Tag Archives: microsoft
Conditional Formatting for column based off data in another column
Hi! I am looking to apply conditional formatting to cells in Column AC when adjacent cells in column AB are not blank.
For example, both columns will have dates. Column AB is start date, Column AC is finish date.
I would like any cell in Column AC to change color when its adjacent cell in Column AB has a date entered IF AC cell is blank. Once cell in AC also has a date, it would return to no fill format.
Hi! I am looking to apply conditional formatting to cells in Column AC when adjacent cells in column AB are not blank. For example, both columns will have dates. Column AB is start date, Column AC is finish date. I would like any cell in Column AC to change color when its adjacent cell in Column AB has a date entered IF AC cell is blank. Once cell in AC also has a date, it would return to no fill format. Read More
planner printig in oran
Tak Siz: The Smart Choice for Diaries, Calendars, and Study Notebooks
:glowing_star: Tak Siz – Your companion for all important moments in life! :glowing_star:
Looking for a way to organize better and plan more precisely? Tak Siz offers you the smartest choice with its exceptional products.
:small_blue_diamond: Attractive and Functional Diaries: With unique designs and superior quality, Tak Siz diaries help you track your goals and plans in the best possible way.
:small_blue_diamond: Diverse and Beautiful Calendars: Make each day memorable with Tak Siz calendars. Our creative designs and wide variety make our calendars your first choice.
:small_blue_diamond: High-Quality Study Notebooks: Dear students! With Tak Siz study notebooks, you can study with more order and motivation. The high-quality paper and attractive designs make studying a pleasure.
:sparkles: Tak Siz Distinctive Features:
Creative and diverse designsUse of high-quality materialsAttention to details and customer needsCommitment to the environment with sustainable production methods
:link: For more information and to view our products, visit our website: www.taksiz.org
With Tak Siz, plan your days better and get closer to your goals!
:books: Tak Siz – Your companion on the road to success! :books:
Tak Siz: The Smart Choice for Diaries, Calendars, and Study Notebooks:glowing_star: Tak Siz – Your companion for all important moments in life! :glowing_star:Looking for a way to organize better and plan more precisely? Tak Siz offers you the smartest choice with its exceptional products.:small_blue_diamond: Attractive and Functional Diaries: With unique designs and superior quality, Tak Siz diaries help you track your goals and plans in the best possible way.:small_blue_diamond: Diverse and Beautiful Calendars: Make each day memorable with Tak Siz calendars. Our creative designs and wide variety make our calendars your first choice.:small_blue_diamond: High-Quality Study Notebooks: Dear students! With Tak Siz study notebooks, you can study with more order and motivation. The high-quality paper and attractive designs make studying a pleasure.:sparkles: Tak Siz Distinctive Features:Creative and diverse designsUse of high-quality materialsAttention to details and customer needsCommitment to the environment with sustainable production methods:link: For more information and to view our products, visit our website: www.taksiz.orgWith Tak Siz, plan your days better and get closer to your goals!:books: Tak Siz – Your companion on the road to success! :books: Read More
Failed to create AppDomain
I am trying to deploy my SSIS package to the SSISDB Catalog on SQL Server 2012. When I deploy I receive this error message:
Failed to create AppDomain “SSISDB.dbo[runtime].6”.
Could not load file or assembly ‘System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ or one of its dependencies. Not enough storage is available to process this command. (Exception from HRESULT: 0x80070008) (.Net SqlClient Data Provider)
I remoted into the server and ran gacutil -l System.Data on command prompt and saw versions 4.0.0.0 and 2.0.0.0 showing up. I don’t think storage space is an issue. We have two disks (C & D) D has 369 GB free space, C has 34.1 GB free space.
I am trying to deploy my SSIS package to the SSISDB Catalog on SQL Server 2012. When I deploy I receive this error message:Failed to create AppDomain “SSISDB.dbo[runtime].6”.Could not load file or assembly ‘System.Data, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089’ or one of its dependencies. Not enough storage is available to process this command. (Exception from HRESULT: 0x80070008) (.Net SqlClient Data Provider)I remoted into the server and ran gacutil -l System.Data on command prompt and saw versions 4.0.0.0 and 2.0.0.0 showing up. I don’t think storage space is an issue. We have two disks (C & D) D has 369 GB free space, C has 34.1 GB free space. Read More
Access denied, sending domain does not pass DMARC verification and has a DMARC policy of reject
This is super annoying. I’m not using Microsoft “defender”. I’m on the receiving end of its stick.
I noticed that when I start sending emails back and forth with some business that uses Microsoft 365 Defender to handle their emails, it works for a few initial emails. Maybe .about 5. But then all of a sudden my messages start bouncing back with the following message:
“Diagnostic-Code: smtp;550 5.7.509 Access denied, sending domain ____.com does not pass DMARC verification and has a DMARC policy of reject.“
I tested my email for passing DMARC and found no issues with multiple services that do those DMARC tests. So the problem is clearly with the “defender“.
I also noticed that if I resend the message the next day, it goes through. But only if I don’t send too many emails – which is generally about 5.
Does anyone have any idea when will they fix it?
This is super annoying. I’m not using Microsoft “defender”. I’m on the receiving end of its stick. I noticed that when I start sending emails back and forth with some business that uses Microsoft 365 Defender to handle their emails, it works for a few initial emails. Maybe .about 5. But then all of a sudden my messages start bouncing back with the following message: “Diagnostic-Code: smtp;550 5.7.509 Access denied, sending domain ____.com does not pass DMARC verification and has a DMARC policy of reject.”I tested my email for passing DMARC and found no issues with multiple services that do those DMARC tests. So the problem is clearly with the “defender”.I also noticed that if I resend the message the next day, it goes through. But only if I don’t send too many emails – which is generally about 5. Does anyone have any idea when will they fix it? Read More
ERROR 4819
SQL Server: 2019
ERROR (4819) -” Cannot bulk load. The bulk data stream was incorrectly specified as sorted or the data violates a uniqueness constraint imposed by the target table. Sort order incorrect for the follow”
We tested the exact same stored procedures on SQL2019 System A and everything worked as expected. But it gives errors when we test on the SQL SERVER 2019 System B.
SQL Server A and SQL Server B are the same version, 2019 but something is causing these jobs to fail.
I’m not sure what to do next. Any thoughts/suggestions would be greatly appreciated.
Thanks.
SQL Server: 2019 ERROR (4819) -” Cannot bulk load. The bulk data stream was incorrectly specified as sorted or the data violates a uniqueness constraint imposed by the target table. Sort order incorrect for the follow” We tested the exact same stored procedures on SQL2019 System A and everything worked as expected. But it gives errors when we test on the SQL SERVER 2019 System B. SQL Server A and SQL Server B are the same version, 2019 but something is causing these jobs to fail.I’m not sure what to do next. Any thoughts/suggestions would be greatly appreciated. Thanks. Read More
Teams I no longer belong to still reappear in my Teams list
For several years, I’ve noticed that old teams I no longer belong to still appear in my Teams list. These are teams I initially created but later manually left through the Teams app. They show up in both Teams for the Web and Teams Desktop, affecting both Classic and New Teams versions. I assumed it was a bug that would eventually be fixed, but after about three years, they still persist.
I’ve tried clearing the Teams cache, browser cache, reinstalling Teams, and other troubleshooting steps, but the issue remains. It seems to be some kind of bug or persistent cloud caching. Even after leaving these teams years ago, they still reappear. When I click on one, I get an error message saying I no longer have access, and then it disappears, only to return within a day or two. Has anyone else experienced this issue?
For several years, I’ve noticed that old teams I no longer belong to still appear in my Teams list. These are teams I initially created but later manually left through the Teams app. They show up in both Teams for the Web and Teams Desktop, affecting both Classic and New Teams versions. I assumed it was a bug that would eventually be fixed, but after about three years, they still persist. I’ve tried clearing the Teams cache, browser cache, reinstalling Teams, and other troubleshooting steps, but the issue remains. It seems to be some kind of bug or persistent cloud caching. Even after leaving these teams years ago, they still reappear. When I click on one, I get an error message saying I no longer have access, and then it disappears, only to return within a day or two. Has anyone else experienced this issue? Read More
Project | Web versions
We have users uploading (Publishing) MS Project Schedule plans online. Some files are being duplicated, and we have multiple Project plans. I have been able to edit the duplicates, but only to change their status from Active to Completed. Is there a way to remove these duplicates to clear the muddy water?
We have users uploading (Publishing) MS Project Schedule plans online. Some files are being duplicated, and we have multiple Project plans. I have been able to edit the duplicates, but only to change their status from Active to Completed. Is there a way to remove these duplicates to clear the muddy water? Read More
A&A !! How can I get in touch with American Airlines fast?
How do I speak to American customer service?
You’ve got several choices for connecting with a live representative at American Airlines. Contact their customer support hotline at ☎:telephone: +1-877-777-3749 (Live Person) for immediate assistance. Alternatively, you can engage with them using their website’s live chat or email support.
How do I speak to American customer service?
To connect with American Airlines, explore multiple channels such as their website, mobile app, or customer service hotline at ☎:telephone: 1-877-777-6812(OTA). 1-877-777-3749(OTA).. Booking flights, managing reservations, and accessing travel information are seamlessly available online.
How do I speak to American customer service? You’ve got several choices for connecting with a live representative at American Airlines. Contact their customer support hotline at ☎:telephone: +1-877-777-3749 (Live Person) for immediate assistance. Alternatively, you can engage with them using their website’s live chat or email support. How do I speak to American customer service? To connect with American Airlines, explore multiple channels such as their website, mobile app, or customer service hotline at ☎:telephone: 1-877-777-6812(OTA). 1-877-777-3749(OTA).. Booking flights, managing reservations, and accessing travel information are seamlessly available online. Read More
New Outlook for Windows: a guide for Executive Assistants and Delegates – part 2
This blog captures some calendar tips to help executive assistants and delegates better navigate their time management needs in the new Outlook.
1. Find time and request in-person event
When scheduling a meeting, click on ‘Find a time’ to easily find suitable time slots on the attendee’s calendars. You can view availability by hovering on the attendee icon. You can also request in-person attendance by turning on the ‘In-person event’ toggle on. You can still add a Teams meeting link for attendees who may not be able to join in person.
2. Use Scheduling Assistant
Use the scheduling assistant to easily find time for meetings. In the new Outlook, you can view the attendee time zones and schedule labels in the Scheduling Assistant. Note that attendee time zones are shown only if at least one attendee is in a different time.
3. Automatic online meetings
In the new Outlook, all meetings are online by default. The Teams meeting toggle is turned on when you add attendees to a meeting. Unlike classic Outlook, the Teams meeting link and details are added after the invite is sent. You can then view the meeting invite to see and copy the Teams meeting details. We are working to update this behavior and pre-create meeting links so you will see the experience match classic Outlook in future.
Note – you can update every meeting online setting from Settings> Calendar > Events and invitations and enable or disable ‘Add online meeting to all meetings’.
If you are using 3rd party online meeting providers like Zoom or Cisco WebEx, you will also see those as meeting provider options in this setting, provided you have their web add-in installed. Learn more every meeting online here.
4. Hide attendee list
You can now choose to hide the attendee list from being visible to users who receive the meeting invite. When creating a new meeting, select ‘Response options’ and click on ‘Hide attendee list’
5. Attendees can add rooms
In the new Outlook, attendees can add rooms by forwarding the meeting invite to the relevant rooms. The meeting room will then be visible to all attendees.
6. Edit events in a series
The new Outlook for Windows has the following options for editing a meeting series –
This event – this will only update the selected instance of the meeting series.
This and all following events – this will only make changes to the selected and following instances of the meeting series and the older meeting instances will not be changed. This option does not exist in classic Outlook for Windows.
All events in the series – this will update all events in the meeting series.
7. Duplicate a meeting
Right click on an event in the calendar surface and select ‘Duplicate event’ to it. You can also do this from the meeting form ribbon.
8. Add multiple Time Zones in calendar
Easily manage meetings across different time zones in new Outlook. New Outlook allows you to add up to 20 time zones in the calendar, whereas classic Outlook allows adding only 3 time zones.
9. Use executive’s categories in calendar
Right click on an event in the calendar view and click ‘Categorize’ to apply executive’s categories. We plan to allow executive admins to manage executive’s categories in future.
10. Receive shared calendar notifications
In the new Outlook, users can opt to receive notifications on changes to events in the shared calendar. This capability is extended to both the executive and executive assistant/delegate. You can select the calendars you want to opt in for notifications from Settings> Calendar > Shared Calendars> Calendar updates.
11. ‘Don’t send response’ RSVP tracked
In classic Outlook, if the user chooses ‘Do not send response’ while RSVPing, the organizer will not be able to track that individual RSVP.
However, in the new Outlook, if the user unchecks ‘Email organizer’ while RSVPing, even though there will not be a visible response email sent to the organizer, the organizer will still be able track that RSVP as long as the organizer and the RSVPing attendee are in the same M365 tenant (or organization).
We plan to support tracking across different tenants in future.
12. Preserve declined meetings on the calendar and RSVP’d meetings in inbox
Preserve declined meetings on the calendar so that you can still be aware of it and update RSVP later if needed. This can be enabled by selecting Settings > Calendar > Events and invitations and clicking the ‘Save declined events’ checkbox.
Meetings that have been RSVP’d to, can also be retained in the inbox so that you can easily find them later. This can be done from Settings> Calendar > Events and invitations > Invitations from other people and selecting the ‘Delete invitations from inbox after responding’.
These settings will have to be enabled on the executive’s for them to be respected in the delegate calendar and inbox folder respectively.
13. Decline but follow a meeting
The new ‘RSVP option allows you to decline a meeting but still have access to the meeting chat, meeting recording and meeting notes. This is a great way to stay informed about discussions that you or your executives are unable to join.
This feature is rolling out so some users may not see it yet.
Share feedback
We encourage you to try new Outlook and share your feedback. You can submit feedback on the new Outlook experience from Help > Feedback. Please mention – “I am an EA” Or “I am a delegate” when adding comments.
To stay updated with the latest features in new Outlook, follow the roadmap.
This guide will also be published as a support article that will be linked here once available.
Microsoft Tech Community – Latest Blogs –Read More
Managed HSM support for Azure Database for MySQL – Flexible Server (General Availability)
We’re happy to announce general availability of Azure Key Vault Managed HSM support for customer managed keys (CMK) in Azure Database for MySQL – Flexible Server!
What is Managed HSM?
Azure Key Vault Managed HSM (Hardware Security Module) is a fully managed, highly available, single-tenant, standards-compliant cloud service that enables you to safeguard cryptographic keys for your cloud applications, using FIPS 140-2 Level 3 validated HSMs. It ensures your data is stored and processed only within the region that hosts the HSM, ensuring data residency. Each Managed HSM instance is dedicated to a single customer and consists of a cluster of HSM partitions. All cryptographic operations, such as encryption, decryption, and validation, are performed inside the HSM.
Benefits of Managed HSM support for Azure Database for MySQL – Flexible Server
The Managed HSM feature allows you to use your own HSM-backed encryption keys to protect your data at rest in MySQL – Flexible Server instances. You can generate HSM-backed keys and import the encryption keys from a physical on-premises HSM using CMK’s bring your own key (BYOK) feature while maintaining full control over the keys.
Configuring Managed HSM for Azure Database for MySQL – Flexible Server
You can easily configure an Azure Key Vault Managed HSM for new or existing Azure Database for MySQL flexible servers by using the Azure CLI or the Azure Portal, as shown in the following screenshot:
When configuring Managed HSM, note that you must:
Deploy the Managed HSM in the same region as the MySQL flexible server.
Enable soft delete and purge protection.
Assign the User-assigned Managed Identity (UMI) the “Managed HSM Crypto Service Encryption User” role in RBAC.
Learn more
For more details about this feature, please see the article Data encryption with customer managed keys – Azure Database for MySQL – Flexible Server.
If you have any queries or suggestions, please let us know by leaving a comment below or by contacting directly us at AskAzureDBforMySQL@service.microsoft.com.
Microsoft Tech Community – Latest Blogs –Read More
Loss of default Route when turning on VPN
When I use my FortiClient VPN to connect remotely, Windows loses my local internet connection.
I have used an elevated Command Prompt to try and adjust the default route to remedy.
Any advice ?
Here is the process I am using:
Open a cmd window with administrator privileges. You need them to add/delete routes later on.
before you connect the vpn execute a “route print” in there and look for the Target “0.0.0.0” – this is your default route. Note down the ip in the column “gateway” there.
Connect the vpn and then execute “route print” in the cmd again. You should notice that the gateway (and interface) for the default route has changed. Als note down that gateway ip.
Then do a “route delete 0.0.0.0” (I think “route delete default” might do as well but not sure).
Then do a “route add 0.0.0.0 MASK 0.0.0.0 <gateway ip you noted down before connecting vpn>”
At this point you should regain internet connectivity again.
To still be able to reach to your company servers you might have to analogously add a static route to the company subnet with correct subnet mask and the gateway you noted after connecting the vpn.
You don’t need to enter interface or metric here.
When I use my FortiClient VPN to connect remotely, Windows loses my local internet connection.I have used an elevated Command Prompt to try and adjust the default route to remedy.Any advice ? Here is the process I am using:Open a cmd window with administrator privileges. You need them to add/delete routes later on.before you connect the vpn execute a “route print” in there and look for the Target “0.0.0.0” – this is your default route. Note down the ip in the column “gateway” there.Connect the vpn and then execute “route print” in the cmd again. You should notice that the gateway (and interface) for the default route has changed. Als note down that gateway ip.Then do a “route delete 0.0.0.0” (I think “route delete default” might do as well but not sure).Then do a “route add 0.0.0.0 MASK 0.0.0.0 <gateway ip you noted down before connecting vpn>”At this point you should regain internet connectivity again.To still be able to reach to your company servers you might have to analogously add a static route to the company subnet with correct subnet mask and the gateway you noted after connecting the vpn.You don’t need to enter interface or metric here. Read More
Excel sort/filter help
Hello im using excel on my MacBook, and im a novice!
need some help with sort/filter (not sure) column H & J have some auto sort attached to them, so the row data stays attached no matter if sort H & J , I need to do the same with column M and will need add same to other columns. Any help gratefully received.
Hello im using excel on my MacBook, and im a novice!need some help with sort/filter (not sure) column H & J have some auto sort attached to them, so the row data stays attached no matter if sort H & J , I need to do the same with column M and will need add same to other columns. Any help gratefully received. Read More
Search Tips customization
Is there a way to customize the Search Tips at the top of the search page
Is there a way to customize the Search Tips at the top of the search page Read More
Intune issues with email migration
Hello there,
Someone know if there are account issues in the devices when you migrate an email to a diferent tenant?
Currently there are 2 companies and the devices of both companies are in intune. We are about to migrate the emails from company 2 to company 1 but we don’t know what would happend to the devices of company 2 since their domain will change, their access will change. At the end they will have new accounts and the old domain will be @company.onmicrosoft.com.
They will be able to join their devices with their old email? or they will lose access?
Hoping someone can help me :).
Regards,
Oscar.
Hello there, Someone know if there are account issues in the devices when you migrate an email to a diferent tenant? Currently there are 2 companies and the devices of both companies are in intune. We are about to migrate the emails from company 2 to company 1 but we don’t know what would happend to the devices of company 2 since their domain will change, their access will change. At the end they will have new accounts and the old domain will be @company.onmicrosoft.com. They will be able to join their devices with their old email? or they will lose access? Hoping someone can help me :). Regards,Oscar. Read More
Mapping SharePoint list items using Azure Maps
I have a SharePoint list with office locations. Our client would like to show all of these locations on a map. Getting a Bing Maps key is no longer an option – this has been deprecated, so we will need to use Azure maps instead. We have a Azure Maps key, but are unsure of how to enable it in SharePoint. Every blog post we find only has instructions for Bing Maps. Any help is much appreciated!
I have a SharePoint list with office locations. Our client would like to show all of these locations on a map. Getting a Bing Maps key is no longer an option – this has been deprecated, so we will need to use Azure maps instead. We have a Azure Maps key, but are unsure of how to enable it in SharePoint. Every blog post we find only has instructions for Bing Maps. Any help is much appreciated! Read More
Can one phrase Mail rules to be applied for newly arrived mails not in Inbox but in Spam folder?
My Email provider runs its own (unfortunately very bad) spam filter and continues to sort tons of legit emails as false positives into my Spam folder. These emails are then synchronized to my Outlook where I then always have to angle them out from Spam and move them back to my Inbox.
I would like to automatize this (or at least large parts of it) by creating an Outlook “Unspam” mail rule that moves emails from a list of known senders from Spam back to my Inbox but unfortunately – it seems – Outlook’s mail rules can only be applied to emails newly arrived in the Inbox but not in other folders.
Is there a way to apply such mail rules also automatically to emails in the Spam/Junk folder?
My Email provider runs its own (unfortunately very bad) spam filter and continues to sort tons of legit emails as false positives into my Spam folder. These emails are then synchronized to my Outlook where I then always have to angle them out from Spam and move them back to my Inbox.I would like to automatize this (or at least large parts of it) by creating an Outlook “Unspam” mail rule that moves emails from a list of known senders from Spam back to my Inbox but unfortunately – it seems – Outlook’s mail rules can only be applied to emails newly arrived in the Inbox but not in other folders. Is there a way to apply such mail rules also automatically to emails in the Spam/Junk folder? Read More
Viva Connections Feed Web Part and Video News Link Retirement
The Feed for Viva Connections webpart was a feature that brought personalized content into a user feed, in a single experience. This content included news published in SharePoint, posts in Viva Engage communities, and Stream videos in SharePoint. The Video News Link allowed for Stream videos to appear in the Viva Connections feed. This content was automatically populated in a user’s feed based on the communities and sites they followed.
Our focus is to deliver the most efficient and enjoyable experience for our users, which means phasing out certain features is necessary to streamline and enhance the user experiences across our applications. In our efforts to elevate our platform-we will be retiring the Feed for Viva Connections web part and the Video News Link which we announced in our MC post on August 1st.
Video news link
Starting September 1, 2024, the Feed for Viva Connections web part and the Video news link will no longer be available for SharePoint site editors to add to their sites.
Furthermore, on November 5, 2024, existing instances of the Feed for Viva Connections web parts and Video News Link will no longer display content.
To ensure a smooth transition, site editors and SharePoint admins should update the affected sites with the recommended alternative solutions. Additionally, please update any relevant documentation to reflect these changes.
Explore new alternatives
To continue surfacing feed content on SharePoint sites, the following web parts provide an alternative to the Feed for Viva Connections web part and the Video news link. We encourage you to explore our alternatives to keep employees engaged and informed:
Alternative solution to featuring News posts in SharePoint
News web part– Allows you to display a collection of news posts from various SharePoint sources. – Use the News web part on a SharePoint page – Microsoft Support
Alternative solution for featuring Viva Engage in SharePoint
Viva Engage web parts – Allows you to display the Viva Engage conversations and highlights to SharePoint. Use a Viva Engage web part in SharePoint – Microsoft Support
Alternative solutions for featuring Stream videos in SharePoint and videos hosted on a SharePoint site:
File and media web part – Allows you to feature a single video on a SharePoint page: Featuring a video on a page – Microsoft Stream | Microsoft Learn
Highlighted content web part – Allows you to feature a list of videos on a page: Featuring a set of videos on a page – Microsoft Stream | Microsoft Learn
Video Pages – Allows you to create video centric page content with a page template: Create video pages on SharePoint – Microsoft Support
Resources
We understand the importance of a smooth transition and are dedicated to providing support throughout this change. You can learn more and follow our guide for additional help.
Microsoft Tech Community – Latest Blogs –Read More
Frequently asked questions about the unified security operations platform
We recently announced the GA of Microsoft Sentinel in the Defender portal, as part of the unified security operations platform. In this blog we offer answers to many of the questions we’ve heard from our customers and partners, which can be used, along with our documentation , to get started with our new experience.
What is a unified security operations platform?
A unified security operations platform brings the tools a security team needs to do their job into a single experience, with a single data model and unified features to increase protection, reduce response time and improve overall efficiency of the security operation center (SOC)
While other security vendors may claim to offer a unified security operations platform, only Microsoft delivers one with a leading SIEM and leading XDR, embedded generative AI and posture management, with robust, underlying threat intelligence all in a single experience.
Why is Microsoft Security well positioned to deliver a unified security operations platform?
Microsoft has been on a mission to empower security operations teams by unifying the many tools essential for protecting a digital estate and delivering them into an effective solution driven by AI and automation.
We’ve already empowered SOC teams to build a powerful defense using the most comprehensive XDR platform on the market, Microsoft Defender XDR, by delivering unified visibility, investigation, response across endpoints, hybrid identities, emails, collaboration tools, cloud apps, and data.
We also help provide unparalleled visibility into the overall threat landscape with our cloud-native SIEM solution, Microsoft Sentinel, to extend coverage to every edge and layer of the digital environment.
These experiences were already natively integrated with bi-directional connectors, giving security operations teams an easy way to benefit from the comprehensiveness and flexibility of the SIEM and the threat driven approach of the XDR.
Now, Microsoft is continuing on this journey, by delivering a more comprehensive offering for security operations that brings SIEM, XDR, exposure management, GenAI and threat intelligence all into a single experience.
Is “unified security operation platform” a new product?
No. Our security operations platform is a single experience we are offering for users of Microsoft Sentinel, Defender XDR, and Copilot for Security in the Defender portal. This doesn’t impact the products we have today. We will continue to invest in Microsoft Sentinel and Defender XDR, as well as features that stretch across the two of them.
What is GA now (August 2024)?
Microsoft Sentinel in the Defender portal for commercial cloud customers using Microsoft Sentinel and at least one Defender XDR workload is Generally Available. We will support the on-boarding of a single workspace, single tenant at this time. We will continue to expand availability and use cases to address the needs of all customers.
Is Microsoft Sentinel going away?
No, Microsoft Sentinel is not going away. We are delivering a new way to use Microsoft Sentinel and Defender XDR together to ensure customers get a more valuable and an easier experience. Microsoft Sentinel will continue to exist in Azure as a standalone experience for customers not yet ready to switch to the unified platform. We continue to invest in both Microsoft Sentinel and Defender XDR, along with features that will stretch across both of them.
Can I still use Microsoft Sentinel in the Azure portal?
Yes, Microsoft Sentinel is still available in the Azure portal.
Does Defender XDR data need to be ingested into Microsoft Sentinel to get insights across the two products in the unified security operations platform?
No. With unification, customers can query and correlate alerts to incidents without the need to ingest XDR data into Microsoft Sentinel. Customers may still ingest data into Microsoft Sentinel if they need extended retention or compliance reasons.
What will be unified between Microsoft Sentinel and Defender?
Our goal is to unify all experiences across the two products in the near future. At the time of GA some of the features unified include (but are not limited to):
Overview page: The overview dashboard will provide insights across all data.
Incident queue: The incident queue will now be unified across all data, giving you a single place to prioritize work.
Incident page: Now, customers will be able to see all information about their incident, from data sources that are brought in through Microsoft Sentinel and those monitored by my Microsoft Defender XDR in one place.
Entities: The user, device and IP entity pages will now combine information from Microsoft Sentinel and Defender XDR, improving entity and incident investigation.
Advanced hunting: one place will now cover data, queries and functions across your Microsoft Sentinel and Defender XDR data.
Data model: Now, a normalized and consistent data model across Microsoft Sentinel and Defender XDR.
Automatic attack disruption on SAP: Attack disruption already exists for accounts that are monitored by Microsoft Defender XDR. Now, customers who have the Microsoft Sentinel Solution for SAP can benefit from enhanced coverage with automated response to stop lateral movement of attackers by using security signals and research to detect the breach and automatically disable an account.
Global search: ability to search across all entities in SIEM and XDR
Out of the box settings: Microsoft Sentinel customers will benefit from more turnkey setting, including analytics ,rules on their log data
We continue to add additional capabilities.
Will the embedded Copilot for Security experience work on my Microsoft Sentinel data if I connect my Microsoft Sentinel workspace to Defender portal?
Yes, Copilot for Security skills that exist in the embedded Defender portal will work on Microsoft Sentinel data if a customer selects to connect their workspace to the unified security operations platform.
What do I need to have to onboard?
To onboard and use Microsoft Sentinel in the Microsoft Defender portal, you must have the following resources and access:
At least one Defender XDR workload deployed and an existing Microsoft Sentinel workspace
A Microsoft Entra tenant that’s allow-listed by Microsoft to connect a workspace through the Defender portal
A Log Analytics workspace that has Microsoft Sentinel enabled
The data connector for Microsoft Defender XDR (formerly named Microsoft 365 Defender) enabled in Microsoft Sentinel for incidents and alerts
Microsoft Defender XDR onboarded to the Microsoft Entra tenant
An Azure account with the appropriate roles to onboard and use Microsoft Sentinel in the Defender portal. The following table highlights some of the key roles needed.
We will be expanding eligibility and support for customers requiring multi-tenancy, multi-workspace, Government Cloud and Microsoft Sentinel only in the coming months.
Does anything change for the Microsoft Defender XDR experience?
No – customers using Microsoft Defender XDR will continue to use it in the Defender portal as they do today.
Just as customers can’t access features for XDR workloads that aren’t yet deployed, this will be the same for customers who do not have Microsoft Sentinel onboarded.
Can customers switch the Microsoft Sentinel experience back and forth between the Defender and Azure portal?
Yes, Microsoft Sentinel will continue to exist as a standalone experience, so customers will be able to switch back and forth between the two portals if needed.
Some experiences in the Defender portal will link back to the Azure portal when necessary.
Will any settings be changed?
Customers who use the Microsoft Defender XDR connector today will not need to make changes.
Those not yet using the connector will need to turn it on to benefit from the new unified platform. Learn more about the connector here.
Analytics rules, automation rules and playbooks will continue to work exactly as they are without any changes.
What is the benefit of a unified incident queue alert correlation?
We’ve seen up to 80% (based on internal Microsoft research) reduction of Microsoft Sentinel incidents for early customers as out-of-the-box rules available in the unified platform help to ensure better correlation, reducing the noise that security teams often struggle with.
With the new unified incident experience, context-rich incidents are generated, modeling attacker behavior across all available signals available in Microsoft Sentinel, Microsoft Defender XDR and Microsoft Defender for Cloud. This will allow us to describe attacks across the entire digital estate more accurately and fully, including cloud, on-prem and custom applications.
What is the benefit of a unified hunting experience?
With the unified hunting experience customers have a single place to explore all data available, for hunting and investigation purposes, a user can:
Query all data from the Sentinel workspace and Microsoft Defender XDR
Access all Logs content of the workspace, including queries and functions.
Is pricing changing? Are the benefits changing?
Business models for Microsoft Defender XDR and Microsoft Sentinel are not changing.
Microsoft Sentinel and Defender XDR will continue to be sold as separate products.
The E5 benefit continues to be in place for customers ingesting Microsoft Defender XDR data into Microsoft Sentinel, which is useful for extended retention and compliance.
How do I extend retention of Defender XDR data past 30 days?
There are no changes to the way we charge for extended data retention for XDR – we continue to recommend customers ingest their data into Microsoft Sentinel if it needs to be retained past 90 days.
E5, A5, F5, and G5 customers may be eligible for a data ingestion benefit (See the Microsoft Sentinel benefit offer page for details.)
Customers not eligible for the Microsoft Sentinel benefit (those without E5, A5, F5 or G5 licenses), but who choose to extend Microsoft Defender XDR data retention with Microsoft Sentinel beyond the default 30 days will incur standard Microsoft Sentinel ingestion and retention charges.
See the Microsoft Sentinel pricing page for details.
Will Microsoft Sentinel APIs continue to work?
Yes- all Microsoft Sentinel APIs will continue to work. There are no changes needed.
Will customers need to rearchitect their Microsoft Sentinel workspace in the unified portal?
No – we have made it easy to connect your Microsoft Sentinel workspace into the defender portal with minimal impact to your existing set up.
Can I still access Microsoft Sentinel instance in the Azure portal?
Yes, you can still use your Microsoft Sentinel experience in the Azure portal.
Are there any capabilities that customers will need the Microsoft Sentinel in Azure portal for today?
Customers will be able to manage their operations on the unified security operations platform. In certain instances, Microsoft Sentinel scenarios within the Defender portal may necessitate the execution of actions in Azure. Actions would be initiated in the Defender portal, but may open a new browser tab, directing them to the Azure portal to complete the required tasks.
Will I be forced to move to the unified security operations platform?
We understand not all customers are ready to use the new experience at this time. You will still be able to access your Microsoft Sentinel in the Azure portal, even if you have connected the two products.
We do recommend that customers product try out the new experience, which has been built to optimize the way they protect their organizations with streamlined workflows and additional features.
What is the process for onboarding a Microsoft Sentinel workspace into the Defender portal?
Customers shouldn’t hold off on setting up their Microsoft Sentinel workspace until they have access. They will still need to architect their workspace in the Azure portal, and it will be very easy for them to move it into the Defender portal.
As an eligible customer entering the Defender portal, there will be a prompt in the top banner to start the onboarding journey by bringing in a Microsoft Sentinel workspace.
This will bring customers through a wizard to start the onboarding process:
Customers will select their primary Microsoft Sentinel workspace to onboard.
Initiating the connection will trigger a series of actions.
The wizard will provide a description of all changes that will take place after unifying the portal.
In Microsoft Sentinel today, incidents are created through rules or integrations defined by the customer. This changes in the unified platform, which automatically creates context-rich incidents across MS and non-MS products. To exclude certain incidents or alerts from your queue, you will need to filter out what you want using Alert Tuning, which has been enhanced to support more granularity.
Learn more:
Unified platform documentation: https://aka.ms/onboard-microsoft-sentinel, https://aka.ms/microsoft-sentinel-defender-portal
Mechanics video: Microsoft Defender XDR, Copilot for Security & Microsoft Sentinel now in one portal – YouTube
Set up the Defender XDR connector: Aka.ms/onboard-microsoft-sentinel
SIEM and XDR Solutions | Microsoft Security
Microsoft Sentinel pricing Microsoft Sentinel Pricing | Microsoft Azure
Microsoft Tech Community – Latest Blogs –Read More
Best practice when UPN and email address are different but both routable?
Our on-premise AD is a multi-domain forest with different business units in separate child domains. Each child domain uses a UPN of the form username[at]unitX.onpremad.com and we’ve validated all these in the cloud. However, all users have email addresses like fullname[at]emaildomain.com, that domain is also validated with Entra AD. Users frequently join teams in a different business unit so their AD account is migrated across domains and their UPN changes at that time, but their email address stays the same.
I’ve read through a lot of documentation on how the best practice is for the UPN and email to be the same for O365, but that you could have them be different using alternate ID support. But when they are different, apparently there are a number of little “gotchas” in terms of application support. So, before we sync our on-prem AD, I’m trying to understand which scenario will be the best supported over the long term with the least headaches to both users and IT.
Changing the on-prem UPN to match the email address isn’t possible due to a critical LOB app that expects the UPN suffix to break down into username and business unit domain name. So, would it best to:
Sync users with their on-prem UPN as their cloud UPN. This seems easiest to configure, but the documentation seems to imply there’s a lot of manual fixing up when the UPN changes and possibly application compatibility issues since the UPN and email are different.Sync the primary email address as the cloud UPN. Looks to require custom configuration. Has the advantage that UPN and email match and the email address rarely changes. However, I’m unclear if this is supported since we’d still have some accounts (primarily administrators) without a mailbox and so no mail or proxyAddresses fields filed in. Unclear if there are any other “gotchas” to watch out for since this is a non-standard configuration.
Thanks for any advice you can provide.
Our on-premise AD is a multi-domain forest with different business units in separate child domains. Each child domain uses a UPN of the form username[at]unitX.onpremad.com and we’ve validated all these in the cloud. However, all users have email addresses like fullname[at]emaildomain.com, that domain is also validated with Entra AD. Users frequently join teams in a different business unit so their AD account is migrated across domains and their UPN changes at that time, but their email address stays the same. I’ve read through a lot of documentation on how the best practice is for the UPN and email to be the same for O365, but that you could have them be different using alternate ID support. But when they are different, apparently there are a number of little “gotchas” in terms of application support. So, before we sync our on-prem AD, I’m trying to understand which scenario will be the best supported over the long term with the least headaches to both users and IT. Changing the on-prem UPN to match the email address isn’t possible due to a critical LOB app that expects the UPN suffix to break down into username and business unit domain name. So, would it best to:Sync users with their on-prem UPN as their cloud UPN. This seems easiest to configure, but the documentation seems to imply there’s a lot of manual fixing up when the UPN changes and possibly application compatibility issues since the UPN and email are different.Sync the primary email address as the cloud UPN. Looks to require custom configuration. Has the advantage that UPN and email match and the email address rarely changes. However, I’m unclear if this is supported since we’d still have some accounts (primarily administrators) without a mailbox and so no mail or proxyAddresses fields filed in. Unclear if there are any other “gotchas” to watch out for since this is a non-standard configuration.Thanks for any advice you can provide. Read More
