In a recent support case, our customer faced an intriguing issue where a query execution in a .NET application was unexpectedly canceled during asynchronous operations against Azure SQL Database. This experience highlighted the nuances of handling query cancellations, which could stem from either a CommandTimeout or a CancellationToken. Through this concise article, I aim to elucidate these two cancellation scenarios, alongside strategies for managing SQL errors, ensuring connection resilience through retries, and measuring query execution time. The accompanying code serves as a practical guide, demonstrating how to adjust timeouts dynamically in an attempt to successfully complete a query, should it face cancellation due to timeout constraints. This narrative not only shares a real-world scenario but also provides actionable insights for developers looking to fortify their .NET applications interacting with Azure SQL Database.

Introduction:

Understanding and managing query cancellations in asynchronous database operations are critical for maintaining the performance and reliability of .NET applications. This article stems from a real-world support scenario where a customer encountered unexpected query cancellations while interacting with Azure SQL Database. The issue brings to light the importance of distinguishing between cancellations caused by CommandTimeout and those triggered by CancellationToken, each requiring a distinct approach to error handling and application logic.

Cancellations: CommandTimeout vs. CancellationToken:

In asynchronous database operations, two primary types of cancellations can occur: one due to the command’s execution time exceeding the CommandTimeout limit, and the other due to a CancellationToken being invoked. Understanding the difference is crucial, as each scenario demands specific error handling strategies. A CommandTimeout cancellation typically indicates that the query is taking longer than expected, possibly due to database performance issues or query complexity. On the other hand, a cancellation triggered by a CancellationToken may be due to application logic deciding to abort the operation, often in response to user actions or to maintain application responsiveness.

Error Handling and Connection Resilience:

Errors during query execution, such as syntax errors or references to non-existent database objects, necessitate immediate attention and are not suitable for retry logic. The application must distinguish these errors from transient faults, where retry logic with exponential backoff can be beneficial. Moreover, connection resilience is paramount, and implementing a retry mechanism for establishing database connections ensures that transient network issues do not disrupt application functionality.

Measuring Query Execution Time:

Gauging the execution time of queries is instrumental in identifying performance bottlenecks and optimizing database interactions. The example code demonstrates using a Stopwatch to measure and log the duration of query execution, providing valuable insights for performance tuning.

Adaptive Timeout Strategy:

The code snippet illustrates an adaptive approach to handling query cancellations due to timeouts. By dynamically adjusting the CommandTimeout and CancellationToken timeout values upon encountering a timeout-related cancellation, the application attempts to afford the query additional time to complete in subsequent retries, where feasible.

Conclusion:

The intersection of CommandTimeout, CancellationToken, error handling, and connection resilience forms the crux of robust database interaction logic in .NET applications. This article, inspired by a real-world support case, sheds light on these critical aspects, offering a pragmatic code example that developers can adapt to enhance the reliability and performance of their applications when working with Azure SQL Database. The nuanced understanding and strategic handling of query cancellations, as discussed, are pivotal in crafting responsive and resilient .NET database applications.

Example C# code:

using System;
using System.Diagnostics;
using System.Data;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Data.SqlClient;

namespace CancellationToken
{
class Program
{
private static string ConnectionString = “Server=tcp:servername.database.windows.net,1433;User Id=MyUser;Password=MyPassword;Initial Catalog=MyDB;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Pooling=true;Max Pool size=100;Min Pool Size=1;ConnectRetryCount=3;ConnectRetryInterval=10;Application Name=ConnTest”;
private static string Query = “waitfor delay ’00:00:20′”;

static async Task Main(string[] args)
{
SqlConnection connection = await EstablishConnectionWithRetriesAsync(3, 2000);
if (connection == null)
{
Console.WriteLine(“Failed to establish a database connection.”);
return;
}

await ExecuteQueryWithRetriesAsync(connection, 5, 1000, 30000,15);

connection.Close();
}

private static async Task<SqlConnection> EstablishConnectionWithRetriesAsync(int maxRetries, int initialDelay)
{
SqlConnection connection = null;
int retryDelay = initialDelay;

for (int attempt = 1; attempt <= maxRetries; attempt++)
{
try
{
connection = new SqlConnection(ConnectionString);
await connection.OpenAsync();
Console.WriteLine(“Connection established successfully.”);
return connection;
}
catch (SqlException ex)
{
Console.WriteLine($”Failed to establish connection: {ex.Message}. Attempt {attempt} of {maxRetries}.”);
if (attempt == maxRetries)
{
Console.WriteLine(“Maximum number of connection attempts reached. The application will terminate.”);
return null;
}

Console.WriteLine($”Waiting {retryDelay / 1000} seconds before the next connection attempt…”);
await Task.Delay(retryDelay);

retryDelay *= 2;
}
}

return null;
}

private static async Task ExecuteQueryWithRetriesAsync(SqlConnection connection, int maxRetries, int initialDelay, int CancellationTokenTimeout, int CommandSQLTimeout)
{
int retryDelay = initialDelay;

for (int attempt = 1; attempt <= maxRetries; attempt++)
{
using (var cts = new CancellationTokenSource())
{
cts.CancelAfter(CancellationTokenTimeout*attempt); // Set CancellationToken timeout

try
{
using (SqlCommand command = new SqlCommand(Query, connection))
{
command.CommandTimeout = CommandSQLTimeout*attempt;

Stopwatch stopwatch = Stopwatch.StartNew();

await command.ExecuteNonQueryAsync(cts.Token);

stopwatch.Stop();
Console.WriteLine($”Query executed successfully in {stopwatch.ElapsedMilliseconds} milliseconds.”);

return;
}
}
catch (TaskCanceledException)
{
Console.WriteLine($”Query execution was canceled by the CancellationToken. Attempt {attempt} of {maxRetries}.”);
}
catch (SqlException ex) when (ex.Number == -2)
{
Console.WriteLine($”Query execution was canceled due to CommandTimeout. Attempt {attempt} of {maxRetries}.”);
}
catch (SqlException ex) when (ex.Number == 207 || ex.Number == 208 || ex.Number == 2627)
{
Console.WriteLine($”SQL error preventing retries: {ex.Message}”);
return;
}
catch (Exception ex)
{
Console.WriteLine($”An exception occurred: {ex.Message}”);
return;
}

Console.WriteLine($”Waiting {retryDelay / 1000} seconds before the next query attempt…”);
await Task.Delay(retryDelay);

retryDelay *= 2;
}
}
}
}
}

Tests and Results:

In the course of addressing the query cancellation issue, we conducted a series of tests to understand the behavior under different scenarios and the corresponding exceptions thrown by the .NET application. Here are the findings:

Cancellation Prior to Query Execution:

Scenario: The cancellation occurs before the query gets a chance to execute, potentially due to reasons such as application overload or a preemptive cancellation policy.
Exception Thrown: TaskCanceledException
Internal Error Message: “A task was canceled.”
Explanation: This exception is thrown when the operation is canceled through a CancellationToken, indicating that the asynchronous task was canceled before it could begin executing the SQL command. It reflects the application’s decision to abort the operation, often to maintain responsiveness or manage workload.

Cancellation Due to CommandTimeout:

Scenario: The cancellation is triggered by reaching the CommandTimeout of SqlCommand, indicating that the query’s execution duration exceeded the specified timeout limit.
Exception Thrown: SqlException with an error number of -2
Internal Error Message: “Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.”
Explanation: This exception occurs when the query execution time surpasses the CommandTimeout value, prompting SQL Server to halt the operation. It suggests that the query may be too complex, the server is under heavy load, or there are network latency issues.

Cancellation Before CommandTimeout is Reached:

Scenario: The cancellation happens before the CommandTimeout duration is met, not due to the CommandTimeout setting but possibly due to an explicit cancellation request or an unforeseen severe error during execution.
Exception Thrown: General Exception (or a more specific exception depending on the context)
Internal Error Message: “A severe error occurred on the current command. The results, if any, should be discarded.rnOperation cancelled by user.”
Explanation: This exception indicates an abrupt termination of the command, potentially due to an external cancellation signal or a critical error that necessitates aborting the command. Unlike the TaskCanceledException, this may not always originate from a CancellationToken and can indicate more severe issues with the command or the connection.

​Microsoft Tech Community – Latest Blogs –Read More 

Are you a Viva Glint administrator looking for information on how to build your survey program? Are you looking for People Science best practices or to learn from fellow administrators such as yourself? As an administrator, you have access to a wealth of resources to help you take full advantage of everything Viva Glint has to offer.  

Check out this page for more information on: 

Deploying Viva Glint 

Documentation – Find technical articles and guidance to help you through your Viva Glint journey  
Badging – Complete our recommended learning paths and modules to earn a digital badge and showcase your achievements 
Ask the Experts sessions – Join our monthly live sessions to learn best practices and get your questions answered about the product 

Learning with us  

Events – Attend our Viva Glint events that cover a range of topics sourced from our customer feedback 
Blogs – Stay up-to-date with thought leadership, newsletters, and program launches 

Connecting with us 

Newsletter – Register for this recurring email that highlights new announcements, features, and Viva Glint updates 
Product council – Be a part of a community that provides our team with feedback on how we can improve our products and services 

Connecting with others  

Learning Circles – Participate in these diverse groups to share knowledge, experiences, and challenges with fellow Viva Glint customers 
Cohorts – Join these groups to be connected to like-minded Viva Glint customers and hear topic-based best practices from our Viva Glint team (Coming Soon) 
Community – Engage with the Viva Community to ask questions, share ideas, and learn best practices through this online forum 

Be sure to leverage these resources to make the most of your role as an administrator and empower your organization to achieve more with Viva Glint! 

​Microsoft Tech Community – Latest Blogs –Read More 

In the realm of big data and cloud computing, efficiently managing and transferring data between different platforms and formats is paramount. Azure SQL Database, a fully managed relational database service by Microsoft, offers robust capabilities for handling large volumes of data. However, when it comes to importing data from Parquet files, a popular columnar storage format, Azure SQL Database’s native BULK INSERT command does not directly support this format. This article presents a practical solution using a C# console application to bridge this gap, leveraging the Microsoft.Data.SqlClient.SqlBulkCopy class for high-performance bulk data loading.

Understanding Parquet and Its Significance

Parquet is an open-source, columnar storage file format optimized for use with big data processing frameworks. Its design is particularly beneficial for complex nested data structures and efficient data compression and encoding schemes, making it a favored choice for data warehousing and analytical processing tasks.

The Challenge with Direct Data Loading

Azure SQL Database’s BULK INSERT command is a powerful tool for importing large volumes of data quickly. 

A C# Solution: Bridging the Gap

To overcome this limitation, we can develop a C# console application that reads Parquet files, processes the data, and utilizes SqlBulkCopy for efficient data transfer to Azure SQL Database. This approach offers flexibility and control over the data loading process, making it suitable for a wide range of data integration scenarios.

Step 1: Setting Up the Environment

Before diving into the code, ensure your development environment is set up with the following:

.NET Core or .NET Framework compatible with Microsoft.Data.SqlClient.
Microsoft.Data.SqlClient package installed in your project.
Parquet.Net package to facilitate Parquet file reading.

Step 2: Create the target table in Azure SQL Database.

create table parquet (id int, city varchar(30))

Step 3: Create Parquet File in C#

The following C# code allows to Parquet file using two columns ID and city. 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.IO;
using Parquet;
using Parquet.Data;
using Parquet.Schema;

namespace ManageParquet
{
class ClsWriteParquetFile
{
public async Task CreateFile(string filePath)
{
var schema = new ParquetSchema( new DataField<int>(“id”), new DataField<string>(“city”));
var idColumn = new DataColumn( schema.DataFields[0], new int[] { 1, 2 });
var cityColumn = new DataColumn( schema.DataFields[1], new string[] { “L”, “D” });
using (Stream fileStream = System.IO.File.OpenWrite(filePath))
{
using (ParquetWriter parquetWriter = await ParquetWriter.CreateAsync(schema, fileStream))
{
parquetWriter.CompressionMethod = CompressionMethod.Gzip;
parquetWriter.CompressionLevel = System.IO.Compression.CompressionLevel.Optimal;
// create a new row group in the file
using (ParquetRowGroupWriter groupWriter = parquetWriter.CreateRowGroup())
{
groupWriter.WriteColumnAsync(idColumn);
groupWriter.WriteColumnAsync(cityColumn);
}
}
}
}
}
}

Step 4: Reading Parquet Files in C#

The first part of the solution involves reading the Parquet file. We leverage the ParquetReader class to access the data stored in the Parquet format.

In the following source code you could find two methods. The first method only read the parquet file and the second one reads and saves the data in a table of Azure SQL Database.

using Parquet;
using Parquet.Data;
using Parquet.Schema;
using System;
using System.Data;
using System.IO;
using System.Threading.Tasks;
using Microsoft.Data.SqlClient;

namespace ManageParquet
{

class ClsReadParquetFile
{
public async Task ReadFile(string filePath)
{
ParquetReader parquetReader = await ParquetReader.CreateAsync(filePath);//, options);

ParquetSchema schema = parquetReader.Schema;
Console.WriteLine(“Schema Parquet file:”);
foreach (var field in schema.Fields)
{
Console.WriteLine($”{field.Name}”);
}

for (int i = 0; i < parquetReader.RowGroupCount; i++)
{
using (ParquetRowGroupReader groupReader = parquetReader.OpenRowGroupReader(i))
{
foreach (DataField field in schema.GetDataFields())
{
Parquet.Data.DataColumn column = await groupReader.ReadColumnAsync(field);

Console.WriteLine($”Column Data of ‘{field.Name}’:”);
foreach (var value in column.Data)
{
Console.WriteLine(value);
}
}
}
}
}

public async Task ReadFileLoadSQL(string filePath)
{
ParquetReader parquetReader = await ParquetReader.CreateAsync(filePath);//, options);
//ParquetSchema schema = parquetReader.Schema;
var schema = new ParquetSchema(new DataField<int>(“id”), new DataField<string>(“city”));
DataTable dataTable = new DataTable();
dataTable.Columns.Add(“id”, typeof(int));
dataTable.Columns.Add(“city”, typeof(string));

for (int i = 0; i < parquetReader.RowGroupCount; i++)
{
using (ParquetRowGroupReader groupReader = parquetReader.OpenRowGroupReader(i))
{

var idColumn = new Parquet.Data.DataColumn(schema.DataFields[0], new int[] { 1, 2 });
var cityColumn = new Parquet.Data.DataColumn(schema.DataFields[1], new string[] { “L”, “D” });
for (int j = 0; j < idColumn.Data.Length; j++)
{
var row = dataTable.NewRow();
row[“id”] = idColumn.Data.GetValue(j);
row[“city”] = cityColumn.Data.GetValue(j);
dataTable.Rows.Add(row);
}
}
}

using (SqlConnection dbConnection = new SqlConnection(“Server=tcp:servername.database.windows.net,1433;User Id=MyUser;Password=MyPassword!;Initial Catalog=MyDb;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Pooling=true;Max Pool size=100;Min Pool Size=1;ConnectRetryCount=3;ConnectRetryInterval=10;Application Name=ConnTest”))
{
await dbConnection.OpenAsync();
using (SqlBulkCopy s = new SqlBulkCopy(dbConnection))
{
s.DestinationTableName = “Parquet”;
foreach (System.Data.DataColumn column in dataTable.Columns)
{
s.ColumnMappings.Add(column.ColumnName, column.ColumnName);
}

await s.WriteToServerAsync(dataTable);
}
}
}
}
}

Conclusion

This C# console application demonstrates an effective workaround for loading data from Parquet files into Azure SQL Database, circumventing the limitations of the BULK INSERT command. By leveraging the .NET ecosystem and the powerful SqlBulkCopy class, developers can facilitate seamless data integration processes, enhancing the interoperability between different data storage formats and Azure SQL Database.

​Microsoft Tech Community – Latest Blogs –Read More 

Microsoft 365 offers the cloud-backed apps, security, and storage that customers worldwide rely on to achieve more in a connected world – and lays a foundation for leveraging generative AI to go even further. However, we know that some customers have niche yet important scenarios that require a truly long-term servicing channel: regulated devices that cannot accept feature updates for years at a time, process control devices on the manufacturing floor that are not connected to the internet, and specialty systems like medical testing equipment that run embedded apps that must stay locked in time. For these special cases, Microsoft continues to offer and support the Office Long-Term Servicing Channel (LTSC). Today we are pleased to announce that the commercial preview of the next Office LTSC release – Office LTSC 2024 – will begin next month, with general availability to follow later this year.  

About this release

Like earlier perpetual versions of Office, Office LTSC 2024 will include only a subset of the value found in Microsoft 365 Apps, building on the features included in past releases. New features for Office LTSC 2024 include: new meeting creation options and search enhancements in Outlook, dozens of new Excel features and functions including Dynamic Charts and Arrays; and improved performance, security, and accessibility.  Office LTSC 2024 will not ship with Microsoft Publisher, which is being retired, or with the Microsoft Teams app, which is available to download separately.

While Office LTSC 2024 offers many significant improvements over the previous Office LTSC release, as an on-premises product it will not offer the cloud-based capabilities of Microsoft 365 Apps, like real-time collaboration; AI-driven automation in Word, Excel, and PowerPoint; or cloud-backed security and compliance capabilities that give added confidence in a hybrid world. And with device-based licensing and extended offline access, Microsoft 365 offers deployment options for scenarios like computer labs and submarines that require something other than a user-based, always-online solution. Microsoft 365 (or Office 365) is also required to subscribe to Microsoft Copilot for Microsoft 365; as a disconnected product, Office LTSC does not qualify.

As with previous releases, Office LTSC 2024 will still be a device-based “perpetual” license, supported for five years under the Fixed Lifecycle Policy, in parallel with Windows 11 LTSC, which will also launch later this year. And because we know that many customers deploy Office LTSC on only a subset of their devices, we will continue to support the deployment of both Office LTSC and Microsoft 365 Apps to different machines within the same organization using a common set of deployment tools.

Office LTSC is a specialty product that Microsoft has committed to maintaining for use in exceptional circumstances, and the 2024 release provides substantial new feature value for those scenarios. To support continued innovation in this niche space, Microsoft will increase the price of Office LTSC Professional Plus, Office LTSC Standard, Office LTSC Embedded, and the individual apps by up to 10% at the time of general availability. And, because we are asked at the time of release if there will be another one, I can confirm our commitment to another release in the future.

We will provide additional information about the next version of on-premises Visio and Project in the coming months.

Office 2024 for consumers

We are also planning to release a new version of on-premises Office for consumers later this year: Office 2024. Office 2024 will also be supported for five years with the traditional “one-time purchase” model. We do not plan to change the price for these products at the time of the release. We will announce more details about new features included in Office 2024 closer to general availability.  

Embracing the future of work

The future of work in an AI-powered world is on the cloud. In most customer scenarios, Microsoft 365 offers the most secure, productive, and cost-effective solution, and positions customers to unlock the transformative power of AI with Microsoft Copilot. Especially as we approach the end of support for Office 2016 and Office 2019 in October 2025, we encourage customers still using these solutions to transition to a cloud subscription that suits their needs as a small business or a larger organization. And for scenarios where that is not possible – where a disconnected, locked-in-time solution is required – this new release reflects our commitment to supporting that need.

FAQ

Q: Will the next version of Office have a Mac version?

A: Yes, the next version of Office will have both Windows and Mac versions for both commercial and consumer.

Q: Will the next version of Office be supported on Windows 10?

A: Yes, Office LTSC 2024 will be supported on Windows 10 and Windows 10 LTSC devices (with the exception of Arm devices, which will require Windows 11).

Q: Will the next version support both 32- and 64-bit?

A: Yes, the next version of Office will ship both 32-and 64-bit versions.

​Microsoft Tech Community – Latest Blogs –Read More 

We recently identified an issue where users with iOS/iPadOS devices enrolling with Automated Device Enrollment (ADE) are unable to sign in to the Intune Company Portal app for iOS/iPadOS. Instead, they’re incorrectly prompted to navigate to the Intune Company Portal website to enroll their device, and they are unable to complete enrollment. This issue occurs for newly enrolled ADE users that are targeted with an “Account driven user enrollment” or “Web based device enrollment” enrollment profile and just in time (JIT) registration has not been set up.

While we’re actively working on resolving this issue, we always recommend organizations using iOS/iPadOS ADE to have JIT registration set up for their devices for the best and most secure user experience. For more information review: Set up just in time registration.

Stay tuned to this blog for updates on the fix! If you have any questions, leave a comment below or reach out to us on X @IntuneSuppTeam.

​Microsoft Tech Community – Latest Blogs –Read More 

This is your chance to be recognized as part of the Microsoft Partner of the Year Awards! Nominate before the April 3 deadline.

Celebrated annually, these awards recognize the incredible impact that Microsoft partners are delivering to customers and celebrate the outstanding successes and innovations across Solution Areas, industries, and key areas of impact, with a focus on strategic initiatives and technologies. Partners of all types, sizes, and geographies are encouraged to self-nominate. This is an opportunity for partners to be recognized on a global scale for their innovative solutions built using Microsoft technologies.

In addition to recognizing partners for the impact in our award categories, we also recognize partners from over 100 countries/regions around the world as part of the Country/Region Partner of the Year Awards. In 2024, we’re excited to offer additional opportunities to recognize partner impact through new awards – read our blog to learn more and download the official guidelines for specific eligibility requirements.

Find resources on how to write a great entry, FAQs and more on our the Partner of the Year Awards website.

Nominate here!

​Microsoft Tech Community – Latest Blogs –Read More 

By Julie Sanford, Vice President, Partner GTM, Programs & Experiences

As malicious actors continue to intensify their use of AI, security professionals must also incorporate AI into their solutions to counter the increasing threat. To support our partners and customers in securing their businesses, we are excited to announce the general availability of Microsoft Copilot for Security in all commerce channels, including CSP, on April 1, 2024. This new Copilot provides Microsoft partners with a powerful resource to safeguard their organizations, while improving the security services and solutions they offer. 

Copilot for Security is the first generative AI security product designed to defend organizations at the speed and scale of AI. This announcement continues our AI momentum following the recent general availability of Copilot for Microsoft 365, Copilot for Finance, Copilot for Sales, Copilot for Service, and Copilot for the education market. 

We have also added new resources for Copilot for Microsoft 365 ready to help you deliver more value, adoption, and seat growth with customers. Read our blog for these updates. 

Copilot for Security is designed to complement, rather than replace human skills. Our partners bring their experience, skills, and established methods for dealing with vulnerabilities. This new tool enables them to apply their expertise to services and offerings that AI solutions without human insights cannot match.  

Continue reading here

​Microsoft Tech Community – Latest Blogs –Read More 

What’s new in Defender: How Copilot for Security can transform your SOC

Today at Secure, we announced that Microsoft Copilot for Security will be generally available on April 1.  Copilot equips security teams with purpose-built capabilities at every stage of the security lifecycle, embedded right into the unified security operations platform in the Defender portal. Early users of Copilot for Security have already seen significant measurable results when integrated in their SOC, transforming their operations and boosting their defense and posture against both ongoing and emerging threats. Read on to learn about the capabilities to GA on 4/1 embedded in the Defender portal for Defender XDR and Microsoft Sentinel data and how early access customers are already enjoying its value.

Prevent breaches with dynamic threat insight

Copilot for Security leverages the rich portfolio of Microsoft Security products to produce enriched insights for security analysts in the context of their workflow. At GA, you will be able to use Copilot for Security with Microsoft Defender Threat Intelligence and Threat Analytics in the Defender portal to tap into high-fidelity threat intelligence on threat actors, tooling and infrastructure and easily discover and summarize recommendations specific to your environment’s risk profile, all using natural language. These insights can help security teams improve their security posture by prioritizing threats and managing exposures proactively against adversaries, keeping their organizations protected from potential breaches.

Identify and prioritize with built-in context

“Copilot for Security is allowing us to re-envision security operations. It will be critical in helping us close the talent gap.” Greg Petersen Sr. Director – Security Technology & Operations, Avanade 

Automation of common manual tasks with Copilot frees up analyst time and allows them to focus on more complex and urgent demands. For example, analysts need to understand the attack story and impact to determine next steps, and this often requires time and effort to collect and understand all of the relevant details. To make this task faster and easier, Copilot’s incident summaries, with AI-powered data processing and contextualization, provides this content readily available, saving significant triage time. Complimenting Microsoft Defender XDR’s unique ability to correlate incidents from a variety of workloads, Copilot’s incident summary provides the attack story and potential impact directly in the incident page. At GA, asset summaries become available for use in investigation. The first of these is a device summary, where Copilot provides highlights about the device based on all cross-workload information available in Defender XDR, as well as other device data integrated in from Intune. This further improves efficiency during triage and enables analysts to more quickly assess and prioritize incidents, leading to faster response.

As part of incident investigation and response, analysts often reach out to employees to get more information about unusual activity on their devices or to communicate about an incident or a limitation in access. New at GA, Copilot now makes this faster by generating tailored messages with all the details an employee would need and enabling analysts to send those messages through Microsoft Teams or Outlook – directly from the portal. Copilot links directly to many tasks that would normally require going to another view or product – another example of added efficiency for security teams.

During Early access, 97%* of security professionals reported they would make consistent use of Copilot capabilities in their day-to-day workflows.

Accelerate full resolution for every incident

“Copilot for Security can democratize security to the end user. It is no longer just with the subject matter expert. The average analyst training time used to be a couple of months, and that can reduce drastically if you’re using Copilot.”  Chandan Pani, Chief Information Security Officer, LTIMindtree 

During an incident, every second counts. With additional Copilot capabilities, like guided response and automated incident reports, analysts of all levels can move an average of 22% faster* and accelerate time to resolution.

Guided response, provided by Copilot during incident investigation and report in the Defender portal, helps analysts determine what to do next, based on the specific incident at hand.

Example recommendations include:

Triaging an incident with a recommended classification and threat category
Steps to take to contain an incident, such as suspending a compromised account
Investigation actions, such as finding all emails that were part of a phishing campaign
How to remediate an incident, such as resetting a user’s password

Action recommendations are provided with links to the next steps, which can be taken directly in the Copilot window, reducing time spent switching views.

After successfully closing out an incident, analysts often spend time drafting reports for peers and leadership to provide a summary of the attack and remediation steps taken. Using Copilot, an incident report is easily generated with the click of a button, instantly delivering a high-quality summary ready to share or save for documentation. For GA, exporting the report to a detailed formatted PDF is now available, making for a great executive-shareable report.

Elevate analysts with intelligent assistance

“Copilot for Security allows us to quickly analyze Python and PowerShell scripts. This means that staff with less experience can quickly analyze scripts, saving valuable time in the cybersecurity area where time is so important.”  Mark Marshall, Assistant Chief Information Officer , Peel District School Board 

Security teams are made up of individuals with a variety of different skillsets and levels of experience, and as demands and requirements change, up-leveling becomes critical. It can take time and expertise to learn how to effectively manage hunting jobs or analyze malicious scripts, which many organizations simply don’t have. Copilot makes expert tasks significantly simpler, reducing the time spent onboarding new recruits and training analysts while driving faster results.

For example, Copilot assists less experienced analysts with hunting during an investigation in the Defender Portal. An analyst can now create KQL queries simply using natural language – for example just asking for “all devices that logged on in the last hour”.  The user can then choose to run the generated query or have Copilot execute them automatically. Copilot can also recommend the best filters to apply after results are surfaced or suggest common next steps. Security teams see significant benefits with this as more senior analysts are now able to delegate threat hunting projects to newer or less experienced employees.

Another task commonly reserved to more experienced analysts is reverse engineering PowerShell, Python or other scripts, often used in HumOR and other attacks, and not every team even has this  expertise. Copilot’s script analysis feature gives security teams the ability to examine these scripts easily, without needing any prior knowledge of how to do so. This feature is also into the investigation process with a button prompting a user to “analyze with Copilot” anytime an alert contains a script. The resulting analysis is a line-by-line explanation of what the script is trying to do, with excerpts from the script for each explained section. Wit this, an analyst can quickly tell if a script is potentially harmful or not. New at GA, these capabilities extend to suspicious file analysis as well (executable or other), delivering details about the file’s internal characteristics and behavior and an easy way to assess maliciousness.

Interested in getting started with Copilot for Security?

The pace of innovation in AI is moving at lightning speed and we expect many more security teams to see significant benefits of the technology with the general availability of Copilot for Security. To learn more about Microsoft Copilot for Security, click here  or contact your Microsoft sales representative.

Learn more about Copilot skills for Defender XDR announced at early access : Operationalizing Microsoft Security Copilot to Reinvent SOC Productivity

*Microsoft Copilot for Security randomized controlled trial (RCT) with experienced security analysts conducted by Microsoft Office of the Chief Economist, January 2024.

​Microsoft Tech Community – Latest Blogs –Read More 

General Availability (GA): Azure Container Apps Managed Certificates!

Managed Certificates on Azure Container Apps will allow you to create certificates free of charge for custom domains added to your container app. The service will also manage the life cycle of these certificates and auto-renew them when they’re close to expiring.

To learn more, see Azure Container Apps managed certificate documentation.

​Microsoft Tech Community – Latest Blogs –Read More 

Sync Up Episode 9 is now available on all your favorite podcast apps! This month, Arvind Mishra and I are talking with Liz Scoble and Libby McCormick about the power of Create.Microsoft.com and how we’re bringing that power into the OneDrive experience! Along the way, we learn a little more about ourselves, about TPS reports, and much more!

Show: https://aka.ms/SyncUp | Apple Podcasts: https://aka.ms/SyncUp/Apple | Spotify: https://aka.ms/SyncUp/Spotify | RSS: https://aka.ms/SyncUp/RSS

As always, we hope you enjoyed this episode! Let us know what you think in the comments below!

​Microsoft Tech Community – Latest Blogs –Read More