Category: Microsoft
Category Archives: Microsoft
Partner Blog | Microsoft Build 2024: Empowering Partners through AI and Cloud Innovation
Microsoft Tech Community – Latest Blogs –Read More
Public Preview: App Service Authentication Logs on Diagnostic Settings
A new log “AppServiceAuthenticationLogs” is now available in Public Preview for App Service resources on Windows. This would include Web Apps, Functions, and Logic Apps. If you would like to have more visibility into your App Service Authentication and would like to troubleshoot or self-diagnose issues, you can enable this log category to help with these scenarios.
App Service Linux resources and Functions Consumption Plan (Linux and Windows) currently does not support this log. You may still see this log as an option in the Diagnostic Settings. However, if your resource is one of the unsupported scenarios, you will not see any logs despite enabling “AppServiceAuthenticationLogs”.
Like any Diagnostic Settings logs, this log could be enabled via Diagnostic Settings and will show up as “App Service Authentication Logs”. However, one important difference from the previous logs is that “AppServiceAuthenticationLogs” would be charged for the cost to export logs to various endpoints, in addition to the cost of using the endpoints (ie. Storage, Log Analytics). You can find more information on platform logs export pricing and a list of exportable logs on App Service.
The next section of the article will go more in depth into the different logs that will be emitted and will provide you with a better understanding about each log.
Supported Logs
AppServiceAuthenticationLogs currently will only generate “Warning” and “Error” logs. No logs will be generated for successful App Service Authentication requests.
Log Messages
This section contains additional information for common Warning and Error logs that may be helpful for diagnosing potential issues. Please note that any suggested actions are only recommendations and that individual scenarios may differ.
Warning Logs
Message
Comment/Recommendation
JWT validation failed:
Audience validation failure
May occur if the audience parameter in the incoming token is not specified as an allowed audience in your configuration, resulting in a 401 response code. The audience parameter specifies the resource that the token grants access to and typically should be the Client Id of your web app.
IDX12741: JWT: ‘[PII of type ‘System.String’ is hidden. For more details, see https://aka.ms/IdentityModel/PII.]’ must have three segments (JWS) or five segments (JWE)..
Indicates an incorrectly formatted JWT token that may result in a 401 response code.
Principal (isUser: False) failed single tenancy check for single tenant AAD app.
Indicates that the incoming token did not come from the same tenant as the AAD application and there may be issues with single-tenancy.
An authenticated principal (userhash: ***) for an API call failed authorization.
——————————-
An authenticated principal (userhash: ***) for an API call has a cached failed authorization check.
Expected to occur if the incoming token should not have access to the resource and will result in a 403 response code. If this is unexpected, then the authorization policies in your configuration may be incorrectly defined (check the allowed principals, allowed applications, and allowed tenants properties).
Login token for ‘***’ was rejected because contained an invalid ‘nonce’ claim.
——————————-
Login token for ‘***’ was rejected because it did not contain a ‘nonce’ claim.
——————————-
Failed to read the ‘Nonce’ cookie for site ‘***’
May occur if the login session takes too long to complete. The nonce claim is associated with the login session and will expire after a set time. If this occurs, attempt login again.
Access was denied for ‘***’ because this principal does not match any of the allowed applications.
——————————-
Access was denied for ‘***’ because this principal does not match any of the principal policies.
——————————-
Access was denied for ‘***’ because this principal does not match any of the allowed tenants.
Expected to occur if the incoming token should not have access to the resource and will result in a 403 response code. If this is unexpected, then check that the relevant property (allowed principals, allowed applications, or allowed tenants) match the principal claims in the token.
Error Logs
Message
Comment/Recommendation
HTTP proxy request encountered exception.
Type: System.Net.Http.HttpRequestException
Message: Connection refused
——————————-
HTTP proxy request encountered exception.
Type: System.Net.Http.HttpRequestException
Message: Connection timed out
Indicates that a request forwarding attempt failed and may manifest as a 5xx response code. A starting point is to investigate application logs to see why the request failed. For example, running extra containers or added load can result in latency due to resource contention.
An error occurred while monitoring the file system: System.IO.InternalBufferOverflowException: Too many changes at once in directory:C:homedata.authtokens.
May occur if your application has too much load; for example, if there are too many writes at a given time. Blob storage can be used instead of file storage to mitigate, trading more reliable storage for more writes. Can also disable token store if not needed.
Failed to download OpenID configuration from ‘***’
Occurs when an HTTP request to the Open ID configuration endpoint fails and may manifest with a 500 response code. This is sometimes transient, as a failed request will trigger another attempt and retries may succeed. If this error is consistently occurring, check that the Open ID endpoint specified in your configuration is correct and accessible from the context of your web app.
Failed to read the ‘AppServiceAuthSession’ cookie for site ‘***’: The signature of the encrypted data is invalid.
——————————-
Failed to read the ‘AppServiceAuthSession’ cookie for site ‘***’: Invalid length for a Base-64 char array or string.
——————————-
Failed to read the ‘AppServiceAuthSession’ cookie for site ‘***’: The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or an illegal character among the padding characters.
Indicates a problem with validating or decrypting the session cookie. This may occur if there is an issue with encryption key rotation or the session cookie is malformed and may require logging in again.
Microsoft Tech Community – Latest Blogs –Read More
Equivalent license to Power Apps Portals, as the latter has expired
Hello,
We have a customer with the following license: Power Apps Portals login capacity add-on Tier 2 (10 unit min) for Faculty, which expired on its renewal date and can no longer be reactivated.
Is there currently a license different from Power Pages that is equivalent to Power Apps Portals so we can activate it for the client?
The problem with Power Pages is that migration from Portals to Pages cannot be done immediately, requiring development hours, so we want to know if there is any license that does not require this extra work.
Hello, We have a customer with the following license: Power Apps Portals login capacity add-on Tier 2 (10 unit min) for Faculty, which expired on its renewal date and can no longer be reactivated. Is there currently a license different from Power Pages that is equivalent to Power Apps Portals so we can activate it for the client? The problem with Power Pages is that migration from Portals to Pages cannot be done immediately, requiring development hours, so we want to know if there is any license that does not require this extra work. Read More
Excel view with some spreadsheets within teams
HELP….When I open excel files that open in a browser it looks like this. When I place my cursor in a certain cell it appears normal in the preview cell at the top. If I save the file on my desktop it seems to fix the issue. It is a shared file and it looks fine when others open it …Please help me fix this. THX
HELP….When I open excel files that open in a browser it looks like this. When I place my cursor in a certain cell it appears normal in the preview cell at the top. If I save the file on my desktop it seems to fix the issue. It is a shared file and it looks fine when others open it …Please help me fix this. THX Read More
Teams Rooms Licenses Rug Pulled and New Licenses Don’t work.
Im so annoyed right now. We lost our “Teams Room Standard” licenses out of the blue from Techdata. So we got our 25 Teams Room Basic Licenses. Applied them to the rooms, and now they don’t work at all. GD Microsoft paywalling and rug pulling licenses all the time is becoming problematic. What’s next? Is Microsoft going to make me have a license to use USB devices? License me per monitor? Freaking unreal how my 8k rooms are dead stick because of this stupid BS. I’m not calling support to get some tier 1 idiot who is going to make me fill out a 10 question email about nothing related to this and not hear back for a week. I need this fixed now. I didn’t break it, you did Microsoft — fix it and update your worthless documents too. Resolution is a joke…
Im so annoyed right now. We lost our “Teams Room Standard” licenses out of the blue from Techdata. So we got our 25 Teams Room Basic Licenses. Applied them to the rooms, and now they don’t work at all. GD Microsoft paywalling and rug pulling licenses all the time is becoming problematic. What’s next? Is Microsoft going to make me have a license to use USB devices? License me per monitor? Freaking unreal how my 8k rooms are dead stick because of this stupid BS. I’m not calling support to get some tier 1 idiot who is going to make me fill out a 10 question email about nothing related to this and not hear back for a week. I need this fixed now. I didn’t break it, you did Microsoft — fix it and update your worthless documents too. Resolution is a joke…https://learn.microsoft.com/en-us/microsoftteams/troubleshoot/teams-rooms-and-devices/teams-rooms-resource-account-sign-in-issues#resolution Read More
Copilot for Sales Outlook addin error
I have admin-deployed Copilot for Sales via M365 Intergrated App process. After about a week, we started getting dozens of users with an error message in the sidepane within Outlook. It simply states “We can’t start this add-in because it isn’t set up properly.”
I have tried to compare users who have the issue vs users who don’t have the issue, but they appear to be on the same versions of Outlook (16.0.17531.20152). The addin was deployed on May 9th and issues started coming in around May 20th and I can’t seem to find any rhyme or reason to some users error. What is also confusing is the addin technically “works”, it just constantly is generating that error every time they open a new email
I have admin-deployed Copilot for Sales via M365 Intergrated App process. After about a week, we started getting dozens of users with an error message in the sidepane within Outlook. It simply states “We can’t start this add-in because it isn’t set up properly.” I have tried to compare users who have the issue vs users who don’t have the issue, but they appear to be on the same versions of Outlook (16.0.17531.20152). The addin was deployed on May 9th and issues started coming in around May 20th and I can’t seem to find any rhyme or reason to some users error. What is also confusing is the addin technically “works”, it just constantly is generating that error every time they open a new email Read More
Introducing Personal Data Encryption for developers
Personal Data Encryption (PDE) along with BitLocker constitutes Windows data protection on Windows devices. BitLocker is a Windows security feature that provides encryption for entire volumes, addressing the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned devices. However, there are some cases in which BitLocker protection alone might not be sufficient. For example, Trusted Platform Module (TPM) bus sniffing, targeting devices that do not have BitLocker TPM + PIN options set, or trying to get encryption keys by sniffing the unsecured bus between the CPU and TPM can all put BitLocker protected personal data at risk. Direct Memory Access (DMA) based drive-by attacks target devices with unsecured DMA ports and work by bypassing the sign in and getting directly to the end user’s data. Applications and browsers that utilize AI to power recommendation engines capture sensitive user data and also need to be protected.
PDE provides an extra layer of security, in addition to that provided by BitLocker, for when the device is locked and powered on, protecting it from sophisticated physical attacks. PDE uses Windows Hello for Business to link data encryption keys with user credentials. When a user signs in to a device using Windows Hello for Business, decryption keys are released, and encrypted data is accessible to the user. It’s important to note that PDE and BitLocker are not dependent on each other. PDE can be used with or without any other full disk encryption solutions, although it is highly recommended to use both.
PDE API offers a comprehensive and extensible set of low-level APIs for the protection of end-user content. These APIs enable the encryption of end-user data, and the keys used for encryption are protected by the user’s Windows Hello credentials. It is important to note that PDE is exclusively available in Windows Enterprise and Education editions.
Content-generating applications can use the PDE API to protect content for two levels of security:
L1 (AfterFirstUnlock) level of protection: Data protected to this level is accessible only after the first device unlock, and it will continue to be available thereafter.
L2 (WhileUnlocked) level protection: Data protected to this level is only available when the device is unlocked and provides additional protection.
Now let’s look at how an application that generates content can use PDE API to protect files, folders, and buffers.
Use cases for PDE API
PDE API provides a feature set for app developers building Windows applications that generate or modify end-user content on Windows devices.
Industries such as defense, banking, healthcare, and insurance are just some examples of commercial environments that handle a lot of sensitive data and need additional protection to help ensure data security.
Note: PDE is also applied to all content within the known Windows folders such as Documents, Desktop and Pictures that have the L1 level of protection and are available as part of the OS, enabled as a Microsoft Intune policy. This new feature will be available in Windows 11, version 24H2, which is currently available in the Windows Insider Program via the Release Preview Channel.
Using the PDE API
Before getting started, PDE needs to be enabled on the device being used for development using the PDE API. PDE is enabled by policy from a Microsoft Device Management solution like Intune to a group of users in an organization by the IT admin. For more details, see our PDE documentation and our documentation on PDE with the Data Protection API.
Below, we outline a sample application that uses the different functions in the PDE API and the possible scenarios in which they can be used. As shown in the screenshot below, the application walks through protecting folders, files, and text (buffers) with two levels of security as well as unprotecting them. The complete code is available on GitHub.
View of the sample application used to show the PDE API
Packages or libraries to import to start using PDE API in applications
Since PDE API is a Windows Runtime API, integrating it into a project requires some initial steps, as outlined in this article about Windows Runtime APIs. When set up is complete, ensure that Microsoft.Windows.SDK.Contracts package (latest stable version) is installed through the Nuget Package Manager.
The library Microsoft.Windows.SDK.Contracts is installed using the Nuget Package Manager, and then you can import Windows.Security.DataProtection library into code.
Screenshot of references including Microsoft.Windows.SDK.Contracts
<code>
using Windows.Security.DataProtection;
</code>
Windows.Security.DataProtection namespace contains different classes that provide methods to protect/unprotect files and buffers, provide information about availability of the storage item, and provide the status of unprotecting a buffer and callback methods to block/unblock future events.
Global variables in code
Below is the set of global variables that are referenced in code:
UserDataProtectionManager dataProtectionManager;
String selectedFolder = String.Empty;
String selectedFile = String.Empty;
Protecting a folder or file using functions in Windows.Security.DataProtection
The DataProtection namespace provides the UserDataProtectionManager class. When instantiated, this class provides static methods to protect/unprotect folders, files, and buffers.
<code>
dataProtectionManager = UserDataProtectionManager.TryGetDefault();
</code>
The TryGetDefault() method called on the UserDataProtectionManager returns an instance of this class for the current user. The returned instance, if null, means that the PDE policy is not yet enabled on the device or PDE is not supported on the device.
ProtectStorageItemAsync (IStorageItem, UserDataAvailability) is the method used to protect files andfolders. The method takes two parameters: IStorageItem object, which is an encapsulation of a path, and UserDataAvailability object, which is an Enum representing the availability of the protected data. ProtectStorageItemAsync protects one storage item at a time. If the path represents a folder, the onus for recursively protecting all the files and subfolders is on the application. The folder needs to be protected before its contents are. This ensures that any item that is added to the folder later will automatically be protected to the same level as the parent. The code for it could look something like the code snippet below.
Note: It is a security best practice to always encrypt files and folders before data is written to them especially if at startup the OS detects that PDE is available. If PDE is available, the app should protect the folder where it caches its data and protect any file it creates before writing any data if the file isn’t in a folder that is already protected.
Folder or file protection
Please note the call to the ProtectAndLog to protect the folder before protecting all the files in the folder ensures any new additions are automatically protected. The difference between protecting a file or folder is the IStorageItem that gets created. Once an item is created, it is the same ProtectStorageItemSync method that is called for protecting both the file and folder.
<code>
async void ProtectAndLog(IStorageItem item, UserDataAvailability level)
{
try
{
var protectResult = await dataProtectionManager.ProtectStorageItemAsync(item, level);
if (protectResult == UserDataStorageItemProtectionStatus.Succeeded)
{
LogLine(“Protected ” + item.Name + ” to level ” + level);
}
else
{
LogLine(“Protection failed for ” + item.Name + ” to level ” + level + “, status: ” + protectResult);
}
}
catch (NullReferenceException)
{
LogLine(“PDE not enabled on the device, please enable before proceeding!!”);
}
}
async void ProtectFolderRecursively(StorageFolder folder, UserDataAvailability level)
{
// Protect the folder first so new files / folders after this point will
// get protected automatically.
ProtectAndLog(folder, level);
// Protect all sub-folders recursively.
var subFolders = await folder.GetFoldersAsync();
foreach (var subFolder in subFolders)
{
ProtectFolderRecursively(subFolder, level);
}
// Finally protect all existing files in the folder.
var files = await folder.GetFilesAsync();
foreach (var file in files)
{
ProtectAndLog(file, level);
}
}</code>
Folder or file protection status
UserDataStorageItemProtectionStatus is an enum that is populated with the result of the Protect call. This enum is used in the above example to log the appropriate result. The other values in this enum are:
DataUnavailable (2): Requested protection cannot be applied because the data are currently unavailable. For example, changing availability from “WhileUnlocked” to “AfterFirstUnlock” is not possible while the device is locked.
NotProtectable (1): The system does not support protection of the specified storage item.
View of folder protected to L2 and all files within it protected
View of folder before PDE protection is applied
View of folder after PDE protection is applied
Further exploring the properties of a protected file gives the end user a view of the availability level to which the file is PDE protected. It also provides information about the On/Off status of Personal Data Encryption.
View of the properties of a protected file showing PDE protection and protection level
Protecting buffers using functions in Windows.Security.DataProtection
Along with files, systems also store data in buffers as part of processing. If not protected, these buffers can lead to compromises in security. Buffers in scope are the ones that are persisted.
The ProtectBufferAsync method takes as input the buffer object (any object that implements iBuffer interface) and the level (Enum UserDataAvailability) to which the buffer would need to be protected.
Note: PDE doesn’t protect streams directly. The application will have to protect them in chunks.
The text in the sample below represents a string from any source:
<code>
async void ProtectBuffer(String text, UserDataAvailability level)
{
// Empty buffers cannot be protected, please ensure that text length is not zero.
if (text.Length == 0)
{
return;
}
try
{
var buffer = CryptographicBuffer.ConvertStringToBinary(text, BinaryStringEncoding.Utf8);
var protectedContent = await dataProtectionManager.ProtectBufferAsync(buffer, level);
String protectbase64EncodedContent = CryptographicBuffer.EncodeToBase64String(protectedContent);
bufferOutputTextBox.Text = protectbase64EncodedContent;
LogLine(“Protected buffer: ” + protectbase64EncodedContent);
}
catch (NullReferenceException nrex)
{
LogLine(“PDE not enabled on the device, please enable before proceeding!!”);
LogLine(nrex.ToString());
} }
</code>
Unprotecting files and buffers
The UserDataAvailability enum that sets the protection has three levels:
0: User data is unprotected
1: Data is protected until the first device sign in/unlock and will be unprotected after that
2: Data is protected until first device sign in and when the device screen is locked, and available at other times.
Based on these availability levels, a file can be unprotected by changing the UserDataAvailability value to 0. The unprotection method for buffers is explicit because the buffers are not available when protected, so there is a function in the API for unprotecting the buffer.
<code>
async void UnprotectBuffer(String g_protectbase64EncodedContent)
{
var protectedBuffer = CryptographicBuffer.DecodeFromBase64String(protectbase64EncodedContent);
try
{
var result = await dataProtectionManager.UnprotectBufferAsync(protectedBuffer);
if (result.Status == UserDataBufferUnprotectStatus.Succeeded)
{
String unprotectedText = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8, result.UnprotectedBuffer);
LogLine(“Result of Unprotecting the buffer:” + unprotectedText
);
bufferOutputTextBox.Text = “”;
bufferOutputTextBox.Text = unprotectedText;
LogLine(“Status of Unprotecting the buffer:” + result.Status);
}
else
{
LogLine(“This protected buffer is currently unavailable for unprotection”);
}
}
catch(NullReferenceException nrex)
{
LogLine(“PDE not enabled on the device, please enable before proceeding!!”);
LogLine(nrex.ToString());
}
catch(Exception ex)
{
LogLine(“Please verify first the input text provided for unprotecting!”);
LogLine(ex.ToString());
} }
</code>
Buffer unprotection statuses
UserDataBufferUnprotectStatus is the enum that carries the status of unprotection performed on the buffer. In the example above, this status is used to log the appropriate status. There are two members in this enum:
Succeeded(0): Unprotecting the provided buffer succeeded and the result buffer is available in UnprotectedBuffer member
Unavailable(1): Unprotecting the provided buffer is not possible as the protected data is currently unavailable.
View of buffer protection and protected to L2 availability.
View of unprotecting buffer and console.
Below is the code snippet on how to listen to the event. In this example, the event is listened to when the form is loaded.
<code>
private void Form2_load(object sender, EventArgs e)
{
dataProtectionManager = UserDataProtectionManager.TryGetDefault();
if (dataProtectionManager == null)
{
LogLine(“Personal Data Encryption is not supported or enabled. Restart this app to check again.”);
}
else
{
LogLine(“Personal Data Encryption is enabled.”);
dataProtectionManager.DataAvailabilityStateChanged += (s, M_udpm_DataAvailabilityStateChanged) => {
LogCurrentDataAvailability();
LogLine(“Listening to DataAvailabilityStateChanged event”);
};
} }
private void M_udpm_DataAvailabilityStateChanged(UserDataProtectionManager sender, UserDataAvailabilityStateChangedEventArgs args)
{
LogLine(“DataAvailabilityStateChanged event received”);
LogCurrentDataAvailability();
}
</code>
This class is earmarked for future updates of the API.
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A.
Microsoft Tech Community – Latest Blogs –Read More
SharePoint Online/M365 – backup and restore permissions
Is there a way to create a backup of the entire site permissions, including unique permissions at libraries/lists/items? If so, a way to restore them?
I’ve had users accidentally removing the groups permissions at the site level and re-granting these permissions (manually) at site level don’t really work on some contents with unique permissions, wondering if there’s any easy way to restore the permissions.
Is there a way to create a backup of the entire site permissions, including unique permissions at libraries/lists/items? If so, a way to restore them?I’ve had users accidentally removing the groups permissions at the site level and re-granting these permissions (manually) at site level don’t really work on some contents with unique permissions, wondering if there’s any easy way to restore the permissions. Read More
DPM
Hello – my company is new to the Microsoft Partnership and we were told we should have a DPM. How do we go about getting one assigned to us?
Thanks,
Jess
Hello – my company is new to the Microsoft Partnership and we were told we should have a DPM. How do we go about getting one assigned to us? Thanks,Jess Read More
Discover Steev Innovative Solutions for Modern Challenges
Explore Steev, your go-to source for cutting-edge solutions and innovative approaches to modern challenges. Learn about our services, expertise, and how we can help you achieve your goals with efficiency and creativity. Join the Steev community today and transform your vision into reality.
Explore Steev, your go-to source for cutting-edge solutions and innovative approaches to modern challenges. Learn about our services, expertise, and how we can help you achieve your goals with efficiency and creativity. Join the Steev community today and transform your vision into reality. Read More
External user can not share folder with existing Azure user
Good evening,
We have a situation in which we work with 2 companies on their join-venture entity on a separated tenant.
So we have a joint venture between company A and company B.
Both companies use B2B direct connect to access shared channels in company C (joint venture entity).
External users (from company A and company B) are unable to share folders from company C. They always see a message:
We couldn’t find an exact match.
They are not trying to share externally, we agreed to share files only with existing team members, so they are added at least to one channel in company C (this is done via PowerAutomate and Microsoft Forms – and works).
Internal users (company C) are able to share with internal users (company A and company B) if they are added to at least one channel -> the prompting also suggest external users, which are not members of a specific channel.
External users -> they can write full e-mail address (no prompting – expected behavior), but than they receive a message:
We couldn’t find an exact match.
External users can find only existing channel members of the channel they want to share (what is not sufficient). We have General channel member and want to share something from Slides channel (for example).
Maybe there is a way to enable it for external users? I already tried a few SharePoint Management Shell commands, but it did not work for us.
Thank you for any response.
Good evening,We have a situation in which we work with 2 companies on their join-venture entity on a separated tenant.So we have a joint venture between company A and company B.Both companies use B2B direct connect to access shared channels in company C (joint venture entity). External users (from company A and company B) are unable to share folders from company C. They always see a message:We couldn’t find an exact match. They are not trying to share externally, we agreed to share files only with existing team members, so they are added at least to one channel in company C (this is done via PowerAutomate and Microsoft Forms – and works). Internal users (company C) are able to share with internal users (company A and company B) if they are added to at least one channel -> the prompting also suggest external users, which are not members of a specific channel. External users -> they can write full e-mail address (no prompting – expected behavior), but than they receive a message:We couldn’t find an exact match.External users can find only existing channel members of the channel they want to share (what is not sufficient). We have General channel member and want to share something from Slides channel (for example). Maybe there is a way to enable it for external users? I already tried a few SharePoint Management Shell commands, but it did not work for us. Thank you for any response. Read More
PowerAutomate flow “for a selected item” for external user
Good evening,
I have B2B direct connect users in my SharePoint.
They can access the files and collaborate on them, but are unable to start Automate menu and run the flow.
User, even external, has Power Automate Free license assigned and is added as Run-only user to this flow (flow uses service account to perform all actions).
Is there any way to show the Automate menu for external users?
Thank you,
any answer will be much appreciated.
Good evening,I have B2B direct connect users in my SharePoint.They can access the files and collaborate on them, but are unable to start Automate menu and run the flow. User, even external, has Power Automate Free license assigned and is added as Run-only user to this flow (flow uses service account to perform all actions). Is there any way to show the Automate menu for external users? Thank you,any answer will be much appreciated. Read More
Public Preview: Creating Web App with a Unique Default Hostname
App Service now allows you to create web apps with unique default hostnames to avoid a high-severity threat of subdomain takeover.
This feature is currently in Public Preview and is only available for web apps on multi-tenants. App Service Environment (ASE) resources are not supported. Functions and Logic Apps (Standard) are currently out of scope, but we have plans on supporting them soon, so stay tuned.
This feature would require you to “opt-in” to create a site with a unique default hostname. This means that when you create a site through the portal, you will need to select the option to enable the feature; Azure Portal will be fully deployed by June 7th, 2024. When you create a site through ARM, you will need to provide your deployment templates with new parameters. You will not be able to update pre-existing web apps to create unique default hostnames; unique default hostnames can only be opt-in during web app resource creation.
This article will go over the following:
What are dangling DNS and subdomain takeover
How the unique default hostname feature works
How to create new web app with a unique default hostname
What are dangling DNS and subdomain takeover?
One of the most common scenarios for subdomain takeover is when a customer forgets to clear the DNS entries after deleting a pre-existing web causing dangling DNS. A bad actor could come in and create a web app with the same name and use the pre-existing DNS records to takeover domains because the web app will still have the same default hostname as the previously deleted one. You can learn more about dangling DNS and subdomain takeover here.
How does this feature work?
The unique default hostname will have a different format than the original global default hostname in two ways. The unique default hostname will include:
A random hash appended to the web app name with a dash “-”
A region name
Comparing the format between the global (original) default hostnames and the unique (new) default hostnames, here is how the general format would look like:
Global (Original)
Unique (New)
Default Hostname Format
<AppName>.azurewebsites.net
<AppName>-<RandomHash>.<Region>.azurewebsites.net
SCM Endpoint Format
<AppName>.scm.azurewebsites.net
<AppName>-<RandomHash>.<Region>.scm.azurewebsites.net
As an example, if you create a site called “test” in East US:
Site Name
test
Unique Default Hostname
test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net
SCM Endpoint
test-a6gqae9sh1hkhk8u.scm.eastus-01.azurewebsites.net
How does the hash in the unique default hostname work
The hash used for the unique default hostname would be a 16-character hash. This hash could be configured to a given “scope”, which ensures the degree of how unique you would like default hostname to be.
You can choose to generate the hash based on the following “scopes”:
Tenant Reuse
Subscription Reuse
Resource Group Reuse
No Reuse
So as an example, for my site called “test”, I could choose to generate a hash that could be shared across my subscription if I selected the “Subscription Reuse”. What this means is that anyone in my subscription who tries to create a web app called “test” in any region using the “Subscription Reuse” will end up with the same hash as I would. Anyone else outside of my subscription who tries to create a site name called “test” will not end up with the same hash as I would.
If your team tends to redeploy web apps in different environments for testing, it could be helpful to select a scope that is shared between environments. As an example, I have both Subscription AA (test subscription) and Subscription AB (production subscription) under Tenant A, and I tend to redeploy resources from Subscriptions AA to AB. What I should do is to deploy a site with the unique default hostname that uses the “Tenant Reuse” in Subscription AA because both subscriptions share the same tenant. Then when I need to delete and redeploy in Subscription AB, I should keep using Tenant Reuse. This ensures that the site I create will still have the exact same default hostname. More importantly, during the period that I try to delete and redeploy my resource, no one else outside of my tenant would be able to recreate another site with the exact same default hostname as my own site, which protects me from the threats of subdomain takeovers.
Hash and deployment slots
Your deployment slots will also follow the same format as your production site. However, each of your deployment slots will contain a different set of hashes from the production site and other deployment slots. Your slots will always be created with the same scope as the production site.
Comparing the format for slots between the global (original) default hostnames and the unique (new) default hostnames, here is how the general format would look like:
Global (Original)
Unique (New)
Default Hostname Format
<AppName>-<SlotName>.azurewebsites.net
<AppName>-<SlotName>-<RandomHash>.<Region>.azurewebsites.net
SCM Endpoint Format
<AppName>-<SlotName>.scm.azurewebsites.net
<AppName>-<SlotName>-<RandomHash>.<Region>.scm.azurewebsites.net
As an example, if you create a site called “test” and a slot called “slot” in East US:
Site Name
test (production site)
slot (deployment slot)
Unique Default Hostname
test-a6gqaeashthkhkeu.eastus-01.azurewebsites.net
test-slot-ekcda0qhg9em5yc9.eastus-01.azurewebsites.net
SCM Endpoint
test-a6gqae9sh1hkhk8u.scm.eastus-01.azurewebsites.net
test-slot-ekcda0qhg9em5yc9.scm.eastus-01.azurewebsites.net
You will notice that the hashes from the production site and the deployment slot are different, and this is the expected behavior. If you created site called “test” with “Tenant Reuse” and then created a slot called “slot”, anyone within your tenant who creates the same resources with those names will also get the same hashes that correspond to “test” and “slot”.
How does the region in the unique default hostname work
The region in the unique default hostname would be based on the region where the site is located. Since the unique default hostname is now regionalized, you will be able to create a site called “test” in different regions. The site name however still must be regionally unique, which means that there can only be one site called “test” in East US regardless if they have different hash values.
You will notice that the region name is appended by a number (ie. “-01”). You should expect that this number could change at any time in the future, and you should not have any hard dependencies or hard code the number appended to the region.
How to create a web app with a unique default hostname?
You can create a web app with a unique default hostname through Azure Portal, API, or ARM. CLI is currently not supported. This can only be done during resource creation, meaning that you will not be able to update your pre-existing web apps to have a unique default hostname. You will have to decide during resource creation to create a site with a unique (new) default hostname or a global (original) default hostname format – it’s one or the other.
Azure Portal
Any site created with a unique default hostname through Azure Portal will be created using the “Tenant Reuse” level (for more information, refer to section “How does the hash in the unique default hostname work”). Azure Portal will be fully deployed by June 7th, 2024.
If you would like to create a web app with a different scope for the hash, kindly use ARM or API.
To create a new web app with unique hostname on Azure Portal:
Go to the Web App Create page
Toggle option to enable “unique default hostname”
Fill out the required fields and click “Review + create”
ARM or API
If you are creating a web app using ARM or API, you can use this method to deploy your web app with a unique default hostname. You can also select the scope you would like to create your hash with.
In your API or ARM request, you need to add the following property to your site properties in the payload.
“AutoGeneratedDomainNameLabelScope”: “TenantReuse”
For the different scope level for your hash, you can choose from:
TenantReuse
SubscriptionReuse
ResourceGroupReuse
NoReuse
Sample API Call
PUT https://management.azure.com/subscriptions/<SUBSCRIPTIONID>/resourceGroups/<RGNAME>/providers/Microsoft.Web/sites/<SITENAME>?api-version=2022-03-01
{
“location”: “Central US”,
“kind”: “app”,
“properties”: {
“serverFarmId”: “<AppServicePlan”,
“AutoGeneratedDomainNameLabelScope”: “TenantReuse”,
…
…
}
}
Ending Note
We will continue to support pre-existing web apps that were created with the original global default hostnames. However, we highly encourage all customers to start creating web apps with the unique default hostnames to protect your organization from the threats of subdomain takeovers.
Microsoft Tech Community – Latest Blogs –Read More
How to fix windows update error: “Error ecountered, We couldn’t connect to the update service …”
I have tried all the “fixes” suggested here, here, and here, to no avail.
Specifically, I have attempted the following:
Disabling all third-party antivirus/antimalware software (in my case, MalwareBytes and CCleaner. I ran full scans with both products first before disabling them and rebooting, just to make sure a virus wasn’t causing my problems).I also disabled the Windows firewall and rebooted but that did not workRunning the Windows Update Troubleshooter did not work – I was even transferred to an agent who was unable to help me and suggested coming here to see if I could get it fixedI tried resetting windows update components and restarting but this did not work either.Changing my DNS settings to point to 8.8.8.8 and 8.8.4.4 for primary and secondary DNS servers, respectively.Deleting everything inside the C:WindowsSoftwareDistribution after stopping wuauserv, cryptSvc, bits, and msiserver (and starting them again after rebooting my PC).Running sfc /scannow (which indicated that there were no corrupted system files).Running the batch file Reset_Reregister_Windows_Update_Components_for_Windows11.bat, which I downloaded from here.While running the command line app as administrator, I also tried the following command DISM /Online /Cleanup-Image /RestoreHealth and it did not work.I also tried deleting the group policy and restarting and that did not workI checked the time and date settings and everything looks fine thereI run the network troubleshooter and everything seems fine there
I have tried everything I could find on Google to no avail. I attached the Windows update log to see if anyone can help me here. WindowsUpdate.log
In the Windows update log attached above, I noted the following error messages with corresponding codes:
2024/05/30 01:15:33.3272490 11192 11216 DataStore DS: JetAttachDatabase failed. Database file was not found.
…
…
…
2024/05/30 01:15:33.7967348 11192 11216 Agent *FAILED* [80070002] wuauengcore.dll, C:__w1ssrcClientlibutilfileutil.cpp @1030
2024/05/30 01:15:33.7967367 11192 11216 Agent *FAILED* [80070002] wuauengcore.dll, C:__w1ssrcClientlibutilfileutil.cpp @1068
…
…
…
2024/05/30 01:15:33.8226919 11192 9744 SLS Making request with URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++ and send SLS events, cV=LDEDIm+/GECTvKjD.1.0.0.2.
2024/05/30 01:15:34.7058700 11192 9744 Misc *FAILED* [80072F8F] WinHttp: SendRequestWithAuthRetry using proxy failed for <HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++>
2024/05/30 01:15:34.7058782 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibDownloadFileDownloadSession.cpp @853
2024/05/30 01:15:34.7059155 11192 9744 SLS Complete the request URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++ with [80072F8F] and http status code[0] and send SLS events.
2024/05/30 01:15:34.7059269 11192 9744 SLS *FAILED* [80072F8F] GetDownloadedOnWeakSSLCert
2024/05/30 01:15:34.7069919 11192 9744 SLS *FAILED* [80072F8F] Method failed [CSLSClient::GetResponse:660]
2024/05/30 01:15:34.7070022 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibEndpointProvidersEndpointProviders.cpp @1842
2024/05/30 01:15:34.7070062 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibEndpointProvidersEndpointProviders.cpp @1387
2024/05/30 01:15:34.7070107 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibEndpointProvidersEndpointProviders.cpp @1398
2024/05/30 01:15:34.7070131 11192 9744 Agent *FAILED* [80072F8F] Method failed [CAgentServiceManager::DetectAndToggleServiceState:3020]
2024/05/30 01:15:34.7070151 11192 9744 Agent *FAILED* [80072F8F] SLS sync failed during service registration (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160785 11192 9744 Agent Total possible federated services: 1 (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160829 11192 9744 Agent Candidate federated service 9482F4B4-E343-43B6-B170-9A65BC822C77 (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160888 11192 9744 Agent Federated service 9482F4B4-E343-43B6-B170-9A65BC822C77 is not added due to an associated SLS registration failure (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160901 11192 9744 Agent Total allowed federated services: 0 (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160941 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientEngineAgentRegisteredServiceUtil.cpp @3484
2024/05/30 01:15:34.7160985 11192 9744 Agent *FAILED* [80072F8F] Failed to execute service registration call {C7171C38-18A1-4626-9EA4-4A7328477514} (cV: LDEDIm+/GECTvKjD.1.0.1)
2024/05/30 01:15:34.7161306 11192 9744 Reporter OS Product Type = 0x00000030
2024/05/30 01:15:34.7284776 11192 9744 IdleTimer WU operation (SR.Device Driver Retrieval Client ID 1, operation # 3) stopped; does use network; is not at background priority (cV = LDEDIm+/GECTvKjD.1.0)
2024/05/30 01:15:34.7336610 1176 11100 ComApi * END * Federated Search failed to process service registration, hr=0x80072F8F (cV = LDEDIm+/GECTvKjD.1.0)
2024/05/30 01:15:34.7338401 1176 11180 ComApi XxxJobImpl: _EndXxx invoked (cV = LDEDIm+/GECTvKjD.1.0)
2024/05/30 01:15:34.7339160 1176 11180 ComApi *FAILED* [80072F8F] wuapicore.dll, C:__w1ssrcClientcomapiXxxJob.cpp @372
2024/05/30 01:15:34.7339181 1176 11180 ComApi *FAILED* [80072F8F] wuapicore.dll, C:__w1ssrcClientcomapiUpdateSearcher.cpp @343
2024/05/30 01:15:35.0160911 1176 11108 ComApi * START * SLS Discovery (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0170264 11192 11228 IdleTimer WU operation (CDiscoveryCall::Init.{124B2C8C-ABC9-4FF9-8309-D790A2C090F2} ID 2) started; operation # 8; does use network; is not at background priority (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0171267 1176 11108 ComApi *QUEUED* SLS Discovery (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0171284 1176 11108 ComApi XxxJobImpl: _EndXxx invoked (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0172085 11192 11328 Agent CDiscoveryCall::Execute – Invoking SLSClient (cv = LDEDIm+/GECTvKjD.2.1)
2024/05/30 01:15:35.0259499 11192 11328 SLS Get response for service 2B81F1BF-356C-4FA1-90F1-7581A62C6764 – forceExpire[False] asyncRefreshOnExpiry[True] (cV = LDEDIm+/GECTvKjD.2.2)
2024/05/30 01:15:35.0259552 11192 11328 SLS path used for cache lookup: /SLS/{2B81F1BF-356C-4FA1-90F1-7581A62C6764}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++
2024/05/30 01:15:35.0260299 11192 11328 SLS Retrieving SLS response from server…
2024/05/30 01:15:35.0263472 11192 11328 SLS MS-CV header: MS-CV: LDEDIm+/GECTvKjD.2.3
I also checked on error code 80070002 and realized I had to restart my router and run the network troubleshooter, but that did not solve the issue.
When I checked on error code 80072F8F I realized that I had to check if TLS 1.2 was enabled on my system but I am not sure how to go about it, including checking .NET frameworks and editing WinHTTP DefaultProtocol (DWORD) registry edits according to this link here. That’s where I got confused trying to figure things out since I am not sure how to go about it exactly and what to do or change.
I would appreciate any thoughts or help on this.
To solve this issue, I recently upgraded from Windows 11 Pro 23H2 to 24H2 x64 version 10.0.26100 build 26100, hardware abstraction layer 10.0.26100.1. Before the upgrade and even still after the upgrade, when I try to run Windows Update, I get the following error:I have tried all the “fixes” suggested here, here, and here, to no avail.Specifically, I have attempted the following:Disabling all third-party antivirus/antimalware software (in my case, MalwareBytes and CCleaner. I ran full scans with both products first before disabling them and rebooting, just to make sure a virus wasn’t causing my problems).I also disabled the Windows firewall and rebooted but that did not workRunning the Windows Update Troubleshooter did not work – I was even transferred to an agent who was unable to help me and suggested coming here to see if I could get it fixedI tried resetting windows update components and restarting but this did not work either.Changing my DNS settings to point to 8.8.8.8 and 8.8.4.4 for primary and secondary DNS servers, respectively.Deleting everything inside the C:WindowsSoftwareDistribution after stopping wuauserv, cryptSvc, bits, and msiserver (and starting them again after rebooting my PC).Running sfc /scannow (which indicated that there were no corrupted system files).Running the batch file Reset_Reregister_Windows_Update_Components_for_Windows11.bat, which I downloaded from here.While running the command line app as administrator, I also tried the following command DISM /Online /Cleanup-Image /RestoreHealth and it did not work.I also tried deleting the group policy and restarting and that did not workI checked the time and date settings and everything looks fine thereI run the network troubleshooter and everything seems fine thereI have tried everything I could find on Google to no avail. I attached the Windows update log to see if anyone can help me here. WindowsUpdate.logIn the Windows update log attached above, I noted the following error messages with corresponding codes: 2024/05/30 01:15:33.3272490 11192 11216 DataStore DS: JetAttachDatabase failed. Database file was not found.
…
…
…
2024/05/30 01:15:33.7967348 11192 11216 Agent *FAILED* [80070002] wuauengcore.dll, C:__w1ssrcClientlibutilfileutil.cpp @1030
2024/05/30 01:15:33.7967367 11192 11216 Agent *FAILED* [80070002] wuauengcore.dll, C:__w1ssrcClientlibutilfileutil.cpp @1068
…
…
…
2024/05/30 01:15:33.8226919 11192 9744 SLS Making request with URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++ and send SLS events, cV=LDEDIm+/GECTvKjD.1.0.0.2.
2024/05/30 01:15:34.7058700 11192 9744 Misc *FAILED* [80072F8F] WinHttp: SendRequestWithAuthRetry using proxy failed for <HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++>
2024/05/30 01:15:34.7058782 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibDownloadFileDownloadSession.cpp @853
2024/05/30 01:15:34.7059155 11192 9744 SLS Complete the request URL HTTPS://slscr.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++ with [80072F8F] and http status code[0] and send SLS events.
2024/05/30 01:15:34.7059269 11192 9744 SLS *FAILED* [80072F8F] GetDownloadedOnWeakSSLCert
2024/05/30 01:15:34.7069919 11192 9744 SLS *FAILED* [80072F8F] Method failed [CSLSClient::GetResponse:660]
2024/05/30 01:15:34.7070022 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibEndpointProvidersEndpointProviders.cpp @1842
2024/05/30 01:15:34.7070062 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibEndpointProvidersEndpointProviders.cpp @1387
2024/05/30 01:15:34.7070107 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientlibEndpointProvidersEndpointProviders.cpp @1398
2024/05/30 01:15:34.7070131 11192 9744 Agent *FAILED* [80072F8F] Method failed [CAgentServiceManager::DetectAndToggleServiceState:3020]
2024/05/30 01:15:34.7070151 11192 9744 Agent *FAILED* [80072F8F] SLS sync failed during service registration (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160785 11192 9744 Agent Total possible federated services: 1 (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160829 11192 9744 Agent Candidate federated service 9482F4B4-E343-43B6-B170-9A65BC822C77 (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160888 11192 9744 Agent Federated service 9482F4B4-E343-43B6-B170-9A65BC822C77 is not added due to an associated SLS registration failure (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160901 11192 9744 Agent Total allowed federated services: 0 (cV: LDEDIm+/GECTvKjD.1.0.0.)
2024/05/30 01:15:34.7160941 11192 9744 Agent *FAILED* [80072F8F] wuauengcore.dll, C:__w1ssrcClientEngineAgentRegisteredServiceUtil.cpp @3484
2024/05/30 01:15:34.7160985 11192 9744 Agent *FAILED* [80072F8F] Failed to execute service registration call {C7171C38-18A1-4626-9EA4-4A7328477514} (cV: LDEDIm+/GECTvKjD.1.0.1)
2024/05/30 01:15:34.7161306 11192 9744 Reporter OS Product Type = 0x00000030
2024/05/30 01:15:34.7284776 11192 9744 IdleTimer WU operation (SR.Device Driver Retrieval Client ID 1, operation # 3) stopped; does use network; is not at background priority (cV = LDEDIm+/GECTvKjD.1.0)
2024/05/30 01:15:34.7336610 1176 11100 ComApi * END * Federated Search failed to process service registration, hr=0x80072F8F (cV = LDEDIm+/GECTvKjD.1.0)
2024/05/30 01:15:34.7338401 1176 11180 ComApi XxxJobImpl: _EndXxx invoked (cV = LDEDIm+/GECTvKjD.1.0)
2024/05/30 01:15:34.7339160 1176 11180 ComApi *FAILED* [80072F8F] wuapicore.dll, C:__w1ssrcClientcomapiXxxJob.cpp @372
2024/05/30 01:15:34.7339181 1176 11180 ComApi *FAILED* [80072F8F] wuapicore.dll, C:__w1ssrcClientcomapiUpdateSearcher.cpp @343
2024/05/30 01:15:35.0160911 1176 11108 ComApi * START * SLS Discovery (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0170264 11192 11228 IdleTimer WU operation (CDiscoveryCall::Init.{124B2C8C-ABC9-4FF9-8309-D790A2C090F2} ID 2) started; operation # 8; does use network; is not at background priority (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0171267 1176 11108 ComApi *QUEUED* SLS Discovery (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0171284 1176 11108 ComApi XxxJobImpl: _EndXxx invoked (cV = LDEDIm+/GECTvKjD.2.0)
2024/05/30 01:15:35.0172085 11192 11328 Agent CDiscoveryCall::Execute – Invoking SLSClient (cv = LDEDIm+/GECTvKjD.2.1)
2024/05/30 01:15:35.0259499 11192 11328 SLS Get response for service 2B81F1BF-356C-4FA1-90F1-7581A62C6764 – forceExpire[False] asyncRefreshOnExpiry[True] (cV = LDEDIm+/GECTvKjD.2.2)
2024/05/30 01:15:35.0259552 11192 11328 SLS path used for cache lookup: /SLS/{2B81F1BF-356C-4FA1-90F1-7581A62C6764}/x64/10.0.26100.712/0?CH=115&L=en-US;de-DE&P=RingExternal;WUMUDCat&PT=0x30&WUA=1305.2404.25012.0&MK=Notebook++++++++++++++++++++++++&MD=N95TP6+++++++++++++++++++++++++
2024/05/30 01:15:35.0260299 11192 11328 SLS Retrieving SLS response from server…
2024/05/30 01:15:35.0263472 11192 11328 SLS MS-CV header: MS-CV: LDEDIm+/GECTvKjD.2.3 I also checked on error code 80070002 and realized I had to restart my router and run the network troubleshooter, but that did not solve the issue.When I checked on error code 80072F8F I realized that I had to check if TLS 1.2 was enabled on my system but I am not sure how to go about it, including checking .NET frameworks and editing WinHTTP DefaultProtocol (DWORD) registry edits according to this link here. That’s where I got confused trying to figure things out since I am not sure how to go about it exactly and what to do or change.I would appreciate any thoughts or help on this. Read More
Equation Question
The following is a formula that I have in my spreadsheet:
=-SUM(SUMIF(INDIRECT({“k2″,”k7″,”k11″,”k15″,”k19″,”k23″,”k27″,”k31″,”k35″,”k39″,”k43″,”k47″,”k51″,”k55″}),”>0″))
I would like to drag, or copy the formula to column L and have all references to column K change to column L. What is the easiest way to do this. I’m currently using Word and doing a search and replace for K and changing to L.
Thanks in advance…John
The following is a formula that I have in my spreadsheet:=-SUM(SUMIF(INDIRECT({“k2″,”k7″,”k11″,”k15″,”k19″,”k23″,”k27″,”k31″,”k35″,”k39″,”k43″,”k47″,”k51″,”k55″}),”>0″)) I would like to drag, or copy the formula to column L and have all references to column K change to column L. What is the easiest way to do this. I’m currently using Word and doing a search and replace for K and changing to L. Thanks in advance…John Read More
Copilot in Word – use web content and citations
I want to use Copilot in Word to write a summary about information from the web. I want Copilot to add references for the information it wrote, so I can cross-check if the generated information is correct and validate sources.
An example prompt in Copilot in Word for instance: “Write recent news events from last week, add citations”.
However, I noticed that Copilot in Word doesn’t seem to have recent web information, instead it writes old-dated content. Also, it adds a template for the URL but doesn’t fill in the URL. Instead, it writes a pattern such as: “[URL: [URL]]” but not the actual URL.
How can I ensure Copilot in Word uses web search content, as well as adds all reference URLs for the summarized information (similar to Bing Chat Enterprise)?
I want to use Copilot in Word to write a summary about information from the web. I want Copilot to add references for the information it wrote, so I can cross-check if the generated information is correct and validate sources. An example prompt in Copilot in Word for instance: “Write recent news events from last week, add citations”. However, I noticed that Copilot in Word doesn’t seem to have recent web information, instead it writes old-dated content. Also, it adds a template for the URL but doesn’t fill in the URL. Instead, it writes a pattern such as: “[URL: [URL]]” but not the actual URL. How can I ensure Copilot in Word uses web search content, as well as adds all reference URLs for the summarized information (similar to Bing Chat Enterprise)? Read More
Office365 sharing calendar between desktop and mobile
I’m a paying 365 subscriber, and recently had to get a whole new iPhone and telephone number. I was easily able to also get Outlook mobile receiving my personal emails, but my calendar is not shared between the desktop and mobile versions of Outlook.
I’ve done my due diligence searching, but every response I see references settings that don’t exist in my Outlook. I presume they were older posts, while I likely have the very latest version(s).
This must be pretty basic, but I am clearly missing something.
I’m a paying 365 subscriber, and recently had to get a whole new iPhone and telephone number. I was easily able to also get Outlook mobile receiving my personal emails, but my calendar is not shared between the desktop and mobile versions of Outlook.I’ve done my due diligence searching, but every response I see references settings that don’t exist in my Outlook. I presume they were older posts, while I likely have the very latest version(s). This must be pretty basic, but I am clearly missing something. Read More
Link from Drop Down List to first blank cell on a specific worksheet (same WB)
Hello! I’m have a workbook with many data entry tables, each in a separate worksheet in the workbook. I need to set up a directory with a list of each of the ‘Tabs’ that will function as a hyperlink which sends the user to the last open cell in the table of the specified worksheet.
I’ve tried one suggestion that I couldn’t get to work correctly. Namely, by creating a ‘dummy’ named range pointing to a cell on order to get the hyperlink established, and then using the following formula to return the correct worksheet. I’ve tried using the INDIRECT(ADDRESS(XMATCH formulas without any success. Any assistance would be helpful. Thank you!
Hello! I’m have a workbook with many data entry tables, each in a separate worksheet in the workbook. I need to set up a directory with a list of each of the ‘Tabs’ that will function as a hyperlink which sends the user to the last open cell in the table of the specified worksheet. I’ve tried one suggestion that I couldn’t get to work correctly. Namely, by creating a ‘dummy’ named range pointing to a cell on order to get the hyperlink established, and then using the following formula to return the correct worksheet. I’ve tried using the INDIRECT(ADDRESS(XMATCH formulas without any success. Any assistance would be helpful. Thank you! Read More
I would like to understand the ease of integration between Entra ID and Atom C2
We are using Atom C2 as our ticketing platform to submit various types of requests, including access request, and would like to keep using C2 while making our transition to Entra ID, I am trying to understand the ease of integration between C2 and Entra ID. How would I go about doing it, could someone point me in the right direction?
We are using Atom C2 as our ticketing platform to submit various types of requests, including access request, and would like to keep using C2 while making our transition to Entra ID, I am trying to understand the ease of integration between C2 and Entra ID. How would I go about doing it, could someone point me in the right direction? Read More
Data Base Integration with Sentinel
Hi All,
I am quite new to Sentinel platform but not new to SIEM.
How to integrate Data Base (any like Oracle, MsSql etc) audit or application logs which is in different table other than audit whether it is on-prem or Azure or other cloud, with Sentinel.
As I do not see official Data connectors for data bases as like in Splunk, ArcSight etc.
Hi All, I am quite new to Sentinel platform but not new to SIEM. How to integrate Data Base (any like Oracle, MsSql etc) audit or application logs which is in different table other than audit whether it is on-prem or Azure or other cloud, with Sentinel. As I do not see official Data connectors for data bases as like in Splunk, ArcSight etc. Read More