Category: Microsoft
Category Archives: Microsoft
Move files to specific directories based on file modified by date.
Hi All,
I’m trying to make sense of 1000’s of photos and I’m looking for something a little different to the year – month standard option.
I’m trying to sort my pictures between specific dates for instance.
For example:
Pics from between 05-01-2000 & 04-02-2000 to be moved to directory ‘Year 1Month 0’
Pics from between 05-02-2000 & 04-03-2000 to be moved to directory ‘Year 1Month 1’
Pics from between 05-03-2000 & 04-04-2000 to be moved to directory ‘Year 1Month 2’
Pics from between 05-04-2000 & 04-05-2000 to be moved to directory ‘Year 1Month 3’
From searching i have found the following script
CmdletBinding(SupportsShouldProcess=$true)]
param (
[Parameter(Mandatory=$true)][string]$SourceDirectory,
[Parameter(Mandatory=$true)][string]$DestinationDirectory,
[Parameter(Mandatory=$true)][string]$ModifiedAfter,
[Parameter(Mandatory=$true)][string]$ModifiedBefore
)
Get-ChildItem -Path $SourceDirectory |
Where-Object {
$_.LastWriteTime `
-gt (Get-Date $ModifiedAfter) `
-and $_.LastWriteTime -lt (Get-Date $ModifiedBefore) } |
ForEach-Object { $_ | Copy-Item -Destination $DestinationDirectory }
You then run it with
.Copy-Files-Modified-Between-Dates `
-SourceDirectory C:Tempall `
-DestinationDirectory C:Tempsubset `
-ModifiedAfter ‘2000-01-05 18:00’ `
-ModifiedBefore ‘2000-02-04’
My question is how can this be made to increment onto the next month automatically or to reference a file for info maybe a csv or text file to say
Pics from between 05-04-2010 & 04-05-2010 to be moved to directory ‘Year 10Month 3’
Hi All,I’m trying to make sense of 1000’s of photos and I’m looking for something a little different to the year – month standard option.I’m trying to sort my pictures between specific dates for instance.For example:Pics from between 05-01-2000 & 04-02-2000 to be moved to directory ‘Year 1Month 0’Pics from between 05-02-2000 & 04-03-2000 to be moved to directory ‘Year 1Month 1’Pics from between 05-03-2000 & 04-04-2000 to be moved to directory ‘Year 1Month 2’Pics from between 05-04-2000 & 04-05-2000 to be moved to directory ‘Year 1Month 3’From searching i have found the following script CmdletBinding(SupportsShouldProcess=$true)]
param (
[Parameter(Mandatory=$true)][string]$SourceDirectory,
[Parameter(Mandatory=$true)][string]$DestinationDirectory,
[Parameter(Mandatory=$true)][string]$ModifiedAfter,
[Parameter(Mandatory=$true)][string]$ModifiedBefore
)
Get-ChildItem -Path $SourceDirectory |
Where-Object {
$_.LastWriteTime `
-gt (Get-Date $ModifiedAfter) `
-and $_.LastWriteTime -lt (Get-Date $ModifiedBefore) } |
ForEach-Object { $_ | Copy-Item -Destination $DestinationDirectory } You then run it with .Copy-Files-Modified-Between-Dates `
-SourceDirectory C:Tempall `
-DestinationDirectory C:Tempsubset `
-ModifiedAfter ‘2000-01-05 18:00’ `
-ModifiedBefore ‘2000-02-04’ My question is how can this be made to increment onto the next month automatically or to reference a file for info maybe a csv or text file to sayPics from between 05-04-2010 & 04-05-2010 to be moved to directory ‘Year 10Month 3’ Read More
Announcing Windows Server Preview Build 26227
Announcing Windows Server Preview Build 26227
Hello Windows Server Insiders!
Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition (for VM evaluation only). Branding has been updated for the upcoming release, Windows Server 2025, in this preview – when reporting issues please refer to Windows Server 2025 preview. If you signed up for Server Flighting, you should receive this new build automatically.
What’s New
[NEW] Delegated Managed Service Accounts (dMSA)
A new account type known as delegated Managed Service Account (dMSA) is now available that allows migration from a traditional service account to a machine account with managed and fully randomized keys, while disabling original service account passwords.
Authentication for dMSA is linked to the device identity, which means that only specified machine identities mapped in AD can access the account. Using dMSA helps to prevent harvesting credentials using a compromised account (kerberoasting), which is a common issue with traditional service accounts.
To learn more about dMSA, visit https://learn.microsoft.com/en-us/windows-server/security/delegated-managed-service-accounts/delegated-managed-service-accounts-overview.
More Server Message Block (SMB) protocol changes.
Starting with Build 26097 and higher, we are introducing the following Server Message Block (SMB) protocol changes for QUIC, signing, and encryption:
SMB over QUIC client and server disable: Administrators can now disable the SMB over QUIC client and SMB over QUIC server options with Group Policy and PowerShell.
SMB over QUIC client and server connection auditing: Successful SMB over QUIC client and SMB over QUIC server connection events are now written to the event log to include the QUIC transport.
SMB signing and encryption auditing: Administrators can now enable auditing of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn’t support SMB encryption or signing. You can configure these settings with PowerShell and Group Policy.
For details on configuring these new settings, review https://aka.ms/SMB74MDNP.
For more information on SMB over QUIC in Windows and Windows Server Insider Preview builds, review https://aka.ms/SMBoverQUICServer and https://aka.ms/SmbOverQuicCAC.
For more information on SMB signing and encryption in Windows and Windows Server Insider Preview builds, review https://aka.ms/SmbSigningRequired and https://aka.ms/SmbClientEncrypt.
Windows Server Flighting is here!!
If you signed up for Server Flighting, you should receive this new build automatically later today.
For more information, see Welcome to Windows Insider flighting on Windows Server – Microsoft Community Hub
The new Feedback Hub app is now available for Server Desktop users!
The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab.
Known Issues
[NEW] Secure-boot Gen2 VMs created using ISO media may not boot: Some users may encounter boot issues when creating secure-boot Gen 2 VMs. Disabling secure-boot allows the Gen2 VM to boot successfully. This will be addressed in a future release.
Upgrade does not complete: Some users may experience an issue when upgrading where the download process does not progress beyond 0%. If you encounter this issue, please upgrade to this newer build using the ISO media download option. Download Windows Server Insider Preview (microsoft.com)
Access denied error when using Diskpart –> Clean Image on Winpe.vhdx VMs created using WinPE: Create bootable media | Microsoft Learn. We are working to resolve this issue and expect to have it fixed in the next preview release.
Download Windows Server Insider Preview (microsoft.com)
Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release.
Setup: Some users may experience overlapping rectangle voids following mouse clicks during “OOBE” setup. This is a graphics rendering issue and will not prevent setup from completing. This issue will be addressed in a future release.
WinPE – Powershell Scripts: Applying the WinPE-Powershell optional component does not properly install Powershell in WinPE. As a result, Powershell cmdlets will fail. Customers who are dependent on Powershell in WinPE should not use this build.
If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build.
This build has an issue where archiving eventlogs with “wevetutil al” command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing “Start-Service EventLog” from an administrative command line prompt.
If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build.
Available Downloads
Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia – Microsoft On the Issues
Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only.
Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only.
Microsoft Server Languages and Optional Features Preview
Keys: Keys are valid for preview builds only
Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH
Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Azure Edition does not accept a key
Symbols: available on the public symbol server – see Using the Microsoft Symbol Server.
Expiration: This Windows Server Preview will expire September 15, 2024.
How to Download
Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal.
We value your feedback!
The most important part of the release cycle is to hear what’s working and what needs to be improved, so your feedback is extremely valued. Beginning with Insider build 26063, please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version:
[Server #####] Title of my feedback
See Give Feedback on Windows Server via Feedback Hub for specifics. The Windows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business.
Diagnostic and Usage Information
Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product.
Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement.
Terms of Use
This is pre-release software – it is provided for use “as-is” and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use.
Announcing Windows Server Preview Build 26227
Hello Windows Server Insiders!
Today we are pleased to release a new build of the next Windows Server Long-Term Servicing Channel (LTSC) Preview that contains both the Desktop Experience and Server Core installation options for Datacenter and Standard editions, Annual Channel for Container Host and Azure Edition (for VM evaluation only). Branding has been updated for the upcoming release, Windows Server 2025, in this preview – when reporting issues please refer to Windows Server 2025 preview. If you signed up for Server Flighting, you should receive this new build automatically.
What’s New
[NEW] Delegated Managed Service Accounts (dMSA)
A new account type known as delegated Managed Service Account (dMSA) is now available that allows migration from a traditional service account to a machine account with managed and fully randomized keys, while disabling original service account passwords.
Authentication for dMSA is linked to the device identity, which means that only specified machine identities mapped in AD can access the account. Using dMSA helps to prevent harvesting credentials using a compromised account (kerberoasting), which is a common issue with traditional service accounts.
To learn more about dMSA, visit https://learn.microsoft.com/en-us/windows-server/security/delegated-managed-service-accounts/delegated-managed-service-accounts-overview.
More Server Message Block (SMB) protocol changes.
Starting with Build 26097 and higher, we are introducing the following Server Message Block (SMB) protocol changes for QUIC, signing, and encryption:
SMB over QUIC client and server disable: Administrators can now disable the SMB over QUIC client and SMB over QUIC server options with Group Policy and PowerShell.
SMB over QUIC client and server connection auditing: Successful SMB over QUIC client and SMB over QUIC server connection events are now written to the event log to include the QUIC transport.
SMB signing and encryption auditing: Administrators can now enable auditing of the SMB server and client for support of SMB signing and encryption. This shows if a third-party client or server doesn’t support SMB encryption or signing. You can configure these settings with PowerShell and Group Policy.
For details on configuring these new settings, review https://aka.ms/SMB74MDNP.
For more information on SMB over QUIC in Windows and Windows Server Insider Preview builds, review https://aka.ms/SMBoverQUICServer and https://aka.ms/SmbOverQuicCAC.
For more information on SMB signing and encryption in Windows and Windows Server Insider Preview builds, review https://aka.ms/SmbSigningRequired and https://aka.ms/SmbClientEncrypt.
Windows Server Flighting is here!!
If you signed up for Server Flighting, you should receive this new build automatically later today.
For more information, see Welcome to Windows Insider flighting on Windows Server – Microsoft Community Hub
The new Feedback Hub app is now available for Server Desktop users!
The app should automatically update with the latest version, but if it does not, simply Check for updates in the app’s settings tab.
Known Issues
[NEW] Secure-boot Gen2 VMs created using ISO media may not boot: Some users may encounter boot issues when creating secure-boot Gen 2 VMs. Disabling secure-boot allows the Gen2 VM to boot successfully. This will be addressed in a future release.
Upgrade does not complete: Some users may experience an issue when upgrading where the download process does not progress beyond 0%. If you encounter this issue, please upgrade to this newer build using the ISO media download option. Download Windows Server Insider Preview (microsoft.com)
Access denied error when using Diskpart –> Clean Image on Winpe.vhdx VMs created using WinPE: Create bootable media | Microsoft Learn. We are working to resolve this issue and expect to have it fixed in the next preview release.
Download Windows Server Insider Preview (microsoft.com)
Flighting: The label for this flight may incorrectly reference Windows 11. However, when selected, the package installed is the Windows Server update. Please ignore the label and proceed with installing your flight. This issue will be addressed in a future release.
Setup: Some users may experience overlapping rectangle voids following mouse clicks during “OOBE” setup. This is a graphics rendering issue and will not prevent setup from completing. This issue will be addressed in a future release.
WinPE – Powershell Scripts: Applying the WinPE-Powershell optional component does not properly install Powershell in WinPE. As a result, Powershell cmdlets will fail. Customers who are dependent on Powershell in WinPE should not use this build.
If you are validating upgrades from Windows Server 2019 or 2022, we do not recommend that you use this build as intermittent upgrade failures have been identified for this build.
This build has an issue where archiving eventlogs with “wevetutil al” command causes the Windows Event Log service to crash, and the archive operation to fail. The service must be restarted by executing “Start-Service EventLog” from an administrative command line prompt.
If you have Secure Launch/DRTM code path enabled, we do not recommend that you install this build.
Available Downloads
Downloads to certain countries may not be available. See Microsoft suspends new sales in Russia – Microsoft On the Issues
Windows Server Long-Term Servicing Channel Preview in ISO format in 18 languages, and in VHDX format in English only.
Windows Server Datacenter Azure Edition Preview in ISO and VHDX format, English only.
Microsoft Server Languages and Optional Features Preview
Keys: Keys are valid for preview builds only
Server Standard: MFY9F-XBN2F-TYFMP-CCV49-RMYVH
Datacenter: 2KNJJ-33Y9H-2GXGX-KMQWH-G6H67
Azure Edition does not accept a key
Symbols: available on the public symbol server – see Using the Microsoft Symbol Server.
Expiration: This Windows Server Preview will expire September 15, 2024.
How to Download
Registered Insiders may navigate directly to the Windows Server Insider Preview download page. If you have not yet registered as an Insider, see GETTING STARTED WITH SERVER on the Windows Insiders for Business portal.
We value your feedback!
The most important part of the release cycle is to hear what’s working and what needs to be improved, so your feedback is extremely valued. Beginning with Insider build 26063, please use the new Feedback Hub app for Windows Server if you are running a Desktop version of Server. If you are using a Core edition, or if you are unable to use the Feedback Hub app, you can use your registered Windows 10 or Windows 11 Insider device and use the Feedback Hub application. In the app, choose the Windows Server category and then the appropriate subcategory for your feedback. In the title of the Feedback, please indicate the build number you are providing feedback on as shown below to ensure that your issue is attributed to the right version:
[Server #####] Title of my feedback
See Give Feedback on Windows Server via Feedback Hub for specifics. The Windows Server Insiders space on the Microsoft Tech Communities supports preview builds of the next version of Windows Server. Use the forum to collaborate, share and learn from experts. For versions that have been released to general availability in market, try the Windows Server for IT Pro forum or contact Support for Business.
Diagnostic and Usage Information
Microsoft collects this information over the internet to help keep Windows secure and up to date, troubleshoot problems, and make product improvements. Microsoft server operating systems can be configured to turn diagnostic data off, send Required diagnostic data, or send Optional diagnostic data. During previews, Microsoft asks that you change the default setting to Optional to provide the best automatic feedback and help us improve the final product.
Administrators can change the level of information collection through Settings. For details, see http://aka.ms/winserverdata. Also see the Microsoft Privacy Statement.
Terms of Use
This is pre-release software – it is provided for use “as-is” and is not supported in production environments. Users are responsible for installing any updates that may be made available from Windows Update. All pre-release software made available to you via the Windows Server Insider program is governed by the Insider Terms of Use. Read More
Demystifying Microsoft Entra ID, Tenants and Azure Subscriptions
Introduction
As a startup or an new customer exploring Microsoft Azure, you may find the terminology around identity and access management a bit perplexing. Terms like Tenant, Subscription, and Microsoft Entra ID, are crucial to understanding how to effectively manage and secure your Azure environment. This blog post aims to demystify these concepts and provide a clear, concise understanding of how they interrelate.
What is Microsoft Entra ID (Former Azure Active Directory)?
Microsoft Entra ID is the new name for Azure Active Directory (AAD), Microsoft’s cloud-based identity and access management service. It plays a crucial role in managing user, group, and application access to Azure services. Here’s a breakdown:
Identity Management: Entra ID handles both authentication (verifying identity) and authorization (granting access) for Azure resources.
Cloud-Based: Unlike traditional Active Directory, which is designed for on-premises environments, Entra ID operates entirely in the cloud, making it ideal for modern, cloud-first organizations.
Key Features:
User and Group Management: You can create users and groups within your Entra ID tenant. These identities can be synchronized with your existing on-premises Active Directory using Entra Connect.
Single Sign-On (SSO): Provides a seamless sign-on experience across multiple applications and services.
What is an Azure Tenant?
An Azure Tenant represents a dedicated instance of Microsoft Entra ID for your organization. It is essentially your organization’s space in the Azure cloud where you manage your identities and access.
Key Points:
Created Automatically: When you sign up for Azure or any Microsoft cloud service, a tenant is automatically created.
Domain Representation: By default, your tenant will have a domain like yourcompany.onmicrosoft.com, which can be customized to use your own domain. (You can also add and replace your on.microsoft.com fallback domain)
What is an Azure Subscription?
An Azure Subscription is a logical container used to provision and manage Azure resources. It is closely tied to billing and acts as a boundary for resource management and deployment.
Key Characteristics:
Resource Management: All Azure resources (e.g., virtual machines, databases) are associated with a subscription.
Billing: Each subscription has its own billing cycle and payment terms, allowing you to manage costs effectively.
Scalability: Best practice is to have separate subscriptions for production and non-production environments to manage permissions and scalability efficiently.
Relation to Tenant:
A single Azure tenant can manage multiple subscriptions, but each subscription is associated with only one tenant.
How They Work Together
Automatic Creation of Emtra ID Tenant:
When you create an Azure subscription, an Entra ID tenant is automatically provisioned. This tenant manages identities and access within your subscription.
Authentication and Authorization:
Azure subscriptions rely on Entra ID to authenticate and authorize users, services, and devices, ensuring that only authenticated identities can access Azure resources.
Role-Based Access Control (RBAC):
Azure Roles: Used for managing access to Azure resources within a subscription. Examples include Owner, Contributor, and Reader. Custom roles can also be created for more granular control. See here some best practices for Azure RBAC
Entra Roles (Former AAD Roles): Specific to managing Entra ID resources, such as Global Administrator and User Administrator. See here how Entra Roles and Azure Roles are related.
Multi-Subscription Management:
A single Entra ID tenant can manage multiple subscriptions, enabling the same set of users and groups to access different environments. However, each subscription is associated with only one tenant.
Practical Tips for Startups
Benefit from the Azure setup Guide:
Before you start building and deploying solutions by using Azure services, you need to prepare your environment. In this guide, we introduce features that help you organize resources, control costs, and secure and manage your organization. You can access it directly from the Azure Portal too.
Start with a Clear Structure:
Separate Subscriptions: Use separate subscriptions for production and non-production environments to ensure better management and segregation of resources.
Define Roles: Clearly define and assign Azure Roles and Entra ID Roles to manage permissions effectively.
Synchronize Identities:
If you have an existing on-premises AD, use Entra Connect to synchronize identities with Entra ID, ensuring seamless access management.
Plan for Scalability:
Design your subscription architecture to accommodate growth. Consider factors like billing, resource limits, and administrative boundaries.
Use Enterprise Scale Landing Zones:
Implement recommended modular design to ensure your Azure environment can scale efficiently with your business needs.
Follow the links below if you are familiar with AWS and would like to understand how to map AWS concepts to Azure:
Azure and AWS accounts and subscriptions
Mapping AWS IAM concepts to similar ones in Azure
Azure for AWS professionals
Conclusion
Understanding Microsoft Entra ID, Azure Subscriptions, and Tenants is essential for effective Azure governance. These concepts form the backbone of identity and access management in Azure, ensuring secure, scalable, and efficient management of your cloud resources. As your startup grows, mastering these basics will help you optimize your Azure environment, supporting your journey towards innovation and success.
For more detailed information, always refer to the latest Microsoft Azure documentation and best practices.
Microsoft Tech Community – Latest Blogs –Read More
Azure SQL DB standby replica is now generally available | Data Exposed
Learn more about enabling disaster recovery for Azure SQL Database at a lower cost using standby replica which does not incur license costs. Standby replica is Generally Available (GA).
Resources:
Configure a license-free standby replica (preview) for Azure SQL Database
General Availability of license-free standby replica for Azure SQL database
Azure SQL DB license-free standby replica
Azure SQL DB High Availability & Disaster Recovery overview
View/share our latest episodes on Microsoft Learn and YouTube!
Microsoft Tech Community – Latest Blogs –Read More
Windows news you can use: May 2024
With so much going on this month, let’s get you caught up on how Windows 11 management and security improved. We’ll jump into what you need to know as an IT admin or decision maker to get ahead of your competition. In line with our Microsoft Secure Future Initiative,[1] the latest features, capabilities, services, and tools prioritize security above all else. And remember, keeping your Windows environment updated helps you keep it protected.
New in Windows security
[INTUNE] Automatically check for Windows device health with device enrollment attestation in Microsoft Intune (now in preview). Help ensure that device enrollment certificates are bound to the enrolled device and can’t be copied to any other device.
[PASSKEYS] Take your next steps toward passwordless authentication with Public preview: Expanding passkey support in Microsoft Entra ID. A passkey is a strong, phishing-resistant authentication method that your organization can use to sign in to any internet resource that supports the W3C WebAuthN standard. Start here to enable passkeys in Microsoft Authenticator for Microsoft Entra ID (preview).
[DNS] With Zero Trust DNS (ZTDNS) in private preview, you’ll soon be able to natively restrict Windows devices to connect only to approved network destinations by domain name. It will block the local network peer-to-peer sharing of Windows updates, so consider using Microsoft Connected Cache (in preview) or Windows Server Update Services (WSUS) to reduce Windows Update traffic volume. You can easily activate, deactivate, and manage ZTDNS through mobile device management (MDM). See Deployment Considerations for Windows ZTDNS Client to learn how to prepare for this new level of security across related functions of printing, file sharing, teleconferencing, and more.
[DEVELOPER] If you develop apps and services for Windows, catch up on the latest from Microsoft Build with The Latest in Windows Security for Developers and Unleash Windows App Security & Reputation with Trusted Signing. Additionally, make sure your skills are up to date with our Windows security for developers skilling snack.
Looking for a recap of the latest and upcoming Windows 11 security features? Check out New Windows 11 features strengthen security to address evolving cyberthreat landscape.
New in device management
[WINDOWS 11] Try the updated Windows 11 setup guide. Access it from the Microsoft 365 admin center or from our online Windows setup guides repository.
[INTUNE] This month, you can use Microsoft Intune to allow people at your organization to check for and install the latest Windows 11 feature updates as optional updates. See how in More flexible Windows feature updates.
[AUTOPILOT] Set Windows Autopilot device preparation policies to simplify device enrollment and deployment. In the Microsoft Intune admin center, go to Devices > Enrollment > Device preparation policies. Learn how to add devices to groups, assign policies and scripts, improve reporting, and more in Windows deployment with the next generation of Windows Autopilot.
[AZURE WORKBOOKS] Troubleshoot your Windows Update for Business reports with a new DeviceDiagnosticDataNotReceived alert to identify any devices that might appear missing upon enrollment. Start in portal.azure.com and navigate to Monitor > Workbooks > Insights. Open the Windows Update for Business workbook > Overview > Total devices > View details > Missing devices. Find further guidance in Missing devices in Windows Update for Business reports.
[AUTOPATCH] Starting May 27, check out new features available in Windows Autopatch. Set your service level objectives to keep at least 95% of your devices up to date. If needed, import Microsoft Intune update rings for Windows 10 and later updates into Windows Autopatch. Finally, notice more timely and accurate reporting with the faster refresh time of just 30 minutes and service synchronization every 1 hour.
[AUTOPATCH] Get a list of all Windows Autopatch policy conflicts along with affected devices and follow recommended actions. From Microsoft Intune admin center, go to Devices > Policy health (preview).
[AUTOPATCH] Try the new post-update reliability report. Go to the Microsoft Intune admin center and navigate to Reports > Windows Autopatch > Windows quality updates. Select the Reports tab and then the Reliability report.
[INTUNE] Check out a new Windows update distribution report for devices managed (or co-managed) by Microsoft Intune. Access this feature from the Intune admin center. Navigate to Reports > Windows Updates > Reports tab > Windows Update Distribution Report.
[BYOD] If you allow people at your organization to manage their own PCs, tell them about these enhancements, which require authentication of their Microsoft account. Authenticated users within your organization can now manage their Windows 11 Pro PCs from a new location: Settings > Accounts > Linked devices. Additionally, there’s a new account manager available from the Start menu. Employees can easily manage their account settings and explore account benefits right there. Furthermore, two new actions are available from Windows account settings: add a recovery email address and back up sound preferences. Authenticated users can also take advantage of the Windows Backup app. Keep an eye out for these features as they gradually roll out, starting with the May 2024 non-security preview update.
New in Copilot
[COPILOT IN WINDOWS] Get ready to manage Copilot as a standalone application. As this change rolls out, you’ll be able to manage the Copilot app using the same familiar tools that you use to manage modern apps more broadly in your organization, such as Microsoft Intune. We intend to remove the current policies that manage Copilot in Windows (in preview) in the coming months. Learn about the details of this transition in Evolving Copilot in Windows for your workforce.
[COPILOT+ PCs] Plan to refresh your organizational devices with new Copilot+ PCs. These new Windows 11 devices have the most advanced security features. Additionally, Copilot+ PCs include a new physical key that invokes Copilot along with many AI features out of the box.
[RECALL] A new Windows 11 productivity feature, Recall, is included in Copilot+ PCs. Users can search through the snapshot history of their computing sessions, securely saved on their local drive, in two ways. These include an explorable timeline and a semantic search box. Just check that devices in your organization have 256 GB or more of total drive space and at least 50 GB free to use Recall. Learn how to Manage Recall for Windows clients to enable or disable Recall via MDM, policies, or Windows Settings > Privacy & Security > Recall & Snapshots. Then help other people at your organization configure Privacy and control over your Recall experience.
New in Windows Server
[SERVER 2025] Download and Preview Windows Server 2025, including VSS developer and IT communities, from the Microsoft Evaluation Center. Try and validate the Desktop Experience and Server Core installation options for Datacenter and Standard editions. If you hold Visual Studio Subscriptions, access the Windows Server 2025 preview software through Subscriber Downloads. Learn more about the features coming in Windows Server 2025.
[AZURE] If you’re a Windows Server Insider, you can now preview Windows Server 2025 Datacenter: Azure Edition.
[HOTPATCH] If you use Azure for Windows Server and have installed the April baseline, apply the May 14, 2024 hotpatch without restarting devices. Consult Release notes for Hotpatch in Azure Automanage for Windows Server 2022.
New in productivity and collaboration
[WINDOWS 11] Get ready for the upcoming annual feature update by trying Windows 11, version 24H2 in the Release Preview Channel of the Windows Insider Program. If you’re on this channel, download this feature update from Settings > Windows Update. You can also let some of the people at your organization validate this update using Windows Update for Business and Windows Server Update Services.
[FILE EXPLORER] To manage your files faster, just drag and drop them onto any of the breadcrumbs of the File Explorer address bar. Try it out in the May 2024 non-security preview update before it rolls out for your users with the June 2024 security update[2]. And if you’re on the Windows Insider Program’s Beta Channel, duplicate any tab by right clicking on it and check out new file compression and decompression options.
[SHARING] If you’re a Windows Insider in the Canary Channel or have installed the May 2024 non-security preview update, check out two new capabilities for sharing in Windows. Use it to quickly share files, URLs, and email yourself across devices and apps within your Microsoft account. Just ensure that you’re signed in to your organization’s Microsoft Entra ID[2]. To share URLs and cloud files as QR codes, select the share button in the Microsoft Edge toolbar and choose “Windows share options.” For Windows Insiders in the Beta Channel, you can now copy files from the Windows Share window.
Remember, you’re not just keeping your organization protected; you’re shaping its future. Catch you at the next “Windows news you can use” installment—stay curious!
Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X/Twitter. Looking for support? Visit Windows on Microsoft Q&A.
[1] Learn more about the Microsoft Secure Future Initiative.
[2] This feature might not be available to all users because it will roll out gradually.
Microsoft Tech Community – Latest Blogs –Read More
Teams Rooms Pro Management Portal for GCC
I’m seeing conflicting documentation about Teams Rooms Pro Management Portal access for GCC.
This page says it is available: Teams Rooms and Devices feature comparison – Microsoft Teams | Microsoft Learn
But this page says it isn’t available: Microsoft Teams Rooms Pro Management Portal – Microsoft Teams | Microsoft Learn
Can someone let me know which is accurate?
I’m seeing conflicting documentation about Teams Rooms Pro Management Portal access for GCC.This page says it is available: Teams Rooms and Devices feature comparison – Microsoft Teams | Microsoft Learn But this page says it isn’t available: Microsoft Teams Rooms Pro Management Portal – Microsoft Teams | Microsoft LearnCan someone let me know which is accurate? Read More
changing default location for .ost data file
Hello there,
I’m running Outlook from Office Pro 2019
I use Dropbox as a continuous cloud backup for all work files. Anything inside my DropBox folder is auto-synced to the cloud.
Outlook is using IMAP to connect my web host provider/email server.
I want to relocate the .ost data file from the default location over to my DropBox folder so its always being backed up. I use Outlook and DropBox across 3 different computers and want all email data to be synchronized across all 3 computers. I do not want to rely solely on the email IMAP server at my web host co. to maintain a backup of 11 years worth of emails. By the way I am successfully storing Archived email in an archive file in a DropBox folder.
Sidebar, I created a new data file in Outlook but it ends up being a .pst and not .ost and apparently with IMAP all data files are supposed be .ost so that also confused me.
Anyway, if anyone has any advice, I’d truly appreciate it.
Hello there,I’m running Outlook from Office Pro 2019I use Dropbox as a continuous cloud backup for all work files. Anything inside my DropBox folder is auto-synced to the cloud. Outlook is using IMAP to connect my web host provider/email server.I want to relocate the .ost data file from the default location over to my DropBox folder so its always being backed up. I use Outlook and DropBox across 3 different computers and want all email data to be synchronized across all 3 computers. I do not want to rely solely on the email IMAP server at my web host co. to maintain a backup of 11 years worth of emails. By the way I am successfully storing Archived email in an archive file in a DropBox folder. Sidebar, I created a new data file in Outlook but it ends up being a .pst and not .ost and apparently with IMAP all data files are supposed be .ost so that also confused me. Anyway, if anyone has any advice, I’d truly appreciate it. Read More
Audio from videos containing Dolby Audio cannot be played within Movies & TV APP.
Audio from videos containing Dolby Audio cannot be played within Movies & TV APP.
My Dolby Access is purchased and activated, and there are no issues with the sound card driver.
My system is running on Windows 10 LTSC edition, and while both Dolby Vision and Dolby Atmos are activated within Dolby Access, I find that Windows Movies & TV fails to decode all Dolby formats including Dolby Atmos audio tracks, resulting in no sound output, even though the color reproduction of Dolby Vision is accurate. Strangely, within the same Movies & TV application, DTS-HD and DTS:X audio tracks play without any issues.
Even more puzzling, the open-source VLC player is capable of properly activating and utilizing Dolby Atmos audio tracks and displaying compatibility with Dolby Atmos for Headphones.
What should I do?
Audio from videos containing Dolby Audio cannot be played within Movies & TV APP.My Dolby Access is purchased and activated, and there are no issues with the sound card driver.My system is running on Windows 10 LTSC edition, and while both Dolby Vision and Dolby Atmos are activated within Dolby Access, I find that Windows Movies & TV fails to decode all Dolby formats including Dolby Atmos audio tracks, resulting in no sound output, even though the color reproduction of Dolby Vision is accurate. Strangely, within the same Movies & TV application, DTS-HD and DTS:X audio tracks play without any issues.Even more puzzling, the open-source VLC player is capable of properly activating and utilizing Dolby Atmos audio tracks and displaying compatibility with Dolby Atmos for Headphones.What should I do? Read More
Labs Update 5/30
Hello TSPs,
As you are likely aware, Worldwide Learning continues to experience impacts to training labs as work progresses on Microsoft’s Secure Future Initiative. These updates are important to ensure that Microsoft continues to be a market leader in protecting both partner and customer data. We know how critical these labs are for your success and we appreciate your patience and understanding as we work to navigate the challenges of the evolving security threat landscape.
As of this week, all M365 tenant types are available for classes. Please note that increased security measures require a longer lead time to provision tenants. Depending on the course and quantity of tenants, Authorized Lab Hosters (ALHs) may not be able to immediately meet partner demand. We are working on resolving the issue and hope to have everything normalized within a week. Please keep collaborating with your ALH to prepare for future classes.
D365 tenants remain offline due to the continued security work. Our team continues to make progress on resolving the D365 issue but there is no current ETA for D365 tenant availability. This work impacts the following courses:
MB-210T01: Microsoft Dynamics 365 Sales
MB-230T01: Microsoft Dynamics 365 Customer Service
MB-240T00: Microsoft Dynamics 365 Field Service
MB-910T00: Microsoft Dynamics 365 Fundamentals (CRM)
We sincerely apologize for any inconvenience or disruption these issues may cause to your business and your customers. We value your partnership and support, and we are doing our best to mitigate the impact and provide you with the best possible lab experiences for your learners. We will continue to keep you updated on the progress and the resolution of these issues here in the Forum and on the monthly partner Community Calls.
Dan
Hello TSPs,
As you are likely aware, Worldwide Learning continues to experience impacts to training labs as work progresses on Microsoft’s Secure Future Initiative. These updates are important to ensure that Microsoft continues to be a market leader in protecting both partner and customer data. We know how critical these labs are for your success and we appreciate your patience and understanding as we work to navigate the challenges of the evolving security threat landscape.
As of this week, all M365 tenant types are available for classes. Please note that increased security measures require a longer lead time to provision tenants. Depending on the course and quantity of tenants, Authorized Lab Hosters (ALHs) may not be able to immediately meet partner demand. We are working on resolving the issue and hope to have everything normalized within a week. Please keep collaborating with your ALH to prepare for future classes.
D365 tenants remain offline due to the continued security work. Our team continues to make progress on resolving the D365 issue but there is no current ETA for D365 tenant availability. This work impacts the following courses:
MB-210T01: Microsoft Dynamics 365 Sales
MB-230T01: Microsoft Dynamics 365 Customer Service
MB-240T00: Microsoft Dynamics 365 Field Service
MB-910T00: Microsoft Dynamics 365 Fundamentals (CRM)
We sincerely apologize for any inconvenience or disruption these issues may cause to your business and your customers. We value your partnership and support, and we are doing our best to mitigate the impact and provide you with the best possible lab experiences for your learners. We will continue to keep you updated on the progress and the resolution of these issues here in the Forum and on the monthly partner Community Calls.
Dan Read More
Customer Name not showing up in Title of Invite
We have separate booking pages for each type of meeting (we don’t want the client to have to choose the type of meeting). When a client books the meeting, their name does not show up on the title or in the body of the calendar meeting, so we don’t know who we’re meeting with. What am I doing wrong and how can I fix it to show the client name in the title of the calendar invite?
We have separate booking pages for each type of meeting (we don’t want the client to have to choose the type of meeting). When a client books the meeting, their name does not show up on the title or in the body of the calendar meeting, so we don’t know who we’re meeting with. What am I doing wrong and how can I fix it to show the client name in the title of the calendar invite? Read More
Able to chat with some guest accounts and not others
We have two guest accounts, both people from the same external organization. Lets call them Jane Doe and John Smith from contoso.com. If I open a new chat and type Jane Doe, Teams finds her guest account and offers Jane Doe (Guest) as the match for the name, and all works fine. If I type John Smith, it does not find him. If I enter John Smith’s email address johns(at)contoso.com it is able to open a chat, but lists him as John Smith (External) and of course the options for the chat are restricted (can’t add a new tab for example). I do not see any settings differences between the two accounts, both guest accounts were created by the invitation method. The biggest difference is that Jane’s account is about 4 yrs old, where John’s is only 1 week old.
We have two guest accounts, both people from the same external organization. Lets call them Jane Doe and John Smith from contoso.com. If I open a new chat and type Jane Doe, Teams finds her guest account and offers Jane Doe (Guest) as the match for the name, and all works fine. If I type John Smith, it does not find him. If I enter John Smith’s email address johns(at)contoso.com it is able to open a chat, but lists him as John Smith (External) and of course the options for the chat are restricted (can’t add a new tab for example). I do not see any settings differences between the two accounts, both guest accounts were created by the invitation method. The biggest difference is that Jane’s account is about 4 yrs old, where John’s is only 1 week old. Read More
Addressing common Entra Id protection deployment and maintenance issues
Entra ID tenants face threats from bad actors who use password spray attacks, multifactor spamming, and social phishing campaigns. Many organizations do not prioritize protecting Entra ID because they worry about affecting their end users. One straightforward way to protect Entra ID is to use risk based conditional access policies that combine conditional access policies with the risk signals from Entra ID Protection. In this blog, I will discuss some of the mistakes that we see organizations make that cause delays in the deployment and leave their tenants insecure. This blog will answer questions about Entra ID tenants using third party identity providers to authenticate, reducing false positives, minimizing user impact, and migrating from the old identity protection policies.
First let us make sure a couple of things are understood.
Entra ID protection does have a license requirement.
A risk based conditional access policy is a conditional access policy that leverages the user or sign-in risk condition.
When using a block for either a user risk or sign-in risk, it may require monitoring and manual remediation to be performed by at least a security operator.
Changing password grant control will only remediate user risk and requires the user to be registered for self-service password reset or they will be blocked.
When using cloud authentication using Azure multifactor authentication (MFA), a sign-in risk can be remediated by a multi-factor authentication, and it requires the user to be registered for MFA or they will be blocked.
If only the required multi-factor is used with a user risk policy the user will be bombarded with MFA prompts resulting in poor user experience.
Combining a user risk and sign-in risk in the same policy means both must be met before the policy applies. (remember an MFA prompt does not remediate the user risk)
The workbook being referenced in this blog is designed to help show potential impact and help troubleshoot the deployment or usage of risk based conditional access policies. It requires the Entra Id signinlogs to be sent to Azure Monitor. To learn more: Impact Analysis Risk-Based Access Policies
Issue 1: Implemented sign-in risk policies before reducing the false positives.
One way to lower the number of false positives is to label all the IP addresses of the organization’s network egress as trusted. For assistance, administrators can go to the Entra ID’s workbooks section and find a workbook called “Impact Analysis Risk-Based Access Policies”. Open that workbook and go to the “IP addresses not listed as trusted network” section. There you can see a list of IP addresses from the existing sign-in logs where multiple users from the organization have logged in. Use the autonomous system number (ASN) to check who owns the IP ranges, decide if they are reliable and create a named location with the mark as a trusted location option.
How to create a named location
From the workbook, this shows all the Ip addresses that have sign-ins by multiple users.
Some of the IP addresses in this list may belong to third party proxy solutions. If they cannot provide a source anchor IP address, they should be defined as a trusted named location. Organizations that require MFA from untrusted IP addresses should consider a separate conditional access policy that requires MFA for that new trusted named location. Defining trusted networks is not something you do once, changes to the networks seem to occur to organizations frequently. Make sure to regularly review the report and set up new trusted networks.
Issue 2: Implemented user risk policies prior to remediating the last several years of low, medium, and high user risk.
I once spoke to an organization that had over 3,000 high-risk users. Think about how bad the user experience would have been if they had to change their passwords when they applied the policy. Since the day this feature was available to the tenant, Identity protection has been marking a user it determines is risky with low, medium, or high risk level. The only way to clear the risk for a user is either an administrator manually dismissing it or the user changing or resetting their password in Entra ID. This means that when a user risk policy is turned on, many users may immediately trigger the new risk based conditional access policy and have a bad user experience. And if too many users have an unpleasant experience, it usually looks like an outage and the policy is often reversed.
There are a few things that have been added to help clean this up:
Starting March 31st all low user risks older than 6 months will start to age out. Plan for change – Microsoft Entra ID Identity protection: “Low” risk age out
Organization syncing password hashes, can now leverage the new Allow on-premises password change to reset user risk feature.
And a script has been published to clean out all the old user risk. GitHub: IdentityProtectionTools
Issue 3: Make the implementation of the policies too complex.
When I work with organizations, we usually start out with a plan to deploy the two Microsoft recommended policies:
Require all user sign-ins to all cloud apps with medium or high sign-in risk to require multi-factor authentication.
Require all user sign-ins to all cloud apps with high user risk to change password.
If organizations applied these two policies, it would lower the chances of a bad actor successfully accessing the tenant. What I see is that admins get too ambitious and end up with 10+ new risk based conditional access policy scenarios that they either neglect to implement or cannot verify the actual impact and then give up. The advantage of these two scenarios is that the “Impact Analysis Risk-Based Access Policies” workbook uses existing sign-in logs and shows the number of users who signed in successfully that would have been affected if a policy were in place:
User risk scenarios / High risk users not prompted for password change.
Sign-in risk & trusted network scenarios / Medium or high risk sign-ins not remediated using multifactor authentication.
From the Workbook, this shows whether the recommended policies are in place or if possible, gaps could exist.
The plan is to begin with the basic and essential protections. Then add the more complex and tricky situations to assess. Think about tighter block scenarios for Admin portals, members with privileged roles, security information registration and requiring a compliant device when forcing a password change.
Issue 4: Believing their third-party (federated) identity solution is all they need to protect Entra ID.
Some objects in Entra ID are not secured by third party identity providers. These include B2B (business-to-business) guest users, poorly managed shared mailboxes, and stolen tokens used against Entra ID. Many tenants have poor hygiene and limited monitoring that allow bad actors to use cloud accounts that authenticate directly to Entra ID. To protect Entra ID from these unknown attacks, it is better to use risk based conditional access policies in addition to what your third-party solution provides.
When the third-party identity provider (IDP) does multi-factor, the federatedIdpMfaBehavior setting should be set so that Entra ID can send the user back for MFA and the IDP can tell Entra ID that MFA was performed.
More information about federatedIdpMfaBehavior setting.
#AzureAD Identity Protection adds support for federated identities!
The “Impact Analysis Risk-Based Access Policies” workbook will show if sign-in risk is currently being remediated by multifactor authentication coming from a third-party (federated) identity provider which is a fantastic way to know the policy is working.
From the workbook, if accounts are sent back to a federated identity provider to remediate the risk, then these will not be 0:
Issue 5: The tenant is configured to use the legacy identity protection policies.
A change is scheduled for July 2024 that will no longer allow the changing of legacy policies. Microsoft recommends leveraging conditional access policies when applying conditions around risk, making it easier to troubleshoot and to force a sign-in frequency. If your organization is leveraging the old Identity Protection policies, it is easy to migrate over to risk based conditional access policies.
Refer to October 2023 announcement to get information about migrating. What’s new in Microsoft Entra
The April 2024 announcement covers timelines. What’s new in Microsoft Entra
From the workbook, if the legacy policies are enabled these two will not be 0.
Deploying and maintaining Entra ID Protection is crucial for organizations to protect against threats from bad actors. By avoiding common mistakes and following the best practices, organizations can effectively secure their Entra ID tenants. It is important to regularly review and update policies to ensure the continued security of the tenant. Take the first step in securing your organization by implementing risk-based conditional access policies and following the recommendations outlined in this blog.
Thank you.
Chad Cox
Additional References
Workbook: Impact analysis of risk-based access policies
Azure AD Mailbag: Identity protection
Microsoft Tech Community – Latest Blogs –Read More
Using Admin State to Control Your Azure Load Balancer Backend Instances
Today, Azure Load Balancer distributes incoming traffic across healthy backend pool instances. It accomplishes this by using health probes to send periodic requests to the instances and check for valid responses. Results from the health probe then determine which instances can receive new or continued connections and which ones cannot.
You might want to override the health probe behavior for some of the virtual machines in your Load Balancer backend pool. For example, you might want to take an instance out of rotation for maintenance or testing, or you might even want to force an instance to accept new connections even if the health probe marks it as unhealthy. In these cases, you can use our newly introduced Azure Load Balancer feature called administrative state (admin state). With admin state, you can set a value of UP, DOWN, or NONE on each backend pool instance. This value will affect how the load balancer handles new and existing connections to the instance, regardless of the health probe results.
What is Admin State?
Admin State is an Azure Load Balancer feature that lets you set the state of each individual backend pool instance to a value of UP, DOWN, or NONE. This value overrides the health probe behavior for the respective instance and determines how the load balancer treats the instance for being allowed to accept new and existing connections. Below are the definitions of each state and its effect on connections to the backend instance:
Admin State
New Connections
Existing Connections
UP
Load Balancer will disregard the configured health probe’s response and will always consider the backend instance as eligible for new connections.
Load Balancer will disregard the configured health probe’s response and will always allow existing connections to persist to the backend instance.
DOWN
Load Balancer will disregard the configured health probe’s response and will not allow new connections to the backend instance.
Load Balancer will disregard the configured health probe’s response and existing connections will be determined according to the protocol below:
TCP: Established TCP connections to the backend instance persists.
UDP: Existing UDP flows move to another healthy instance in the backend pool.
Note: This is similar to a Probe Down behavior.
NONE (Blank)
Load Balancer will default to the health probe’s response.
Load Balancer will default to the health probe’s response.
Note: Admin state only works when you have a health probe configured on the load balancer rules. Admin state also does not work with inbound NAT rules.
How to use Admin State?
You can use admin state in different ways depending on your scenario and preference. You can set admin state when you:
Create a new backend pool
Add a new instance to a backend pool
Or updating an existing instance in a backend pool
You can also remove the admin state from an existing instance in a backend pool by setting the value to NONE. This can be done via Azure portal, PowerShell, or CLI.
Why use Admin State?
Previously, to take a backend instance (i.e. Virtual Machine) out of rotation, customers were using Network Security Groups (NSGs) to block traffic from Azure Load Balancer’s health probe or the client’s IPs and ports; or closing the ports on the Virtual Machines (VMs) in the load balancer’s backend pool. This process was complex and added management overhead. Now with admin state, customers can just easily set the state value on the backend pool instance; reducing the overhead and complexity needed for usual maintenance, patching, or simply applying fixes.
Let’s see how one of our customers, Contoso, uses admin state with their web servers.
Contoso’s use cases of admin state
Context
One of our customers, Contoso, leverages Azure Load Balancer to distribute traffic to their web servers hosted on Azure VMs. They have a custom configured health probe that checks the availability of the web servers by sending HTTP requests to a specific defined URL and expecting a 200 OK response to allow connections to the servers.
Issue
However, they notice that the health probe sometimes marks a web server as unhealthy because of transient network issues or application errors, even though the web server is still functional (i.e. “healthy”). This prompts their load balancer to stop sending new connections to that web server, which reduces the capacity, availability and performance of their web application.
Solution
To fix this issue, Contoso makes use of the Azure Load Balancer’s admin state feature to force the load balancer to send new connections to the web servers regardless of what the health probe results are. They accomplished this by setting the admin state value of each backend pool instance (i.e. VMs) to UP, which means that the load balancer always considers the web server healthy and eligible for new connections. It also allows existing connections to persist. Now Contoso can avoid losing traffic because of false positives of the health probe and make sure that their web application can handle the expected load.
Maintenance & Testing
Contoso also wanted to do maintenance and testing on their active web servers to ensure their servers are up to date with the latest software. They decide to use the admin state feature to accomplish this without affecting the traffic flow. They set the admin state value of the web server that they wanted to take out of rotation to DOWN, which means that the load balancer does not allow new connections to that web server and terminates existing connections based on the protocol. Thus, they were able to safely update and troubleshoot the web server without impacting the availability and performance of their web application.
Get Started
We are truly excited to bring to you Azure Load Balancer admin state feature in public preview. With this feature, you would be able to override the health probe behavior on your backend pool instance, giving you more control over your load balancer. This is useful for maintenance, testing and even guaranteeing high availability when transient networking issues arise.
To learn more about the admin state feature, visit the following links:
Overview of admin state concepts
How to manage admin state
We hope you can take advantage of this feature and we welcome your feedback. Please feel free to leave a comment below.
Microsoft Tech Community – Latest Blogs –Read More
Exploring Copilot for Security to Automate Incident Triage
When speaking with Copilot for Security customers, automation is often brought up as a topic of exploration. Customers are eager to extend their existing SOAR investments or workflows to include Copilot because they recognize the capabilities this new technology brings and believe it has the potential to further increase productivity.
Today, Copilot for Security offers two ways of performing automations: 1) Promptbooks which are prompts chained together to achieve a specific task and 2) a LogicApp Connector to fuse the power of Copilot for Security directly into your workflows. In this post, we will explore how the LogicApp connector and set of capabilities could be leveraged to triage an incident––a common action taken by nearly every Security Operations Center (SOC).
Note: This post builds on the original release blog of the connector where a phishing email analysis was performed.
(SIEM + SOAR + GAI) = Next-Gen Automation
For this demonstration, I am going to use Microsoft Sentinel (SIEM) which includes access to LogicApps through the Automations and Playbook capabilities, and Copilot for Security. Included in the product are a set of curated Microsoft Promptbooks including one to triage a Sentinel incident. Running this within the standalone experience will give us a rough sense of what to expect and confidence we can emulate it within a LogicApp using our connector.
Figure 1: Copilot for Security Sentinel incident triage promptbook example.
While this workflow does not touch on every aspect of incident triage, it provides a good foundation to operate from. Specifically, this logic will summarize the incident, collect any reputation data for a subset of indicators, identify authentication methods of identities impacted, list devices associated with those identities and their compliance status and write an executive report. I am going to keep the core prompts and extend a few to apply more specifically to Sentinel once within the playbook.
Figure 2: Sentinel automations pane with option to create a playbook based on different triggers.
Within Sentinel, I can create a playbook from an incident trigger in the “Automations” section of the product.
Figure 3: Outline of the Sentinel playbook within the Logic App editor.
Once set up, I can leverage the low-code/no-code editor to input my workflow. I’ve mimicked much of the promptbook using the Copilot for Security connector. Each step contains the prompt I plan to run and any context from the incident. Like the promptbooks, Copilot for Security will create a session for this playbook, so each prompt gets the benefit of the broader session context and is stored within the product for later analysis or reasoning.
Figure 4: Logic App step to classify the incident based on session details.
Each of my prompts help to answer a common question an analyst may pose, but I still need to bring this information back into Sentinel. LogicApps offer a Sentinel connector that can be used to perform actions on our original incident. Here, I get creative in a few ways using generative AI. First, I leverage the session information and have Copilot attempt to classify the incident as “high”, “medium” or “low” based on all the information contained in the responses and force the model to return a label. This is fed into a switch statement which in turn updates the incident status and severity.
Figure 5: Logic App step showing the classification explanation by Copilot for Security.
Next, I have Copilot for Security explain the reasoning behind the classification and output the data as a bullet point list. This output, paired with the session summary is used to create an HTML comment on the incident, giving an analyst a clear explanation of the steps that Copilot performed when triaging the incident and justification for the label.
Figure 6: Logic App step showing the dynamic generation of tags based on session data.
Finally, I have Copilot suggest tags for the incident based again on the session information. These are used to tag the incident, adding a dynamic categorization element.
Figure 7: A Sentinel incident showing the work Copilot for Security performed.
This playbook is configured to run on every incident generated in my workspace automatically. Here’s an example set of outputs where we can see the incident has been automatically classified as “high” severity, marked active, shows signs of a malicious IP and file download and includes the Copilot report as a comment. Naturally, there’s room for improvement on some of the outputs, but this can easily be done through basic prompt tuning.
Augmenting the Security Organization
At the end of last year, I briefly explored how SOAR could benefit from GAI. Notably, I called out natural language as processing instructions, influenced decision making, dynamic content and better human-in-the-loop features. This demonstration of triaging an incident hit on a lot of these categories:
Natural language questions to be answered about the incident, bridging multiple products and data sources.
Natural language responses summarized and “reasoned” over.
Dynamic content created in the form of a classification, tags and summary of the investigation performed.
Influenced decision making by using the model to suggest the severity based on the session content.
Better human-in-the-loop for the fact that this runs on every incident before an analyst needs to be involved.
Functionality like this will augment how security teams run their SOCs, especially as foundation models increase in their accuracy and capabilities. Imagine a world where Copilots are triaging every incident in full then using that information to inform a dynamic prioritization process in real-time. Incidents with clear evidence and decision-making data are automatically actioned and closed whereas ones requiring expert consultation are put into a Teams channel via a series of natural language questions posed by the model and answered by the analyst. In this new SOC, defenders are afforded more time to do more engaging and complex work to protect the organization.
Parting Thoughts
We are living in exciting times in security and IT operations. Generative AI is still rapidly forming and new discoveries are constantly being shared. I strongly encourage every professional and customer I speak with to explore this space, perform experiments and try out new ideas. The Copilot for Security team is constantly looking for new use cases and user feedback. This demonstration of triaging an incident is just one of many workflows we are working on and you should expect a whole lot more!
If you’re interested in replicating this automation or forming your own, check out our getting started documents for Copilot for Security. You can get up and running within minutes and deploy as little as a single Security Computer Unit (SCU). Also be sure to bookmark our Github repository filled with prompt starters, promptbooks and Logic Apps just like this one.
https://learn.microsoft.com/en-us/copilot/security/get-started-security-copilot
https://github.com/Azure/Copilot-For-Security
Microsoft Tech Community – Latest Blogs –Read More
Leading Successful Tech User Groups: Insights from MVPs
Leading a tech user group can be a challenging yet rewarding experience. In this article, we will explore the journey of a user group leader, from the initial challenges of growing the group to the key factors that contributed to its sustained growth and engagement.
We are highlighting Internet of Things and Microsoft Azure German MVP, Damir Dobric, AI United States MVP Adam Wisniewski, and Data Platform MVP Data Platform Bernat Agulló Roselló. By leveraging key factors such as support, coordination, planning, engagement, technology, and valuable content, Damir, Adam, and Bernat each overcame initial challenges and achieved sustained growth and engagement in the successful tech user groups they founded and led.
In founding and leading successful tech user groups, Damir, Adam, and Bernat each had their own unique experiences. Damir founded Azure Meetup Frankurt, the first Azure Group in Germany at the request of Scott Guthrie, while Bernat became a member of the Power BI Barcelona user group, in 2021. In 2023, he joined the organizers’ team benefiting from the knowledge of the attendees and the group. Meanwhile, Adam has been leading user groups, including Tampa XR, since 2018 and has always found them to be an excellent way to connect with like-minded individuals and learn from each other.
Power BI Barcelona user group
Every MVP found unique ways to grow their groups. Damir brought in people from the .NET User Group and various companies, while Bernat reached out through social media. Adam focused on making content his attendees would like. He learned that just creating a group doesn’t mean people will join. So, he made a plan to draw in and keep members interested, got extra help, and met different needs. Damir kept promoting cloud technology, even though it wasn’t popular at first due to data security concerns. His efforts paid off when Azure became widely used. Bernat started his group to keep in touch with past event-goers. To get more people, he invited Power BI users from Barcelona on LinkedIn with a message that got their attention.
MVP Damir Dobric
Leading a tech user group provided Damir, Adam, and Bernat with valuable learning experiences and personal growth. Damir relished the opportunity to network with influential professionals and enthusiasts, finding the reciprocal learning process enriching. Adam on the other hand, gained a great deal of knowledge from exploring topics in more depth, having rich discussions with members and thinking through ways to keep up with the ever-moving tech industry. While Bernat learned about the importance of teamwork, flexibility, and taking breaks while also building a motivated core team to lead the group.
Damir, Adam, and Bernat each shared their insights on nurturing a successful tech user group. Damir emphasized the importance of keeping the group engaged with high-quality, current information. Adam suggested focusing on a subject you’re passionate about and forming a dedicated team to manage events. He also highlighted the need for continuous member recruitment and the avoidance of overcommitment. Bernat advised establishing a committed core team to lead the group, advocating for shared leadership rather than solo efforts. He also underscored the significance of consistent member recruitment and the necessity of taking breaks when needed.
MVP Adam Wisniewski
In conclusion, leading a tech user group can be a challenging yet rewarding experience. The journey of a user group leader involves overcoming initial challenges, developing strategies for growth and engagement, and taking advantage of personal growth and learning opportunities. With the right approach, leading a tech user group can be a fulfilling and enriching experience.
Microsoft Tech Community – Latest Blogs –Read More
How to create Graphic with variable data (filtered)
Hi everybody,
I have an excel spreadsheet with all the sales forecast of 160 products. I have the quantity sold for each product every month for the last 5 years.
With graphics, I can see the sales forecast for each product. However, doing 160 graphics is too much for the Excel spreadsheet.
Therefore, I was wondering how to create just one graphic and by having a filter (with search bar for instance), I can select the product I want to see the trend and the graphic automatically just display the sales of this product?
How do to that?
Thank you so much for your help!
Hi everybody, I have an excel spreadsheet with all the sales forecast of 160 products. I have the quantity sold for each product every month for the last 5 years. With graphics, I can see the sales forecast for each product. However, doing 160 graphics is too much for the Excel spreadsheet. Therefore, I was wondering how to create just one graphic and by having a filter (with search bar for instance), I can select the product I want to see the trend and the graphic automatically just display the sales of this product? How do to that? Thank you so much for your help! Read More
How to assign co-owner to classwork/assignments in Teams for Education?
Hello,
Trying to utilize Teams to run an IT Training Program for my office, and I created a Class template Teams Team. I made some fellow colleagues as Owners of the team in hopes that they could also contribute other materials to the program, but since they are in different departments, they would also like to participate in the quizzes and assignments I’ve made for IT. Is there a way to assign classwork/assignments to other Owners?
Thanks
Hello, Trying to utilize Teams to run an IT Training Program for my office, and I created a Class template Teams Team. I made some fellow colleagues as Owners of the team in hopes that they could also contribute other materials to the program, but since they are in different departments, they would also like to participate in the quizzes and assignments I’ve made for IT. Is there a way to assign classwork/assignments to other Owners? Thanks Read More
Shared Dataset parameter default value automatically set as “=Nothing”
I create SSRS report using a shared dataset that has predefined parameters. When add the dataset to report, parameters are also get added automatically (as expected). Some of the parameters are optional parameters. For optional parameter, default value is automatically set as “Specify values” and expression “=Nothing”. Because of this, each time I edit and upload a new version of report the parameter value defaults to nothing. To keep the existing parameter value selection intact, I want the first option “No default value” to be selected by default. Please let know, if there is an option to have “No default value” selected by default instead of “Specify Values” combined with “=Nothing” at the time of adding a shared dataset to a report.
I create SSRS report using a shared dataset that has predefined parameters. When add the dataset to report, parameters are also get added automatically (as expected). Some of the parameters are optional parameters. For optional parameter, default value is automatically set as “Specify values” and expression “=Nothing”. Because of this, each time I edit and upload a new version of report the parameter value defaults to nothing. To keep the existing parameter value selection intact, I want the first option “No default value” to be selected by default. Please let know, if there is an option to have “No default value” selected by default instead of “Specify Values” combined with “=Nothing” at the time of adding a shared dataset to a report. Read More
Styles appear in different language / Styles Glitch
For some reason my Styles section is in a different language. This appears even in a new document. I’ve checked language settings and everything is set to English. The only way I have found that has fixed it is when I right click > Modify > Format > Font and make no other changes but just click okay (Font is set to Montserrat for body paragraph). It fixes it temperarily, but if I close the document and open Word again, the styles go back to the different language.
How do I permanently change this?
For some reason my Styles section is in a different language. This appears even in a new document. I’ve checked language settings and everything is set to English. The only way I have found that has fixed it is when I right click > Modify > Format > Font and make no other changes but just click okay (Font is set to Montserrat for body paragraph). It fixes it temperarily, but if I close the document and open Word again, the styles go back to the different language. How do I permanently change this? Read More
