Tag Archives: microsoft
Microsoft Defender for Office 365 For Zoho Email Solution
Hello All,
I am currently having a mix of email solution providers between O365 and Zoho ( Cloud Based Email Solution) just need to understand the below:
1. Can I protect my 3rd party email solution with MDO P1
2. What are the licensing components i need to look at and its architecture
Thank you.
Hello All,
I am currently having a mix of email solution providers between O365 and Zoho ( Cloud Based Email Solution) just need to understand the below:
1. Can I protect my 3rd party email solution with MDO P1
2. What are the licensing components i need to look at and its architecture
Thank you. Read More
Clarify the purpose of labelling features in Microsoft Defender for Cloud Apps and Purview
I find the lineup of Microsoft’s products, bundles and licenses confusing. The names seem to change regularly and it is difficult to know whether documentation is referring to old or new features.
I’m looking into sensitivity labels and what features are available for different license levels. The main features are provided in the Purview portal but there are other sensitivity label features in Microsoft Defender for Cloud Apps.
From my understanding, a user with an Office 365 E3 license will be licensed for the entry level Purview components (Information Protection, Data Loss Prevention, Data lifecycle management, eDiscovery and auditing, insider risk management). You need to step up to Office 365 E5 to get auto-labeling features.
Microsoft Defender for Cloud Apps also has some sensitivity labeling features. I believe this requires a Microsoft 365 E5 or a (Office 365 E5 + Enterprise Mobility + Security E5). Which means you would also have access to most of the Purview features.
What is the difference between the Microsoft Defender for Cloud Apps sensitivity label features compared to the Purview features for Microsoft 365 content? Is it just for labeling content in other cloud services like Box and Dropbox? I saw one article that says the Cloud Apps feature can only label 100 (SharePoint?) items per day.
I find the lineup of Microsoft’s products, bundles and licenses confusing. The names seem to change regularly and it is difficult to know whether documentation is referring to old or new features. I’m looking into sensitivity labels and what features are available for different license levels. The main features are provided in the Purview portal but there are other sensitivity label features in Microsoft Defender for Cloud Apps. From my understanding, a user with an Office 365 E3 license will be licensed for the entry level Purview components (Information Protection, Data Loss Prevention, Data lifecycle management, eDiscovery and auditing, insider risk management). You need to step up to Office 365 E5 to get auto-labeling features. Microsoft Defender for Cloud Apps also has some sensitivity labeling features. I believe this requires a Microsoft 365 E5 or a (Office 365 E5 + Enterprise Mobility + Security E5). Which means you would also have access to most of the Purview features. What is the difference between the Microsoft Defender for Cloud Apps sensitivity label features compared to the Purview features for Microsoft 365 content? Is it just for labeling content in other cloud services like Box and Dropbox? I saw one article that says the Cloud Apps feature can only label 100 (SharePoint?) items per day. Read More
Accessing app centric permission via API
Hi,
is there any way to access (get/set) app centric permissions from GraphAPI or any other API? Our usecase is that we want to set the configuration programatically and also assign groups to specific apps without using the admin.teams portal.
Best Regards
Lars
Hi, is there any way to access (get/set) app centric permissions from GraphAPI or any other API? Our usecase is that we want to set the configuration programatically and also assign groups to specific apps without using the admin.teams portal. Best Regards Lars Read More
AKS Networking || Bring your own CNI plugin (BYOC)
Bring your own Container Network Interface (BYOCNI) plugin with Azure Kubernetes Service (AKS)
What is BYOCNI?
BYOCNI stands for Bring Your Own Container Network Interface. It allows advanced AKS users to deploy an AKS cluster with no CNI plugin preinstalled. Instead, you can install any third-party CNI plugin that works in Azure. This flexibility enables you to use the same CNI plugin used in on-premises Kubernetes environments or leverage advanced functionalities available in other CNI plugins.
Before diving into BYOCNI, ensure the following prerequisites are met:
– Use at least template version 2022-01-02-preview or 2022-06-01 for Azure Resource Manager (ARM) or Bicep.
– Have Azure CLI version 2.39.0 or later.
– The virtual network for the AKS cluster must allow outbound internet connectivity.
– Avoid using specific address ranges (e.g., 169.254.0.0/16, 172.30.0.0/16, 172.31.0.0/16, or 192.0.2.0/24) for Kubernetes service, pod address range, or cluster virtual network address range.
– The Identity used by the AKS cluster need to have least Network Contributor permissions on the subnet within your virtual network. Or you can use the custom role which has “Microsoft.Network/virtualNetworks/subnets/join/action and Microsoft.Network/virtualNetworks/subnets/read” permission.
– Subnet cannot be a delegated subnet used by AKS node pool.
– AKS doesn’t apply NSGs to its subnet or modify any of the NSGs associated with that subnet. If you add custom NSGs to the subnet, ensure the security rules allow traffic within the node CIDR range.
Deploy AKS cluster with no CNI plugin preinstalled:
You can deploy the AKS cluster with different Infrastructure as code (IAC) and CLI. We just need to pass network-plugin with the value as none. Refer the below snapping for the same.
1. Azure CLI:
2. Terraform:
3. ARM template:
4. Bicep:
Upon a successfully deployment you can see the AKS cluster is online, but all the nodes are not ready, you can check and verify the same on the azure poral as well as by running the kubectl commands as shown below,
Azure portal:
kubectl:
We can clearly see the reason:NetworkPluginNotReady in the blow snapping.
Now to make the nodes ready we need to install the network plugin. To do so you can leverage BYOCNI plugin third-party vendor such as Cilium, Flannel and Weave. Apart from these three there are so many other 3rd party plugins as well. You can run the below command to install the network plugin. In my Case I have used Flannel.
kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
After applying the above kubectl commands the nods are now in ready state as you can see below,
Portal:
Using kubectl:
Note:
Remember that Microsoft support cannot assist with CNI-related issues in clusters deployed with BYOCNI. For CNI-related support, consider using a supported AKS network plugin or seek support from the third-party vendor of your chosen CNI plugin. Support is still provided for non-CNI-related issues.
BYOCNI empowers you to tailor your AKS networking to your specific requirements.
Microsoft Tech Community – Latest Blogs –Read More
Verify if my app has active connectivity with my databases?
Hi my apps are working but for example must display messages with the ticket fail and it doesn’t.
I’m attaching a picture when it worked well and a photo of what it does now.
How do I do to see that my app has everything it needs for its correct functioning?, Taking into account that it was working fine until before a Windows update that my server made, my database is SQL Server.
Hi my apps are working but for example must display messages with the ticket fail and it doesn’t.I’m attaching a picture when it worked well and a photo of what it does now.How do I do to see that my app has everything it needs for its correct functioning?, Taking into account that it was working fine until before a Windows update that my server made, my database is SQL Server. Read More
Azure Container Apps Newsletter – June 2024
Welcome to this month’s Azure Container Apps newsletter! We’ll share the latest news and community highlights for Container Apps every month here on the Apps on Azure blog.
Azure Container Apps monthly community live stream
Our next live stream is June 12, 2024 at 11:00AM PDT (18:00 UTC). Join us and our special guests to learn all about running untrusted code in sandboxes with dynamic sessions on Azure Container Apps.
Subscribe to the Azure Developers YouTube channel!
Community highlights
Some great content created by our amazing community:
Blogs
What Azure Container Apps Is Not: Clearing the Confusion
Azure Container Apps – Overview
Deploy 1Password SCIM Bridge on Azure Container Apps
Simplifying .NET microservices with Dapr and Azure Container Apps
Running a Playwright scheduled job with Azure Container Apps
Videos
Build Intelligent Apps with Serverless Containers on Azure Container Apps
From Day Zero To Production with Azure Container Apps
Goodbye Azure Kubernetes Service! Hello Azure Container Apps! – Johnny Hooyberghs
Azure Container Apps Docker Containers first deployment with Azure Front Door
Azure Container Apps uncovered: Scenarios, workloads, and portability
How to configure HTTP ingress in Azure Container Apps (playlist)
Working with Workload Profiles in Azure Container Apps
Build a multi-LLM chat application with Azure Container Apps
Azure Container Apps dynamic sessions
New: Secure Sandboxes at Scale with Azure Container Apps Dynamic Sessions
Bridging the chasm between your ML and app devs (Semantic Kernel)
Secure code execution in LlamaIndex with Azure Container Apps dynamic sessions
Integrating LangChain with Azure Container Apps dynamic sessions
Using Azure Container Apps dynamic sessions from Java
Read about all our Microsoft Build 2024 announcements!
For more, check out our product roadmap.
Get notified when we publish future newsletters, subscribe to the Apps on Azure blog. Connect with the Azure Container Apps team on GitHub, Twitter, and Discord.
Microsoft Tech Community – Latest Blogs –Read More
KQL Query email attachments
let domainList = externaldata(domain: string) [@”https://raw.githubusercontent.com/tsirolnik/spam-domains-list/master/spamdomains.txt“] with (format=”txt”);
let excludedDomains = datatable(excludeddomain :string) // Add as many domains you would like to exclude
[“126.com”,”163.com”,”dell.com”,”trustwave.com”,”microsoft.com”,”qq.com”,”accenture.com”,”hp.com”,”google.com”,”amazon.com”];
let Timeframe = 2d; // Choose the best timeframe for your investigation
let SuspiciousEmails = EmailEvents
| where Timestamp > ago(Timeframe)
| where EmailDirection == “Outbound” // Assuming you are looking into mails sent by your organization
| extend EmailDomain = tostring(split(RecipientEmailAddress, ‘@’)[1])
| join kind=inner (domainList) on $left.EmailDomain == $right.domain
| where not(EmailDomain in ([‘excludedDomains’]))
| project Timestamp, NetworkMessageId, SenderMailFromAddress, SenderFromAddress, SenderDisplayName, RecipientEmailAddress, EmailDomain, domain, Subject, LatestDeliveryAction;
SuspiciousEmails
| join (EmailEvents
| summarize count() by NetworkMessageId
| where count_ == 1
| project NetworkMessageId
)on NetworkMessageId
| sort by Timestamp desc
How can i show EmailAttachmentInfo, to show the FileName or Attachment that was being sent ?
let domainList = externaldata(domain: string) [@”https://raw.githubusercontent.com/tsirolnik/spam-domains-list/master/spamdomains.txt”] with (format=”txt”);let excludedDomains = datatable(excludeddomain :string) // Add as many domains you would like to exclude[“126.com”,”163.com”,”dell.com”,”trustwave.com”,”microsoft.com”,”qq.com”,”accenture.com”,”hp.com”,”google.com”,”amazon.com”];let Timeframe = 2d; // Choose the best timeframe for your investigationlet SuspiciousEmails = EmailEvents| where Timestamp > ago(Timeframe)| where EmailDirection == “Outbound” // Assuming you are looking into mails sent by your organization| extend EmailDomain = tostring(split(RecipientEmailAddress, ‘@’)[1])| join kind=inner (domainList) on $left.EmailDomain == $right.domain| where not(EmailDomain in ([‘excludedDomains’]))| project Timestamp, NetworkMessageId, SenderMailFromAddress, SenderFromAddress, SenderDisplayName, RecipientEmailAddress, EmailDomain, domain, Subject, LatestDeliveryAction;SuspiciousEmails| join (EmailEvents| summarize count() by NetworkMessageId| where count_ == 1| project NetworkMessageId)on NetworkMessageId| sort by Timestamp desc How can i show EmailAttachmentInfo, to show the FileName or Attachment that was being sent ? Read More
SAML causes significant process issues for IT
Hi,
Firstly I apologize if I’ve posted in the wrong section, I’m very new to the Microsoft forums/hubs? found navigating it very confusing for this particular subject anyway. Full disclosure, I’m not a specialist in the networking, server, authentication related fields, nor Active Directory/Azure for that matter.
I’m trying to identify a way to alleviate some process issues caused by SAML when authenticating users for key web-apps we use, two in particular, I’m not sure I’m at liberty to state what they are so I won’t for security reasons, but I can explain the current workflow.
System 1 Onboarding Workflow
1. In order to onboard a user for System1 you must…
Add them to the applicable AD groupSend an email to the user to request they loginOnce the user has logged in and provided they told us…We can assign permissions, reporting lines etc in System1
System 2 Onboarding Workflow
2. In order to onboard a user for System2 you must…
Add them to the applicable AD groupSend an email to the user to request they login Once the user has logged in and provided they told us…They would come back with an error message that means the admins of the system can now assign permissions/accessAdmins can then respond back to the user again to state they will now be able to login successfully
From my limited perspective and understanding, SAML waits for a user to attempt a login before anything happens, from an onboarding process perspective this is very time consuming and ineffective, especially considering the reliance on replies and huge number of onboarding requests we receive on a daily basis.
Thinking out loud to remove this problem, when a user is added to the AD group for that web-app, a process runs based on a detected change in users/groups and pushes that to the web-apps so no manual user login attempts are required, is it possible to do anything like this? or can you provide different solutions to this while still using SAML?
I should note that it is an absolute requirement users have access to these systems as soon as the day they join.
Fundamentally, the question I am asking is…
User registration in web-apps seems to require an SSO attempt by the user before that user appears in the web-apps user directory, is it possible to automate the web-app user registration so the manual user SSO attempt isn’t required?
Hi, Firstly I apologize if I’ve posted in the wrong section, I’m very new to the Microsoft forums/hubs? found navigating it very confusing for this particular subject anyway. Full disclosure, I’m not a specialist in the networking, server, authentication related fields, nor Active Directory/Azure for that matter. I’m trying to identify a way to alleviate some process issues caused by SAML when authenticating users for key web-apps we use, two in particular, I’m not sure I’m at liberty to state what they are so I won’t for security reasons, but I can explain the current workflow. System 1 Onboarding Workflow1. In order to onboard a user for System1 you must…Add them to the applicable AD groupSend an email to the user to request they loginOnce the user has logged in and provided they told us…We can assign permissions, reporting lines etc in System1 System 2 Onboarding Workflow2. In order to onboard a user for System2 you must…Add them to the applicable AD groupSend an email to the user to request they login Once the user has logged in and provided they told us…They would come back with an error message that means the admins of the system can now assign permissions/accessAdmins can then respond back to the user again to state they will now be able to login successfullyFrom my limited perspective and understanding, SAML waits for a user to attempt a login before anything happens, from an onboarding process perspective this is very time consuming and ineffective, especially considering the reliance on replies and huge number of onboarding requests we receive on a daily basis. Thinking out loud to remove this problem, when a user is added to the AD group for that web-app, a process runs based on a detected change in users/groups and pushes that to the web-apps so no manual user login attempts are required, is it possible to do anything like this? or can you provide different solutions to this while still using SAML? I should note that it is an absolute requirement users have access to these systems as soon as the day they join. Fundamentally, the question I am asking is…User registration in web-apps seems to require an SSO attempt by the user before that user appears in the web-apps user directory, is it possible to automate the web-app user registration so the manual user SSO attempt isn’t required? Read More
Embed existing app in teams tabs
I have an existing web app and I’d like to deploy a teams tab to the MS app store that simply embeds my app. I’m wondering if there is a way to avoid building an entirely separate app. I’d like to just add a manifest file to my existing repo and feed that to the teams client. Would this be possible?
I have an existing web app and I’d like to deploy a teams tab to the MS app store that simply embeds my app. I’m wondering if there is a way to avoid building an entirely separate app. I’d like to just add a manifest file to my existing repo and feed that to the teams client. Would this be possible? Read More
MAPS Excessive Price Increase
I just renewed my MAPS subscription. As a background I’m a one person organisation.
For many years the price was A$440 inc GST.
This year, the price was over A$710 inc GST. Which is a price increase of over 75%.
I was told this was because now all pricing is based on USD so I’m paying the equivalent of US$400, and that it’s not a price increase.
I’m posting this to raise my objection to the exhorbitant price increase, and find out if other people have also been similarly effected.
I just renewed my MAPS subscription. As a background I’m a one person organisation. For many years the price was A$440 inc GST. This year, the price was over A$710 inc GST. Which is a price increase of over 75%. I was told this was because now all pricing is based on USD so I’m paying the equivalent of US$400, and that it’s not a price increase. I’m posting this to raise my objection to the exhorbitant price increase, and find out if other people have also been similarly effected. Read More
Need a formula
Please help
I need a formula for the following
PM =8 and N =8 this needs to be calculated then taken off the value of 70
How do i do this?
Please helpI need a formula for the followingPM =8 and N =8 this needs to be calculated then taken off the value of 70 How do i do this? Read More
Error inserting – as an object – TXT or PDF file into Word (for MacOs)
Error when inserting – as an object – TXT or PDF file in Word (for MacOs)
When trying to insert a TXT file as an object, to be displayed as an icon (Insert-> Object -> From File (Display as icon) in Word for MacOS, the application gives the following error message:
“Server application, source file, or item not found.
Verify that the application is correctly installed and has not been deleted, moved, renamed, or blocked by policy.”
Inserting as a file (Insert->File…) works correctly.
When trying to insert a PDF file as an object, I only inserted the first page as a picture.
I contacted Microsoft 365 support who advised me to post the issue in this forum.
Thank you for any and all help.
Error when inserting – as an object – TXT or PDF file in Word (for MacOs) When trying to insert a TXT file as an object, to be displayed as an icon (Insert-> Object -> From File (Display as icon) in Word for MacOS, the application gives the following error message:”Server application, source file, or item not found.Verify that the application is correctly installed and has not been deleted, moved, renamed, or blocked by policy.” Inserting as a file (Insert->File…) works correctly.When trying to insert a PDF file as an object, I only inserted the first page as a picture.I contacted Microsoft 365 support who advised me to post the issue in this forum.Thank you for any and all help. Read More
The Evolution of GenAI Application Deployment Strategy: From MVP to Production
Now that you are familiar with moving from a POC to MVP, the next key transition is moving from MVP to production rollout. This is where the focus must be put on the requirements and setup involved in a production deployment with considerations for the requirements of the end user.
Before a single line of code is deployed, start a collaboration across technical and business stakeholders. Ask these critical questions:
MVP outcome: Did the user feedback regarding the MVP and its results meet the desired expectations? Did the rollout of the MVP successfully fulfill and support the business objectives and achieve the intended outcome?
LLM Model outcomes: Can the selected LLM models meet and accomplish the goals
End Users: Is this solution for internal teams or external customers? Security, access controls, and user experience needs will differ significantly.
Data Segregation: Are there multi-tenant concerns, or is a need for strict boundaries around data access for different teams? Azure provides tools to enforce this, including Azure Active Directory (Azure identity & access security best practices | Microsoft Learn) and RBAC (What is Azure role-based access control (Azure RBAC)? | Microsoft Learn).
Security: How sensitive is the data? Outline your encryption, authentication, and compliance strategy early on.
Scalability: Estimate requests per minute (RPM) and transactions per month (TPM). Design for surges of traffic based on historic data or expected upcoming peaks.
Token Requirements: Does your model need to handle larger volumes of text or code than standard OpenAI allowances? Does solution require caching support for enhanced and efficient outcome?
Cost Allocation: Will internal teams need to be cross-charged? Can solution track the token usage to manage the cost and apply any quota within business units?
Before deploying your Azure OpenAI solution into production, carefully consider your target audience, as this will dictate security protocols, access controls, and user experience design. Prioritize data security by planning encryption and authentication, especially for sensitive information. If multiple teams or customers will use the system, create secure boundaries to protect each entity’s data. For smooth operation and cost management, estimate potential traffic and ensure the chosen model can handle your expected workload.
After evaluating above criteria, the next step is to reduce risk and increase success during the production rollout. A good rollout is like a solid base for your Azure OpenAI solution. Let’s look at three main elements: the gradual approach, deployment checklists, and preparing contingency plans.
Before there is any production rollout, let’s consult with a deployment checklist. This will heavily depend on your individual business needs, but many are likely to cross over across all use-cases.
Infrastructure Readiness: Ensure that Azure resources (compute, storage, networking, availability region) are provisioned and configured correctly. See the Azure OpenAI landing zone reference architecture: Azure OpenAI Landing Zone reference architecture (microsoft.com)
Model Deployment: Automate the process of deploying your OpenAI model, including its configuration and any pre/post-processing steps (https://learn.microsoft.com/en-us/azure/ai-services/openai/quickstart?tabs=command-line%2Cpython-new).
Integration Verification: Thoroughly test how your solution interacts with existing systems and data sources. How will the frontend app need to connect to the OpenAI model?
Security Checkpoints: Double-check user authentication, data encryption, and any compliance requirements.
Monitoring Setup: Make sure that you have logging and alerting systems ready as you approach go-live. What metrics will you use to measure the model’s performance? Do you plan to do continuous training on the model to enhance it over time?
The reference design above from MVP to Production and has basic foundational components and essential elements for a live deployment.
Once the readiness has been confirmed, then begins the rollout. There are many ways to conduct a rollout, one of the safest and most recommended is a phased approach. A phased approach involves breaking down your Azure OpenAI deployment into smaller, manageable stages. Instead of launching the entire solution at once, you roll it out incrementally, starting with a pilot group or a limited set of features. This allows you to gather real-world feedback and identify potential issues, and refine your solution before expanding to a wider audience. With a phased approach, you minimize disruption, control risk, and ensure a smoother, more successful transition into production.
Characteristics and benefits of a phased approach:
Real-World Testing: Deploying to a smaller pilot group allows you to closely observe how your solution handles real-world data and user interactions in a controlled environment.
Iterative Improvement: The valuable feedback you collect from your pilot users enables you to polish the model, modify interfaces, and change security settings before expanding to a larger audience. This is where LLMOps assists you.
Gradual Scalability: A phased approach lets you monitor infrastructure performance under growing load and adjust resources (redundant, multi region) as needed, preventing costly overprovisioning or unexpected downtime.
Minimized Disruption: Issues discovered during a test deployment with a limited group are far less disruptive than those surfacing after a full-scale launch.
How might a phased rollout look in practise? It might look like this….
Internal Pilot: Start with a select group of users within your organization, providing clear guidance on how to provide feedback.
Iterative Improvement: Use that pilot feedback to refine the model, address UI issues, and solidify integration with your document management system.
Expansion: Gradually increase the pilot group size, monitoring performance and scalability.
Full Rollout: Confident in your solution, release it to the entire organization with comprehensive training materials.
Remember: A phased approach gives you the agility to learn, adapt, and ensure a successful, well-received Azure OpenAI deployment.
Monitoring is essential for a smooth and successful Azure OpenAI deployment. Real-time visibility into your solution’s performance enables proactive problem-solving, allowing you to address issues before they become major disruptions. Monitoring data also guides optimization efforts, revealing opportunities to refine your model, scale resources appropriately, or improve the user experience based on observed patterns. Reliable monitoring and well-defined alerts foster user trust, demonstrating your commitment to a robust and well-maintained solution. Azure provides robust monitoring tools to ensure your OpenAI solution runs smoothly. Utilize Azure Monitor to track key performance metrics, logs, and set up alerts for potential issues. For deeper application-level insights, leverage Application Insights to track performance, errors, and how your users interact with the solution. For detailed guidance, refer to Microsoft’s Azure OpenAI monitoring documentation: https://learn.microsoft.com/en-us/azure/cognitive-services/openai/how-to/monitoring
Some other considerations for deployment include:
Business continuity: If your application critical, be sure to ensure business continuity through cross region deployment: Enable disaster recovery across Azure regions across the globe – Azure Site Recovery | Microsoft Learn
Consider including our GenAI Gateway capabilities in APIM : Introducing GenAI Gateway Capabilities in Azure API Management – Microsoft Community Hub
Scaling using PTU & PAYG: Azure OpenAI Service Provisioned Throughput Units (PTU) onboarding – Azure AI services | Microsoft Learn
Responsible AI: In order to mitigate risks, please follow Microsoft’s Responsible AI guidance: Responsible and trusted AI – Cloud Adoption Framework | Microsoft Learn
While it isn’t without its challenges, careful preparation, strategic rollouts, and continuous improvement are the keys to unlocking the full potential in the deployment. By approaching your deployment thoughtfully, you won’t simply implement a powerful piece of technology; you’ll create a scalable, secure, and user-centric solution that delivers tangible value to your organization or customers. Remember, your deployment journey is about more than the technology itself – it’s about harnessing AI to drive innovation.
References:
Progressively expose your releases using deployment rings – Azure DevOps | Microsoft Learn
Staged rollout management for Graph connectors is generally available – Microsoft Community Hub
How-to: Create and deploy an Azure OpenAI Service resource – Azure OpenAI | Microsoft Learn
@Paolo Colecchia @Taonga_Banda @renbafa @arung Morgan Gladwell
Microsoft Tech Community – Latest Blogs –Read More
New Blog | General availability of Azure WAF Bot Manager1.1 Ruleset
Today, we are launching the general availability of Bot Manager1.1 ruleset in Azure WAF integrated with Azure Front Door.
Bot Manager1.1 extends all the rules in the existing Bot Manager1.0 ruleset and adds multiple new rules to provide comprehensive bot management capabilities to web applications. The new capabilities introduced in this ruleset include new Goodbots rules and a new Badbots rule.
The main value prop of the new ruleset is to reduce false positives in good bot detections and increase true positives in malicious bot detections.
Benefits of the new rules in the Goodbots rule group:
Improving SEO rankings due to good bots crawling websites and reducing FP (false positive) seen by customers.
Customer websites are crawled by good bots which results in increased SEO (search engine optimization) rankings. With Bot Manager 1.1 ruleset, a comprehensive set of rules are added to the Goodbots rule group which allows a larger set of legitimate published bots. Examples of such Goodbots include Googlebot, Bingbot etc.
As a real-life scenario, we encountered an issue with the Bot Manager1.0 ruleset where certain Goodbots were absent, leading to blocked requests to web applications. For example, a valid Google crawler bot was getting blocked by the Bot Manager1.0 100200 rule, which resulted in lower SEO rankings for the customer and eventually disappearing from the SEO rankings. As a workaround, the customer disabled rule 100200 which brought their SEO rankings up but resulted in lowered protection from true malicious bots that have falsified their identities. Prior to implementing the Bot Manager1.1 ruleset, the only other alternative to allow legitimate crawlers was to add custom rules to allowlist their IP addresses. However, this approach posed challenges due to the dynamic nature of crawler IPs, which change frequently.
With the new updates to Bot Manager1.1, a comprehensive list of good bot IPs is added to the existing rule 200100 which results in lower false positive detections by the Bot Manager ruleset. The 200100 rule from Bot Manager1.0 ruleset is now revamped to only include good bots in the search engine crawler category.
Bringing clarity to the Goodbots rule group
With Bot Manager 1.1 ruleset, many new verified good bot rules have been added that target different categories of good bots. These new rules include the link checker, social media, content fetchers, feed fetcher and advertising bots. Additional bots that don’t fit into any particular category are added to 200200 as verified miscellaneous bots. This empowers customers to have granular control over their WAF policy. For example, if a customer does not wish to have social media bots crawling their sites, they can achieve this by changing the action associated with the social media rule.
Benefits of the new rule in the Badbots rule group:
Today customers see malicious bots perpetuating many malicious attacks. Examples includes:
Scraping websites and spreading dis-information, executing targeted phishing attacks and social engineering attacks.
Spamming customer websites with form submission pages.
Manipulating rankings of content tooling websites’ analytics pages.
Launching denial-of-inventory attacks.
and many others.
The new Bot Manager1.1 ruleset incorporates a novel rule, Bot100300, complemented by the existing rules in the Badbots rule group rules, effectively mitigates malicious bot attacks.
Let’s take a closer look at the Bot Manager1.1 ruleset:
Goodbots rule group
The following screenshot describes the new good bot rules added to the new ruleset
Read the full post here: General availability of Azure WAF Bot Manager1.1 Ruleset
By Sowmya Mahadevaiah
Today, we are launching the general availability of Bot Manager1.1 ruleset in Azure WAF integrated with Azure Front Door.
Bot Manager1.1 extends all the rules in the existing Bot Manager1.0 ruleset and adds multiple new rules to provide comprehensive bot management capabilities to web applications. The new capabilities introduced in this ruleset include new Goodbots rules and a new Badbots rule.
The main value prop of the new ruleset is to reduce false positives in good bot detections and increase true positives in malicious bot detections.
Benefits of the new rules in the Goodbots rule group:
Improving SEO rankings due to good bots crawling websites and reducing FP (false positive) seen by customers.
Customer websites are crawled by good bots which results in increased SEO (search engine optimization) rankings. With Bot Manager 1.1 ruleset, a comprehensive set of rules are added to the Goodbots rule group which allows a larger set of legitimate published bots. Examples of such Goodbots include Googlebot, Bingbot etc.
As a real-life scenario, we encountered an issue with the Bot Manager1.0 ruleset where certain Goodbots were absent, leading to blocked requests to web applications. For example, a valid Google crawler bot was getting blocked by the Bot Manager1.0 100200 rule, which resulted in lower SEO rankings for the customer and eventually disappearing from the SEO rankings. As a workaround, the customer disabled rule 100200 which brought their SEO rankings up but resulted in lowered protection from true malicious bots that have falsified their identities. Prior to implementing the Bot Manager1.1 ruleset, the only other alternative to allow legitimate crawlers was to add custom rules to allowlist their IP addresses. However, this approach posed challenges due to the dynamic nature of crawler IPs, which change frequently.
With the new updates to Bot Manager1.1, a comprehensive list of good bot IPs is added to the existing rule 200100 which results in lower false positive detections by the Bot Manager ruleset. The 200100 rule from Bot Manager1.0 ruleset is now revamped to only include good bots in the search engine crawler category.
Bringing clarity to the Goodbots rule group
With Bot Manager 1.1 ruleset, many new verified good bot rules have been added that target different categories of good bots. These new rules include the link checker, social media, content fetchers, feed fetcher and advertising bots. Additional bots that don’t fit into any particular category are added to 200200 as verified miscellaneous bots. This empowers customers to have granular control over their WAF policy. For example, if a customer does not wish to have social media bots crawling their sites, they can achieve this by changing the action associated with the social media rule.
Benefits of the new rule in the Badbots rule group:
Today customers see malicious bots perpetuating many malicious attacks. Examples includes:
Scraping websites and spreading dis-information, executing targeted phishing attacks and social engineering attacks.
Spamming customer websites with form submission pages.
Manipulating rankings of content tooling websites’ analytics pages.
Launching denial-of-inventory attacks.
and many others.
The new Bot Manager1.1 ruleset incorporates a novel rule, Bot100300, complemented by the existing rules in the Badbots rule group rules, effectively mitigates malicious bot attacks.
Let’s take a closer look at the Bot Manager1.1 ruleset:
Goodbots rule group
The following screenshot describes the new good bot rules added to the new ruleset
Read the full post here: General availability of Azure WAF Bot Manager1.1 Ruleset Read More
Microsoft Edge TTS refuses to read .pdf files
Hi there,
[Reposting this here on the suggestion of an ‘Independent Advisor’ on the Microsoft Community forums.]
I think the native MS Edge TTS is one of the best on the market, but it currently fails to initiate when I try and get it to read .pdf documents (even when opened in the browser and when the text is super-clear so OCR should be working). I have done everything from clearing my cache to reinstalling MS Edge and not importing anything or signing in, so that it’s a completely fresh version, but the problem persists.
I have also tried on Beta, Developer and Canary as well, with no luck.
After a quick search online, I can see I’m not the only one with this problem – are there any fixes on the horizon? This is a real challenge from an accessibility standpoint.
Kind Regards,
Kristian
Hi there, [Reposting this here on the suggestion of an ‘Independent Advisor’ on the Microsoft Community forums.] I think the native MS Edge TTS is one of the best on the market, but it currently fails to initiate when I try and get it to read .pdf documents (even when opened in the browser and when the text is super-clear so OCR should be working). I have done everything from clearing my cache to reinstalling MS Edge and not importing anything or signing in, so that it’s a completely fresh version, but the problem persists. I have also tried on Beta, Developer and Canary as well, with no luck. After a quick search online, I can see I’m not the only one with this problem – are there any fixes on the horizon? This is a real challenge from an accessibility standpoint. Kind Regards,Kristian Read More
Welcome to the Copilot for Microsoft 365 community 😊!
We’re thrilled to have you here and are excited about this forum where we can come together to exchange ideas, collaborate, and delve into all aspects of Microsoft 365 Copilot. We want you to be an active participant in this community! We’d like for you to ask questions, answer others’ questions, and participate in discussion.
Expect digital events, like Ask Microsoft Anything (AMA), engagements with Microsoft experts and engineers, vibrant discussions with fellow Microsoft 365 users, advice from pros, and the latest news on updates and releases for Copilot.
Below are some tips on how to best use this community:
Join the Community: Make sure to click the “join” button on the top right of our community home page so that you can officially become a member of our community!
Get the Latest Blog Posts: Stay informed by following and subscribing to our blog space. You’ll receive email updates whenever we post new articles.
Keep Up with Our Events: Don’t miss out on our monthly Ask Me Anything (AMA) events. Subscribe and RSVP to let us know you’re attending and add the event to your calendar, so you won’t miss it.
We are excited to see the great things you’ll achieve with Microsoft 365 Copilot and look forward to your active participation in this community. Welcome aboard!
We’re thrilled to have you here and are excited about this forum where we can come together to exchange ideas, collaborate, and delve into all aspects of Microsoft 365 Copilot. We want you to be an active participant in this community! We’d like for you to ask questions, answer others’ questions, and participate in discussion.
Expect digital events, like Ask Microsoft Anything (AMA), engagements with Microsoft experts and engineers, vibrant discussions with fellow Microsoft 365 users, advice from pros, and the latest news on updates and releases for Copilot.
Below are some tips on how to best use this community:
Join the Community: Make sure to click the “join” button on the top right of our community home page so that you can officially become a member of our community!
Get the Latest Blog Posts: Stay informed by following and subscribing to our blog space. You’ll receive email updates whenever we post new articles.
Keep Up with Our Events: Don’t miss out on our monthly Ask Me Anything (AMA) events. Subscribe and RSVP to let us know you’re attending and add the event to your calendar, so you won’t miss it.
We are excited to see the great things you’ll achieve with Microsoft 365 Copilot and look forward to your active participation in this community. Welcome aboard!
Read More
Ctrl v not working
Whenever i try to copy and paste anything, instead of the text i copied this address appears: C:UsersfooniAppDataLocalTempPRODUCT_NAME_UNKNOWN_CrashDumpPRODUCT_VERSION_MAJOR_UNKNOWN-PRODUCT_VERSION_MINOR_UNKNOWN-2024-06-12–01-30-12_.dmp
I have tried changing the input language but it didn’t work.
Whenever i try to copy and paste anything, instead of the text i copied this address appears: C:UsersfooniAppDataLocalTempPRODUCT_NAME_UNKNOWN_CrashDumpPRODUCT_VERSION_MAJOR_UNKNOWN-PRODUCT_VERSION_MINOR_UNKNOWN-2024-06-12–01-30-12_.dmp I have tried changing the input language but it didn’t work. Read More
Microsoft Dynamics 365 Customer Service Functional Consultant Blueprint Opportunity
Microsoft is updating a certification for Microsoft Dynamics 365 Customer Service Functional Consultant, and we need your input through our exam blueprinting survey.
The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by June 25th, 2024. Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification. If you have any questions, feel free to contact Rohan Mahadevan rmahadevan@microsoft.com or John Sowles at josowles@microsoft.com.
Microsoft Dynamics 365 Customer Service Functional Consultant blueprint survey link:
https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_bIpTEIVOe3NH2XY
Microsoft is updating a certification for Microsoft Dynamics 365 Customer Service Functional Consultant, and we need your input through our exam blueprinting survey.
The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by June 25th, 2024. Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification. If you have any questions, feel free to contact Rohan Mahadevan rmahadevan@microsoft.com or John Sowles at josowles@microsoft.com.
Microsoft Dynamics 365 Customer Service Functional Consultant blueprint survey link:
https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_bIpTEIVOe3NH2XY Read More
Expanding Microsoft Device Ecosystem Platform (MDEP) support to new devices and form factors
Earlier this year at Enterprise Connect, we announced new silicon and OEM partnerships for meeting room devices built on the Microsoft Device Ecosystem Platform (MDEP). Since then, we have collaborated closely with our partners to make MDEP more widely available.
Today, we are excited to announce that MDEP now provides native support for Microsoft Teams Desk Phones and Microsoft Teams Panels. This expansion, achieved through close collaboration with Microsoft Teams, enables our device partners to rapidly adopt MDEP across the breadth of Teams’ Android-based devices.
“We are thrilled to bring the Microsoft Device Ecosystem Platform to Teams Phones and Teams Panels. This integration represents a significant step forward in our mission to deliver seamless, intelligent communication experiences across all devices“, Says Ilya Bukshteyn, VP Teams Calling & Devices.
“The growing ecosystem of Teams Devices on Android is transforming the way businesses operate. From Teams Rooms to Teams Phones and Panels, these devices are designed to deliver high-quality audio and video, intuitive interfaces, and seamless integration with the broader Microsoft 365 suite.”
We are happy to share that our partner Yealink, a global leader in unified communication and collaboration solutions, has announced they are set to release their first series of Teams Desk Phones built on Microsoft Device Ecosystem Platform later this year. On the same day, Yealink also introduced their all-in-one dual-camera video bar, the new MeetingBar A40, accompanied by the CTP25 Touch Panel – both built on MDEP and slated for release later this year.
The new Yealink MeetingBar A40, built on MDEP
New partnerships
We are proud to announce a new partnership with Barco, a global leader in innovative visualization and collaboration solutions. Juha Kuosmanen, Head of MDEP at Microsoft, expressed our shared vision: “Microsoft and Barco share a common emphasis on designing solutions with enhanced privacy, accessibility, and manageability excellence. We are thrilled to welcome Barco to the Microsoft Device Ecosystem Platform and confident that its future developments will be a catalyst for their continuous success“.
Barco plans to leverage MDEP for its next-generation ClickShare solutions, enhancing their unique user experience. Jan van Houtte, EVP Meeting Experience at Barco, emphasized their commitment: “ClickShare remains focused on bringing a simple, premium experience to meeting spaces. We will continue to create innovative experiences, leveraging Microsoft’s expertise in security, manageability, and AI capabilities“.
Doubling down on security
We designed MDEP with a focus on security, reliability, and enhanced manageability. This year, we are increasing our investment in security to align with Microsoft’s Security Future Initiative (SFI). Collaborating with device manufacturers, we are launching a suite of security features in 2024 to protect device integrity and user data throughout the device’s lifecycle.
Application integrity: bridging cloud and device security
MDEP’s Device Attestation feature enables applications to verify the security state of the device before enabling any services. Leveraging Microsoft’s PKI and certificate chain, this framework establishes a baseline of trust. To address potential threats, we introduce Application Integrity, securely including package information (ID and signature) backed by hardware attestation, allowing cloud services to trust the device confidently.
MDEP provides a platform API for apps and services to leverage this integrity layer, with OEMs now able to utilize Microsoft Azure Attestation services to validate the secure state of the device.
Secure monitoring
MDEP addresses the need for continuous monitoring through a secure monitoring service. This agent constantly assesses the device’s security posture, detects threats, and reports incidents. In extreme cases, the service can trigger a lockdown mode to protect both device and data.
MDEP offers APIs that MDM agents can utilize, empowering IT administrators.
Silicon diversity and frictionless provisioning
MDEP now supports PKI provisioning and hardware attestation across a range of silicon vendors, including Qualcomm, MTK, Rockchip, and NXP. Our modular software assets allow seamless portability to any OEM’s custom TrustZone architecture, reducing integration friction for Microsoft PKI adoption. To expedite time-to-market, we are developing sample Trusted Applications (TAs) that enable OEMs to maintain robust security standards.
Dig into our documentation and learn more about MDEP: https://aka.ms/mdep
Microsoft Tech Community – Latest Blogs –Read More