Category: Microsoft
Category Archives: Microsoft
Partner Blog | Microsoft Copilot for Security generally available on April 1
By Julie Sanford, Vice President, Partner GTM, Programs & Experiences
As malicious actors continue to intensify their use of AI, security professionals must also incorporate AI into their solutions to counter the increasing threat. To support our partners and customers in securing their businesses, we are excited to announce the general availability of Microsoft Copilot for Security in all commerce channels, including CSP, on April 1, 2024. This new Copilot provides Microsoft partners with a powerful resource to safeguard their organizations, while improving the security services and solutions they offer.
Copilot for Security is the first generative AI security product designed to defend organizations at the speed and scale of AI. This announcement continues our AI momentum following the recent general availability of Copilot for Microsoft 365, Copilot for Finance, Copilot for Sales, Copilot for Service, and Copilot for the education market.
We have also added new resources for Copilot for Microsoft 365 ready to help you deliver more value, adoption, and seat growth with customers. Read our blog for these updates.
Copilot for Security is designed to complement, rather than replace human skills. Our partners bring their experience, skills, and established methods for dealing with vulnerabilities. This new tool enables them to apply their expertise to services and offerings that AI solutions without human insights cannot match.
Continue reading here
Microsoft Tech Community – Latest Blogs –Read More
Microsoft Secure Tech Accelerator: Securing AI– RSVP now
Join us April 3rd for another Microsoft Secure Tech Accelerator! We will be joined by members of our product engineering and customer adoption teams to help you explore, expand, and improve the way you secure and implement AI.
In this edition of Microsoft Secure Tech Accelerator, we are focusing on Microsoft Copilot for Security, Securing AI, and Exposure Management. We want to help you understand how you can make sure that the way you implement your AI tools is secure. We’ll also cover some of the newly available solutions in the Microsoft Security suite that allows you to make securing your AI easier.
As always, the focus of this series is on your questions! In addition to open Q&A with our product experts, we will kick off each session with a brief demo to get everyone warmed up and excited to engage.
How do I attend?
Choose a session name below and add any (or all!) of them to your calendar. Then, click RSVP to event and post your questions in the Comments anytime! We’ll note if we answer your question in the live stream and follow up in the chat with a reply as well.
Can’t find the option to RSVP? No worries, sign in on the Tech Community first.
Afraid to miss out due to scheduling or time zone conflicts? We got you! Every AMA will be recorded and available on demand the same day.
Agenda: April 3, 2024
Start time
Session title
7:00 a.m. PT
Copilot for Security: Customize your Copilot (deep dive + AMA)
8:00 a.m. PT
Secure AI applications using Microsoft Defender for Cloud Apps
(deep dive)
8:30 a.m. PT
Transform your defense: Microsoft Security Exposure Management
(deep dive + AMA)
More ways to engage
Join the Microsoft Management SCI Community to engage more with our product team.
Microsoft Tech Community – Latest Blogs –Read More
What’s new in Defender: How Copilot for Security can transform your SOC
What’s new in Defender: How Copilot for Security can transform your SOC
Today at Secure, we announced that Microsoft Copilot for Security will be generally available on April 1. Copilot equips security teams with purpose-built capabilities at every stage of the security lifecycle, embedded right into the unified security operations platform in the Defender portal. Early users of Copilot for Security have already seen significant measurable results when integrated in their SOC, transforming their operations and boosting their defense and posture against both ongoing and emerging threats. Read on to learn about the capabilities to GA on 4/1 embedded in the Defender portal for Defender XDR and Microsoft Sentinel data and how early access customers are already enjoying its value.
Prevent breaches with dynamic threat insight
Copilot for Security leverages the rich portfolio of Microsoft Security products to produce enriched insights for security analysts in the context of their workflow. At GA, you will be able to use Copilot for Security with Microsoft Defender Threat Intelligence and Threat Analytics in the Defender portal to tap into high-fidelity threat intelligence on threat actors, tooling and infrastructure and easily discover and summarize recommendations specific to your environment’s risk profile, all using natural language. These insights can help security teams improve their security posture by prioritizing threats and managing exposures proactively against adversaries, keeping their organizations protected from potential breaches.
Identify and prioritize with built-in context
“Copilot for Security is allowing us to re-envision security operations. It will be critical in helping us close the talent gap.” Greg Petersen Sr. Director – Security Technology & Operations, Avanade
Automation of common manual tasks with Copilot frees up analyst time and allows them to focus on more complex and urgent demands. For example, analysts need to understand the attack story and impact to determine next steps, and this often requires time and effort to collect and understand all of the relevant details. To make this task faster and easier, Copilot’s incident summaries, with AI-powered data processing and contextualization, provides this content readily available, saving significant triage time. Complimenting Microsoft Defender XDR’s unique ability to correlate incidents from a variety of workloads, Copilot’s incident summary provides the attack story and potential impact directly in the incident page. At GA, asset summaries become available for use in investigation. The first of these is a device summary, where Copilot provides highlights about the device based on all cross-workload information available in Defender XDR, as well as other device data integrated in from Intune. This further improves efficiency during triage and enables analysts to more quickly assess and prioritize incidents, leading to faster response.
As part of incident investigation and response, analysts often reach out to employees to get more information about unusual activity on their devices or to communicate about an incident or a limitation in access. New at GA, Copilot now makes this faster by generating tailored messages with all the details an employee would need and enabling analysts to send those messages through Microsoft Teams or Outlook – directly from the portal. Copilot links directly to many tasks that would normally require going to another view or product – another example of added efficiency for security teams.
During Early access, 97%* of security professionals reported they would make consistent use of Copilot capabilities in their day-to-day workflows.
Accelerate full resolution for every incident
“Copilot for Security can democratize security to the end user. It is no longer just with the subject matter expert. The average analyst training time used to be a couple of months, and that can reduce drastically if you’re using Copilot.” Chandan Pani, Chief Information Security Officer, LTIMindtree
During an incident, every second counts. With additional Copilot capabilities, like guided response and automated incident reports, analysts of all levels can move an average of 22% faster* and accelerate time to resolution.
Guided response, provided by Copilot during incident investigation and report in the Defender portal, helps analysts determine what to do next, based on the specific incident at hand.
Example recommendations include:
Triaging an incident with a recommended classification and threat category
Steps to take to contain an incident, such as suspending a compromised account
Investigation actions, such as finding all emails that were part of a phishing campaign
How to remediate an incident, such as resetting a user’s password
Action recommendations are provided with links to the next steps, which can be taken directly in the Copilot window, reducing time spent switching views.
After successfully closing out an incident, analysts often spend time drafting reports for peers and leadership to provide a summary of the attack and remediation steps taken. Using Copilot, an incident report is easily generated with the click of a button, instantly delivering a high-quality summary ready to share or save for documentation. For GA, exporting the report to a detailed formatted PDF is now available, making for a great executive-shareable report.
Elevate analysts with intelligent assistance
“Copilot for Security allows us to quickly analyze Python and PowerShell scripts. This means that staff with less experience can quickly analyze scripts, saving valuable time in the cybersecurity area where time is so important.” Mark Marshall, Assistant Chief Information Officer , Peel District School Board
Security teams are made up of individuals with a variety of different skillsets and levels of experience, and as demands and requirements change, up-leveling becomes critical. It can take time and expertise to learn how to effectively manage hunting jobs or analyze malicious scripts, which many organizations simply don’t have. Copilot makes expert tasks significantly simpler, reducing the time spent onboarding new recruits and training analysts while driving faster results.
For example, Copilot assists less experienced analysts with hunting during an investigation in the Defender Portal. An analyst can now create KQL queries simply using natural language – for example just asking for “all devices that logged on in the last hour”. The user can then choose to run the generated query or have Copilot execute them automatically. Copilot can also recommend the best filters to apply after results are surfaced or suggest common next steps. Security teams see significant benefits with this as more senior analysts are now able to delegate threat hunting projects to newer or less experienced employees.
Another task commonly reserved to more experienced analysts is reverse engineering PowerShell, Python or other scripts, often used in HumOR and other attacks, and not every team even has this expertise. Copilot’s script analysis feature gives security teams the ability to examine these scripts easily, without needing any prior knowledge of how to do so. This feature is also into the investigation process with a button prompting a user to “analyze with Copilot” anytime an alert contains a script. The resulting analysis is a line-by-line explanation of what the script is trying to do, with excerpts from the script for each explained section. Wit this, an analyst can quickly tell if a script is potentially harmful or not. New at GA, these capabilities extend to suspicious file analysis as well (executable or other), delivering details about the file’s internal characteristics and behavior and an easy way to assess maliciousness.
Interested in getting started with Copilot for Security?
The pace of innovation in AI is moving at lightning speed and we expect many more security teams to see significant benefits of the technology with the general availability of Copilot for Security. To learn more about Microsoft Copilot for Security, click here or contact your Microsoft sales representative.
Learn more about Copilot skills for Defender XDR announced at early access : Operationalizing Microsoft Security Copilot to Reinvent SOC Productivity
*Microsoft Copilot for Security randomized controlled trial (RCT) with experienced security analysts conducted by Microsoft Office of the Chief Economist, January 2024.
Microsoft Tech Community – Latest Blogs –Read More
Certification
Hi! I work in LE and I will be teaching some of our staff Detentions 101. As a perk of taking the class I would love to have those who take the class be Sharepoint “Certified” through Microsoft. Is that possible?
Hi! I work in LE and I will be teaching some of our staff Detentions 101. As a perk of taking the class I would love to have those who take the class be Sharepoint “Certified” through Microsoft. Is that possible? Read More
Azure Container Apps Managed Certificates now in General Availability (GA)!
General Availability (GA): Azure Container Apps Managed Certificates!
Managed Certificates on Azure Container Apps will allow you to create certificates free of charge for custom domains added to your container app. The service will also manage the life cycle of these certificates and auto-renew them when they’re close to expiring.
To learn more, see Azure Container Apps managed certificate documentation.
Microsoft Tech Community – Latest Blogs –Read More
Azure at KubeCon Europe 2024 | Paris, France – March 19-22
Note: Brendan Burns’ “Welcome to KubeCon EU 2024” blog post will be live on March 19 at aka.ms/kubeconblog. Please check back at that time.
Are you as excited as we are for KubeCon + CloudNativeCon Europe 2024? We can’t wait and hope you’ll join us for some awesome Microsoft Azure KubeCon + CloudNativeCon related events and activities happening in Paris March 18-22!
Azure Kubernetes Service (AKS) Essentials Day (March 18): New for this KubeCon + CloudNativeCon, we’ve added an in-person, hands-on, introductory workshop for those just getting started with AKS. The full-day event will be in Paris on March 18. Registration is required for this free event and space is limited. Learn more and register.
Azure Day with Kubernetes (March 19): Join our Microsoft experts in-person in Paris on Tuesday, March 19 from 9am to 5pm for an exclusive opportunity to learn best practices for building cloud-native and intelligent apps with Kubernetes on Azure. Registration is required for this free event and space is limited. Learn more and register.
KubeCon + CloudNativeCon (March 20-22):
Don’t miss the Microsoft keynote on Wednesday March 20 9:40am to learn about how to Build an Open Source Platform for AI/ML.
Check out sessions by Microsoft engineers on diverse topics including Notary project, what’s new in containerd 2.0, strategies for efficient LLM deployments, OpenTelemetry, Confidential Containers, Network Policy, OPA, special purpose operating systems, and more!
Brendan Burns, Kubernetes co-founder and Microsoft CVP, will share his thoughts on the latest developments and key Microsoft announcements related to cloud-native intelligent application development in his KubeCon + CloudNativeCon Europe 2024 blog on March 19th.
And of course, swing by our Microsoft Azure booth #G1 from March 20th to 22nd! We’ll have short sessions and demos on all things cloud native and AI, an Xbox Forza racing competition with a chance to win some cool prizes, and some sweet swag. Don’t forget to pick up your copy of Brendan Burn’s latest Kubernetes Best Practices book when you visit the Microsoft booth!
We look forward to seeing you in Paris!
– Microsoft Azure team
Microsoft Tech Community – Latest Blogs –Read More
Sync Up Episode 09: Creating a New Future with OneDrive
Sync Up Episode 9 is now available on all your favorite podcast apps! This month, Arvind Mishra and I are talking with Liz Scoble and Libby McCormick about the power of Create.Microsoft.com and how we’re bringing that power into the OneDrive experience! Along the way, we learn a little more about ourselves, about TPS reports, and much more!
Show: https://aka.ms/SyncUp | Apple Podcasts: https://aka.ms/SyncUp/Apple | Spotify: https://aka.ms/SyncUp/Spotify | RSS: https://aka.ms/SyncUp/RSS
As always, we hope you enjoyed this episode! Let us know what you think in the comments below!
Microsoft Tech Community – Latest Blogs –Read More
Unlock the power of video with Microsoft Stream
Hi Microsoft 365 Insiders!
Experience seamless video collaboration with Microsoft Stream, a powerful platform that enables you to create, share, and view videos securely across the Microsoft 365 apps you use every day. You can use it to easily create useful and interesting video content, and leverage features like sharing, transcriptions, translations, chapters, search, and more.
Read the full overview in our latest blog!
We have also shared out on X/LinkedIn:
X: https://twitter.com/Msft365Insider/status/1767581318089482328
LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7173347029945966592
Thanks!
Perry Sjogren
Microsoft 365 Insider Social Media Manager
Become a Microsoft 365 Insider and gain exclusive access to new features and help shape the future of Microsoft 365. Join Now: Windows | Mac | iOS | Android
Hi Microsoft 365 Insiders! Experience seamless video collaboration with Microsoft Stream, a powerful platform that enables you to create, share, and view videos securely across the Microsoft 365 apps you use every day. You can use it to easily create useful and interesting video content, and leverage features like sharing, transcriptions, translations, chapters, search, and more. Read the full overview in our latest blog! We have also shared out on X/LinkedIn:X: https://twitter.com/Msft365Insider/status/1767581318089482328LinkedIn: https://www.linkedin.com/feed/update/urn:li:activity:7173347029945966592 Thanks! Perry SjogrenMicrosoft 365 Insider Social Media Manager Become a Microsoft 365 Insider and gain exclusive access to new features and help shape the future of Microsoft 365. Join Now: Windows | Mac | iOS | Android Read More
Can’t Enable DKIM in Office 365
AOL, Yahoo, and Verizon (using the same email server) are now requiring that SPF, DKIM, and DMARC be enabled for emails sent to those addresses. I saw a report that Google will soon require this too. My problem is that to enable DKIM, I have to create 2 CNAME records. I have created these records on 4 accounts on 4 different providers. I have another account that actually works, but DKIM was enabled even without the CNAMES. I also passed the DMARC check on that account, so I know that I have managed to put in the correct entries in the CNAME records. But, I still get the error message about needing the CNAME records before enabling DKIM.
Another curiosity is that on none of my accounts can I detect CNAME records, even CNAMEs that were already there? What do I have to do to enable DKIM on these accounts (a total of 6 accounts on 4 different hosts)?
AOL, Yahoo, and Verizon (using the same email server) are now requiring that SPF, DKIM, and DMARC be enabled for emails sent to those addresses. I saw a report that Google will soon require this too. My problem is that to enable DKIM, I have to create 2 CNAME records. I have created these records on 4 accounts on 4 different providers. I have another account that actually works, but DKIM was enabled even without the CNAMES. I also passed the DMARC check on that account, so I know that I have managed to put in the correct entries in the CNAME records. But, I still get the error message about needing the CNAME records before enabling DKIM. Another curiosity is that on none of my accounts can I detect CNAME records, even CNAMEs that were already there? What do I have to do to enable DKIM on these accounts (a total of 6 accounts on 4 different hosts)? Read More
Unable to enter network after launching updat KB5034848
Today I reactivated my computer and updated with the latest version of windows 11 (23H2, X64 KB5034848). Some time later I lost connection to the internet, while my router and another laptop is still able to access the internet.
Using the help tool, I get the message that the internet can not be accessed using a fixed IP address. Automatic IP address assignment with DHCP is active (has not been changed after updating windows).
What to do?
Today I reactivated my computer and updated with the latest version of windows 11 (23H2, X64 KB5034848). Some time later I lost connection to the internet, while my router and another laptop is still able to access the internet.Using the help tool, I get the message that the internet can not be accessed using a fixed IP address. Automatic IP address assignment with DHCP is active (has not been changed after updating windows).What to do? Read More
Publishing a SaaS offer for PowerApps a canvas app in AppSource
Hello,
We have been trying for many months now to publish our PowerApps canvas apps as a SaaS offer, thereby allowing us to have transactable, licensed customers.
Through a lot of effort, we managed to get some support where we were told quite vaguely how to achieve this, but without any meaningful guidance we are struggling as we are a small ISV with expertise in our actual business, and Power Platform. We are not, however, experts in SQL (that’s being generous) or in creating APIs which seem to be a requirement to keep track of user licenses and feeding the data to our canvas app.
If anyone here has any info on this, or how they might have achieved it themselves it would be massively appreciated, as we can’t seem to get there by ourselves and MS support is very difficult to find.
It does feel as though the app development part is so much simpler than getting it onto the marketplace, which is surely the wrong way round.
Thank you,
Craig
Hello, We have been trying for many months now to publish our PowerApps canvas apps as a SaaS offer, thereby allowing us to have transactable, licensed customers. Through a lot of effort, we managed to get some support where we were told quite vaguely how to achieve this, but without any meaningful guidance we are struggling as we are a small ISV with expertise in our actual business, and Power Platform. We are not, however, experts in SQL (that’s being generous) or in creating APIs which seem to be a requirement to keep track of user licenses and feeding the data to our canvas app. If anyone here has any info on this, or how they might have achieved it themselves it would be massively appreciated, as we can’t seem to get there by ourselves and MS support is very difficult to find. It does feel as though the app development part is so much simpler than getting it onto the marketplace, which is surely the wrong way round. Thank you,Craig Read More
Assigned to me in planner – Project capability
Hi
Reading through the various comments and reports, it states that the ability for planner to pull through Project tasks through to your Planner “Assigned to me” tasks is due in March.
Can anyone confirm when this will be happening date wise as it looks like there is a bit of a delay?
Thanks,
Omar Warrak
Hi Reading through the various comments and reports, it states that the ability for planner to pull through Project tasks through to your Planner “Assigned to me” tasks is due in March. Can anyone confirm when this will be happening date wise as it looks like there is a bit of a delay? Thanks, Omar Warrak Read More
RAISE Summit Paris 2024 PRO Ticket
Hello everyone!
I just won a PRO ticket for the Paris RAISE Summit 2024.
The ticket price on the official website is €799, and I want to sell it for half price.
Can you please help me with where I can sell it, or maybe someone from here wants to buy it?
Hello everyone!I just won a PRO ticket for the Paris RAISE Summit 2024.The ticket price on the official website is €799, and I want to sell it for half price.Can you please help me with where I can sell it, or maybe someone from here wants to buy it? Read More
Announcing Azure Health Data Services DICOM service with Data Lake Storage
We are thrilled to announce the general availability of the Azure Health Data Services DICOM service with Data Lake Storage, a solution that enables teams to store, manage, and access their medical imaging data in the cloud. Whether you’re involved in clinical operations, research endeavors, AI/ML model development, or any other facet of healthcare that involves medical imaging, the DICOM service can expand the possibilities of your imaging data and enable new workflows.
The DICOM service is available for teams to start using today with production imaging data. To get started, visit the Azure Health Data Services docs and follow the steps to Deploy the DICOM service with Data Lake Storage.
Who Can Benefit?
The DICOM service with Data Lake Storage is designed for any team that requires a robust and scalable cloud storage solution for their medical imaging data. Whether you’re a healthcare institution migrating clinical and research data to the cloud, a development team in need of a scalable storage platform for imaging data, or an organization seeking to operationalize imaging data in AI/ML model development or secondary use scenarios, our DICOM service with Data Lake Storage is here to empower your endeavors.
Benefits of Azure Data Lake Storage
By integrating with Azure Data Lake Storage (ADLS Gen2), our DICOM service offers a myriad of benefits to healthcare teams:
Scalable Storage: Enjoy performant, massively scalable storage capabilities that can effortlessly accommodate your growing imaging data assets.
Data Governance: Take full control of your imaging data assets. Manage storage permissions, access controls, data replication strategies, backups, and more, ensuring compliance with global privacy standards.
Direct Data Access: Seamlessly access your DICOM data through Azure Storage APIs, enabling efficient retrieval and manipulation of your valuable medical imaging assets. The DICOM service continues to provide DICOMweb APIs for storing, querying for, and retrieving imaging data.
Ecosystem Integration: Leverage the entire ecosystem of tools surrounding ADLS, including AzCopy, Azure Storage Explorer, and Azure Storage Data Movement library, to help streamline your workflows and enhance productivity.
Unlock New Possibilities: Unlock new analytics and AI/ML scenarios by integrating with services like Azure Synapse, Azure Databricks, Azure Machine Learning, and Microsoft Fabric, enabling you to extract deeper insights and drive innovation in healthcare.
Integration with Microsoft Fabric
As called out above, a key benefit of Azure Data Lake Storage is that it connects to Microsoft Fabric. Microsoft Fabric is an end-to-end, unified analytics platform that brings together all the data and analytics tools that organizations need to unlock the potential of their data and lay the foundation for AI scenarios. By using Microsoft Fabric, you can use the rich ecosystem of Azure services to perform advanced analytics and AI/ML with medical imaging data, such as building and deploying machine learning models, creating cohorts for clinical trials, and generating insights for patient care and outcomes.
Get Started Today
The DICOM service with Data Lake Storage is available for teams to start using today with production imaging data – and customers can expect to receive the same level of support and adherence consistent with the healthcare privacy standards that Azure Health Data Services is known for. Whether you’re looking to enhance clinical operations, drive research breakthroughs, or unlock new AI-driven insights, the power of Azure Health Data Services can help you to achieve your goals.
To learn more about analytics with imaging data, see Get started using DICOM data in analytics workloads.
Pricing
With Azure Health Data Services, customers pay only for what they use. DICOM service customers incur storage costs for storage of the DICOM data and metadata used to operate the DICOM service as well as charges for API requests. The data lake storage model shifts most of the storage costs from Azure Health Data Services to Azure Data Lake Storage (where the .dcm files are stored).
For detailed pricing information, see Pricing – Azure Health Data Services and Azure Storage Data Lake Gen2 Pricing.
Microsoft Tech Community – Latest Blogs –Read More
Simplifying Azure Kubernetes Service Authentication Part 3
Welcome to the third installment of this series simplifying azure Kubernetes service authentication. Part two is here Part 2 .In this third part we’ll continue from where we left off and set up cert manager, create a CA issuer, upgrade our ingress routes, register our app, and create secrets and a cookie for authentication. You can also refer to the official documentation here for some of the steps TLS with an ingress controller.
Install cert-manager Let’s Encrypt
In the previous post we uploaded cert manager images to our ACR. Now lets install the cert manager images by running the following:
# Set variable for ACR location to use for pulling images
$AcrUrl = (Get-AzContainerRegistry -ResourceGroupName $ResourceGroup -Name $RegistryName).LoginServer
# Label the ingress-basic namespace to disable resource validation
kubectl label namespace ingress-basic cert-manager.io/disable-validation=true
# Add the Jetstack Helm repository
helm repo add jetstack https://charts.jetstack.io
# Update your local Helm chart repository cache
helm repo update
# Install the cert-manager Helm chart
helm install cert-manager jetstack/cert-manager –namespace ingress-basic –version $CertManagerTag –set installCRDs=true –set nodeSelector.”kubernetes.io/os”=linux –set image.repository=”${AcrUrl}/${CertManagerImageController}” –set image.tag=$CertManagerTag –set webhook.image.repository=”${AcrUrl}/${CertManagerImageWebhook}” –set webhook.image.tag=$CertManagerTag –set cainjector.image.repository=”${AcrUrl}/${CertManagerImageCaInjector}” –set cainjector.image.tag=$CertManagerTag
You should get some output and make sure the READY column is set to True.
Create a CA Issuer
A certificate authority (CA) validates the identities of entities (such as websites, email addresses, companies, or individual persons) and binds them to cryptographic keys through the issuance of digital certificates. We are using the letsencrypt CA. We can create a CA by applying a ClusterIssuer to our ingress-basic namespace. Create the following cluster-issuer.yaml file:
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: letsencrypt
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: MY_EMAIL_ADDRESS
privateKeySecretRef:
name: letsencrypt
solvers:
– http01:
ingress:
class: nginx
podTemplate:
spec:
nodeSelector:
“kubernetes.io/os”: linux
Now apply this yaml file by running the following kubectl command:
kubectl apply -f cluster-issuer.yaml –namespace ingress-basic
Update your ingress route
In the previous part of this series we created a FQDN which enabled us to route to our apps in the web browser via a URL. We need to update our ingress routes to handle this change. Update the hello-world-ingress.yaml as follows:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/use-regex: “true”
cert-manager.io/cluster-issuer: letsencrypt
spec:
ingressClassName: nginx
tls:
– hosts:
– hello-world-ingress.MY_CUSTOM_DOMAIN
secretName: tls-secret
rules:
– host: hello-world-ingress.MY_CUSTOM_DOMAIN
http:
paths:
– path: /hello-world-one(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-one
port:
number: 80
– path: /hello-world-two(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-two
port:
number: 80
– path: /(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-one
port:
number: 80
—
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: hello-world-ingress-static
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: “false”
nginx.ingress.kubernetes.io/rewrite-target: /static/$2
spec:
ingressClassName: nginx
tls:
– hosts:
– hello-world-ingress.MY_CUSTOM_DOMAIN
secretName: tls-secret
rules:
– host: hello-world-ingress.MY_CUSTOM_DOMAIN
http:
paths:
– path: /static(/|$)(.*)
pathType: Prefix
backend:
service:
name: aks-helloworld-one
port:
number: 80
Then apply the update:
kubectl apply -f hello-world-ingress.yaml –namespace ingress-basic
You should get some output and make sure the READY column is set to True.
Register your app in Entra ID and create a client secret
An Azure Active Directory (AAD) App referred to as Entra ID now, is an application registered in Entra ID, which allows it to interact with Azure services and authenticate users. We can then use the Entra ID App to obtain a client secret for authentication purposes. Perform the following actions to register an app and create a client secret.
In the Azure portal search for Microsoft Entra ID
Click App registrations in the left side navigation
Click new registration button
Add a name and enter your redirect URL (Web) https://FQDN/oauth2/callback
Register and take note of your Application (client) ID
Click Certificates and Secrets and click New client secret and take note of the Secret Value
Create a cookie secret and set Kubernetes secrets
Now register the following client-id, client-secret, and cookie secret. Remember this series is for educational purposes and thus may not meet all security requirements. If you need to store your secrets in a more secure location you can also refer to how to use Key Vault to do so here Key Vault. Run the following commands in PowerShell:
$cookie_secret=“$(openssl rand -hex 16)”
# or with python
python -c ‘import os,base64; print(base64.urlsafe_b64encode(os.urandom(32)).decode())’
kubectl create secret generic client-id –from-literal=oauth2_proxy_client_id=<APPID> -n ingress-basic
kubectl create secret generic client-secret –from-literal=oauth2_proxy_client_secret=<SECRETVALUE> -n ingress-basic
kubectl create secret generic cookie-secret –from-literal=oauth2_proxy_cookie_secret=<COOKIESECRET> -n ingress-basic
Create a Redis Password
Azure uses large cookies when authenticating over Oauth2, thus it is recommended to setup Redis to handle these large cookies. For now we will create a Redis password and set the Kubernetes secret. In the next post we will install and setup Redis. Run the following command in PowerShell:
$REDIS_PASSWORD=“<YOUR_PASSWORD>”
kubectl create secret generic redis-password –from-literal=redis-password=$REDIS_PASSWORD -n ingress-basic
This ends the third post in our series. Look out for the fourth and final post.
Microsoft Tech Community – Latest Blogs –Read More
March 2024: Exploring open source at Microsoft, and other highlights for developers
Microsoft has developed a strong open source program over the past decade. Many of our tools and approaches are available for you to learn from and contribute to. This blog post explores some of the open-source projects at Microsoft and resources that will help you start contributing to and managing your own open-source projects. To learn more about Open Source at Microsoft, visit opensource.microsoft.com.
.NET is open source
Did you know .NET is open source? .NET is open source and cross-platform, and it’s maintained by Microsoft and the .NET community. Check it out on GitHub.
Microsoft JDConf 2024
Get ready for JDConf 2024—a free virtual event for Java developers. Explore the latest in tooling, architecture, cloud integration, frameworks, and AI. It all happens online March 27-28 and will include sessions on OpenJDK, OpenTelemetry, and Java development with Visual Studio Code. Learn more and register now.
Getting started with the Fluent UI Blazor library
The Fluent UI Blazor library is an open-source set of Blazor components used for building applications that have a Fluent design. Watch this Open at Microsoft episode for an overview and find out how to get started with the Fluent UI Blazor library.
Generative AI for Beginners
Want to build your own GenAI application? The free Generative AI for Beginners course on GitHub is the perfect place to start. Work through 18 in-depth lessons and learn everything from setting up your environment to using open-source models available on Hugging Face.
Reactor series: GenAI for software developers
Step into the future of software development with the Reactor series. GenAI for Software Developers explores cutting-edge AI tools and techniques for developers, revolutionizing the way you build and deploy applications. Register today and elevate your coding skills.
How to get GraphQL endpoints with Data API Builder
The Open at Microsoft show takes a look at using Data API Builder to easily create Graph QL endpoints. See how you can use this no-code solution to quickly enable advanced—and efficient—data interactions.
Microsoft Graph Toolkit v4.0 is now generally available
Microsoft Graph Toolkit v4.0 is now available. Learn about its new features, bug fixes, and improvements to the developer experience.
Customize Dev Containers in VS Code with Dockerfiles and Docker Compose
Dev containers offer a convenient way to deliver consistent and reproducible environments. Follow along with this video demo to customize your dev containers using Dockerfiles and Docker Compose.
Other news and highlights for developers
AI Show: LLM Evaluations in Azure AI Studio
Don’t deploy your LLM application without testing it first! Watch the AI Show to see how to use Azure AI Studio to evaluate your app’s performance and ensure it’s ready to go live. Watch now.
Use OpenAI Assistants API to build your own cooking advisor bot on Teams
Find out how to build an AI assistant right into your app using the new OpenAI Assistants API. Learn about the open playground for experimenting and watch a step-by-step demo for creating a cooking assistant that will suggest recipes based on what’s in your fridge.
What’s new in Teams Toolkit for Visual Studio 17.9
What’s new in Teams Toolkit for Visual Studio? Get an overview of new tools and capabilities for .NET developers building apps for Microsoft Teams.
Embed a custom webpage in Teams
Find out how to share a custom web page, such as a dashboard or portal, inside a Teams app. It’s easier than you might think. This short video shows how to do this using Teams Toolkit for Visual Studio and Blazor.
Build your own assistant for Microsoft Teams
Creating your own assistant app is super easy. Learn how in under 3 minutes! Watch a demo using the OpenAI Assistants, Teams AI Library, and the new AI Assistant Bot template in VS Code.
Build your custom copilot with your data on Teams featuring an AI dragon
Build your own copilot for Microsoft Teams in minutes. Watch this video to see how in this demo that builds an AI Dragon that will take your team on a cyber role-playing adventure.
Microsoft Mesh: Now available for creating innovative multi-user 3D experiences
Microsoft Mesh is now generally available, providing an immersive 3D experience for the virtual workplace. Get an overview of Microsoft Mesh and find out how to start building your own custom experiences.
Global AI Bootcamp 2024
Global AI Bootcamp is a worldwide annual event that runs throughout the month of March for developers and AI enthusiasts. Learn about AI through workshops, sessions, and discussions. Find an in-person bootcamp event near you.
C# Dev Kit for Visual Studio Code
Learn how to use the C# Dev Kit for Visual Studio Code. Get details and download the C# Dev Kit from the Visual Studio Marketplace.
Visual Studio Code: C# and .NET development for beginners
Have questions about Visual Studio Code and C# Dev Kit? Watch the C# and .NET Development in VS Code for Beginners series and start writing C# applications in VS Code.
Python Data Science Day 2024: Unleashing the Power of Python in Data Analysis
Celebrate Pi Day (3.14) with a journey into data science with Python. Set for March 14, Python Data Science Day is an online event for developers, data scientists, students, and researchers who want to explore modern solutions for data pipelines and complex queries.
Use GitHub Copilot for your Python coding
Discover a better way to code in Python. Check out this free Microsoft Learn module on how GitHub Copilot provides suggestions while you code in Python.
Remote development with Visual Studio Code
Find out how to tap into more powerful hardware and develop on different platforms from your local machine. Check out this Microsoft Learn path to explore tools in VS Code for remote development setups and discover tips for personalizing your own remote dev workflow.
Using GitHub Copilot with JavaScript
Use GitHub Copilot while you work with JavaScript. This Microsoft Learn module will tell you everything you need to know to get started with this AI pair programmer.
Get to know GitHub Copilot in VS Code and be more productive
Get to know GitHub Copilot in VS Code and find out how to use it. Watch this video to see how incredibly easy it is to start working with GitHub Copilot…Just start coding and watch the AI go to work.
Designing for Trust
Learn how to design trustworthy experiences in the world of AI. Watch a demo of an AI prompt injection attack and learn about setting up guardrails to protect the system.
Use Visual Studio for modern development
Want to learn more about using Visual Studio to develop and test apps. Start here. In this free learning path, you’ll dig into key features for debugging, editing, and publishing your apps.
GitHub Copilot fundamentals – Understand the AI pair programmer
Improve developer productivity and foster innovation with GitHub Copilot. Explore the fundamentals of GitHub Copilot in this free training path from Microsoft Learn.
Microsoft, GitHub, and DX release new research into the business ROI of investing in Developer Experience
Investing in the developer experience has many benefits and improves business outcomes. Dive into our groundbreaking research (with data from more than 2000 developers at companies around the world) to discover what your business can gain with better DevEx.
Microsoft Tech Community – Latest Blogs –Read More
Empowering women through digital skills
As we mark International Women’s Day, we celebrate the work of our partners to empower women around the world with skills for the AI economy. We know that when women have access to education, digital skills, and opportunities, they can build a better future for themselves, their families, and their communities.
Women in Digital Business
With the rise of the digital economy, women have new opportunities to start and grow a business, but still face many challenges. In low-income countries especially, female small business owners lack the competencies to develop a digital transformation strategy and implement it. In this context, equipping women entrepreneurs with digital skills is essential to the growth of their business. To tackle this challenge, Microsoft has partnered with the International Training Center of the International Labor Organization (ITCILO) to offer the Women in Digital Business (WIDB) program.
WIDB offers training programs in digital skills to women entrepreneurs who are looking to digitalize their business. By training partners all over the world in using the ILO’s platform and methodologies, the program will enable over 30,000 women-led micro and small businesses in 10+ countries to gain role-based skills, employability skills, and digital skills through online and residential training centers.
In Colombia, our partner ImpactHub is integrating this training to support the personal and professional growth of female entrepreneurs who have been affected by armed conflict in their communities. Through a blend of business training, leadership skills development, and access to economic opportunities, ImpactHub’s implementation of this program is nurturing the potential of these women to persevere through political crisis, thereby strengthening the country’s business and social fabric.
Learn more about Women in Digital Business and how you can become a master trainer for the program.
Cybersecurity skilling
Cybersecurity roles are high-wage, high-growth jobs across every industry. Yet globally only 1 in 4cybersecurity roles are filled by women. Microsoft is proud to partner with women-focused organizations to help change that. Some of our resources, partnerships, and opportunities to support women in cyber include:
In honor of Women’s History Month, we just launched the Microsoft Cybersecurity Certification Scholarship, awarded by Women in Cloud. This scholarship equips women in the U.S. with access to industry recognized certifications, mentorship networks, and monthly job preparedness sessions. Learn more about how to apply for this scholarship at aka.ms/WiC.
As part of the expansion of our cybersecurity skills initiative, we are partnering with Women in CyberSecurity (WiCyS) to bring their student chapters to a global audience. WiCyS student chapters receive funding, access to resources and conferences as well as networking opportunities for both students and faculty advisors. Learn more about how to create a student chapter on the WiCyS website.
Our partner LATAM Women in Cybersecurity (WOMCY) has a mission to minimize the knowledge gap and increase the talent pool in cybersecurity across Latin America. Through multiple grants from Microsoft, WOMCY has provided 5,200 women with coursework and vouchers to complete a SC-900 certification in Cybersecurity. Find out more about WOMCY.
The International Telecommunications Union (ITU), a UN agency, recently finished the third cycle of their Women in Cyber Mentorship Program. With support from Microsoft, this program provided over 300 women mentors and mentees in the field of cybersecurity with courses, live trainings, and multiple forms of mentorship activities to foster continued growth in their roles.
See all the resources Microsoft offers for Cybersecurity skilling at aka.ms/Cybersecurity_Skills.
International Women’s Day is an opportunity to reflect on our progress and recognize the impact of our partners and programs around the world. But there is more work to do. Together, we can ensure women everywhere have access to the skills and opportunities they need to thrive in a rapidly changing economy.
Access digital skills resources to help empower women in your community at: aka.ms/MicrosoftDigitalSkillsHub
Microsoft Tech Community – Latest Blogs –Read More
Como gerenciar conexões SQL no .NET Core
Gerenciamento de conexões SQL é um tema que sempre quis abordar, mas acreditava ser desnecessário, pois não havia me deparado com muitos problemas desse tipo.
Porém, recentemente, deparei com um caso bem desafiador, onde uma aplicação extremamente crítica estava caindo, e adivinhe só? A causa raiz era o gerenciamento de conexões SQL.
O objetivo desse artigo é explicar e demonstrar através de provas de conceito o que fazer para evitar esse tipo de problema.
SQL Connection Pool no ADO.NET
Um objeto de SqlConnection representa uma conexão física com um banco de dados, onde o método Open é utilizado para abrir a conexão e o método Close é utilizado para fechar a conexão.
Abrir e fechar conexões é uma operação cara, pois envolve algumas etapas, como:
Estabelecer um canal físico, como um socket ou um pipe nomeado.
Realizar o handshake inicial com o servidor.
Analisar as informações da cadeia de conexão (connection string).
Autenticar a conexão no servidor.
Realizar verificações para a inclusão na transação atual.
Executar outras verificações e procedimentos necessários durante a conexão.
Em resumo, é um processo que envolve muitas etapas que podem e devem ser evitadas. A biblioteca ADO.NET, implementa o Connection Polling, onde as conexões são criadas sob demanda, e reutilizadas durante o ciclo de vida da aplicação.
O pool reduz a necessidade de criação de novas conexões, quando a aplicação chamar o método Open, ele irá verificar se já existe uma conexão aberta disponível antes de abrir uma nova. Quando o método Close é chamado, a conexão é devolvida ao pool.
Problemas comuns
O problema mais comum que ocorre com o gerenciamento de conexões SQL é o vazamento de conexões. Isso ocorre quando a aplicação não fecha a conexão corretamente. Os impactos no desempenho e escalabilidade da aplicação são significativos, pois o pool de conexões é limitado, e quando uma conexão não é fechada corretamente, ela fica indisponível pois, uma vez que o pool atinga o número máximo de conexões, a aplicação irá esperar até que uma conexão seja liberada.
Exemplo de vazamento de conexão
O código a seguir é um exemplo de vazamento de conexão:
public int ExecuteNonQuery(string command)
{
SqlConnection connection = new SqlConnection(“connectionString”);
DbCommand dbCommand = Connection.CreateCommand();
dbCommand.CommandText = command;
dbCommand.Connection = connection;
return dbCommand.ExecuteNonQuery();
}
Vamos executar os seguintes passos para simular o problema e entender qual é o problema dessa implementação:
Implementar o código acima em um projeto de prova de conceito
Simular o problema através de um teste de carga
Coletar e analisar um dump de memória
O código de referência está disponível em: https://github.com/claudiogodoy99/Sql-Demo
Para reproduzir o problema vou utilizar o k6 como ferramenta de deste de carga, e vou utilizar o seguinte script:
import http from “k6/http”;
export default function () {
const response = http.get(“<http://localhost:5096/exemplo>”);
}
O comando que utilizei para rodar o teste foi: k6 run -u 100 -d 120s .loadTest.js. Ele simula 100 usuários acessando a url http://localhost:5096/exemplo durante 120 segundos.
O resultado do teste foi o seguinte:
execution: local
script: loadTest.js
output: –
scenarios: (100.00%) 1 scenario, 100 max VUs, 2m30s max duration (incl. graceful stop):
http_req_duration……….: avg=33.44s min=1.53s med=33.21s max=1m0s p(90)=51.56s p(95)=57.29s
http_req_failed…………: 100.00% ✓ 390 ✗ 0
running (2m30.0s), 000/100 VUs, 390 complete and 19 interrupted iterations
Em linhas gerais foi um resultado muito ruim, o tempo médio de resposta foi de 33 segundos.
Utilizei o dotnet-dump para gerar e analisar o dump de memória, através dos comandos:
dotnet-dump collect -p PID
dotnet-dump analyze .NOME-DO-ARQUIVO-GERADO.dmp
Com o dump aberto no terminal, vou rodar o comando clrthreads que vai listar todas as pilhas de execuções gerenciadas, enumerando suas respectivas threads:
…
System.Threading.WaitHandle.WaitMultiple
Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection
Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection
Microsoft.Data.ProviderBase.DbConnectionFactory.TryGetConnection
Microsoft.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal
Microsoft.Data.SqlClient.SqlConnection.TryOpen
Microsoft.Data.SqlClient.SqlConnection.Open
UnityOfWork.OpenConnection
UnityOfWork.BeginTransaction
ExemploRepository.AlgumaOperacao
pocSql.Controllers.ExemploController.Get
….
==> 48 threads with 7 roots
Repare que todas as threads gerenciadas que estavam processando alguma requisição estavam esperando uma resposta do método: Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection, UInt32, Boolean, Boolean, DbConnectionOptions, DbConnectionInternal ByRef).
Isto significa que todas as threadsaguardavam uma conexão ao
banco de dados ser liberada para que pudessem continuar o processamento da requisição.
Solução
Neste exemplo a utilização da palavra reservada using já resolveria o problema:
public int ExecuteNonQuery(string command)
{
using SqlConnection connection = new SqlConnection(“connectionString”);
DbCommand dbCommand = Connection.CreateCommand();
dbCommand.CommandText = command;
dbCommand.Connection = connection;
return dbCommand.ExecuteNonQuery();
}
A palavra reservada using garante uso correto de objetos que implementam a interface IDisposable, em outras palavras, quando o programa finalizar o escopo do método acima, o método Dispose da conexão será chamado, garantindo que a conexão seja fechada corretamente, mesmo que ocorra uma exceção.
Segue o resultado do teste após a implementação da correção:
script: .pocSqlloadTest.js
output:
scenarios: (100.00%) 1 scenario, 100 max VUs, 2m30s max duration (incl. graceful stop):
http_req_connecting……..: avg=77.15µs min=0s med=0s max=9.22ms p(90)=0s p(95)=0s
http_req_duration……….: avg=1.38s min=286.15ms med=1.14s max=17.94s p(90)=1.99s p(95)=2.6s
http_req_failed…………: 100.00% ✓ 8689 ✗ 0
running (2m01.3s), 000/100 VUs, 8689 complete and 0 interrupted iterations
A diferença é gritante, o tempo médio de resposta caiu de 33 segundos para 1,38 segundos.
Padrão Dispose
Infelizmente nem toda implementação do ADO.NET é tão simples como a que demonstrei nesse artigo. Em diversos casos, deparei-me com classes que implementam o objeto SqlConnection como propriedade para reutilizar a conexão em diversos métodos, controlar transações, entre outras coisas.
Para esses casos, a utilização do using é inviável, e a implementação do padrão Dispose pode ser necessária. Para nossa sorte, as versões recentes do container de injeção de dependência no .NET Core o Microsoft.Extensions.DependencyInjection, já resolve boa parte do problema.
Imagine que temos a seguinte classe:
public class Connection
{
private readonly SqlConnection _connection;
public Connection(SqlConnection connection)
{
_connection = connection;
}
}
Se a classe acima foi registrada corretamente, o container de injeção de dependência irá chamar o método Dispose da conexão quando a aplicação finalizar o escopo do método que a utilizou.
Para registrar a classe corretamente:
services.AddScoped<IDbConnection>((sp) => new SqlConnection(dbConnectionString));
services.AddScoped<Connection>();
Como a conexão foi injetada como uma dependência, a classe Connection não precisa implementar a interface Dispose.
Agora um exemplo onde o método construtor é responsável por instânciar o objeto _connection:
public class ExemploRepository
{
private readonly IDbConnection _connection;
public ExemploRepository()
{
_connection = new SqlConnection(“connectionString”);
}
}
A classe ExemploRepository precisa implementar a interface IDisposable, e chamar o método Dispose da conexão, caso contrário o container de injeção de dependência não conseguiria identificar que a propriedade _connectio implementa a interface IDisposable.
public class ExemploRepository : IDisposable
{
private readonly IDbConnection _connection;
public ExemploRepository()
{
_connection = new SqlConnection(“connectionString”);
}
public void Dispose()
{
_connection.Dispose();
}
}
Conclusão
Os objetos do tipo SqlConnection são objetos que representam uma conexão física com um banco de dados, e devem ser gerenciados corretamente para evitar problemas de desempenho e escalabilidade. A utilização da palavra reservada using é a forma mais simples de garantir que a conexão seja fechada corretamente, mesmo que ocorra uma exceção. Em casos mais complexos, a implementação do padrão Dispose pode ser necessária.
Embora sutil, o gerenciamento de conexões SQL é um tema que merece atenção, pois pode impactar significativamente o desempenho e escalabilidade de uma aplicação.
Microsoft Tech Community – Latest Blogs –Read More
RAG techniques: Function calling for more structured retrieval
Retrieval Augmented Generation (RAG) is a popular technique to get LLMs to provide answers that are grounded in a data source. When we use RAG, we use the user’s question to search a knowledge base (like Azure AI Search), then pass along both the question and the relevant content to the LLM (gpt-3.5-turbo or gpt-4), with a directive to answer only according to the sources. In psuedo-code:
user_query = “what’s in the Northwind Plus plan?”
user_query_vector = create_embedding(user_query, “ada-002”)
results = search(user_query, user_query_vector)
response = create_chat_completion(system_prompt, user_query, results)
If the search function can find the right results in the index (assuming the answer is somewhere in the index), then the LLM can typically do a pretty good job of synthesizing the answer from the sources.
Unstructured queries
This simple RAG approach works best for “unstructured queries”, like:
What’s in the Northwind Plus plan?
What are the expectations of a product manager?
What benefits are provided by the company?
When using Azure AI Search as the knowledge base, the search call will perform both a vector and keyword search, finding all the relevant document chunks that match the keywords and concepts in the query.
Structured queries
But you may find that users are instead asking more “structured” queries, like:
Summarize the document called “perksplus.pdf”
What are the topics in documents by Pamela Fox?
Key points in most recent uploaded documents
We can think of them as structured queries, because they’re trying to filter on specific metadata about a document. You could imagine a world where you used a syntax to specify that metadata filtering, like:
Summarize the document title:perksplus.pdf
Topics in documents author:PamelaFox
Key points time:2weeks
We don’t want to actually introduce a query syntax to a a RAG chat application if we don’t need to, since only power users tend to use specialized query syntax, and we’d ideally have our RAG just do the right thing in that situation.
Using function calling in RAG
Fortunately, we can use the OpenAI function-calling feature to recognize that a user’s query would benefit from a more structured search, and perform that search instead.
If you’ve never used function calling before, it’s an alternative way of asking an OpenAI GPT model to respond to a chat completion request. In addition to sending our usual system prompt, chat history, and user message, we also send along a list of possible functions that could be called to answer the question. We can define those in JSON or as a Pydantic model dumped to JSON. Then, when the response comes back from the model, we can see what function it decided to call, and with what parameters. At that point, we can actually call that function, if it exists, or just use that information in our code in some other way.
To use function calling in RAG, we first need to introduce an LLM pre-processing step to handle user queries, as I described in my previous blog post. That will give us an opportunity to intercept the query before we even perform the search step of RAG.
For that pre-processing step, we can start off with a function to handle the general case of unstructured queries:
tools: List[ChatCompletionToolParam] = [
{
“type”: “function”,
“function”: {
“name”: “search_sources”,
“description”: “Retrieve sources from the Azure AI Search index”,
“parameters”: {
“type”: “object”,
“properties”: {
“search_query”: {
“type”: “string”,
“description”: “Query string to retrieve documents from azure search eg: ‘Health care plan'”,
}
},
“required”: [“search_query”],
},
},
}
]
Then we send off a request to the chat completion API, letting it know it can use that function.
chat_completion: ChatCompletion = self.openai_client.chat.completions.create(
messages=messages,
model=model,
temperature=0.0,
max_tokens=100,
n=1,
tools=tools,
tool_choice=”auto”,
)
When the response comes back, we process it to see if the model decided to call the function, and extract the search_query parameter if so.
response_message = chat_completion.choices[0].message
if response_message.tool_calls:
for tool in response_message.tool_calls:
if tool.type != “function”:
continue
function = tool.function
if function.name == “search_sources”:
arg = json.loads(function.arguments)
search_query = arg.get(“search_query”, self.NO_RESPONSE)
If the model didn’t include the function call in its response, that’s not a big deal as we just fall back to using the user’s original query as the search query. We proceed with the rest of the RAG flow as usual, sending the original question with whatever results came back in our final LLM call.
Adding more functions for structured queries
Now that we’ve introduced one function into the RAG flow, we can more easily add additional functions to recognize structured queries. For example, this function recognizes when a user wants to search by a particular filename:
{
“type”: “function”,
“function”: {
“name”: “search_by_filename”,
“description”: “Retrieve a specific filename from the Azure AI Search index”,
“parameters”: {
“type”: “object”,
“properties”: {
“filename”: {
“type”: “string”,
“description”: “The filename, like ‘PerksPlus.pdf'”,
}
},
“required”: [“filename”],
},
},
},
We need to extend the function parsing code to extract the filename argument:
if function.name == “search_by_filename”:
arg = json.loads(function.arguments)
filename = arg.get(“filename”, “”)
filename_filter = filename
Then we can decide how to use that filename filter. In the case of Azure AI search, I build a filter that checks that a particular index field matches the filename argument, and pass that to my search call. If using a relational database, it’d become an additional WHERE clause.
Simply by adding that function, I was able to get much better answers to questions in my RAG app like ‘Summarize the document called “perksplus.pdf”‘, since my search results were truly limited to chunks from that file. You can see my full code changes to add this function to our RAG starter app repo in this PR.
Considerations
This can be a very powerful technique, but as with all things LLM, there are gotchas:
Function definitions add to your prompt token count, increasing cost.
There may be times where the LLM doesn’t decide to return the function call, even when you thought it should have.
The more functions you add, the more likely the LLM will get confused about which one to pick, especially if functions are similar to each other. You can try to make it more clear to the LLM by prompt engineering the function name and description, or even providing few shots.
Here are additional approaches you can try:
Content expansion: Store metadata inside the indexed field and compute the embedding based on both the metadata and content. For example, the content field could have “filename:perksplus.pdf text:The perks are…”.
Add metadata as separate fields in the search index, and append those to the content sent to the LLM. For example, you could put “Last modified: 2 weeks ago” in each chunk sent to the LLM, if you were trying to help it’s ability to answer questions about recency. This is similar to the content expansion approach, but the metadata isn’t included when calculating the embedding. You could also compute embeddings separately for each metadata field, and do a multi-vector search.
Add filters to the UI of your RAG chat application, as part of the chat box or a sidebar of settings.
Use fine-tuning on a model to help it realize when it should call particular functions or respond a certain way. You could even teach it to use a structured query syntax, and remove the functions entirely from your call. This is a last resort, however, since fine-tuning is costly and time-consuming.
Microsoft Tech Community – Latest Blogs –Read More
Instant File Initialization for the transaction log | SQL Server 2022 Hidden Gems | Data Exposed
Next in the SQL Server 2022 hidden gems series you’ll learn about Instant file Initialization (IFI) behavior for Log file growth even with TDE enabled (does not require special privilege).
Resources:
What’s new in SQL Server 2022 – SQL Server | Microsoft Learn
View/share our latest episodes on Microsoft Learn and YouTube!
Microsoft Tech Community – Latest Blogs –Read More