Tag Archives: microsoft
Conditional Formatting – Highlight data based on a cell input value
Hi,
I’m trying to make a sheet more user friendly. I can’t seem to find any existing threads on the topic, so I might be using the wrong keywords to search. Basically, I have a list of individuals. To make it more user friendly, I have an input cell (G1). If I type Bob into G1 I’d like Bob to be highlighted in cells B2:D6.
Can anyone please provide some guidance on how to write the Conditional Formatting formula?
Out of curiosity, how would the formula differ if I wanted to highlight the row that Bob shows up in?
Thanks in advance.
Hi, I’m trying to make a sheet more user friendly. I can’t seem to find any existing threads on the topic, so I might be using the wrong keywords to search. Basically, I have a list of individuals. To make it more user friendly, I have an input cell (G1). If I type Bob into G1 I’d like Bob to be highlighted in cells B2:D6. Can anyone please provide some guidance on how to write the Conditional Formatting formula?Out of curiosity, how would the formula differ if I wanted to highlight the row that Bob shows up in? Thanks in advance. Read More
API Key copilot-pro
I am a Computer Science student at the UPC and I am doing my final degree project. My job is to develop an application to help future university students choose a career.
For this, my project managers bought the copilot-pro and windows365 with the aim of customizing it. The idea is to develop a native App that communicates with the copilot-pro by sending questions and capturing their responses. I have been trying to make this communication for weeks and have not been successful. It seems that I require my copilot’s API Key but I can’t find out or have anyone tell me what it is or how to do it. On the other hand, the FAQ says that copilot does not have an API.
More precisely, what happens to me is that I can’t get the API token from the copilot-pro external service for my application that I’m developing. I have asked the copilot and each time he sends me to Open.ai or directly denies me the token. Other times I have been sent to the copilot configuration but that page either does not exist or I cannot find it. My goal is to link a custom GPT with my application to be able to make chat queries from the application interface.
My question is how can I carry out this communication between my native App and the copilot-pro? Is it necessary to buy another Microsoft product or extension to do it?
Another problem I encounter is that copilot-pro has been updating a lot in recent months and the information available is usually obsolete and since there is no way to communicate with specialized Microsoft technical support, it becomes very difficult to do anything that is not basic.
I will be very grateful for any help and/or suggestions you can give me to solve this problem and be able to move forward with my project.
I am a Computer Science student at the UPC and I am doing my final degree project. My job is to develop an application to help future university students choose a career.For this, my project managers bought the copilot-pro and windows365 with the aim of customizing it. The idea is to develop a native App that communicates with the copilot-pro by sending questions and capturing their responses. I have been trying to make this communication for weeks and have not been successful. It seems that I require my copilot’s API Key but I can’t find out or have anyone tell me what it is or how to do it. On the other hand, the FAQ says that copilot does not have an API.More precisely, what happens to me is that I can’t get the API token from the copilot-pro external service for my application that I’m developing. I have asked the copilot and each time he sends me to Open.ai or directly denies me the token. Other times I have been sent to the copilot configuration but that page either does not exist or I cannot find it. My goal is to link a custom GPT with my application to be able to make chat queries from the application interface.My question is how can I carry out this communication between my native App and the copilot-pro? Is it necessary to buy another Microsoft product or extension to do it?Another problem I encounter is that copilot-pro has been updating a lot in recent months and the information available is usually obsolete and since there is no way to communicate with specialized Microsoft technical support, it becomes very difficult to do anything that is not basic.I will be very grateful for any help and/or suggestions you can give me to solve this problem and be able to move forward with my project. Read More
Project Resource Pop-Up
Is there a way to turn off the resource pop-up window that appears when moving the mouse over a resource in a project? This occurs in the Gnatt Chart view of a project in the Microsoft Project Online Desktop Client version.
Is there a way to turn off the resource pop-up window that appears when moving the mouse over a resource in a project? This occurs in the Gnatt Chart view of a project in the Microsoft Project Online Desktop Client version. Read More
New REST API and Bing Ads SDK May 2024 Release (V13.0.20)
We are excited to release Bing Ads SDK 13.0.20 for Java and .NET, which includes performance improvements such as lower service call latency and reduced network traffic. This allows you to make service calls faster and at a lower cost.
Improvement from previous SDK version
For example, when we run the following test to query ad groups by campaign Id for 1000 ad groups, the previous SDK version 13.0.19.1 has an average call duration of 284 ms:
When running the same code with the new SDK version 13.0.20, the average call duration is reduced to 67 ms. This is a 75% improvement from the previous version.
v13.0.19.1
# Duration (ms)
0 425
1 326
2 304
3 262
4 264
5 253
6 270
7 257
8 245
9 240
Avg. 284 ms
v13.0.20
# Duration (ms)
0 79
1 73
2 66
3 62
4 63
5 70
6 65
7 69
8 61
9 64
Avg. 67 ms
Reduced response size
We have also reduced the response size. For the example above, it is reduced from 784 KB to 8.4 KB, which is a 99% improvement.
You can expect similar improvements for other API method calls as well, especially ones that operate on many entities or return large amounts of data.
New REST API
These improvements are made possible by internally switching the SDK from the existing XML-based SOAP API to a new JSON-based REST API. This SDK release switches Campaign Management, Bulk, and Reporting services to the new API, and other services will be switched in future releases.
Upgrading to the new SDK
Given the significant internal changes we had to make to achieve these improvements, we recommend that you test and monitor your application when upgrading to this version to make sure your application is compatible with the implementation changes and dependencies introduced in this release.
We have also provided an easy way to switch Bing Ads SDK back to the old implementation in case any issues arise when using the new implementation. For more details on that and other information regarding the upgrade process, please see:
Upgrade to Bing Ads Java SDK 13.0.20
Upgrade to Bing Ads .NET SDK 13.0.20
Microsoft Tech Community – Latest Blogs –Read More
Conflict status after having 2 Local user group membership Policy
Hello,
I have an issue with applying two “Local User Group Membership” policies on a PC. The Intune policy report shows a conflict between having two “Local User Group Membership” policies despite having different configurations. For example, one is a Global Policy, which applies an admin privilege to all PCs, and the other one is more specific to a certain group, and it is just about giving remote access to the PCs on this group. So, my question is, why does Intune mark these two policies as a conflict of each other? If it is not possible to have two “Local User Group Membership” policies applying to the PC. Is there a way to have a global policy for admin users on the PC and one more private policy for remote user access using “Local User Group Membership”?
Hello, I have an issue with applying two “Local User Group Membership” policies on a PC. The Intune policy report shows a conflict between having two “Local User Group Membership” policies despite having different configurations. For example, one is a Global Policy, which applies an admin privilege to all PCs, and the other one is more specific to a certain group, and it is just about giving remote access to the PCs on this group. So, my question is, why does Intune mark these two policies as a conflict of each other? If it is not possible to have two “Local User Group Membership” policies applying to the PC. Is there a way to have a global policy for admin users on the PC and one more private policy for remote user access using “Local User Group Membership”? Read More
Compare our offerings for partners: Explore our new partner benefits packages
Find the offerings you need to create customer-centric, AI-powered solutions for your customers at any stage of business growth.
Read more here
Find the offerings you need to create customer-centric, AI-powered solutions for your customers at any stage of business growth.
Read more here Read More
VBA to read and sort based on information in cells
Hi All,
Looking for help sorting some data in Excel 365. We’ve been able to get close using formulas and helper columns but have hit a bit of a brick wall. Below is a small sample of the data we are sorting.
We currently group and sort Paint_Color, Category, and Part Number prefix/suffix manually using formulas, helper columns, and the Sort function in the Data ribbon.
We’d like to automate this using VBA and expand the sorting functionality to look at each Description, correctly interpret the numerical and dimensional values therein, and sort largest to smallest, progressively from the left most numerical/dimensional value to the right most.
We had tried adding this to our manually sorting, breaking the description down in a series of helper columns by breaking out the numerical/dimensional values, then separating them using “ X “ as the delimiter. Unfortunately we ran into an issue with Excel seeing our fractional dimensions as dates, and reading our architectural dimensions (which contain a hyphen between the feet and inches) as feet MINUS inches.
The goal is to automatically group and sort the line items without having to manipulate the data in the cells.
Ideally we’d like to achieve 100% automatic sorting. However, given the irregular nature of our descriptions, we realize some descriptions may get missed or misread.
In that case, a code which would catch as much as possible, then allow for manual renumbering in the Item column to reposition those items which didn’t take, would be a major help.
Is there a way to handle this, using VBA to break apart and interpret the description within a reasonable shot?
Thank you, Nathan
Hi All,Looking for help sorting some data in Excel 365. We’ve been able to get close using formulas and helper columns but have hit a bit of a brick wall. Below is a small sample of the data we are sorting.We currently group and sort Paint_Color, Category, and Part Number prefix/suffix manually using formulas, helper columns, and the Sort function in the Data ribbon. We’d like to automate this using VBA and expand the sorting functionality to look at each Description, correctly interpret the numerical and dimensional values therein, and sort largest to smallest, progressively from the left most numerical/dimensional value to the right most.We had tried adding this to our manually sorting, breaking the description down in a series of helper columns by breaking out the numerical/dimensional values, then separating them using “ X “ as the delimiter. Unfortunately we ran into an issue with Excel seeing our fractional dimensions as dates, and reading our architectural dimensions (which contain a hyphen between the feet and inches) as feet MINUS inches.The goal is to automatically group and sort the line items without having to manipulate the data in the cells.Ideally we’d like to achieve 100% automatic sorting. However, given the irregular nature of our descriptions, we realize some descriptions may get missed or misread.In that case, a code which would catch as much as possible, then allow for manual renumbering in the Item column to reposition those items which didn’t take, would be a major help.Is there a way to handle this, using VBA to break apart and interpret the description within a reasonable shot?Thank you, Nathan Read More
using calculated fields instead
I have various formulas taking the difference between the two months if the issuer shows up in both quarters
possible to set these up as calculated fields instead ? need the formulas to be dynamic as the dates will change every quarter
(i scrubbed out the issuer name and they’re unique so that’s why there’s no instance of an issuer in both quarters).
l
I have various formulas taking the difference between the two months if the issuer shows up in both quarters possible to set these up as calculated fields instead ? need the formulas to be dynamic as the dates will change every quarter (i scrubbed out the issuer name and they’re unique so that’s why there’s no instance of an issuer in both quarters). l Read More
Filter or Formula for second to last cel
Dear all,
I have tried to find a solution for my challenge, however I haven’t managed to find the right answer.
In an Excel sheet, I have multiple rows with data divided over different amounts of columns. The only thing these rows have in common, is that the second to last filled cell in each row has a date (dd/mm/yyyy or dd-mm-yyyy).
I need a formula that shows this date. In orther words, I would need a formula that copies the second to last filled cell of each row into a column.
To visualize my question: looking at the table below; is there a formula (or other function) that automatically copies the dates from the yellow cells into the first (yellow) column?
Many Thanks!
Dear all, I have tried to find a solution for my challenge, however I haven’t managed to find the right answer. In an Excel sheet, I have multiple rows with data divided over different amounts of columns. The only thing these rows have in common, is that the second to last filled cell in each row has a date (dd/mm/yyyy or dd-mm-yyyy). I need a formula that shows this date. In orther words, I would need a formula that copies the second to last filled cell of each row into a column. To visualize my question: looking at the table below; is there a formula (or other function) that automatically copies the dates from the yellow cells into the first (yellow) column? Many Thanks! Read More
Open MS Project file in Project Plan 3
Hello,
My company is switching over to the online Plan 3 version of Project. Some folks in our company still have MS Project on their computers. Is there anyway to open a .mpp file from my computer or my OneDrive using the online version plan 3?
I was given Plan 3 but only see the ability to start a new plan or open a plan shared with me.
Thank you,
Sara
Hello, My company is switching over to the online Plan 3 version of Project. Some folks in our company still have MS Project on their computers. Is there anyway to open a .mpp file from my computer or my OneDrive using the online version plan 3? I was given Plan 3 but only see the ability to start a new plan or open a plan shared with me. Thank you,Sara Read More
MacOS Alias breaks when OneDrive syncs
I work on two computers and I used OneDrive to sync between those computers. When I create a MacOS alias, once it syncs to the cloud, the alias breaks. The alias links to other files in OneDrive. Is there a better way to create aliases in OneDrive, or a reason they break in OneDrive?
I work on two computers and I used OneDrive to sync between those computers. When I create a MacOS alias, once it syncs to the cloud, the alias breaks. The alias links to other files in OneDrive. Is there a better way to create aliases in OneDrive, or a reason they break in OneDrive? Read More
Using Speech to text in Android & iOS App
I have to extract text from audio files (which are extracted from a video). Does this support mp3? The audio files can be longer duration, should I use SDK or Rest API?.
I have to extract text from audio files (which are extracted from a video). Does this support mp3? The audio files can be longer duration, should I use SDK or Rest API?. Read More
Protecting Containers: A Primer for Moving from an EDR-based Threat Approach
Many security teams are familiar with an EDR-based approach to security. However, container protection within their cloud ecosystem can seem much more challenging and complex.
Protecting containers requires an understanding of the complete attack surface that containers expose–whether you are running them using an orchestrator like Kubernetes or locally using Docker.
In this article, we will describe the attack surface, how it compares and aligns with the security technologies you might already have, and then make the case for a stronger focus on pre-deployment protections, adding to standard EDR post-deployment detections.
Let’s start by looking at the container-based CI/CD deployment process that we will use in the article. We will discuss security controls (preferring Cloud Native) that you may need at each phase.
Note: This is a simplistic pipeline that you can customize. The idea here is to focus more on the foundational concepts related to container driven development/deployment.
Fig. Container driven development and deployment pipeline
How Does Container Security Compare to Modern Work Security?
In general, we look to EDR to provide threat and anomaly detections and to take actions such as automated attack disruption. (Automatic attack disruption in Microsoft Defender for Business – Microsoft Defender for Business | Microsoft Learn)
We can also consider, earlier in the attack lifecycle, how to reduce attack surface on physical/virtual assets, (including mobile devices, laptops, workstations, and servers) with AV components such as Attack Surface Reduction (ASR) rules (Use attack surface reduction rules to prevent malware infection – Microsoft Defender for Endpoint | Microsoft Learn), which prevent attacks by blocking common entry points. Additionally, Microsoft Edge and Defender AV can detect and block “potentially unwanted applications.” (PUA) (Block potentially unwanted applications with Microsoft Defender Antivirus – Microsoft Defender for Endpoint | Microsoft Learn)
When we think about the purpose of EDR on a system, consider when, within the MITRE kill chain, defenders typically look to this solution to take effect. Some of the benefits include (not exhaustive):
Telemetry from the end points (user and servers). However, in case of Containers, an EDR solution would need to be aware of presence of a containerization technology and runtimes like Containerd.
Threat Detection: EDR needs to be sophisticated enough to detect container specific attacks (see MITRE Container Matrix above).
Compliance: In cases where you are running your containers on a Docker host an EDR can help identify the security weaknesses in Docker hosts (https://learn.microsoft.com/en-us/azure/defender-for-cloud/harden-docker-hosts.)
The Importance of Shifting Left, In General
As we shift left in our threat driven approach to security, even with traditional solutions, managing vulnerabilities and misconfigurations is a logical step “left” in the kill chain, i.e., not just locking doors, but adding locks and fixing cracks on the small, hidden windows which might be attractive to an attacker with determined, malicious intent.
For a continued healthy security posture at scale, we can automate some of the post-breach activities, reducing time commitments, thereby shifting our focus to blocking or updating vulnerable applications, fixing over-privilege for browser extensions, addressing weak or self-signed certificates, and applying configuration baselines among other activities (many of which can also be automated.)
Since modern workers draw their applications from a massive library of republished SaaS solutions, without automation and prioritization, shifting left can be a tall task for security teams. Therefore, we layer on a threat-driven approach to prioritization, considering Microsoft’s visibility to the threat landscape, so organizations can quickly mitigate those vulnerabilities and misconfigurations that are accessible, exploitable, and with potential breach of sensitive or proprietary data first.
This technology has recently been described in the market as “XSPM.” With Microsoft’s native end-to-end, approach, we call this “exposure management.” (https://techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907)
The Intricacies of Securing Containers Versus Endpoints or VMs Alone
Modern Work security often relies on securing proprietary applications that are deployed on end user devices. As a result, the attack vectors, corresponding techniques, and attack surface are very different from a container-based Enterprise Application. Refer to MITRE Containers Matrix: https://attack.mitre.org/matrices/enterprise/containers/
vs. MITRE Windows Matrix:
https://attack.mitre.org/matrices/enterprise/windows/
If you are using Kubernetes you should also consider https://microsoft.github.io/Threat-Matrix-for-Kubernetes/ (we will not do a deeper dive on Kubernetes in this article)
Container applications certainly complicate matters for security teams whose task is to reduce risk for the businesses they protect. Containers don’t follow the same rules as modern work environments when it comes to the existing threat landscape.
Since the purpose of using containers is efficiency, bundling application code with its dependencies for seamless, repeatable, and fast deployment at scale, protection must also support these business goals.
Does EDR Provide Any Protection for Containers?
Containers are inherently different from the end user’s SaaS driven assets because they are, by definition, DevOps assets–as we see from the figure above. Container images may be built with custom code (potentially embedded secrets) while also drawing from libraries of pre-built (and therefore potentially vulnerable) binaries.
Therefore, “shifting left” takes on new meaning and requires a process driven DevOps or “code-to-cloud” approach to security.
Considering our earlier EDR-based methods for securing and protecting, we’ll observe that containers are, at their essence, processes, running with their own potentially configured network isolations (port controls). At runtime, they do utilize the VM kernel. The image will have required application binaries as well.
So, it follows that EDR could detect certain “broken rules” of even newly built container apps, that anomalies would be detected if the app begins to act out of normal bounds for an application. More specifically, as an example, signals related to “Create or Modify System Process” https://attack.mitre.org/techniques/T1543/
A capable EDR solution like Microsoft’s Defender for Endpoint (MDE) will cover several of these Techniques.
Additionally, as mentioned above, Defender for Servers P2 provides a set of Docker hardening recommendations aligned with the Center for Internet Security (CIS) Docker Benchmark.
Does EDR Provide Enough Protection for Containers?
But here, also, is where the phrase “too little, too late” comes to mind as, containers, at runtime are meant to deploy, shut down, and redeploy at scale.
Allowing EDR to kill a process to disrupt potential attacks, might also mean shutting down entire business apps at scale, thereby disrupting the balance of risk versus business requirements. So, EDR, though important on the host, won’t be enabled with all of its powerful end-user focused capabilities for container hosts/clusters.
Additionally, EDR might not be aware of the application libraries present in the containerized applications.
How Should Containers Be Secured Then?
Therefore, to properly reduce business risk, defenders, again, need to “shift left,” in this case, ensuring security as the image is being developed.
Like the concept of a layered approach for modern work, defense in depth means reducing the attack surface earlier in the kill chain and utilizing protective and detective tools for the entire kill chain. For instance, in end-user environments, you might be using Defender for Office for anti-phishing policies and to paint the full picture of potential phishing or malware in teams before it ever touches the endpoint, you’ll look to Defender for Identity and Entra ID to mitigate identity risks and add detections such as lateral movement, and you’ll look to Defender for Cloud Apps to create SaaS app usage policies and alert on things like unusual addition of credentials to OAUTH apps.
We will need a similar suite of tools for containers based on how they work. Cloud Native solutions like Defender for Cloud provide a suite of capabilities that help you centrally achieve defense in depth.
Linting at Developer IDE as the application and Dockerfile (https://docs.docker.com/develop/security-best-practices) is built–for example, Docker Linter https://github.com/hadolint/hadolint/releases
Running Static Tests as the code is checked in to repos like GitHub https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-devops-github-connector-microsoft/ba-p/3818803
Running Dynamic Application Security Tests (DAST) as the code is deployed in a test environment–like a test AKS Cluster or temporary Docker Host. These are language agnostic and can be automated in a CI/CD pipeline, automated on a schedule, or run independently by using on-demand scans.
Image Vulnerability scanning as the pipeline uploads the image to a container registry like Azure Container Registry (ACR). The Cloud Native solutions like Defender for Cloud have native integration, and, as a result make this process completely frictionless, (https://learn.microsoft.com/en-us/azure/defender-for-cloud/agentless-vulnerability-assessment-azure)
Once the application is deployed on the VM or Kubernetes Cluster, you will have EDR type technologies to monitor the container’s activities. If you are leveraging Kubernetes the solution should also protect against these techniques https://microsoft.github.io/Threat-Matrix-for-Kubernetes/. Defender for Containers, for example, provides coverage (https://learn.microsoft.com/en-us/azure/defender-for-cloud/alerts-reference#deprecated-defender-for-containers-alerts)
There are many other things that are applicable to securing the pipeline like securing Kubernetes RBAC, ensuring images are pushed/ pulled from private repositories etc.
Summary
We saw that Container Security requires a holistic approach and simply relying on the traditional tools you use for securing your Modern Workspace will not suffice.
Cloud Native solutions like Defender for Cloud provide you with capabilities that allow centralized enforcement of layered security.
Microsoft Tech Community – Latest Blogs –Read More
Revisiting Enterprise Policy as Code v10
As EPAC has reached version 10, it is time to revisit Enterprise Policy as Code (EPAC for short) to give you an update from the original post (https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-policy-as-code-a-new-approach/ba-p/3607843) published on September 12th, 2022.
The maintainers of the OSS project EPAC work daily with Microsoft’s customers implementing Azure governance and security in general and more specifically Policy implementation via EPAC. EPAC was born out of the need to manage Policy at scale, while dramatically reducing the cost of implementation with traditional Infrastructure as Code (IaC) tools, such as ARM, Bicep, and Terraform. Those tools are great for IaC in general; however, their lack the knowledge of dependencies between definitions, assignments, exemptions, and role assignments and the simplifications to Policy Assignments and Policy Exemptions. EPAC understands the dependencies and will sequence the deployment correctly.
EPAC consists of PowerShell scripts and a starter kit:
Deployment scripts to create deployment plans, deploy the created Policy plan, and deploy the created role assignment plans. They can be executed manually (not recommended) or any CI/CD tool capable of running PowerShell core.
Scripts for operational tasks related to Policy, for example: creating remediation tasks at scale, extracting documentation, etc. Note: I’m not covering them in this article.
Hydration scripts, for the initial setup of EPAC. This is a work-in-progress. One of the scripts can extract exiting Policy resources from Azure tenants in EPAC format to enable a smooth transition to EPAC.
Starter kit contains sample pipelines/workflows for Azure DevOps and GitHub.
For the details, please follow these links:
Documentation: https://aka.ms/epac.
PowerShell module in the PowerShell Gallery: https://www.powershellgallery.com/packages/EnterprisePolicyAsCode
GitHub repository with the source code: https://github.com/Azure/enterprise-azure-policy-as-code
Blog Posts:
Azure Enterprise Policy as Code – A New Approach (the original post): https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-policy-as-code-a-new-approach/ba-p/3607843
Azure Enterprise Policy as Code – Azure Landing Zones Integration: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-enterprise-policy-as-code-azure-landing-zones-integration/ba-p/3642784
Infrastructure as Code Testing with Azure Policy: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/infrastructure-as-code-testing-with-azure-policy/ba-p/3921765
Azure Policy Recommended Practices: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-policy-recommended-practices/ba-p/3798024
Alexey Nazarov is starting a new series on Azure Policy. You can find the first entry: link will be added here when it is published.
Getting started
Decide on your approach!
EPAC is extremely flexible as you can implement any Policy development workflow, branching strategy, CI/CD tool, organizational structure for single and multi-tenant scenarios. The key decisions are:
Consume EPAC as a PowerShell module, or by forking the GitHub repo.
Implement GitHub flow (simple) or Release flow (allows for staged deployment of changes) as your CI/CD and branching approach.
One centralized team (recommended) or multiple teams (by function, and/or hierarchical) managing Policy.
Handling existing Policy implementation by
Exporting them into the EPAC repository and subsuming all existing Policies into EPAC (recommended)
Enabling co-existence with the desired state strategy set to owned only. Owned only should be used for a short transitional period (weeks); keeping it longer leads to increasing difficulty managing your Policy deployments.
Implementing EPAC
Create an empty git repository in your favorite source control tool.
Use the hydration kit or manually create Definitions folder.
Populate the Definitions
From scratch (see starter kit)
Export of your environment,
Azure Landing Zones (https://learn.microsoft.com/en-us/azure/architecture/landing-zones/landing-zone-deploy). Note: EPAC contains great integration with Azure Landing Zones (https://azure.github.io/enterprise-azure-policy-as-code/integrating-with-alz/).
Combination of the above.
Create your CI/CD pipelines/workflows in your favorite CI/CD tool.
EPAC deployment scripts
EPAC contains three scripts to deploy Policy. They are individual scripts to enable approval gates and implement the least privilege principle for the service principals executing the job/stages in CI/CD.
EPAC environments
As with any other software development, Policy development requires a development and testing area for just Policy. This can be one or more EPAC environments.
Simple flow using GitHub Flow
In the simplest case you’ll deploy the developed Policy resources to your tenant root or pseudo root beneath tenant root for each tenant. The downside of this approach is that any mistakes in Policy development immediately impact deployments to production, breaking your solutions CI/CD and in rare cases could even break running systems. The obvious advantage is its simplicity. You would name such an environment with the generic word tenant, prod, or something descriptive of the tenants. If you have multiple tenants, your CI/CD will run multiple deployments (one per tenant).
Release flow
If you have differentiated your Azure tenant or tenants into nonprod and prod environments, using Release flow (https://devblogs.microsoft.com/devops/release-flow-how-we-do-branching-on-the-vsts-team/) makes more sense. Steps:
Develop Policy in a feature branch.
Pull request into main, deploys Policy to nonprod after a successful PR merge.
Let it “soak” in for a few days and observe if it causes any issues for your solutions.
Create a releases branch deploys the changes to prod.
If you need to deploy prod Exemptions during the “soak” period, you need a way to fast-track those exemptions without deploying the Policy changes being “soaked”. This is done by creating a releases-prod-exemptions-fast-track branch which plans the deployment with ‘Build-DeploymentPlans ‑BuildExemptionsOnly’ and Deploy the Policies with Deploy-PolicyPlans. No role changes will occur in this pipeline.
Global settings file
The global-settings file ‘global-settings.jsonc’ in the ‘Definitions’ folder for release flow would look like this.
{
“$schema”: “https://raw.githubusercontent.com/Azure/enterprise-azure-policy-as-code/main/Schemas/global-settings-schema.json”,
“pacOwnerId”: “11111111-2222-3333-4444-555555555555”,
“pacEnvironments”: [
{
“pacSelector”: “epac-dev”,
“cloud”: “AzureCloud”,
“tenantId”: “77777777-8888-9999-1111-222222222222”,
“deploymentRootScope”: “/providers/Microsoft.Management/managementGroups/mg-epac-dev”,
“desiredState”: {
“strategy”: “full”,
“keepDfcSecurityAssignments”: false
}
},
{
“pacSelector”: “nonprod”,
“cloud”: “AzureCloud”,
“tenantId”: “77777777-8888-9999-1111-222222222222”,
“deploymentRootScope”: “/providers/Microsoft.Management/managementGroups/mg-nonprod”,
“desiredState”: {
“strategy”: “full”,
“keepDfcSecurityAssignments”: false
}
},
{
“pacSelector”: “prod”,
“cloud”: “AzureCloud”,
“tenantId”: “77777777-8888-9999-1111-222222222222”,
“deploymentRootScope”: “/providers/Microsoft.Management/managementGroups/mg-enterprise”,
“managedIdentityLocation”: “eastus2”,
“desiredState”: {
“strategy”: “full”,
“keepDfcSecurityAssignments”: false
},
“globalNotScopes”: [
“/providers/Microsoft.Management/managementGroups/mg-nonprod”,
“/providers/Microsoft.Management/managementGroups/mg-epac-dev”
]
}
]
}
Policy Assignment and effect parameters
Using JSON for parameters works great for smaller Initiatives and single Policy Assignments. However, when assigning the big security and compliance-oriented Initiatives, such as ‘Microsoft cloud security benchmark’, ‘NIST 800-53’, and ‘CIS’ (often multiple of them), defining ‘effect parameters via JSON is cumbersome and time consuming. You will need to define hundreds or even thousands of parameters. I had a customer which had ~5000 lines of JSON just for the effect parameters. This makes the JSON file hard to maintain and completely unreadable.
EPAC solves this problem by reading them from a spreadsheet (CSV file). The spreadsheet only defines the Policy name and effect, while EPAC will figure out the parameter names and settings for all the assignments driven by this spreadsheet. If the Initiative does not parameterize the effect, EPAC will automatically generate ‘overrides’ to implement. Lastly, if the effect is Deny, EPAC will only set the Policy to deny in one of the Initiatives and set the effect to Audit for the remaining Initiatives; this prevents the already difficult to read error messages blocked by a Deny from getting more complex.
Efficient Exemption definitions
Normally when creating an Exemption for a Policy if that Policy is included in multiple Initiatives assigned (a frequent occurrence with built-in security and regulatory compliance Initiatives), you must define one exemption per Policy, per Assignment, and per Scope and find (tedious) the policyDefinitionreferenceId in the Initiative definition. For an average exemption, this can be tens or even hundreds of entries in the definition files.
Staring with v10.0.0, this can be simplified to one entry, defining instead of a policyAssignmentId and policyDefinitionReferenceId, the Policy definition Id or Name. EPAC will find all the assignments which include that definition either directly assigned, or due to being included in an assigned Initiative and create one exemption per relevant Assignment. EPAC will generate unique names and augment the displayName and description for the exemptions.
Staring in v10.1.0, instead of specifying one scope per entry, you can define a scopes array. EPAC will generate a set of exemptions for each scope while augmenting the displayName and description with the last part of the scope (or a string override in the definition). Assuming five Assignments containing the Policy definition with the specified Id would generate ten Exemptions. If you specified 16 scopes, that number will be an impressive 80 Exemptions.
{
“exemptions”: [
{
“name”: “short-name”,
“displayName”: “Descriptive name displayed on portal”,
“description”: “More details”,
“exemptionCategory”: “Waiver”,
“scopes”: [
“humanReadableName:/subscriptions/11111111-2222-3333-4444-555555555555”,
“/subscriptions/11111111-2222-3333-4444-555555555556/resourceGroups/resourceGroupName1”,
],
“policyDefinitionId”: “/providers/microsoft.authorization/policyDefinitions/00000000-0000-0000-0000-000000000000”,
}
]
}
What we learned
Security and regulatory compliance Initiatives
Limit the number of assigned Initiatives to a handful or less. Always assign ‘Microsoft cloud security benchmark’; Defender for Cloud relies on the input generated by the included Policies.
Management Groups and Policy Resources
Custom Policy/Initiative Definitions and Policy Assignments need to be deployed at a scope. They should always be deployed at the top Management Group (MG) in each tenant. That MG should be the single MG (no siblings) underneath the “Tenant root group” as recommended by Microsoft (see https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/ready/landing-zone/design-areas) or at the actual “Tenant root group” if you are not following Microsoft’s recommendation verbatim. Keep the management group names and display names the same readable name to keep Policy and RBAC elements readable. Do not use GUIDs or other obfuscated names for management groups.
Policy Assignments
Policies are inert elements in Azure until you create a Policy Assignment at a scope. Each assignment should:
Define semi-readable short name (limited to 24 characters by Azure)
Define a readable displayName (visible in Portal).
May have metadata, such as a work item id.
Assignments containing Policies with Modify or DeployIfNotExists Policies require a Managed Identity (MI). The MI must be granted Azure roles, as specified in the details section of the Policy rule. EPAC calculates these. I prefer System-assigned Managed Identity SPN (service principal names) since they cannot be used outside a single assignment, eliminating the minimal (Azure provides controls for the usage) threat of malicious usage. However, to reduce the number of role assignments, user-assigned MI can be used.
Custom Definitions
First question the need for any custom Policy/Initiative definition requested. While the built-in Policies are not perfect, the choices made are often made due to constraints and conflicts between settings and include tradeoffs in risk versus usability. If you still think you need custom definitions, sleep on it, and revisit the topic one more time.
If you have multiple tenants, the same definition should be propagated to every tenant (DRY principle) by EPAC. Do not use a separate repo which would cause copy/paste issue (WET anti-pattern).
Policy Exemptions
Even with the best intentions some Policies may get in the way. If there is a business reason within acceptable risk parameters, you can grant an Exemption.
Exemptions come in two flavors (without any technical meaning):
Mitigated – Most often used for permanent exemptions. An example is allowing public IP addresses for a storage account which is used as an upload folder AND mitigations, such as Virus scans and deleting processed data.
Waiver – Most often used for temporary exemptions to allow a solution team to fix their non-compliant deployment. Generally granted until Monday after the ETA (estimated time of arrival) for the fix.
Exemptions allow metadata. Add a link in metadata to the work item (e.g., Azure DevOps work item, GitHub issue, Jira ticket, etc.) to keep a record of why the exemption was granted and who granted it.
If you exempt an entire subscription with a Mitigated, it is likely that you should have used notScope (called Excluded Scope in Azure Portal) in the Assignment instead.
Warning: When you delete a Policy Assignment with Exemptions, then the Exemptions are not deleted and become orphaned.
Operating Azure Policy
Operational tasks (e.g., Remediation tasks, generating documentation) must be scripted. Do not use CI/CD tools to execute operational tasks since CI/CD is intended to deploy resources, not to operate those resources.
Keeping track of built-in Policy changes
I frequently consult AzAdvertizer (https://www.azadvertizer.net/). In addition, I keep track of changes by cloning and following Microsoft’s official Azure Policy repo on GitHub (https://github.com/Azure/azure-policy/tree/master/built-in-policies). When I receive an email about a merged PR (pull request), I’ll fetch the latest version from GitHub into my clone. This allows me to use Visual Studio Code on my local clone instead of using Azure Portal or GitHub web interface.
That’s it for this round
Remember to thoroughly test the code and policies in a safe environment before deploying to production. If there are any issues with the code, please raise a GitHub Issue.
Until next time.
Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.
Microsoft Tech Community – Latest Blogs –Read More
Boost your career with the help of our latest Azure skilling resources
Like a fast-approaching deadline on a crucial project, the pace of technological advancement can feel daunting. With rapid developments in areas such as AI, cloud optimization, app development, and data analysis, what’s the best way to advance your career?
In this comprehensive overview, we’ll supply you with the latest and greatest of our curated Azure learning resources. Level up your technical skills and unlock exciting career possibilities related to our top 5 Azure solution areas (click to jump to each section):
Data insights with Microsoft Fabric
Enhance developer productivity
The future is AI-powered, and you can be the architect
The AI revolution is well underway. As it fundamentally reshapes our interactions and experiences with technology and the cloud, now is the time to catch up on how Azure AI works.
Let Microsoft Copilot guide your way to inspiration
One of our most exciting recent developments is Microsoft Copilot, an AI companion that works everywhere you do and intelligently adapts to your needs. In our new video series, you will find the best resources for learning how to use Copilot:
Episode 1: Get an overview of Microsoft Copilot and get skilling resources for Dynamics 365 and Power Platform.
Episode 2: Discover available learning resources for GitHub Copilot.
Episode 3: Watch a demonstration of how to set up and use GitHub Copilot with Visual Studio Code and Code Spaces for JavaScript and Python development.
Convenient, efficient data storage with Azure Cosmos DB
After learning how to use Microsoft Copilot to help you develop a new AI-powered intelligent app, you’ll need somewhere to store and manage all that data. Imagine a giant, super-flexible storage box for all your app’s data, accessible from anywhere in the world. That’s Azure Cosmos DB in a nutshell.
Developers around the world recently got started learning about this data storage gamechanger with our Azure Cosmos DB Developer Cloud Skills Challenge. This free, interactive, cheerfully competitive learning experience is built on task-based achievements to help advance your technical skills and prepare for Microsoft role-based certifications.
Accept the challenge to build intelligent apps
Developing your core skills for developing AI-powered intelligent apps is a great way to stay competitive in the market—but we want to make it fun, too. So we launched a series of skills challenges that combine AI, cloud-scale data, and cloud-native app development to put you on the fast track and earn badges along the way!
Maximize Microsoft Fabric for unprecedented data insights
Don’t let data blind spots hold your business back. Microsoft Fabric empowers you to unlock the hidden potential of your data, fueling smarter decisions that drive growth and mitigate risk.
Decipher your data with a little help from your friends
Our Microsoft Fabric Learn Together series has already helped hundreds of data devotees prepare for the Fabric Analytics Engineer Associate certification exam. Watch previous sessions on-demand to help you complete the associated learn module and check back to see when the next live series drops.
Speaking of dream teams, we also recently launched our Fabric Global AI Hack on GitHub. Our experts set up a virtual playground for creating and experimenting with Fabric, and teams submitted their best Fabric AI hacks to win prizes.
The friendly competition didn’t stop there. We also put together two Cloud Skills Challenges to sharpen participants’ data analysis abilities. Anyone looking for a future as a Fabric Analytics Engineer had the chance to earn 50% off their certification exam.
Dive deep into data analytics with these live events
Looking to whip your tech skills into shape? Our Microsoft Virtual Training Days are two-day, four-hour sessions, packed with practical knowledge and interactive exercises for in-demand skills related to Fabric.
Learn even more about Microsoft Fabric, including how you can earn 100% off the cost of a certification exam, at the Fabric Career hub.
Unleash your inner coding machine to enhance developer productivity
With the growing complexity of intelligent apps, unlocking developer productivity is key to building the future. Working smarter and more efficiently is more important than ever, and we’re here to show you how.
Choose your own coding adventure
We recently launched a pair of Cloud Skills Challenges focused on different coding languages but with a shared goal: Teach developers what they need to know to produce effective, efficient code.
The Python Data Science Cloud Skills Challenge has been helping developers become more efficient with this versatile language, especially when building complex applications. Likewise, the Java Apps on Azure Cloud Skills Challenge paved the way for participants to start building, migrating, and scaling Java apps using Azure services.
For more, dive into our complete collection of GitHub and Azure developer learning resources.
Migrate and modernize to the cloud and unlock endless possibilities
Ditch the server headaches. Migrating to the cloud empowers your business with agility, scalability, and a whole lot less IT burden. Explore these recent Azure resources to learn more about migrating and modernizing your tech stack.
Become a guardian of cloud-based data
Want to keep your databases running smoothly and securely? As an Azure Database Administrator, it’s your duty to keep cloud-based data accessible, secure, and performing at its best. One of our recent Cloud Skills Challenges addressed the operational aspects of cloud-native and hybrid data platform solutions.
Take database performance to the next level
The learning resources in our Azure migrate and modernize collection is geared toward helping you better understand how to improve performance with the latest Azure capabilities.
Optimize your cloud resources to supercharge performance
Whether you’re new to the cloud or have already migrated your on-prem workloads to Azure, it’s critical to learn to maximize your investment. Get the most out of your cloud to boost your ROI and watch your success soar.
Make the most of Azure with interactive events
Optimization on Azure is all about getting the most value out of your cloud investment. Our Azure Optimization Cloud Skills Challenge gathered participants to conquer a curated set of lessons about optimizing cloud architectures and workloads—all in 30 days or less.
In our new Optimization Learn Live video series, Azure experts guide learners through using optimization tools effectively, including the Cloud Adoption and Well-Architected frameworks, Azure Pricing, Microsoft Cost Management, and Azure Advisor.
Finally, Azure Optimization Virtual Training Days covered aspects of Azure optimization for learners of any skill level. They had the opportunity to experience implementing security controls, preparing cloud environments with Azure Landing Zones, and assessing and remediating deployed workloads for cost-optimization, operational excellence, performance efficiency, reliability, and security.
Explore optimization at your own pace with these resources
Optimization is a big topic, with several solutions and concepts to learn that will help you thrive in a cloud-based job. Design for optimization from the start and learn to monitor, manage and optimize existing environments in Azure Optimization Learn Modules.
Dig into learning about Azure pricing with top resources on optimizing your cloud compute costs through Azure Reserved Instances and Azure Savings Plans. Learn more about which option is right for your organization based on usage and workloads, and start saving!
Natalie will edit here and rewrite Copilot section to include GitHub Copilot and Copilot all up. [NM1]
Microsoft Tech Community – Latest Blogs –Read More
Attack Simulation Training is now available for GCC High and DoD customers
We are excited to announce that Attack Simulation Training is released for Department of Defense (DoD) and Government Community Cloud High (GCC High) environments.
Attack Simulation Training is an intelligent phish risk reduction tool that measures behavior change and automates deployment of an integrated security awareness training program across an organization. Through this platform you get a safe and controlled environment to gauge awareness levels, identify vulnerabilities, and improve overall security posture. It is designed to simulate realistic phishing attack scenarios, allowing you to see how your end-users would perform in the case of an actual attack. This gives valuable feedback on areas where enhancements can be made, and helps organizations to better comprehend the tactics, techniques, and procedures used by attackers.
Additionally, you can run training only campaigns independently of simulations to make sure that your end users have robust knowledge and skills on recognizing different attack patterns and reporting these. There are 90+ training modules available from Terranova and SANS.
Please note that certain features, such as Payload automation, MDO recommended payloads, ML-based Predicted Compromised Rate, and Attack sim Graph APIs are not available in the GCC High & DoD environments.
Get started:
Attack simulation training can be accessed in web version via:
Department of Defense (DoD) environment: https://security.apps.mil
Government Community Cloud High (GCC High) environment: https://security.microsoft.us
You can access it under Email & Collaboration menu in the Microsoft defender portal (as shown in the below screenshot):
The documentation is same as worldwide environment. You can refer to the documentation here Get started using Attack simulation training | Microsoft Learn
License check:
If your organization has any of the following licenses, you will be able to access Attack simulation in the Microsoft Defender platform:
DoD: Microsoft 365 G5, Office 365 G5, Microsoft 365 G5 Security, Microsoft Defender for Office 365 (Plan 2) for DoD
GCC High: Microsoft 365 E5 for GCC High, Microsoft 365 G5 Security for GCC High, Office 365 E5 for GCC High, Microsoft Defender for Office 365 (Plan 2) for GCC High
Learn more about licensing requirements at Microsoft 365 Defender for US Government customers | Microsoft Docs.
Microsoft Tech Community – Latest Blogs –Read More
Announcing General Availability of Microsoft Entra External ID
I’m thrilled to announce that Microsoft Entra External ID, our next-generation, developer-friendly customer identity access management (CIAM) solution will be generally available starting May 15th. Whether you’re building applications for partners, business customers or consumers, External ID makes secure and customizable CIAM simple.
Microsoft Entra External ID
Secure and customize external identities’ access to applications
Microsoft Entra External ID enables you to:
Secure all identities with a single solution
Streamline secure collaboration
Create frictionless end user experiences
Accelerate the development of secure applications
Secure all identities with a single solution
Managing external identities, including customers, partners, business customers, and their access policies can be complex and costly for admins, especially when managing multiple applications with a growing number of users and evolving security requirements. With External ID, you can consolidate all identity management under the security and reliability of Microsoft Entra. Microsoft Entra provides a unified and consistent experience for managing all identity types, simplifying identity management while reducing costs and complexity.
Building External ID on the same stack as Entra ID allows us to innovate quickly and enables admins to extend the Microsoft Entra capabilities they use to external identities, including our industry-leading adaptive access policies, fraud protection, verifiable credentials, and built-in identity governance. Our launch customers have chosen External ID as their CIAM solution as it allows them to manage all identity types from a single platform:
“Komatsu will be using Entra External ID for all external-facing applications. This will help us deliver a great experience to our customers and ensure we’re a trusted partner that is easy to do business with.”
– Michael McClanahan, Vice President, Transformation and CIO
Streamline secure collaboration
Boundaries between consumers and business customers are blurring, as are the boundaries between partners and employees. Collaborating with external users like business customers and partners can be challenging; they need access to the right internal resources to do their work, but that access must be removed when it’s no longer needed to reduce security risks and safeguard internal data. In this changing world, even trusted collaboration needs least-privilege safeguards, strong governance, and pervasive branding. With ID Governance for External ID, the same lifecycle management and access management capabilities for employees can be leveraged for business guests as well. Guest governance capabilities complement External ID B2B collaboration that’s already widely used by Entra customers worldwide to make collaboration secure and seamless.
For example, you may want to collaborate with an external marketing agency on a new campaign. With B2B collaboration, you can invite the agency staff to join your tenant as guests and assign them access to the relevant resources, such as a Teams channel for communication, a SharePoint site for project management, and a OneDrive folder for file sharing. Cross-tenant access settings allow you to have granular controls over which users from specific external organizations get access to your resources, as well as control which external organizations your users access. ID Governance for External ID will automatically review and revoke their access after a period of inactivity or when the project is completed. This way, you can seamlessly collaborate while ensuring only authorized external users have access to internal resources and data.
Create frictionless end user experiences
Personalized and flexible user experiences are critical to drive customer adoption and retention. External ID lets you reduce end-user friction at sign in by natively integrating secure authentication experiences into your web and mobile apps. You can leverage a variety of authentication options, such as social identities like Google, Facebook, local or federated accounts, and even verifiable credentials to make it easy for your end users to sign-up/sign-in. External ID enables you to immerse end-users in your brand and create engaging user-centric experiences with progressive profiling, increasing end-user satisfaction and driving brand love.
External ID allows you to further personalize and optimize end-user experiences by collecting and analyzing end-user data, improving their user journey while complying with privacy regulations. Our user insight dashboards help monitor user activities and sign-up/sign-in trends, so that you can assess and improve your end-user experience strategy with data.
Accelerate the development of secure applications
Identity is a foundational building block of any modern application, but many developers may have little experience integrating identity and security into their apps. External ID turns your developers into identity pros by making it easy to integrate identity into web and mobile applications with a few clicks. Developers can get started creating their first application in minutes either directly from the Microsoft Entra portal or within their developer tools such as Visual Studio Code. We recently announced that our Native Authentication now supports Android and iOS, allowing developers to build pixel-perfect sign-up and sign-in journeys into mobile apps using either our API or the Microsoft Authentication Library (MSAL):
“A mobile app sign in journey could have taken us months to design and build, but with Microsoft Entra External ID Native Auth, it took the team just one week to build a functionally comparable and even more secure solution.”
– Gary McLellan, Head of Engineering Frameworks and Core Mobile Apps, Virgin Money
Backed by the reliability and resilience of Microsoft Entra, developers can launch from a globally distributed architecture designed to accommodate the needs of growing user bases; ensuring their external-facing apps can handle millions of users during peak periods, without disrupting end-user experiences or compromising security.
Try it out!
We are currently offering an extended free trial for all features until July 1, 2024!* Start securing your external-facing applications today with Microsoft Entra External ID.
After July 1st, you can still get started for free and only pay for what you use as your business grows. Microsoft Entra External ID’s core offer is free for the first 50,000 monthly active users (MAU), with additional active users at $0.03 USD per MAU (with a launch discounted price of $0.01625 USD per MAU until May 2025). Learn more about External ID pricing and add-ons in our FAQ.
*Existing subscriptions to Azure AD B2C or B2B collaboration under an Azure AD External Identities P1/P2 SKU remain valid and no migration is necessary – we will communicate upgrade options once they are available. For multi-tenant organizations, identities whose UserType is external member will not be counted as part of the External ID MAU. Learn more.
Learn More
Want to learn more about External ID? Check out these resources:
Website
Documentation
Developer Center
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Microsoft Entra News and Insights | Microsoft Security Blog
Microsoft Entra blog | Tech Community
Microsoft Entra documentation | Microsoft Learn
Microsoft Entra discussions | Microsoft Community
Microsoft Tech Community – Latest Blogs –Read More
Introducing the 2024 Imagine Cup World Championship Judges!
Get ready for the pinnacle of startup innovation as the Imagine Cup World Championship unfolds live at Microsoft Build on May 21! Three outstanding startups from across the globe are poised to showcase their AI-solutions on the global stage, vying for the coveted title and a chance to win USD100,000 and a mentorship session with Microsoft Chairman and CEO, Satya Nadella.
Since the start of the 2024 season back in October, the competition has been a journey of collaboration with expert mentors and growth for participating startups. From a pool of tens of thousands of applications, the field was narrowed to the elite semifinalists, and now, only three world finalists remain.
As the anticipation mounts for the grand finale, our esteemed panel of judges face a daunting task. Drawing on their industry expertise and personal insights, they will meticulously evaluate each startup’s pitch and engage in Q&A sessions. Their evaluation criteria extends beyond mere innovation to encompass the responsible use of AI technology, accessibility for all users and the fundamental business viability of each startup.
The culmination of this journey promises to be nothing short of spectacular. Live on the global stage, the judges’ decision will be unveiled, determining the ultimate champion of the 2024 Imagine Cup!
But who are the discerning minds tasked with determining the 2024 World Champion?
Let’s meet the judges!
CEO, Neo; Co-founder of Code.org
Ali Partovi heads Neo, a startup accelerator, diverse mentorship community, and VC fund that helps tomorrow’s tech leaders maximize their potential. Ali invests in people smarter than himself and has backed Airbnb, Dropbox, Facebook, & Uber.
He grew up in Tehran during the Iran-Iraq war, attended Harvard, and sold his first startup, LinkExchange, in 1998. He co-founded Code.org (#HourOfCode) to bring Computer Science to classrooms. He’s passionate about education and loves climbing, guitar, puzzles, and family.
Microsoft Corporate Vice President of Ecosystems
As Microsoft Corporate Vice President of Ecosystems, Annie Pearl leads a globally-distributed organization that empowers current and future customers to discover and engage with AI capabilities on the Microsoft Cloud. Teams under her oversight develop and build on platforms, such as Founders Hub and Microsoft Learn, to reach new audiences, skill them on Microsoft’s technology, and help them build the most innovative and AI-driven solutions.
Annie joins Microsoft with +15 years of tech leadership experience in both startup ventures and established enterprises. She served as the Chief Product Officer at Calendly, a premier scheduling automation platform. There, she led the end-to-end strategy and execution of the product vision and roadmap. Under her guidance, Calendly achieved remarkable growth, solidifying its position as the leading scheduling automation tool in the market.
Before her tenure at Calendly, Annie held the role of Chief Product Officer at Glassdoor, where she shaped the product vision and user experience for millions of job seekers and employers worldwide. Earlier in her career, she led Enterprise product teams at Box, contributing to its trajectory both before and after its 2015 IPO. Notably, Annie also played a pivotal role as the VP of Product and a founding team member at Xpert Financial, an early-stage financial services startup.
Annie started her career as a Lawyer and held roles in management consulting before transitioning to the tech industry.
Founder & CEO ROYBI (Roybi Robot & RoybiVerse)
Elnaz is a successful entrepreneur and CEO, renowned for her innovations in the field of EdTech, AI, and Robotics. She is the founder of ROYBI® Robot, an AI-powered smart toy that teaches children language and STEM skills. This groundbreaking product has won several prestigious awards, including being named one of TIME Magazine’s Best Inventions in Education and winning the World Economic Forum smart toy award.
With over 15 years of experience as a serial entrepreneur, Elnaz has established herself as a leader in the industry. As the CEO of ROYBI, an investor-backed EdTech company, she has raised millions in funding to focus on early childhood education and self-guided learning through artificial intelligence.
Elnaz’s journey to success has been shaped by her early experiences growing up as a woman in Iran, where opportunities were limited. However, her drive and passion for entrepreneurship led her to the U.S., where she has significantly contributed to the tech industry. Her achievements include being selected as Inc. Top 100 Female Founders, Nasdaq Entrepreneurial Center Milestone Maker, named the Woman of Influence by Silicon Valley Business Journal, and Entrepreneur of The Year in Silicon Valley.
_________
Whether you’re a tech enthusiast, aspiring entrepreneur, or simply someone who loves to witness the inspiring passion and innovation of students – this is an event you won’t want to miss! Gain insights into cutting-edge use cases of AI technology and discover how these startups are shaping the future to make a real impact on the world.
Tune in, cheer for your favorites, follow along, and get inspired by the ingenuity of these student founders.
Mark your calendars for May 21 to witness this moment!
Microsoft Tech Community – Latest Blogs –Read More
Time Stamp Location
Greetings
I receive daily report from various machines, and I am attempting to locate the change of shifts time stamps.
Is there a way to locate the first previous time stamp from the start of the shift (the end of the previous shift) and the first-time stamp after the start of shift (workers actually start using the machine)
The file is a sample, and the shift change is 6am (06:00:00″ hh:mm:ss).
Either VBA or function will be greatly appreciated so I can stop manually filtering and looking for Less than .25 or greater than .25.
Greetings I receive daily report from various machines, and I am attempting to locate the change of shifts time stamps. Is there a way to locate the first previous time stamp from the start of the shift (the end of the previous shift) and the first-time stamp after the start of shift (workers actually start using the machine) The file is a sample, and the shift change is 6am (06:00:00″ hh:mm:ss). Either VBA or function will be greatly appreciated so I can stop manually filtering and looking for Less than .25 or greater than .25. Read More
“Enhancing Service Delivery at NSFAS through Microsoft Technologies”
By integrating Microsoft technologies, NSFAS can streamline application processes, enhance communication with applicants, and automate administrative tasks, resulting in improved efficiency, transparency, and service delivery to students in need.
By integrating Microsoft technologies, NSFAS can streamline application processes, enhance communication with applicants, and automate administrative tasks, resulting in improved efficiency, transparency, and service delivery to students in need. Read More