Category: Microsoft
Category Archives: Microsoft
Ensuring Data Protection During Your Gmail to Office 365 Migration
Migrating emails from Gmail to Office 365 requires careful data protection. Here’s how to ensure a secure move:
Choose Secure Tools: Opt for migration tools with robust security measures, like encryption during transfer.Maintain Strong Passwords: Utilize complex passwords for both Gmail and Office 365 accounts.Limit Access: During migration, restrict access to sensitive data by setting appropriate permissions in Office 365.Verify Data Integrity: After migration, confirm email content and attachment transfer accuracy.
By following these steps, you can minimize security risks and ensure your data remains protected throughout the migration process.
Migrating emails from Gmail to Office 365 requires careful data protection. Here’s how to ensure a secure move: Choose Secure Tools: Opt for migration tools with robust security measures, like encryption during transfer.Maintain Strong Passwords: Utilize complex passwords for both Gmail and Office 365 accounts.Limit Access: During migration, restrict access to sensitive data by setting appropriate permissions in Office 365.Verify Data Integrity: After migration, confirm email content and attachment transfer accuracy. By following these steps, you can minimize security risks and ensure your data remains protected throughout the migration process. Read More
Keep files option missing from Windows 11 install 24h2?
I’ve always been able to install Windows and keep files in Windows old folder. Now trying to install 24h2 preview I see only these options. Does this mean it will really delete ALL files and not move to the Windows old folder?
I’ve always been able to install Windows and keep files in Windows old folder. Now trying to install 24h2 preview I see only these options. Does this mean it will really delete ALL files and not move to the Windows old folder? Read More
SQLServer Auditing and Alerts
We have enabled SQL Server Query auditing with ‘On Audit Log Failure’ set to Continue, so not to lock up the system. I would like to setup a SQL Server Agent Alert that would fire when the Drive is full and it is not able to write the audit to the file.
Any help?
We have enabled SQL Server Query auditing with ‘On Audit Log Failure’ set to Continue, so not to lock up the system. I would like to setup a SQL Server Agent Alert that would fire when the Drive is full and it is not able to write the audit to the file. Any help? Read More
Project Sites & Site Templates
I have tried searching but not found advice on avoiding creating a new project site template from an existing site linked to an existing project. I recall advice from many years ago not to do this but cannot remember the reasons. Is my memory playing tricks with me or were/are there genuine reasons as to why this is not advisable?
In a similar vein I am working with an instance of Project Server where a large number of Site Templates and associated solutions have emerged over the past 8 years and I am concerned that different Site Templates have evolved from the original single source and that in turn new templates based upon earlier templates have had changes made that mean lists with the same name may not be configured the same. We are getting regular queue errors that columns cannot be found in site lists which suggests this is the case.
Would there be any way to correct this divergence across a population of sites?
Trying to understand where the divergence may have occurred is not helped by the fact that it is not possible to know the “parentage” of existing sites when viewing the sites and workspaces list – _layouts/15/mngsubwebs.aspx – as the majority of sites have no description which they would have from the template name or description provided when using the Save as Template options on the /_layouts/savetmpl.aspx page
I have tried searching but not found advice on avoiding creating a new project site template from an existing site linked to an existing project. I recall advice from many years ago not to do this but cannot remember the reasons. Is my memory playing tricks with me or were/are there genuine reasons as to why this is not advisable? In a similar vein I am working with an instance of Project Server where a large number of Site Templates and associated solutions have emerged over the past 8 years and I am concerned that different Site Templates have evolved from the original single source and that in turn new templates based upon earlier templates have had changes made that mean lists with the same name may not be configured the same. We are getting regular queue errors that columns cannot be found in site lists which suggests this is the case. Would there be any way to correct this divergence across a population of sites? Trying to understand where the divergence may have occurred is not helped by the fact that it is not possible to know the “parentage” of existing sites when viewing the sites and workspaces list – _layouts/15/mngsubwebs.aspx – as the majority of sites have no description which they would have from the template name or description provided when using the Save as Template options on the /_layouts/savetmpl.aspx page Read More
Can I save an OEM key to my MS account?
One of my laptop is shipped with an OEM key and Windows 10 Pro is activated automatically when upgrading from Windows 8. How can I sync this key to my MS account?
Thanks
One of my laptop is shipped with an OEM key and Windows 10 Pro is activated automatically when upgrading from Windows 8. How can I sync this key to my MS account? Thanks Read More
Interest of self-hosted API gateway in AKS
Hi everyone,
I am currently evaluating the benefit/interest of using the self-hosted API gateway with our APIs hosted in AKS.
One thing I am wondering is if there is a benefit in terms of network latency compared to using a managed API gateway, especially if it is hosted in the same VNet as the cluster?
Thanks in advance for your insights!
Hi everyone, I am currently evaluating the benefit/interest of using the self-hosted API gateway with our APIs hosted in AKS. One thing I am wondering is if there is a benefit in terms of network latency compared to using a managed API gateway, especially if it is hosted in the same VNet as the cluster? Thanks in advance for your insights! Read More
How to cancel Microsoft Defender free trial, when GoDaddy is my Tenant?
I signed up for a 3-month free trial of Microsoft Defender through https://security.microsoft.com/ a few months ago while exploring security options for my domain, which is hosted by GoDaddy. However, GoDaddy informed me that they are not authorized to sell me the product directly, as I need to migrate away from them and have Microsoft to be my tenant to make the purchase.
Now, as the trial period is coming to an end, I’ve been trying to cancel it through https://security.microsoft.com/ (The option is there), but it redirects me to GoDaddy instead. GoDaddy, in turn, advised me to contact Microsoft directly for assistance, but I’ve had difficulty reaching a real person through their support line.
I’m unsure about what happens after the trial period ends. Will it cancel automatically? Will GoDaddy be charged? I would greatly appreciate any guidance on how to proceed as the trial deadline approaches.
I signed up for a 3-month free trial of Microsoft Defender through https://security.microsoft.com/ a few months ago while exploring security options for my domain, which is hosted by GoDaddy. However, GoDaddy informed me that they are not authorized to sell me the product directly, as I need to migrate away from them and have Microsoft to be my tenant to make the purchase. Now, as the trial period is coming to an end, I’ve been trying to cancel it through https://security.microsoft.com/ (The option is there), but it redirects me to GoDaddy instead. GoDaddy, in turn, advised me to contact Microsoft directly for assistance, but I’ve had difficulty reaching a real person through their support line. I’m unsure about what happens after the trial period ends. Will it cancel automatically? Will GoDaddy be charged? I would greatly appreciate any guidance on how to proceed as the trial deadline approaches. Read More
Discover The Age of Copilots, now on-demand
Great things are here and on the horizon. Microsoft Copilot innovation, combined with the familiarity and scale of Microsoft 365, unlocks productivity and transforms business processes for everyone across all functions and every industry in this new era of AI.
We want to share the on-demand recording of the Microsoft 365 Community Conference opening keynote that puts it all into perspective: The Age of Copilots, plus a bonus video from Microsoft Build highlighting custom copilots from SharePoint. (aka: “Click to Copilot”)
First, Jeff Teper (President of Collaboration Apps and Platforms at Microsoft) presented a 75-minute vision and strategy session in Orlando, FL, filled with insights, product demos and real-world context across Copilot, Teams, and SharePoint.
Watch on-demand | “The Age of Copilots” with Jeff Teper and co-presenters Miceile Barrett, Derek Snyder, and Naomi Moneypenny (Presented live, Tuesday, April 30th, 2024, at the Microsoft 365 Community Conference in Orlando, FL):
NOTE | You can watch all on-demand session recordings from the Microsoft 365 Community Conference (more added each week over the coming weeks); enjoy and share. Plus, review much of what was covered in the opening keynote in this article, “Microsoft SharePoint Roadmap Update – May 2024” by Dave Cohen.
Jeff Teper presenting “The Age of Copilots” at the Microsoft 365 Community Conference in Orlando, FL | April 30th, 2024.
“The Age of Copilots” co-presenters (left-to-right): Derek Snyder, Naomi Moneypenny, Jeff Teper, and Miceile Barrett.
The Age of Copilots continues…
Second, on the heels of the Microsoft 365 Community Conference arose Microsoft Build. Build highlighted a new capability in this age of copilots, the ability to create custom copilots – in SharePoint. And this time Jeff joined Satya Nadella, Kevin Scott, and Rajesh Jha within the Build opening keynote (KEY01).
Jeff introduced the ability for anyone to create custom copilots from SharePoint. In just a few clicks, you— whether an admin or business user— can create and share a copilot from SharePoint that’s grounded in the curated, authoritative content you choose. Since you rarely work alone, you can also easily share your copilots with others in Teams chat, email, and more. It’s like a subject matter expert ready to help you, your team, department, or even the whole company while respecting all your existing security settings and permissions.
In context of the age of copilots, we’re excited to share this on-demand video, “Microsoft Build opening keynote | KEY01” (video jumps to Jeff’s segment 1 hour and 7 minutes in):
Example of a built-in, custom copilot on a SharePoint communication site – created in a few clicks: Select “Create a copilot” and choose the folders or files that you want your copilot scoped to. The copilot will reason over only this content when providing responses.
Discover more, “Create custom copilots from SharePoint,” – recent blog written by Jeff Teper.
Next steps
We can’t wait to see how you leverage AI in the age of copilots, including future custom copilots our incredible SharePoint user base will create! Everyone will now be empowered to create, use, and share copilots for better collaboration and knowledge sharing —always with the trusted Microsoft governance capabilities you already have.
Sign up for the custom copilots from SharePoint private preview today and stay tuned for the public preview coming later this year. Plus, watch a bonus, related, depth Build breakout session, “Integrating your bots and Copilot experiences natively into SharePoint and Viva Connections.”
Reminders:
Watch all on-demand session recordings from the Microsoft 365 Community Conference (more added each week over the coming weeks); enjoy and share.
Become a member of the Community News Desk right here within the Microsoft Tech Community — see more content like this, plus discover news, event guides, product series, and insights around the world.
Cheers, Mark Kashman
Microsoft Tech Community – Latest Blogs –Read More
Uplevel collaborative notetaking with Loop components in OneNote
We’re excited to announce that you can now harness the power of Loop components in OneNote apps on the Web, Windows, and Teams. With multiple Loop component types to create on OneNote, collaborative notetaking has never been more seamless in your digital notebook.
What are Loop components?
Loop components are sharable, editable pieces of content, such as lists, tables, and tasks, that are accessible and stay in sync across all the places they’re added across M365 apps. They represent the most elemental portable piece of a Loop workspace, and by using them in your notebooks, you can remain focused on your personal content while collaborating with others in real time without having to switch between different apps. without having to switch between different apps.
An image demonstrating Loop components used for real time collaboration on a meeting agenda and notes on the canvas of OneNote.
To get started with Loop components in OneNote, click on Loop Components under the Insert tab from the OneNote apps for the Web, Windows, or Teams.
A snapshot of the Insert tab on the ribbon of the OneNote Windows app containing the Loop components option.
Multiple relevant Loop component types for a truly collaborative notetaking
Choose and insert from a dozen different Loop component types right from the Insert tab on your ribbon. These components are aimed to help you and your team with the most common scenarios for collaborative notetaking, such as a task list, progress tracker, and kanban board.
An image showcasing different Loop components available for insertion when clicking on the Loop components option from the Insert tab on the ribbon.
Real time collaboration, across Microsoft 365
Get more done right from your notebook with Loop components, which stays in sync across chats, emails, meetings, or documents in real time. Loop components created from any of the eligible M365 apps can be pasted in OneNote and vice versa. Learn more about what apps that currently support Loop components from our support article.
An animated gif demonstrating Loop components pasted in a Teams chat and on a OneNote canvas being edited and syncing in real time.
Bring your team together with added collaboration features
With Loop components comes an added array of collaboration features including @mentions, comments, and reactions. In addition, Loop components are always live, which means you get to see who’s viewing or editing the Loop component on your OneNote page.
An image demonstrating @mentions functionality within a Loop component on OneNote canvas.
Scenarios to try
Create or paste a task list Loop component to keep track of your work items, while staying in sync with Planner and To Do.
An image showing a task list Loop components on the OneNote canvas with tasks assigned to various individuals along with due dates.
Create a progress tracker Loop component within a page in the OneNote-powered Notes tab of your Teams channel to collaborate with your team members on a project. Tag owners to specific work areas to track and accelerate progress.
Collaborate in real time on shared agendas and notes with your team members for your upcoming meetings right from your notebook. Enhance your workflow by having your shared notes right next to your personal notes on the same notebook page.
Improve organization and reduce context switching by consolidating Loop components on OneNote pages.
Availability and requirements
Accessing Microsoft Loop and Loop components in OneNote requires a commercial M365 subscription.
Loop components in OneNote are generally available to users on our Web and Teams apps and will soon be available to users on our Windows Desktop app starting June 2024. Learn more and keep track of the rollout status and platform availability of the latest OneNote features from our Microsoft 365 roadmap!
Note: Loop components are being gradually rolled out and are made available through your work account. Within OneNote, Loop components are available only if your organization allows creation of links that can be edited or viewed by anyone in the organization. Loop components are being rolled out to Windows, Web, and Teams but are not yet available in OneNote for mobile or Mac/iOS. Loop components in OneNote app for the Web and Teams may be available only to targeted release users in your organization and available via Insiders Beta for the OneNote Windows desktop app.
Feedback
We want to hear about your experience! Please share your feedback by selecting Help > Feedback in OneNote on Windows, or by selecting Help > Give Feedback to Microsoft in OneNote for the web.
Please also feel free to navigate to our FAQ for questions specifically about Loop components in OneNote.
Microsoft Tech Community – Latest Blogs –Read More
Cost Optimization for General Purpose VMs using Hibernation now Generally Available
During Microsoft Ignite 2023, we previewed the ability to hibernate VMs, making it easier for customers to save Compute costs. Hibernating a VM deallocates the machine while persisting the VM’s in-memory state. While the VM is hibernated, customers don’t pay for the Compute costs associated with the VM and only pay for storage and networking resources associated with the VM. Customers can later start back these VMs when needed and all their apps and processes that were previously running simply resume from their last state.
Today we are excited to announce that hibernation for general-purpose VMs is now generally available. In addition, customers can now use hibernation with new VM deployments as well as their existing VMs and save more costs.
Use cases
Hibernating VMs is an effective cost management feature for scenarios such as:
Virtual desktops, dev/test – customers can hibernate their machines after business hours and resume their machines the next morning without needing to reopen their apps.
Prewarmed VMs – customers running VMs with apps that have long initialization times due to the memory components, can bring up the apps and hibernate the VMs. Later, these “prewarmed” VMs can be quickly started when needed, with the applications up and running in the desired state.
Customer and Partner testimonials
Several customers and partners used hibernation during preview and shared their feedback.
“We use Azure Virtual Desktop where we used to stop VMs outside working hours. Therefore, when starting work the next day, it was inefficient as we needed to manually start the applications and remember the state of the previous day’s work. However, with the introduction of the hibernation feature, we can now start work while retaining the desktop state from the previous day, greatly improving efficiency. This allows for a balance between cost and convenience. NEC has been using hibernation during preview, and I myself have been using it and experiencing its benefits. With the feature being generally available, we are considering incorporating it into the overall power management system, and anticipate more benefits. Therefore, we plan to apply it to 90,000 single-session AVDs within NEC.” – Oguchi Kazuhiro (小口 和弘) – Executive Professional, ITSM – NEC Corporation.
“As part of our goal to optimize power consumption and costs for our customers, and as a long-time Azure partner providing global virtual desktops to Global 2000 enterprises around the world, Workspot is excited to offer VM hibernation capabilities to our customers, immediately. As part of the preview team, Workspot has worked closely with Microsoft to deliver the ability to hibernate and then resume virtual desktops, saving our joint customers the associated costs in Compute resources while they are away. Workspot delivers this hibernation capability in a seamless manner with no interaction needed by the end-user.” – Jimmy Chang, Chief Product Officer, Workspot.
Getting started with Hibernation
Hibernation is generally available for general purpose Intel and AMD VM sizes. Both Linux and Windows Operating Systems are supported. Hibernation for GPU VM sizes is in public preview.
Hibernation is available in all public regions. You can get started with hibernation using Azure Portal, PowerShell, CLI, ARM, SDKs, and APIs. For more details on how to get started with hibernation, refer to the product documentation.
In addition, customers using Azure Virtual Desktop, Citrix DaaS and Workspot on Azure can take advantage of hibernation today and further optimize costs.
Microsoft Tech Community – Latest Blogs –Read More
Updates for Town Hall in Microsoft Teams and Teams Live Events
Our goal in Teams is to make hybrid work and communication easier and more inclusive than ever before. This pursuit is core to the effort we put into creating meaningful connections between people through our end-to-end events platforms, whether one-to-one meetings or large one-to-many hosted digital events. We introduced our new digital streaming event solution for large events, town hall, in September 2023. Town hall has continued to drive new, exciting experiences for our customers, such as the ability to bring multiple presenters on stage, send out attendee emails, and see real-time health analytics for the event. As we move forward, we are excited to continue to share our latest features with you and let you know what to expect from town hall in the next year.
Additionally, we will not retire Teams Live Events in September 2024, as previously announced. Town hall will continue to be the platform where our new features and value land, and we encourage Teams Live Events users to take advantage of these new innovations by upgrading to town hall when ready. We’ve spoken with customers and understand how important it is to ensure a smooth transition to town hall. We are committed to making it as easy and beneficial as possible for customers to experiment, adopt, and implement town hall as their destination for large-scale digital events, as well as allow customers to upgrade from Live Events to town hall on their own schedule. In the coming days, customers who are still using Teams Live Events, and wish to continue to do so past September 30th, 2024, will be able to schedule Teams Live Events instances beyond this date.
Updates about features that will be rolling out to town hall can be found on our town hall adoption page, and we will communicate future updates about Teams Live Events plans via blogs, MC posts, and any other forums where this announcement is distributed.
Town hall innovations deliver new ways to engage your audience
Town hall adoption continues to grow as we continue to prioritize driving new value for our users. In the last quarter, we saw significant increases in new customers trying town hall, total usage, and the number of hosted events. Our mission is to continue to add new additional capabilities to town hall that make your streaming digital events more impactful to audiences and more seamless to execute. As we look ahead to the coming year, we will be delivering key features to continue to build on the highly engaging and interactive experiences that town hall delivers. Attendees will soon be able to express their feedback and engagement through live reactions, streaming chat and presenters can interact with their audience via raise hands. Advanced production experiences such as the producer role, queuing shared content and preview scene support are also coming to town hall, providing a new level of event execution capabilities.
When we initially announced town hall in September of 2023, we made our users aware that we would continue to release town hall features that provide a similar experience in town hall as Teams Live Events. In the next twelve months, we plan to continue to focus on these areas in town hall to ensure that we provide the same feature effectiveness that customers have come to expect from Teams Live Events. Some key features that will be available in town hall in the next year to help achieve this effectiveness include:
Engagement capabilities (certain Q&A functions: voting, filters, sorting, and archive questions; export questions to CSVdownload Q&A report)
Device capabilities (MTR-W support for presenters and attendees and CVI and VDI support)
Advanced production experiences such as producer role, queuing shared content, and preview scenes.
The combination of ease of use and adoption of town hall, achieving feature effectiveness between the Live Events and town hall, and the new additive value that is exclusive to town hall going forward are all great reasons for current Live Events users to consider upgrading to town hall to take advantage of what we are building.
For the latest updates, feature timelines, and news about what is coming for Teams town hall, please visit our town hall adoption page.
Microsoft Tech Community – Latest Blogs –Read More
Best Practices to Manage and Mitigate Security Recommendations
In the fast-evolving landscape of cloud security, Microsoft Defender for Cloud (MDC) stands as a robust Cloud Native Application Protection Platform (CNAPP). One of its standout features is the premium Cloud Security Posture Management (CSPM) solution, known as Defender CSPM. Among the myriads of advanced capabilities offered by Defender CSPM, the “Governance Rule” feature is a game-changer. This empowers security teams to streamline and automate the assignment, management, and tracking of security recommendations.
In this blog, we’ll delve into best practices for leveraging Governance Rule to ensure effective, efficient, and timely remediation actions and explore practical use cases for maximizing its potential.
Understanding Governance Rule
Governance Rule in Defender CSPM is designed to simplify the management of security recommendations by enhancing accountability. You can define rules that assign an owner and a due date for addressing recommendations for specific resources. This provides resource owners with a clear set of tasks and deadlines for remediating recommendations. By making the assignment and tracking of these tasks more visible, Governance Rule ensures that critical security issues are promptly addressed, reducing the risk of breaches and enhancing overall security posture.
Best Practices for Utilizing Governance Rule
Define Clear Remediation Ownership
Assigning remediation tasks to specific owners is crucial for accountability. Governance Rule allows you to specify who is responsible for each security recommendation. Ensure that each task is assigned to the most appropriate individual or team with the necessary expertise and authority to address the issue. Clear ownership helps avoid confusion and ensures that remediation actions are taken seriously.
Set Realistic ETAs and Grace Periods
Establishing realistic Estimated Time of Arrival (ETA) and grace periods for remediation tasks is essential for maintaining a balance between urgency and feasibility. Overly aggressive timelines can lead to rushed and potentially ineffective fixes, while overly lenient deadlines may delay critical security improvements. Analyze the complexity and impact of each security finding to set achievable timelines that encourage timely resolution without compromising quality.
Prioritize Based on Risk
Not all security recommendations are created equal. Use severity-based prioritization to determine which issues need immediate attention and which can be scheduled for later remediation. Defender CSPM’s Governance Rule allows you to categorize tasks based on their severity and potential impact on your organization’s security posture. Focus on high-severity findings first to mitigate the most significant threats promptly.
Automate Workflow Integration
Leverage the automation capabilities of Governance Rule to integrate remediation workflows with your existing security tools and processes. Automated notifications, status updates, and task assignments can significantly reduce manual effort and improve coordination across teams. By integrating these workflows, you ensure that security recommendations are seamlessly managed from detection to resolution.
Regularly Monitor and Adjust Rules
The dynamic nature of cloud environments means that security needs can change rapidly. Regularly review and adjust your Governance Rules to ensure they remain aligned with your organization’s security objectives and compliance requirements. Monitor the performance of these rules and gather feedback from your security teams to identify areas for improvement.
Foster a Culture of Continuous Improvement
Encourage a culture where continuous improvement is the norm. Use insights gained from the Governance Rule feature to identify recurring security issues and root causes. Implement lessons learned to refine your security policies and practices, reducing the likelihood of similar issues arising in the future.
Before you begin
The Defender Cloud Security Posture Management (CSPM) plan must be enabled.
You need Contributor, Security Admin, or Owner permissions on the Azure subscriptions.
For AWS accounts and GCP projects, you need Contributor, Security Admin, or Owner permissions on the Defender for Cloud AWS or GCP connectors.
Using Governance Rule Priorities in Microsoft Defender for Cloud: A Practical Use Case
The Governance Rule feature in Microsoft Defender for Cloud (MDC) offers a powerful way to prioritize and manage security recommendations by assigning a Priority value from 1 (highest) to 1000 (lowest). This granularity allows organizations to tailor their remediation efforts based on the criticality of the issues at hand. Let’s explore a practical use case to illustrate how setting multiple rules with different priorities can enhance your security posture.
Multi-Tiered Security Remediation Strategy
Scenario: An organization operates a cloud infrastructure that supports various critical business functions, including financial transactions, customer data management, and internal communication systems. Each of these functions has different security requirements and a potential impact on the business if compromised.
Objective: To implement a multi-tiered security remediation strategy that ensures the most critical security issues are addressed first, while less critical issues are still managed effectively within appropriate timelines.
Step-by-Step Implementation
Identify Security Segments and Their Impact:
Tier 1: High-impact areas such as financial transaction systems and customer data management. Compromise in these areas could lead to significant financial loss and regulatory penalties.
Tier 2: Medium-impact areas such as internal communication systems and non-critical business applications. Breaches here could disrupt operations but with manageable consequences.
Tier 3: Low-impact areas such as development and testing environments. Issues here have a minimal immediate impact on business operations.
Set Governance Rules with Priorities:
Rule 1: High Priority (1-100)
Criteria: Security recommendations related to Tier 1 systems.
Priority Value: 1-100
Description: Assign the highest priority to vulnerabilities and security findings in financial transaction systems and customer data management platforms. These tasks should be addressed immediately to prevent significant damage.
Rule 2: Medium Priority (101-500)
Criteria: Security recommendations related to Tier 2 systems.
Priority Value: 101-500
Description: Assign a medium priority to issues in internal communication systems and non-critical business applications. These should be remediated promptly but can be scheduled after Tier 1 issues are addressed.
Rule 3: Low Priority (501-1000)
Criteria: Security recommendations related to Tier 3 systems.
Priority Value: 501-1000
Description: Assign the lowest priority to findings in development and testing environments. While still important, these issues can be managed with a longer timeline, focusing on addressing them during regular maintenance cycles.
Automate and Monitor:
Use MDC’s Governance Rule automation to assign these tasks to appropriate teams or individuals based on their expertise.
Set up automated notifications and tracking to ensure that each priority level is being addressed according to the defined timelines.
Regularly review the progress and adjust priorities as necessary based on new findings, business impact analysis, and changes in the threat landscape.
Benefits of Multi-Priority Governance Rules
Focused Resource Allocation: Ensures that critical resources are directed towards addressing the most impactful security issues first, optimizing the use of your security team’s time and expertise.
Risk Management: Reduces the risk of severe breaches by prioritizing high-impact areas, thereby protecting essential business functions.
Scalability: As the organization grows and the cloud environment evolves, this prioritization strategy can scale to include new systems and adjust to changing priorities.
Efficiency: Automated workflows and clear prioritization reduce the time spent on manual task assignment and tracking, increasing overall operational efficiency
Leveraging Governance Rule Conditions for Efficient Remediation
The Governance Rule feature in Microsoft Defender for Cloud allows for detailed configuration of conditions, making it a versatile tool for managing remediation tasks. Here are some key conditions and their valuable use cases:
Impacted Recommendations: By Severity or By Specific Recommendation
Set Owner: By Resource Tag or By Email Address (one address only)
Set Remediation Timeframe: 7, 14, 30, 90 days with an option to set an equal Grace Period so the recommendation doesn’t affect the Secure Score
Set Email Notifications: Notify owners weekly about open and overdue tasks, notify the owner’s direct manager weekly about open and overdue tasks. Email configuration day of the week – select a day of the week.
Use Case 1: Prioritizing High-Severity Recommendations
Condition Configuration:
Impacted Recommendations: By Severity (High)
Set Owner: By Resource Tag (e.g., “HighPriorityTeam”)
Set Remediation Timeframe: 7 days with an equal grace period
Set Email Notifications: Notify owners weekly about open and overdue tasks, email configuration day: Monday
Description: This use case focuses on ensuring that high-severity security recommendations are addressed with utmost urgency. By assigning these tasks to a dedicated high-priority team and setting a tight remediation timeframe, critical vulnerabilities are mitigated quickly. Weekly email notifications keep the owners informed, ensuring accountability and prompt action.
Use Case 2: Managing Specific Recommendations for Compliance
Condition Configuration:
Impacted Recommendations: By Specific Recommendation (e.g., “Enable Multi-Factor Authentication”)
Set Owner: By Email Address (specific compliance officer)
Set Remediation Timeframe: 30 days with an equal grace period
Set Email Notifications: Notify owners weekly about open and overdue tasks, notify the owner’s direct manager weekly about open and overdue tasks, email configuration day: Wednesday
Description: Certain security recommendations are crucial for compliance with regulatory requirements. By targeting specific recommendations, such as enabling multi-factor authentication, and assigning them to a compliance officer, organizations can ensure these critical tasks are completed within a reasonable timeframe. The grace period prevents these tasks from negatively impacting the Secure Score while they are being addressed. Regular notifications keep everyone on track.
Use Case 3: Efficient Resource Tag-Based Assignment
Condition Configuration:
Impacted Recommendations: By Severity (Medium)
Set Owner: By Resource Tag (e.g., “AppTeam”)
Set Remediation Timeframe: 14 days with an equal grace period
Set Email Notifications: Notify owners weekly about open and overdue tasks, email configuration day: Thursday
Description: For medium-severity issues, assigning tasks based on resource tags allows for efficient distribution of remediation efforts among different teams. This use case assigns recommendations to the application development team, ensuring they handle vulnerabilities related to their specific domain. The 14-day remediation period is sufficient to address these issues without overwhelming the team, while weekly notifications help maintain progress.
Use Case 4: Long-Term Low-Severity Management
Condition Configuration:
Impacted Recommendations: By Severity (Low)
Set Owner: By Email Address (general IT team lead)
Set Remediation Timeframe: 90 days with an equal grace period
Set Email Notifications: Notify owners weekly about open and overdue tasks, email configuration day: Friday
Description: Low-severity recommendations, while still important, can be managed over a longer period. This case assigns these tasks to the general IT team lead, allowing for a 90-day remediation period. The extended timeframe ensures that these issues are addressed without detracting them from more urgent tasks. Weekly notifications ensure that these tasks are not forgotten and are completed within the set period.
Use Case 5: Weekly Review and Reporting
Condition Configuration:
Impacted Recommendations: By Severity (All)
Set Owner: By Resource Tag (e.g., “SecurityOps”)
Set Remediation Timeframe: 30 days with an equal grace period
Set Email Notifications: Notify owners weekly about open and overdue tasks, email configuration day: Monday
Description: A comprehensive approach to managing all levels involves setting a 30-day remediation period for all recommendations and assigning them to the Security Operations team. Weekly notifications sent every Monday keep the team updated on open and overdue tasks, ensuring continuous review and progress on all security recommendations.
Integrating ServiceNow with Governance Rules in Microsoft Defender for Cloud
The integration of ServiceNow with Defender for Cloud allows you to create governance rules that automatically open tickets in ServiceNow for specific recommendations or severity levels. This capability provides significant value by enabling seamless collaboration between the two platforms. With ServiceNow tickets being created, viewed, and linked to recommendations directly from Defender for Cloud, organizations can streamline their incident management process. This integration ensures that security recommendations are promptly addressed, facilitating efficient and effective remediation efforts, and enhancing the overall security posture by providing clear visibility and accountability for each task.
For more detailed instructions, refer to the official documentation.
Conclusion
By configuring Governance Rules with specific conditions tailored to your organization’s needs, you can create a structured and efficient remediation process. Whether it’s prioritizing high-severity issues, managing compliance-related recommendations, or ensuring long-term management of low-severity findings, the flexible configuration options in MDC’s Governance Rule feature allow for a highly effective security strategy. Implementing these use cases will help your organization maintain a strong security posture, ensuring timely and efficient remediation actions across all areas of your cloud infrastructure.
The Governance Rule feature in Microsoft Defender CSPM is a powerful tool that can transform how organizations manage and mitigate security recommendations. By following these best practices, security teams can enhance their efficiency, effectiveness, and responsiveness to security findings. Embrace the capabilities of Governance Rule to stay ahead in the ever-changing world of cloud security, ensuring that your security measures are not only reactive but also proactive and adaptive.
Additional Resources
Watch a demonstration on how to use Governance Rule in this episode of Defender for Coud in the Field
Download the new Microsoft CNAPP eBook at aka.ms/MSCNAPP
Become a Defender for Cloud Ninja by taking the assessment at aka.ms/MDCNinja
Reviewers
Yuri Diogenes, Principal PM Manager, CxE Defender for Cloud
Tal Rosler, Senior PM lead, Microsoft Defender for Cloud
Microsoft Tech Community – Latest Blogs –Read More
Can’t see Tags on My Task view or filter by them
I keep seeing posts where, in the new Planner, we should be able to filter by tags. I have to open details on each individual task, and still cannot see my tags without opening each task. It’s making it difficult to see where tasks are in the process. Am I missing something or is this feature coming soon? I’m hoping tags will display on the grid soon.
I keep seeing posts where, in the new Planner, we should be able to filter by tags. I have to open details on each individual task, and still cannot see my tags without opening each task. It’s making it difficult to see where tasks are in the process. Am I missing something or is this feature coming soon? I’m hoping tags will display on the grid soon. Read More
Simple automate script mangles number formatting
I have a new laptop and I thought – i/o moving my macro – to create an Automated script.
I recorded the script with the same steps as the macro:
Select column A > data > text to column > Delimited on | sign > finish.
Attached is the Automation script after my first change: adjust the destination from B1 to A1, because otherwise a whole csv string remained in A1, and the the first item of the headers started in B2 i/o A1. Strangely enough the rest of the rows were filled correctly, with the first item in column A.
Later (after taking the screenshot) I also changed the range to A:A rather than a specified number of rows.
After the changes the script seemed to work as far as the Text to Column bit went. However: something strange happened with the numerical data in my ‘price’ column (U). By the way, my Excel regional settings have a comma separator.
The flat data in the csv contains this item in the form of 4 decimals. So 0 > 0,0000.
And actually the 0,0000 is the only one that remains the same after running the script.
All other amounts – while also starting out as a number with 4 digits after the comma – end up being translated as follows: 3,5500 becomes 35.500
I don’t understand why the script would cause this deviation., and frankly this experience doesn’t encourage playing around with it.
I have a new laptop and I thought – i/o moving my macro – to create an Automated script.I recorded the script with the same steps as the macro:Select column A > data > text to column > Delimited on | sign > finish. Attached is the Automation script after my first change: adjust the destination from B1 to A1, because otherwise a whole csv string remained in A1, and the the first item of the headers started in B2 i/o A1. Strangely enough the rest of the rows were filled correctly, with the first item in column A.Later (after taking the screenshot) I also changed the range to A:A rather than a specified number of rows. After the changes the script seemed to work as far as the Text to Column bit went. However: something strange happened with the numerical data in my ‘price’ column (U). By the way, my Excel regional settings have a comma separator.The flat data in the csv contains this item in the form of 4 decimals. So 0 > 0,0000.And actually the 0,0000 is the only one that remains the same after running the script.All other amounts – while also starting out as a number with 4 digits after the comma – end up being translated as follows: 3,5500 becomes 35.500 I don’t understand why the script would cause this deviation., and frankly this experience doesn’t encourage playing around with it. Read More
Moving back email from group I created to my inbox.
Hello everyone,
I create a email group in Outlook and then I move email from my Inbox to the group.
Now I can’t move back the seme email from the group to my Inbox!
What I miss?
Hello everyone, I create a email group in Outlook and then I move email from my Inbox to the group. Now I can’t move back the seme email from the group to my Inbox!What I miss? Read More
Intune disables Tamper Protection by default
We noticed a strange quirk about Intune and have repeatedly tested it across multiple tenants with freshly reinstalled workstations running Windows 10.
Normally, Intune much like AD should not apply policies unless given a policy to apply. But we noticed that by default Intune will always apply a policy to DISABLE Tamper Protection by group policy when devices are enrolled unless you specifically make a configuration profile or otherwise to tell Intune to enable Tamper Protection on end devices.
This seems like a strange behavior, and is not documented anywhere in the Microsoft Learn website.
Also, if you run the Powershell command Get-MpComputerStatus you will see that TamperProtectionSource now gets listed as “Signatures” with no explanation. Again, there is no documentation about this type in Microsoft Learn or any other public KBs. The KBs only had information about other states such as UI, Transition, etc.
Is there a way to request Microsoft to provide documentation to fill in these important gaps in their knowledge base?
We noticed a strange quirk about Intune and have repeatedly tested it across multiple tenants with freshly reinstalled workstations running Windows 10. Normally, Intune much like AD should not apply policies unless given a policy to apply. But we noticed that by default Intune will always apply a policy to DISABLE Tamper Protection by group policy when devices are enrolled unless you specifically make a configuration profile or otherwise to tell Intune to enable Tamper Protection on end devices. This seems like a strange behavior, and is not documented anywhere in the Microsoft Learn website. Also, if you run the Powershell command Get-MpComputerStatus you will see that TamperProtectionSource now gets listed as “Signatures” with no explanation. Again, there is no documentation about this type in Microsoft Learn or any other public KBs. The KBs only had information about other states such as UI, Transition, etc. Is there a way to request Microsoft to provide documentation to fill in these important gaps in their knowledge base? Read More
Selection column shows strange characters
I have a normal selection column in a Sharepoint list with the following values:
RD Value1
RD value2
RDMD value1
RDMD value2
However, in the list the values are displayed as follows:
;#RD Value1;#
;#RD Value2;#
RDMD value1
RDMD value2
I can’t explain why some values start with ;# and end with ;#. Does anyone know this phenomenon and how can I fix it?
RD Value1
RD value2
RDMD value1
RDMD value2
However, in the list the values are displayed as follows:
;#RD Value1;#
;#RD Value21;#
RDMD value1
RDMD value2
I can’t explain why some values start with ;# and end with ;#. Does anyone know this phenomenon and how can I fix it?
I have a normal selection column in a Sharepoint list with the following values:RD Value1RD value2RDMD value1RDMD value2However, in the list the values are displayed as follows:;#RD Value1;#;#RD Value2;#RDMD value1RDMD value2I can’t explain why some values start with ;# and end with ;#. Does anyone know this phenomenon and how can I fix it?RD Value1RD value2RDMD value1RDMD value2However, in the list the values are displayed as follows:;#RD Value1;#;#RD Value21;#RDMD value1RDMD value2I can’t explain why some values start with ;# and end with ;#. Does anyone know this phenomenon and how can I fix it? Read More
Background of Calendar Item – SharePoint Calendar on Teams Tab
Hi,
I converted a classic SharePoint calendar to use a modern calendar view as the default view (instructions used) and then added it as a tab on Teams. The calendar itself is displayed as expected except for the background of the items. The background color is different from a regular Teams calendar and the contrast between the background and text color is bad. I tried to change the color using view formatting for the day but that is not working. Is this a bug on Teams or do I need to adjust something in SharePoint?
Hi, I converted a classic SharePoint calendar to use a modern calendar view as the default view (instructions used) and then added it as a tab on Teams. The calendar itself is displayed as expected except for the background of the items. The background color is different from a regular Teams calendar and the contrast between the background and text color is bad. I tried to change the color using view formatting for the day but that is not working. Is this a bug on Teams or do I need to adjust something in SharePoint? Read More
Linked data types broken again
Every once in a while I get the same error message “You need to be online to refresh your linked data types. Check your connection and try again.” See image:
This happens when I click on “Refresh All” for Data when trying to get a stock update. As shown in the next image, the last time it was successful for me was after market close 5/23/2024 19:59 EDT, though it might have worked the next day or a little longer if I wasn’t trying to do a more recent update before it stopped working.
Presumably it broke for everyone at the same time since this error has been reported in previous threads, including one last July with 10 pages of replies, and the consensus is that it was a server error.
Every once in a while I get the same error message “You need to be online to refresh your linked data types. Check your connection and try again.” See image: This happens when I click on “Refresh All” for Data when trying to get a stock update. As shown in the next image, the last time it was successful for me was after market close 5/23/2024 19:59 EDT, though it might have worked the next day or a little longer if I wasn’t trying to do a more recent update before it stopped working. Presumably it broke for everyone at the same time since this error has been reported in previous threads, including one last July with 10 pages of replies, and the consensus is that it was a server error. Read More
Calculated Column based on answer from another field
Hello,
I am trying to create a enable/disable user account list/workflow. This list is tied to a workflow that sends an email out and that email is read by our TrackIT system and then put into a specific queue based on the title. So the title needs to be a specific thing. I’m trying to create a calculated column that equals a specific text, based on the response to another field. Basically, if the user selects “Create New Account” or “Disable New Account” I want the Calculated field text to be either A or B (just for this example).
Does anyone know how I could formulate this? I’ve been trying to do it on my own, but its quite difficult. I’m not sure where I’m going wrong.
Thanks,
Zayne
Hello, I am trying to create a enable/disable user account list/workflow. This list is tied to a workflow that sends an email out and that email is read by our TrackIT system and then put into a specific queue based on the title. So the title needs to be a specific thing. I’m trying to create a calculated column that equals a specific text, based on the response to another field. Basically, if the user selects “Create New Account” or “Disable New Account” I want the Calculated field text to be either A or B (just for this example). Does anyone know how I could formulate this? I’ve been trying to do it on my own, but its quite difficult. I’m not sure where I’m going wrong. Thanks, Zayne Read More
