Category: Microsoft
Category Archives: Microsoft
Need help on how I can transfer the formula to another worksheet
We have an old worksheet created for us and it was pre or early 2000. I want to use another worksheet with an updated file. The problem is even if I changed the values the formula doesn’t work it gives me a name error.
The formula is
=IF(AP21=0,0,(MAX(watercharge(AQ21,$AP$3,$AP$4,$AP$5,$AP$6,$AP$7),571.2)))
Ap21 = Current water reading on the meter
Aq21 = Water usage
57.12 $AP$337.4 $AP$448.4 $AP$564.2 $AP$693.6 $AP$7
Also when I search MAX or watercharge, it directs me back to the formula.
Copy pasting the formula doesn’t work to the new worksheet.
I tried changing the values to fit my new worksheet
=IF(O8=0,0,(MAX(watercharge(P8,$T$5,$T$6,$T$7,$T$8,$T$9),384.35)))
57.12 $T$337.4 $T$448.4 $T$564.2 $T$693.6 $T$7
but it gives this error
Can anyone help/teach me how I could make this work?
I am new to excel any help would be appreciated.
How can I also share my worksheet?
We have an old worksheet created for us and it was pre or early 2000. I want to use another worksheet with an updated file. The problem is even if I changed the values the formula doesn’t work it gives me a name error.The formula is=IF(AP21=0,0,(MAX(watercharge(AQ21,$AP$3,$AP$4,$AP$5,$AP$6,$AP$7),571.2)))Ap21 = Current water reading on the meterAq21 = Water usage57.12 $AP$337.4 $AP$448.4 $AP$564.2 $AP$693.6 $AP$7 Also when I search MAX or watercharge, it directs me back to the formula.Copy pasting the formula doesn’t work to the new worksheet.I tried changing the values to fit my new worksheet=IF(O8=0,0,(MAX(watercharge(P8,$T$5,$T$6,$T$7,$T$8,$T$9),384.35)))57.12 $T$337.4 $T$448.4 $T$564.2 $T$693.6 $T$7but it gives this errorCan anyone help/teach me how I could make this work?I am new to excel any help would be appreciated.How can I also share my worksheet? Read More
Change the list items custom permission. using sharing link or advanced permission settings
In SharePoint online we have 2 approaches to change the items permissions inside custom lists, either by going to the Advance settings, as follow:-
or click on share:-
now for the first approach to work, users need to have atleast these 2 permission levels to be able to modify the items/documents permission settings:-
while for the second approach to work we need to check this Access Requests settings checkbox checked:-
now i find the first approach work better for our scenarios, as usually we do not want all users to be able to share the list items and documents with other users, we only need to allow certain group of users to do so.. so we can uncheck this checkbox:-
and grant the users who should be able to share with other users the needed permission level. so is there an approach that is recommended by Microsoft ? or both options are valid to modify the items and document permission settings? Thanks
In SharePoint online we have 2 approaches to change the items permissions inside custom lists, either by going to the Advance settings, as follow:- or click on share:- now for the first approach to work, users need to have atleast these 2 permission levels to be able to modify the items/documents permission settings:- while for the second approach to work we need to check this Access Requests settings checkbox checked:- now i find the first approach work better for our scenarios, as usually we do not want all users to be able to share the list items and documents with other users, we only need to allow certain group of users to do so.. so we can uncheck this checkbox:- and grant the users who should be able to share with other users the needed permission level. so is there an approach that is recommended by Microsoft ? or both options are valid to modify the items and document permission settings? Thanks Read More
Conditional Formatting Overdue Date and Time
I am trying to format a sheet that I use to track when documents are due and overdue. The due dates are based on the date and time of the initial document completion, so I have all the following cells formatted as (for example) =B2+3 (indicating that the document is due exactly 3 days/72 hours following completion of the first one). Similarly, if a document is due a specific number of hours after the original document, I use something like =B2+3+(8/24), indicating that it is due 80 hours/3days and 8 hours after the original document.
[Also for context, I formatted the Date and Time cells using m/d/yyyy Ctrl-J h:mm AM/PM so that it would wrap onto two lines. I’m not sure if that’s impacting what I’m trying to do with the conditional formatting or not. Please let me know.]
I am looking for a formula (if it exists) that will allow me to conditionally format each cell in the appropriate row such that if that document is overdue, it turns red.** Overdue meaning past both the date AND time of TODAY and NOW.
I’m pretty sure I figured out how to format one cell such that if it is past NOW it formats to red, but I’m stuck on how to apply that to the whole row (without duplicating the individual rule a thousand times because my columns go up to T).
**Also, if there is a similar formula or structure that allows me to see when things are due soon, that would be great. Like, within 24 hours of NOW, kind of thing.
Thanks in advance for any help!!
I am trying to format a sheet that I use to track when documents are due and overdue. The due dates are based on the date and time of the initial document completion, so I have all the following cells formatted as (for example) =B2+3 (indicating that the document is due exactly 3 days/72 hours following completion of the first one). Similarly, if a document is due a specific number of hours after the original document, I use something like =B2+3+(8/24), indicating that it is due 80 hours/3days and 8 hours after the original document.[Also for context, I formatted the Date and Time cells using m/d/yyyy Ctrl-J h:mm AM/PM so that it would wrap onto two lines. I’m not sure if that’s impacting what I’m trying to do with the conditional formatting or not. Please let me know.] I am looking for a formula (if it exists) that will allow me to conditionally format each cell in the appropriate row such that if that document is overdue, it turns red.** Overdue meaning past both the date AND time of TODAY and NOW. I’m pretty sure I figured out how to format one cell such that if it is past NOW it formats to red, but I’m stuck on how to apply that to the whole row (without duplicating the individual rule a thousand times because my columns go up to T).**Also, if there is a similar formula or structure that allows me to see when things are due soon, that would be great. Like, within 24 hours of NOW, kind of thing. Thanks in advance for any help!! Read More
Ignore the Hype Surrounding the Copilot Announcement
Microsoft’s January 15 announcement reduced deployment costs and opened the possibility for Copilot for Microsoft 365 deployments to many Office 365 tenants. Reducing costs is great, but just because Copilot for Microsoft 365 is now available to many more tenants doesn’t mean that it is a silver bullet to address all IT woes.
https://office365itpros.com/2024/01/18/copilot-for-microsoft-365-deployment/
Microsoft’s January 15 announcement reduced deployment costs and opened the possibility for Copilot for Microsoft 365 deployments to many Office 365 tenants. Reducing costs is great, but just because Copilot for Microsoft 365 is now available to many more tenants doesn’t mean that it is a silver bullet to address all IT woes.
https://office365itpros.com/2024/01/18/copilot-for-microsoft-365-deployment/ Read More
Continued region expansion: Azure Data Factory is generally available in two more regions
Azure Data Factory is now available in two new regions:
Israel Central
Italy North
You can now provision Data Factory in the new regions in order to co-locate your Extract-Transform-Load logic with your data lake and compute.
See the full set of Azure Data Factory supported regions.
Microsoft Tech Community – Latest Blogs –Read More
Continued region expansion: Azure Data Factory is generally available in two more regions
Azure Data Factory is now available in two new regions:
Israel Central
Italy North
You can now provision Data Factory in the new regions in order to co-locate your Extract-Transform-Load logic with your data lake and compute.
See the full set of Azure Data Factory supported regions.
Microsoft Tech Community – Latest Blogs –Read More
Continued region expansion: Azure Data Factory is generally available in two more regions
Azure Data Factory is now available in two new regions:
Israel Central
Italy North
You can now provision Data Factory in the new regions in order to co-locate your Extract-Transform-Load logic with your data lake and compute.
See the full set of Azure Data Factory supported regions.
Microsoft Tech Community – Latest Blogs –Read More
Is Co Pilot Pro available as a benefit for partners? We’d like to experiment and learn more
We have developed a chat based service desk application that integrates with MS Teams, leverages a lot of services via Azure Open AI, and routes to service desk agents (https://www.chimev5.com/). We also have a lot of customers who are starting to explore, and deploy, Copilot and Copilot Pro.
We imagine that we may want to integrate with Copilot Pro and we’d like to deploy an internal instance, connect with some data providers, and generally consider integration avenues.
Is Copilot Pro an available benefit as part of the MS Partner program?
Thanks
We have developed a chat based service desk application that integrates with MS Teams, leverages a lot of services via Azure Open AI, and routes to service desk agents (https://www.chimev5.com/). We also have a lot of customers who are starting to explore, and deploy, Copilot and Copilot Pro. We imagine that we may want to integrate with Copilot Pro and we’d like to deploy an internal instance, connect with some data providers, and generally consider integration avenues. Is Copilot Pro an available benefit as part of the MS Partner program? Thanks Read More
Continued region expansion: Azure Data Factory is generally available in two more regions
Azure Data Factory is now available in two new regions:
Israel Central
Italy North
You can now provision Data Factory in the new regions in order to co-locate your Extract-Transform-Load logic with your data lake and compute.
See the full set of Azure Data Factory supported regions.
Microsoft Tech Community – Latest Blogs –Read More
Continued region expansion: Azure Data Factory is generally available in two more regions
Azure Data Factory is now available in two new regions:
Israel Central
Italy North
You can now provision Data Factory in the new regions in order to co-locate your Extract-Transform-Load logic with your data lake and compute.
See the full set of Azure Data Factory supported regions.
Microsoft Tech Community – Latest Blogs –Read More
Continued region expansion: Azure Data Factory is generally available in two more regions
Azure Data Factory is now available in two new regions:
Israel Central
Italy North
You can now provision Data Factory in the new regions in order to co-locate your Extract-Transform-Load logic with your data lake and compute.
See the full set of Azure Data Factory supported regions.
Microsoft Tech Community – Latest Blogs –Read More
Microsoft 365 Group Calendar Reminder
Hi,
My team recently created a Group calendar which we are using to establish visibility across the group for interlated meetings. I notice that when a meeting is created in this calendar, the Outlook does not send an upcoming appointment reminder as it does for my personal calendar. Can this be enabled?
Hi, My team recently created a Group calendar which we are using to establish visibility across the group for interlated meetings. I notice that when a meeting is created in this calendar, the Outlook does not send an upcoming appointment reminder as it does for my personal calendar. Can this be enabled? Read More
Updating column in SharePoint List row using forms submitted by different users
I’m a novice at PowerAutomate. I’ve built two Forms. First will go to a student. Student fills out information including a school official email address. Once submitted, one Flow will use the school official email address to send a form to the school official. A second flow will load information into a SharePoint List. Both forms (student and school official) ask for a student ID number.
When the school official submits their form I’d like to build a Flow that updates the row submitted via the student’s form with select information from the school official. Ideally, I’d be able to use the student ID (StarID) in the Flow to connect everything (ie if the StarID is the same please do this . . .). The only data that I want added to the student row is the recommendation (far right column of screenshot). School Officials will recommend “Yes” or “No.” All other data you can see in the screenshot is loaded in when the student submits their form. After the school official submits, the flow would look to see if there is a StarID in the list and only add the data from the recommendation. Any help would be more than appreciated.
I’m a novice at PowerAutomate. I’ve built two Forms. First will go to a student. Student fills out information including a school official email address. Once submitted, one Flow will use the school official email address to send a form to the school official. A second flow will load information into a SharePoint List. Both forms (student and school official) ask for a student ID number. When the school official submits their form I’d like to build a Flow that updates the row submitted via the student’s form with select information from the school official. Ideally, I’d be able to use the student ID (StarID) in the Flow to connect everything (ie if the StarID is the same please do this . . .). The only data that I want added to the student row is the recommendation (far right column of screenshot). School Officials will recommend “Yes” or “No.” All other data you can see in the screenshot is loaded in when the student submits their form. After the school official submits, the flow would look to see if there is a StarID in the list and only add the data from the recommendation. Any help would be more than appreciated. Read More
Announcing the availability of the new gMSA on AKS workshop
gMSA is the technology behind the support for Active Directory dependent applications to run on Kubernetes. Over time, we’ve been adding a lot of resources around it, such as PowerShell modules (to help with the configuration process), documentation, scripts, and more. The reason behind this is that on one side, gMSA is incredibly popular (of course, anyone trying to containerize a Windows app that relies on AD for authentication will use it), but also because it is somewhat complex to configure it. Setting up gMSA means you have to configure your Kubernetes cluster, the networking between the cluster and Domain Controller(s), the secret store (such as Azure Key Vault), the Domain Controller itself, and so on…
Because so many resources need to be configured, many customers have a hard time to see how gMSA actually works before doing it in production. Today, we’re glad to announce that you can now try gMSA on AKS with a guided workshop. This workshop still requires a subscription for you to use, but all the other configurations can be implemented by following the workshop’s instructions. We plan to upgrade this into a self-contained workshop in the future.
What is part of the workshop
This is an end-to-end workshop on which you can start with a net-new subscription (or an existing one, of course) and build everything from scratch. The workshop covers briefly what gMSA is and how it’s used.
The workshop has the following objectives:
Provide an overview of gMSA on AKS, necessary components, and how to set up an environment for a Windows app that requires Active Directory authentication.
Understand how the AksGMSA PowerShell module helps in the process of configuring gMSA on AKS.
Understand the flow of configuring gMSA on AKS and how the multiple resources interact with each other.
The workshop is divided into seven exercises:
Exercise 01 – Spinning up Azure environment
Here you will deploy the base services to get started. You will use a script to deploy the Resource Group, the Virtual Network and Subnet, the AKS cluster and the Windows node pool. The script will also deploy a VM to be used as domain controller.
Exercise 2 – Configure Active Directory
Here we will prepare the VM and the Active Directory domain to use gMSA. A script is provided to deploy AD into the VM.
Exercise 3 – Enable Azure Bastion to RDP into DC01 VM and take note of additional resources
To reduce costs, we will only use one VM in this workshop, so we will also use this VM (which is our Domain Controller) for other purposes – which is not recommended in production. To securely access the VM, we will enable Azure Bastion.
Exercise 4 – Configure the AksGMSA PowerShell module on the DC01 VM
This is where most of the gMSA configuration is passed to the AksGMSA PowerShell module on the DC01 VM. The provided script and module will set up gMSA on AKS later and in this exercise, we pass on the configuration we want to be used later.
Exercise 5 – Deploy gMSA on AKS and configure AD and Azure resources
This where the configuration for gMSA on AKS happens. Using the information provided before, we run the commands for the AksGMSA module and set up the gMSA on AKS, configure AD, create the Azure Key Vault, Managed Identity, and all other configurations.
Exercise 6 – Validate the deployment of gMSA on AKS
Once gMSA on AKS has been deployed and configured, you can use the AksGMSA module to validate the configuration and communication between the AKS cluster and the AD domain. This exercise uses the native commands on the module to validate everything is in place.
Exercise 7 – Deploy IIS with Windows authentication enabled
Validating that gMSA has been deployed correctly is not as cool as seeing an application working properly. In this exercise, we deployed a very simple, sample application to see the authentication actually happening. We deploy a Windows pod to the AKS cluster, with an IIS website setup to use Windows authentication and then open the website to see the authentication pop-up, provide the username and password, and see the website open.
At the end, there’s an exercise to clean up the environment and ensure you’re not being charged for this any further.
Hopefully this workshop provides a good overview of how gMSA on AKS works. Feel free to go wild and try different things, try your own app, your own set up. And let us know what you think and how we can improve not only the workshop itself but the whole gMSA on AKS experience.
Microsoft Tech Community – Latest Blogs –Read More
Unleash the full potential of User and Entity Behavior Analytics with our updated workbook
This blog post introduces a new and improved version of the User and Entity Behavior Analytics workbook. This workbook uses data from User and Entity Behavior Analytics (UEBA), a feature of Microsoft Sentinel that leverages machine learning and threat intelligence to detect anomalous and potentially malicious behavior of users and devices in your network (for more information see Identify advanced threats with UEBA).
UEBA is a powerful tool that can help you identify and respond to various types of cyberattacks, such as insider threats, brute-force attacks, DDoS attacks, and phishing campaigns. By using UEBA data in the workbook, you can gain deeper insights into the activities and patterns of your users and entities, and visualize the scope and impact of the threats you face.
The main updates you will find in this version:
Anomalies related to IPs and hosts, on top of accounts are now displayed.
A new section has been added for incidents involving entities with anomalies raised up to 3 days prior to the incident’s creation.
The workbook now relies on the Anomalies table, whereas the old version was looking at the BehaviorAnalytics table
Getting started
As always, you can find the latest version on the Content Hub:
Search for the ‘Microsoft Sentinel Optimization Workbook’ in the Content hub and install the solution.
After you install it (or update it), you can
Either select ‘Configuration’
or go to the Workbooks blade, and select View Template or save the workbook in case you want to make modifications.
Once you launch the workbook, we recommend selecting Show Help: Yes the first time so you can see explanations for each step:
Visualizing your workbook
At the top you will find the number of new or active incidents and alerts, as well as anomalies.
We have now added a section for Incidents with entities present in anomalies created up to 3 days before the incident was generated:
This can be helpful to prioritize incident investigation, as well as discover suspicious behaviors in the entities involved.
Finally, at the bottom you can see top Users, Ips and Hosts by anomalies. (Previously, this was only available for users).
We hope that this workbook helps your organization in your investigations.
This workbook has been updated by @NChristis (Senior Product Manager) and @madesous (Senior Product Manager).
Microsoft Tech Community – Latest Blogs –Read More
How to handle the 2025 change to Azure VM internet access, including Aviatrix, in Azure Marketplace
In this guest blog post, Bryan Woodworth, Director of Solution Strategy for Aviatrix, explains best practices for tackling the upcoming change to Azure VM internet access.
Microsoft Azure has recently announced that support for default access to the internet is ending for new virtual machines (VMs) after September 30, 2025. While this change will not affect existing VMs, any VM built after this date will need an explicit method to allow outbound or inbound internet access. Today, any VM in Azure can access the internet right out of the box using a feature called default source network address translation (SNAT).
Default SNAT happens to outbound internet connections from VMs when none of the preferred methods for source address translation are otherwise available. Here, Azure will automatically translate the private IP of the VM to a special public IP pulled from a reserved regional block. While convenient, this method has its downsides, such as implicit internet access, lack of control or visibility over the public IP, and difficulties performing advanced troubleshooting.
Fortunately, Azure provides other choices for allowing VMs to connect to public endpoints, such as instance-level public IPs, outbound rules, the Azure NAT Gateway, and vendor-based solutions, such as Distributed Cloud Firewall for Egress (DCF for Egress) from Aviatrix. The question is: With so many options, which is the right solution for you? The answer is that some choices are better than others, depending on what you want to accomplish. Let’s look at four of these options:
Instance-level public IPs
Instance-level public IPs (IL-PIPs) are special IP addresses in Azure that you assign to a single VM or, more correctly, to a single network interface controller (NIC) that then is assigned to a VM. They are special because they don’t reside within the private IP space of the virtual network (VNet) itself; they instead operate as a regional-level service for private-to-public address translation when a single VM needs to access another public endpoint. IL-PIPs remove a lot of the mystery of the default SNAT feature in Azure: they are purposeful, explicit, and stapled to their parent NIC.
IL-PIPs are best used on network virtual appliances (NVAs) within Azure, such as virtual firewalls and software-defined wide area network (SD-WAN) devices. They are a convenient and easy way for NVAs to provide egress security or hybrid connectivity on behalf of app-level VMs that need to connect to internet destinations. One care here is that unless scaled correctly, IL-PIPs on NVAs are prone to port exhaustion; this is a common scenario when NAT is involved.
IL-PIPs are not ideal for individual VMs that are running application or data workloads due to complexity, lack of security, and cost. It is far better to provide an internet egress de-militarized zone (DMZ) for these VMs to leverage, per the NVA model above, which is a best-practice architecture in Azure.
Outbound rules
Fortunately, Azure has several outbound solutions that specifically address this issue. Outbound rules, for example, operate in conjunction with an Azure public load balancer and offer a sophisticated set of parameters for adding additional outbound public IPs and port mappings to tackle almost any egress requirements. Outbound rules are ideal for VMs that are part of a backend pool and need easy and convenient outbound access through the same Azure public load balancer that services their inbound requests.
But not all VMs in Azure are behind a load balancer and not all customers want to configure every public load balancer with outbound rules, especially if they have a large number of public load balancers to deal with. Furthermore, outbound rules are not optimized for customers looking for a VNet-wide solution or quick “one click” deployment. For this reason, Azure offers customers what is sure to be its best solution for egress traffic, which is the Azure NAT Gateway.
Azure NAT Gateway
The Azure NAT Gateway has a lot to offer; it’s simple to configure and deploy, fully managed, and intelligently handles port allocation under the hood so that customers can quickly and easily scale their egress traffic requirements. Even better, it works with both standalone VMs as well as VMs behind load balancers, all without any complicated requirements. Simply deploy the Azure NAT Gateway, assign it one or more PIPs — classless inter-domain routing (CIDR) ranges are indeed supported — point it to the subnets you want to it serve, and you’re off to the races. Finally, Azure NAT Gateway is fully redundant and supports availability zones for high uptimes.
Aviatrix’s Distributed Cloud Firewall for Egress in Azure Marketplace
Even with all these great capabilities, some customers are looking to add additional functionality to their Internet egress strategy. This is where the Azure Marketplace comes in, and one of the most compelling offerings here is the Aviatrix Distributed Cloud Firewall (DCF). Aviatrix DCF features three upgradable tiers of capability, giving customers both choice and control over how they want to deploy and scale their internet egress solution in Azure.
Aviatrix DCF is a unique solution that distributes security across the entire cloud network, which alleviates bottlenecks, improves overall security, and reduces cloud costs. In addition to supporting full automation through Terraform and centralized management through Aviatrix CoPilot, Aviatrix DCF is supported in all Azure regions, including Azure Gov Cloud, as well as other major public clouds.
The Aviatrix DCF for Egress solution starts with the basic NAT tier. This tier provides customers with enterprise-grade dynamic NAT capabilities on a per-VNet basis. The basic NAT tier can be easily and quickly scaled to handle enormous amounts of traffic; it will automatically become the default internet gateway for its resident VNet through cloud-native orchestration.
For customers looking to add additional security, the basic NAT tier can be upgraded to the Aviatrix DCF for Egress tier, which adds support for transport layer security (TSL)/secure sockets layer (SSL) decryption, fully qualified domain name (FQDN) filtering, and intrusion detection. These additional capabilities are a game-changer for customers who need to ensure that all outbound traffic is both trusted and secure. Because public cloud introduces a rapidly changing “endless perimeter” for internet access across the entire network, this distributed approach ensures that all business-critical apps are protected without sacrificing application performance or disrupting your architecture.
In terms of billing, Aviatrix DCF for Egress does not meter on network data, only hourly consumption. This difference can quickly translate into big savings for customers, especially around security costs, which can rapidly spiral out of control in cloud. The billing plan for Aviatrix DCF for Egress ensures your monthly billing will be predictable, which makes your overall cloud expenses easier to control.
Finally, for customers looking for micro-segmentation and app-to-app (east/west) security in Azure, Aviatrix DCF for Egress can be upgraded to the full Aviatrix Distributed Cloud Firewall solution. This solution supports full-scale network security group (NSG) automation and dynamic policy enforcement based on object resource tags in addition to IP addresses. Aviatrix SmartGroups give customers intelligent, centralized policy control across the entire cloud network and even support hybrid policy enforcement over VPN and ExpressRoute.
While platform changes in networking behavior are not always welcome news, rest assured that Azure has a rich set of egress solutions to help you navigate the upcoming change with ease. Regardless of the solution you choose, the result will be an internet egress strategy that is more explicit, easier to see and control, and ultimately more secure. Together, Azure and Aviatrix can help you save money and improve security for outbound internet traffic with Aviatrix Distributed Cloud Firewall for Egress.
Please check out the Aviatrix Guide to Network Security in Azure. With it, you’ll learn how Aviatrix’s innovative network security solution enhances Azure’s native resources and services, optimizing performance and improving security.
Microsoft Tech Community – Latest Blogs –Read More
“WWSD: What would Sue do (for your intranet)” 🎙 – The Intrazone podcast
“As your organization evolves, you need intranets that make it easy to align experiences with the way you work and that can adapt to the inevitable changes in the way you work.” – Sue Hanley (from her ‘Planning your SharePoint hub sites’ documentation)
On this episode, we hear from Sue Hanley who expertly focuses on change — evolving and improving your intranet. Sue is an information architect, a Knowledge Management expert, and she doesn’t shy away from the word: Portals. Sue is steeped in all sorts of governance and collaboration consultation in the grandiose enterprise content services and app: SharePoint.
We grabbed time with Sue recently at 365 EduCon – Chicago (aka now “TechCon365”) – to see what she was up to and to ask her a few questions everyone would benefit from in hearing her answers – especially when it comes to establishing and revamping intranets. The goal is to discover how to make them better, how to make them work for you AND be worthy for people to go to and come back. Employees need to find things quickly and get things done – or your intranet doesn’t get a second visit.
Our full discussion is embedded below and now available through your favorite pod’player.
The Intrazone, episode 105:
Subscribe to The Intrazone podcast + show links and more below.
The Intrazone guest: Sue Hanley presenting her intranet expertise at a 365 EduCon event (2023).
Links to important on-demand recordings and articles mentioned in this episode:
Hosts, guests, and related products
Sue Hanley | LinkedIn | X | Website [guest]
Mark Kashman |@mkashman [co-host]
Chris McNulty |@cmcnulty2000 [co-host]
SharePoint | Facebook | @SharePoint | SharePoint community blog | Feedback
Articles and sites
Microsoft Docs – The home for Microsoft documentation for end users, developers, and IT professionals.
Microsoft Tech Community Home
Stay on top of Office 365 changes
Listen to other Microsoft podcasts
Upcoming Events
CollabDays – Bremen 2024 | Feb 9-10, 2024 near Hamburg in Germany
Teams Nation 2024 | Feb 21, 2024 9:00 – 19:30 CET
CollabDays – Calgary 2024 | Feb. 24, 2024
Microsoft Fabric Community Conference | March 26-28, 2024 in Las Vegas, NV
AIIM | April 3-5, 2024 in San Antonio, TX
North American Cloud & Collaboration Summit (NACS) | April 9-11, 2024 in Dallas, TX
Microosft 365 Conference | April 28 – May 4, 2024 in Orlando, FL
SharePoint Intranet Festival (Online)
European Collaboration Summit | May 14-16, 2024 in Weisbaden, Germany
TechCon365 – Seattle (formerly 365 EduCon) | June 3-7, 2024 in Seattle, WA
Subscribe today!
Thanks for listening! If you like what you hear, we’d love for you to Subscribe, Rate and Review on iTunes or wherever you get your podcasts.
Be sure to visit our show page to hear all episodes, access the show notes, and get bonus content. And stay connected to the SharePoint community blog and where we’ll share more information per episode, guest insights, and take any questions or suggestions from our listeners and SharePoint users (TheIntrazone@microsoft.com).
Get Intrazone anywhere and everywhere
Show page
Apple Podcasts
Google Play Music
Spotify
Pandora
Stitcher
Overcast
TuneIn
RadioPublic
iHeart
RSS
+ Listen to other Microsoft podcasts at aka.ms/microsoft/podcasts.
The Intrazone, a show about the Microsoft 365 intelligent intranet (aka.ms/TheIntrazone)
Microsoft Tech Community – Latest Blogs –Read More
Forms practice mode is here to enhance your learning process
Practice mode is now available in Forms. It’s tailored for EDU users, particularly students, offering a new way for students to review, test, and reinforce their knowledge. Follow me, let’s check out more details of practice mode. You can just try it from this template. (Note: Practice mode is only available for quizzes. )
Practice mode
Instant feedback after answering each question
In practice mode, questions will be shown one at a time. Students will receive immediate feedback after submitting each question, indicating whether their answer is right or wrong.
Instant feedback after answering each question
Try multiple times for the correct answer
Students can reconsider and try a question multiple times if they answer it incorrectly, facilitating immediate re-learning, and consequently strengthening their grasp of certain knowledge.
Try multiple times to get the correct answer
Encouragement and autonomy during practice
Students will receive an encouraging message after answering a question, whether their answer is correct or not, giving them a positive practice experience. And They have the freedom to learn at their own pace. If they answer a question incorrectly, they can choose to retry, view the correct answer, or skip this question.
Encouragement message and other options
Recap questions
After completing the practice, students can review all the questions along with the correct answers, offering a comprehensive overview to assess their overall performance.
Recap questions
Enter practice mode
Practice mode is only available for quizzes. You can turn it on from the “…” icon in the upper-right corner. Once you distribute the quiz recipients will automatically enter practice mode. Try out practice mode from this template now!
Enter practice mode
Microsoft Tech Community – Latest Blogs –Read More
Announcing the availability of the new gMSA on AKS workshop
gMSA is the technology behind the support for Active Directory dependent applications to run on Kubernetes. Over time, we’ve been adding a lot of resources around it, such as PowerShell modules (to help with the configuration process), documentation, scripts, and more. The reason behind this is that on one side, gMSA is incredibly popular (of course, anyone trying to containerize a Windows app that relies on AD for authentication will use it), but also because it is somewhat complex to configure it. Setting up gMSA means you have to configure your Kubernetes cluster, the networking between the cluster and Domain Controller(s), the secret store (such as Azure Key Vault), the Domain Controller itself, and so on…
Because so many resources need to be configured, many customers have a hard time to see how gMSA actually works before doing it in production. Today, we’re glad to announce that you can now try gMSA on AKS with a guided workshop. This workshop still requires a subscription for you to use, but all the other configurations can be implemented by following the workshop’s instructions. We plan to upgrade this into a self-contained workshop in the future.
What is part of the workshop
This is an end-to-end workshop on which you can start with a net-new subscription (or an existing one, of course) and build everything from scratch. The workshop covers briefly what gMSA is and how it’s used.
The workshop has the following objectives:
Provide an overview of gMSA on AKS, necessary components, and how to set up an environment for a Windows app that requires Active Directory authentication.
Understand how the AksGMSA PowerShell module helps in the process of configuring gMSA on AKS.
Understand the flow of configuring gMSA on AKS and how the multiple resources interact with each other.
The workshop is divided into seven exercises:
Exercise 01 – Spinning up Azure environment
Here you will deploy the base services to get started. You will use a script to deploy the Resource Group, the Virtual Network and Subnet, the AKS cluster and the Windows node pool. The script will also deploy a VM to be used as domain controller.
Exercise 2 – Configure Active Directory
Here we will prepare the VM and the Active Directory domain to use gMSA. A script is provided to deploy AD into the VM.
Exercise 3 – Enable Azure Bastion to RDP into DC01 VM and take note of additional resources
To reduce costs, we will only use one VM in this workshop, so we will also use this VM (which is our Domain Controller) for other purposes – which is not recommended in production. To securely access the VM, we will enable Azure Bastion.
Exercise 4 – Configure the AksGMSA PowerShell module on the DC01 VM
This is where most of the gMSA configuration is passed to the AksGMSA PowerShell module on the DC01 VM. The provided script and module will set up gMSA on AKS later and in this exercise, we pass on the configuration we want to be used later.
Exercise 5 – Deploy gMSA on AKS and configure AD and Azure resources
This where the configuration for gMSA on AKS happens. Using the information provided before, we run the commands for the AksGMSA module and set up the gMSA on AKS, configure AD, create the Azure Key Vault, Managed Identity, and all other configurations.
Exercise 6 – Validate the deployment of gMSA on AKS
Once gMSA on AKS has been deployed and configured, you can use the AksGMSA module to validate the configuration and communication between the AKS cluster and the AD domain. This exercise uses the native commands on the module to validate everything is in place.
Exercise 7 – Deploy IIS with Windows authentication enabled
Validating that gMSA has been deployed correctly is not as cool as seeing an application working properly. In this exercise, we deployed a very simple, sample application to see the authentication actually happening. We deploy a Windows pod to the AKS cluster, with an IIS website setup to use Windows authentication and then open the website to see the authentication pop-up, provide the username and password, and see the website open.
At the end, there’s an exercise to clean up the environment and ensure you’re not being charged for this any further.
Hopefully this workshop provides a good overview of how gMSA on AKS works. Feel free to go wild and try different things, try your own app, your own set up. And let us know what you think and how we can improve not only the workshop itself but the whole gMSA on AKS experience.
Microsoft Tech Community – Latest Blogs –Read More
Announcing the availability of the new gMSA on AKS workshop
gMSA is the technology behind the support for Active Directory dependent applications to run on Kubernetes. Over time, we’ve been adding a lot of resources around it, such as PowerShell modules (to help with the configuration process), documentation, scripts, and more. The reason behind this is that on one side, gMSA is incredibly popular (of course, anyone trying to containerize a Windows app that relies on AD for authentication will use it), but also because it is somewhat complex to configure it. Setting up gMSA means you have to configure your Kubernetes cluster, the networking between the cluster and Domain Controller(s), the secret store (such as Azure Key Vault), the Domain Controller itself, and so on…
Because so many resources need to be configured, many customers have a hard time to see how gMSA actually works before doing it in production. Today, we’re glad to announce that you can now try gMSA on AKS with a guided workshop. This workshop still requires a subscription for you to use, but all the other configurations can be implemented by following the workshop’s instructions. We plan to upgrade this into a self-contained workshop in the future.
What is part of the workshop
This is an end-to-end workshop on which you can start with a net-new subscription (or an existing one, of course) and build everything from scratch. The workshop covers briefly what gMSA is and how it’s used.
The workshop has the following objectives:
Provide an overview of gMSA on AKS, necessary components, and how to set up an environment for a Windows app that requires Active Directory authentication.
Understand how the AksGMSA PowerShell module helps in the process of configuring gMSA on AKS.
Understand the flow of configuring gMSA on AKS and how the multiple resources interact with each other.
The workshop is divided into seven exercises:
Exercise 01 – Spinning up Azure environment
Here you will deploy the base services to get started. You will use a script to deploy the Resource Group, the Virtual Network and Subnet, the AKS cluster and the Windows node pool. The script will also deploy a VM to be used as domain controller.
Exercise 2 – Configure Active Directory
Here we will prepare the VM and the Active Directory domain to use gMSA. A script is provided to deploy AD into the VM.
Exercise 3 – Enable Azure Bastion to RDP into DC01 VM and take note of additional resources
To reduce costs, we will only use one VM in this workshop, so we will also use this VM (which is our Domain Controller) for other purposes – which is not recommended in production. To securely access the VM, we will enable Azure Bastion.
Exercise 4 – Configure the AksGMSA PowerShell module on the DC01 VM
This is where most of the gMSA configuration is passed to the AksGMSA PowerShell module on the DC01 VM. The provided script and module will set up gMSA on AKS later and in this exercise, we pass on the configuration we want to be used later.
Exercise 5 – Deploy gMSA on AKS and configure AD and Azure resources
This where the configuration for gMSA on AKS happens. Using the information provided before, we run the commands for the AksGMSA module and set up the gMSA on AKS, configure AD, create the Azure Key Vault, Managed Identity, and all other configurations.
Exercise 6 – Validate the deployment of gMSA on AKS
Once gMSA on AKS has been deployed and configured, you can use the AksGMSA module to validate the configuration and communication between the AKS cluster and the AD domain. This exercise uses the native commands on the module to validate everything is in place.
Exercise 7 – Deploy IIS with Windows authentication enabled
Validating that gMSA has been deployed correctly is not as cool as seeing an application working properly. In this exercise, we deployed a very simple, sample application to see the authentication actually happening. We deploy a Windows pod to the AKS cluster, with an IIS website setup to use Windows authentication and then open the website to see the authentication pop-up, provide the username and password, and see the website open.
At the end, there’s an exercise to clean up the environment and ensure you’re not being charged for this any further.
Hopefully this workshop provides a good overview of how gMSA on AKS works. Feel free to go wild and try different things, try your own app, your own set up. And let us know what you think and how we can improve not only the workshop itself but the whole gMSA on AKS experience.
Microsoft Tech Community – Latest Blogs –Read More