We are thrilled to announce the general availability of the Azure Health Data Services DICOM service with Data Lake Storage, a solution that enables teams to store, manage, and access their medical imaging data in the cloud. Whether you’re involved in clinical operations, research endeavors, AI/ML model development, or any other facet of healthcare that involves medical imaging, the DICOM service can expand the possibilities of your imaging data and enable new workflows.

The DICOM service is available for teams to start using today with production imaging data.  To get started, visit the Azure Health Data Services docs and follow the steps to Deploy the DICOM service with Data Lake Storage.

Who Can Benefit?

The DICOM service with Data Lake Storage is designed for any team that requires a robust and scalable cloud storage solution for their medical imaging data. Whether you’re a healthcare institution migrating clinical and research data to the cloud, a development team in need of a scalable storage platform for imaging data, or an organization seeking to operationalize imaging data in AI/ML model development or secondary use scenarios, our DICOM service with Data Lake Storage is here to empower your endeavors.

Benefits of Azure Data Lake Storage

By integrating with Azure Data Lake Storage (ADLS Gen2), our DICOM service offers a myriad of benefits to healthcare teams:

Scalable Storage: Enjoy performant, massively scalable storage capabilities that can effortlessly accommodate your growing imaging data assets.
Data Governance: Take full control of your imaging data assets. Manage storage permissions, access controls, data replication strategies, backups, and more, ensuring compliance with global privacy standards.
Direct Data Access: Seamlessly access your DICOM data through Azure Storage APIs, enabling efficient retrieval and manipulation of your valuable medical imaging assets.  The DICOM service continues to provide DICOMweb APIs for storing, querying for, and retrieving imaging data. 
Ecosystem Integration: Leverage the entire ecosystem of tools surrounding ADLS, including AzCopy, Azure Storage Explorer, and Azure Storage Data Movement library, to help streamline your workflows and enhance productivity.
Unlock New Possibilities: Unlock new analytics and AI/ML scenarios by integrating with services like Azure Synapse, Azure Databricks, Azure Machine Learning, and Microsoft Fabric, enabling you to extract deeper insights and drive innovation in healthcare.

Integration with Microsoft Fabric

As called out above, a key benefit of Azure Data Lake Storage is that it connects to Microsoft Fabric. Microsoft Fabric is an end-to-end, unified analytics platform that brings together all the data and analytics tools that organizations need to unlock the potential of their data and lay the foundation for AI scenarios. By using Microsoft Fabric, you can use the rich ecosystem of Azure services to perform advanced analytics and AI/ML with medical imaging data, such as building and deploying machine learning models, creating cohorts for clinical trials, and generating insights for patient care and outcomes.

Get Started Today

The DICOM service with Data Lake Storage is available for teams to start using today with production imaging data – and customers can expect to receive the same level of support and adherence consistent with the healthcare privacy standards that Azure Health Data Services is known for. Whether you’re looking to enhance clinical operations, drive research breakthroughs, or unlock new AI-driven insights, the power of Azure Health Data Services can help you to achieve your goals.

To learn more about analytics with imaging data, see Get started using DICOM data in analytics workloads.

Pricing

With Azure Health Data Services, customers pay only for what they use. DICOM service customers incur storage costs for storage of the DICOM data and metadata used to operate the DICOM service as well as charges for API requests. The data lake storage model shifts most of the storage costs from Azure Health Data Services to Azure Data Lake Storage (where the .dcm files are stored).

For detailed pricing information, see Pricing – Azure Health Data Services and Azure Storage Data Lake Gen2 Pricing.

​Microsoft Tech Community – Latest Blogs –Read More 

Microsoft has developed a strong open source program over the past decade. Many of our tools and approaches are available for you to learn from and contribute to. This blog post explores some of the open-source projects at Microsoft and resources that will help you start contributing to and managing your own open-source projects. To learn more about Open Source at Microsoft, visit opensource.microsoft.com.  

.NET is open source 
Did you know .NET is open source? .NET is open source and cross-platform, and it’s maintained by Microsoft and the .NET community. Check it out on GitHub.   

Microsoft JDConf 2024 
Get ready for JDConf 2024—a free virtual event for Java developers. Explore the latest in tooling, architecture, cloud integration, frameworks, and AI. It all happens online March 27-28 and will include sessions on OpenJDK, OpenTelemetry, and Java development with Visual Studio Code. Learn more and register now.   

Getting started with the Fluent UI Blazor library 
The Fluent UI Blazor library is an open-source set of Blazor components used for building applications that have a Fluent design. Watch this Open at Microsoft episode for an overview and find out how to get started with the Fluent UI Blazor library. 

Generative AI for Beginners 
Want to build your own GenAI application? The free Generative AI for Beginners course on GitHub is the perfect place to start. Work through 18 in-depth lessons and learn everything from setting up your environment to using open-source models available on Hugging Face.    

Reactor series: GenAI for software developers 
Step into the future of software development with the Reactor series. GenAI for Software Developers explores cutting-edge AI tools and techniques for developers, revolutionizing the way you build and deploy applications. Register today and elevate your coding skills. 

How to get GraphQL endpoints with Data API Builder  
The Open at Microsoft show takes a look at using Data API Builder to easily create Graph QL endpoints. See how you can use this no-code solution to quickly enable advanced—and efficient—data interactions.   

Microsoft Graph Toolkit v4.0 is now generally available 
Microsoft Graph Toolkit v4.0 is now available. Learn about its new features, bug fixes, and improvements to the developer experience.   

Customize Dev Containers in VS Code with Dockerfiles and Docker Compose 
Dev containers offer a convenient way to deliver consistent and reproducible environments. Follow along with this video demo to customize your dev containers using Dockerfiles and Docker Compose. 

Other news and highlights for developers  

AI Show: LLM Evaluations in Azure AI Studio 
Don’t deploy your LLM application without testing it first! Watch the AI Show to see how to use Azure AI Studio to evaluate your app’s performance and ensure it’s ready to go live. Watch now.   

Use OpenAI Assistants API to build your own cooking advisor bot on Teams 
Find out how to build an AI assistant right into your app using the new OpenAI Assistants API. Learn about the open playground for experimenting and watch a step-by-step demo for creating a cooking assistant that will suggest recipes based on what’s in your fridge.   

What’s new in Teams Toolkit for Visual Studio 17.9 
What’s new in Teams Toolkit for Visual Studio? Get an overview of new tools and capabilities for .NET developers building apps for Microsoft Teams.  

Embed a custom webpage in Teams 
Find out how to share a custom web page, such as a dashboard or portal, inside a Teams app. It’s easier than you might think. This short video shows how to do this using Teams Toolkit for Visual Studio and Blazor.   

Build your own assistant for Microsoft Teams 
Creating your own assistant app is super easy. Learn how in under 3 minutes! Watch a demo using the OpenAI Assistants, Teams AI Library, and the new AI Assistant Bot template in VS Code. 

Build your custom copilot with your data on Teams featuring an AI dragon 
Build your own copilot for Microsoft Teams in minutes. Watch this video to see how in this demo that builds an AI Dragon that will take your team on a cyber role-playing adventure.  

Microsoft Mesh: Now available for creating innovative multi-user 3D experiences  
Microsoft Mesh is now generally available, providing an immersive 3D experience for the virtual workplace. Get an overview of Microsoft Mesh and find out how to start building your own custom experiences. 

Global AI Bootcamp 2024 
Global AI Bootcamp is a worldwide annual event that runs throughout the month of March for developers and AI enthusiasts. Learn about AI through workshops, sessions, and discussions. Find an in-person bootcamp event near you.  

C# Dev Kit for Visual Studio Code 
Learn how to use the C# Dev Kit for Visual Studio Code. Get details and download the C# Dev Kit from the Visual Studio Marketplace.   

Visual Studio Code: C# and .NET development for beginners  
Have questions about Visual Studio Code and C# Dev Kit? Watch the C# and .NET Development in VS Code for Beginners series and start writing C# applications in VS Code.   

Python Data Science Day 2024: Unleashing the Power of Python in Data Analysis 
Celebrate Pi Day (3.14) with a journey into data science with Python. Set for March 14, Python Data Science Day is an online event for developers, data scientists, students, and researchers who want to explore modern solutions for data pipelines and complex queries. 

Use GitHub Copilot for your Python coding 
Discover a better way to code in Python. Check out this free Microsoft Learn module on how GitHub Copilot provides suggestions while you code in Python. 

Remote development with Visual Studio Code 
Find out how to tap into more powerful hardware and develop on different platforms from your local machine. Check out this Microsoft Learn path to explore tools in VS Code for remote development setups and discover tips for personalizing your own remote dev workflow. 

Using GitHub Copilot with JavaScript 
Use GitHub Copilot while you work with JavaScript. This Microsoft Learn module will tell you everything you need to know to get started with this AI pair programmer.  

Get to know GitHub Copilot in VS Code and be more productive 
Get to know GitHub Copilot in VS Code and find out how to use it. Watch this video to see how incredibly easy it is to start working with GitHub Copilot…Just start coding and watch the AI go to work.  

Designing for Trust 
Learn how to design trustworthy experiences in the world of AI. Watch a demo of an AI prompt injection attack and learn about setting up guardrails to protect the system.  

Use Visual Studio for modern development 
Want to learn more about using Visual Studio to develop and test apps. Start here. In this free learning path, you’ll dig into key features for debugging, editing, and publishing your apps.   

GitHub Copilot fundamentals – Understand the AI pair programmer 
Improve developer productivity and foster innovation with GitHub Copilot. Explore the fundamentals of GitHub Copilot in this free training path from Microsoft Learn. 

Microsoft, GitHub, and DX release new research into the business ROI of investing in Developer Experience  
Investing in the developer experience has many benefits and improves business outcomes. Dive into our groundbreaking research (with data from more than 2000 developers at companies around the world) to discover what your business can gain with better DevEx.  

​Microsoft Tech Community – Latest Blogs –Read More 

Gerenciamento de conexões SQL é um tema que sempre quis abordar, mas acreditava ser desnecessário, pois não havia me deparado com muitos problemas desse tipo.

Porém, recentemente, deparei com um caso bem desafiador, onde uma aplicação extremamente crítica estava caindo, e adivinhe só? A causa raiz era o gerenciamento de conexões SQL.

O objetivo desse artigo é explicar e demonstrar através de provas de conceito o que fazer para evitar esse tipo de problema.

SQL Connection Pool no ADO.NET

Um objeto de SqlConnection representa uma conexão física com um banco de dados, onde o método Open é utilizado para abrir a conexão e o método Close é utilizado para fechar a conexão.

Abrir e fechar conexões é uma operação cara, pois envolve algumas etapas, como:

Estabelecer um canal físico, como um socket ou um pipe nomeado.
Realizar o handshake inicial com o servidor.
Analisar as informações da cadeia de conexão (connection string).
Autenticar a conexão no servidor.
Realizar verificações para a inclusão na transação atual.
Executar outras verificações e procedimentos necessários durante a conexão.

Em resumo, é um processo que envolve muitas etapas que podem e devem ser evitadas. A biblioteca ADO.NET, implementa o Connection Polling, onde as conexões são criadas sob demanda, e reutilizadas durante o ciclo de vida da aplicação.

O pool reduz a necessidade de criação de novas conexões, quando a aplicação chamar o método Open, ele irá verificar se já existe uma conexão aberta disponível antes de abrir uma nova. Quando o método Close é chamado, a conexão é devolvida ao pool.

Problemas comuns

O problema mais comum que ocorre com o gerenciamento de conexões SQL é o vazamento de conexões. Isso ocorre quando a aplicação não fecha a conexão corretamente. Os impactos no desempenho e escalabilidade da aplicação são significativos, pois o pool de conexões é limitado, e quando uma conexão não é fechada corretamente, ela fica indisponível pois, uma vez que o pool atinga o número máximo de conexões, a aplicação irá esperar até que uma conexão seja liberada.

Exemplo de vazamento de conexão

O código a seguir é um exemplo de vazamento de conexão:

public int ExecuteNonQuery(string command)
{
SqlConnection connection = new SqlConnection(“connectionString”);
DbCommand dbCommand = Connection.CreateCommand();
dbCommand.CommandText = command;
dbCommand.Connection = connection;
return dbCommand.ExecuteNonQuery();
}

Vamos executar os seguintes passos para simular o problema e entender qual é o problema dessa implementação:

Implementar o código acima em um projeto de prova de conceito
Simular o problema através de um teste de carga
Coletar e analisar um dump de memória

O código de referência está disponível em: https://github.com/claudiogodoy99/Sql-Demo

Para reproduzir o problema vou utilizar o k6 como ferramenta de deste de carga, e vou utilizar o seguinte script:

import http from “k6/http”;

export default function () {

const response = http.get(“<http://localhost:5096/exemplo>”);
}

O comando que utilizei para rodar o teste foi: k6 run -u 100 -d 120s .loadTest.js. Ele simula 100 usuários acessando a url http://localhost:5096/exemplo durante 120 segundos.

O resultado do teste foi o seguinte:

execution: local

script: loadTest.js

output: –

scenarios: (100.00%) 1 scenario, 100 max VUs, 2m30s max duration (incl. graceful stop):
http_req_duration……….: avg=33.44s min=1.53s med=33.21s max=1m0s p(90)=51.56s p(95)=57.29s

http_req_failed…………: 100.00% ✓ 390 ✗ 0

running (2m30.0s), 000/100 VUs, 390 complete and 19 interrupted iterations

Em linhas gerais foi um resultado muito ruim, o tempo médio de resposta foi de 33 segundos.

Utilizei o dotnet-dump para gerar e analisar o dump de memória, através dos comandos:

dotnet-dump collect -p PID
dotnet-dump analyze .NOME-DO-ARQUIVO-GERADO.dmp

Com o dump aberto no terminal, vou rodar o comando clrthreads que vai listar todas as pilhas de execuções gerenciadas, enumerando suas respectivas threads:

…
System.Threading.WaitHandle.WaitMultiple
Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection
Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection
Microsoft.Data.ProviderBase.DbConnectionFactory.TryGetConnection
Microsoft.Data.ProviderBase.DbConnectionInternal.TryOpenConnectionInternal
Microsoft.Data.SqlClient.SqlConnection.TryOpen
Microsoft.Data.SqlClient.SqlConnection.Open
UnityOfWork.OpenConnection
UnityOfWork.BeginTransaction
ExemploRepository.AlgumaOperacao
pocSql.Controllers.ExemploController.Get
….
==> 48 threads with 7 roots

Repare que todas as threads gerenciadas que estavam processando alguma requisição estavam esperando uma resposta do método: Microsoft.Data.ProviderBase.DbConnectionPool.TryGetConnection(DbConnection, UInt32, Boolean, Boolean, DbConnectionOptions, DbConnectionInternal ByRef).

Isto significa que todas as threadsaguardavam uma conexão ao

banco de dados ser liberada para que pudessem continuar o processamento da requisição.

Solução

Neste exemplo a utilização da palavra reservada using já resolveria o problema:

public int ExecuteNonQuery(string command)
{
using SqlConnection connection = new SqlConnection(“connectionString”);
DbCommand dbCommand = Connection.CreateCommand();
dbCommand.CommandText = command;
dbCommand.Connection = connection;
return dbCommand.ExecuteNonQuery();
}

A palavra reservada using garante uso correto de objetos que implementam a interface IDisposable, em outras palavras, quando o programa finalizar o escopo do método acima, o método Dispose da conexão será chamado, garantindo que a conexão seja fechada corretamente, mesmo que ocorra uma exceção.

Segue o resultado do teste após a implementação da correção:

script: .pocSqlloadTest.js

output:

scenarios: (100.00%) 1 scenario, 100 max VUs, 2m30s max duration (incl. graceful stop):

http_req_connecting……..: avg=77.15µs min=0s med=0s max=9.22ms p(90)=0s p(95)=0s

http_req_duration……….: avg=1.38s min=286.15ms med=1.14s max=17.94s p(90)=1.99s p(95)=2.6s

http_req_failed…………: 100.00% ✓ 8689 ✗ 0

running (2m01.3s), 000/100 VUs, 8689 complete and 0 interrupted iterations

A diferença é gritante, o tempo médio de resposta caiu de 33 segundos para 1,38 segundos.

Padrão Dispose

Infelizmente nem toda implementação do ADO.NET é tão simples como a que demonstrei nesse artigo. Em diversos casos, deparei-me com classes que implementam o objeto SqlConnection como propriedade para reutilizar a conexão em diversos métodos, controlar transações, entre outras coisas.

Para esses casos, a utilização do using é inviável, e a implementação do padrão Dispose pode ser necessária. Para nossa sorte, as versões recentes do container de injeção de dependência no .NET Core o Microsoft.Extensions.DependencyInjection, já resolve boa parte do problema.

Imagine que temos a seguinte classe:

public class Connection
{
private readonly SqlConnection _connection;
public Connection(SqlConnection connection)
{
_connection = connection;
}
}

Se a classe acima foi registrada corretamente, o container de injeção de dependência irá chamar o método Dispose da conexão quando a aplicação finalizar o escopo do método que a utilizou.

Para registrar a classe corretamente:

services.AddScoped<IDbConnection>((sp) => new SqlConnection(dbConnectionString));
services.AddScoped<Connection>();

Como a conexão foi injetada como uma dependência, a classe Connection não precisa implementar a interface Dispose.

Agora um exemplo onde o método construtor é responsável por instânciar o objeto _connection:

public class ExemploRepository
{
private readonly IDbConnection _connection;
public ExemploRepository()
{
_connection = new SqlConnection(“connectionString”);
}
}

A classe ExemploRepository precisa implementar a interface IDisposable, e chamar o método Dispose da conexão, caso contrário o container de injeção de dependência não conseguiria identificar que a propriedade _connectio implementa a interface IDisposable.

public class ExemploRepository : IDisposable
{
private readonly IDbConnection _connection;
public ExemploRepository()
{
_connection = new SqlConnection(“connectionString”);
}

public void Dispose()
{
_connection.Dispose();
}
}

Conclusão

Os objetos do tipo SqlConnection são objetos que representam uma conexão física com um banco de dados, e devem ser gerenciados corretamente para evitar problemas de desempenho e escalabilidade. A utilização da palavra reservada using é a forma mais simples de garantir que a conexão seja fechada corretamente, mesmo que ocorra uma exceção. Em casos mais complexos, a implementação do padrão Dispose pode ser necessária.

Embora sutil, o gerenciamento de conexões SQL é um tema que merece atenção, pois pode impactar significativamente o desempenho e escalabilidade de uma aplicação.

​Microsoft Tech Community – Latest Blogs –Read More 

Next in the SQL Server 2022 hidden gems series you’ll learn about Instant file Initialization (IFI) behavior for Log file growth even with TDE enabled (does not require special privilege).

Watch on Data Exposed

Resources:

What’s new in SQL Server 2022 – SQL Server | Microsoft Learn

View/share our latest episodes on Microsoft Learn and YouTube!

​Microsoft Tech Community – Latest Blogs –Read More 

Hello, Microsoft Tech Community! I’m excited to share some important updates about Copilot for Microsoft 365. As you may recall from TJ’s blog post on February 29, we’ve been working hard to enhance your experience with Copilot. Today, I’d like to highlight some key updates that will benefit our customers, as outlined in Paul Lorimer’s blog: Announcing the expansion of Microsoft’s data residency capabilities | Microsoft 365 Blog

Paul’s post delves into the expansion of our data residency capabilities. We understand that data control is paramount in today’s digital landscape. That’s why we’re ensuring that your interaction data with Copilot for Microsoft 365 (for eligible customers) will be stored in the location specified by your Microsoft 365 data residency settings. This is a significant step forward in our commitment to providing a secure and compliant environment for our enterprise and highlight regulated customers that have data particularly stringent requirements for how their data is stored.

But we’re not stopping there. Our vision is to democratize AI, making it accessible and beneficial for everyone. As we continue to innovate and enhance Copilot, our guiding principles remain the same: Trust, Transparency, and Control. These principles have always been at the heart of Microsoft 365, and they continue to shape our approach to Copilot. Stay tuned for more updates as we continue to evolve Copilot for Microsoft 365.

Please reply with your questions and share your experiences and needs as you explore your Copilot and our Data Residency options.

More resources to get support your Copilot and AI journey:

Five tips for prompting AI: How we’re communicating better at Microsoft with Microsoft Copilot
Microsoft 365 – How Microsoft 365 Delivers Trustworthy AI (2024-01).docx
Data, Privacy, and Security for Microsoft Copilot for Microsoft 365
Microsoft Purview data security and compliance protections for Microsoft Copilot 
Microsoft Copilot Privacy and Protections
Apply principles of Zero Trust to Microsoft Copilot for Microsoft 365
Learn about retention for Microsoft Copilot for Microsoft 365

​Microsoft Tech Community – Latest Blogs –Read More 

“Accessibility is not a bolt on. It’s something that must be built in to every product we make so that our products work for everyone. Only then will we empower every person and every organization on the planet to achieve more. This is the inclusive culture we aspire to create” – Satya Nadella 

Our journey in accessible technology is grounded in a shared conviction at Microsoft. As product makers, we believe in the obligation to build technology that truly empowers people, fostering an inherently equitable experience. 

In this pursuit, we’ve embraced a mindset we call “shift left,” incorporating accessibility at every stage and right from the inception of designing and building our products.  

Reflecting on my tenure, I’ve had the privilege of contributing to some of the world’s most impactful technologies, particularly with Office and Windows. Traditionally, these products were well established with years of development and only later received our focused attention on accessibility.  

However, Copilot presented a rare opportunity for us to incorporate accessibility right from the inception of the product and therefore “shift left”, the entire design and development process. And what’s more, AI technologies like Copilot brought a unique opportunity to reshape how humans interact with computers in a way that makes the experience MORE equitable and transformative for all. 

Now, integrated into our Microsoft 365 Core Apps, Copilot brings forth exciting capabilities. Our goal is to bridge the gap between your interaction with technology and how you express your ideas, making the user experience more inclusive and empowering for all. 

At Copilot’s core lies a commitment to equity, underscoring our ongoing dedication to fostering a technology landscape that truly serves every individual, ensuring that no one is left behind. 

Equity at Copilot’s Core 

We are actively shifting left in our product development by making accessibility a core part of Copilot’s design and functionality. Copilot is designed to work well with assistive technologies, such as screen readers, magnifiers, contrast themes, and voice input, and to provide a seamless and intuitive user experience. 

But in addition to that, Copilot is a tool designed to be accessible itself. 

In this process, we have collaborated and co-innovated with a diverse set of customers, 600+ members of Microsoft’s employee disability community, partners in research and design, and the commitment of engineers and product makers to listen and be accountable.  

To illustrate how Copilot can enhance accessibility, I want to share with you some highlights from engaging with participants who had early access to Copilot: 

Drafting emails: Copilot can help create 1st drafts in a matter of minutes. This can be especially helpful to those who have more limited mobility and challenges typing. You can generate different versions of the email with different levels of formality and detail and ask Copilot to check their calendar and suggest a meeting time, just with a few clicks of a button.  
Using voice commands: With Copilot, you can create entire PowerPoint presentations just using your voice. Just tell Copilot about what you want to create, and Copilot can generate relevant graphics and notes for slides. 

These examples demonstrate how Copilot can save users time and effort, as well as help them express their ideas and communicate their expertise more effectively. They also show how Copilot can adapt to their preferences and needs and provide them with a supportive partner that can enhance their communication and productivity. 

In addition to some of these areas of feedback, we also conducted a deep dive study with those of the neurodiverse community. The neurodiverse community (which makes up 10-20% of the world) faces common challenges that we can all relate to, but their lives are disproportionately affected by them. Examples include planning, focus, procrastination, communication, reading ease and comprehension, being overly literal, and fatigue. 

For the neurodiverse community, our study showed that Copilot can be a powerful ally, offering assistance in overcoming these challenges. It serves as a facilitator for thought organization, acts as a springboard for writing tasks, aids in surmounting task initiation barriers, and assists in processing extensive information found in documents, messages, or emails. 

Members of the community reported Copilot helping their communication effectiveness by distilling action items from team meetings and documents, generating  summaries, adjusting the tone and context of their content, and bridging communication gaps. 

As one of the participants in the study said, “For me, Copilot itself is accessibility. Having Copilot is like putting on glasses after I’ve been squinting my entire career. It is equity and I think as a neurodivergent individual, I can’t imagine going back.” 

Making Accessible Content with Ease 

On our journey to create products that are truly inclusive, we’re also empowering document authors to shift left and build better authoring habits by catching accessibility errors early in the doc creation process. Ensuring that your content is comprehensible to all individuals, irrespective of their visual abilities or preferences, is a crucial component of accessibility. To assist you in this endeavor, we have created the Accessibility Assistant, a robust tool that can detect and resolve potential problems in your documents, emails, and presentations. You can access the Accessibility Assistant from the Review tab in Word, Outlook, and PowerPoint. 

New Features of the Accessibility Assistant include some of the following highlights: 

The in-canvas notifications for readability is a feature that notifies you of accessibility hurdles for common issues, such as text color not meeting the Web Content Accessibility Guidelines (WCAG) color contrast ratio or images lacking descriptions. You can use the inclusive color picker to choose an appropriate color from the suggested options and utilize the automatically generated image descriptions to provide alt-text, making it easier to create accessible content. 
Quick fix card for multiple issues: This feature allows you to fix several issues of the same type with fewer clicks. For example, you can change the color of all the text that has low contrast in your document. 
Per-slide toggle for PowerPoint: This feature enables you to view and fix the accessibility issues for each slide individually, instead of seeing them by categories. This can help you focus on your own slides and collaborate with others more easily. 

These capabilities are designed to help you create accessible content faster and easier, and to ensure that everyone can access and enjoy your work. The Accessibility Assistant for Word Desktop has started rolling out to Insider Beta Channel users running Version 2012 (Build 17425.2000) or later. This feature for Outlook Desktop will be available in Insider Beta Channel by April 2024, followed by release to PowerPoint Desktop this summer 

Our Commitment 

At Microsoft, we believe that everyone has something valuable to offer, and that diversity of perspectives and experiences can enrich our products and services. That’s why we are committed to empowering everyone to achieve more, fostering an inherently equitable experience. Copilot is one of the ways that we are fulfilling this commitment, by providing a supportive partner that can help you with common challenges, enhance your communication, and bridge the gap between your interaction with technology and how you express your ideas. 

But we also know that we are not done yet. We are still on a journey of understanding how AI and LLMs will continue to evolve and make the world a more equitable place. We are constantly learning from our customers, partners, and the disability community, and we are always looking for ways to improve our accessibility features and functionality. We welcome your feedback and suggestions on how we can make Copilot better for you and for everyone. 

To learn more about Copilot and how to get started, please visit the Copilot website or the Copilot support page. To learn more about accessibility at Microsoft and how to access our accessibility features, please visit the Microsoft Accessibility website or the Disability Answer Desk. And to share your feedback or suggestions on Copilot, please use the feedback button (thumbs up or down). 

Together, we can make the world a more equitable place for everyone. 

​Microsoft Tech Community – Latest Blogs –Read More 

Author introduction

Hi, I am Saira Shaik, Working Principal customer success account manager at Microsoft India.

This article will provide guidance to the customers who wants to Optimize their Azure costs by providing tools and resources to help customers to save cost, Understand and forecast your costs, Cost optimize workloads and Control costs.

Explore tools and resources to help you save

Find out about the tools, offers, and guidance designed to help you manage and optimize your Azure costs. Learn how to understand and forecast your bill, optimize workload costs, and control your spending.

8 ways to optimize the cost

1.     Shut down unused resources.

Identify idle virtual machines (VMs), ExpressRoute circuits, and other resources with Azure Advisor. Get recommendations on which resources to shut down and see how much you would save.

Useful Links

Reduce service costs using Azure Advisor – Azure Advisor | Microsoft Learn

2.     Right-size underused resources

Find underutilized resources with Azure Advisor—and get recommendations on how to reduce your spend by reconfiguring or consolidating them.

Useful Links

Reduce service costs using Azure Advisor – Azure Advisor | Microsoft Learn

3.     Add an Azure savings plan for compute for dynamic workloads

Save up to 65 percent off pay-as-you-go pricing when you commit to spend a fixed hourly amount on compute services for one or three years.

Useful Links

Azure Savings Plan Savings – youtube.com/playlist?list=PLlrxD0HtieHjd-zn7u09YoGJY18ZrN1Hq

Introduction to Azure savings plan for compute (youtube.com)
Understanding your Azure savings plan recommendations (youtube.com)
How Azure savings plan is applied to a customer’s compute environment (youtube.com)
Azure Savings Plan for Compute | Microsoft Azure

4.     Reserve instances for consistent workloads

Get a discount of up to 72 percent over pay-as-you-go pricing on Azure services when you prepay for a one- or three-year term with reservation pricing.Get a discount of up to 72 percent over pay-as-you-go pricing on Azure services when you prepay for a one- or three-year term with reservation pricing.

Useful Links

Reservations | Microsoft Azure
Advisor Clinic: Lower costs with Azure Virtual Machine reservations (youtube.com)
Model virtual machine costs with the Azure Cost Estimator Power BI Template (youtube.com)

5.     Take advantage of the Azure Hybrid Benefit

AWS is up to five times more expensive than Azure for Windows Server and SQL Server. Save when you migrate your on-premises workloads to Azure.

Useful Links

Azure Hybrid Benefit—hybrid cloud | Microsoft Azure
Reduce costs and increase SQL license utilization using Azure Hybrid Benefit (youtube.com)
Managing and Optimizing Your Azure Hybrid Benefit Usage (With Tools!) – Microsoft Community Hub

6.     Configure autoscaling

Save by dynamically allocating and de-allocating resources to match your performance needs.

Useful Links

Autoscaling guidance – Best practices for cloud applications | Microsoft Learn

7.     Choose the right Azure compute service

Azure offers many ways to host your code. Operate more cost efficiently by selecting the right compute service for your application.

Useful Links

Choose an Azure compute service – Azure Architecture Center | Microsoft Learn
Armchair Architects: Exploring the relationship between Cost and Architecture (youtube.com)

8.     Set up budgets and allocate costs to teams and projects

Create and manage budgets for the Azure services you use or subscribe to—and monitor your organization’s cloud spending—with Microsoft Cost Management.

Useful Links

Tutorial – Create and manage budgets – Microsoft Cost Management | Microsoft Learn
The Cloud Clinic: Use tagging and cost management tools to keep your org accountable (youtube.com)

Understand and forecast your costs

Monitor and analyze your Azure bill with Microsoft Cost Management. Set budgets and allocate spending to your teams and projects.
Estimate the costs for your next Azure projects using the Azure pricing calculator and the Total Cost of Ownership (TCO) calculator.
Successfully build your cloud business case with key financial and technical guidance from Azure.

Useful Links

FinOps toolkit – Kick start your FinOps efforts (microsoft.github.io)
Azure Savings Dashboard – Microsoft Community Hub
Azure Cost Management Dashboard – Microsoft Community Hub

Cost optimize your workloads

Follow your Azure Advisor best practice recommendations for cost savings.

Review your workload architecture for cost optimization using the Microsoft Azure Well-Architected Review assessment and the Microsoft Azure Well-Architected Framework design documentation, well architected cost optimization implementation – Customer Offerings: Well-Architected Cost Optimization Implementation – Microsoft Community Hub

Save with Azure offers and licensing terms such as the Azure Hybrid Benefit, paying in advance for predictable workloads with reservations, Azure Spot Virtual Machines, Azure savings plan for compute, and Azure dev/test pricing.

Control your costs

Mitigate cloud spending risks by implementing cost management governance best practices at your company using the Microsoft Cloud Adoption Framework for Azure.

Implement cost controls and guardrails for your environment with Azure Policy.

​Microsoft Tech Community – Latest Blogs –Read More 

Want to learn more about Generative AI and Microsoft Copilot?  

Microsoft is launching a Learn Live Series called “Getting Started with Microsoft Copilot for Security.” This weekly online seminar series will run from March 19th through April 9th and will review skill development resources and discuss topics related to AI and Copilot for Security. 

Hosts Edward Walton, Andrea Fisher, and Rod Trent will guide you through four topics each with a corresponding Microsoft Learn module designed to help anyone interested in getting users ready for Microsoft Copilot for Security. 

Fundamentals of Generative AI​ 

March 19th 12:00 pm – 1:30 pm PDT 

In this session, you will explore the way in which large language models (LLMs) enable AI applications and services to generate original content based on natural language input. You will also learn how generative AI enables the creation of AI-powered copilots that can assist humans in creative tasks. In this episode, you will: 

Learn about the kinds of solutions AI can make possible and considerations for responsible AI practices 
Understand generative AI’s place in the development of artificial intelligence 
Understand large language models and their role in intelligent applications 
Describe how Azure OpenAI supports intelligent application creation 
Describe examples of copilots and good prompts 

Fundamentals of Responsible Generative AI 

March 27th 12:00 pm –1:30 pm PDT 

Generative AI enables amazing creative solutions but must be implemented responsibly to minimize the risk of harmful content generation. In this episode, you will: 

Describe an overall process for responsible generative AI solution development 
Identify and prioritize potential harms relevant to a generative AI solution 
Measure the presence of harms in a generative AI solution 
Mitigate harms in a generative AI solution 
Prepare to deploy and operate a generative AI solution responsibly 

Get started with Microsoft Security Copilot​ 

April 2nd 12:00pm – 1:30 pm PDT 

Get acquainted with Microsoft Copilot for Security. You will be introduced to some basic terminology, how Microsoft Copilot for Security processes prompts, the elements of an effective prompt, and how to enable the solution. In this episode, you will: 

Describe what Microsoft Copilot for Security is. 
Describe the terminology of Microsoft Copilot for Security. 
Describe how Microsoft Copilot for Security processes prompt requests. 
Describe the elements of an effective prompt 
Describe how to enable your Microsoft Copilot for Security solution. 

Describe the core features of Microsoft Security Copilot 

April 9th 12:00 pm – 1:30 pm PDT  

Microsoft Copilot for Security has a rich set of features. Learn about available plugins that enable integration with various data sources, promptbooks, the ways you can export and share information from Copilot for Security, and much more. In this episode, you will: 

Describe the features available in the standalone experience. 
Describe the services to which Copilot for Security can integrate. 
Describe the embedded experience 

Jump-start your Copilot for Security journey and join us for the Learn Live series starting on Tuesday, March 19th!  

​Microsoft Tech Community – Latest Blogs –Read More 

Guidance for using mysqlslap to simulate client load and measure performance

Introduction

Mysqlslap is a diagnostic program included with the MySQL server binary that you can use to emulate client load for a MySQL server and report the timing of each stage. Mysqlslap works as if multiple clients are accessing the server simultaneously.

In this post, I’ll show you how to use mysqlslap to perform load test emulation for Azure Database for MySQL – Flexible Server, a fully managed and scalable MySQL service on Azure. I’ll install mysqlslap, configure the connection parameters, run different types of tests, and then analyze the results.

Prerequisites

Before you begin, ensure that the following prerequisites are in place:

An instance of Azure Database for MySQL – Flexible Server. To create one, follow this guidance in this tutorial: Quickstart: Create with Azure portal – Azure Database for MySQL – Flexible Server.
A MySQL client tool that supports mysqlslap – download them from MySQL :: MySQL Community Downloads.
A test database and table on your Azure Database for MySQL Flexible Server instance. Use the following queries to create a test database and table with one million dummy records:

mysql> CREATE DATABASE loadtestdb;

mysql> use loadtestdb;

mysql> CREATE TABLE loadtesttable (
ID INT PRIMARY KEY AUTO_INCREMENT,
Name VARCHAR(255),
Age INT,
Salary DECIMAL(10, 2),
Department VARCHAR(50),
City VARCHAR(100),
Country VARCHAR(100)
);

mysql> INSERT INTO loadtesttable (Name, Age, Salary, Department, City, Country)
SELECT
CONCAT(CHAR(FLOOR(RAND() * 26) + 65), ‘Person’, n),
FLOOR(RAND() * 100) + 18,
ROUND(RAND() * 10000000, 2),
CASE WHEN RAND() < 0.5 THEN ‘IT’ ELSE ‘Sales’ END,
CASE WHEN RAND() < 0.5 THEN ‘New York’ ELSE ‘Los Angeles’ END,
CASE WHEN RAND() < 0.5 THEN ‘USA’ ELSE ‘Canada’ END
FROM (
SELECT
a.N + b.N * 10 + c.N * 100 + d.N * 1000 + e.N * 10000 + f.N * 100000 + 1 AS n
FROM
(SELECT 0 AS N UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) a,
(SELECT 0 AS N UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) b,
(SELECT 0 AS N UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) c,
(SELECT 0 AS N UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) d,
(SELECT 0 AS N UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) e,
(SELECT 0 AS N UNION ALL SELECT 1 UNION ALL SELECT 2 UNION ALL SELECT 3 UNION ALL SELECT 4 UNION ALL SELECT 5 UNION ALL SELECT 6 UNION ALL SELECT 7 UNION ALL SELECT 8 UNION ALL SELECT 9) f
) AS Numbers;

Installing mysqlslap

Instructions for installing mysqlslap on a computer running Windows or Linux appear in the following sections.

Note: If the Azure Cloud Shell is installed, mysqlslap is included automatically.

Windows

To install mysqlslap on a computer running Windows, download the MySQL Installer, run it, and then follow the wizard. Mysqlslap will be installed in the folder C:Program FilesMySQLMySQL Server 8.1bin (assuming the installation is on C:). Alternately, you can download MySQL ZIP Archive and extract mysqlslap from mysql-8.0.36-winx64.zipmysql-8.0.36-winx64bin.

Linux

To install mysqlslap on a computer running Linux, install the MySQL client package (which includes mysqlslap) by running the following command:

sudo apt update
sudo apt install mysql-client
mysqlslap –version

Configuring the connection parameters

To connect to the Azure Database for MySQL – Flexible Server instance, run the following command:

mysqlslap –host=myserver.mysql.database.azure.com –user=myuser –password=mypassword –port=3306 –ssl-mode=REQUIRED

With this command, you can specify the following parameters:

–host: The host name or IP address of your server. You can find it on the Azure portal under the Overview section of your server.
–port: The port number of your server. The default is 3306.
–user: The username to log in to your server. You can use the admin user that you created when you provisioned your server, or any other user that has access to the test database.
–password: The password to log in to your server. You will be prompted to enter it when you run mysqlslap.
–ssl-mode: The SSL mode to use for the connection. You can use REQUIRED, VERIFY_CA, or VERIFY_IDENTITY. The default is REQUIRED. For more information about SSL modes, see MySQL 8.0 : Configuring MySQL to Use Encrypted Connections.

Running different types of tests

The mysqlslap test process includes three stages:

Create schema, table, and optionally any stored programs or data to use for the test. This stage uses a single client connection.
Run the load test. This stage can use many client connections.
Clean up (disconnect, drop table if specified). This stage uses a single client connection.

Use mysqlslap to run different types of tests, such as concurrency tests, stress tests, or benchmark tests. To specify the test parameters, consider the following options:

Option Name

Description

—concurrency

Specifies the number of simultaneous client connections. You can provide a single value or a comma-separated list of values. For example, –concurrency=10 means 10 threads, and –concurrency=10,20,30 means three tests with 10, 20, and 30 threads respectively.

—iterations

Defines the number of times the benchmark test should be repeated. The default is 1.

—number-of-queries

The number of queries to run per thread. The default is 0, which means unlimited.

—query

Specifies the SQL query to be executed during the test. You can provide a single query or multiple queries. For example, –query=”SELECT * FROM testtable” means to run a simple SELECT query.

—create-schema

The name of the database to use for the test. The default is the mysqlslap database.

—create

The statement to create the test table. You can provide a single statement or multiple statements. For example, –create=”CREATE TABLE testtable (id INT)” means to create a simple test table.

—delimiter

Use the –delimiter option to specify a different delimiter, which enables you to specify statements that span multiple lines or place multiple statements on a single line.

—auto-generate-sql

A flag to indicate whether to generate random queries for the test. The default is FALSE. If you set it to TRUE, you can use the following options to control the query generation.

—auto-generate-sql-add-autoincrement

A flag to indicate whether to add an AUTO_INCREMENT column to the test table. The default is FALSE.

—auto-generate-sql-execute-number

The number of queries to generate and execute per thread. The default is 10.

—auto-generate-sql-load-type

The type of queries to generate. You can use MIXED, UPDATE, WRITE, or READ. The default is MIXED.

—auto-generate-sql-unique-query-number

 The number of unique queries to generate. The default is 10.

—auto-generate-sql-unique-write-number

The number of unique queries to generate for write load. The default is 10.

You can also use the –engine option to specify the storage engine to use for the test table. The default is InnoDB. For more information about mysqlslap options, see MySQL 8.0 Reference Manual :: 6.5.8 mysqlslap.

Before running a test with mysqlslap, please ensure to use an empty user database or the default mysqlslap database when using –create or –auto-generate-sql-* option. If the –create or –auto-generate-sql-* option is given, mysqlslap drops the schema at the end of the test run. This means that any existing data in the database will be lost.

Some examples showing how to run different types of tests using mysqlslap follow.

To run a concurrency test with 10, 20, and 30 threads, each executing 100 queries 10 times, run the following command:

mysqlslap –host=server-name.mysql.database.azure.com –port=3306 –user=user-name –password –ssl-mode=REQUIRED –concurrency=10,20,30 –iterations=10 –number-of-queries=100 –query=”SELECT ID, Name, Age, Salary, Department, City, Country FROM loadtesttable WHERE Name like ‘A%’ AND Age BETWEEN 30 AND 40;” –create-schema=loadtestdb –verbose

To run a stress test with 50 threads, each executing the query 20 times, run the following command:

mysqlslap –host=server-name.mysql.database.azure.com –port=3306 –user=user-name –password –ssl-mode=REQUIRED –concurrency=50 –iterations=25 –query=”SELECT ID, Name, Age, Salary, Department, City, Country FROM (SELECT *, ROW_NUMBER() OVER (PARTITION BY Department ORDER BY Salary DESC) AS R FROM loadtesttable) AS ranked WHERE R <= 5;” –create-schema=loadtestdb –verbose

To run a benchmark test with 10 threads, each executing 1000 randomly generated queries with a mixed load type, run the following command:

mysqlslap –host=server-name.mysql.database.azure.com –port=3306 –user=user-name –password –ssl-mode=REQUIRED –concurrency=10 –iterations=1 –number-of-queries=1000 –auto-generate-sql –auto-generate-sql-load-type=MIXED –verbose

Analyzing the results

After running a test, mysqlslap displays the results as output., which includes the:

Average number of seconds to run all queries: The average time it took to run all the queries per thread.
Minimum number of seconds to run all queries: The minimum time it took to run all the queries per thread.
Maximum number of seconds to run all queries: The maximum time it took to run all the queries per thread.
Number of clients running queries: The number of threads that simulated the client load.
Average number of queries per client: The average number of queries that each thread executed.

You can use the –silent option to suppress the verbose output and display only the results. You can also use the –csv option to format the results as comma-separated values, which can easily be imported into a spreadsheet or a database for further analysis.

An example of the results from a concurrency test with 10, 20, and 30 threads, each executing 100 queries 10 times, follows:

Benchmark
Average number of seconds to run all queries: 2.024 seconds
Minimum number of seconds to run all queries: 2.003 seconds
Maximum number of seconds to run all queries: 2.041 seconds
Number of clients running queries: 10
Average number of queries per client: 10

Benchmark
Average number of seconds to run all queries: 2.070 seconds
Minimum number of seconds to run all queries: 2.022 seconds
Maximum number of seconds to run all queries: 2.228 seconds
Number of clients running queries: 20
Average number of queries per client: 5

Benchmark
Average number of seconds to run all queries: 1.885 seconds
Minimum number of seconds to run all queries: 1.849 seconds
Maximum number of seconds to run all queries: 2.021 seconds
Number of clients running queries: 30
Average number of queries per client: 3

You can use the results to compare the performance of an Azure Database for MySQL – Flexible Server instance under different load scenarios, and to identify any potential bottlenecks or issues. You can also use the results to tune the server configuration, such as the number of connections, the buffer pool size, the query cache size, or the index statistics.

Best practices

When you’re using mysqlslap to perform load test emulation for an Azure Database for MySQL – Flexible Server instance, consider the following best practices.

Before using the mysqlslap utility on your production environment, test the mysqlslap utility thoroughly in your lowest environment against a test database.
Define benchmarking scenarios that closely resemble your production environment.
Use realistic datasets and queries representative of your actual workload.
Adjust benchmarking parameters such as concurrency, iterations, and query complexity to match your workload characteristics.
Test different combinations of parameters to understand their impact on performance.
Analyze results carefully and consider multiple metrics for performance evaluation.
Monitor system resources (CPU, memory, disk I/O) during benchmark tests to identify any resource bottlenecks.
Repeat benchmark tests multiple times to validate results and ensure consistency.

Conclusion

In this post, I’ve described how to use mysqlslap to perform load test emulation for an Azure Database for MySQL – Flexible Server instance. I’ve described how to install mysqlslap, configure the connection parameters, run different types of tests, and analyze the results. Be sure to use mysqlslap to simulate client load and measure the performance of your MySQL flexible server, as well as to optimize your server configuration and query performance.

If you have any questions about the detail provided above, please leave a comment below or email us at AskAzureDBforMySQL@service.microsoft.com. Thank you!

References

For more information about using mysqlslap, in the MySQL documentation, see https://dev.mysql.com/doc/refman/8.0/en/mysqlslap.html

​Microsoft Tech Community – Latest Blogs –Read More 

Note: this is the second of a four-part blog series that explores the complexities of securing multiple clouds and the limitations of traditional Security Information and Event Management (SIEM) tools.

With the first post, we discussed the importance of adopting a multi-cloud approach to Observability, centralizing in a single SIEM all the events generated by your infrastructure to enable a more comprehensive analysis of potential security incidents by correlating events independently from their origin. We also hinted to the complexity of such endeavor.

You can read the first post here: Securing the Clouds: Navigating Multi-Cloud Security with Advanced SIEM Strategies – Microsoft Community Hub

With this new post, we focus on a different topic: the importance of adopting a threat-based approach. In the process, we discuss how this can be achieved and provide you with a few practical ideas you can apply to your scenarios.

The Threat-Based Approach

The threat-based approach for creating use cases consists in the identification of potential attacks to the system, considering each Cloud environment, on-prem environment, and then how they interrelate and interact. You then derive attack uses cases which drive the definition of the logic to identify those attacks and then trigger remediation activities. Those potential attacks are also known as threats or, more precisely, as threat events.

The threat-based approach is not the only possibility. Actually, the most common approaches are vulnerability-based. With them, the focus is on the identification of vulnerabilities like the infamous Log4Shell, and consequently on indicators which may identify attacks in progress.

Vulnerability-Based Approaches and How They Compare

Vulnerability-driven approaches have various shortcomings. For instance, they tend to grow the detection capabilities to respond to known vulnerabilities, and as a reaction to successful attacks. Therefore, they are designed to prevent such attacks from occurring. Conversely, threat driven approaches are based on the understanding of how attacks may happen, and are designed to detect them independently from the presence of specific vulnerabilities. We have chosen to adopt a threat driven approach to improve the detection and response capabilities and to reduce the impact of security incidents and response.

Another advantage of the threat-driven approach is that it is often independent from the existence of specific vulnerabilities. For example, you can analyze the possibility for an attacker to inject code in its requests leveraging some vulnerability to execute such code, without referring to a specific vulnerability. This allows you to design detection mechanisms that are vulnerability independent. Therefore, they would apply to many similar vulnerabilities, including yet undisclosed zero-day vulnerabilities.

A threat-driven approach is a proactive and strategic way of analyzing a complex infrastructure for identifying This approach is much more effective of the corresponding ones based on vulnerability analysis because it takes in account the exploitability of the vulnerabilities. In other words, you determine what a malicious actor can do to compromise your system. This is much more effective than adopting a vulnerability-driven approach because it allows you to discard vulnerabilities that do not matter because they are hardly exploitable.

How to Apply the Threat-Based Approach

By adopting a threat-driven approach we started with the following steps:

Analyze the organization threat landscape focusing on factors like geographical location, industry, externally exposed services, and potentially much more.
Leverage the organization’s threat intelligence to gain broader understanding of the threat landscape, and the specific threats and attacks that target them.
Identify and prioritize the most impactful threats and attack vectors that target the organization’s assets, operations, and objectives, using your telemetry.
Assess and understand the capabilities, tactics, techniques, and procedures of the threat actors and their motivations and goals.
Monitor and evaluate the effectiveness and performance of the security controls and countermeasures and adjust them over time as the threat landscape evolves.

To apply a threat-driven approach, organizations need to incorporate threat analysis and threat intelligence across their systems development and operational processes.

A Practical Example of Threat-Based Approach

Now that we have understood what the threat-driven approach is, it is time to get a few ideas about how you can implement it in your organization.

We can consider as an example a Multi-Cloud organization. It is not uncommon for those organizations to adopt identity and security solutions from various vendors. This complicates integration and soars the risk of supply chain attacks due to the lack of comprehensive visibility and increased complexity. To address this situation, it is best to adopt a structured approach based on the following steps:

Get a good understanding of the various environments, focusing your attention on their components and on how they interact with each other.
Perform a risk analysis on the said environments to identify threats, monitoring capabilities included with each service, and identifying eventual gaps to be covered with additional events. This could be done by applying some lightweight threat modeling.
Evaluate the typical attack scenarios seen by the organization towards the systems in scope and ensure that they are represented within the threat analysis. This may include an analysis of the specific threat landscape for the organization.

The “threat modeling” specified in the second point is a security process to understand security threats to a system, determine risks from those threats, and establish appropriate mitigations. There are various ways to perform threat modeling, and all of them are well represented by the Threat Modeling Manifesto. Microsoft has developed one of the first threat modeling processes, called Microsoft STRIDE Threat Modeling. This approach has evolved over the years and is continuously evolving. If you want to learn more, please go to Microsoft Security Development Lifecycle Threat Modelling.

Creating the Use Cases

The three steps defined above define the threats for the system. This represents the first phase of our journey. The next one consists of the definition of Use Cases. You will often have a Use Case for each Threat, but this is not an absolute rule. In various situations you will want to cover more threats with a single Use Case. Nevertheless, each Use Cases describes the associated threats as a single story and identifies the events necessary to detect such attacks and where they can be found. The Use Case typically also contains the definition of the actions that can be performed for controlling the risk, and the conditions under which they are triggered. Those actions will be both manual and automated.

Responding to Attacks

It is very important to define automated activities that are executed when a potential attack is detected. This allows you to respond to attacks faster than you could if you rely only on manual response.

Time is a critical factor in the realm of cybersecurity. Let’s delve into why swift responses matter:

When a cyberattack occurs, a rapid response allows organizations to identify and contain the breach promptly. By doing so, they prevent the attack from spreading or escalating into a larger incident. This quick action minimizes the damage inflicted on systems, data, and operations.
Fast response enables organizations to restore normal operations swiftly. By minimizing downtime, they mitigate financial losses and maintain business continuity.
The cybersecurity landscape involves a constant race between defenders and attackers. Cybercriminals leverage evolving tools, tactics, and procedures, including zero-day exploits. While it takes an independent cybercriminal around 9.5 hours to gain illicit access to a target, defenders must act even faster to thwart such attempts. See The Importance Of Time And Speed In Cybersecurity (forbes.com).

While automation plays a major role in reducing the time required to respond to attacks, manual remediation activities are still essential. The problem is that automated actions cannot be too drastic: it’s fine to disable an IP address or an account that seems to attack the organization, but you will not want to have some automated procedure to take down the whole infrastructure automatically, even if you detect a possible data exfiltration.

Ultimately, the production of the Use Cases is instrumental in the creation of the rules in your SIEM system to detect attacks, and to configure your SOAR system for automatically respond to them.

Conclusions

Complex Multi-Cloud environments represent a significant challenge when you must create a monitoring infrastructure. Yet, achieving a comprehensive view of what happens in your organization is more important than ever. A structured approach like the Threat-Based Approach described in this post may help you to conquer complexity and get the results your organization needs.

Nevertheless, implementing a Threat-Based Approach is not the end. Organizations face new attacks every day. New software is acquired, extending the attack surface for the Organization. And new vulnerabilities are regularly found. For these reasons, it is essential to adopt a continuous improvement approach. The threat assessment must be regularly reiterated, and new Use Cases must be created. This leads to updating the existing rules in the SIEM or SOAR. If you do so, your Organization will gradually but surely improve its security posture, and will eventually become one of the main tools to guarantee your Business’ security.

Future posts in this series will cover the following topics:  

How Microsoft has implemented its security solutions across Azure, Oracle, AWS, and on-premises environments, thus enabling a unified and comprehensive defense against threats, for any enterprise
Key benefits and outcome examples for some of our multi-cloud security projects, including improved detection capabilities, enhanced visibility across enterprise, efficiency, and cost savings. 

​Microsoft Tech Community – Latest Blogs –Read More