=”MY_TENANT_ID”
$certid=”MY_CERT_ID”
$appid=”MY_APP_ID”Connect-MgGraph -ClientID $appid_graph -TenantId $tenantid -Certificate $cert_graph# Fetch users whose display name contains “Archive”
$users = Get-MgUser -Filter “startswith(displayName, ‘Archive’)” -All# Initialize a list to store operation results
$results = @()# Loop through each user and remove from Viva Engage
foreach ($user in $users) {
$userId = $user.Id
# Attempt to remove the user from Viva Engage (assuming correct API endpoint)
try {
# API endpoint might need modification based on exact requirements
$uri = “https://graph.microsoft.com/v1.0/yammer/users/$userId”
Invoke-MgGraphRequest -Method DELETE -Uri $uri
$results += [PSCustomObject]@{
UserId = $userId
UserPrincipalName = $user.UserPrincipalName
Status = “Removed”
}
} catch {
$errorDetails = $_.Exception.Message
$results += [PSCustomObject]@{
UserId = $userId
UserPrincipalName = $user.UserPrincipalName
Status = “Failed to remove”
ErrorDetails = $errorDetails # Add this line to record the error details
}
}
}# Export results to CSV
$results | Export-Csv -Path “C:UserRemovalResults.csv” -NoTypeInformation# Disconnect the session
Disconnect-MgGraph
I want to delete Archived users who are there in VivaEnage/Yammer.I’m able to export the list but not able to delete users.Probably, some issues with this uri:$uri = “https://graph.microsoft.com/v1.0/yammer/users/$userId”Please suggest, what should I do.I have created this script, but getting this error in csv:Failed to remove: Response status code does not indicate success: BadRequest (Bad Request). Script: Set-ExecutionPolicy RemoteSigned$cred = Import-CliXml -Path ‘C:ScriptVautcred2.xml’$cert_graph = Get-ChildItem Cert:LocalMachineMy49054ea0593c0920e42b99fe99e9892833e651ec$appid_graph=”MY_APPID_GRAPH”$tenantid=”MY_TENANT_ID”$certid=”MY_CERT_ID”$appid=”MY_APP_ID”Connect-MgGraph -ClientID $appid_graph -TenantId $tenantid -Certificate $cert_graph# Fetch users whose display name contains “Archive”$users = Get-MgUser -Filter “startswith(displayName, ‘Archive’)” -All# Initialize a list to store operation results$results = @()# Loop through each user and remove from Viva Engageforeach ($user in $users) {$userId = $user.Id# Attempt to remove the user from Viva Engage (assuming correct API endpoint)try {# API endpoint might need modification based on exact requirements$uri = “https://graph.microsoft.com/v1.0/yammer/users/$userId”Invoke-MgGraphRequest -Method DELETE -Uri $uri$results += [PSCustomObject]@{UserId = $userIdUserPrincipalName = $user.UserPrincipalNameStatus = “Removed”}} catch {$errorDetails = $_.Exception.Message$results += [PSCustomObject]@{UserId = $userIdUserPrincipalName = $user.UserPrincipalNameStatus = “Failed to remove”ErrorDetails = $errorDetails # Add this line to record the error details}}}# Export results to CSV$results | Export-Csv -Path “C:UserRemovalResults.csv” -NoTypeInformation# Disconnect the sessionDisconnect-MgGraph Read More
Retention and SharePoint SPOSite and Users reviewed using PowerShell Cmdlts
Ever notice SharePoint sites and users that were deleted from the admin web option and located in SharePoint PowerShell?
The reason, retention and conditional access to
Data policies
Access policies
Azure policies
Make sure a review of business laws are complete to the retention records required before adjusting the defaults set by platform. Some regions allow up to 10-years of retention. Certain courts (state, local, corporate, corporate by federal department(s)) could ask for certain records and the platform produces the records needed if asked upon. Additionally, confidentiality is a different question to release certain records. Good luck.
Ever notice SharePoint sites and users that were deleted from the admin web option and located in SharePoint PowerShell? The reason, retention and conditional access toData policiesAccess policiesAzure policies Make sure a review of business laws are complete to the retention records required before adjusting the defaults set by platform. Some regions allow up to 10-years of retention. Certain courts (state, local, corporate, corporate by federal department(s)) could ask for certain records and the platform produces the records needed if asked upon. Additionally, confidentiality is a different question to release certain records. Good luck. Read More
About any found issue for Security intelligence updates for other Microsoft antimalware…
Hello all,
can it be correct to also report here any found issue related to Security intelligence updates but whose effects can be quite so important that I know is already impacting on 1 product normal usage (Microsoft Security Essentials, yes I know it’s a ‘legacy’ one) inside ‘other Microsoft antimalware’ (products) category ?
I’m asking this simply because from ‘Microsoft Security Intelligence‘, choosing Downloads -> Updates -> ‘Antimalware updates‘ the resulting web page that opens has the title ‘Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware’ and so it’s also basically defining 2 main (product) categories (1) Defender, 2) other Microsoft antimalware) and maybe 2nd one is less specific for this techcommunity.
And I know there’s already another direct feedback method available, using the emoticon ‘‘ [Provide feedback] icon found right below ‘Search‘ menu item available in 1st upper line (that anyway, so far I’ve already used it several times, including this one too) , but it is also true that sometimes in this techcommunity I’ve also seen others reporting here issues or effects related to some signature updates (but mainly for Defender category only) and so far I’ve seen no other specific comments to be taken as a guideline about really needing to avoid to do the same because inappropriate.
Thanks in advance for your attention and next comments I’ll receive.
P.S. I know I’ve been quite generic so far, but I just want to avoid providing much more details if others should consider inappropriate to do so immediately for other non Defender ‘legacy’ products.
Best Regards
Rob
Hello all, can it be correct to also report here any found issue related to Security intelligence updates but whose effects can be quite so important that I know is already impacting on 1 product normal usage (Microsoft Security Essentials, yes I know it’s a ‘legacy’ one) inside ‘other Microsoft antimalware’ (products) category ?I’m asking this simply because from ‘Microsoft Security Intelligence’, choosing Downloads -> Updates -> ‘Antimalware updates’ the resulting web page that opens has the title ‘Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware’ and so it’s also basically defining 2 main (product) categories (1) Defender, 2) other Microsoft antimalware) and maybe 2nd one is less specific for this techcommunity.And I know there’s already another direct feedback method available, using the emoticon ” [Provide feedback] icon found right below ‘Search’ menu item available in 1st upper line (that anyway, so far I’ve already used it several times, including this one too) , but it is also true that sometimes in this techcommunity I’ve also seen others reporting here issues or effects related to some signature updates (but mainly for Defender category only) and so far I’ve seen no other specific comments to be taken as a guideline about really needing to avoid to do the same because inappropriate. Thanks in advance for your attention and next comments I’ll receive.P.S. I know I’ve been quite generic so far, but I just want to avoid providing much more details if others should consider inappropriate to do so immediately for other non Defender ‘legacy’ products. Best RegardsRob Read More
Restricting Access to Device Groups (or similar)
We have some devices that should be managed by a different team. The will need to be able to create policies in intune, so they will need access to information like risk level (for compliance policies) and they need to work on issues like “Fix Microsoft Defender for Endpoint impaired communications in macOS”. We are using the “Microsoft Defender XDR permissions model“.
What I want to accomplis is: To restrict this team in a way that they cannot see the “device timeline” on devices that are not managed by them, because that does contain information about document file names.
In a perfect world, I would be able to grant the Security Administrator role to the Entra security group that defines that team with a filter to only show information regarding a specific Entra device group.
Unfortunately, I cannot find a way to do that.
Is there a way to restrict the devices a person can see after adding the user to the Security Administrator role? Or is there a way to hide the timeline from such a user, but still letting the user see the Inventories (software, vulnerbilities), see the status of the devices they manage in defender and create / update policies in defender?
We have some devices that should be managed by a different team. The will need to be able to create policies in intune, so they will need access to information like risk level (for compliance policies) and they need to work on issues like “Fix Microsoft Defender for Endpoint impaired communications in macOS”. We are using the “Microsoft Defender XDR permissions model”. What I want to accomplis is: To restrict this team in a way that they cannot see the “device timeline” on devices that are not managed by them, because that does contain information about document file names. In a perfect world, I would be able to grant the Security Administrator role to the Entra security group that defines that team with a filter to only show information regarding a specific Entra device group.Unfortunately, I cannot find a way to do that. Is there a way to restrict the devices a person can see after adding the user to the Security Administrator role? Or is there a way to hide the timeline from such a user, but still letting the user see the Inventories (software, vulnerbilities), see the status of the devices they manage in defender and create / update policies in defender? Read More
Custom WIM Image – “Windows cannot find the Microsoft Software License Terms”
Hello, I made a custom WIM image to install Windows 10 and put it in a Windows 10 ISO image in the sources folder. The WIM file is completely valid (I can see it in 7-zip) but the installator of the ISO image gives an error: “Windows cannot find the Microsoft Software License Terms. Make sure the installation sources are valid and restart the installation.”.
I have searched solutions on the internet and found out that my VM might be the problem. I’m using VirtualBox and people on internet says that removing any floppy disk attachment to the VM makes it works again, but I have nothing other than a virtual 20 Go disk and my ISO file as a virtual CD/DVD disk.
Any solutions to this ? Thanks in advance.
Hello, I made a custom WIM image to install Windows 10 and put it in a Windows 10 ISO image in the sources folder. The WIM file is completely valid (I can see it in 7-zip) but the installator of the ISO image gives an error: “Windows cannot find the Microsoft Software License Terms. Make sure the installation sources are valid and restart the installation.”.I have searched solutions on the internet and found out that my VM might be the problem. I’m using VirtualBox and people on internet says that removing any floppy disk attachment to the VM makes it works again, but I have nothing other than a virtual 20 Go disk and my ISO file as a virtual CD/DVD disk.Any solutions to this ? Thanks in advance. Read More
Portfolio & Budget management
My company plans to carry out several projects from 2024 until 2030. Each project lasts about 2-4 years. Is it possible to represent all these projects on the same platform? Like a Gantt chart, each project is a bar on the chart?
Also, is there a way to include a per-project budget for management purposes? The budget will be allocated over time. For example: Project A lasts 3 years from January 1, 2024 to January 1, 2027, with an estimated budget of 1 million USD. Of which, 70% will be allocated in the first 6 months, the remaining 30% will be divided equally every month until the end of the project.
When the duration of the project changes, for example 5 years instead of 3 years, this allocated cost part will also automatically update accordingly.
Thank you so much
My company plans to carry out several projects from 2024 until 2030. Each project lasts about 2-4 years. Is it possible to represent all these projects on the same platform? Like a Gantt chart, each project is a bar on the chart?Also, is there a way to include a per-project budget for management purposes? The budget will be allocated over time. For example: Project A lasts 3 years from January 1, 2024 to January 1, 2027, with an estimated budget of 1 million USD. Of which, 70% will be allocated in the first 6 months, the remaining 30% will be divided equally every month until the end of the project.When the duration of the project changes, for example 5 years instead of 3 years, this allocated cost part will also automatically update accordingly.Thank you so much Read More
How to set desktop background from spotlight to picture option using powershell script
How to set desktop background from spotlight to picture option by setting registry key using powershell script
How to set desktop background from spotlight to picture option by setting registry key using powershell script Read More
To Do app can’t open right click menu
Hi,
After my laptop upgrade to Windows 11 , the To Do app can’t right click to move the task.
It doesn’t show on the menu.
My colleague have same problem with me.
Do you have any solution about this problem?
Thank you.
Regards,
Hao.
Hi, After my laptop upgrade to Windows 11 , the To Do app can’t right click to move the task.It doesn’t show on the menu.My colleague have same problem with me.Do you have any solution about this problem?Thank you.Is there have any setting or update should I need to do? Regards,Hao. Read More
Hello I am unable to renewal my Microsoft Certificate
Yesterday was the last day for me to renew my microsoft certificate and i was presuming that i have multiple attempts to clear the renewal test but unfortunately after two attempts it has given a message that i have to wait for 24 hours to give more attempt and i couldn’t make it…..I request Microsoft to allow me one day time so i can renew my certificate.
Yesterday was the last day for me to renew my microsoft certificate and i was presuming that i have multiple attempts to clear the renewal test but unfortunately after two attempts it has given a message that i have to wait for 24 hours to give more attempt and i couldn’t make it…..I request Microsoft to allow me one day time so i can renew my certificate. Read More
Graph formating
Hello,
Please see the attached screen shot, my question is easy. I am working on a 100% stacked column graph and the highest % is shown is the smaller block, why and how can I change that please?
Thank you for your help
Hello,Please see the attached screen shot, my question is easy. I am working on a 100% stacked column graph and the highest % is shown is the smaller block, why and how can I change that please? Thank you for your help Read More
asking for help to solve my problem with optimization
At first, an optimization option appeared in “Review -> Workbook Performance”. After optimizing, it removed all the empty rows below. I also can’t insert rows using “Home -> Insert Sheet Rows”.
Fingers crossed that you can lend me a hand. Thank you beforehand !
At first, an optimization option appeared in “Review -> Workbook Performance”. After optimizing, it removed all the empty rows below. I also can’t insert rows using “Home -> Insert Sheet Rows”. Fingers crossed that you can lend me a hand. Thank you beforehand ! Read More
Copy Tab in worksheet to new worksheet
I have copied a tab from one worksheet to another and when I update the Tab from the first worksheet it doesn’t automatically update in the second worksheet in which I’ve copied that tab to. What am I doing wrong? We are making sure that the tabs are updated through the Excel Desktop app and not through the website link
I have copied a tab from one worksheet to another and when I update the Tab from the first worksheet it doesn’t automatically update in the second worksheet in which I’ve copied that tab to. What am I doing wrong? We are making sure that the tabs are updated through the Excel Desktop app and not through the website link Read More
LEARN PYTHON PROGRAMMING WITH VS CODE!
LEARN PYTHON PROGRAMMING USING VS CODE MICROSOFT LEARN STUDENT AMBASSADORS ONLINE EVENT!:graduation_cap::laptop_computer::globe_showing_americas:
My name is MAH E UROOJ and I’m Muslim Pakistani. I’m newly selected Microsoft Learn Student Ambassador milestone – Alpha. I cordially invite you all to attend a live MS Teams session scheduled this coming Friday. Your all presence will make this event a success. You will learn Fundamental Python concepts with Practical hands-on practice on Microsoft VS Code IDE. You can also get a chance to win LinkedIn Premium vouchers if event gets approved. Your all participation is needed in this regard. I hope to see you on the session day. The event joining link is given in this email.
Learn, Read, Write & Grow!
:open_book::globe_showing_americas::smiling_face_with_smiling_eyes:
Thank You!
_________
Tap on the link or paste it in a browser to join.
https://teams.microsoft.com/l/meetup-join/19%3ameeting_ODYyNzhiOTktMWZkMi00MzQ2LWI4M2YtZDMwNDMyNmQxNjg0%40thread.v2/0?context=%7b%22Tid%22%3a%2284c31ca0-ac3b-4eae-ad11-519d80233e6f%22%2c%22Oid%22%3a%22c8df4290-b528-46d5-b127-03e4618d60d3%22%7d
Join an exclusive
Live Python Fundamental Programming Session on VS Code.
:spiral_calendar:️ Day: April 26th, 2024.
:eight_o_clock: Time: 06:00 p.m. – 06:45 p.m.
:round_pushpin: Microsoft Teams Virtual Event.
Microsoft Teams Need help?
Meeting ID: 216 758 209 212
Passcode: cTkzCR
You’re invited to Learn Python Programming! :laptop_computer::graduation_cap::globe_with_meridians:
LEARN PYTHON PROGRAMMING USING VS CODE MICROSOFT LEARN STUDENT AMBASSADORS ONLINE EVENT!:graduation_cap::laptop_computer::globe_showing_americas: My name is MAH E UROOJ and I’m Muslim Pakistani. I’m newly selected Microsoft Learn Student Ambassador milestone – Alpha. I cordially invite you all to attend a live MS Teams session scheduled this coming Friday. Your all presence will make this event a success. You will learn Fundamental Python concepts with Practical hands-on practice on Microsoft VS Code IDE. You can also get a chance to win LinkedIn Premium vouchers if event gets approved. Your all participation is needed in this regard. I hope to see you on the session day. The event joining link is given in this email. Learn, Read, Write & Grow! :open_book::globe_showing_americas::smiling_face_with_smiling_eyes: Thank You!_________Tap on the link or paste it in a browser to join.https://teams.microsoft.com/l/meetup-join/19%3ameeting_ODYyNzhiOTktMWZkMi00MzQ2LWI4M2YtZDMwNDMyNmQxNjg0%40thread.v2/0?context=%7b%22Tid%22%3a%2284c31ca0-ac3b-4eae-ad11-519d80233e6f%22%2c%22Oid%22%3a%22c8df4290-b528-46d5-b127-03e4618d60d3%22%7dJoin an exclusive Live Python Fundamental Programming Session on VS Code. :spiral_calendar:️ Day: April 26th, 2024.:eight_o_clock: Time: 06:00 p.m. – 06:45 p.m. :round_pushpin: Microsoft Teams Virtual Event. Microsoft Teams Need help? Meeting ID: 216 758 209 212 Passcode: cTkzCRYou’re invited to Learn Python Programming! :laptop_computer::graduation_cap::globe_with_meridians: Read More
Network traffic observability with virtual network flow logs
Azure Network Watcher provides network monitoring and troubleshooting capabilities to increase observability and actionable insights with out-of-box health metrics & topology visualization, connectivity monitoring, traffic monitoring and diagnostics suite. For on-premises workloads, network administrators rely on NetFlow or IPFIX to address these use cases. Virtual network flow logs are a capability of Network Watcher service to address these scenarios for Azure and hybrid networks and we are excited to announce that virtual network flow logs are now transitioning from public preview to general availability.
Overview
Virtual network flow logs record layer-4 IP traffic flowing through a virtual network capturing the 5-tuple (source IP, destination IP, source port, destination port, protocol) and traffic volume information with no impact to application performance.
Deployment: virtual network flow logs can be enabled by NetOps admin for desired scope of virtual networks, subnets, or network interfaces.
Log collection: Inbound and outbound traffic is recorded at each network interface of the supported workloads and ingested to a storage account in JSON format for analysis and cost-effective retention.
Log enrichment: Traffic Analytics can be enabled as an add-on functionality to process the raw flow logs, aggregate them at longer intervals, and enrich them with environmental metadata for advanced insights into user and application activity and malicious communication patterns.
Log consumption: Virtual network flow logs can be accessed directly from storage accounts or integrated with out-of-box visualization such as Power BI.
Log integration: Virtual network flow logs can be integrated with 3rd party applications for network and security analysis.
Use cases of virtual network flow logs
Network security group flow logs and virtual network flow logs address the following use cases:
Network troubleshooting
Troubleshoot network connectivity between source and destination endpoints.
Identify overly restrictive or permissive access control rules.
Identify network security group (NSG) or Azure Virtual Network Manager rules blocking traffic.
Usage monitoring and optimization
Identify top talking hosts and top communicating applications across or within networks.
Monitor and visualize traffic levels and bandwidth consumption for cross-region traffic.
Identify unknown or undesired traffic.
Compliance
Record all network activity with configurable retention intervals to meet audit requirements.
Use flow data to verify network isolation and compliance with enterprise access rules.
Network forensics and security analysis
Analyze network flows from compromised IPs and network interfaces.
Identify ports and hosts communicating with public IPs or internet.
Integrate with 3rd party Intrusion Detection System (IDS) or Security Information and Event Management (SIEM) tool of choice for advanced detections and threat hunting.
Comparison to NSG flow logs
NSG flow logs also enable traffic recording but had limitations that virtual network flow logs overcome.
Capability
NSG flow logs
Virtual network flow logs
Scope of enablement
NSG
Virtual network, subnet, network interface
Identification of allowed/denied traffic in NSG rules
Yes
Yes
Identification of allowed/denied traffic by Virtual Network Manager security admin rules
No
Yes
Support of Virtual Network encryption
No
Yes
Traffic volume (bytes and packets) for stateless flows
No
Yes
Extensive resource coverage
No
Yes
Price
Billed per gigabyte of Network flow logs collected
Billed per gigabyte of Network flow logs collected
NSG flow logs can be migrated to virtual network flow logs for simplified transition to new capabilities.
Using virtual network flow logs
Virtual network flow logs can be enabled on one or more virtual networks using Azure Portal, PowerShell, AzCLI or Policy, with no requirement to attach NSGs to those virtual networks. The example below is a snippet of the flow log retrieved from storage account. Traffic flows are recorded as comma separated values with IP, port and volume information recorded under ‘flowTuples’. Traffic flows are unencrypted, as Azure virtual network encryption has not been enabled, indicated by ‘NX’.
With Traffic Analytics enabled, advanced insights on environment, traffic distribution, usage patterns, malicious flows across regions can be visualized with additional capabilities to slice and dice the data as per requirement in a Log analytics workspace with Kusto queries.
Scenarios addressed with virtual network flow logs
Demo environment
To demonstrate some of the scenarios described above, Azure environment comprising a hub and spoke topology is used, with the hub containing a Firewall, Bastion, DNS Private Resolver, and connectivity to on-premises via ExpressRoute gateway. Spoke1 has a sample application deployed on virtual machines with load balancers fronting each tier, and a private endpoint connected to an SQL Database for the DB tier. Spoke2 has sample workloads to test spoke-to-spoke traffic. Network Watcher virtual network flow logs and Traffic Analytics have been enabled on Hub and Spoke virtual networks.
Scenario 1: Troubleshooting virtual network manager security admin rules
Organizations typically have the requirement to log when network traffic is allowed or denied, to satisfy regulatory requirements and assist with troubleshooting in day-to-day operations. Network administrators can allow or deny traffic in a virtual network either using NSGs or Azure Virtual Network Manager security admin rules. Both mechanisms are logged using virtual network flow logs enabling visibility into traffic being allowed or denied.
In this case, there are both NSGs and Azure Virtual Network Manager security admin rules applied to the environment. An NSG named ‘yada-nsg’ has the second highest flow volume and an Azure Virtual Network Manager security admin rule called “nossh” is dropping SSH traffic to all virtual machines in the virtual network. Traffic Analytics dashboards shows the Access Control Lists (ACLs) hitting most traffic. Additional insights can be derived by navigating to Log Analytics workspace and modifying pre-built Kusto queries. To address scenarios such as troubleshooting failed SSH connections, an audit trail of SSH connection attempts from both internal and external IP addresses can be listed.
Scenario 2: Simplifying traffic visibility by enabling virtual network flow logs on hub virtual network
Virtual network flow logs allow optimization of log volume and simplification of management by enabling them at hub virtual network. All traffic flowing through the hub, including spoke-to-spoke traffic is recorded on the hub virtual network. In the topology of demo environment, traffic between the spokes is routed via hub firewall. The example query below aggregates throughput between internal IP addresses for specified ranges. An endpoint on Spoke2 (10.1.2.20) can be seen accessing another API endpoint on Spoke1(10.1.1.21) on port 8080, connecting to Web endpoint on Spoke1(10.1.1.4) via SSH and establishing DNS connectivity with Hub(10.1.0.8) on port 53. Traffic patterns between spoke virtual networks can be aggregated over time to distinguish hub-to-spoke vs spoke-to-spoke volume.
Scenario 3: Hybrid traffic visibility with ExpressRoute gateway
Typical enterprise deployments include a combination of Azure and on-premises workloads with significant traffic traversing ExpressRoute or VPN gateways. Estimating the overall traffic volume on ExpressRoute circuits and identifying the workloads that are consuming significant bandwidth on these circuits enables capacity planning, cross-charging internal teams, or re-architecting application communication to optimize costs. Further investigation to identify the top consumer of bandwidth (26%) in this ExpressRoute circuit (10.4.2.2) can be achieved to list top communicating endpoints, as well as timeline view of bandwidth patterns to eliminate anomalous patterns.
Conclusion
Virtual network flow logs enable centralized visibility of traffic patterns across virtual machines and scale sets, application gateways, load balancers, ExpressRoute gateways, VPN gateways and firewalls. Network and security administrators can leverage these flow logs to ensure organizational needs around network observability and compliance are met in a light-weight scalable manner. In addition, virtual network flow logs enable detection of security vulnerabilities and aid in threat hunting investigations with a complete trail of user and application activity.
Virtual network flow logs currently support the following 3rd party applications with seamless integration for additional scenarios:
Cisco XDR
Darktrace
IBM QRadar
Splunk
Virtual network flow logs will eventually be billed per gigabyte of logs generated. For more information, see Network Watcher pricing (Network flow logs collected).
Learn more
Network Watcher overview
Virtual network flow logs overview
Enable virtual network flow logs
Traffic Analytics overview
Traffic Analytics usage scenarios
Microsoft Tech Community – Latest Blogs –Read More
How fix QuickBooks Error 30159 after update Payroll?
Troubleshooting Solutions: QuickBooks Payroll Update Error 30159
Check Payroll Subscription: QuickBooks Error 30159 often occurs due to issues with the payroll subscription. Ensure your payroll subscription is active and up-to-date by logging into your Intuit account and verifying your subscription status.Update QuickBooks: Make sure you’re using the latest version of QuickBooks. Outdated software can trigger errors like 30159. Go to the “Help” menu and select “Update QuickBooks” to install any available updates.Run QuickBooks Payroll Update: QuickBooks often releases payroll updates to fix errors and enhance functionality. Run the latest payroll update by selecting “Employees” > “Get Payroll Updates” > “Download Entire Update.”Check Payroll Service Key: Verify that the payroll service key is correct in QuickBooks. Navigate to “Employees” > “My Payroll Service” > “Manage Service Keys.” If the key is incorrect, click “Edit” and enter the correct service key.Repair QuickBooks Installation: A corrupted QuickBooks installation can lead to error 30159. Use the QuickBooks Install Diagnostic Tool to repair the installation. Download and run the tool from the Intuit website to fix any installation-related issues.Update Windows and .NET Framework: Ensure that your Windows operating system and .NET Framework are updated. QuickBooks relies on these components, and outdated versions can cause compatibility issues. Check for updates in the Windows Update settings.Scan for Malware/Viruses: Malware or viruses on your system can interfere with QuickBooks processes, leading to error 30159. Run a thorough scan using reputable antivirus software to detect and remove any malicious programs.Check Firewall and Security Software: Your firewall or security software may be blocking QuickBooks from accessing necessary resources. Temporarily disable your firewall and security software, then try running QuickBooks again. If the error disappears, adjust your firewall settings to allow QuickBooks access.Contact QuickBooks Support: If none of the above solutions resolve the error, contact QuickBooks support for further assistance. They can provide advanced troubleshooting steps or address any underlying technical issues causing error 30159.
By following these troubleshooting steps, you should be able to resolve QuickBooks Error 30159 and resume your workflow without interruption.
Troubleshooting Solutions: QuickBooks Payroll Update Error 30159 Check Payroll Subscription: QuickBooks Error 30159 often occurs due to issues with the payroll subscription. Ensure your payroll subscription is active and up-to-date by logging into your Intuit account and verifying your subscription status.Update QuickBooks: Make sure you’re using the latest version of QuickBooks. Outdated software can trigger errors like 30159. Go to the “Help” menu and select “Update QuickBooks” to install any available updates.Run QuickBooks Payroll Update: QuickBooks often releases payroll updates to fix errors and enhance functionality. Run the latest payroll update by selecting “Employees” > “Get Payroll Updates” > “Download Entire Update.”Check Payroll Service Key: Verify that the payroll service key is correct in QuickBooks. Navigate to “Employees” > “My Payroll Service” > “Manage Service Keys.” If the key is incorrect, click “Edit” and enter the correct service key.Repair QuickBooks Installation: A corrupted QuickBooks installation can lead to error 30159. Use the QuickBooks Install Diagnostic Tool to repair the installation. Download and run the tool from the Intuit website to fix any installation-related issues.Update Windows and .NET Framework: Ensure that your Windows operating system and .NET Framework are updated. QuickBooks relies on these components, and outdated versions can cause compatibility issues. Check for updates in the Windows Update settings.Scan for Malware/Viruses: Malware or viruses on your system can interfere with QuickBooks processes, leading to error 30159. Run a thorough scan using reputable antivirus software to detect and remove any malicious programs.Check Firewall and Security Software: Your firewall or security software may be blocking QuickBooks from accessing necessary resources. Temporarily disable your firewall and security software, then try running QuickBooks again. If the error disappears, adjust your firewall settings to allow QuickBooks access.Contact QuickBooks Support: If none of the above solutions resolve the error, contact QuickBooks support for further assistance. They can provide advanced troubleshooting steps or address any underlying technical issues causing error 30159.By following these troubleshooting steps, you should be able to resolve QuickBooks Error 30159 and resume your workflow without interruption. Read More
Henvisningskode B I T G E T: qp29 (B I T G E T 1000 USDT registreringsbonus) | Ny kampagnekode
Henvisningskode B I T G E T: qp29 (B I T G E T 1000 USDT registreringsbonus) | Ny kampagnekode B I T G E T 2024
Leder du efter henvisningskode B I T G E T? Den sidste for 2024 er qp29. Med denne kode får du 30% rabat. Derudover kan nye BIT G E T-brugere, der tilmelder sig med kampagnekoden “qp29”, modtage en eksklusiv kampagnebelønning til en værdi af op til $1.000.
Hvad er henvisningskoden B I T G E T?
Koden “qp29” i BIT G E T-programmet fungerer som en henvisningskode. Ved at indtaste denne kode vil du modtage en permanent reduktion i handelsgebyrer samt 30% rabat på dine handler. Plus, hvis du deler din henvisningskode med dine venner, har du en chance for at vinde en generøs 50% bonus. Brug af denne kode giver en værdifuld mulighed for at reducere gebyrer og potentielt øge din indtjening ved at tiltrække andre til platformen.
Hvad er den bedste B I T G E T 2024 henvisningskode?
Den stærkt anbefalede B I T G E T-henvisningskode er qp29. Hvis du bruger denne kode, når du tilmelder dig, vil du modtage en generøs $100 bonus. Hvis du deler din kode med dine venner, har du mulighed for at tjene en kæmpe kommission på 50%. Dette giver dig i bund og grund muligheden for at modtage en maksimal tilmeldingsbonus på op til $1.000 som en velkomstbelønning. Dette er en fantastisk måde at udvide din handelsoplevelse med yderligere fordele, mens du opmuntrer andre til at deltage og tjene deres egne belønninger.
Sådan bruger du henvisningskoden B I T G E T
Henvisningskoden B I T G E T er tilgængelig for nye brugere, som endnu ikke er registreret på børsen. Hvis du allerede har en konto, vil du desværre ikke kunne bruge henvisningskoden.
B I T G E T tilbyder dog flere andre måder at deltage i kampagner og optjene belønninger på. Lad os se på disse alternativer.
For B I T G E T nybegyndere er her trin-for-trin instruktioner om, hvordan man ansøger om en henvisningskode:
For at komme i gang skal du besøge B I T G E T og klikke på den blå “Log ind”-knap.
Angiv nøjagtige brugeroplysninger, da de vil blive kontrolleret for overholdelse af KYC- og AML-procedurer.
Når du bliver bedt om din henvisningskode, skal du indtaste qp29.
Fuldfør registreringsprocessen og fuldfør alle nødvendige bekræftelser.
Når alle betingelser er opfyldt, kan du straks modtage velkomstbonussen.
Denne tilgang sikrer, at nye brugere nemt kan gennemføre registreringsprocessen selv uden en henvisningskode og modtage en velkomstbonus efter at have opfyldt de fastsatte krav.
Hvad er den anbefalede henvisningskode for B I T G E T?
Henvisningskode B I T G E T – qp29. For at få 30 % rabat på din B I T G E T-kommission skal du blot følge disse trin:
Registrer en ny konto hos B I T G E T.
Sørg for at bruge referencekoden B I T G E T qp29.
Hvor meget er henvisningsbonussen for B I T G E T?
Inviter dine venner til at deltage i B I T G E T og vind en del af henvisningspræmiepuljen sammen! Hver ven, du henviser, kan tjene $50, op til et maksimum på $1.000 pr. bruger. Brugere kan invitere venner til at registrere sig hos B I T G E T. Hvis de opfylder alle kravene, vil du og dine venner modtage handelsbonusser på $50 op til maksimumgrænsen.
Hvordan får jeg B I T G E T bonussen?
Optjen point dagligt og veksle dem til USDT. Gennemfør udfordringen inden for syv dage for at låse op for alle belønninger. Tilmeld dig for at modtage en velkomstpakke til en værdi af $1.000. Indbetal mindst $50 for at optjene 200 point. Lav din første handel til en værdi af mindst $50 og optjen 500 point.
Anvendes handelskommissionsrabatter automatisk?
Absolut. Når du registrerer dig med vores eksklusive henvisningskode B I T G E T qp29, vil 30% rabatten blive anvendt automatisk. Der kræves ingen yderligere handling. Du skal bare dykke ned i handel og nyde godt af en permanent 30 % rabat på alle kommissioner.
Henvisningskode B I T G E T: qp29 (B I T G E T 1000 USDT registreringsbonus) | Ny kampagnekode B I T G E T 2024Leder du efter henvisningskode B I T G E T? Den sidste for 2024 er qp29. Med denne kode får du 30% rabat. Derudover kan nye BIT G E T-brugere, der tilmelder sig med kampagnekoden “qp29”, modtage en eksklusiv kampagnebelønning til en værdi af op til $1.000.Hvad er henvisningskoden B I T G E T?Koden “qp29” i BIT G E T-programmet fungerer som en henvisningskode. Ved at indtaste denne kode vil du modtage en permanent reduktion i handelsgebyrer samt 30% rabat på dine handler. Plus, hvis du deler din henvisningskode med dine venner, har du en chance for at vinde en generøs 50% bonus. Brug af denne kode giver en værdifuld mulighed for at reducere gebyrer og potentielt øge din indtjening ved at tiltrække andre til platformen.Hvad er den bedste B I T G E T 2024 henvisningskode?Den stærkt anbefalede B I T G E T-henvisningskode er qp29. Hvis du bruger denne kode, når du tilmelder dig, vil du modtage en generøs $100 bonus. Hvis du deler din kode med dine venner, har du mulighed for at tjene en kæmpe kommission på 50%. Dette giver dig i bund og grund muligheden for at modtage en maksimal tilmeldingsbonus på op til $1.000 som en velkomstbelønning. Dette er en fantastisk måde at udvide din handelsoplevelse med yderligere fordele, mens du opmuntrer andre til at deltage og tjene deres egne belønninger.Sådan bruger du henvisningskoden B I T G E THenvisningskoden B I T G E T er tilgængelig for nye brugere, som endnu ikke er registreret på børsen. Hvis du allerede har en konto, vil du desværre ikke kunne bruge henvisningskoden.B I T G E T tilbyder dog flere andre måder at deltage i kampagner og optjene belønninger på. Lad os se på disse alternativer.For B I T G E T nybegyndere er her trin-for-trin instruktioner om, hvordan man ansøger om en henvisningskode:For at komme i gang skal du besøge B I T G E T og klikke på den blå “Log ind”-knap.Angiv nøjagtige brugeroplysninger, da de vil blive kontrolleret for overholdelse af KYC- og AML-procedurer.Når du bliver bedt om din henvisningskode, skal du indtaste qp29.Fuldfør registreringsprocessen og fuldfør alle nødvendige bekræftelser.Når alle betingelser er opfyldt, kan du straks modtage velkomstbonussen.Denne tilgang sikrer, at nye brugere nemt kan gennemføre registreringsprocessen selv uden en henvisningskode og modtage en velkomstbonus efter at have opfyldt de fastsatte krav.Hvad er den anbefalede henvisningskode for B I T G E T?Henvisningskode B I T G E T – qp29. For at få 30 % rabat på din B I T G E T-kommission skal du blot følge disse trin:Registrer en ny konto hos B I T G E T.Sørg for at bruge referencekoden B I T G E T qp29.Hvor meget er henvisningsbonussen for B I T G E T?Inviter dine venner til at deltage i B I T G E T og vind en del af henvisningspræmiepuljen sammen! Hver ven, du henviser, kan tjene $50, op til et maksimum på $1.000 pr. bruger. Brugere kan invitere venner til at registrere sig hos B I T G E T. Hvis de opfylder alle kravene, vil du og dine venner modtage handelsbonusser på $50 op til maksimumgrænsen.Hvordan får jeg B I T G E T bonussen?Optjen point dagligt og veksle dem til USDT. Gennemfør udfordringen inden for syv dage for at låse op for alle belønninger. Tilmeld dig for at modtage en velkomstpakke til en værdi af $1.000. Indbetal mindst $50 for at optjene 200 point. Lav din første handel til en værdi af mindst $50 og optjen 500 point.Anvendes handelskommissionsrabatter automatisk?Absolut. Når du registrerer dig med vores eksklusive henvisningskode B I T G E T qp29, vil 30% rabatten blive anvendt automatisk. Der kræves ingen yderligere handling. Du skal bare dykke ned i handel og nyde godt af en permanent 30 % rabat på alle kommissioner. Read More
Link up mailbox to exchange online from on-premise exchange
We got customer using the below.
1 x on-premise exchange server
Active M365 admin portal with users account synced online via AD sync from on-premise AD but without mailbox.
Mailbox are on-premise exchange.
Now we need to assign M365 mailbox to active user account on exchange online.
Because we tried assign in exchange online but it prompt on-premise exchange server detected and can’t proceed.
What is the best method to do so?
Thanks.
We got customer using the below.1 x on-premise exchange server Active M365 admin portal with users account synced online via AD sync from on-premise AD but without mailbox. Mailbox are on-premise exchange. Now we need to assign M365 mailbox to active user account on exchange online.Because we tried assign in exchange online but it prompt on-premise exchange server detected and can’t proceed. What is the best method to do so? Thanks. Read More