Tag Archives: microsoft
Register Service Principal for Sharepoint Online
Hello,
I tried to register a Service Principal to a Sharepoint Site according to https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs
Unfortunately, “Create” results in the following Error Message:
I have Sharepoint Admin and Site Admin Rights.
Can someone help me?
Best regards
Hello, I tried to register a Service Principal to a Sharepoint Site according to https://learn.microsoft.com/en-us/sharepoint/dev/solution-guidance/security-apponly-azureacs Unfortunately, “Create” results in the following Error Message: I have Sharepoint Admin and Site Admin Rights. Can someone help me? Best regards Read More
Users not showing as a member of a distribution list.
Hello
Please i need your help on this issue.
We have a few users that we have added to an all employee distribution list. Some of those users are not showing up in the list when we send emails to that list. Please assist.
Hello Please i need your help on this issue. We have a few users that we have added to an all employee distribution list. Some of those users are not showing up in the list when we send emails to that list. Please assist. Read More
Code in the cloud: Explore tools, training, and resources
Discover how the cloud can make you a better and more productive developer. It can even improve how you collaborate with other developers. For our July roundup, we’re exploring the latest tools, training, and resources that will help you harness the power of the cloud in your development workflows. We have info on cloud-based dev environments (like Microsoft Dev Box and GitHub Codespaces), coding companions (such as GitHub Copilot for Azure), and cloud-native tools (like .NET Aspire). Read on and find out how you can improve productivity and build better apps. We also touch on other developer-related topics from around Microsoft, including a look at working with Data Wrangler in VS Code and how to add AI to Microsoft Mesh experiences.
Secure AI Apps on Azure
Learn how to secure your AI apps on Azure. This Reactor series will cover keyless authentication, user login with Microsoft Entra, data access control for RAG applications, and private network deployment. New episodes are live July 2–July 25, 2024 and then available on demand.
Get details: .NET Aspire Developers Day
Elevate your cloud native skills. Join .NET Aspire Developers Day on July 23, 2024 to take your .NET skills to the next level. This livestreaming event will be packed with keynotes, deep-dive sessions, demos, and interactive learning. Get the details and RSVP.
Python: Build real world applications with Python
Want to learn how to build applications with Python? This Microsoft Learn path will get you started. Learn language syntax, explore patterns for structuring your app, add AI, and test your apps.
Microsoft Learn: Remote development with Visual Studio Code
Want access to more powerful hardware, consistent dev environments, and an easy way to develop across different platforms? Remote development with VS Code is the key to improving your dev workflow. Check out this free learning path from Microsoft Learn to get started.
Understanding cloud-powered development environments
Get instant access to the latest hardware running in the cloud right next to your source code and CI/CD servers. Watch this Microsoft Build session on demand for a look at Microsoft Dev Box and GitHub Codespaces to explore your options.
Microsoft Learn: Get started with .NET Aspire
Ready to get started with .NET Aspire? Check out this collection of resources to learn about .NET Aspire—an opinionated, cloud-ready stack for building distributed applications. See how it helps with orchestration, tooling, and more.
Siemens Healthineers China expedites product time to market with Microsoft Dev Box
What happened when the Siemens Healthineers China dev team turned to Microsoft Dev Box for prebuilt, tailored dev and test environments in the cloud? Developers could collaborate more easily worldwide and complete projects faster. Learn more.
Beginner guide: Getting started with C# and .NET in VS Code
Take your first steps to building apps with .NET, C#, and VS Code. This video will help you set up your entire VS Code environment and necessary extensions in under 10 minutes.
GitHub Copilot for Azure: Your cloud coding companion in VS Code
Want to enhance your coding experience? Meet GitHub Copilot for Azure, the latest addition for your dev toolkit. This extension integrates with GitHub Copilot Chat in VS Code, bringing Azure expertise right to your fingertips. Learn more.
Microsoft Learn: Accelerate developer productivity with GitHub and Azure for Developers
Learn all the skills you need to start coding in the cloud with GitHub Copilot. Discover how GitHub Copilot can help you write code faster, understand code from other developers, create documentation, debug problems, and learn new skills.
Quickstart for GitHub Codespaces
Try GitHub Codespaces in just 5 minutes. This step-by-step guide shows you how to create a codespace and use essential features. Connect to a forwarded port, publish to a new repository, and personalize your setup with extensions.
Deep dive into GitHub Codespaces
Dig deeper into GitHub Codespaces. GitHub Codespaces is an instant, cloud-based dev environment. Take a closer look at how GitHub Codespaces works under the hood. And learn how to customize your development environment.
The present and future of Copilot extensibility: Top 10 takeaways from Build 2024
Explore 10 key takeaways from Microsoft Build about Copilot extensibility. Discover new pathways to extend, customize, and amplify Copilot capabilities.
GitHub Copilot’s @workspace – Deep Dive
Get to know GitHub Copilot’s new @workspace participant—as well as its @terminal and @vscode participants. Watch some demos and find out how participants enable more relevant and faster suggestions and responses to questions.
What’s new for Office Add-ins at Build 2024
What’s new for Office Add-ins? Get an overview of new capabilities and features for Office Add-ins development announced at Microsoft Build. Get details about the VS Code extension and the GitHub Copilot extension for Office Add-ins.
C++ in VS Code: Building your Code with CMake
Discover the benefits of using a build system. This video shows how to add the CMake build system to a C++ project in VS Code. Learn how to navigate the CMake Tools extension, create a CMakeLists.txt file, and use CMake presets.
Do more in Microsoft Mesh with data and AI
Did you know you can use data and AI to enhance your custom Microsoft Mesh experience? Find out how to get started with AI in Mesh, and learn about a creative real-world example from Sulava, a Microsoft partner.
Discover the power of customization with Microsoft Copilot extensions
Microsoft Copilot extensions help enhance your organization’s productivity, skills, and creativity. With extensions, users get a Copilot experience that’s customized with data, systems, and workflows. Check out this free infographic to learn more.
A developer’s guide to customizing Copilot
Watch a developer’s guide to customizing Copilot. This Microsoft Build session, available on demand, covers what you need to know to start developing Copilot extensions.
Build Your first end-to-end test with Playwright
Use Playwright to test a web app. This free Microsoft Learn module will show you how to run tests, view reports, and explore project structure. Find out how to use VS Code for everything from test execution and debugging to creating and refining test suites.
Mastering your data with Data Wrangler in VS Code
Harness your data with Data Wrangler. The free Data Wrangler extension offers data viewing and cleaning directly in VS Code and the Jupyter extension. It provides a rich UI to view and analyze your data, show visualizations, automatically generate Pandas code, and more.
Easy web deployment with GitHub Copilot
Discover easier web deployment with GitHub Copilot. This demo shows how to deploy a website to Azure Container Apps with help from GitHub Copilot in VS Code.
DevOps foundations: Core principles and practices
Explore core principles and practices of DevOps. This Microsoft Learn path will help you improve collaboration, agility, CI/CD, and automation in your organization throughout all phases of the application lifecycle.
Enhancing Microsoft Teams to support developer productivity and collaboration
Read about new tools and capabilities coming to Microsoft Teams to boost developer productivity and help dev teams collaborate more effectively.
Microsoft Loop transforms the way developer teams work
Microsoft Loop transforms the way developer teams work. It provides a central and flexible place for your work, helping teams stay in sync and on track. See how.
Microsoft Tech Community – Latest Blogs –Read More
New Blog | Evolve your CIAM strategy with External ID
By Ankur Patel
Last month we announced the general availability of our next generation customer identity and access management solution, Microsoft Entra External ID. External ID makes Customer Identity & Access Management (CIAM) secure and simple by enabling you to:
Secure all external identities: Managing several disparate solutions can overcomplicate your security strategy. By adopting External ID as your CIAM solution, you can secure all identity types within your Microsoft Entra admin center, safeguarding all external identities with industry-leading security, including our own conditional access engine, verifiable credentials, and built-in identity governance.
Create frictionless user experiences: The rise of fraud, GenAI, and identity attacks has increased end-user fear when it comes to security risks online. With External ID, you can build frictionless, branded, user centric interfaces into your web and mobile applications to increase brand awareness, build user trust and drive user engagement. Check out an example in the WoodGrove Groceries demo!
Streamline secure collaboration: Collaborating with external users and ensuring they have the right access at the right time is complex. Simplify collaboration by inviting business guests with External ID and defining what internal resources they can access across SharePoint, Teams, and OneDrive.
Accelerate the development of secure applications: Integrating robust and extensive user flows into apps can take developers months. Shorten development time to minutes by leveraging External ID’s rich set of APIs, SDKs, and integrations with developer tools, such as Visual Studio Code, to build secure and branded identity experiences into external-facing web and mobile apps.
Best in class value at scale: Managing several security stacks can be costly. External ID brings innovative CIAM features at a cost-effective value for any growing customer without compromising on scalable, end-to-end security. For example, this approach helps us bring best-in-class identity verification like Face Check with Verified ID to reduce help desk costs for combatting fraud. Learn more about External ID pricing here.
Read the full post here: Evolve your CIAM strategy with External ID
By Ankur Patel
Last month we announced the general availability of our next generation customer identity and access management solution, Microsoft Entra External ID. External ID makes Customer Identity & Access Management (CIAM) secure and simple by enabling you to:
Secure all external identities: Managing several disparate solutions can overcomplicate your security strategy. By adopting External ID as your CIAM solution, you can secure all identity types within your Microsoft Entra admin center, safeguarding all external identities with industry-leading security, including our own conditional access engine, verifiable credentials, and built-in identity governance.
Create frictionless user experiences: The rise of fraud, GenAI, and identity attacks has increased end-user fear when it comes to security risks online. With External ID, you can build frictionless, branded, user centric interfaces into your web and mobile applications to increase brand awareness, build user trust and drive user engagement. Check out an example in the WoodGrove Groceries demo!
Streamline secure collaboration: Collaborating with external users and ensuring they have the right access at the right time is complex. Simplify collaboration by inviting business guests with External ID and defining what internal resources they can access across SharePoint, Teams, and OneDrive.
Accelerate the development of secure applications: Integrating robust and extensive user flows into apps can take developers months. Shorten development time to minutes by leveraging External ID’s rich set of APIs, SDKs, and integrations with developer tools, such as Visual Studio Code, to build secure and branded identity experiences into external-facing web and mobile apps.
Best in class value at scale: Managing several security stacks can be costly. External ID brings innovative CIAM features at a cost-effective value for any growing customer without compromising on scalable, end-to-end security. For example, this approach helps us bring best-in-class identity verification like Face Check with Verified ID to reduce help desk costs for combatting fraud. Learn more about External ID pricing here.
Our goal is to provide best in class protection from bot attacks, sign in and signup fraud and ability to audit every step of external user’s journeys
Read the full post here: Evolve your CIAM strategy with External ID Read More
New Blog | Move to cloud authentication with the AD FS migration tool!
We’re excited to announce that the migration tool for Active Directory Federation Service (AD FS) customers to move their apps to Microsoft Entra ID is now generally available! Customers can begin updating their identity management with more extensive monitoring and security infrastructure by quickly identifying which applications are capable of being migrated and assessing all their AD FS applications for compatibility.
In November we announced AD FS Application Migration would be moving to public preview, and the response from our partners and customers has been overwhelmingly positive. For some, transitioning to cloud-based security is a daunting task, but the tool has proven to dramatically streamline the process of moving to Microsoft Entra ID.
A simplified workflow, reduced need for manual intervention, and minimized downtime (for applications and end users) have reduced stress for hassle-free migrations. The tool not only checks the compatibility of your applications with Entra ID, but it can also suggest how to resolve any issues. It then monitors the migration progress and reflects the latest changes in your applications. Watch the demo to see the tool in action.
Read the full post here: Move to cloud authentication with the AD FS migration tool!
By Melanie Maynes
We’re excited to announce that the migration tool for Active Directory Federation Service (AD FS) customers to move their apps to Microsoft Entra ID is now generally available! Customers can begin updating their identity management with more extensive monitoring and security infrastructure by quickly identifying which applications are capable of being migrated and assessing all their AD FS applications for compatibility.
In November we announced AD FS Application Migration would be moving to public preview, and the response from our partners and customers has been overwhelmingly positive. For some, transitioning to cloud-based security is a daunting task, but the tool has proven to dramatically streamline the process of moving to Microsoft Entra ID.
A simplified workflow, reduced need for manual intervention, and minimized downtime (for applications and end users) have reduced stress for hassle-free migrations. The tool not only checks the compatibility of your applications with Entra ID, but it can also suggest how to resolve any issues. It then monitors the migration progress and reflects the latest changes in your applications. Watch the demo to see the tool in action.
Moving from AD FS to a more agile and responsive, cloud-native solution helps overcome some of the inherent limitations of the old way of managing identities.
Read the full post here: Move to cloud authentication with the AD FS migration tool! Read More
New Blog | More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes
Microsoft threat intelligence empowers our customers to keep up with the global threat landscape and understand the threats and vulnerabilities most relevant to their organization. We are excited to announce that we have recently accelerated the speed and scale at which we publish threat intelligence, giving our customers more critical security insights, data, and guidance than ever before.
This blog will show how our 10,000 interdisciplinary experts and applied scientists reason over more than 78 trillion daily threat signals to continuously add to our understanding of threat actors and activity. It will also show how this increased publishing cadence in Microsoft Defender Threat Intelligence (MDTI), Threat Analytics, and Copilot for Security helps enrich and contextualize hundreds of thousands of security alerts while enhancing customers’ overall cybersecurity programs.
Increased Intel Profiles
Microsoft has published 270 new Intel profiles over the past year to help customers maintain situational awareness around the threat activity, techniques, vulnerabilities, and the more than 300 named actors Microsoft tracks. These digital compendiums of intelligence help organizations stay informed about potential threats, including Indicators of Compromise (IOCs), historical data, mitigation strategies, and advanced hunting queries. Intel profiles are continuously maintained and updated by Microsoft’s threat intelligence team, which added 24 new Intel profiles in May alone, including 10 Activity Profiles, 4 Actor Profiles, 5 Technique Profiles, and 5 Vulnerability Profiles.
Intel profiles are published to both MDTI and Threat Analytics, which can be found under the “Threat Intelligence” blade in the left-hand navigation menu in the Defender XDR Portal. In Threat Analytics, customers can understand how the content in Intel profiles relates to devices and vulnerabilities in their environment. In MDTI, Intel Profiles enhance security analyst triage, incident response, threat hunting, and vulnerability management workflows.
In Copilot for Security, customers can quickly retrieve information from intel profiles to contextualize artifacts and correlate MDTI and Threat Analytics content and data with other security information from Defender XDR, such as incidents and hunting activities, to help customers assess their vulnerabilities and quickly understand the broader scope of an attack. For example, Copilot can reason over vulnerability intelligence in MDTI and Threat Analytics to deliver a customized, prioritized list based on a customer organization’s unique security posture.
Read the full post here: More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes
By Michael Browning
Microsoft threat intelligence empowers our customers to keep up with the global threat landscape and understand the threats and vulnerabilities most relevant to their organization. We are excited to announce that we have recently accelerated the speed and scale at which we publish threat intelligence, giving our customers more critical security insights, data, and guidance than ever before.
This blog will show how our 10,000 interdisciplinary experts and applied scientists reason over more than 78 trillion daily threat signals to continuously add to our understanding of threat actors and activity. It will also show how this increased publishing cadence in Microsoft Defender Threat Intelligence (MDTI), Threat Analytics, and Copilot for Security helps enrich and contextualize hundreds of thousands of security alerts while enhancing customers’ overall cybersecurity programs.
Increased Intel Profiles
Microsoft has published 270 new Intel profiles over the past year to help customers maintain situational awareness around the threat activity, techniques, vulnerabilities, and the more than 300 named actors Microsoft tracks. These digital compendiums of intelligence help organizations stay informed about potential threats, including Indicators of Compromise (IOCs), historical data, mitigation strategies, and advanced hunting queries. Intel profiles are continuously maintained and updated by Microsoft’s threat intelligence team, which added 24 new Intel profiles in May alone, including 10 Activity Profiles, 4 Actor Profiles, 5 Technique Profiles, and 5 Vulnerability Profiles.
Intel profiles are published to both MDTI and Threat Analytics, which can be found under the “Threat Intelligence” blade in the left-hand navigation menu in the Defender XDR Portal. In Threat Analytics, customers can understand how the content in Intel profiles relates to devices and vulnerabilities in their environment. In MDTI, Intel Profiles enhance security analyst triage, incident response, threat hunting, and vulnerability management workflows.
In Copilot for Security, customers can quickly retrieve information from intel profiles to contextualize artifacts and correlate MDTI and Threat Analytics content and data with other security information from Defender XDR, such as incidents and hunting activities, to help customers assess their vulnerabilities and quickly understand the broader scope of an attack. For example, Copilot can reason over vulnerability intelligence in MDTI and Threat Analytics to deliver a customized, prioritized list based on a customer organization’s unique security posture.
Read the full post here: More Threat Intelligence Content in MDTI, TA Enables Better Security Outcomes Read More
Dive into the June 2024 edition of What’s New in Copilot for Microsoft 365!
This month’s update brings you a plethora of new features across admin and end-user domains to enhance productivity within your organization. Highlights include:
Expanded availability of Copilot for Microsoft 365
New reporting tools for adoption and impact analysis in Viva Insights
Introduction of the Copilot Deployment Kit in Viva Amplify to boost user adoption
Enhancements in Copilot functionalities for Teams meetings and more in Word, PowerPoint, SharePoint
:link: Read more about the updates and how to leverage these new capabilities for your team!
This month’s update brings you a plethora of new features across admin and end-user domains to enhance productivity within your organization. Highlights include:
Expanded availability of Copilot for Microsoft 365
New reporting tools for adoption and impact analysis in Viva Insights
Introduction of the Copilot Deployment Kit in Viva Amplify to boost user adoption
Enhancements in Copilot functionalities for Teams meetings and more in Word, PowerPoint, SharePoint
:link: Read more about the updates and how to leverage these new capabilities for your team! Read More
Join us for the July Copilot and M365 for SMB community call, July 2nd Tuesday, at 12:10pm PT!
Join us next week on Tuesday 3/26 12:10-1pm PST to learn about Microsoft Loop for SMBs, meet the product team for Loop and get the latest updates what’s upcoming. See you soon!
Join link: https://aka.ms/SMBCommunitycall on 7/2 12:10-1pm PST
Here’s a preview of our agenda:
Section
Speaker / Topic
Time
Intro
Welcome & Announcements
5 mins
Announcement
Upcoming events and updates
5 mins
Primary topic
Microsoft Loop demo and overview
Microsoft Principal Product Manager Patrick Gan
15-20 mins
Close
Open Q+A
15 mins- close
Join us next week on Tuesday 3/26 12:10-1pm PST to learn about Microsoft Loop for SMBs, meet the product team for Loop and get the latest updates what’s upcoming. See you soon!
Join link: https://aka.ms/SMBCommunitycall on 7/2 12:10-1pm PST
Here’s a preview of our agenda:
Section
Speaker / Topic
Time
Intro
Welcome & Announcements
5 mins
Announcement
Upcoming events and updates
5 mins
Primary topic
Microsoft Loop demo and overview
Microsoft Principal Product Manager Patrick Gan
15-20 mins
Close
Open Q+A
15 mins- close
Adjusting time zone from UK to NZ
Morning all
Every 3 days I receive a spreadsheet from England. My country (NZ) is 11 hours ahead.
Am looking for a way to modify the start times of the football games to NZ time and make an adjustment for when the date moves forward a day to NZ time. Screenshot attached.
Many thanks
Morning allEvery 3 days I receive a spreadsheet from England. My country (NZ) is 11 hours ahead.Am looking for a way to modify the start times of the football games to NZ time and make an adjustment for when the date moves forward a day to NZ time. Screenshot attached. Many thanks Read More
SCCM Collection Machines Failing Active Patches
I need to build a collection of machines that are struggling to get patches installed successfully. We would like for the collection to be as accurate as possible with the following logic:
1) failed patch status
2) failed patch is not a patch that has not been superseded
3) patch is actively deployed
4) exclude any machine that has a reboot pending status for any patch
We do have a collection built using the logic below but feel like this is not specific enough.
(select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System as SYS Inner Join SMS_SUMDeploymentAssetDetails as SUM on SYS.ResourceID = SUM.ResourceID WHERE (sum.statustype = 5) and SUM.LastEnforcementErrorCode <> 0)
Any direction you can provide on either a sql query to gather this information or better yet actual collection logic code would greatly be appreciated.
Thanks,
Jason
I need to build a collection of machines that are struggling to get patches installed successfully. We would like for the collection to be as accurate as possible with the following logic:1) failed patch status2) failed patch is not a patch that has not been superseded3) patch is actively deployed4) exclude any machine that has a reboot pending status for any patch We do have a collection built using the logic below but feel like this is not specific enough.(select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System as SYS Inner Join SMS_SUMDeploymentAssetDetails as SUM on SYS.ResourceID = SUM.ResourceID WHERE (sum.statustype = 5) and SUM.LastEnforcementErrorCode <> 0) Any direction you can provide on either a sql query to gather this information or better yet actual collection logic code would greatly be appreciated. Thanks,Jason Read More
modern authentication method needed to continue syncing outlook email
I received an email from Microsoft the other day that stated I would need to change to a “modern authentication method” in order to continue using my Outlook email or calendar on my Apple iMac. I read all the literature but I am so confused and cannot figure out how to do this. Can anyone help?
I received an email from Microsoft the other day that stated I would need to change to a “modern authentication method” in order to continue using my Outlook email or calendar on my Apple iMac. I read all the literature but I am so confused and cannot figure out how to do this. Can anyone help? Read More
Product Migration from Legacy to New Commerce Experience
Good afternoon team,
We have a client with the product Dynamics 365 for Unf Ops Plan, Ent Edition in Legacy. We would like to know to which product the client could migrate in NCE that offers the same benefits, features, and price.
Kind Regards,
Elizabeth
Good afternoon team,We have a client with the product Dynamics 365 for Unf Ops Plan, Ent Edition in Legacy. We would like to know to which product the client could migrate in NCE that offers the same benefits, features, and price. Kind Regards,Elizabeth Read More
Formula for extracting multiple occurrences of values following a similar string of text
Hi Tech Community! I am trying to write a formula that will allow me to extract multiple strings of numbers from one cell to another, while filtering out all other irrelevant text from the source cell. For example (see attached photo), I want to be able to extract multiple 8-digit numbers, separated into the output column by “; “, that each occur after the text “ABCD: ” within a cell. I have tried multiple complex nesting functions, based off of suggestions on other similar issues, but cannot seem to tailor the functions to fit my exact needs. Any help would be appreciated!!! (I use Excel for Mac, Version 16.84 (24041420))
Hi Tech Community! I am trying to write a formula that will allow me to extract multiple strings of numbers from one cell to another, while filtering out all other irrelevant text from the source cell. For example (see attached photo), I want to be able to extract multiple 8-digit numbers, separated into the output column by “; “, that each occur after the text “ABCD: ” within a cell. I have tried multiple complex nesting functions, based off of suggestions on other similar issues, but cannot seem to tailor the functions to fit my exact needs. Any help would be appreciated!!! (I use Excel for Mac, Version 16.84 (24041420)) Read More
Is $100 Off Temu Coupon Code [afh97457] Legit?
Official Website or App: Check Temu’s official website or app for any mention of the “afh97457” coupon code. Legitimate promotions are typically advertised directly on the platform.
Trusted Coupon Sites: Look up the coupon code on reputable coupon websites that track and verify discounts. These sites often provide user feedback on the effectiveness of codes.
Terms and Conditions: Read the terms and conditions associated with the coupon. Ensure it meets any requirements such as minimum purchase amounts and check for expiration dates.
Customer Support: Contact Temu’s customer support for confirmation. They can verify the authenticity and validity of the coupon code for you.
By following these steps, you can confirm whether the Temu $100 off coupon “afh97457” is legitimate and take advantage of the savings if it is.
If you ask me. Than yes, The legitimacy of the Temu $100 off coupon code “afh97457” can be determined by a few key factors. Generally, coupon codes like this are issued by Temu to attract and reward customers. To verify if this specific coupon is legitimate, follow these steps: Official Website or App: Check Temu’s official website or app for any mention of the “afh97457” coupon code. Legitimate promotions are typically advertised directly on the platform.Trusted Coupon Sites: Look up the coupon code on reputable coupon websites that track and verify discounts. These sites often provide user feedback on the effectiveness of codes.Terms and Conditions: Read the terms and conditions associated with the coupon. Ensure it meets any requirements such as minimum purchase amounts and check for expiration dates.Customer Support: Contact Temu’s customer support for confirmation. They can verify the authenticity and validity of the coupon code for you. By following these steps, you can confirm whether the Temu $100 off coupon “afh97457” is legitimate and take advantage of the savings if it is. Read More
Unable to download 7.0.2046.524 Core Components update?
I am met with a 403 forbidden when I try to download the
5029968 Cumulative Update july 2023 7.0.2046.524 for Skype for Business Server 2019, Core Components
from Opdateringer for Skype for Business Server 2019 (KB4470124) – Microsoft Support
I have downloaded all other 7.0.2046.524 updates without problems.
Does anyone know what is going on here?
I am met with a 403 forbidden when I try to download the 5029968 Cumulative Update july 2023 7.0.2046.524 for Skype for Business Server 2019, Core Components from Opdateringer for Skype for Business Server 2019 (KB4470124) – Microsoft Support I have downloaded all other 7.0.2046.524 updates without problems. Does anyone know what is going on here? Read More
New Blog | Architecting secure Generative AI: Safeguarding against indirect prompt injection
By Roee Oz
As developers, we must be vigilant about how attackers could misuse our applications. While maximizing the capabilities of Generative AI (Gen-AI) is desirable, it’s essential to balance this with security measures to prevent abuse.
In a previous blog post – https://techcommunity.microsoft.com/t5/security-compliance-and-identity/best-practices-to-architect-…, I covered how a Gen AI application should use user identities for accessing sensitive data and performing sensitive operations. This practice reduces the risk of jailbreak and prompt injections, as malicious users cannot gain access to resources they don’t already have.
However, what if an attacker manages to run a prompt under the identity of a valid user? An attacker can hide a prompt in an incoming document or email, and if a non-suspecting user uses a Gen-AI LLM application to summarize the document or reply to the email, the attacker’s prompt may be executed on behalf of the end user. This is called indirect prompt injection. This blog focuses on how to reduce its risks.
Definitions
Prompt Injection Vulnerability occurs when an attacker manipulates a large language model (LLM) through crafted inputs, causing the LLM to unknowingly execute the attacker’s intentions. This can be done directly by “jailbreaking” the system prompt or indirectly through manipulated external inputs, potentially leading to data exfiltration, social engineering, and other issues.
Direct Prompt Injections, also known as “jailbreaking,” occur when a malicious user overwrites or reveals the underlying system prompt. This allows attackers to exploit backend systems by interacting with insecure functions and data stores accessible through the LLM.
Indirect Prompt Injections occur when an LLM accepts input from external sources that can be controlled by an attacker, such as websites or files. The attacker may embed a prompt injection in the external content, hijacking the conversation context. This can lead to unstable LLM output, allowing the attacker to manipulate the user or additional systems that the LLM can access. Additionally, indirect prompt injections do not need to be human-visible/readable, as long as the text is parsed by the LLM.
Real-life examples
Indirect prompt injection occurs when an attacker injects instructions into LLM inputs by hiding them within the content the LLM is asked to analyze, thereby hijacking the LLM to perform the attacker’s instructions. For example, consider hidden text in resumes.
As more companies use LLMs to screen resumes, some websites now offer to add invisible text to your resume, causing the screening LLM to favor your CV.
I have simulated such a jailbreak by first uploading a CV for a fresh graduate into Microsoft Copilot and asking if it qualifies for a “Software Engineer 2” role, which requires 3+ years of experience. You can see that Bing correctly rejects it.
Read the full post here: Architecting secure Generative AI applications: Safeguarding against indirect prompt injection
By Roee Oz
As developers, we must be vigilant about how attackers could misuse our applications. While maximizing the capabilities of Generative AI (Gen-AI) is desirable, it’s essential to balance this with security measures to prevent abuse.
In a previous blog post – https://techcommunity.microsoft.com/t5/security-compliance-and-identity/best-practices-to-architect-…, I covered how a Gen AI application should use user identities for accessing sensitive data and performing sensitive operations. This practice reduces the risk of jailbreak and prompt injections, as malicious users cannot gain access to resources they don’t already have.
However, what if an attacker manages to run a prompt under the identity of a valid user? An attacker can hide a prompt in an incoming document or email, and if a non-suspecting user uses a Gen-AI LLM application to summarize the document or reply to the email, the attacker’s prompt may be executed on behalf of the end user. This is called indirect prompt injection. This blog focuses on how to reduce its risks.
Definitions
Prompt Injection Vulnerability occurs when an attacker manipulates a large language model (LLM) through crafted inputs, causing the LLM to unknowingly execute the attacker’s intentions. This can be done directly by “jailbreaking” the system prompt or indirectly through manipulated external inputs, potentially leading to data exfiltration, social engineering, and other issues.
Direct Prompt Injections, also known as “jailbreaking,” occur when a malicious user overwrites or reveals the underlying system prompt. This allows attackers to exploit backend systems by interacting with insecure functions and data stores accessible through the LLM.
Indirect Prompt Injections occur when an LLM accepts input from external sources that can be controlled by an attacker, such as websites or files. The attacker may embed a prompt injection in the external content, hijacking the conversation context. This can lead to unstable LLM output, allowing the attacker to manipulate the user or additional systems that the LLM can access. Additionally, indirect prompt injections do not need to be human-visible/readable, as long as the text is parsed by the LLM.
Real-life examples
Indirect prompt injection occurs when an attacker injects instructions into LLM inputs by hiding them within the content the LLM is asked to analyze, thereby hijacking the LLM to perform the attacker’s instructions. For example, consider hidden text in resumes.
As more companies use LLMs to screen resumes, some websites now offer to add invisible text to your resume, causing the screening LLM to favor your CV.
I have simulated such a jailbreak by first uploading a CV for a fresh graduate into Microsoft Copilot and asking if it qualifies for a “Software Engineer 2” role, which requires 3+ years of experience. You can see that Bing correctly rejects it.
Figure 1: Example prompting for a CV
Read the full post here: Architecting secure Generative AI applications: Safeguarding against indirect prompt injection
how to install preview build 26052.
how to install preview build 26052 i am on 22631
how to install preview build 26052 i am on 22631 Read More
T-SQL : INSERT INTO SELECT Issues – READ UNCOMMITTED ISOLATION LEVEL
So we’ve have some strange issues appear in our Production system and we think it comes down to a stored procedure (SQL Server 2019) that employs an INSERT INTO SELECT clause.
Here is a sample snippet of the code identical to what we have coded currently
SET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
BEGIN TRANSACTION
SAVE TRANSACTION Tran1
DELETE FROM Tab1
WHERE CurrentDate = ’01-Jan-2024′
INSERT INTO Tab1
(col1,col2,col3)
SELECT cola,colb,colc
FROM Tab2
INNER JOIN Tab3 on (Tab3.Cola = Tab2.Cola)
WHERE NOT EXISTS ( SELECT NULL
FROM Tab1
WHERE Tab1.Col1 = Tab2.Cola
AND Tab1.CurrentDate = ’01-Jan-2024′
)
Some points about the code snippet.
The DELETE ensures there will not data in Tab1 for the date being processed.I also understand that Insertion order is not guaranteed to be the same as result set order but that is not of concern in this scenario
Now for my questions:
My understanding has always been INSERTION of rows does not begin until the dataset has been retrieved from the subquery. Is this correct?If this is not correct, I am atleast guaranteed that there is no chance of the subquery reading Tab1 “seeing” the rows being inserted into Tab1. This would make the final output totally unpredictable. Is this correct?
The reason I ask these questions, we are seeing totally different output each month in Tab1. We expect this to be constant but we are seeing rows being excluded in some months and the very same rows that excluded one month are added back the next month.
Another wrinkle here is that I am using the READ UNCOMMITTED ISOLATION LEVEL. I use this sparingly and can guarantee that Tab1 sees no activity during the times we run this. Does this isolation change any of the responses to the questions above?
Thanks in advance.
So we’ve have some strange issues appear in our Production system and we think it comes down to a stored procedure (SQL Server 2019) that employs an INSERT INTO SELECT clause. Here is a sample snippet of the code identical to what we have coded currentlySET TRANSACTION ISOLATION LEVEL READ UNCOMMITTED
BEGIN TRANSACTION
SAVE TRANSACTION Tran1
DELETE FROM Tab1
WHERE CurrentDate = ’01-Jan-2024′
INSERT INTO Tab1
(col1,col2,col3)
SELECT cola,colb,colc
FROM Tab2
INNER JOIN Tab3 on (Tab3.Cola = Tab2.Cola)
WHERE NOT EXISTS ( SELECT NULL
FROM Tab1
WHERE Tab1.Col1 = Tab2.Cola
AND Tab1.CurrentDate = ’01-Jan-2024′
)Some points about the code snippet.The DELETE ensures there will not data in Tab1 for the date being processed.I also understand that Insertion order is not guaranteed to be the same as result set order but that is not of concern in this scenarioNow for my questions:My understanding has always been INSERTION of rows does not begin until the dataset has been retrieved from the subquery. Is this correct?If this is not correct, I am atleast guaranteed that there is no chance of the subquery reading Tab1 “seeing” the rows being inserted into Tab1. This would make the final output totally unpredictable. Is this correct?The reason I ask these questions, we are seeing totally different output each month in Tab1. We expect this to be constant but we are seeing rows being excluded in some months and the very same rows that excluded one month are added back the next month.Another wrinkle here is that I am using the READ UNCOMMITTED ISOLATION LEVEL. I use this sparingly and can guarantee that Tab1 sees no activity during the times we run this. Does this isolation change any of the responses to the questions above? Thanks in advance. Read More
Help to Capture SP error without try catch block
Hi there, I have 100s of SPs to make change at one shot without touching existing logic. Many SPs have try catch block many dont have. im looking to track if sp ran successful or had failed (if possible why it failed). As you could see im tracking start and end time. Would be helpful if i could track status and errors. add same line of code to all sps without dependency on try catch block. Thanks ALTER PROCedure [Audit].[sptemplate]as begin–Assign Execution idDECLARE @UID UNIQUEIDENTIFIER = NEWID() –Capture StartTimedeclare @starttime datetime = getdate() /*insert into anothertableselect from table business logic */ –Capture StartTimedeclare @endtime datetime = getdate() –Write to LogTableinsert into [Audit].[ETLRunTimeLog] ([LogID],[ProcessName],[StartTime],[EndTime])select @UID u,(SELECT OBJECT_NAME(@@PROCID) ), @starttime s, @endtime e end Read More
VLookup Error – Formula not working when adding another Sheet
Hi All, I currently have a excel SS with 3 sheets. Column A on all 3 sheets is a list of account numbers I am using the Vlookup function to add the values of column B on sheets 2 and 3 to their correct account numbers on sheet one. I use this formula multiple times a year.
=VLOOKUP(A2,Sheet2!A1:B2423,2,FALSE) Working
This formula currently works like a charm. This time around I have added sheet three and adjusted the
formula for the sheet and table array range and I am getting a value not available error #N/A.
=VLOOKUP(A2,Sheet3!A1:B2049,2,FALSE) Not working
The whole spreadsheet is General for cell format, 2 to be okay for Col index as the values i want to pull are from column B and am pretty sure there are no random spaces I am missing. All of this is more confusing because the formula works for one sheet but not the other. Any assistance would be great. Thank you.
Hi All, I currently have a excel SS with 3 sheets. Column A on all 3 sheets is a list of account numbers I am using the Vlookup function to add the values of column B on sheets 2 and 3 to their correct account numbers on sheet one. I use this formula multiple times a year.=VLOOKUP(A2,Sheet2!A1:B2423,2,FALSE) WorkingThis formula currently works like a charm. This time around I have added sheet three and adjusted theformula for the sheet and table array range and I am getting a value not available error #N/A.=VLOOKUP(A2,Sheet3!A1:B2049,2,FALSE) Not working The whole spreadsheet is General for cell format, 2 to be okay for Col index as the values i want to pull are from column B and am pretty sure there are no random spaces I am missing. All of this is more confusing because the formula works for one sheet but not the other. Any assistance would be great. Thank you. Read More