Category: Microsoft
Category Archives: Microsoft
Microsoft Dynamics 365 Field Service Functional Consultant blueprint opportunity
Microsoft is updating a certification for Microsoft Dynamics 365 Field Service Functional Consultant, and we need your input through our exam blueprinting survey.
The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by June 26th, 2024. Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification. If you have any questions, feel free to contact Rohan Mahadevan rmahadevan@microsoft.com or John Sowles at josowles@microsoft.com.
Microsoft Dynamics 365 Field Service Functional Consultant blueprint survey link:
https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_b1kxx1YqYgQDCZ0
Microsoft is updating a certification for Microsoft Dynamics 365 Field Service Functional Consultant, and we need your input through our exam blueprinting survey.
The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by June 26th, 2024. Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification. If you have any questions, feel free to contact Rohan Mahadevan rmahadevan@microsoft.com or John Sowles at josowles@microsoft.com.
Microsoft Dynamics 365 Field Service Functional Consultant blueprint survey link:
https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_b1kxx1YqYgQDCZ0
Read More
A Closer Look at Azure WAF’s Data Masking Capabilities for Azure Front Door
The Azure Web Application Firewall (WAF) on Azure Front Door offers centralized protection for your web applications against vulnerabilities and threats. The effectiveness of your Azure WAF in managing traffic can be assessed through WAF logs stored in specified locations such as a Log Analytics Workspace or Storage Accounts. These logs document requests that have been either matched or blocked by WAF rules. This data is crucial for monitoring, auditing, and resolving issues. By default, WAF logs are maintained in a plain text format for user convenience and analysis. However, these client requests might include sensitive personal data, like personally identifiable information (PII), which can include names, addresses, contact details, and financial information. Without proper sanitization, logs containing such PII could be exposed to unauthorized access. To address this, Azure Front Door WAF now offers sensitive data protection through log scrubbing. WAF log scrubbing employs a customizable rules engine to pinpoint and redact sensitive portions within the requests, replacing them with a series of asterisks (******) to prevent data exposure. This blog will explains the log scrubbing process and provides practical examples for a more comprehensive understanding.
Log Scrubbing
The Azure Front Door WAF’s sensitive data protection feature using log scrubbing is compatible with all WAF policy rule sets including Default Rule Set (DRS), Bot Manager Ruleset, and any Custom rules. It utilizes a range of match variables, such as client IP, headers, cookies, and request arguments, to identify data for scrubbing. Rule creation involves selecting a match variable, an operator, and defining a selector, which determines the specific key to be cleansed from the logs. Take a simple login process, which generally involves username and password fields; these are two distinct keys that can be targeted as selectors. Should a dubious login attempt activate the WAF, it records the username and password if they contain the suspect string or code injection. The log scrubber then anonymizes these details, obscuring the malicious content while preserving the attack’s characteristics and significantly reducing the risk of personal data exposure.
See below for the full list of Match Variables:
Match Variable
Operator
Selector
Request IP Address
Equals any
<None>
Request URI
Equals any
<None>
Request Header Names
Equals/Equals any
<Custom>
Request Cookie Names
Equals/Equals any
<Custom>
Request Body Post Arg Names
Equals/Equals any
<Custom>
Request Body Json Arg Names
Equals/Equals any
<Custom>
Query String Arg Names
Equals/Equals any
<Custom>
Request IP, Request URI & Request Header
In our initial scenario, we examine the log scrubbing engine’s capability to conceal the requester’s IP address, the request URI, and the User-Agent that activated the WAF rule. In this example, the User-Agent is a carrier for a SQL injection string within the User-Agent key’s value. The log scrubbing rules are configured so that the selector targets User-Agent within the Request Header Names, ensuring every User-Agent occurrence, including the embedded SQL injection string, is cleansed from the WAF logs. This scenario serves as an example on how to write log scrubbing rules to cleanse potentially sensitive values. It is best practice to specify only those values that contain potential personally identifiable information (PII) or other sensitive data, rather than generic request headers like User-Agent.
With the rules defined and the feature enabled, we’ll send a request using Postman that will trigger a block by the WAF and then check on the logs. Our screenshot below shows a 403 Forbidden status code returned from the Azure WAF policy.
Upon examining the logs, the fields labeled clientIP_s, requestUri_s, and matchVariableValue within details_matches_s are now populated with ***** as the full value. While the specific User-Agent involved in this incident is not visible in the logs, the presence of an attack can still be inferred through the analysis of the request headers. This method allows for the identification of unauthorized attempts to access the site, despite certain data being obscured.
AzureDiagnostics
| where ResourceProvider == “MICROSOFT.CDN” and Category == “FrontDoorWebApplicationFirewallLog”
| project TimeGenerated, Resource, policy_s, clientIP_s, clientPort_d, requestUri_s, details_matches_s, details_msg_s, action_s, trackingReference_s
Request Body JSON
The below example shows screenshots of Request Body JSON argument identified for scrubbing. This example shows how to scrub a JSON argument within the WAF logs and uses Postman to generate the request traffic. A log scrubbing rule uses ‘password’ as the identifier within Request Body JSON Argument Name. This ensures only the ‘password’ value in the JSON payload is scrubbed rather than every value transmitted to the website. In our scenario the JSON payload triggers SQL injection WAF rules because of the embedded command string, prompting the Azure WAF to record the event in the logs.
{
“email”: “admin@juice-sh.op”,
“password”: “’ or 1=1—”
}
The WAF logs indicate that the JSON value, along with the requester’s IP and the request URI, are effectively sanitized.
The below screenshots provide additional examples of how Azure WAF’s log scrubbing rules will remove sensitive data from WAF logs.
Request Cookie:
Request Body Post:
Query String:
Conclusion
The Azure Front Door WAF’s log scrubbing tool for sensitive data protection provides the same functionality as the current log scrubbing feature available for Application Gateway. This tool provides organizations with a robust solution for safeguarding sensitive data and personally identifiable information within their logs. Sensitive data protection is critical in reducing the likelihood of incurring legal or regulatory repercussions due to the inadvertent disclosure of private or confidential information. Implementing log scrubbing rules is a recommended best practice for all system administrators managing log data. For additional insights into Azure WAF, please refer to the accompanying resources.
Resources
Azure WAF Overview – Introduction to Azure Web Application Firewall | Microsoft Learn
What is Azure Web Application Firewall on Azure Front Door? – What is Azure Web Application Firewall on Azure Front Door? | Microsoft Learn
What is Azure Web Application Firewall Sensitive Data Protection (Preview)? – Azure Web Application Firewall on Azure Front Door Sensitive Data Protection (preview) | Microsoft Learn
How to mask sensitive data on Azure Web Application Firewall – How to mask sensitive data on Azure Web Application Firewall on Azure Front Door (preview) | Microsoft Learn
Microsoft Tech Community – Latest Blogs –Read More
App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dll
I have a fully patched Exchange 2019 server (15.2.1544.11) with Sentinel One running.
Windows update is handled by ConnectWise Automate and the update GUI is hidden from display.
Only port 443 is open to the world and 25 is allowed in from only a spam filtering service.
Today it hit on this file DeviceHarddiskVolume4WindowsMicrosoft.NETFramework64v4.0.30319Temporary ASP.NET Filesowac7aec3e5170e9609App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dll
Threat Info:
Name: App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dll
URL: Omitted
Path: DeviceHarddiskVolume4WindowsMicrosoft.NETFramework64v4.0.30319Temporary ASP.NET Filesowac7aec3e5170e9609App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dll
Process User: NT AUTHORITYSYSTEM
Signature Verification: NotSigned
Originating Process: w3wp.exe
SHA1: 16c3001d66bd5b4e01fa2b3a5fe8fea3e31ed94b
Initiated By: Agent Policy
Engine: On-Write Static AI – Suspicious
Detection type: Static
Classification: PUA
File Size: 60.50 KB
Storyline: 34B3AAE90059A029
Threat Id: 1971715204265351815
Endpoint Info:
Computer Name: EX19
Console Connectivity: Online
Full Disk Scan: Completed at Jan 23, 2023 18:03:01
Pending reboot: No
Network Status: Connected
Scope: Omitted
OS Version: Windows Server 2019 Standard 17763
Agent Version: 22.2.4.558
Policy: protect
UUID: 88685af938e5446684e063a45e55cee5
Domain: Omitted
IP v4 Address: 192.168.14.150
Console Visible IP Address: Omitted
Subscription Time: Jan 23, 2023 17:42:06
I can’t see how it got in but, out of an abundance of caution, I created two new CAS rules to block external ECP and Powershell access.
The exchange powershell log shows no activity.
Is this a valid file?
TIA
-=Chris
I have a fully patched Exchange 2019 server (15.2.1544.11) with Sentinel One running.Windows update is handled by ConnectWise Automate and the update GUI is hidden from display.Only port 443 is open to the world and 25 is allowed in from only a spam filtering service. Today it hit on this file DeviceHarddiskVolume4WindowsMicrosoft.NETFramework64v4.0.30319Temporary ASP.NET Filesowac7aec3e5170e9609App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dll Threat Info:Name: App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dllURL: OmittedPath: DeviceHarddiskVolume4WindowsMicrosoft.NETFramework64v4.0.30319Temporary ASP.NET Filesowac7aec3e5170e9609App_Web_outlooken.aspx.f5dba9b9.moomk9bg.dllProcess User: NT AUTHORITYSYSTEMSignature Verification: NotSignedOriginating Process: w3wp.exeSHA1: 16c3001d66bd5b4e01fa2b3a5fe8fea3e31ed94bInitiated By: Agent PolicyEngine: On-Write Static AI – SuspiciousDetection type: StaticClassification: PUAFile Size: 60.50 KBStoryline: 34B3AAE90059A029Threat Id: 1971715204265351815Endpoint Info:Computer Name: EX19Console Connectivity: OnlineFull Disk Scan: Completed at Jan 23, 2023 18:03:01Pending reboot: NoNetwork Status: ConnectedScope: OmittedOS Version: Windows Server 2019 Standard 17763Agent Version: 22.2.4.558Policy: protectUUID: 88685af938e5446684e063a45e55cee5Domain: OmittedIP v4 Address: 192.168.14.150Console Visible IP Address: OmittedSubscription Time: Jan 23, 2023 17:42:06 I can’t see how it got in but, out of an abundance of caution, I created two new CAS rules to block external ECP and Powershell access.The exchange powershell log shows no activity.Is this a valid file? TIA-=Chris Read More
Intune for Ubuntu Noble Numbat 24.04 release date
Does anyone have a release date for Intune for Ubunutu 24.04?
Does anyone have a release date for Intune for Ubunutu 24.04? Read More
OneDrive related license assigned and will it create automatically OneDrive site for user?
Hi All,
As far as I know, there are two options to create OneDrive:
1. User go to portal.office.com/onedrive to set it up
2. Pre-provision OneDrive for users using PowerShell: Request-SPOPersonalSite
But is there another option, if appropriate license assigned to User, then will it create automatically OneDrive site for that user?
Please suggest.
Hi All,As far as I know, there are two options to create OneDrive:1. User go to portal.office.com/onedrive to set it up2. Pre-provision OneDrive for users using PowerShell: Request-SPOPersonalSite But is there another option, if appropriate license assigned to User, then will it create automatically OneDrive site for that user? Please suggest. Read More
SharePoint List date formating help
Hello All,
After failing in my google searches I figured I will ask for help. In the list I have the two collams I want to use to format a thrid. 1. called Current Suspense Date ([$Current_x0020_Suspense_x0020_Dat] in JASON ) which is a date only collum & [$Complete] which is a Yes/No collum.
I need to figure out how to do the folowing in order and stop once an :
If [$Complete] == Yes && [$Current_x0020_Suspense_x0020_Dat] is more than 7 days from today, format green fill.If else [$Current_x0020_Suspense_x0020_Dat] 7 or less days in the future fill yellowIf else [$Current_x0020_Suspense_x0020_Dat] is today or in the past fill Red
Hello All, After failing in my google searches I figured I will ask for help. In the list I have the two collams I want to use to format a thrid. 1. called Current Suspense Date ([$Current_x0020_Suspense_x0020_Dat] in JASON ) which is a date only collum & [$Complete] which is a Yes/No collum. I need to figure out how to do the folowing in order and stop once an :If [$Complete] == Yes && [$Current_x0020_Suspense_x0020_Dat] is more than 7 days from today, format green fill.If else [$Current_x0020_Suspense_x0020_Dat] 7 or less days in the future fill yellowIf else [$Current_x0020_Suspense_x0020_Dat] is today or in the past fill Red Read More
Detect suspicious processes running on hidden desktops
With ransomware campaigns continuing to grow, they remain top of mind for security leaders. Across these sophisticated cyberattacks, the use of remote desktop protocol (RDP) compromise has reached record levels, making it even more critical to provide analysts with full visibility into potentially malicious RDP session use.
That’s why today we are excited to announce a new way to identify potentially compromised devices in your organization via the new ‘DesktopName’ field in Defender for Endpoint, which enables analysts to easily detect, investigate, and hunt for suspicious interactive process executed on so called ‘hidden desktops’.
The importance to RDP
A remote desktop session over RDP (Remote Desktop Protocol) provides users with access to connect remotely to endpoints and is often leveraged as the entry point for attackers to access a target machine. RDP however, introduces some undesirable disadvantages for the attacker.
For example, Windows by default only allows for a single remote RDP session which can cause detectable friction as both the legitimate user and the attacker begin vying for interactivity on the same device. To mitigate this, attackers may opt for other Remote Monitoring and Management (RMM) approaches as described in the examples below.
Approach A: Windows Stations and ‘hidden desktops’
The first approach involves attackers leveraging the creation of additional ‘hidden desktop’ objects to effectively obtain interactive control, separate from the interfaces displayed on—for example the current active desktop that the user is physically working with. With this method, a legitimate user will continue to interact with their machine, unaware of the attacker’s presence in the background.
For this exploit, attackers focus on a Windows user session that can be assigned with multiple Windows Station objects. Amongst the Windows Station objects, only one can be interactive per session and as such, most services that use other Window Stations are not interactive. Each Windows Station object can contain multiple desktop objects, which when contained within the interactive Window Station object, can display a GUI (Graphical User Interface). It is this interactive GUI where the hidden desktop exploit takes place.
There are other tangential advantages for the attacker using this technique, for example, the clipboard in the Window Station context that is shared by all Desktops contained within that Window Station.
Approach B: The hVNC technique
Hidden virtual network computing or hVNC is a variant of standard VNC (virtual network computing) but uses a feature in Windows which allows for multiple interactive desktops to exist simultaneously in a single user session. The hVNC technique enables attackers to remotely control events on the targeted device by opening a hidden instance as a virtual desktop—in parallel to the user’s existing session—before wiping any trace of activity by creating a new Windows desktop in place.
The hVNC technique is commoditized and has been observed in Advanced Persistent Threat campaigns and commodity malware alike—for instance, Cobalt Strike Beacon Object Files leveraging this technique are also readily available.
While there are many legitimate use cases for hidden desktops that can aid productivity, the two use cases above outline how attackers can potentially abuse them as well. That’s why the ability to detect the use of hidden desktops in fully understand a threat campaign can be critical to trace an adversary’s steps and ensure they are fully removed from the system.
Advanced Detection with Defender for Endpoint
Figures 1 and 2 showcase these new detection capabilities in Defender for Endpoint, where an adversary is running an interactive powsershell.exe instance on a hidden desktop.
Defender for Endpoint has detected the anomalous nature of this execution and raised an alert.
Alert Page Process Tree
Device Timeline
The context is also available in Advanced Hunting for custom detection and investigation purposes.
An Advanced Hunting query can be used to display all instances of a specific process that is run on a Desktop that could be irregular. We see in the example below, the discovery of an instance of msedge executing suspiciously:
DeviceProcessEvents
| where Timestamp > ago(1d)
| where FileName == “msedge.exe”
| extend DesktopName = tolower(todynamic(AdditionalFields).DesktopName)
| where isnotempty(DesktopName)
| where DesktopName != “winsta0\default” // Ignore instances on primary interactive desktop
and DesktopName !has “sbox” // Filter out sandbox processes
| project Timestamp, FileName, DesktopName, ProcessCommandLine
| order by Timestamp desc
Advanced Hunting Query
Comprehensive endpoint security
The ability to identify malicious use of hidden desktops in Defender for Endpoint gives admins more granular visibility and control over the detection, investigation, and hunting in unique edge cases, and helps them stay one step ahead of the evolving threat landscape.
For more information:
Learn more about Advanced Hunting in Microsoft Defender XDR: Overview – Advanced hunting | Microsoft Learn
Learn more about Defender for Endpoint: Microsoft Defender for Endpoint | Microsoft Security
Not a Defender for Endpoint customer? Start a free trial today.
Learn more about the hVNC technique:
Anatomy of an hVNC Attack (securityintelligence.com)
Elastic Security Labs discovers the LOBSHOT malware — Elastic Security Labs
Who_Hid_My_Desktop_Or_Safran_Pavel_Asinovsky.pdf (deepsec.net).
Microsoft Tech Community – Latest Blogs –Read More
Easily deploy and manage hundreds of Teams Rooms on Windows with Autopilot and Autologin
Deployment of Teams Rooms on Windows is getting a serious upgrade. As announced at InfoComm this week, Autopilot and Autologin for Teams Rooms on Windows is now generally available. It enables you to deploy at scale and configure Teams Rooms with minimal onsite interaction, which can help save you time and resources.
To enable Windows Autopilot and Autologin for your Teams Rooms, refer to the documentation or watch this video.
Configuration: What to expect
We’re hearing positive feedback from our customers. Here is what a few of them have to say:
“So smooth and it only took 10min. Way better deployment experience.”
“We want to register all our existing devices to redeploy and make them manageable with the help of Intune.”
Configuring requires many steps, but most steps are done only once or very rarely. A simple way to think of the steps are:
Configure prerequisites for Autopilot
Register Autopilot capable MTRs ideally through a partner, or by yourself in Intune
Assign relevant management configurations to the devices
Sync the Autopilot devices to the Teams Rooms Pro Management Portal and assign respective resource accounts to the devices.
Why would I use Autopilot and Autologin?
Whether you’re deploying dozens of new Teams Rooms on Windows or redeploying existing rooms, you can realize the many benefits of Autopilot and Autologin.
Pre-registration
Pre-registration of devices to your tenant enables management of the device before it powers on. Group the device, assign an Autopilot profile, assign device management policies, and associate the device to a resource account for Autologin. Imagine, you could have the devices registered to your tenant and configured in the cloud before they even show up to the site!
Check registration of your devices in the Intune admin center
View your Autopilot-registered rooms from the Teams Rooms Pro Management portal
Rapid, touchless provisioning during site installation
Once the devices are on-site and ready for installation, the installer can simply unbox the device, plug in power and ethernet, turn it on, and walk away. The device will provision Windows, automatically, EntraID join, enroll in Endpoint management, update Windows and the Teams Rooms application, and finally Autologin to the associated resource account. From power-up to meeting-ready, touchless and in minutes.
Remote redeployment or recovery
By leveraging both the Intune and the Teams Rooms Pro Management portal, admins can redeploy or recover Teams Rooms on Windows with a few clicks (hopefully from a tropical beach)!
Firstly, in the Teams Rooms Pro Management portal, assign credentials to the target Autopilot device. This is also true for recovery of the device, where the intention is to Autologin to the previous account. Once credentials are successfully assigned, head over to Intune to perform a device reset with the “Wipe” action (make sure to use the right one!).
The Wipe function in Intune, which performs a device reset. Leave the options unchecked.
Logistics
A crucial part of what makes Autopilot and Autologin possible is the device registration process. Partners can register devices for customers if they have:
Access to the Devices page for customers in Microsoft Partner Center, and
Established a relationship must with the customer tenant.
If you currently order devices through a partner, ask if they meet those prerequisites.
The Devices page for customers as seen by a partner in Microsoft Partner Center
Go try it!
We are excited to offer this new feature, and hope it saves you time and effort. We appreciate your input, so share your thoughts and questions on this blog post!
Microsoft Tech Community – Latest Blogs –Read More
EVENT RECAP | TechCon365 & PWRCON – Seattle, WA 2024
800 tech enthusiasts descended upon Seattle, WA between June 3-7, 2024, to attend the combined TechCon365 & PWRCON events. We, too, were pleased to join in this community gathering – to participate and gain input from everyone. It was a packed week filled with feedback, stories, and fun. Below is a recap of various aspects of the event – across keynotes, breakout sessions, D&I lunch, AMA/SharePint, and the bustling Expo Hall.
Collage: Several photos taken throughout the week in Seattle, WA – from breakout sessions, the D&I lunch, and some of the activity in the Expo Hall.
Beyond reading below, review updates and photos from the TechCon365 event team; we sprinkled our own throughout this article.
TechCon365 & PWRCON – Seattle in a nutshell:
800+ attendees
100+ speakers overall – 45 from Microsoft
130 sessions | 25 tutorials (workshops) [review all in our pre-show event guide]
20+ sponsors | One big Expo Hall
Keynotes & general sessions
The event kicked off with a TechCon365 keynote, “Thriving in the Era of AI” with Adam Harmetz (VP), Russell Dicker (CVP), Karuana Gatimu (Principal PM Manager), Melissa Torres (Principal PM Manager), Miceile Barrett (Principal PM), and Michael Holste (Senior PMM). The team brought unique insights about Copilot and AI innovation, advances in employee experiences, content services that help automate the flow of work, and perspectives across roles: Business, IT Pros, and Developers. The keynote packed in product updates and demos across Copilot, Teams, Viva, SharePoint, OneDrive, and more. Our goal was to provide a solid understanding of our strategy and vision, with clarity on where Microsoft is taking content, communication, and collaboration into the future.
Collage: Several images from the opening TechCon365 keynote delivered in Seattle, WA | June 5, 2024.
On day two, Nirav Shah (CVP) presented the PWRCON keynote: “Empowering transformation: Power Platform and Dataverse in the age of AI.” Nirav showcased powerful business applications across Power Platform that help our customers leap ahead when using AI, taking advantage of Copilot in the various Power Platform apps and services. Our goal is to highlight how you can take existing enterprise data and business processes to unlock the benefits of Microsoft Copilot. The changing AI workspace is real, and it is humbling to hear and showcase how real Power Platform customers use the latest technologies.
Collage: Several images from the day-2 PWRCON keynote delivered by Nirav Shah in Seattle, WA | June 6, 2024.
General sessions
As the week progressed, each event held high-value general sessions to frame a deeper discussion around the core areas of each product area, Microsoft 365 and Power Platform. With M365 sessions like, “Getting ready for Copilot for Microsoft 365” – with Karuana Gatimu, Ben Summers, and Cynthia Johnson, “SharePoint Premium – Intelligent content for everyone” with Sesha Mani and Wayne Ewington, and “What’s new and next for Microsoft Viva” with Michael Holste and Kristi Kelly. Plus, Power Platform sessions like “Power Automate and automation in the Age of AI: strategy & roadmap” with Ashvini Sharma, “Power Platform Architecture” with Ilya Grebnov, “What’s new in Dataverse & AI Builder: How to easily build generative AI business applications” with Yogi Naik, and “Building the apps of the future today with Power Platform and Copilot” with Leon Welicki.
Breakout sessions & AMA
Breakouts are where learning breaks out. We know it’s crucial to ensure your organization is technically ready for the full potential of Copilot for Microsoft 365. Throughout the 130 sessions, attendees were presented with technical readiness and the latest guidance. All presenter experts shared best practices on how to leverage AI and to maximize the benefits of Copilot within your organization – along with a ton of core learning across all the major Microsoft apps and services. The goal was to discover both ‘how-to’ and increase awareness of the ‘what-if’ – focusing on the impact of cloud adoption and gravitating towards Responsible AI.
Collage: Several photos throughout the event from the breakout sessions.
The Ask Microsoft Anything (AMA) was a rapid fire of questions from the audience – with our panel of experts taking the hot seat to address questions on improvements to SharePoint Events web part, Copilot & SharePoint Premium licensing, Search + collapsible section headers, adoption guidance/materials, and more. It proved a wonderful balance of time, with answers flowing and feedback taken. Plus, there was much SWAG to be given to each person who asked a question.
TechCon365-Seattle AMA panelists (left-to-right): Ashvini Sharma, Naomi Moneypenny, Adam Harmetz, Heather Cook, Karuana Gatimu, Sesha Mani, Alex Powers, and Shannon Lindsay.
Expo Hall + D&I + workshops
The *Expo Hall* was hopping with discussions, interviews, smaller-stage talks, SWAG, prizes, and community. Busy vendor booths meant lots of demos, solutions given, and a better understanding of what customers need above and beyond the core apps and platforms.
Attendee interaction within the Expo Hall at TechCon365 – Seattle, WA.
Diversity & Inclusion Lunch – Women and Allies – Karuana Gatimu and Heather Cook shared stories and took questions from the crowd. This was an engaging and informal lunchtime gathering where everyone worked together on topics that matter to help shape careers and address common challenges and how to address them and overcome them. It was amazing to have a dedicated, purposeful space for sharing ideas, perspectives, and experiences + lunch.
The “Discussion Bytes: Diversity & Inclusion Lunch – Women and Allies” gathering with co-hosts and attendees.
Workshops
Workshop days were attended by about 1/3 of the attendees across 25 workshops. At TechCon365, attendees chose from a diverse set of topics. These include Copilot and AI, SharePoint from introductory to advanced levels, Power BI for professionals, Power Apps and Power Automate for M365/SharePoint, Microsoft 365 essentials, and more. Each catered to different skill levels, from beginners to intermediate users, to enhance productivity, master digital tools, and develop technical skills.
Collage: Several photos throughout the workshop days – covering topics like getting ready for Copilot, the SharePoint-powered intranet, Power BI, and Microsoft 365 extensibility.
In the end…
We were so pleased to see this Seattle event sell out! And to see and hear the sold-out crowd mingle and share. We are grateful for this year’s active and engaging #TechCon365 & #PWRCON in Seattle — so much goodness, caring, learning, and having fun! Great questions, stories, and a deeper understanding of your concerns. Thank you. Thank you. Thank you!
TechCon365 & PWRCON – Seattle 2024 “SOLD OUT!”
We look forward to seeing you at the next TechCon365 in DC and/or Dallas.
Cheers, Mark “in his hometown” Kashman & Heather “up from LA” Cook
And if you made it this far, a last collage from Mark Kashman summarizing his overall experience – to share his excitement for engaging with the best community in tech – meeting new people (and taking selfies), being an “expert” and presenting the Lists breakout session with Miceile Barrett, to moderating the AMA (note the SWAG giveaways in the lower-left), and getting to again work with the great TechCon365 event team:
Collage: Several photos throughout the week of activities Mark Kashman participated in: Being an “expert” at the Ask the Experts booth, delivering the “Mastering Microsoft Lists” session with Miceile Barrett, meeting with partner – Titan Workspace – in the Expo Hall, and whooping it up in general – with a special shoutout to the TechCon365 event team – such good work granting us all a wonderful space and time.
Microsoft Tech Community – Latest Blogs –Read More
What’s new in Windows Autopatch: June 2024
Get ready for the latest and greatest additions to Windows Autopatch, including the public preview of alerts for policy conflicts! Read on for an inside scoop on how Windows feature update and reliability reports can help you stay on top of update compliance targets for your devices.
Alerts for Windows Autopatch policy conflicts (preview)
The newest enhancement to update reports allows you to see which, if any, devices are flagged with conflicting policies. In this preview, IT admins have on-demand access to:
A detailed view of affected devices
A list view of all Windows Autopatch policies that conflict with other device policies in the tenant
A summary view of conflicting policies, affected devices, and open alerts
Alerts that include details of conflicting policies along with their settings and the Microsoft Entra ID groups to which they are assigned
Policies are continuously monitored by Windows Autopatch. When a policy in your tenant is found to be missing, or a modification to a policy affects services, Windows Autopatch will raise alerts. Detailed recommendations about actions that can be taken to help ensure the healthy operation of the service are provided along with the alerts. Alerts will remain in view until they are (manually) resolved.
If devices are flagged, the issues can be actioned within a new blade titled ‘Policy health,’ which is located within the Windows Autopatch blade of Microsoft Intune. Windows Autopatch uses Microsoft Intune policies to set configurations and deliver services. IT admins must respond to service-generated alerts to ensure Autopatch services can be delivered, and service-managed devices remain eligible for the service.
Screenshot of the preview of the new policy health experience in the Intune admin center.
Screenshot of the preview of policy health conflict reporting and alert details in the Intune admin center, which include recommended actions for alerts.
If you have questions or concerns, or need assistance with your policy conflicts, please file a service request by visiting the Microsoft Intune admin center.
Post-update reliability report (public preview)
Managing Windows updates just got easier with another, recently released Windows Autopatch feature: the reliability report. This report provides details to help you improve the reliability of your devices after each update cycle. By tracking update performance over time, the report helps you easily compare the reliability of your devices with earlier cycles so you can see how well updates are performing on your devices and find any patterns or anomalies.
The report also includes a composite device health score that reflects the overall health and performance of your devices based on factors such as crashes, errors, slowdowns, battery life, disk space, and more. Easily troubleshoot any issues with measures of stop code errors on managed devices for each update cycle and device-specific scores on modules associated with the stop codes.
Device update score: Reflects how well your devices are updating, based on factors including update status, compliance, duration, and failures.
Device reliability score: Reflects how reliable your devices are after each update cycle, based on the number and severity of stop code errors.
Device reliability breakdown: A table shows date, time, module, driver, and more for each stop code error.
You can also compare scores at the service level against other Windows Autopatch customers.
To view the reliability report, go to the Microsoft Intune admin center and navigate to Reports > Windows Autopatch > Windows quality updates. Select the Reports tab, then Reliability report.
Screenshot of a sample post-update reliability report for a Windows quality update that includes an overall score, the number of devices affected, and a list of common issues by module name.
Screenshot of a sample line graph from the reliability report showing trends over time.
To learn more about post-update reliability reporting in Windows Autopatch, see our Reliability report (public preview) documentation.
Conclusion
The ideas behind these new features originated from conversations, input, and requests from you, our customers. We are excited to announce these enhancements and hope the new capabilities in Windows Autopatch will help you keep your devices secure and up to date with less hassle and more control. We understand the challenges you face as an IT professional in a large enterprise, and we’re committed to making your experience a positive one with more efficient solutions for update management.
If you want to find out more about Windows Autopatch, please visit the Windows Autopatch website, read our documentation, or watch our guided demos. If you want to try Windows Autopatch for yourself, you can sign up for a free trial or contact us for a demo.
We welcome your feedback and suggestions on how we can continue to make Windows Autopatch even better for you. Please share your thoughts and ideas below or via the Windows Autopatch community. Thank you for choosing Windows Autopatch. Stay tuned for more updates and announcements!
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.
Microsoft Tech Community – Latest Blogs –Read More
Inserting Rows Outside of Sum Range Changes the Rows Summed
Hi All,
I am having an issue where I need to add rows to an existing sheet above a few rows with sum calculations. The added rows are not within the sum range. When I do this, some of the sum formulas don’t adjust the sum range for the added rows. The error only presents itself in some of the columns (i.e. the sum formula in column C updates but the sum formula in columns D through R with the exact same row range and sum function as column C don’t update). I rebuilt the entire file trying to get rid of this issue, but it has persisted in the new XLS. What am I doing wrong? Is this a settings thing? Please help!!
Hi All, I am having an issue where I need to add rows to an existing sheet above a few rows with sum calculations. The added rows are not within the sum range. When I do this, some of the sum formulas don’t adjust the sum range for the added rows. The error only presents itself in some of the columns (i.e. the sum formula in column C updates but the sum formula in columns D through R with the exact same row range and sum function as column C don’t update). I rebuilt the entire file trying to get rid of this issue, but it has persisted in the new XLS. What am I doing wrong? Is this a settings thing? Please help!! Read More
I need help with a Powershell Script I need to delete any Registry keys, values or Dwords
We updated our print server. I need to remove any Values, Friendly names, or DWORDs that reference the old print server. The old printers were pushed out via GPO by username, and we have computers with up to 50 copies of the same printer, I already tried editing the deployment scripts that did not remove them. I found a few scripts, but none of them seem to remove all of the entries
Here is one of the scrips I am trying to edit
$PrinterReg = Get-ChildItem -Path Registry::HKLMSYSTEMCurrentControlSetEnumSWDPRINTENUM*
$PrinterName = “\Starbase16*”
Foreach ($DeletePrinter in $PrinterReg){
$FriendlyName = $DeletePrinter.GetValue(“Friendlyname”)
if($FriendlyName -eq $PrinterName){
Remove-Item -path $DeletePrinter.PSPath -Recurse
Write-Host “Removing $friendlyname from $($DeletePrinter.PSPath)”
}}
Here are all the Keys that contain Starbase16
ComputerHKEY_CURRENT_USERPrintersConvertUserDevModesCount
ComputerHKEY_CURRENT_USERPrintersSettings
ComputerHKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServersStarbase16
ComputerHKEY_CURRENT_USERSoftwareXeroxPrinterDriverV5.0“Starbase16`2E-Main-Mailroom
ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintPrinterMigrationExCSR|Starbase16
ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintPrintersStarbase16
ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print ProviderS-1-5-21-117609710-602162358-725345543-28548PrintersConnections
ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print ProviderServersStarbase16MonitorsClient Side Port
ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print ProviderServersStarbase16Printers
We updated our print server. I need to remove any Values, Friendly names, or DWORDs that reference the old print server. The old printers were pushed out via GPO by username, and we have computers with up to 50 copies of the same printer, I already tried editing the deployment scripts that did not remove them. I found a few scripts, but none of them seem to remove all of the entriesHere is one of the scrips I am trying to edit$PrinterReg = Get-ChildItem -Path Registry::HKLMSYSTEMCurrentControlSetEnumSWDPRINTENUM*$PrinterName = “\Starbase16*”Foreach ($DeletePrinter in $PrinterReg){$FriendlyName = $DeletePrinter.GetValue(“Friendlyname”)if($FriendlyName -eq $PrinterName){Remove-Item -path $DeletePrinter.PSPath -RecurseWrite-Host “Removing $friendlyname from $($DeletePrinter.PSPath)”}}Here are all the Keys that contain Starbase16 ComputerHKEY_CURRENT_USERPrintersConvertUserDevModesCountComputerHKEY_CURRENT_USERPrintersSettingsComputerHKEY_CURRENT_USERSoftwareMicrosoftTerminal Server ClientServersStarbase16ComputerHKEY_CURRENT_USERSoftwareXeroxPrinterDriverV5.0“Starbase16`2E-Main-MailroomComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintPrinterMigrationExCSR|Starbase16ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintPrintersStarbase16ComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print ProviderS-1-5-21-117609710-602162358-725345543-28548PrintersConnectionsComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print ProviderServersStarbase16MonitorsClient Side PortComputerHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionPrintProvidersClient Side Rendering Print ProviderServersStarbase16Printers Read More
“False positive” attachment indication (paper clip icon) but no attachment present
For some users at my company, they are on a new version of Outlook which shows (in the email list panel) a paper-clip icon in the attachment column, for messages with no attachment. This seems to happen mostly with messages that are replies or forwards, where there may have been an attachment at some time in the past but there is no attachment present in the message chain as it stands in this message. This makes it virtually impossible to find the original message that in fact did contain the attachment. Or at least I don’t know the methodology to find it.
There should be no attachment indication if there is no attachment! And it should be easier to find the original message that indeed has the attachment (this is particularly true with conversation-mode type of messages.)
If there is a workaround for the time being, I really would like to know it. I have also submitted feedback to Microsoft to address this in Outlook. Let me know if you have seen this too, or if you know a way to handle it. Thanks.
For some users at my company, they are on a new version of Outlook which shows (in the email list panel) a paper-clip icon in the attachment column, for messages with no attachment. This seems to happen mostly with messages that are replies or forwards, where there may have been an attachment at some time in the past but there is no attachment present in the message chain as it stands in this message. This makes it virtually impossible to find the original message that in fact did contain the attachment. Or at least I don’t know the methodology to find it. There should be no attachment indication if there is no attachment! And it should be easier to find the original message that indeed has the attachment (this is particularly true with conversation-mode type of messages.)If there is a workaround for the time being, I really would like to know it. I have also submitted feedback to Microsoft to address this in Outlook. Let me know if you have seen this too, or if you know a way to handle it. Thanks. Read More
AI and Creativity, something to smooch about
My wife has a plant app. The app identifies plants perfectly.
We discovered that this app can do much more, e.g. recognize birds.
My wife points her phone at me.
I: “But I’m not a bird!” 🥹
My wife: “Let’s find out!”
Result: I’m a saw-whet owl. Another name is “zaaguil”. Scientific name is “Aegolius acadicus”.
Somehow reassuring. Copilot does not recognize a bird in the photo.
My wife has a plant app. The app identifies plants perfectly. We discovered that this app can do much more, e.g. recognize birds. My wife points her phone at me. I: “But I’m not a bird!” 🥹 My wife: “Let’s find out!” Result: I’m a saw-whet owl. Another name is “zaaguil”. Scientific name is “Aegolius acadicus”. Somehow reassuring. Copilot does not recognize a bird in the photo. Read More
Blank Role Based Access Control Persona Table – Defender for Endpoint
The table within the section for Role-Based Access Control is blank and does not contain any information. Defender Endpoint – Prepare-deployment.
The table within the section for Role-Based Access Control is blank and does not contain any information. Defender Endpoint – Prepare-deployment. Read More
Returning a cell’s value based on the location of another cell.
I want to search an entire worksheet for a value and once that value is identified, I want to pull the cell’s value that exists five cells below it. vlook, xlook, and hlookups don’t work because the data isn’t organized into a table. Getting confused by the LOOKUP, MATCH formulas.
I want to search an entire worksheet for a value and once that value is identified, I want to pull the cell’s value that exists five cells below it. vlook, xlook, and hlookups don’t work because the data isn’t organized into a table. Getting confused by the LOOKUP, MATCH formulas. Read More
Unable to edit a Booking in Outlook Calendar
I’m enjoying using the Booking program – however once my staff has scheduled a Team meeting using Booking, I cannot change the duration or time of the meeting. When I go to either open the event to edit, or move it in the calendar, the pop-out to edit the event appears, but is a blank white square. I have to close the pop-out from the start menu, and get a prompt ” Do you want to discard changes to this event” – screenshots are below.
Does anyone have a workaround?
I’m enjoying using the Booking program – however once my staff has scheduled a Team meeting using Booking, I cannot change the duration or time of the meeting. When I go to either open the event to edit, or move it in the calendar, the pop-out to edit the event appears, but is a blank white square. I have to close the pop-out from the start menu, and get a prompt ” Do you want to discard changes to this event” – screenshots are below. Does anyone have a workaround? Read More
Refreshing pivot tables
I updated my database and attempted to refresh my pivot tables. I went into Pivot Table Analyze and clicked on Refresh All and nothing happens. Help
I updated my database and attempted to refresh my pivot tables. I went into Pivot Table Analyze and clicked on Refresh All and nothing happens. Help Read More
Earlier Tasks in Planned Smart List are different in Outlook To Do
I am hoping that I am missing a setting somewhere, but when I look at the My Day To Do list in Outlook, the full list of earlier (overdue) tasks do not appear. I only see a subset of the tasks, currently in the last week.
Is there a way to ensure that the full list of earlier tasks within the Planned Smart List show up in Outlook To Do My Day?
I am hoping that I am missing a setting somewhere, but when I look at the My Day To Do list in Outlook, the full list of earlier (overdue) tasks do not appear. I only see a subset of the tasks, currently in the last week. Is there a way to ensure that the full list of earlier tasks within the Planned Smart List show up in Outlook To Do My Day? Read More
