Category: News
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
[Some] SQL Server and Azure SQL DB Security Fundamentals | Data Exposed
Learn about SQL Server and Azure SQL Database security fundamentals you won’t want to miss.
Resources:
Microsoft Tech Community – Latest Blogs –Read More
Tech Community Live: Microsoft Intune – RSVP now
Join us March 20th for another Microsoft Intune edition of Tech Community Live! We will be joined by members of our product engineering and customer adoption teams to help you explore, expand, and improve the way you cloud manage devices – or learn the first steps to take to get to the cloud – we’re here to help you.
In this edition of Tech Community Live, we are focusing on cloud management for your entire device estate – specifically for those of you managing Windows or macOS devices with Intune. We’ll also cover some of the newly available solutions in Intune Suite including Enterprise App Management, Advanced Analytics and Cloud PKI.
As always, the focus of this series is on your questions! In addition to open Q&A with our product experts, we will kick off each session with a brief demo to get everyone warmed up and excited to engage.
How do I attend?
Choose a session name below and add any (or all!) of them to your calendar. Then, click RSVP to event and post your questions in the Comments anytime! We’ll note if we answer your question in the live stream and follow up in the chat with a reply as well.
Can’t find the option to RSVP? No worries, sign in on the Tech Community first.
Afraid to miss out due to scheduling or time zone conflicts? We got you! Every AMA will be recorded and available on demand the same day.
Time
AMA Topic
7:30 AM – 8:30 a.m. (Pacific Time)
Securely manage macOS with Intune
8:30 AM – 9:30 a.m. (Pacific Time)
Windows management with Intune
9:30 AM – 10:30 a.m. (Pacific Time)
Enterprise App Management, Advanced Analytics in Intune Suite
10:30 AM – 11:30 a.m. (Pacific Time)
Microsoft Cloud PKI in Intune Suite
More ways to engage
Join the Microsoft Management Customer Connection Program (MM CCP) community to engage more with our product team.
Check out our monthly series, Unpacking Endpoint Management, to view upcoming topics and catch up on everything we’ve covered so far.
Did you know this is a series? Check out our on-demand sessions from Tech Community Live: Intune – the series!
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Microsoft Tech Community – Latest Blogs –Read More
February 2024 – Microsoft 365 US Public Sector Roadmap Newsletter
Release News
Teams
Meeting organizers can now see time-zone information of participants while scheduling a meeting
Share contact information of people in Microsoft Teams chat
Integrate Chat notification with Meeting RSVP status – GCC February, GCCH & DoD March
External call routing settings – GCC & GCCH
Ability to block users from joining externally hosted Teams meetings
Privacy link in Teams meeting join flow changing to organization’s privacy statement
Preset Organizational Backgrounds (Premium)
Sharepoint Online
Microsoft 365 Admin Center will have a new role called Migration Administrator – GCC
Exchange Online
Address List Changes for Outlook and OWA
Hybrid Configuration Wizard with granular configuration
Defender
Unified RBAC for Defender XDR – GCC December, GCCH & DoD Q1 2024
Purview
Offensive Language trainable classifier being retired – January 15, 2024
Microsoft 365
Microsoft Forms supports live data sync to Excel -Preview
Modern Translator service update in Microsoft 365
Newsworthy Highlights
Microsoft 365 Government Community Call
Join Jay Leask and other members of the Government Community live on LinkedIn!
Where to Start with Microsoft Teams Apps in Gov Clouds
Customers in our Office 365 government clouds, GCC, GCCH, and DoD, are continuing to evolve how they do business in the hybrid workplace. As Microsoft Teams is the primary tool for communication and collaboration, customers are looking to improve productivity by integrating their business processes directly into Microsoft Teams via third-party party (3P) applications or line-of-business (LOB)/homegrown application integrations.
Microsoft 365 Government Adoption Resources
Empowering US public sector organizations to transition to Microsoft 365
References and Information Resources
Microsoft 365 Public Roadmap
This link is filtered to show GCC, GCC High and DOD specific items. For more general information uncheck these boxes under “Cloud Instance”.
Stay on top of Microsoft 365 changes
Here are a few ways that you can stay on top of the Office 365 updates in your organization.
Microsoft Tech Community for Public Sector
Your community for discussion surrounding the public sector, local and state governments.
Microsoft 365 for US Government Service Descriptions
· Office 365 Platform (GCC, GCCH, DoD)
· Office 365 U.S. Government GCC High endpoints
· Office 365 U.S. Government DoD endpoints
· Microsoft Purview (GCC, GCCH, DoD)
· Enterprise Mobility & Security (GCC, GCCH, DoD)
· Microsoft Defender for Endpoint (GCC, GCCH, DoD)
· Microsoft Defender for Cloud Apps Security (GCC, GCCH, DoD)
· Microsoft Defender for Identity Security (GCC, GCCH, DoD)
· Azure Information Protection Premium
· Exchange Online (GCC, GCCH, DoD)
· Office 365 Government (GCC, GCCH, DoD)
· Power Automate US Government (GCC, GCCH, DoD)
· Outlook Mobile (GCC, GCCH, DoD)
Be a Learn-it-All
Public Sector Center of Expertise
We bring together thought leadership and research relating to digital transformation and innovation in the public sector. We highlight the stories of public servants around the globe, while fostering a community of decision makers. Join us as we discover and share the learnings and achievements of public sector communities.
Microsoft Teams for US Government Adoption Guide
Message Center Highlights
Dear Readers: A recent policy review led to the decision to discontinue publishing Message Center posts on this site until further notice. Many apologies for any inconvenience. Microsoft 365 customers may contact their CSAM to inquire about receiving the content by an email version of the newsletter. They may of course view all Message Center posts in their tenant admin center as well!
Microsoft 365 IP and URL Endpoint Updates
Documentation – Office 365 IP Address and URL web service
Microsoft Tech Community – Latest Blogs –Read More
MGDC for SharePoint FAQ: What is in the Permissions dataset?
1. Introduction
With the Sharing Permissions dataset in Microsoft Graph Data Connect, you can see all the SharePoint permissions in your tenant. This covers both OneDrive and SharePoint Online permissions, whether they were granted directly or through sharing links, and whether they were granted to users or groups. Let’s take a closer look at what the Sharing Permissions dataset contains.
Before you proceed: Make sure you have read the blog post on SharePoint Data on Microsoft Graph Data Connect if you are new to the SharePoint datasets in MGDC.
2. The Hierarchy
In SharePoint, you can grant permissions to different kinds of objects: webs, lists, folders, or list items. To make sense of this, you need to know how SharePoint organizes these objects. Here is a quick explanation:
Site Collection (site, SPSite) – Within a tenant, all items in SharePoint Online are broken into Site Collections. For developers, these map to the SPSite class. A site collection is sometimes simply referred to as a “site”. A tenant can have up to 2 million site collections.
Web (site, subsite, SPWeb) – Every site collection must have a root web, also known as the top-level site. You can also have other webs under that root web, which are usually called subsites (up to 2,000 webs per site collection). For developers, these map to the SPWeb class. Most site collections have only one web (the root web) and no subsites.
List (SPList) – Inside a web, the data is organized into Lists. For developers, these map to the SPList class. You can use lists to store structured data, like people working on a project, tasks to complete, games in a tournament, vinyl discs in a collection, artifacts in a museum or houses for sale. You can have many lists in a web (up to 2,000 lists per site collection, including all webs).
Document Library (SPDocumentLibrary) – There is a special kind of list used specifically to store files in SharePoint. Those lists are commonly referred to as document libraries. For developers, these map to the SPDocumentLibrary class. All document libraries in SharePoint are lists, but not all lists in SharePoint are document libraries.
Folders (SPFolder) – Inside a document library, your items can be organized using folders. For developers, these map to the SPFolder class. Folders are used to organize items in a document library. You can nest folders (have folders inside other folders). You may choose not to use folders at all, storing all items in the root of the document library. SharePoint stores folders as a special type of list item, but you can consider it as part of the hierarchy below the List and above the regular List Items.
List Items (documents, files, SPListItem, SPFile) – Inside the list (or folder), you store list items. Each individual row in your list is a list item. You can also call them just items. For developers, these map to the SPListItem class. If the list is a document library, items are commonly referred to as documents or files. For developers, these map to the SPFile class. One list can have up to 30 million items (up to 300 thousand items recommended for better performance).
Notes:
As you might have noticed, there is some confusion around the term “site” in SharePoint. It could refer to a “site collection” or to a “web”, depending on the context. In most cases, a site collection contains only a single web, in which case they refer to similar things. You will see the documentation mentions just “site” quite frequently. I try to avoid the more ambiguous term “site” and use the more precise terms “site collection” and “web”. For developers, the classes are named SPSite and SPWeb and there is no ambiguity.
For developers, keep in mind that the SPFile and SPFolder objects do not have permissions assigned directly. The permissions go to the SPListItem that back them.
There are some special files and folders that cannot be assigned permissions, like the Forms folder in a document library or the allitems.aspx file inside lists.
A user’s OneDrive is a site collection. These site collections have a single root web with a “personal” template, including a document library where each user keeps their OneDrive folders and files.
3. Scopes
Permissions are granted for a specific scope. The scope starts with a specific object (web, list, folder, or list item) where the permissions should be applied and includes the objects under it, unless you create a more specific scope further down in the hierarchy. More about this in the “Inheritance” topic below.
Imagine that user U1 has Read permissions to item I3. The scope of that permission is at the item level, and it points to that single item. If we say that group G1 has Read permissions on list L1, the scope is that specific list and includes all the items it, unless you create scopes at the item level.
Each scope also gets an id that is unique within the site collection. If you grant different permissions to the same item, those permissions will use the same scope id.
4. Inheritance
An important concept in SharePoint permissions is inheritance, which is closely tied to the concept of scopes defined previously. Every object, by default, inherits the scope of its parent. So, when you grant permissions to a scope, every object in that scope gets those permissions.
From a user perspective, this looks like permission inheritance, but internally this is represented as permissions granted to a scope. It’s common to hear that you have “explicit permissions” for a parent object at the top of the scope and “implicit” or “inherited” permissions for child objects under that parent object.
The way SharePoint sees it, these are permissions granted to a single scope which includes both the parent and child objects. If you need to assign different permissions to a child object, you need to define a new unique scope at that level and grant unique permissions to that new scope.
For instance, if you grant user U1 Read permission on folder F1, user U1 also gets Read permissions on all items in folder F1 because they are all in the same scope. You might want to grant specific permissions for an item in that list. For instance, you could grant user U1 Edit permission for item I3 under folder F1. That creates a new unique scope at item I3 and that scope gets the permissions. You could also say that this breaks the inheritance for item I3.
On the SharePoint Sharing Permissions dataset, you will see two sets of permissions for this scenario: one for the scope at folder F1 and one for the scope at item I3. What users perceive is that there are “explicit permissions” for F1 and I3 and “inherited permissions” for all other items under F1.
Permissions in a Site hierarchy
Here is another example: if you grant Contribute permission to group G1 on web W1, all other objects in that scope get those permissions. The result is that group G1 gets Contribute permissions for all subsites, lists, folders, and list items in web W1, unless you create unique scopes somewhere under Web W1. For instance, you could create a new unique scope at list L1 under web W1 by granting Read permissions to group G1 on list L1. All items under list L1 will be in that same scope. What you will see in the Sharing Permissions dataset will be the permissions granted to the scope at web W1 and the scope at list L1.
It is important to mention that if you break inheritance by creating a new scope, you need to grant all required permissions to that new scope. For instance, assume you have a Contribute permission granted to group G1 on web W1. Then, you want to add Read permissions to user U1 on folder F1 under web W1. You should also include the Contribute permission to group G1 at the folder F1 scope, if you intend to keep group G1 permissions on that folder. The Contribute permission you granted to group G1 in the web W1 scope no longer applies to the folder F1 scope.
To help you when you stop inheritance by creating a new scope under an existing one, the modern SharePoint UX will copy the parent permissions to your new scope (we call this a permission pushdown). At that point, you can keep, remove, or change these copied permissions, as well as add new ones. See below a screenshot of the moment when you are about to stop inheriting permissions in the modern SharePoint UX:
Stop Inheriting Permissions
The classic SharePoint UX has an option to copy permissions or not when stopping inheritance. It is generally easier to make the copy and then customize the permissions.
The Share dialog will also do a permission pushdown if that sharing action will be creating a new scope. This happens the first time you apply unique permissions to the object you are sharing.
Keep in mind that after you stop inheriting permissions by creating a new scope, the permissions copied to your new scope are not linked to the permissions from the parent scope. If you add more permissions to the parent scope in the future, the changes made to the parent permissions will NOT apply to the child scope (the point where you broke inheritance earlier).
5. Site Collection Administrators
Regular permissions are not granted at the site collection level. The highest level where you can grant regular permissions is the web. However, you can define a set of site collection administrators, which effectively gives them Full Control across the entire site collection. The site collection administrator’s privileges apply regardless of how you configure things at the lower levels.
To represent this in the SharePoint Sharing Permissions dataset, we added a special SiteAdmin item type. This was done to capture all permissions in this one dataset.
6. Role Definitions
To fully understand the Permissions dataset, it is important to know about role definitions. These are sets of permissions granted together in OneDrive and SharePoint.
Some common role definitions include:
Full Control – Has full control. Can view, add, update, delete and customize any web, list and list item. Can manage permissions.
Design – Can view, add, update, delete, approve, and customize lists and list items.
Edit – Can view, add, update, and delete lists and list items. Note: the “Edit” permission given in the Share dialog actually maps to the “Contribute” role definition.
Contribute – Can view, add, update, and delete list items.
Review – Can view and review list items.
Read – Can view and download list items.
Restricted View – Can view list items, but not download them.
These role definitions are also referred to as permission levels.
7. Recipients (Users and Groups)
As we mentioned before, each permission specifies a recipient, which is the user or group where it applies. There are several types of users and groups that you can use when granting permissions.
Here are the types of users:
Internal users – regular users from the tenant.
External users – Microsoft Entra Id Guests – guest users from other domains. These users get a representation within your tenant’s Microsoft Entra Id (Azure Active Directory), with a name that contains #EXT#. For instance, if the external user email is sample.user@hotmail.com, the Microsoft Entra Id Guest will show in your domain as sample.user_hotmail.com#EXT#@yourdomain.onmicrosoft.com. You can see this type of guest user in your Azure Active Directory user list
External users – SharePoint Guests – There is a second kind of guest user that lives only in SharePoint. These work in SharePoint via People Sharing Links. These users also get a special name with a URN:SPO:Guest# prefix. For instance, if the external user email is sample.user@hotmail.com, the SharePoint Guest user shows in the dataset as URN:SPO:Guest#sample.user@hotmail.com. These SharePoint Guests Users will not show in your Microsoft Entra Id (Azure Active Directory) user list.
External users – Native Identity – external users from a domain configured in Microsoft Entra Id (Azure Active Directory) for native identity (also known as B2B direct connect). These users do not show in your Microsoft Entra Id (Azure Active Directory) since they live in another domain. These users are used only in site collections backing Teams Shared Channels.
Here are the types of groups:
SharePoint groups – groups defined in the SharePoint site collection. SharePoint groups can contain users or Active Directory groups. You cannot nest SharePoint groups (you can’t add a SharePoint Group inside another SharePoint group).
Microsoft Entra Id (Azure Active Directory) groups – security groups or Microsoft 365 groups defined in Microsoft Entra Id (Azure Active Directory). They can contain users or other Active Directory groups (nested groups).
External Microsoft Entra Id (Azure Active Directory) groups – external groups from a domain configured in Microsoft Entra Id for native identity (also known as B2B direct connect). These groups do not show in your Microsoft Entra Id since they live in another domain. These groups are used only in site collections backing Teams Shared Channels.
There are also a few special group claims used when granting permissions:
Everyone – All users (internal and external)
Everyone Except External Users – All internal users (commonly called EEEU)
SharePoint Administrator – Users configured as SharePoint administrator in Microsoft 365
Global Administrator – Users configured as Global administrator in Microsoft 365
8. Sharing Links
In SharePoint Online, permissions can also be granted using a sharing link. This is a special URL that you can send to someone, typically via email or a Teams chat. Each sharing link gets a unique id.
Sharing links also must have a Link Scope. That is different from the sharing scope mentioned earlier.
Here are the types of Link Scope you can use:
Specific People – This link can only be used by the people specified.
Organization – This link can be used by anyone internal to the tenant (excludes Microsoft Entra Id Guests and SharePoint Guests).
Anyone – This link can be used by anyone.
Note: There is a fourth type of “sharing link scope” called Existing Access. However, this link can only be used by people that already have access. These are not really “sharing” links, since they do not grant any access. The URL provided here is more of a convenient way to point to an object to which the user or group already has access.
For context, here is a screenshot of the SharePoint UX where you create a sharing link:
Sharing Link Settings
Note: The Sharing Permissions dataset includes columns for ShareCreatedBy, ShareCreatedTime, ShareLastModifiedBy, ShareLastModifiedTime and ShareExpirationTime. These properties only exist for permissions granted using sharing links.
9. Putting it all together
Now you can combine all these concepts to understand what’s in a SharePoint sharing permissions. You grant permissions (role definitions) for a scope (set of objects in the hierarchy) to a set of recipients (users or groups).
Here are the key properties for the objects in the dataset:
ptenant – GUID that identifies the Office 365 tenant in Microsoft Entra Id.
SiteId – GUID that identifies the SharePoint site (site collection).
WebId – GUID that identifies the SharePoint web (subsite).
ScopeId – GUID that identifies the SharePoint scope.
LinkId – GUID for the share Link. Only shows if this is a sharing link.
LinkScope – Scope for Sharing Link (Anyone, Organization, Specific People). Only shows if this is a sharing link.
ItemType – The type of item being shared (SiteAdmin, Web, List, Folder, File).
RoleDefinition – Sharing role or permission (Read, Contribute, Full Control, etc.)
SharedWith – Object array with one entry for every sharing recipient.
SharedWith, Type – Type of recipient (Internal, External, SecurityGroup, SharePointGroup).
SharedWith, Name – Name of the sharing recipient.
SharedWith, EmailAddress – Email of sharing recipient. It will not show for SharePoint groups or special security groups.
Note: For a complete schema of the SharePoint Sharing Permissions dataset in Microsoft Graph Data Connect, review the SharePoint Sharing Permissions dataset schema.
10. Resources
Finally, here are more learning resources on these topics:
Overview of sites and site collections in SharePoint Server
Overview of site permissions in SharePoint Server
User permissions and permission levels in SharePoint Server
Sharing and permissions in the SharePoint modern experience
SharePoint limits – Service Descriptions
API Reference – Microsoft SharePoint namespace
Sharing files, folders, and list items
Microsoft Tech Community – Latest Blogs –Read More
Tech Community Live: Microsoft Intune – RSVP now
Join us March 20th for another Microsoft Intune edition of Tech Community Live! We will be joined by members of our product engineering and customer adoption teams to help you explore, expand, and improve the way you cloud manage devices – or learn the first steps to take to get to the cloud – we’re here to help you.
In this edition of Tech Community Live, we are focusing on cloud management for your entire device estate – specifically for those of you managing Windows or macOS devices with Intune. We’ll also cover some of the newly available solutions in Intune Suite including Enterprise App Management, Advanced Analytics and Cloud PKI.
As always, the focus of this series is on your questions! In addition to open Q&A with our product experts, we will kick off each session with a brief demo to get everyone warmed up and excited to engage.
How do I attend?
Choose a session name below and add any (or all!) of them to your calendar. Then, click RSVP to event and post your questions in the Comments anytime! We’ll note if we answer your question in the live stream and follow up in the chat with a reply as well.
Can’t find the option to RSVP? No worries, sign in on the Tech Community first.
Afraid to miss out due to scheduling or time zone conflicts? We got you! Every AMA will be recorded and available on demand the same day.
Time
AMA Topic
7:30 AM – 8:30 a.m. (Pacific Time)
Securely manage macOS with Intune
8:30 AM – 9:30 a.m. (Pacific Time)
Windows management with Intune
9:30 AM – 10:30 a.m. (Pacific Time)
Enterprise App Management, Advanced Analytics in Intune Suite
10:30 AM – 11:30 a.m. (Pacific Time)
Microsoft Cloud PKI in Intune Suite
More ways to engage
Join the Microsoft Management Customer Connection Program (MM CCP) community to engage more with our product team.
Check out our monthly series, Unpacking Endpoint Management, to view upcoming topics and catch up on everything we’ve covered so far.
Did you know this is a series? Check out our on-demand sessions from Tech Community Live: Intune – the series!
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Microsoft Tech Community – Latest Blogs –Read More
Unlock the full potential of Copilot for Microsoft 365
The Microsoft 365 Copilot Adoption Accelerator engagement is crafted to ensure the seamless adoption of Copilot for Microsoft 365.
This engagement comprises three key phases: Readiness, Build the Plan, and Drive Adoption. It is recommended to undertake the Adoption Accelerator after completing the Copilot for Microsoft 365 engagement, wherein high-value scenarios and the technical and organizational baseline are identified. The Adoption Accelerator Engagement will specifically target these high-value scenarios.
The adoption process should involve key stakeholders such as Adoption Managers, Business Decision Makers, End-User Support, and Champions. Responsibility for sustained success should be effectively transitioned during the adoption process.
Click here for more information
Microsoft Tech Community – Latest Blogs –Read More
Unlock the full potential of Copilot for Microsoft 365
The Microsoft 365 Copilot Adoption Accelerator engagement is crafted to ensure the seamless adoption of Copilot for Microsoft 365.
This engagement comprises three key phases: Readiness, Build the Plan, and Drive Adoption. It is recommended to undertake the Adoption Accelerator after completing the Copilot for Microsoft 365 engagement, wherein high-value scenarios and the technical and organizational baseline are identified. The Adoption Accelerator Engagement will specifically target these high-value scenarios.
The adoption process should involve key stakeholders such as Adoption Managers, Business Decision Makers, End-User Support, and Champions. Responsibility for sustained success should be effectively transitioned during the adoption process.
Click here for more information
Microsoft Tech Community – Latest Blogs –Read More
Unlock the full potential of Copilot for Microsoft 365
The Microsoft 365 Copilot Adoption Accelerator engagement is crafted to ensure the seamless adoption of Copilot for Microsoft 365.
This engagement comprises three key phases: Readiness, Build the Plan, and Drive Adoption. It is recommended to undertake the Adoption Accelerator after completing the Copilot for Microsoft 365 engagement, wherein high-value scenarios and the technical and organizational baseline are identified. The Adoption Accelerator Engagement will specifically target these high-value scenarios.
The adoption process should involve key stakeholders such as Adoption Managers, Business Decision Makers, End-User Support, and Champions. Responsibility for sustained success should be effectively transitioned during the adoption process.
Click here for more information
Microsoft Tech Community – Latest Blogs –Read More
Scaling up: Customer-driven enhancements in the FHIR service enable better healthcare solutions
This blog has been authored by Ketki Sheth, Principal Program Manager, Microsoft Health and Life Sciences Platform
We’re always listening to customer feedback and working hard to improve the FHIR service in Azure Health Data Services. In the past few months, we rolled out several new features and enhancements that enable you to build more scalable, secure, and efficient healthcare solutions.
Let’s explore some highlights.
Unlock new possibilities with increased storage capacity up to 100 TB
In January 2024 we increased storage capacity within the FHIR service to enable healthcare organizations to manage vast volumes of data for analytical insights and transactional workloads. Previously constrained by a 4 TB limit, customers can build streamline workflows with native support for up to 100 TB of storage.
More storage means more possibilities for analytics with large data sets. For example, you can explore health data to improve population health, conduct research, and discover new insights. More storage also allows Azure API for FHIR customers who have more than 4 TB of data to switch to the evolved FHIR service in Azure Health Data Services before September 26, 2026, when Azure API for FHIR will be retired.
If you need storage greater than 4 TB, let us know by creating a support request on the Azure portal with the issue type Service and Subscription limit (quotas). We’d be happy to enable your organization to take advantage of this expanded storage capacity.
Connect any OpenID Connect (OIDC) identity provider to the FHIR service with Azure Active Directory B2C
In January 2024 we also released the integration of the FHIR service with Azure Active Directory B2C. The integration gives organizations a secure and convenient way to grant access with fine-grained access control for different users or groups – without creating or comingling user accounts in the same Microsoft Entra ID tenant. Plus, along with the support for Azure Active Directory B2C (Azure AD B2C), we announced the general availability of the integration with OpenID Connect (OIDC) compliant identity providers (IDP) as part of the expanded authentication and authorization model for the FHIR service.
With Azure AD B2C and OIDC integration, organizations building SMART on FHIR applications can integrate non-Microsoft Entra identity providers with EHRs (Electronic Health Records) and other healthcare applications.
Learn more: Use Azure Active Directory B2C to grant access to the FHIR service
Ingest FHIR resource data at high throughput with incremental import
The incremental import capability was released in August last year. With incremental import, healthcare organizations can ingest FHIR resource data at high throughput in batches, without disrupting transactions through the API on the same server. You can also ingest multiple versions of a resource in the same batch without worrying about the order of ingestion.
Incremental import allows healthcare organizations to:
Import data concurrently while executing API CRUD operations on the FHIR server.
Ingest multiple versions of FHIR resources in single batch while maintaining resource history.
Retain the lastUpdated field value in FHIR resources during the ingestion process, while also maintaining the chronological order of resources. In other words, you no longer need to pre-load historical data before importing the latest version of FHIR resources.
Take advantage of initial and incremental mode import. Initial mode import can be used to hydrate the FHIR service. Also, call out using Execution of initial mode import operation does not incur any charge. For incremental import, a charge is incurred per successfully ingested resource, following the pricing model of the API request.
Visit pricing page for more details Pricing – Azure Health Data Services | Microsoft
Why incremental import matters
Healthcare organizations using the FHIR service often need to run synchronous and asynchronous data flows simultaneously. The asynchronous data flow includes receiving batches of large data sets that contain patient records from various sources, such as Electronic Medical Record (EMR) systems. These data sets must be imported into a FHIR server simultaneously with the synchronous data flow to execute API CRUD (Create, Read, Update, Delete) operations in the FHIR service.
Performing data import and API CRUD operations concurrently on the FHIR server is crucial to ensure uninterrupted healthcare service delivery and efficient data management. Incremental import allows organizations to run both synchronous and asynchronous data flows at the same time, eliminating this issue. Incremental import also enables efficient migration and synchronization of data between FHIR servers, and from the Azure API for FHIR service to the FHIR service in Azure Health Data Services.
Learn more: Import data into the FHIR service in Azure Health Data Services
Delete FHIR resources in bulk (preview)
In late 2023, the ability to delete FHIR resources in bulk became available for preview. We heard feedback from customers about the challenges they faced when deleting individual resources. Now, with the bulk delete operation, you can delete data from the FHIR service asynchronously. The FHIR service bulk delete operation allows you to delete resources at different levels – system, resource level, and per search criteria. Healthcare organizations that use the FHIR service need to comply with data retention policies and regulations. Incorporating the bulk delete operation in the workflow enables organizations to delete data at high throughput.
Learn more: Bulk-delete operation for the FHIR service in Azure Health Data Services
Selectable search parameters (preview)
As of January 2024, selectable search parameters are available for preview. This capability allows you to tailor and enhance searches on FHIR resources. You can choose which standard search parameters to enable or disable for the FHIR service according to your unique requirements. By enabling only the search parameters you need, you can store more FHIR resources and potentially improve performance of FHIR search queries.
Searching for resources is fundamental to the FHIR® service. During the provisioning of FHIR service, standard search parameters are enabled by default. The FHIR service performs efficient searches by extracting and indexing specific properties from FHIR resources during the ingestion of data. Search parameters indexes may take majority of the overall database size.
This new capability gives you the control to enable or disable search parameter according to your needs.
Selectable search parameters help healthcare organizations:
Store more data at reduced cost. Reduction in search parameter indexes provides space to store more resources in the FHIR service. Depending on your organization’s need for search parameter values, on average the efficiency gained in storage is assumed to be 2X-3X. In other words, you’ll be able to store more resources and save on any additional storage cost.
Positively impact performance. During API interactions or while using the import operation, selecting a subset of search parameters can have significant positive performance impact.
Learn more: Selectable search parameters for the FHIR service in Azure Health Data Services
In conclusion
We are constantly working to improve the FHIR service to meet your needs and expectations. With new features such as increased storage capacity up to 100 TB, integration with Azure Active Directory B2C, and incremental import, we are excited to see how you leverage these new capabilities to create innovative healthcare solutions that improve outcomes and experiences for patients and providers.
Do more with your data with the Microsoft Cloud for Healthcare
In the era of AI, Microsoft Cloud for Healthcare enables healthcare organizations to accelerate their data and AI journey by augmenting the Microsoft Cloud with industry-relevant data solutions, templates, and capabilities. With Microsoft Cloud for Healthcare, healthcare organizations can create connected patient experiences, empower their workforce, and unlock the value from clinical and operational data using data standards that are important to healthcare. And we’re doing all of this on a foundation of trust. Every organization needs to safeguard their business, their customers, and their data. Microsoft Cloud runs on trust, and we’re helping every organization build safety and responsibility into their AI journey from the very beginning.
We’re excited to help your organization gain value from your data and use AI innovation to deliver meaningful outcomes across the entire healthcare journey.
Learn more about Azure Health Data Services
Explore Microsoft Cloud for Healthcare
Stay up to date with Azure Health Data Services Release Notes
Microsoft Tech Community – Latest Blogs –Read More
Asking the right questions: Q&AI with Trevor Noah
Trevor Noah, Microsoft Chief Questions Officer and renowned comedian, author, and former host The Daily Show, joined the keynote stage at the Global Nonprofit Leaders Summit with Kate Behncken, Global Head of Microsoft Philanthropies, for a conversation about social impact.
From his first childhood encounter with a PC (it was a Pentium 386!) to working with Microsoft AI for Good, Trevor meets the opportunity of technology with natural curiosity and optimism that inspires everyone to find ways to use AI to build equity, fairness, and security for people around the world.
He shares examples from the AI for Good projects he’s featured on his series “The Prompt” and talks in depth about how AI is creating a critical moment for expanding education and opportunities in developing countries. Then with his inimitable humor, he somehow manages to include buffalo wings as an example of how we should always ask ourselves, “What if I’m wrong?”
What did you learn from Trevor Noah’s insights? What are some examples of when you’ve asked yourself, “What if I’m wrong?”
Microsoft Tech Community – Latest Blogs –Read More