Category: Microsoft
Category Archives: Microsoft
Uso de Resource CPU Limit no Kubernetes
Um pouco sobre como o processo funciona
Vou começar com um pouco de contexto em como a alocação de CPU funciona no Kernel do Linux. Vamos olhar para o núcleo de um processador, ele é capaz de processar uma única operação por vez, não tem mágica, você manda a operação ele processa e retorna. Se você tem dois cores, duas operações por vez e assim por diante.
Mesmo os processadores com Hyper Threading o núcleo do processador continua processando task a task, uma por vez, a tecnologia Hyper Threading (presente em processadores intel) mantém o core mais tempo processando do que ocioso, ou seja, usa melhor o tempo, mas nada mudou no núcleo, continuamos não podendo paralelizar as tarefas, apenas melhorar a concorrência entre elas.
Kernel do Linux gerenciando tarefas
Falamos um pouco da camada de hardware, agora vamos para a camada de software. Para simplificar, vamos imaginar um processador com apenas 1 core (um Intel 4004). Se você simplificar as coisas e pensar que 1 core pode processar 1 task por vez, e você tiver uma task que vai levar 10min para terminar, significa que seu processador vai ficar processando apenas esta task por 10min, o que obviamente travaria todo seu Sistema Operacional. Imagina, enquanto você está baixando um arquivo você não iria conseguir mexer o mouse, digitar no teclado, ou escutar uma música.
É para isso que existem o que chamamos de CPU Schedulers. São programas que rodam no S.O que fazem o gerenciamento das tasks que irão rodar no núcleo do processador, e obviamente eles não vão permitir que sua task de 10min cause um starvation nos outros processos. E como isso funciona ? Bom, existem diversos tipos de Schedulers, dependendo do seu S.O, vamos focar aqui no Linux. A partir da versão 2.6.23 do Kernel do Linux é utilizado um Scheduler chamado Completely Fair Scheduler (a.k.a CFS).
O CFS, como o nome já diz, tenta garantir a distribuição justa (fair) da CPU entre os processos do S.O. Em termos simples, isso significa que se você tem 1 core e 2 processos (P1 e P2), P1 vai usar 50% da CPU e P2 vai usar 50% da CPU, em termos simples ok ? É bem mais complexo que isso, envolve prioridade e agrupamento de processos, mas em termos gerais o CFS tenta distribuir igualmente.
Limits no Kubernetes
Agora que você entende como as tasks são distribuídas no núcleo do processador, vamos falar de Kubernetes. Mas primeiro, tenha em mente uma importante lição tirada da explicação acima, o ideal é que o processador fique ocupado 100% do tempo, usando 100% do seu núcleo para processar o máximo de tarefas, sem ociosidade.
Para o Kubernetes existem 2 tipos de recursos: compressible resources e not compressible resources , traduzindo para o Português, recursos compreensíveis e não compreensíveis. A memória, por exemplo, é um recurso não compreensível porque ao atingir o máximo permitido o K8s vai enviar um sinal de SIGKILL para o seu POD, por outro lado a CPU é um recurso compreensível, ou seja, mesmo que você esteja com 100% de uso, o K8s não vai mandar um SIGKILL. Porque isso ? A memória tem um tamanho finito, e quando você a enche não tem mais para onde ir, o que fazer ? Matar qualquer processo que tente usar mais memória do que o disponível. Já a CPU, tenta alocar todos os processos, porque ela trabalha com tempo, que não é um recurso finito, você pode alocar milhares de processos dentro de milli/micro/nano segundos. É óbvio se você tiver milhares de processos e apenas 1 core, cada processo vai usar 0,001% da cpu, deixando o seu S.O muito lento, devido a grande quantidade de troca entre os processos no núcleo do processador.
Agora podemos responder porque não usar Limit CPU no K8s. Quando você configura um limite de CPU, vamos supor 200m (200 millicores), você está dizendo para o K8s: “não deixe meu processo usar mais de 200 milissegundos da CPU a cada ciclo de 1 segundo“. Então vamos supor que por alguns instantes a CPU esteja livre de outros processos, você poderia estar usando 100% dela, mas estará limitado a 20% (200m), com 80% da cpu ociosa. Agora imagina que você tire esse limite, o Linux CFS vai tentar distribuir igualmente a carga da CPU entre seus PODs, e cá entre nós, provavelmente ele fará um trabalho melhor que eu e você tentando configurar um limite de CPU.
Agora um aviso muito !!IMPORTANTE!!, eu não estou dizendo que você deve sair tirando o limit CPU de todos os seus projetos. Se você tem PODs que não precisam de alto throughput , você deve sim limitar o uso de CPU, para que não haja uma concorrência pelo uso da CPU com outros PODs que realmente precisam de alto throughput. Lembra que o Linux CFS vai tentar distribuir igualmente o uso da CPU, e PODs que precisam de alta vazão podem ser impactados por aqueles que não precisam, simplesmente porque o CFS vai tentar ser fair .
Para quem chegou até aqui meu muito obrigado. Críticas e sugestões ? Deixa seu comentário.
Microsoft Tech Community – Latest Blogs –Read More
Released: Microsoft.Data.SqlClient 6.0 Preview 1
Microsoft.Data.SqlClient 6.0 Preview 1 has been released. This release contains improvements and updates to the Microsoft.Data.SqlClient data provider for SQL Server.
Our plan is to provide regular GA releases with several preview releases in between. This cadence should provide time for feedback and allow us to deliver features and fixes in a timely manner. This 6.0 preview includes fixes and changes over the 5.2 GA release.
Breaking Changes
Removed support for .NET Standard. #2386
Removed UWP (UAP) references. #2483
Added
Added TokenCredential object to take advantage of token caching in ActiveDirectoryAuthenticationProvider. #2380
Added DateOnly and TimeOnly support to DataTable as a structured parameter. #2258
Added Microsoft.Data.SqlClient.Diagnostics.SqlClientDiagnostic type in .NET. #2226
Added scope trace for GenerateSspiClientContext. #2497, #2725
Fixed
Fixed Socket.Connect timeout issue caused by thread starvation. #2777
Fixed pending data with SqlDataReader against an encrypted column. #2618
Fixed Entra authentication when using infinite connection timeout in ActiveDirectoryAuthenticationProvider. #2651
Fixed GetSchema by excluding unsupported engines due to lack of support for ASSEMBLYPROPERTY function. #2593
Fixed SSPI retry negotiation with default port in .NET. #2559
Fixed assembly path in .NET 8.0 and .AssemblyAttributes. #2550
Fixed certificate chain validation. #2487
Fixed clone of SqlConnection to include AccessTokenCallback. #2525
Fixed issue with DateTimeOffset in table-valued parameters, which was introduced in 5.2. #2453
Fixed ArgumentNullException on SqlDataRecord.GetValue when using user-defined data type on .NET. #2448
Fixed SqlBuffer and SqlGuild when it’s null. #2310
Fixed SqlBulkCopy.WriteToServer state in a consecutive calls. #2375
Fixed null reference exception with SqlConnection.FireInfoMessageEventOnUserErrors after introducing the batch command. #2399
Changed
Replaced System.Runtime.Caching with Microsoft.Extensions.Caching.Memory. #2493
Improved memory allocation when reader opened by CommandBehavior.SequentialAccess over big string columns. #2356
For the full list of changes in Microsoft.Data.SqlClient 6.0 Preview 1, please see the Release Notes.
To try out the new package, add a NuGet reference to Microsoft.Data.SqlClient in your application and pick the 6.0 preview 1 version.
We appreciate the time and effort you spend checking out our previews. It makes the final product that much better. If you encounter any issues or have any feedback, head over to the SqlClient GitHub repository and submit an issue.
David Engel
Microsoft Tech Community – Latest Blogs –Read More
Announcing TRIMRANGE and accompanying trim references
I’m excited to announce a new function, TRIMRANGE, and a set of new reference operators.
NOTE: This is a preview function. Its signature and results may change substantially before being broadly released, based on your feedback. So, we do not recommend using it in important workbooks until it is generally available.
New TRIMRANGE function and trim refs: easily remove blanks from the edges of a range
We’re introducing a new function and a set of supporting references:
TRIMRANGE function – a function that removes empty rows from the edges of a range.
Trim references – offer a more succinct way to call common variances of the TRIMRANGE function.
TRIMRANGE function
The TRIMRANGE function removes empty rows from the edges of a range. This can be particularly useful when writing dynamic array formulas or optimizing lambda functions for performance.
In the example below, we use TRIMRANGE to calculate the length of any text entered into column A.
Calculate the length of text entered into column A with TRIMRANGE
Without the use of TRIMRANGE, =LEN(A:A) would run on every cell, returning over a million unnecessary results. Besides being inefficient, trailing undesirable 0’s are returned to the grid. This can be especially problematic if you then try and operate on the spill using =C1# notation.
TRIMRANGE is also a great new tool for optimizing the performance of lambda functions that operate on ranges. It allows lambda authors to more tightly scope ranges, which can reduce the number of necessary computations.
More information on the TRIMRANGE function can be found on the help page.
Trim References
Trim References (‘Trim Refs’) offer a more succinct way to call common variances of TRIMRANGE. They are a modifier of the iconic colon range operator A1:E5. By prefixing or suffixing the colon with a period, you can request to trim blanks from the start, end or both.
Type
Example
Equivalent TRIMRANGE
Description
Trailing trim ref (:.)
A1:.E10
TRIMRANGE(A1:E10,2,2)
Trim trailing blanks
Leading trim ref (.:)
A1.:E10
TRIMRANGE(A1:E10,1,1)
Trim leading blanks
Full trim ref (.:.)
A1.:.E10
TRIMRANGE(A1:E10,3,3)
Trim leading and trailing blanks
Full-column references are often avoided because they can have poor performance with some functions. However, with trim refs, they are much more performant as the full-column reference can be constrained to just the portion with values.
In the example below, we use the trailing trim ref to trim a full column reference. We expect trailing trim refs to be the most commonly used of the 3 trim ref variants.
Trim a full column reference with trailing trim ref
Learn More
You can learn more about the TRIMRANGE function on our help page.
Availability
This new function and new references are currently available to Beta Channel users running Version 2409 (Build 18020.2000) or later.
Don’t have it yet? It’s probably us, not you.
Features are released over some time to ensure things are working smoothly. We highlight features that you may not have because they’re slowly releasing to larger numbers of Insiders. Sometimes we remove elements to further improve them based on your feedback. Though this is rare, we also reserve the option to pull a feature entirely out of the product, even if you, as an Insider, have had the opportunity to try it.
Feedback
We want to hear from you! Please click Help > Feedback in Excel on Windows to submit your thoughts about these new functions.
Learn about the Microsoft 365 Insider program and sign up for the Microsoft 365 Insider newsletter to get the latest information about Insider features in your inbox once a month!
Microsoft Tech Community – Latest Blogs –Read More
Identifying the SDK Version in an Azure Bot Project: V3 or V4?
How to identify if a bot project is using Azure bot SDKV3 or SDKV4
As you may already know, SDK V3 has been deprecated. With the introduction of new functionalities in SDK V4 for creating Azure bots, it is crucial to migrate to the latest version. However, some projects are still running on SDK V3. I am frequently asked to verify whether a bot is using SDK V3 or V4. Therefore, I am writing this blog post to guide you on how to identify the current version your bot is running on and to emphasize the importance of migrating to SDK V4 to take advantage of enhanced performance, security, and new features.
To identify whether your Azure bot project is using SDK V3 or SDK V4, you can look for a few key indicators:
Project Structure and Files:
SDK V3: Typically, SDK V3 projects will have files like Microsoft.Bot.Builder.dll and Microsoft.Bot.Connector.dll.
SDK V4: SDK V4 projects often include files like Microsoft.Bot.Builder.Dialogs.dll and Microsoft.Bot.Builder.Integration.AspNet.Core.dll.
Code Patterns:
SDK V3: The bot’s main logic is often found in a class that inherits from IDialog or LuisDialog<T>. The message handling is done using MessageController.
SDK V4: The bot’s main logic is usually in a class that inherits from ActivityHandler or DialogBot<T>. The message handling is done using OnMessageActivityAsync.
Configuration Files:
SDK V3: You might see configuration settings in web.config or app.config.
SDK V4: Configuration settings are typically found in appsettings.json.
Dependencies:
SDK V3: Look for dependencies on Microsoft.Bot.Builder version 3.x.x.
SDK V4: Look for dependencies on Microsoft.Bot.Builder version 4.x.x.
By checking these aspects, you should be able to determine which SDK version your bot project is using.
How we can migrate the Azure bot from SDKV3 to SDKV4
Set Up a New SDK V4 Project
Create a new bot project using the Bot Framework SDK V4. You can use the Bot Framework templates for Visual Studio or the Bot Framework CLI to get started.
Migrate Bot Logic
Dialogs: In SDK V3, dialogs are often implemented using IDialog or LuisDialog<T>. In SDK V4, you will use ComponentDialog and WaterfallDialog. You’ll need to rewrite your dialog logic to fit the new structure.
Message Handling: In SDK V3, message handling is done in MessageController. In SDK V4, you handle messages in the OnMessageActivityAsync method of a class that inherits from ActivityHandler.
Update Dependencies
Ensure that your new project references the appropriate SDK V4 packages. You can find these packages on NuGet, such as Microsoft.Bot.Builder, Microsoft.Bot.Builder.Dialogs, and Microsoft.Bot.Builder.Integration.AspNet.Core.
Update Configuration
Move your configuration settings from web.config or app.config (SDK V3) to appsettings.json (SDK V4). Update any necessary settings to match the new SDK requirements.
Test Your Bot
Thoroughly test your bot to ensure that all functionalities are working as expected. Use the Bot Framework Emulator to test locally and make sure to cover all scenarios.
Deploy the Bot
Once testing is complete, deploy your bot to Azure.
You can follow the Azure Bot Service documentation for detailed steps on deployment.
Update Channels
Reconfigure your bot channels in the Azure portal to ensure they are correctly set up for the new SDK V4 bot.
Additional Resources
Bot Framework SDK V4 Documentation
Migration Guide from SDK V3 to V4
Migrating can be a bit complex, but these steps should help you get started.
Hope this helps!
Microsoft Tech Community – Latest Blogs –Read More
Azure Durable Function-How to separate Orchestrator and Activity across different blueprints
Azure Durable Function-How to separate Orchestrator and Activity across different blueprints:
Durable Functions Overview – Azure | Microsoft Learn
Microsoft Tech Community – Latest Blogs –Read More
Released: Microsoft.Data.SqlClient 4.0.6, 5.1.6, 5.2.2
We have released updates to multiple supported versions of Microsoft.Data.SqlClient. The updates address several issues.
Microsoft.Data.SqlClient 4.0 and 5.1 are LTS releases. 5.2 is a non-LTS release. All will continue to get fixes and updates until their respective End of Support dates.
To see which versions are LTS versus non-LTS, what that means, and their support timelines, see the Support Lifecycle for Microsoft.Data.SqlClient.
Updates in Microsoft.Data.SqlClient 4.0.6 include:
Fixed
Fixed connection to unsubscribe from transaction completion events before returning it to the connection pool #2301 #2435
Fixed AcquireTokenAsync timeout handling for edge cases in ActiveDirectoryAuthenticationProvider #2707
Changed
Code health improvements: #2147, #2513, #2519
For more details about the changes in Microsoft.Data.SqlClient 4.0.6, you can also see the Release Notes.
Updates in Microsoft.Data.SqlClient 5.1.6 include:
Fixed
Fixed Transient fault handling issue with OpenAsync. #1983 #2508
Fixed AcquireTokenAsync timeout handling for edge cases in ActiveDirectoryAuthenticationProvider. #2706
Fixed pending data with SqlDataReader against an encrypted column. #2618 #2818
Changed
Upgraded Azure.Identity version from 1.11.3 to 1.11.4 [#2649] (#2649) [#2529] (#2529) to address CVE-2024-35255.
Upgraded Microsoft.Identity.Client version from 4.60.0 to 4.61.3 [#2649] (#2649) [#2529] (#2529) to address CVE-2024-35255.
Added caching to TokenCredential objects to take advantage of token caching. #2776
Code health improvements: [#2490] (#2490)
For more details about the changes in Microsoft.Data.SqlClient 5.1.6, you can also see the Release Notes.
Updates in Microsoft.Data.SqlClient 5.2.2 include:
Fixed
Fixed AcquireTokenAsync timeout handling for edge cases in ActiveDirectoryAuthenticationProvider. #2650
Fixed issue with Socket.Connect in managed SNI. #2779
Fixed path for AssemblyAttributes in obj folder causing NET 8.0 assembly to appear in NET 6.0 dll. #2789
Fixed SSPI retry negotiation with default port in .NET. #2815
Fixed ArgumentNullException on SqlDataRecord.GetValue when using user-defined data type on .NET. #2816
Fixed pending data with SqlDataReader against an encrypted column. #2817
Changed
Upgraded Azure.Identity version from 1.11.3 to 1.11.4 #2648 to address CVE-2024-35255.
Upgraded Microsoft.Identity.Client version from 4.60.0 to 4.61.3 #2648 to address CVE-2024-35255.
Added caching to TokenCredential objects to take advantage of token caching. #2775
For more details about the changes in Microsoft.Data.SqlClient 5.2.2, you can also see the Release Notes.
To get the new packages, add a NuGet reference to Microsoft.Data.SqlClient in your application.
If you encounter any issues or have any feedback, head over to the SqlClient GitHub repository and submit an issue.
David Engel
Microsoft Tech Community – Latest Blogs –Read More
M365 – Exchange Admin BUG – you cannot see the mailbox name redirected for
Hi,
as we perform actions on M365 customers tenant day to day, after changes we review what we did. After manage a mailbox and then set a ‘mail flow redirecion’, the redirection works fine but you cannot see the mailbox named for it, but only its ‘ID’.
> > > If you – reading this post -are a MS employee, pls, make sure to that issue goes to the right team to fix asap.
Hi, as we perform actions on M365 customers tenant day to day, after changes we review what we did. After manage a mailbox and then set a ‘mail flow redirecion’, the redirection works fine but you cannot see the mailbox named for it, but only its ‘ID’.> > > If you – reading this post -are a MS employee, pls, make sure to that issue goes to the right team to fix asap. Read More
Conditional formatting for Gantt chart bar based on another cell
I looked through the help topics and tried copying several other formulas, but can’t get this to work.
I’m creating a Gantt chart and would like to add a conditional formatting rule where the Gantt chart bar (which is currently blue) turns red if the “Lead” for that row is “Milestone”.
Any help is appreciated!
I looked through the help topics and tried copying several other formulas, but can’t get this to work. I’m creating a Gantt chart and would like to add a conditional formatting rule where the Gantt chart bar (which is currently blue) turns red if the “Lead” for that row is “Milestone”. https://docs.google.com/spreadsheets/d/1P_16ZsdwawvFmGkBFXBcsklo69MzA2zb/edit?usp=sharing&ouid=109402566229526341381&rtpof=true&sd=true Any help is appreciated! Read More
Intune device enrollment and authorization
Hello there, so the situation we have is we want to lock down accessing any of our o365 apps from only approved devices. I assume the only/best way to do this is via Intune. What we want to do is have it setup where users can enroll devices or do auto enrollment as long as we can approve devices coming in. We had a breach where someone was able to login to a users account that had MFA enabled still so the thought here is we would only allow access on devices we have approved. Microsoft KB articles on enrollment seem a little dry on examples and instructions. Does anyone have any good info on how to set something like that up if possible?
Hello there, so the situation we have is we want to lock down accessing any of our o365 apps from only approved devices. I assume the only/best way to do this is via Intune. What we want to do is have it setup where users can enroll devices or do auto enrollment as long as we can approve devices coming in. We had a breach where someone was able to login to a users account that had MFA enabled still so the thought here is we would only allow access on devices we have approved. Microsoft KB articles on enrollment seem a little dry on examples and instructions. Does anyone have any good info on how to set something like that up if possible? Read More
SQL 2008 error
A Transport-level error has occurred when receiving results from the server. Provider TCP provider error 0 The specified network name is no longer available.
This error has started occurring today on all clients having MS-SQL 2008. Few computers are linking but rest are not.
What could be the reason? Kindly explain.
A Transport-level error has occurred when receiving results from the server. Provider TCP provider error 0 The specified network name is no longer available. This error has started occurring today on all clients having MS-SQL 2008. Few computers are linking but rest are not. What could be the reason? Kindly explain. Read More
Issue with Rendering contentURL in invoking stageView of Teams Bot
I am currently facing an issue with rendering a contentURL in the modal view within the multistage view of my bot. I have implemented the following Adaptive Card, but the contentURL is not being rendered as expected. Instead, I’m getting the error message: “There was a problem reaching this app.” The same URL works correctly in a browser window.
Here is the sample Adaptive Card:
{
“type”: “Image”,
“url”: “ImageURL”,
“altText”: “Insights”,
“selectAction”: {
“type”: “Action.Submit”,
“title”: “Open”,
“data”: {
“msteams”: {
“type”: “invoke”,
“value”: {
“type”: “tab/tabInfoAction”,
“tabInfo”: {
“contentUrl”: “https://apiserver.ngrok.app/test”,
“websiteUrl”: “https://apiserver.ngrok.app/test”,
“name”: “utterance”,
“entityId”: “entityId”,
“openMode”: “modal”
}
}
}
}
}
}
I am currently facing an issue with rendering a contentURL in the modal view within the multistage view of my bot. I have implemented the following Adaptive Card, but the contentURL is not being rendered as expected. Instead, I’m getting the error message: “There was a problem reaching this app.” The same URL works correctly in a browser window. Here is the sample Adaptive Card: {
“type”: “Image”,
“url”: “ImageURL”,
“altText”: “Insights”,
“selectAction”: {
“type”: “Action.Submit”,
“title”: “Open”,
“data”: {
“msteams”: {
“type”: “invoke”,
“value”: {
“type”: “tab/tabInfoAction”,
“tabInfo”: {
“contentUrl”: “https://apiserver.ngrok.app/test”,
“websiteUrl”: “https://apiserver.ngrok.app/test”,
“name”: “utterance”,
“entityId”: “entityId”,
“openMode”: “modal”
}
}
}
}
}
} Read More
Microsoft Tools for Small and Medium Businesses AMA
Join the Microsoft Tools for Small and Medium Businesses Ask Me Anything (AMA) on Wednesday, September 25th, from 9:00 AM to 10:00 AM PT.
This event is an opportunity to connect with Microsoft experts who can answer questions about how to utilize Microsoft tools to enhance your small or medium businesses.
Bryan Allen (Director, SMB Product Marketing, Microsoft 365) will be on hand to answer your SMB M365 related questions like how to simplify communication across your business and improve cross-team collaboration with M365.
Join the Microsoft Tools for Small and Medium Businesses Ask Me Anything (AMA) on Wednesday, September 25th, from 9:00 AM to 10:00 AM PT.
This event is an opportunity to connect with Microsoft experts who can answer questions about how to utilize Microsoft tools to enhance your small or medium businesses.
Bryan Allen (Director, SMB Product Marketing, Microsoft 365) will be on hand to answer your SMB M365 related questions like how to simplify communication across your business and improve cross-team collaboration with M365.
RSVP now!
Read More
Run-time error ‘5’: Invalid procedure call or argument
Hi everyone, I am trying to execute a macro for formatting some data I have as well as creating a workbook. If I am being honest, I do not have much experience with macros and used chatgpt as a reference. Chatgpt gave me the below code, which did work at first, but now I am having the error I mentioned above. The purpose of this macro is to do some formatting first, then rename that sheet to whatever today’s date is “mmddyy.” Then it should add a new sheet and name it “Data Pivot” which should then be moved to the beginning so it is first. At cell A1 there should be a pivot table which references the data in my previous sheet. My data is located at row 3 from cells A to I. I need my pivot table to select all filled cells from A3 down and up until column I. The issue I am having is that my macro is giving me an error once it is about to insert the pivot table at cell A1.
When I click debug this is where the error is:
Set pivotTbl = pivotWs.PivotTables.Add(PivotCache:=ThisWorkbook.PivotCaches.Create( _
SourceType:=xlDatabase, SourceData:=dataRange), TableDestination:=pivotWs.Cells(1, 1))
Please help!
This is my code:
Sub CreateReport()
Dim ws As Worksheet
Dim pivotWs As Worksheet
Dim pivotTbl As PivotTable
Dim dataRange As Range
Dim todaysDate As String
‘ Step 1: Delete column J
Columns(“J:J”).Delete
‘ Step 2: Add 2 new rows to the top
Rows(“1:2”).Insert Shift:=xlDown
‘ Step 3: Type “PB Charge Review by WQ” in cell A1
Range(“A1”).Value = “PB Charge Review by WQ”
‘ Step 4: Merge cells A1 and B1
Range(“A1:B1”).Merge
‘ Step 5: Bold cell A1 and make the font 12 pt
With Range(“A1”)
.Font.Bold = True
.Font.Size = 12
End With
‘ Step 6: Align the text in cell A1 to the left
Range(“A1”).HorizontalAlignment = xlLeft
‘ Step 7: Underline cells A3:I3 (headers)
Range(“A3:I3”).Font.Underline = xlUnderlineStyleSingle
‘ Step 8: Autofit columns A-I
Columns(“A:I”).AutoFit
‘ Step 9: Rename the sheet to today’s date (mmddyy)
todaysDate = Format(Date, “mmddyy”)
ActiveSheet.Name = todaysDate
‘ Step 10: Add a new sheet and move it to the beginning
Set pivotWs = Sheets.Add(Before:=Sheets(1))
‘ Step 11: Rename this new sheet to “Data Pivot”
pivotWs.Name = “Data Pivot”
‘ Step 12: Set the data range for the pivot table
Set ws = Sheets(todaysDate)
Set dataRange = ws.Range(“A3:I” & ws.Cells(ws.Rows.Count, “A”).End(xlUp).Row)
‘ Step 13: Create the pivot table in the new sheet
Set pivotTbl = pivotWs.PivotTables.Add(PivotCache:=ThisWorkbook.PivotCaches.Create( _
SourceType:=xlDatabase, SourceData:=dataRange), TableDestination:=pivotWs.Cells(1, 1))
‘ Step 14-19: Add fields to the pivot table and format them
With pivotTbl
‘ Add “Owning Area” to rows
.PivotFields(“Owning Area”).Orientation = xlRowField
‘ Add “Num of Chg Sess” to values as a sum
With .PivotFields(“Num of Chg Sess”)
.Orientation = xlDataField
.Function = xlSum
End With
‘ Add “Amt on Chg Rvw” to values as a sum
With .PivotFields(“Amt on Chg Rvw”)
.Orientation = xlDataField
.Function = xlSum
End With
‘ Add “Avg Svc Dt Age” to values as an average
With .PivotFields(“Avg Svc Dt Age”)
.Orientation = xlDataField
.Function = xlAverage
End With
‘ Add “Avg Age” to values as an average
With .PivotFields(“Avg Age”)
.Orientation = xlDataField
.Function = xlAverage
End With
End With
‘ Step 20: Format columns B, D, and E with custom number format to show dashes instead of zeros
pivotWs.Columns(2).NumberFormat = “#,##0;-#,##0;–”
pivotWs.Columns(4).NumberFormat = “#,##0;-#,##0;–”
pivotWs.Columns(5).NumberFormat = “#,##0;-#,##0;–”
‘ Step 21: Format column C as currency with no decimals
pivotWs.Columns(3).NumberFormat = “$#,##0”
End Sub
Hi everyone, I am trying to execute a macro for formatting some data I have as well as creating a workbook. If I am being honest, I do not have much experience with macros and used chatgpt as a reference. Chatgpt gave me the below code, which did work at first, but now I am having the error I mentioned above. The purpose of this macro is to do some formatting first, then rename that sheet to whatever today’s date is “mmddyy.” Then it should add a new sheet and name it “Data Pivot” which should then be moved to the beginning so it is first. At cell A1 there should be a pivot table which references the data in my previous sheet. My data is located at row 3 from cells A to I. I need my pivot table to select all filled cells from A3 down and up until column I. The issue I am having is that my macro is giving me an error once it is about to insert the pivot table at cell A1. When I click debug this is where the error is: Set pivotTbl = pivotWs.PivotTables.Add(PivotCache:=ThisWorkbook.PivotCaches.Create( _
SourceType:=xlDatabase, SourceData:=dataRange), TableDestination:=pivotWs.Cells(1, 1)) Please help! This is my code: Sub CreateReport()
Dim ws As Worksheet
Dim pivotWs As Worksheet
Dim pivotTbl As PivotTable
Dim dataRange As Range
Dim todaysDate As String
‘ Step 1: Delete column J
Columns(“J:J”).Delete
‘ Step 2: Add 2 new rows to the top
Rows(“1:2”).Insert Shift:=xlDown
‘ Step 3: Type “PB Charge Review by WQ” in cell A1
Range(“A1”).Value = “PB Charge Review by WQ”
‘ Step 4: Merge cells A1 and B1
Range(“A1:B1”).Merge
‘ Step 5: Bold cell A1 and make the font 12 pt
With Range(“A1”)
.Font.Bold = True
.Font.Size = 12
End With
‘ Step 6: Align the text in cell A1 to the left
Range(“A1”).HorizontalAlignment = xlLeft
‘ Step 7: Underline cells A3:I3 (headers)
Range(“A3:I3”).Font.Underline = xlUnderlineStyleSingle
‘ Step 8: Autofit columns A-I
Columns(“A:I”).AutoFit
‘ Step 9: Rename the sheet to today’s date (mmddyy)
todaysDate = Format(Date, “mmddyy”)
ActiveSheet.Name = todaysDate
‘ Step 10: Add a new sheet and move it to the beginning
Set pivotWs = Sheets.Add(Before:=Sheets(1))
‘ Step 11: Rename this new sheet to “Data Pivot”
pivotWs.Name = “Data Pivot”
‘ Step 12: Set the data range for the pivot table
Set ws = Sheets(todaysDate)
Set dataRange = ws.Range(“A3:I” & ws.Cells(ws.Rows.Count, “A”).End(xlUp).Row)
‘ Step 13: Create the pivot table in the new sheet
Set pivotTbl = pivotWs.PivotTables.Add(PivotCache:=ThisWorkbook.PivotCaches.Create( _
SourceType:=xlDatabase, SourceData:=dataRange), TableDestination:=pivotWs.Cells(1, 1))
‘ Step 14-19: Add fields to the pivot table and format them
With pivotTbl
‘ Add “Owning Area” to rows
.PivotFields(“Owning Area”).Orientation = xlRowField
‘ Add “Num of Chg Sess” to values as a sum
With .PivotFields(“Num of Chg Sess”)
.Orientation = xlDataField
.Function = xlSum
End With
‘ Add “Amt on Chg Rvw” to values as a sum
With .PivotFields(“Amt on Chg Rvw”)
.Orientation = xlDataField
.Function = xlSum
End With
‘ Add “Avg Svc Dt Age” to values as an average
With .PivotFields(“Avg Svc Dt Age”)
.Orientation = xlDataField
.Function = xlAverage
End With
‘ Add “Avg Age” to values as an average
With .PivotFields(“Avg Age”)
.Orientation = xlDataField
.Function = xlAverage
End With
End With
‘ Step 20: Format columns B, D, and E with custom number format to show dashes instead of zeros
pivotWs.Columns(2).NumberFormat = “#,##0;-#,##0;–”
pivotWs.Columns(4).NumberFormat = “#,##0;-#,##0;–”
pivotWs.Columns(5).NumberFormat = “#,##0;-#,##0;–”
‘ Step 21: Format column C as currency with no decimals
pivotWs.Columns(3).NumberFormat = “$#,##0”
End Sub
Read More
SharePoint list item highlighted for no apparent reason
Hi folks – I have a modern Hub on 365 online. I am the tenant and site admin. We just noticed today that one of the items in one of our lists is highlighted with a dark outline. The item isn’t selected, it just appears with this boarder for no apparent reason. See attached image. Confirmed that it’s appearing this way for multiple users. Just started today… only happening on the one item.
Any ideas on what could be causing this?
Hi folks – I have a modern Hub on 365 online. I am the tenant and site admin. We just noticed today that one of the items in one of our lists is highlighted with a dark outline. The item isn’t selected, it just appears with this boarder for no apparent reason. See attached image. Confirmed that it’s appearing this way for multiple users. Just started today… only happening on the one item. Any ideas on what could be causing this? Read More
Protect and Detect: Microsoft Defender for Identity Expands to Entra Connect Server
We are excited to announce a new Microsoft Defender for Identity sensor for Entra Connect servers. This addition is a significant step in our ongoing commitment to expanding Defender for Identity’s coverage across hybrid identity environments. It reinforces our vision of overseeing and protecting the entire identity fabric, greatly enhancing the SOC’s visibility and protections for these complex environments.
Identities are one of, if not the most targeted attack vector and cyber-criminals are always evolving their strategies to exploit new vulnerabilities or gaps in protection. Many organizations today manage hybrid identity environments, with an on-premises Active Directory footprint along with a deployment of Entra ID in the cloud. The gaps between these two elements present ample opportunities for bad actors and as the primary bridge between them, Entra Connect servers can be classified as tier-0 level assets.
To stay ahead of emerging threats and deliver powerful security solutions, our team is continuously evolving and updating our offerings, and the primary objective of this new sensor is to help our customers better prevent, detect, and remediate credential theft and privilege escalation attacks commonly initiated against Entra Connect.
What is Entra Connect? What security value does the new sensor provide?
Entra Connect (previously known as Azure AD Connect or AAD Connect) is a Microsoft service used to synchronize on-premises Active Directory environments with Entra ID (formerly Azure Active Directory). Entra Connect facilitates identity management and provides single sign-on capabilities for users across on-premises and cloud resources by creating a common identity. This synchronization is essential for maintaining consistent and secure access across different platforms.
The new Microsoft Defender for Identity sensor for Entra Connect servers provides comprehensive monitoring of synchronization activities between Entra Connect and Active Directory, offering crucial insights into potential security threats and unusual activities. With this enhanced visibility across hybrid identity environments Defender for Identity can now provide new Entra Connect specific security alerts and posture recommendations, as detailed below.
Entra Connect sensor on Identities Settings page
New Detections (in Public Preview):
Suspicious Interactive Logon to the Entra Connect Server:
Direct logins to Entra Connect servers are highly unusual and potentially malicious. Attackers often target these servers to steal credentials for broader network access. Microsoft Defender for Identity can now detect abnormal logins to Entra Connect servers, helping you identify and respond to these potential threats faster. It is specifically applicable when the Entra Connect server is a standalone server and not operating as a Domain Controller.
Pre-requisite: Ensure that the 4624 logon event is enabled on the Entra Connect server. This step is necessary only if the Entra Connect server is not functioning as a Domain Controller.
User Password Reset by Entra Connect Account:
The Entra Connect connector account often holds high privileges, including the ability to reset user’s passwords. Microsoft Defender for Identity now has visibility into those actions and will detect any usage of those permissions that were identified as malicious and non-legitimate. This alert will be triggered only if the password writeback feature is disabled.
Suspicious writeback by Entra Connect on a sensitive user:
While Entra Connect already prevents writeback for users in privileged groups, Microsoft Defender for Identity expands this protection by identifying additional types of sensitive accounts. This enhanced detection helps prevent unauthorized password resets on critical accounts, which can be a crucial step in advanced attacks targeting both cloud and on-premises environments.
Additional improvements and capabilities:
New activity of any failed password reset on a sensitive account available in the ‘IdentityDirectoryEvents’ table in Advanced Hunting. This can help customers track failed password reset events and create custom detection based on this data.
Enhanced accuracy for the DC sync attack detection.
New health alert for cases where the sensor is unable to retrieve the configuration from the Entra Connect service.
Extended monitoring for security alerts, such as PowerShell Remote Execution Detector, by enabling the new sensor on Entra Connect servers.
New posture recommendations in Microsoft Secure Score (Identity security assessment):
Rotate password for Entra Connect connector account:
A compromised Entra Connect connector account (AD DS connector account, commonly shown as MSOL_XXXXXXXX) can grant access to high-privilege functions like replication and password resets, allowing attackers to modify synchronization settings and compromise security in both cloud and on-premises environments as well as offering several paths for compromising the entire domain. In this assessment we recommend customers change the password of MSOL accounts with the password last set over 90 days ago.
Remove unnecessary replication permissions for Entra Connect Account:
By default, the Entra Connect connector account has extensive permissions to ensure proper synchronization (even if they are not actually required). If Password Hash Sync is not configured, it’s important to remove unnecessary permissions to reduce the potential attack surface.
Change password for Entra seamless SSO account configuration:
This report lists all Entra seamless SSO computer accounts with password last set over 90 days ago. The password for the Azure SSO computer account is not automatically changed every 30 days. If an attacker compromises this account, they can generate service tickets for the AZUREADSSOACC account on behalf of any user and impersonate any user in the Entra tenant that is synchronized from Active Directory. An attacker can use this to move laterally from Active Directory into Entra ID.
Remove Resource Based Constrained Delegation for Entra seamless SSO account:
If resource-based constrained delegation is configured on the AZUREADSSOACC computer account, an account with the delegation would be able to generate service tickets for the AZUREADSSOACC account on behalf of any user and impersonate any user in the Entra tenant that is synchronized from AD.
All new recommendations require a sensor installed on servers running Entra Connect services.
The recommendations related to the Entra seamless SSO account will be available only if Defender for Identity can detect this type of computer account, while the recommendations related to the connector account will be available if our sensor recognized a retrieve configuration data from the Entra Connect services.
New Entra Connect recommendations in Microsoft Secure Score
As cyber threats become more sophisticated, the need for advanced security solutions is more pressing than ever. The new sensor for Entra Connect Server within Microsoft Defender for Identity represents a significant advancement in protecting and detecting threats within the identity fabric. By adopting this powerful tool, organizations can enhance their security posture, safeguard their identity infrastructure, and maintain the trust of their users.
We highly recommend customers install a sensor on any Domain controller, AD CS, AD FS, or Entra Connect servers. In the upcoming weeks, our team will delve deeper into potential enhancements for the Entra Connect support to better help organizations stay secure and protected.
Learn more about the new sensor in our documentation here and stay tuned for more updates and insights on how MDI continues to innovate in the realm of cybersecurity, ensuring that your organization remains secure in an ever-changing digital world.
Microsoft Tech Community – Latest Blogs –Read More
Copilot are we besties? Part 2
Previously, I shared an article about how Copilot has greatly benefited me as an instructional designer and eLearning developer.
I now use Copilot in about 90% of my work, significantly improving my efficiency and reducing my time for development. A major feature is the messaging prompt, which helps organize my thoughts and reference documents to clearly express ideas. Even my emails and requests to SMEs have become more detailed thanks to Copilot.
Recently, I was assigned a research project that required extracting information from documents and formulating my findings and ideas. The process that usually takes weeks was reduced to just days, thanks to the help of my friend Copilot.
I won’t turn this into an extended critique, but if you’re not using Copilot, you’re missing out. I rely on Copilot alongside every MS application I use to work more efficiently and generate ideas when I’m stuck.
Make Copilot your indispensable partner and Bestie for life.
Microsoft Tech Community – Latest Blogs –Read More
The new Microsoft Planner: What’s New and What’s Coming Next
Join the Microsoft Planner product team on Tuesday, September 17 at 9:00 AM Pacific to learn about recent updates to the Planner app, and get a sneak peek at what’s coming next, followed by a live Ask Microsoft Anything. Our product experts will showcase key new features and improvements of the new experience, including demonstrations of how to leverage Copilot in Planner, new Baselines to stay on track, web app updates, integration with Whiteboard, and more. The event includes a live Q&A session where you can ask the team any questions about these updates.
The AMA event on Tuesday is your chance to see the latest features of Planner and hear directly from the product team. This 60-minute session is an opportunity to ask open questions and provide feedback about the new Microsoft Planner. Register today!
Please note, if you cannot attend the live AMA, you can ask questions at any time via the event page—see Comments section. Our team will address all questions during the event, so check back for answers.
Microsoft Tech Community – Latest Blogs –Read More
Monitoring LLM Inference Endpoints with LLM Listeners
In this second blog post in the series, guest blogger Martin Bald, Sr. Manager DevRel and Community at Microsoft Partner Wallaroo.AI, will go through the steps to easily operationalize LLM models and put in place measures to help ensure model integrity, and the staples of security, privacy, compliance for avoiding outputs such as toxicity, hallucinations etc.
Introduction
With the emergence of GenAI and services associated with it such as ChatGPT, enterprises started to feel the pressure to quickly implement GenAI to make sure they are not left behind in the race towards broad enterprise AI adoption.
That said, when talking to our customers and partners, the adoption has not been a smooth ride due to the fact that we underestimate the time it will typically take to get to effective and reliable LLMs. For those of you who might not know, it took OpenAI 2 years of testing before launching ChatGPT.
For AI practitioners, understanding the intricacies of bringing these powerful models into production environments is essential for building robust, high-performing AI systems.
LLM Monitoring with Listeners in Wallaroo
As we covered in the previous blog post on RAG LLM, any LLM deployed to production is not the end of the process. Far from it. Models must be monitored for performance to ensure they are performing optimally and producing the results that they are intended for.
With LLMs, proactive monitoring is critical. We have seen some very public situations where quality, and accuracy through things like hallucinations and toxic outputs have led to lawsuits and loss of credibility and trust for businesses.
Using RAG is not the only method that is available to AI Teams to make sure that LLMs are generating effective and accurate text. There may be certain use cases or compliance and regulatory rules that restrict the use of RAG. LLM accuracy and integrity can still be accomplished through the validation and monitoring components that we at Wallaroo.AI call LLM Listeners.
We came up with this concept of LLM Listeners after working with some of our customers who were doing this in the context of traditional ML where they were using different modalities or different customer interactions that were related to audio scenarios. Primarily for calls where the models would look for specific information on the call to gather sentiment and things like that.
With our customers shifting towards LLMs as the interaction method for their customers, the same monitoring and models that were in place remained relevant for them. Together with our customers, we came up with this concept of an LLM listener which is essentially a set of models that we build and offer off the shelf that can be customizable to detect and monitor certain behaviors such as toxicity, harmful language etc.
You may be looking to generate an alert for poor quality responses immediately or even autocorrect that behavior from the LLM that can be done in-line. It can also be utilized offline if you’re looking to do some further analysis on the LLM interaction. This is especially useful if it’s something that is done in a more controlled environment. For example, you can be doing this in a RAG setting and add these validation and monitoring steps on top of that.
The LLM Listeners can also be orchestrated to generate real-time monitoring reports and metrics to understand how your LLM is behaving and ensure that it’s effective in production which helps drive the time to value for the business. You can also iterate on the LLM Listener and keep the endpoint static while everything that happens behind it can remain fluid to allow AI teams to iterate quickly on the LLMs without impacting the bottom line which could be your business reputation, revenue costs, customer satisfaction etc.
LLM Listeners with Wallaroo in Action
Let’s have a look at how these LLM Listeners work and how easy it is to deploy into production.
Fig -1
LLM Listener approach illustrated in Fig -1 is implemented as follows:
1: Input text from application and corresponding generated text
2: We provide a service where you can have your LLM inference endpoint and
3: We will log the interactions between the LLM inference endpoint and your users. We can see the input text and corresponding generated text from there.
4: The logs can be monitored by a suite of listener models, and these can be anything from standard processes to other NLP models that are monitoring these outputs inline or offline. You can think of them as things like sentiment analyzers or even full systems that check against some ground truth.
5: The LLM listeners are going to score your LLM interactions on a variety of factors and can be used to start to generate automated reporting and alerts in cases where, over time, behavior is changing or some of these scores start to fall out of acceptable ranges.
In addition to the passive listening that you see here where these listeners are monitoring for macro level behaviors occurring over the course of many interactions, we also have the ability to deploy these listeners in line to ride alongside the LLM and actually give it the ability to suppress outputs that violate these thresholds from going out the door in the first place
Now let’s see an example of this in action. You can follow this example from the LLM Monitoring docs page.
The following shows running the LLM Listener as a Run Once task via the Wallaroo SDK that evaluates the llama3-instruct LLM. The LLM Listener arguments can be modified to evaluate any other deployed LLMs with their own text output fields.
This assumes that the LLM Listener was already uploaded and is ready to accept new tasks, and we have saved it to the variable llm_listener.
Here we create and orchestrate the llm monitoring task for the LLM Listener and provide it the deployed LLM’s workspace and pipeline, and the LLM Listener’s models workspace and name.
args = {
‘llm_workspace’ : ‘llm-models’ ,
‘llm_pipeline’: ‘llamav3-instruct’,
‘llm_output_field’: ‘out.generated_text’,
‘monitor_workspace’: ‘llm-models’,
‘monitor_pipeline’ : ‘full-toxmonitor-pipeline’,
‘window_length’: -1, # in hours. If -1, no limit (for testing)
‘n_toxlabels’: 6,
}
task = llm_listener.run_once(name=”sample_monitor”, json_args=args, timeout=1000)
Next, we’ll list out the tasks from a Wallaroo client saved to wl, and verify that the task finished with Success.
wl.list_tasks()
Fig 2.
With this task completed, we will check the LLM Listener logs and use the evaluation fields to determine if there are any toxicity issues, etc.
llm_evaluation_results = llm_listener_pipeline.logs()
display(llm_evaluation_results)
This gives us an output similar to the truncated Fig 3. example below. Notice the toxicity column headings and scoring for Insult, Obscene, and Severe Toxic.
Fig. 3
Once a task is completed, the results are available. The Listener’s inference logs are available for monitoring through Wallaroo assays.
From the Assay output chart below, we can see periods where my toxicity values are within the normal bounds’ threshold Fig. 4. and we can click into them to see what those interactions look like in Fig. 5.
Fig. 4
Fig. 5
We can also see periods where the output has exceeded the normal threshold and have an outlier here in Fig. 6.
Fig. 6
And from the above chart we can drill into a more detailed view in Fig. 7.
Fig. 7
In addition to this we can drill deeper into the logs and can actually look at this period in more detail and even see individual audit logs of the particular interactions that are going to allow us to say exactly what our model output is and exactly what the scores here were across those variety of metrics from insulting to obscene language threatening language etc. as seen in Fig. 8.
Fig. 8
Conclusion:
LLM Listeners are just one of the LLM monitoring methods available for LLMOps that help ensure that LLMs in production are robust and effective in post-production by implementing monitoring metrics and alerts. Using LLM Listeners for potential issues such as toxicity, obscenity, etc. to avoid risks safeguards accurate and relevant outputs.
As mentioned at the beginning Wallaroo is actively working on building out a suite of these listeners and partnering with customers to build out listeners that are specific to their applications and use cases.
Wallaroo LLM Operations Docs: https://docs.wallaroo.ai/wallaroo-llm/
Request a Demo: https://wallaroo.ai/request-a-demo/
____________________________________________________________________________
Microsoft Tech Community – Latest Blogs –Read More
Save ingestion costs by splitting logs into multiple tables and opting for the basic tier!
In this blog post I am going to talk about splitting logs to multiple tables and opting for basic tier to save cost in Microsoft Sentinel. Before we delve into the details, let’s try to understand what problem we are going to solve with this approach.
Azure Monitor offers several log plans which our customers can opt for depending on their use cases. These log plans include:
Analytics Logs – This plan is designed for frequent, concurrent access and supports interactive usage by multiple users. This plan drives the features in Azure Monitor Insights and powers Microsoft Sentinel. It is designed to manage critical and frequently accessed logs optimized for dashboards, alerts, and business advanced queries.
Basic Logs – Improved to support even richer troubleshooting and incident response with fast queries while saving costs. Now available with a longer retention period and the addition of KQL operators to aggregate and lookup.
Auxiliary Logs – Our new, inexpensive log plan that enables ingestion and management of verbose logs needed for auditing and compliance scenarios. These may be queried with KQL on an infrequent basis and used to generate summaries.
Following diagram provides detailed information about the log plans and their use cases:
I would also recommend going through our public documentation for detailed insights about feature-wise comparison for the log plans which should help you in taking right decisions for choosing the correct log plans.
**Note** Auxiliary logs are out of scope for this blog post, I will write a separate blog on the Auxiliary logs later.
So far, we know about different log plans available and their use cases.
The next question is which tables support Analytics and Basic log plan?
Analytics Logs: All tables support the Analytics plan.
Basic Logs: All DCR-based custom tables and some Azure tables support the Basic log plan.
You can switch between the Analytics and Basic plans; the change takes effect on existing data in the table immediately.
When you change a table’s plan from Analytics to Basic, Azure monitor treats any data that’s older than 30 days as long-term retention data based on the total retention period set for the table. In other words, the total retention period of the table remains unchanged, unless you explicitly modify the long-term retention period.
Check our public documentation for more information on setting the table plan.
I will focus on splitting Syslog table and setting up the DCR-based table to Basic tier in this blog.
Typically Firewall logs contribute to high volume of log ingestion to a SIEM solution.
In order to manage cost in Microsoft Sentinel its highly recommended to thoroughly review the logs and identify which logs can be moved to Basic log plan.
At a high level, the following steps should be enough to achieve this task:
Ingest Firewall logs to Microsoft Sentinel with the help of Linux Log Forwarder via Azure Monitor Agent.
Assuming the log is getting ingested in Syslog table, create a custom table with same schema as Syslog table.
Update the DCR template to split the logs.
Set the table plan to Basic for the identified DCR-based custom table.
Set the required retention period of the table.
At this point, I anticipate you already have log forwarder set up and able to ingest Firewall logs to Microsoft Sentinel’s workspace.
Let’s focus on creating a custom table now
This part used to be cumbersome but not anymore, thanks to my colleague Marko Lauren who has done a fantastic job in creating this PowerShell Script which can create a custom table easily. All you need to do is to enter the pre-existing table name and the script will create a new DCR-Based custom table with same schema.
Let’s see it in action:
Download the script locally.
Open the script in PowerShell ISE and update workspace ID & resource ID details as shown below.
Save it locally and upload to Azure PowerShell.
Load the file and enter the table name from which you wish to copy the schema.
Provide the new table name as per your wish, ensure the name has suffix “_CL” as shown below:
This should create a new DCR-based custom table which you can check in Log Analytics Workspace > Table blade as shown below:
**Note** We highly recommend you should review the PowerShell script thoroughly and do proper testing before executing it in production. We don’t take any responsibility for the script.
The next step is to update the Data Collection Rule template to split the logs
Since we already created custom table, we should create a transformation logic to split the logs and send less relevant log to the custom table which we are going to set to Basic log tier.
For demo purposes, I’m going to split logs based on SeverityLevel. I will drop “info” logs from Syslog table and stream it to Syslog_CL table.
Let’s see how it works:
Browse to Data Collection Rule blade.
Open the DCR for Syslog table, click on Export template > Deploy > Edit Template as shown below:
In the dataFlows section, I’ve created 2 streams for splitting the logs. Details about the streams as follows:
1st Stream: It’s going to drop the Syslog messages where SeverityLevel is “info” and send the logs to Syslog table.
2nd Stream: It’s going to capture all Syslog messages where SeverityLevel is “info” and send the logs to Syslog_CL table.
Save and deploy.
Let’s validate if it really works
Go to the Log Analytics Workspace > Logs and check if the tables contains the data which we have defined it for.
In my case as we can see, Syslog table contains all logs except those where SeverityLevel is “info”
Additionally, our custom table: Syslog_CL contains those Syslog data where SeverityLevel is “info”
Now the next part is to set the Syslog_CL table to Basic log plan
Since Syslog_CL is a DCR-based custom table, we can set it to Basic log plan. Steps are straightforward:
Go to the Log Analytics Workspace > Tables
Search for the table: Syslog_CL
Click on the ellipsis on the right side and click on Manage table as shown below:
Select the table plan to Basic and set desired retention period
Save the settings.
Now you can enjoy some cost benefits, hope this helps.
Microsoft Tech Community – Latest Blogs –Read More
Discover the power of Copilot prompts | New eBook
Are you ready to revolutionize the way you work with Microsoft 365? I’m excited to share a new eBook I’ve been working on that is now available as a free download: “Discover the power of Copilot prompts.” This is a comprehensive guide filled with insights from numerous experts about their practical prompts to elevate productivity and streamline their workflows within the Microsoft 365 ecosystem.
“One of my favorite use cases for Copilot in Bing is using it as a sparring partner for ideation and the development of initial ideas.” – Karoliina Kettukari, Head of Modern Work – Meltlake and Microsoft MVP [relating to Karoliina’s example within the eBook when using Copilot to help plan her team day … to seize the opportunity to learn and upskill.]
I believe in the power of our community and in all that we bring together. By sharing our knowledge, we make everyone wiser, enabling us to harness the full potential of Copilot for Microsoft365 more effectively. I enjoy learning from others. I enjoy sharing their learning and my own insights. Together we can achieve more and continuously improve how we work.
“Discover the Power of Copilot Prompts,” a new eBook by Femke Cornelissen – Chief Copilot at Wortell.
Get your free copy today: “Discover the power of Copilot prompts“
The value within the pages: Prompting for productivity
“Discover the Power of Copilot Prompts” isn’t just another tech guide. It’s a curated collection of the best prompts from top experts in the Microsoft community (the best community in tech, imo). I reached out to seasoned professionals, influencers, and Microsoft MVPs, asking them to share their favorite prompts that have transformed their productivity and efficiency. This book is the culmination of those insights, offering you real-world applications and innovative techniques that you won’t find anywhere else.
This eBook contains unique suggestions you won’t find anywhere else. Each expert shares how they use prompts and walk you through the favorite prompt – inclusive of the why and how they do it. It’s high time to try new patterns and practices of building good prompts. The output is refined and improved support, summarization, creation – for you.
What’s Inside?
Microsoft Copilot is a powerful tool designed to enhance task execution and boost productivity. It allows you to devise these prompts as you see fit. So, you can write your own queries and freely express your creativity and get the assistance you need. The eBook covers:
Prompting 101: Discover how it works and incorporate specific elements into your prompts to ensure they generate valuable responses. You just need practice (and a few pointers).
Exclusive Prompts: Detailed prompts applied within Microsoft 365 apps and services including Teams, Word, Excel, PowerPoint, Loop, and more.
Expert Tips: Hear from the best in the community. Each expert shares specific scenarios, what they wanted as an outcome, and how they “promptly” get there.
Guidance for setting priorities: Learn how well-crafted prompts can help you organize and prioritize tasks and make informed decisions.
Get inspired by new ideas and insights and don’t miss out on this opportunity to get your hands on your copy of “Discover the Power of Copilot Prompts.”
Femke Cornelissen, Chief Copilot at Wortell and author of the new eBook, “Discover the Power of Copilot Prompts.”
Thank you for your support. This is an incredible journey we are on together. Let me know what you think in the comments below; don’t hesitate to share any tips or tricks of your own. And if you are on LinkedIn, let me know your thoughts and help me get the word – reshare my eBook launch post.
Cheers and thank you for your support, Femke
About Femke
Femke Cornelissen is Chief Copilot at Wortell, a leading Microsoft partner in the Netherlands. In this role, she aligns the technical vision of the organization with its mission and strategy, and she highlights the latest developments and best practices in the field of Workplace and Productivity, with a focus on Microsoft 365. She has over four years of experience as a Business Consultant and a Team Leader helping her clients adopt and optimize their modern workplace solutions using Microsoft technologies.
She is also passionate about engaging with the Microsoft community and sharing my knowledge and insights on Microsoft 365. She is a Microsoft Most Valuable Professional (MVP) in Microsoft 365 Apps and Services, a recognition for her contributions and expertise in the Microsoft ecosystem. Femke volunteers at Experts Live Netherlands, a platform for Microsoft experts to network and exchange information and is a co-founder and a community manager of Dutch Women in Tech (DWIT), an initiative that supports and empowers more women to pursue a career in IT. Additionally, she hosts the podcast Cloud Conversations, where she interviews Microsoft community members and discusses their experiences and challenges with Microsoft solutions. Her goal is to inspire and educate others on the possibilities and benefits of Workplace and Productivity innovation.
Microsoft Tech Community – Latest Blogs –Read More
