Tag Archives: microsoft
News to Know: Volume 1, Edition 9
Welcome to the Viva Glint newsletter. These recurring communications coincide with platform releases and enhancements to help you get the most out of the Viva Glint product. You can access the current newsletter and past editions on the Viva Glint blog.
Glint released its latest new features and enhancements on August 24, 2024. Scheduled monthly releases and regular maintenance are how we best serve our customers. Your dashboard provides date and timing details two or three days before releases. See our future release and downtime dates. Follow along with what features are ahead: Viva Glint product roadmap.
Glint celebrates one year at Microsoft Viva
In July 2023, Glint moved from its home at LinkedIn and joined Microsoft Viva, providing a comprehensive approach to improving employee engagement and performance. It has been a year of incredible accomplishments. Read how Glint enriches the Microsoft Viva experience, written by Quentin Mackey Principal Group Product Manager.
To celebrate one year of Viva Glint, we are hosting our first Viva Glint Customer Town Hall. Tune in on September 18 or 19 to hear about the latest Viva news, product updates, and stories to help you make the most of your Viva Glint experience. Choose an option below and register:
Option 1: September 18 – NAMER and EMEA
Option 2: September 18/19 – APAC
New on your Viva Glint platform
New feature! 360 feedback programs are live! Microsoft Viva Glint 360 feedback programs provide insights into an individual’s strengths and opportunities, with a long-term focus on improvement. Rather than relying solely on the perspective of an immediate supervisor or manager, 360s invite multiple perspectives. 360 feedback programs are included with your Viva Glint platform.
Read about the 360 feedback feature and watch a 2-minute video detailing the process.
Share the Viva Glint 360 Subject Guide with your employees.
Read the blog.
Need to reopen or extend your survey cycle? Sometimes survey takers need extra time to complete a survey, or your response rate may not be as high as expected. Admins can reopen or extend a survey cycle as long as a new cycle isn’t started. For best results, reopen a recently closed survey within a day or two of its closing date.
Confidently communicate with your global employee population. Use Viva Glint’s multi-language emails to meet local language guidelines for work-related communications and ensure that your global organization fully understands survey notifications. Learn more about multi-language emails.
Seamlessly discover and navigate between Microsoft 365 apps on the web. Glint is integrating to the Microsoft 365 header to allow one-touch navigation and convenient suite-wide usage from:
The Viva App Bar in other Viva apps (when they are updated to the latest App Bar package)
The Microsoft 365 Apps window (search or select the Employee Experience category)
The Microsoft 365 app launcher
Connect and learn with Viva Glint
For managers
Psychological safety for managers | September 17
Invite your managers to our first webinar on psychological safety. Building Psychological Safety on Your Team will help managers identify and cultivate psychological safety within their team. Share this link with your managers.
For all stakeholders
Ask the Experts: Identifying insights through reports | September 10
Geared towards new Viva Glint customers who are deploying their first programs, this session focuses on identifying insights using our reports. Register here.
Industry cohort meetings | September 11, 12, and 25
Join us for our Healthcare, Manufacturing, and Retail quarterly meetings where we’ll share industry-specific insights and learnings. Read the blog and register here.
HR Tech Conference | September 24-26
HR Tech is a top industry event with this year focusing on engagement, talent acquisition, and performance management in the era of AI. Don’t miss the Viva Glint, Insights, and Pulse Customer Roundtable and stop by the Microsoft booth to help influence the direction of our product. To reserve your seat (includes lunch), email jgonzales@microsoft.com. Spots are limited.
Exciting new resources
Articulate your business priorities and needs. To build your holistic employee listening strategy, take time to align with your internal stakeholders and complete our new Holistic Listening Vision and Strategy Discovery Workbook. This will help you discuss information that is important to consider for your listening strategy and for tracking progress.
Accelerate AI transformation. Review this new eBook from the Viva People Science team which outlines findings on AI readiness, discusses implications, and provides practical guidance for leaders and HR on how they can best support people through change related to AI at work. eBook: The state of AI change readiness.
Learn how Microsoft HR uses Viva and Microsoft 365 Copilot to empower employees. Microsoft HR understands that technology is about people. A human-centric approach was the natural fit when we rolled out Copilot for Microsoft 365 to the global HR organization. Read the blog about how Microsoft HR uses the Viva suite to communicate, encourage skilling and development, and measure success.
Maximize your Viva Glint experience with a Microsoft partner. Microsoft partners are certified experts who have undergone rigorous training and possess deep knowledge of our products and services. Read this blog and learn how to engage a partner.
How are we doing?
If you have any feedback on this newsletter, please reply to this email. Also, if there are people on your team that should be receiving this newsletter, please have them sign up using this link.
Microsoft Tech Community – Latest Blogs –Read More
Unlocking Secure VM Connectivity with Azure Bastion
In today’s digital landscape, where security breaches are an unfortunate reality, safeguarding sensitive data and infrastructure has become more critical than ever. Recent cyberattacks have highlighted the importance of minimizing the blast radius and fortifying defenses against potential threats. Among the myriad security measures available, Azure Bastion provides a robust solution, offering a secure and seamless pathway for accessing virtual machines (VMs)—from Dev/Test environments to enterprise production workloads.
Enhanced Security Measures
Public ports exposed to the internet are often prime targets for malicious actors. Hackers leverage port-scanning on open RDP (Remote Desktop Protocol) and SSH (Secure Shell Protocol) entry points to gain unauthorized access to systems, potentially wreaking havoc on organizations’ operations and compromising sensitive data. Azure Bastion acts as a shield against such threats by hardening at one centrally managed gateway, closing RDP/SSH ports from the public internet while providing private connectivity to VMs.
With Azure Bastion, the need to expose VMs to the public internet, along with the associated risks, is eliminated. Instead of relying on traditional methods like VPNs or on-premises jump servers, Bastion offers a simplified yet highly secure approach. By leveraging Transport Layer Security (TLS) encryption and integrating with Azure’s robust authentication mechanisms, Bastion provides seamless RDP/SSH connectivity to your VMs while hardening the attack surface to one point.
The importance of securing RDP/SSH access cannot be overstated. These protocols are essential for remote management and troubleshooting, but they also represent significant vulnerabilities if not properly secured. Azure Bastion ensures that these critical access points are protected, reducing the risk of unauthorized access and potential breaches. By centralizing the management of RDP/SSH access, Bastion simplifies the security landscape, making it easier for organizations to enforce consistent security policies and monitor access activities.
The above diagram shows connections to virtual machines via a Bastion dedicated deployment that uses a Basic or Standard SKU.
The above diagram shows connections to virtual machines via a Bastion Premium SKU deployment using the private-only feature.
Streamlined Management
Azure Bastion not only enhances security but also simplifies management tasks. Since it is a fully managed service provided by Azure, users are relieved of the burden of setting up and maintaining infrastructure components. With just a few clicks, administrators can deploy Bastion and start securely accessing their VMs without worrying about infrastructure overhead, manual updates and patching, or configuration complexities.
Moreover, Azure Bastion offers scalability and flexibility, allowing users to connect to multiple VMs across their Azure environment effortlessly. This centralized management approach streamlines operations and enhances productivity, especially in large-scale deployments where managing connectivity to numerous VMs can be challenging.
The ease of deployment and management is a significant advantage for organizations of all sizes. Small and medium-sized businesses (SMBs) can benefit from the reduced complexity and lower operational overhead, while large enterprises can leverage Bastion’s scalability to manage extensive VM environments efficiently. By providing a consistent and reliable method for accessing VMs, Azure Bastion helps organizations maintain high levels of productivity and operational efficiency.
Choosing the Right SKU
Azure Bastion offers four distinct SKUs tailored to various needs and use cases, each with its unique advantages.
Developer SKU: Generally available in 6 public regions, the new Developer SKU provides a cost-effective option for developers and testers seeking access to VMs. It offers one connection per VNET without the configuration, scaling, and features of more advanced VM solutions. Bastion Developer is an excellent choice for users looking to provide secure access to their development and testing environments without incurring expenses. Bastion Developer is estimated to be available in all other Bastion supported public regions within the year.
Basic SKU: For small to medium-sized businesses (SMBs) and enterprises, the Basic SKU of Azure Bastion offers a well-rounded solution. This SKU offers a dedicated deployment within your Virtual Network (VNET), providing secure access for organizations seeking a comprehensive yet cost-effective option. With support for NSGs, peered VNets, and connectivity to 40-45 VMs at a time, Bastion Basic SKU is perfect for customers looking to secure their environment on a smaller scale.
Standard SKU: For enterprises with production workloads demanding high availability, scalability, and advanced features, the Standard SKU of Azure Bastion is the top offering. With Bastion Standard SKU, customers can scale up to 50 instances and support up to 400 VM connections. Customers can also enable advanced features such as CLI support, IP-based connection to non-Azure VMs, and shared connections.
Premium SKU: The Premium SKU is designed for customers with highly regulated workloads, such as financial services, government, and healthcare customers. Bastion Premium expands on the scalability of Standard SKU and adds advanced features such as graphical session recording of VM sessions and private-only connection on the Bastion host. Premium SKU provides enhanced audit and risk management for organizations that require the highest level of security and performance for their critical workloads.
Conclusion
Azure Bastion stands out as a vital tool in the arsenal of cloud security measures. By providing a secure, centrally managed gateway for RDP/SSH access to VMs, it significantly reduces the attack surface and enhances the overall security posture of organizations. Its ease of deployment, scalability, and integration with Azure’s authentication mechanisms make it an indispensable solution for modern enterprises looking to protect their digital assets.
The ability to choose from different SKUs allows organizations to tailor their Bastion deployment to their specific needs, ensuring that they can achieve the right balance of security, cost, and functionality. Whether for development and testing, small-scale production environments, or large-scale enterprise deployments, Azure Bastion offers a flexible and robust solution that can adapt to a wide range of use cases.
As cyber threats continue to evolve, the importance of robust security measures like Azure Bastion will only grow. By investing in secure and scalable solutions, organizations can better protect their sensitive data and infrastructure, ensuring that they remain resilient in the face of ever-changing security challenges. Azure Bastion represents a critical component of a comprehensive security strategy, providing the tools and capabilities needed to safeguard the modern digital landscape.
Microsoft Tech Community – Latest Blogs –Read More
Inside Maia 100: Revolutionizing AI Workloads with Microsoft’s Custom AI Accelerator
Authored by:
Sherry Xu, Partner Lead SoC Architect, Azure Maia
Chandru Ramakrishnan, Partner Software Engineering Manager
As the advancement of artificial intelligence continues to demand new innovations in the cloud, we find ourselves squarely in a moment where the co-optimization of hardware with software is critical to optimizing AI infrastructure for peak performance, scalability, and fungibility.
At Hot Chips 2024, Microsoft shared specifications on Maia 100, Microsoft’s first-generation custom AI accelerator designed specifically for large-scale AI workloads deployed in Azure. Vertically integrated to optimize performance and reduce costs, the Maia 100 system includes a platform architecture featuring custom server boards with tailor-made racks and a software stack built to increase performance and cost efficiency for advanced AI capabilities on services like Azure OpenAI Services.
Maia 100 Accelerator Architecture
The Maia 100 accelerator is purpose-built for a wide range of cloud-based AI workloads. The chip measures out at ~820mm2 and utilizes TSMC’s N5 process with COWOS-S interposer technology. Equipped with large on-die SRAM, Maia 100’s reticle-size SoC die, combined with four HBM2E die, provide a total of 1.8 terabytes per second of bandwidth and 64 gigabytes of capacity to accommodate AI-scale data handling requirements.
An AI accelerator built for high throughput and diverse data formats
Designed to support up to 700W TDP but provisioned at 500W, Maia 100 can deliver high performance while managing power efficiently based on its targeted workloads.
Chip architecture designed to support advanced machine learning needs
Maia 100’s architecture, tailored to modern machine learning needs, reflects the application of thoughtful research on AI systems for optimal computational speed, performance, and accuracy.
A high-speed tensor unit offers rapid processing for training and inferencing while supporting a wide range of data types, including low precision data types such as the MX data format, first introduced by Microsoft through the MX Consortium in 2023. This tensor unit is constructed as a 16xRx16 unit.
The vector processor is a loosely coupled superscalar engine built with custom instruction set architecture (ISA) to support a wide range of data types, including FP32 and BF16.
A Direct Memory Access (DMA) engine supports different tensor sharding schemes.
Hardware semaphores enable asynchronous programming on the Maia system.
The Maia 100 accelerator is purpose-built for a wide range of cloud-based AI workloads. The chip measures out at ~820mm2 and utilizes TSMC’s N5 process with COWOS-S interposer technology
A software-led approach to data utilization and power efficiency
The Maia accelerator is designed with a lower-precision storage data type and a data compression engine to reduce the bandwidth and capacity ask required for large inferencing jobs often bottlenecked by data movement. To further improve data utilization and power efficiency, large L1 and L2 scratch pads are software-managed for optimal data utilization and power efficiency.
Ethernet-based interconnects support large-scale AI models
In 2023, Microsoft led the development of the Ultra Ethernet Consortium, helping enable the industry to use Ethernet-based interconnects designed for ultra-high bandwidth compute. Maia 100 supports up to 4800 Gbps all-gather and scatter-reduced bandwidth, and 1200 Gbps all-to-all bandwidth. This ethernet interconnect utilizes a custom RoCE-like protocol, offering enhanced reliability and balance. Maia’s backend network protocol supports AES-GCM encryption, also making It ideal for confidential compute. Maia 100 is also supported by a unified backend network for scale-up and scale-out workloads, providing flexibility to support both direct and switch connectivity.
Maia 100’s Ethernet-based backend network protocol
Enabling quick deployment and model portability on the Maia SDK
With hardware and software architecture designed from the ground up to run large-scale workloads more efficiently, Maia 100 vertically integrates what we have learned across every layer of our cloud architecture – from advanced cooling and networking needs to the software stack that allows quick deployment of models. The Maia software development kit (SDK) allows users to quickly port their models written in PyTorch and Triton to Maia.
The Maia SDK provides a comprehensive set of components for developers to enable quick deployment of models to Azure OpenAI Services:
Framework integration: a first-class PyTorch backend which supports both eager mode and graph mode;
Developer tools: Tools for debugging and performance-tuning models such as a debugger, profiler, visualizer, and model quantization and validation tools;
Compilers: We have 2 programming models and compilers for Maia – Triton programming model offers agility and portability, while the Maia API is suited for the highest performance.
Kernel and Collective Library: Using the compilers, we’ve developed a set of highly optimized ML compute and communication kernels enabling you to get started quickly on Maia. Authoring of custom kernels is also supported.
Maia Host/Device Runtime: A host-device runtime layer comes with a hardware abstraction layer that is responsible for memory allocation, kernel launches, scheduling, and device management.
Maia 100’s software development kit (SDK) allows users to quickl port models written in PyTorch and Triton to Maia.
Dual programming models ensure efficient data handling and synchronization
The Maia programming model leverages asynchronous programming with semaphores for synchronization, enabling the overlap of computation with memory and network transfers. It operates with two execution streams: control processors issuing asynchronous commands via queues and hardware threads executing these commands, ensuring efficient data handling through semaphore-based synchronization.
To program Maia, developers can choose from two programming models: Triton, a popular open-source domain-specific language (DSL) for deep neural networks (DNNs) that simplifies coding and runs on both GPUs and Maia, or the Maia API, a Maia-specific custom programming model built for maximum performance with more detailed control. Triton requires fewer lines of code and handles memory and semaphore management automatically, while Maia API demands more code and explicit management by the programmer.
Optimizing data flow with gather-based matrix multiplication
Maia uses a Gather-based approach for large distributed General Matrix Multiplication (GEMMs), as opposed to an All-Reduce based approach. This approach offers several advantages: enhanced processing speed and efficiency by fusing the post-GEMM activation function (like GELU) directly in SRAM; reduction of idle time by overlapping computation with network communications, and reduction of latency by sending quantized data over the network – leading to faster data transmission and overall system performance.
Additionally, we leverage Static Random-Access Memory (SRAM) at the cluster level to buffer activations and intermediate results. Network reads and writes are also served directly from SRAM, enabling direct access to CSRAM. This significantly reduces HBM reads, improving latency.
We further enhance performance by parallelizing computations across clusters and utilizing the Network On Chip (NOC) for on-chip activation gathering.
Optimizing workload performance with portability and flexibility
Key to Maia 100’s fungibility is its ability to execute PyTorch models against Maia with a single line of code. This is supported by a PyTorch backend, which operates both in both eager mode for the optimal developer experience, and graph mode for the best performance. Leveraging PyTorch with Triton, developers can optimize workload performance with complete portability and flexibility between hardware backends without sacrificing efficiency and the ability to target AI workloads.
Satya Nadella holds a Maia 100 AI accelerator chip at Microsoft Ignite 2023
With its advanced architecture, comprehensive developer tools, and seamless integration with Azure, the Maia 100 is revolutionizing the way Microsoft manages and executes AI workloads. Through the algorithmic co-design or hardware with software, built-in hardware optionality for both model developers and custom kernel authors, and a vertically integrated design to optimize performance and improve power efficiency while reducing costs, Maia 100 offers a new option for running advanced cloud-based AI workloads on Microsoft’s AI infrastructure.
Microsoft Tech Community – Latest Blogs –Read More
Designing and running a Generative AI Platform based on Azure AI Gateway
Designing and Operating a Generative AI Platform
Summary
Are you in a platform team who has been tasked with building an AI Platform to serve the Generative AI needs of your internal consumers? What does that mean? It’s a daunting challenge to be set, and even harder if you’re operating in a highly regulated environment.
As enterprises scale out usage of Generative AI past a few initial use-cases they will face into a new set of challenges – scaling, onboarding, security and compliance to name a few.
This article discusses such challenges and approaches to building an AI Platform to serve your internal consumers.
Needs and more needs
To successfully run Generative AI at scale, organisations are utilising new features in API Management platforms such as Azure API Management’s AI Gateway (https://techcommunity.microsoft.com/t5/azure-integration-services-blog/introducing-genai-gateway-capabilities-in-azure-api-management/ba-p/4146525). The key to success for these platforms will be based on effective CI / CD and automation strategies. As we will see, an architecture to run Azure Open AI safely at scale involves safely deploying and managing lots of moving pieces, which together solve for scenarios such as:
How many Azure Open AI (AOAI) APIs should I create?
How do I version AOAI APIs?
How do I support consumers with different content-safety and model requirements?
How do I restrict throughput per Consumer, per deployment?
How do I scale out AOAI services?
How do I log all prompts and responses including streaming, without disruption?
What other value add services should a platform offer consumers?
Further, we need to understand how common services and libraries involved in building Generative AI Services fit into the architecture. We can build the best AI Platform in the world but if our consumers find they cannot use common Generative AI Libraries with it, have we really succeeded?
This document iterates through use-cases to build out a reference implementation that can safely run Azure API Management (AI Gateway) and Azure Open AI at scale, supporting most common libraries and services. You can find a reference implementation here:
https://github.com/graemefoster/APImAIPlatform
Target Azure Architecture
Decision Matrix
You might not need all the components. This matrix should help you understand what each iteration brings, allowing you to make an informed decision on when to stop.
AOAI
APIm / AOAI
Proxy / APIm / AOAI
Proxy / APIm / AOAI / Defender
Chargeback
✗
✓
✓
✓
Prompt flow (JWT & key)
✗
✓
✓
✓
Advanced Logging (PII redaction / streaming)
✗
✗
✓
✓
SIEM
✗
✗
✗
✓
Out of scope
We are focusing on the requirements for running Azure Open AI and Generative AI services, rather than specific application stacks. A Generative AI Orchestrator may involve multiple services such an Azure App Service, Azure AI Search and Storage. These will vary between applications and are considered out-of-scope for this document.
Roles
We have identified the following roles involved in running Generative AI Applications. NB: these may not map one to one to people. We leave team structure to your own personal choice.
Role
Responsibilities
Gen AI Developers
Building and testing AI Orchestrators including promptflow
GEN AI Operators
Understanding consumer usage, prompt performance, overall system response.
AI Platform
Managing Azure Open AI services, access, security, and audit logging
AI Governance
Monitoring AI safety / abuse / groundedness
The remainder of the document will introduce fictitious use-cases and map them to the above roles. We will iterate on the platform and show how it provides for the requirements. It can be overwhelming to see a target architecture without insight into why individual services exist. My hope is that by the end of the document you see why each service is there. Also, this is an evolving space. As services gain new features, knowing why something is there will enable you to consolidate accordingly.
Gen AI Application Engineers
Let’s start with a simple use-case. Ultimately, we want our feature teams to deliver applications that deliver real business value. There is no application or business value without the Application Engineers.
Use Case:
So that I can build Generative AI Applications
As a Gen AI Application Engineer
I need access to Azure Open AI API models
Use Case:
So that I can iterate on a Generative AI Application
As a Gen AI Application Engineer
I want to see diagnostics information like latency and prompt response time of my prompts
These two use-cases can be delivered with a single Azure Open AI resource:
It’s simple, but it might be all you need. We run the Orchestrator in a PaaS like Azure App Service, send telemetry to Application Insights, and use a single Azure Open AI service.
We can use Managed Identities for secure authentication, and content-filters inside Azure Open AI to keep us safe. They can do things like detect Jailbreaks and moderate responses.
We can provision PTUs (Provisioned Throughput Units https://learn.microsoft.com/en-us/azure/ai-services/openai/how-to/provisioned-throughput-onboarding) to guarantee capacity for Generative AI.
If you can stop now, then great. But most organisations will soon hit the next set of challenges.
I need to fairly share my PTU amongst multiple consumers
My consumers need access to embedding models which are not part of my PTU, and one deployment isn’t enough
I want more control over the identities accessing Azure Open AI such my own IdP
I need to log all prompts and responses for a central AI safety team
If this sounds like you, then read on as we build a platform!
Gen AI Platform Engineers
Use Case:
So that my organisation can run many AI applications on a PTU
As a Gen AI Platform Engineer
I need to share a PTU fairly across consumers
Use Case:
So that I can charge-back my PTU deployments
As a Gen AI Platform Engineer
I need to report over token usage metrics
Use Case:
So that we can leverage existing security controls
As a Gen AI Platform Engineer
I need to use identities from an existing IdP
To deliver this feature we’re going to reach for an AI Gateway. These are becoming commonplace in APIm products. In our case let’s drop Azure API Management with its AI Gateway components into the architecture and see what happens:
This is nice – we’ve now introduced an AI gateway which will give us lots of extra functionality
We’ll expose an API from Azure APIm that looks and feels like the Azure Open AI API. This will make it easier for our consumers using frameworks that ‘expect’ the AOAI surface area. It also makes it simpler for our platform team as there’s only one API for them to maintain.
We can create new versions of this API as Open AI releases new versions.
We can also restrict the surface area of the Azure Open AI API.
Let’s say we don’t want to expose Assistants, or the ability to upload files. With this model we can just choose not to expose those APIs.
We can use APIm’s load balanced pools to balance requests.
We can get it to prioritise our PTU and fail over to PAYG if we run out of capacity.
This will reduce the likelihood of 429’s getting back to our consumers.
We can use APIm to authorise incoming requests using our own IdP or a Platform Entra Application.
This lets us use custom roles and have more control over the JWT’s our consumers need.
We can use APIm policies like token-rate-limiting to fairly share our PTU stopping greedy consumers.
We’ll use “products” to lower the blast radius of breaking our consumers.
When (not if!) the platform gets popular we will need to support many consumers with different token limits. Products let us model this as lots of small policy files. These will be easier to manage than one big one.
We can use policies that emit token count metrics (including for streaming endpoints) allowing chargeback scenarios.
GEN AI Engineers… part II
This is looking great… it’s an amazing platform but the Engineers are not happy… What we’ve built is a brilliant launchpad for engineers who want to build Generative AI Applications, but it doesn’t cater for all tooling they might want.
Use Case:
So that I can support libraries like Prompt flow
As a Gen AI Platform Engineer
I need to cater for assumptions the libraries make on authentication
Some AI Libraries were built before the idea of AI Platforms existed and have taken tight dependencies on the way the ‘old world’ worked. These will be fixed over time but for now our platform is going to have to deal with them.
Let’s take Promptflow as an example. Our platform makes heavy use of API Management’s AI Gateway products to reduce the blast radius of change.
As of August 2024, APIm requires a Subscription Key to trigger Product behaviour. Our fictitious security team has mandated OAuth2 for all API calls. If you use Prompt flow’s OAuth flow it acquires tokens against Azure Open AI’s scope. And it’s tricky to attach a subscription key to its calls. It’s low-level but it’s causing friction between the application teams and the security team.
Prompt flow makes our authentication life a bit more difficult… We’re faced with a risk-based decision. Do we:
Allow Generative AI applications built with Prompt flow to take a less secure approach sending an APIm subscription-key
Allow Gen AI Apps to have direction permissions against Azure Open AI introducing a risk they could bypass our gateway protections and call Azure Open AI directly.
Introduce something ‘in the middle’ to adapt Prompt flow’s requests to meet our security requirements.
There are a few ways to approach this. Let us start with an approach that doesn’t add any new services. We are going to introduce a new product to our APIm AI Gateway which will:
Authorise the incoming JWT provided by Prompt flow and map the caller to a subscription key.
Make a new call back into APIm with the subscription key appended as a header to the original request
This will incur an impact on APIm’s performance so it’s not a free lunch. But it will enable us to reduce the risk of Prompt flow using just Api-Keys.
Great – what we can do now is:
Let our AI Applications use tokens acquired for Azure Open AI without giving them permissions to Azure Open AI
This is a nice trick here as we getting a token for AOAI doesn’t authorize us. Auth is done at the AOAI service.
The APIm product can:
Check the incoming claims on the JWT to authenticate the caller
Acquire a new token on-behalf-of the original (optional step)
Append a subscription key (using a pre-configured lookup)
Make the outbound call back to APIm where it will trigger the expected product behaviour.
For many organisations this might be enough. But there are still a few things we might care about. The OWASP LLM Top 10 identifies common vulnerabilities for LLM usage. Wouldn’t it be great if we can help our consumers detect some of them?
Bigger organisations tend to have AI Safety teams who need to report over all LLM consumption. They are asking questions like:
Can I get confidence prompts aren’t being jail-broken?
Can we be confident prompts are using grounding data, and not hallucinating?
Can we maintain a redacted audit log of all prompts and responses?
Let’s step into the shoes of our Responsible AI team…
Responsible AI team
Use Case:
So that my organisation stays within responsible AI boundaries
As a Responsible AI team
We want to spot check redacted prompt inputs, and outputs
Use Case:
So that my organisation stays within responsible AI boundaries
As a Responsible AI team
We want centralised alerting on attempted attacks on our Gen AI applications
Use Case:
So that my organisation stays within responsible AI boundaries
As a Responsible AI team
We want to know about CVE’s from LLM models and images our applications are using
We are going to reach for a few new tools to achieve these use-cases. AI Threat Detection from Azure Defender (https://learn.microsoft.com/en-us/azure/defender-for-cloud/ai-threat-protection) will help us with centralised alerts and CVE detection. Great news if we’re using Azure Open AI as it can take signals directly from the Content Safety layer meaning we don’t have to build anything to integrate the services.
For logging those prompts and responses we’re going to have to think outside the box. Most API Management platforms offer support for logging the bodies of requests and responses but there’s a caveat. They often don’t support streaming (Sever Side Events) which are used to provide better response latency to callers. If you’ve ever used Chat GPT you’ll have seen a streaming response in action. That ticker-tacker typewriter like experience when your response is returned is a Streaming Response.
API Management solutions currently buffer these responses in-order to log them which reduces the user-experience.
I’ll avoid the question of ‘do you need to use Server-Side Events’. It’s safe to say like all questions in IT, the answer is ’It Depends’. But what if you do need them?
To handle logging, I’ll introduce a second Gen AI Gateway into the architecture. It’s called AI Central https://github.com/microsoft/aicentral (there are lots of these out there – disclaimer, I am the primary maintainer of AI Central), and it runs as a Docker Container / Web API sitting in-front of APIm. Another good option is AI Sentry – https://github.com/microsoft/ai-sentry
AI Central will drop prompts and responses into a queue for PII redaction and logging. It works with streaming responses and doesn’t buffer so won’t degrade the end user experience. It currently uses the Azure Language service, but we are investigating using the PTU overnight when it’s not used as much, or PHI-3 models running in a sidecar.
AI Central logs PII Redacted prompts and responses to a Cosmos Database that a Responsible AI Team can use.
We’ve also enabled Azure Defender for AI. The AI Content Filter built into AOAI is transmitting data to Azure Defender looking for attacks on their LLM. This is all surfaced in the standard Azure Defender dashboards.
But before we call ‘done’, let’s face into our last hurdle. How do or Gen AI Application Engineers onboard to this platform?
Gen AI Platform Engineers… part II
Use Case:
So that I can simplify onboarding
As a Gen AI Platform Engineer
I want to streamline consumer onboarding
Use Case:
So that I can manage consumer demand
As a Gen AI Platform Engineer
I want a tool to simplify managing multiple Azure Open AI deployments
Use Case:
So that I can deploy on a Friday
As a Gen AI Platform Engineer
I want to deploy daily
How does a feature team express their requirements to a platform team? We are using a JSON document which could be added via a Pull Request into the Platform team’s repository. Something like this should suffice. It will capture enough information about the consumer to:
Understand their token / model requirements
Understand their content safety requirements
Understand when they want to promote into environments
Get in touch with them
Support Chargeback
{
“consumerName”: “consumer-1”,
“requestName”: “my-amazing-service”,
“contactEmail”: “engineer.name@myorg.com”,
“costCentre”: “92304”,
“constantAppIdIdentifiers”: [],
“models”: [
{
“deploymentName”: “embeddings-for-my-purpose”,
“modelName”: “text-embedding-ada-002”,
“contentSafety”: “high”,
“environments”: {
“dev”: {
“thousandsOfTokens”: 1,
“deployAt”: “2024-07-02T00:00:0000”
},
“test”: {
“thousandsOfTokens”: 1,
“deployAt”: “2024-07-02T00:00:0000”
},
“prod”: {
“thousandsOfTokens”: 15,
“deployAt”: “2024-07-02T00:00:0000”
}
}
},
{
“deploymentName”: “gpt35-for-my-purpose”,
“modelName”: “gpt-35-turbo”,
“contentSafety” : “high”,
“environments”: {
“dev”: {
“thousandsOfTokens”: 1,
“deployAt”: “2024-07-02T00:00:0000”
},
“test”: {
“thousandsOfTokens”: 1,
“deployAt”: “2024-07-02T00:00:0000”
},
“prod”: {
“thousandsOfTokens”: 15,
“deployAt”: “2024-07-02T00:00:0000”
}
}
}
]
}
This will be a conversation. When a consumer opens a Pull Request to add / update this information into the Platform repository use the Pull Request to query / suggest alternate deployment approaches (maybe gpt-4o is a better fit for their requirement then gpt-4).
When you are comfortable with a request, merge the Pull Request into the platform repository.
Platform Team Mapping
Now you have the feature teams’ requirements, as a Platform team you need to express these as Azure Open AI deployments and API Management Products. This is unlikely to be a one-to-one mapping.
For example, to maximise use of PTU you might want to consolidate multiple consumer demands into a single deployment. To maximise PTU further you will need to consolidate Content Filter policies into ‘low’, ‘medium’, or ‘high’ (as content filter policies have one-to-one affinity to a deployment).
These are all backend implementation decisions. Your contract to the consumer is to provide them access to Azure Open AI with the agreed deployment names, throughput, and content-filters, securing using their provided Entra Application Ids.
Platform Team Decisions
How many AOAI services will you need? AOAI has limits on quotas per region. For example, as of August 2024 Australia East allows you 350k tokens per minute for Text-Embedding-Ada-002. https://learn.microsoft.com/en-us/azure/ai-services/openai/quotas-limits
If you have more demand than available capacity for a region / subscription pair, then you will need to deploy more Azure Open AI resources to either different subscriptions, or different regions. The code sample provided uses a single subscription, scaling out over multiple regions.
We’ll leave the science of sizing PTU deployments out-of-scope for here. There’s lots of good documentation out there for sizing PTUs, e.g. https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/right-size-your-ptu-deployment-and-save-big/ba-p/4053857.
Back to our platform let’s start simple – we will define a deployment to AOAI using this JSON. Our platform will be built using a list of these.
{
“aoaiName”: “graemeopenai”,
“deploymentName”: “testdeploy2”,
“enableDynamicQuota”: false,
“deploymentType”: “PAYG”,
“model”: “gpt-35-turbo”,
“modelVersion”: “0613”,
“thousandsOfTokensPerMinute”: 5
}
Finally, we need a mapping between the demands of our feature team to the platform deployments. We will use this JSON:
{
“consumerName”: “consumer-1”,
“requirements”: [
{
“outsideDeploymentName”: “text-embedding-ada-002”,
“platformTeamDeploymentMapping”: “text-embedding-ada-002”,
“platformTeamPoolMapping”: “graemeopenai-embedding-pool”
},
{
“outsideDeploymentName”: “gpt35”,
“platformTeamDeploymentMapping”: “testdeploy2”,
“platformTeamPoolMapping”: “graemeopenai-pool”
}
]
}
The platform uses APIm policies to rewrite consumer requests to the ‘outside’ deployment name to the actual deployment names, allowing multiple consumers to share single deployments. This mapping lets the Platform team introduce new deployments potentially with different names without affecting the consumers.
In future iterations we want to write a simple User Interface to help manage this mapping exercise.
Deployment
Deployment of a platform should be no different to deployment of a feature. The more you do it, the more confident you will be. The Bicep templates that form the platform (https://github.com/graemefoster/APImAIPlatform) are designed to deploy everything – Azure Open AI services, deployments, APIs, Products, AI Central, etc in a single “line-of-sight”.
Our entire platform is deployed using a single ‘az deployment sub create‘ command. If we had to rebuild the entire thing from scratch it would be the same single deployment command.
My recommendation is to deploy daily at least and potentially more frequently.
Optional Extras
In building this document some other ideas popped up that I think would be helpful in making it even easier and quicker for your internal customers to get onboard:
Providing platform endpoints to test your Prompts against well-known jail-breaks and other OWASP LLM threats
Running random checks against audited prompts and responses to check the grounded-ness of the responses
CI / CD Pipelines that ‘collect’ an application’s prompts and responses and pro-actively run guardrail evaluations over them
Think about all the requirements that your consumers need to ‘tick’ before they can deploy into production. Platforms succeed when their customers fall into the proverbial pit-of-success. The more general requirements you can automate, the more your engineers are going to love your platform.
Final thoughts
And that’s it. We’ve covered a lot of detail but have setup:
Azure Open AI Deployments
An API Management AI Gateway capable of authenticating, load balancing and enforcing consumer quota
An AI proxy that can provide advanced logging as-well as bridging libraries like Prompt flow which cannot easily send Entra JWT’s and APIm Subscription Keys
Discussed AI Threat Detection from Azure Defender to assist SIEM monitoring
Thought about future enhancements that could make your platform even more valuable.
What do you think? How are you approaching this problem? Try the sample. Make it better! We’d love to hear from you so please leave some feedback.
Microsoft Tech Community – Latest Blogs –Read More
Fine Tune GPT-4o on Azure OpenAI Service
Get excited – you can now fine tune GPT-4o using the Azure OpenAI Service!
We’re thrilled to announce the public preview of fine-tuning for GPT-4o on Azure. After a successful private preview, GPT-4o is now available to all of our Azure OpenAI customers, offering unparalleled customization and performance in Azure OpenAI Service.
Why fine-tuning matters
Fine-tuning is a powerful tool that allows you to tailor our advanced models to your specific needs. Whether you’re looking to enhance the accuracy of responses, ensure outputs align with your brand voice, reduce token consumption or latency, or optimize the model for a particular use case, fine-tuning allows you to customize best-in-class models with your own proprietary data.
GPT-4o: Make a great model even better with your own training data
GPT-4o offers the same performance as GPT-4 Turbo, but improved efficiency – and the best performance on non-English language content of any OpenAI model. With the launch of fine tuning for GPT-4o, you now have the ability to customize it for your unique needs. Fine-tuning GPT-4o enables developers to train the model on domain-specific data, creating outputs that are more relevant, accurate, and contextually appropriate.
This release marks a significant milestone for Azure OpenAI Service, as it allows you to build highly specialized models that drive better outcomes, use fewer tokens with greater accuracy, and create truly differentiated models to support your use cases.
Fine tuning capabilities
Today, we’re announcing the availability of text-to-text fine tuning for GPT-4o. In addition to basic customization, we support advanced features to help you create customized models for your needs:
Tool Calling: Include function and tool calls in your training data to empower your custom models to do even more!
Continuous Fine Tuning: Fine tune previously fine-tuned models with new, or additional, data to update or improve accuracy
Deployable Snapshots: No need to worry about overfitting – you can now deploy snapshots, preserved at each epoch, and evaluate them alongside your final model
Built in Safety: GPT-4, 4o, and 4o mini models have automatic guardrails in place to ensure that your fine-tuned models are not capable of generating harmful content.
GPT-4o is available to customers using Azure OpenAI resources in North Central US and Sweden Central. Stay tuned as we add support in additional regions.
Lowering prices to make experimentation accessible
We’ve heard your feedback about the costs of fine-tuning and hosting models. To make it easier for you to experiment and deploy fine-tuned models, we’ve updated our pricing structure to:
Bill for training based on the total tokens trained – not the number of hours
Reduce hosting charges by ~40% for some of our most popular models, including the GPT-35-Turbo family.
These changes make experimentation easier (and less expensive!) than ever before. You can find the updated pricing for Fine tuning models on the Azure OpenAI Service – Pricing | Microsoft Azure
Get started today!
Whether you’re new to fine-tuning or an experienced developer, getting started with Azure OpenAI Service has never been easier. Fine-tuning is available through both Azure OpenAI Studio and Azure AI Studio, providing a user-friendly interface for those who prefer a GUI and robust APIs for advanced users.
Ready to get started?
Learn more about Azure OpenAI Service
Check out our How-To Guide for Fine Tuning with Azure OpenAI
Try it out with Azure AI Studio
Microsoft Tech Community – Latest Blogs –Read More
Upgrade values in table
Hello ALL,
I need to retrieve values a cost, a rate to a table, which are stock in another table.
It is table fs_sro_labor_mst and
Those tables have a mutual column. It is work_code.
Total count the work codes is 2 934.
How can I figure out this issue?
Thanks for all solutions
Hello ALL,I need to retrieve values a cost, a rate to a table, which are stock in another table.It is table fs_sro_labor_mst andThose tables have a mutual column. It is work_code. Total count the work codes is 2 934.How can I figure out this issue?Thanks for all solutions Read More
Dynamics365 Team Members
Hello all,
Is it possible to use the Dynamics365 Team Member as a dual use license? For on-premises.
BR
Christian
Hello all, Is it possible to use the Dynamics365 Team Member as a dual use license? For on-premises. BRChristian Read More
Availability of Azure Document Intelligence Studio Frontend Source Code
Hi
Is the source code for the Azure Document Intelligence Studio frontend available? If so, where can I access it? If it’s not available, are there any example projects or resources that showcase similar functionality or UI components that I can refer to?
Thank you for your assistance!
HiIs the source code for the Azure Document Intelligence Studio frontend available? If so, where can I access it? If it’s not available, are there any example projects or resources that showcase similar functionality or UI components that I can refer to?Thank you for your assistance! Read More
Latest Type for the every ID
I have a table like below.
create table ##Test (id nvarchar(20), dat datetime, idType nvarchar(10))
insert into ##test values (‘1001′,’2024-05-01’, ‘A’)
insert into ##test values (‘1001′,’2024-05-02’, ‘B’)
insert into ##test values (‘1001′,’2024-05-03’, ‘C’)
insert into ##test values (‘1001′,’2024-05-04’, ‘C’)
insert into ##test values (‘1002′,’2024-05-01’, ‘A’)
insert into ##test values (‘1003′,’2024-05-01’, ‘B’)
insert into ##test values (‘1003′,’2024-05-02’, ‘C’)
insert into ##test values (‘1003′,’2024-05-03’, ‘A’)
select * from ##Test
drop table ##test
i need latest distinct last two idType against every ID
I need the result like below
create table ##result (id nvarchar(20), result nvarchar(10))
insert into ##result values (‘1001′,’C’)
insert into ##result values (‘1001′,’B’)
insert into ##result values (‘1002′,’A’)
insert into ##result values (‘1003′,’A’)
insert into ##result values (‘1003′,’C’)
select * from ##result
drop table ##result
I have a table like below. create table ##Test (id nvarchar(20), dat datetime, idType nvarchar(10))insert into ##test values (‘1001′,’2024-05-01’, ‘A’)insert into ##test values (‘1001′,’2024-05-02’, ‘B’)insert into ##test values (‘1001′,’2024-05-03’, ‘C’)insert into ##test values (‘1001′,’2024-05-04’, ‘C’)insert into ##test values (‘1002′,’2024-05-01’, ‘A’)insert into ##test values (‘1003′,’2024-05-01’, ‘B’)insert into ##test values (‘1003′,’2024-05-02’, ‘C’)insert into ##test values (‘1003′,’2024-05-03’, ‘A’)select * from ##Testdrop table ##test i need latest distinct last two idType against every ID I need the result like below create table ##result (id nvarchar(20), result nvarchar(10))insert into ##result values (‘1001′,’C’)insert into ##result values (‘1001′,’B’)insert into ##result values (‘1002′,’A’)insert into ##result values (‘1003′,’A’)insert into ##result values (‘1003′,’C’)select * from ##resultdrop table ##result Read More
Activate Device Administrator Outlook Android Problem
I tried to sign in Outlook app android using work or school account tenant M365 A and tenant M365 B using personal android. There is no problem when I use account from tenant A, but when using account tenant M365 B it is always asked to “activate device administrator”.
I also tested using Outlook iOS/iPhone using account tenant M365 B, the result is the prompt does not appear and can log in to use email service.
I think this is a policy applied to Intune, but I also confirm that tenant M365 B does not have intune policy and does not subscribe to Intune. I do not know why this happens and I do not want to do “activate device administrator”.
Is there a way to overcome this, maybe it can be turned off for “activate device administrator”, so that the prompt does not appear again?
I tried to sign in Outlook app android using work or school account tenant M365 A and tenant M365 B using personal android. There is no problem when I use account from tenant A, but when using account tenant M365 B it is always asked to “activate device administrator”. I also tested using Outlook iOS/iPhone using account tenant M365 B, the result is the prompt does not appear and can log in to use email service. I think this is a policy applied to Intune, but I also confirm that tenant M365 B does not have intune policy and does not subscribe to Intune. I do not know why this happens and I do not want to do “activate device administrator”. Is there a way to overcome this, maybe it can be turned off for “activate device administrator”, so that the prompt does not appear again? Read More
Fill a cell based on other cells being filled
Hello,
I am working to create a daily score for my students as they complete their work. What I would like to do is as I put an “x” in the cell they have completed, after so many are filled, then a separate box will change colors per the amount of x’s in the other cells. I know about conditional formatting but I am struggling with getting the formula correct. Any help would be appreciated.
Hello, I am working to create a daily score for my students as they complete their work. What I would like to do is as I put an “x” in the cell they have completed, after so many are filled, then a separate box will change colors per the amount of x’s in the other cells. I know about conditional formatting but I am struggling with getting the formula correct. Any help would be appreciated. Read More
Lockscreen imagages changed location
For a few years my lock-screen images were always found in the same location: c:usersuser nameappdatalocalpackages………
Now my images show up as a theme?????
For a few years my lock-screen images were always found in the same location: c:usersuser nameappdatalocalpackages………Now my images show up as a theme????? Read More
FILTER not returning matches
Hi
I am looking for assistance with creating a formula that checks the values of column “D” for a specific text “Flexi Day” and then returns the value in column “B” (staff name) for all of the matches.
I used the formula: =FILTER(‘Term 4’!D4:D36,‘Term 4’!B4:B36=E1) where E1 is text in a cell that says “Flexi Day”.
It is returning Error No matches are found in FILTER evaluation. There is a match in D4.
The data in column D is from a drop down list. I thought this may be the issue, but I inserted “Flexi Day” into a cell in column D that is not a drop down, and it still shows no matches.
Is the issue that the data is from a different worksheet within the same document?
I can’t use VLOOKUP because the columns are back to front, and I tried XLOOKUP and some other things, and nothing is working and Google is not helping either.
Hoping that someone can assist.
Thank you!
HiI am looking for assistance with creating a formula that checks the values of column “D” for a specific text “Flexi Day” and then returns the value in column “B” (staff name) for all of the matches.I used the formula: =FILTER(‘Term 4′!D4:D36,’Term 4’!B4:B36=E1) where E1 is text in a cell that says “Flexi Day”.It is returning Error No matches are found in FILTER evaluation. There is a match in D4.The data in column D is from a drop down list. I thought this may be the issue, but I inserted “Flexi Day” into a cell in column D that is not a drop down, and it still shows no matches.Is the issue that the data is from a different worksheet within the same document?I can’t use VLOOKUP because the columns are back to front, and I tried XLOOKUP and some other things, and nothing is working and Google is not helping either.Hoping that someone can assist.Thank you! Read More
Could someone help me figure out this error with my Windows service project?
I can run this service successfully, it works perfectly but any time the service is stopped it shows this error:
C:WINDOWSsystem32>sc start EmailAutoResponseService
[SC] StartService FAILED 1053:
The service did not respond to the start or control request in a timely fashion.
This error is shown AFTER OnStop() is called. I’m assuming it has something to do with my OnStart method and/or the way I’m using async/await.
Could someone please point me in the right direction? Feel free to make other suggestions too, is async/await unnecessary here?
This is my Program.cs file:
And this my EmailAutoResponseService.cs file:
These are the relevant methods:
/// <summary>
/// Initializes a new instance of the EmailAutoResponseService class.
/// </summary>
public EmailAutoResponseService()
{
InitializeComponent();
LoadDependencies();
_cts = new CancellationTokenSource();
}
protected override void OnStart(string[] args)
{
LogTs.LogInfo(“Running OnStart().”);
Task.Run(async () => await StartServiceAsync());
}
protected override void OnStop()
{
LogTs.LogInfo(“Running OnStop().”);
Task.Run(async () => await StopServiceAsync()).Wait();
}
public async Task StartServiceAsync()
{
LogTs.LogInfo(“Running StartServiceAsync().”);
await RunEmailProcessingLoop(_cts.Token);
}
/// <summary>
/// Stops the service asynchronously.
/// </summary>
public async Task StopServiceAsync()
{
LogTs.LogInfo(“Running StopServiceAsync().”);
_cts.Cancel();
// Give some time for the cancellation to be processed
await Task.Delay(1000);
}
I can run this service successfully, it works perfectly but any time the service is stopped it shows this error: C:WINDOWSsystem32>sc start EmailAutoResponseService[SC] StartService FAILED 1053:The service did not respond to the start or control request in a timely fashion. This error is shown AFTER OnStop() is called. I’m assuming it has something to do with my OnStart method and/or the way I’m using async/await. Could someone please point me in the right direction? Feel free to make other suggestions too, is async/await unnecessary here? This is my Program.cs file: https://pastebin.com/h4UhmuZD And this my EmailAutoResponseService.cs file: https://pastebin.com/ApAgUXph These are the relevant methods: /// <summary>/// Initializes a new instance of the EmailAutoResponseService class./// </summary>public EmailAutoResponseService(){InitializeComponent();LoadDependencies();_cts = new CancellationTokenSource();}protected override void OnStart(string[] args){LogTs.LogInfo(“Running OnStart().”);Task.Run(async () => await StartServiceAsync());}protected override void OnStop(){LogTs.LogInfo(“Running OnStop().”);Task.Run(async () => await StopServiceAsync()).Wait();}public async Task StartServiceAsync(){LogTs.LogInfo(“Running StartServiceAsync().”);await RunEmailProcessingLoop(_cts.Token);}/// <summary>/// Stops the service asynchronously./// </summary>public async Task StopServiceAsync(){LogTs.LogInfo(“Running StopServiceAsync().”);_cts.Cancel();// Give some time for the cancellation to be processedawait Task.Delay(1000);} Read More
ILT Communications now has a new home!
Attention: ILT Communications has moved!
You can now find us over at our new space, ILT Communications Blog.
Please subscribe and follow: aka.ms/ILT_Communications_Blog
Attention: ILT Communications has moved!
You can now find us over at our new space, ILT Communications Blog.
Please subscribe and follow: aka.ms/ILT_Communications_Blog
For all ILT Communications — come to our new ILT Communications Blog!
Attention: ILT Communications has moved!
You can now find us over at our new space, ILT Communications Blog.
Please subscribe and follow: aka.ms/ILT_Communications_Blog
Attention: ILT Communications has moved!
You can now find us over at our new space, ILT Communications Blog.
Please subscribe and follow: aka.ms/ILT_Communications_Blog
How a Student Grew as a Community Leader, Inspired by MVP
In a previous blog post Place Where Japanese Student Developers Develop Strength, we shared the story of Kenta Iwasaki, a Japanese Microsoft MVP who actively supports student growth. About two years have passed since then, and one of the students mentored by Kenta has grown as a community leader and was awarded as a new Microsoft MVP in August 2024.
In this blog post, we look back on the journey of a new Developer Technologies MVP Kaito Tsutsumi from his community activities when he was a student to his recognition as an MVP and share a message for students who want to learn technology for their growth.
Taking the first step during high school, meeting MVPs during university, and becoming a Microsoft Learn Student Ambassador
The beginning of Kaito’s community involvement can be traced back to his high school days when he posted a technical article simply because he thought it would be interesting. The warm comments he received inspired him to continue writing technical articles and speaking at tech events. After entering university, he participated in an event, MVP x Student Meetup@Tsukuba, held in his hometown, where he met Microsoft MVPs. This encounter further fueled his passion. Reflecting on that time, he says, “I became more enthusiastic about contributing to the community because I became interested in activities that spread my area of expertise and favorite technologies.”
Later, Kaito became a Microsoft Learn Student Ambassador and began focusing on activities for fellow students in the community. However, with the global pandemic restricting in-person events, he had to find creative ways to deliver high-quality online events. Together with his peers, he successfully organized engaging online events.
In the fall of 2022, as the opportunity for in-person events increased, Kaito and peer Student Ambassadors held the first hybrid event, MS Tech Camp 2nd Anniversary Event, marking it the first time he could interact directly with his peers and community members. He also held an event MLSA Graduation Ceremony & Welcome Party in the spring of the following year to conclude his student years, where he was delighted to be celebrated by everyone. “It was a moment when I felt that all my efforts in community activities had been worthwhile,” he reflects.
Microsoft Learn Student Ambassador speakers at .NET Conf 2022 Recap Event Tokyo (X post)
Kaito Tsutsumi and Takumi Okawa (former Microsoft Learn Student Ambassadors), and Masaki Takeuchi (Microsoft Learn Student Ambassador)
<Perspectives from a Microsoft MVP on Kaito’s student days>
——-
The Microsoft MVP who supports student growth and works with the tech communities, Kenta Iwasaki, recalls Kaito’s student years as a rare case of someone who combined deep and broad technical expertise and says, “Kaito was recognized by other student members for his extensive knowledge and skills.” He particularly remembers Kaito’s approachable nature and willingness to teach and advise other students, highlighting great communication skills and significant contributions to the community.
——-
Lessons learned by professionals in the community
Many of the individuals Kaito encountered at tech events during his student years were professionals who balanced their busy work lives with community activities. He was impressed by how they managed to engage enthusiastically despite their hectic schedules. “From them, I learned how to approach technology and community with passion. I aim to embody that same spirit in my daily activities,” he reflects on how this experience has influenced his current mindset.
Future aspirations as a new Microsoft MVP
Kaito, once a student learning from professionals including MVPs, has now become someone who supports students and expands his community activities, including hosting events and writing technical blogs. As a result, he received the Microsoft MVP award.
Reflecting on this achievement, Kaito expresses his future goal: “I want to continue my personal development, community activities, and technology outreach while ramping up my efforts. I plan to tackle more advanced and niche technologies in OSS development and technical demos and share the knowledge I gain as much as possible. Just as I admired MVPs in the past, I aspire to become an MVP who others can look up to.”
Future support activities for the student community and message to students
Having received much inspiration, knowledge, and valuable opportunities from the tech community during his student years, Kaito aims to support students similarly. He is passionate about providing opportunities that encourage students to start community activities and share their knowledge. “Starting anything is challenging, especially for students who may find it daunting to share their knowledge in a professional environment. By showing the warm atmosphere of the community and my enjoyment through activities, I hope to motivate students. As a Microsoft MVP, I want to create systems where motivated students can thrive in tech communities like Babylon.js JAPAN and Iwaken Lab,” he says.
For students who want to grow by learning technology, Kaito offers encouraging words based on his experience.
“The IT field evolves rapidly, making it hard to keep up with trends, and it’s easy to feel negative when comparing oneself to impressive people around. For me, my love for technology was a strong support. During university, focusing on my favorite technology and striving to master it made my life richer. So, even if your interest is niche or seems useless, I encourage you to find a technology you love and pursue it passionately in your career.”
The impact of Microsoft MVPs supporting the next generation
Kenta, whose support greatly influenced Kaito’s growth, continues to help students through three main pillars: (1) supporting the articulation of students’ aspirations, (2) coaching to develop individual strengths, and (3) encouraging challenges in new environments. For example, he and his community members are involved in activities such as participating in the Co-Creation Challenges of Expo 2025 Osaka, Kansai, exhibition at JAXA’s Tsukuba Space Center event, helping students gain practical experience and enhance their expertise.
Kaito began community activities in high school, met Microsoft MVPs and professionals enjoying tech community activities during university, and expanded his potential. This story, showing how learning and growing together beyond school and work settings creates pathways, represents an ideal vision of tech communities where people gather around a shared interest in technology.
Microsoft MVPs like Kenta have been supporting many students’ learning and growth journeys. Even if you are not currently involved in such activities, why not share your knowledge and experience with students, and help nurture the next generation of tech professionals?
Microsoft MVP, professional community leader, and Microsoft Learn Student Ambassador speakers at .NET Conf 2022 Recap Event Tokyo (X post)
Microsoft Tech Community – Latest Blogs –Read More
New pricing for Microsoft Dynamics 365 effective October 2024 – impact on nonprofit pricing?
Hi Microsoft team
Are you able to confirm if the new pricing that will come into effect on 1 October 2024 will also have a similar increase on the discounted nonprofit pricing?
Thanks
Matt
Hi Microsoft team Are you able to confirm if the new pricing that will come into effect on 1 October 2024 will also have a similar increase on the discounted nonprofit pricing? ThanksMatt Read More
What number is 1 866 216 1072?
Any questions about individual refunds should be directed to Amazon at O934l,3O,4l55,,+866-216-1072. Last month, the FTC and Amazon agreed to end their litigation related to the FTC’s case, which paved the way for the refund program to begin. The Federal Trade Commission works
Any questions about individual refunds should be directed to Amazon at O934l,3O,4l55,,+866-216-1072. Last month, the FTC and Amazon agreed to end their litigation related to the FTC’s case, which paved the way for the refund program to begin. The Federal Trade Commission works Read More
Potential Vulnerability: Access to Devices on Network via Teams
Hi.
Not sure if this is the right place for this. Does anyone know / have come across, a vulnerability that follows this user journey:
1. Meeting Request Sent to victim via third party
2. Meeting commences
3. Third party accesses victim device (that meeting is taking place on) + devices connected to the network + has ability to modify, delete, add files on network connected devices + schedule events to take place on devices connected to the network.
When experienced the victim witnesses and major increase in CPU and Memory Useage + activity in applications managed at the enterprise level (Adobe Creative Cloud, N-Able, Citrix).
Connected to the attack, the victim also notices otherwise non-malicious scripts launching from PDF and Image documetns that the Third Party had sent in the lead up.
Hi. Not sure if this is the right place for this. Does anyone know / have come across, a vulnerability that follows this user journey: 1. Meeting Request Sent to victim via third party2. Meeting commences3. Third party accesses victim device (that meeting is taking place on) + devices connected to the network + has ability to modify, delete, add files on network connected devices + schedule events to take place on devices connected to the network. When experienced the victim witnesses and major increase in CPU and Memory Useage + activity in applications managed at the enterprise level (Adobe Creative Cloud, N-Able, Citrix). Connected to the attack, the victim also notices otherwise non-malicious scripts launching from PDF and Image documetns that the Third Party had sent in the lead up. Read More
