This article is contributed. See the original author and article here.
This article is part 1 of a 3 part monitoring series to meet the increasing needs of customers to proactively monitor the Synapse pool resource consumption, workload patterns and other key performance metrics.
In this post, we will cover the dashboards that are available today for us on the Azure portal. These don’t require heavy customization and are very easy to set up.
To create your dashboard, navigate to the Azure Portal Home page -> Synapse Pool resource blade -> Monitoring -> Metrics
Although numerous metrics are available for building dashboards, this segment will cover the 4 most important ones for monitoring your DataWarehouse in this article. We will be using these metrics in the upcoming posts in the series as well.
From the drop down shown above choose max CPU percentage, add max DWU percentage metric and max Data IO Percentage as shown below.
Click on the pencil symbol and edit the name of the chart to your preference.
Please note that DWU Percentage and CPU percentage overlap and you may see only one of them. The DWU percentage is usually either the CPU or IO percentage, whichever is higher.
Now save the chart to a dashboard by clicking the ‘pin to dashboard’ option on the top righthand corner. You will be asked to choose between pinning it to an existing dashboard vs a new one as shown below.
Once the chart is saved/pinned to the dashboard, follow the same process to create the remaining charts as well, as shown below.
2. Active and Queued queries – Concurrency details
Following the same process as above, create another chart on the same dashboard blade by adding active queries and queued queries aggregating on ‘Sum’
3. Workload Group Allocation – Resource classes and their percentage allocation details
For this chart, select workload group allocation by system percent aggregating on ‘Max’ and split by ‘Workload group’. Please note that there is a limit on the number of workload groups you can monitor.
4. Tempdb Utilization – tempdb usage across all the nodes
Add the below mentioned metric to your chart aggregating on ‘Max’. It is important to note that the chart below is the minimum, average or maximum value over a 5 minute window of the average tempdb utilization across all the nodes. In general, tempdb is located on each of the nodes, however, Azure metrics do not show the individual node level tempdb utilization as of yet. This has been brought to the attention of the development teams.
Once all the 4 charts are pinned to the dashboard, resize the charts so that they all fit on one screen like below.
Now that you have the important dashboards setup, you can build additional custom dashboards to get into more granular details about what queries/workloads are affecting your resources. This is not done by graphical user interface entirely and the second part of this post will provide you the step by step process for setting up the same.
Diederik Krols lives in Antwerp, Belgium. He is a principal consultant at U2U Consult where he leads, designs and develops C# and XAML apps for the enterprise and the store. He’s a Windows Development MVP since 2014. Diederik runs the XamlBrewer blog on WordPress and the XamlBrewer repositories on GitHub. Follow him on Twitter @diederikkrols.
Robert Smit is a EMEA Cloud Solution Architect at Insight.de and is a current Microsoft MVP Cloud and Datacenter as of 2009. Robert has over 20 years experience in IT with experience in the educational, health-care and finance industries. Robert’s past IT experience in the trenches of IT gives him the knowledge and insight that allows him to communicate effectively with IT professionals. Follow him on Twitter at @clusterMVP
Marc Lelijveld is a Data Platform MVP, Power BI enthusiast, and public speaker who is passionate about anything which transforms data into action. Currently employed as a Data & AI consultant in The Netherlands, Marc is often sharing his thoughts, experience, and best-practices about Microsoft Data Platform with others. For more on Marc, check out his blog.
Chris Hoard is a Microsoft Certified Trainer Regional Lead (MCT RL), Educator (MCEd) and Teams MVP. With over 10 years of cloud computing experience, he is currently building an education practice for Vuzion (Tier 2 UK CSP). His focus areas are Microsoft Teams, Microsoft 365 and entry-level Azure. Follow Chris on Twitter at @Microsoft365Pro and check out his blog here.
Asma Khalid is an Entrepreneur, ISV, Product Manager, Full Stack .Net Expert, Community Speaker, Contributor, and Aspiring YouTuber. Asma counts more than 7 years of hands-on experience in Leading, Developing & Managing IT related projects and products as an IT industry professional. Asma is the first woman from Pakistan to receive the MVP award three times, and the first to receive C-sharp corner online developer community MVP award four times. See her blog here.
This article is contributed. See the original author and article here.
Hi IT Pros,
Today we discuss about preparing our MD for Endpoint on Organization’s MacOS Systems and make them ready for “Big Sur”, the greatest and latest version of Mac operating system which is released by Apple on the 12th of November, 2020. Big Sur enhance MDM (Mobile Device Management) protocol as key for automated device enrollment, content caching and managing apps. Big Sur’s code running process has been moved from kernel extensions (KEXTs) to system extensions for security reason.
Microsoft Endpoint Manager now supports the following new device configurations on MacOS Big Sur :
Non-OS software updates deferral
“Enable direct download” setting for associated domains · 4096-bit SCEP certificate keys
Prevent users from disabling automatic VPN
Excluded Domains for per-app VPN connections
For Microsoft Defender for Endpoint (WD ATP), Microsoft released an update to Microsoft Defender for Endpoint MacOS that will leverage new system extensions instead of kernel extensions with the following details:
An update to the Microsoft Defender ATP for Mac agent is required on all eligible macOS devices prior to moving these devices to macOS 11.
The update is applicable to devices running macOS version 10.15.4 or later.
To ensure that the Microsoft Defender ATP for Mac update is delivered and applied seamlessly from an end-user experience perspective, a new remote configuration must be deployed to all eligible macOS devices before Microsoft publishes the new agent version.
If the configuration is not deployed prior to the Microsoft Defender ATP for Mac agent update, end-users will be presented with a series of system dialogs asking to grant the agent all necessary permissions associated with the new system extensions.
Even though Microsoft Defender ATP for Mac new implementation based on system extensions is only applicable to devices running macOS version 10.15.4 or later, deploying configuration proactively across the entire macOS fleet will have two benefits:
ensure that even down-level devices are ready for macOS 11 Big Sur upgrade
ensure that Microsoft Defender ATP for Mac continues protecting all macOS devices regardless OS version they were running prior to the Big Sur upgrade.
New configuration profiles for macOS Catalina and newer versions of macOS
You could deploy the Configuration Profile Policies by JAMF or Microsoft Endpoint Manager as your deployment tool. There are Configuration Profiles and Preference Control Policy that need to be deployed:
System Extension configuration profile
Privacy Preferences Policy Control, granting Full Disk Access to the Microsoft Defender ATP Endpoint Security Extension
Network Extension configuration profile
Option 1: JAMF Deployment
System Extension configuration profile
In Computers > Configuration Profiles select Options > System Extensions.
Select Allowed System Extensions from the System Extension Types drop-down list.
Use UBF8T346G9 for Team Id.
Add the following bundle identifiers to the Allowed System Extensions list:
com.microsoft.wdav.epsext
com.microsoft.wdav.netext
Privacy Preferences Policy Control
Add the following JAMF payload to grant Full Disk Access to the Microsoft Defender ATP Endpoint Security Extension. This policy is a pre-requisite for running the extension on your device.
Use com.microsoft.wdav.epsext as the Identifier and Bundle ID as Bundle type.
Set Code Requirement to identifier “com.microsoft.wdav.epsext” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
Set App or service to SystemPolicyAllFiles and access to Allow.
Network Extension Policy
As part of the Endpoint Detection and Response capabilities, Microsoft Defender ATP for Mac inspects socket traffic and reports this information to the Microsoft Defender Security Center portal. The following policy allows the network extension to perform this functionality.
Note
JAMF doesn’t have built-in support for content filtering policies, which are a pre-requisite for enabling the network extensions that Microsoft Defender ATP for Mac installs on the device. Furthermore, JAMF sometimes changes the content of the policies being deployed. As such, the following steps provide a workaround that involve signing the configuration profile.
Save the following content to your device as com.microsoft.network-extension.mobileconfig using a text editor:XML
<string>identifier “com.microsoft.wdav.netext” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
</dict>
</array>
</dict>
</plist>
Verify that the above file was copied correctly by running the plutil utility in the Terminal:
From the JAMF portal, navigate to Configuration Profiles and click the Upload button. Select com.microsoft.network-extension.signed.mobileconfig when prompted for the file.
Option 2: Endpoint Manager Deployment
System Extensions Policy
To approve the system extensions:
In Intune, open Manage > Device configuration. Select Manage > Profiles > Create Profile.
Choose a name for the profile. Change Platform=macOS to Profile type=Extensions. Select Create.
In the Basics tab, give a name to this new profile.
In the Configuration settings tab, add the following entries in the Allowed system extensions section:
Bundle identifier
Team identifier
com.microsoft.wdav.epsext
UBF8T346G9
com.microsoft.wdav.netext
UBF8T346G9
In the Assignments tab, assign this profile to All Users & All devices.
Review and create this configuration profile.
Create and deploy the Endpoint Manager Custom Configuration Profile for MacOS Network Extension, Full Disk Access Policies
The following configuration profile enables the network extension and grants Full Disk Access to the Endpoint Security system extension.
Save the following content to a file named sysext.xml:
<string>identifier "com.microsoft.wdav.netext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
<string>identifier “com.microsoft.wdav.epsext” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9</string>
<key>IdentifierType</key>
<string>bundleID</string>
<key>StaticCode</key>
<integer>0</integer>
<key>Allowed</key>
<integer>1</integer>
</dict>
</array>
</dict>
</dict>
</array>
</dict>
</plist>
Verify that the above file was copied correctly. From the Terminal, run the following command and verify that it outputs OK:
Bash
$ plutil -lint sysext.xml
sysext.xml: OK
To deploy this custom configuration profile: > In Intune, open Manage > Device configuration. Select Manage > Profiles > Create profile.
Choose a name for the profile. Change Platform=macOS and Profile type=Custom. Select Configure.
> Open the configuration profile and upload sysext.xml. This file was created in the preceding step.
Select OK.
> In the Assignments tab, assign this profile to All Users & All devices.
> Review and create this configuration profile.
After this point, your environment is ready for MacOS devices to be upgraded to Big Sur, the MacOS newest version. MD for Endpoint on MacOS Devices will continue functioning normally after a successful OS upgrade.
This article is contributed. See the original author and article here.
2021 is right around the corner, andwith it comesthe optimism a new year brings. A clean slate, a new story to write.
So this week, we invite you to share what you hope to achieve in 2021—and the activities that will get you there.
Do you plantospend more time listening in and sharing on live stream channels? Are there areas you want to brush up on? Do you have projects and goals you can’t wait towork on?Useourfill-in-the-blanktoshareyourcan-do itemsfor 2021.
We sharedthese resourcesrecentlythat supportdeveloperefforts, whether you’re just starting out orare ready to kick it up a notch:
Microsoft Learn Student Ambassadors
In 2020, we launched the Microsoft Learn Student Ambassadors program, where students can join a global community of peers, connect with mentors, learn the skills they need to land a dream job, and make a difference. Applications are open year-round, and we will accept hundreds more Student Ambassadors in 2021
What does it take to go from idea to development without detours? Best-in-class tools and product management are twoof the things that boost velocity, a new McKinsey report found. Find out how toget stuff done fasterin 2021 with this and other real-world strategies.
Intimidated by the idea of learning anewprogramming language?We’ve gota few ways to make it easierso 2021 is the year you make it happen. DownloadVisual Studio Code, then dive into tutorials and other resourcesthatyou can go through at your own pace.
Predicting meteor showers using Python and VS Code
Shooting for the moonin 2021? This session mayprovideinspiration. Dr G explains what meteor showers are and how data science is used to predicttheseevents. No coding experience required.
This article is contributed. See the original author and article here.
Original release date: December 24, 2020
CISA has created a free tool for detecting unusual and potentially malicious activity that threatens users and applications in an Azure/Microsoft O365 environment. The tool is intended for use by incident responders and is narrowly focused on activity that is endemic to the recent identity- and authentication-based attacks seen in multiple sectors.
CISA strongly encourages users and administrators to visit the following GitHub page for additional information and detection countermeasures.
DrWare.com uses cookies to provide you the best possible experience. Use of this site means you understand and accept our cookie policy. Find out more.
Recent Comments