This article is contributed. See the original author and article here.
Special thanks to @edilahav for collaborating on this blog post with me!
In this blog post, we will review the new Azure Sentinel data streams for Azure Active Directory non-interactive, service principal, and managed identity logins. We will also share the new security content we built and updated in the product, which includes analytics rules for the detection part and workbooks to assist our customers to deal with this blind spot.
The shift to the cloud and the rise of automation tasks and service-to-service integration have contributed to a dramatic increase in the use of managed applications, service principals, and managed identities.
These new security objects perform login activity which is not captured in Azure Active Directory’s traditional sign-in logs.
The updated Azure Active Directory data connector now brings these important sign-in events into Azure sentinel.
What are non-interactive logins?
Non-interactive user sign-ins are sign-ins that were performed by a client app or an OS component on behalf of a user. Like interactive user sign-ins, these sign-ins are done on behalf of a user. Unlike interactive user sign-ins, these sign-ins do not require the user to supply an Authentication factor. Instead, the device or client app uses a token or code to authenticate or access a resource on behalf of a user. In general, the user will perceive these sign-ins as happening in the background of the user’s activity.
Some activity that is captured in these logs:
A client app uses an OAuth 2.0 refresh token to get an access token.
A client uses an OAuth 2.0 authorization code to get an access token and refresh token.
A user performs single sign-on (SSO) to a web or Windows app on an Azure AD joined PC.
A user signs in to a second Microsoft Office app while they have a session on a mobile device using FOCI (Family of Client IDs).
Why is it so important to monitor and detect activities in this area?
Some examples that highlight why it’s so important to collect, and get visibility into these logs as part of your detections and hunting:
SolarWinds campaign – As part of our learning on the SolarWinds campaign investigation, we used these logs in the hunting phase to check if the malicious actor used a sensitive app to gain “Data Access”.
I’m sharing a Tweet from one of our senior security researchers from the days of the investigation:
“Audit the creation and use of service principal and application credentials. Sparrow will detect modifications to these credentials. Look for unusual application usage, such as dormant or forgotten applications being used again. Audit the assignment of credentials to applications that allow non-interactive sign-in by the application. Look for unexpected trust relationships that have been added to Azure AD. (Download the last 30 days of non-interactive sign-ins from the Azure portal or use Azure Sentinel.)”
What is the benefit of collecting these new log streams into Azure Sentinel?
Azure Sentinel is a cloud-native SIEM that offers rich security content around these new log streams to bring security value to customers that enable it.
Some of the content we offer:
Analytics Rules
@shainw from the MSTIC team updated 24 analytics rules that perform correlations of non-interactive logins with traditional logins and search for anomalies and suspicious activities.
Workbooks
@ShaharAviv updated the Azure Active Directory sign-in workbook and created a coherent view that aggregates these 2 types of logins activity.
This article is contributed. See the original author and article here.
Head pic for article “Start debugging your Power App”
Make troubleshooting and understanding single elements easier.
They exist. Those little moments that drive you crazy. Things simply don’t work; they don’t work the way you imagined and you almost despair because it just doesn’t want to go on. Or they break. I swear I didn’t touch anything, yet all of a sudden, my functions are broken. WHAT THE HECK???
I’ve built a few apps by now and I always realize that I have a different view and approach than classic developers. I’m a citizen developer, with no IT knowledge and no technical background, and I’ve learned some useful techniques while building apps that I benefit from with every app. Really, with every app.
I have talked to many people and found that these little tips and tricks can save you a lot of nerves and a lot of frustration. If you haven’t read my blog about9 things I wish I learned before I build my first Power App, you should check it out, but this one here is the next step. It’s not only about troubleshooting and debugging, but some of those tips will also just keep you sane or teach you good habits that will make your app building experience easier.
So, let’s lift our troubleshoot and debugging experience on the next level
Keep calm and let’s build apps.
1. Duplicate your screen
Remember my tip to build your app step by step? If you don’t add all the functionality at once, your app grows over time. At some point your pretty satisfied with your app but you want to try out new things and add others.
If you don’t know how some functions work exactly, always duplicate your screen, before adding new things.
While building your app and adding new functions, you need to add things, you need to delete others to make it work. And you don’t want to mess with the progress you’ve made so far.
A duplicated screen is like an additional save game slot, just to make sure. If you break everything, you can always go back.
Duplicate your screen before trying out new things
2. Use debug label
Label are a life saver in Power Apps. They literally make things visible. Let me show you an example. I have a time app and I control the timer with a variable calledUhr_tickt. If it’s set to true, the clock is ticking, if it’s set to false it isn’t. The “Go!” button sets the variable to true, the stop button sets it to false.
While testing your app and adding a new functionality, I tried to make the Reset button work and had a hard time figuring out, why it wasn’t working. Quite often it was because my variableUhr-ticktwasn’t set the correct way. Is my timer not starting, because theUpdateContextfunction for my variable wasn’t working or was it something else?
That’s when I added a debug label. It’s a simple label that shows you the status of your variable. This way you can actually see, what’s happening in the background, making debugging and troubleshooting so much easier.
Demonstrating how debug label can give you information of the state of a varible
3. Build a button
Build a button to test a function. If it works, include it in your desired function.
I’ve said this a million times before, but it is the most helpful habit, ever. If you want to add a new functionality, don’t put it on top of that main function you have. Insert a button and try the new functionality on that button. If it works, add it to the place where you want to have it.
But if it doesn’t work, you will never wonder where the error is.
4. Snap to align
Okay, this one is a mini tipp: Did you ever try to align some buttons or elements and the snap to align functionality drives you crazy? Often it helps to arrange your elements but sometimes it’s your worst enemy.
Did you know, that you can disable this function by holding the Alt-Key while placing elements?
5. Use more Excel
Whaaaat? More Excel, are you sure? Okay, hear me out. Did you know, that Power FX (the syntax used in Power Apps) is based to Excel functionalities.
I’m pretty sure you’ve seen that If-Statement before, haven’t you? That is because Power FX is designed for people who are familiar with Excel functions.
But how can we make use of it?
I often have a hard time trying to visualize how my data sources work. If I want to write a functionalVLOOKUPfunction, I need to see my tables. That can be difficult with Power Apps because your tables may be anywhere. Somebody gave me the tip to try out difficult functions (AN: like nested if-functions) (another AN: Try to avoid nested if-functions at ALL costs) in Excel. When they work you can replace the fields in your formula with the fields you need in your Power App.
6. …but it worked a minute ago
Do you know that: You swear you haven’t touched anything, yet all of sudden nothing works anymore? I’ve been there too, and still am from time to time. It happens. Here’s what you do, first thing:
Check your connections. Are they all working fine? No? Go fix them.
Did you just change anything in your data source? Are you sure? Update them anyway.
Did that help already? Good, I thought so.
Check your connections and data sources every once in a while. If you add another column to that SharePoint list and didn’t update your data source….well. It’s a common pitfall, just remember to check those things.
Something else about data sources. If you use SharePoint or Excel in your OneDrive (and yes, both can be very valid data sources, don’t let any “IT pro” tell you something different), consider that not everyone in your organization has access to those. If you published and shared your app, ask yourself if everyone who wants to use it has access to the data source you used.
7. Name the elements you use, as you build them
Develop the habit of re-naming your screens and elements as you build them. That will keep you a lot of frustration and time. Especially if you have multiple screens, apps can become crowdy. So every time you add another function or you want to try something new, unnamed elements can not only cause unnecessary extra work to find the right element you’re looking for. It can also be frustrating, when you keep adding the wrong elements to your function and that causes it to not work. It can be a serious source of errors.
a bunch of unnamed labels and elements
Which label shows you variable and which is just some explanatory text?
8. Learn what the result view is
I haven’t used it for too long because nobody explained it to me. But this a so important to understand in order to learn what it needs for functions to work properly. If you click on functions you can get two important views. The result view and the data type.
By clicking onOffice365Userthe formular bar shows you the original record with all elements.
If it’s not showing at first, click on the little arrow next to the function.
If it’s not showing at first, click on the little arrow next to the function.
This way you can see, what kind of records are stored and what data you can work with.
If you click on the next part of the functionDisplayNamePower Apps will show you what this function does AND what data type you get.
That helps you understanding complex formulars (try it with a filter function to examine what it does) and also how to work with the data. Do you know the error message “This formula expects data of the type value”? If a functions give you data type text, like in theOffice365Usersexample above, you can’t use it in a function that needs a value to work. Here is a comparison between theNow()and theToday()function. The output looks similar, but it’s different data types.DateTimeis some else thanDate.
Difference of functions Now and Today
Difference of functions Now and Today
The formular bar shows it to you, which might help you debugging your app and functions.
9. Dear Diary….
Document what you just learned. Like a learning diary. You will need this knowledge later and you can recycle bits and pieces you’ve once build again and again. Already countless times I was relieved to have written down insights and functions. That way, I can always check back to see how they work. This saves me a lot of time and above all frustration.
Also, the brain processes things differently when you not only think about them but write them down. This additional occupation with learning content consolidates what you just learned.
10. The world gains beauty through all its colors
If you want to make your app pretty and professional (I recommend Luise Freese’s latest blog “How to beautify your Power Apps” on that) you want to use more then the set of standard colors. But I can be a lot of work to paste all the color codes in every single element you have in your app.
But it’s very handy to set your colors in labels to make sure you can quickly use the correct colors.
Set up a label for every color you want to use and set the Color value as you like. To not get confused later on, set the Text value to something clear, likeBackgroundColororIconColorand remember to rename the labels in the Tree view as well (see tipp #7).
Now, whenever you want to use that color you don’t need to remember or copy the Hexcode, but just set the value to your color label by usingIconColor.Color.
Quick, easy and you will always use the correct color without much effort.
Two labels for my most used colors
Fill value of the Rectangle_background
Color value of the Icon_heart
Here you see the Fill and Color values, set by the labels we defined earlier.
There we have it. That are 10 tipps on how to start debugging your app.
Do you like them? Do you have more tipps for me? I’m always happy to get new ideas and hints because I am far from being an expert and I’m always learning
This article is contributed. See the original author and article here.
Initial Update: Saturday, 24 April 2021 04:08 UTC
We are aware of issues within Application Insights and are actively investigating. Some customers may experience data access issue and delayed or missed alerts in East US region.
Work Around: None
Next Update: Before 04/24 06:30 UTC
We are working hard to resolve this issue and apologize for any inconvenience. -Vyom
This article is contributed. See the original author and article here.
Good news! Introducing the new Community Mentors Application integration with Teams. This new integration will help you enhance team collaboration, learning, and productivity by creating real-time access to knowledge sharing via micro-mentorship.
Technology and mentorship
Technology can be used to make mentorship more accessible, efficient, and effective, but ultimately,more human. The community mentors application was first introduced three years ago as a mobile app — back when we thought finding a mentor should be as easy as calling a ridesharing service. Today, with many of us spending our days collaborating in Microsoft Teams on our desktop, we’re excited to announce the new Community Mentors Application for Teams.
Built for the way you work
With the Community Mentors App for Teams, you can now:
Easily onboard and activate new members
Discover new connections
Seek real-time guidance and mentorship
Build your network
Drive your own learning and development
Getting started
It is extremely straightforward to download and provides access to the same great features that you experience in the web and mobile app versions. Here’s how to get started:
Click the 3 dots on the bottom right of Teams and search Tribute and add.
Login (one time only! ** reminder: our community’s name is Microsoft Humans of IT)
Get started connecting!
Looking to share your impact at as mentor or to share with your manager your activity to improve your skills?
We now have a downloadable activity report that shows the number of mentorships you have been involved with as well as the feedback from your mentee and mentors. You can locate this report under your profile.
As always you can continue to use the desktop or mobile versions as well. The login instructions are listed below.
Step 3: Use your HoIT login credentials to login to the Community Mentors App. Note: In the field that says “Enter Your Community Name”, please fill in “Microsoft Humans of IT”.
Mobile Application
Click to download on iOS and Android, or simply scan the QR codes below!
Important Note: Make sure you’re on the latest version to get access to all the newest features. The latest version is 3.1 (read more here).
Step 3: Use your HoIT login credentials to login to the Community Mentors App. Note: In the field that says “Enter Your Community Name”, please fill in “Microsoft Humans of IT”.
Scan these QR codes to get the direct link to download our Community Mentors mobile app
Thanks, everyone, for your interest in the Community Mentors Program! As you know, a big part about mentorship is about the fit – that’s why we’ve launched the Community Mentors mobile app so that you’re in the driver’s seat of your own mentorship journey.
Just getting started on the app?
Watch our walkthrough demo to learn how to navigate the Community Mentors mobile app where we empower Humans of IT like you to get mentored and be mentored by other tech professionals around the world! In this video, we will walk you through how the app works, and ways you can get all set up so you can dive into the world of mentoring!
Have ideas on new features you’d like to see, or experiences to add? Submit your ideas here, or feel free to drop us a note at msftcmp@microsoft.com.
Become a mentor/mentee on our Community Mentors app today!
This article is contributed. See the original author and article here.
Update 2104 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released. You can now get BitLocker recovery keys for a tenant-attached device from the Microsoft Endpoint Manager admin center. For example, a help desk technician who doesn’t have access to Configuration Manager could use the web-based admin center to help an end user get a recovery key for their device. Since this feature is still in preview, you need to access it from the Admin center preview option from the Configuration Manager console of the technical preview branch.
Tenant Attach: Historical inventory data in resource explorer – Resource explorer can display a historical view of the device inventory in the Microsoft Endpoint Manager admin center. Since this feature is still in preview, you’ll need to access it from the Admin center preview option from the Configuration Manager console of the technical preview branch.
Tenant attach: Offboarding – While we know customers get enormous value by enabling tenant attach, there are rare cases where you might need to offboard a hierarchy. For example, you may need to offboard following a disaster recovery scenario where the on-premises environment was removed. Starting with Technical Preview 2104, you can now offboard a selected hierarchy.
Support layered keyboard driver during OS deployment – Based on your feedback, this release adds support for layered keyboard drivers during OS deployment. This driver specifies other types of keyboards that are common with Japanese and Korean languages.
Run software updates evaluation from deployment status – You can now right-click and notify devices to run a software updates evaluation cycle from the software update deployment status. You can target a single device under the Asset Details pane or select a group of devices based on their deployment status.
Improvements to Support Center – Starting in this technical preview, the Content view in the Support Center Client Tools has been renamed to Deployments. From Deployments, you can review all of the deployments currently targeted to the device. The new view is grouped by Category and Status. The view can be sorted and filtered to help you find the deployments you’re interested in. Select a deployment in the results pane to display more information in the details pane.
Improvements to CMTrace – This release includes multiple performance improvements to the CMTrace log viewer. Configuration Manager automatically installs this tool in several locations. If you have a copy of CMTrace in another location, consider removing it and using a copy in one of the default paths or updating it to the latest version.
PowerShell release notes preview – These release notes summarize changes to the Configuration Manager PowerShell cmdlets in technical preview version 2104.
Update 2104 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2103 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the Microsoft Evaluation Center. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
We would love to hear your thoughts about the latest Technical Preview! Send us feedback about product issues directly from the console and continue to share and vote on ideas about new features in Configuration Manager.
Workbooks
![[ANNOUNCEMENT] Community Mentors App Update: Introducing the new Tribute app for Teams](https://www.drware.com/wp-content/uploads/2021/04/fb_image-1036.png)
Recent Comments