This article is contributed. See the original author and article here.
Some of the main goals for adopting DevOps culture in our organization are the reduction of failures in new deployments, be able to update our solutions frequently, improving deployments time, among others.
Implementing DevOps processes into your Team requires trust and responsibility, because as Uncle Ben said, “With great power comes great responsibility.” It’s very common to have elevated access to perform almost or sometimes all actions in an environment. With an Elevated Account or Service Principal, there are some important aspects that we need to consider in order to prevent a disaster.
In this case, I focus on Azure Data Factory (ADF) because it has a special treatment when integrating automatization deployments in Azure DevOps.
As described, to deploy changes that were built into our ADF we have to use “ARM Template Deployment” task which is used to deploy all kind of ARM templates into our environment, but this task has an important and very powerful option, which is “Deployment mode”.
Deployment mode can be “Incremental”, “Complete” and “Validation only”. To see information about what these modes do, you can click the little “i” symbol. Incremental mode will deploy, and update resources described in the ARM template. Validation only will make sure there is access and that the template and parameters are well formed. The option most people don’t need, that is dangerous is “Complete mode”. Complete mode says to make an environment (Management Group, Subscription, or Resource Group) look EXACTLY like the provided ARM template. That means that any resource not defined will be deleted. In ADF deployments, if you have other resources in the same resource group that aren’t in the ADF ARM template, they will be deleted.
There are ways to help mitigate this in case that happened.
Lock or add a policy in the Resource Group to avoid deletion
Fully define your environments and components in Infrastructure as Code so that you can quickly recreate environments either for testing or for Disaster Recovery
Security is a priority. In all aspects of a solution. Have a plan for (BC/DR) Business Continuity / Disaster Recovery from the beginning. That includes testing deployments in environments and having ways to recreate your environment. Make sure that you understand how ARM templates are deployed if using them for deployments. Thank you and please consider these recommendations.
This article is contributed. See the original author and article here.
In the customer experience (CX) game, the last best experience sets the bar for the next. Businesses that are successful at meeting and exceeding their customers’ expectations are hearing glowing testimonials like:
“This brand makes valuable information directly available.” “The salesperson recommended the perfect solution.” “How did the brand know exactly what I was looking for!” “This brand perfectly understands our business goals.” “I received a discount exactly when I needed it.” “Rep x is my trusted advisor.” “This was an amazing service from A to Z.” “This is my favorite brand.”
Excellent CX encourages your customers to purchase your products, be repeat customers, and recommend your brand. It keeps your brand prominent, helps maintain ongoing relationships, and fuels emotional connections, which is especially important in between purchases. So how do we live up to these customers’ expectations? Let’s start by understanding the customer and learning how Microsoft Dynamics 365 Customer Insights, Microsoft Dynamics 365 Marketing, and Microsoft Dynamics 365 Sales can help.
Understanding today’s customer
Triggered by the boom of connectivity and the accelerated shift to digital during COVID-19, customers’ expectations have changedand they are rightfully asking for more. This also applies to business-to-business (B2B) customers, who have adopted the same purchasing behaviors as they have in their personal lives. They want modern, consumer-like experiences that allow them to engage on their own terms.
Customers are seeking more autonomy as they engage with brands. They call for digital first, immediate, self-service solutions. According to Trust Radius, virtually 100 percent of buyers want self-service options for at least part of the buying process, up 13 percent from 2021.1 Once customers make the decision to engage with a salesperson, they expect the person to know their intentions.
To add to this, buying journeys are no longer linear. Customers no longer follow a sequential top-down path across marketing and sales. They go back and forth between content and online and offline channels. However, expectations remain the same for seamless, friction-free interactions that are personalized regardless of the touchpoint.
They tune out one-size-fits-all interactions that make them feel like they’re just another number, especially when businesses could make use of the data collected from their past interactions to anticipate their needs and ultimately deliver better-personalized experiences.
Customer experience and the sales landscape
The sales process has become even more complex. As buyers are faced with economic pressures, customer experience is even more important than ever. This is causing brands to interpret more signals, due to the variety of stakeholders and their indecisiveness in the purchasing process.
And buyers are allowing themselves to be inconsistent as they reconcile decision-making with practical realities. As they engage with a myriad of business stakeholders, their decisions can seem contradictory. This is causing businesses to miss opportunities to simplify the process and deliver relevant experiences across shifting influences.
Customers feel the disconnect and ask questions, such as: “Why do I still see ads for a product I already bought?”, “How could the seller not know about my past order?”, “Why are the promotional messages I’ve seen differ from the vendors’ pitch?”.
Though a small number of businesses can deliver congruous experiences, the truth is that most are failing to connect the dots. Technology, people, and data siloed within different departments are preventing businesses from working as one. Creating a holistic continuum of engagement from customer insights to identifying intent and actioning that information with the right buyer at the right time is a challenge.
Finally, departments such as sales and marketing are misaligned. The businesses’ organizational structures are preventing effective collaboration, and they share different goals, metrics, and key performance indicators (KPIs), too often not oriented toward achieving revenue optimization. In the long run, those inconsistencies in the experiences affect the overall perception of the brand and, most importantly, customers’ satisfaction.
What the research is telling us
Yet CX is where businesses are and will increasingly compete. Most professionals who engage in or lead CX for their businesses or department expect to compete on the basis of CX.
LinkedIn found that for 85 percent of sales and marketing leaders, alignment is the largest opportunity for improving business performance today.2 Marketing needs to orchestrate engagement whenever it’s appropriateincluding prompting sales with intent signals and digital buyer behaviors that indicate that sales engagement would be valuable or welcomed. Sales must consistently use marketing-provided content and technology to improve effectiveness and efficiency. This allows sellers to engage with buyers further down the funnel, increasing the effectiveness of sellers through higher qualified leads.
This is driving the transformation of CX where businesses streamline and automate processes to enhance customers’ interactions with their brand. The goal is to continuously refine CX at every touchpoint to grow and foster an ongoing relationship. “This brand perfectly understands our expectations.”
As an example, Northrup & Johnson, a luxury yacht broker and charter service provider, has seen a shift in the expectations of its buyers, who are increasingly self-exploring digitally throughout their buying processcomparing different models, taking virtual tours, and comparing with competitors. They expect a highly personalized experience both digitally and with the sales team. They want to lead their sales process and not have it dictated to them. Northrup & Johnson engages its customers on all channels with content specific to the yacht models they’ve expressed interest in or the tours they’ve taken. As its customer’s propensity to buy increases, it routes them to a seller at the right moments, such as reaching out after they had a great boat charter experience. Leveraging a unified customer understanding creates self-service experiences that then empower sellers with knowledge of affinities, intent, and lifetime value.
Our approach
So how do you prepare your organization to transform CX and deliver frictionless, outstanding experiences to maintain a competitive edge? One thing is clear: doing things the “old way” is no longer an option.
Companies that require a customer to fill out a web form or start with a phone call will rapidly become irrelevant. Instead, they need to provide consumer-like experiences and be comfortable with unknown visitors to their digital properties. With control ceded to the buyer, they are no longer being forced through a one size fits all funnel and may enter in the middle of the funnel with a preference, then pop up the funnel to assess their options. They could start by buying and then seek knowledge about their purchase, or anything in between. The customer journey needs to flow seamlessly between sales and marketing as a result.
Enabling these experiences starts with data. Instead of customer understanding being limited to that which a seller is willing to manually enter into their customer relationship management (CRM) system, all the interactions, purchases, and multitudes of different data sources can come together to shine a light on the buyer journey. By unifying data, organizations can gain a full understanding of their customers.
Combined with AI capabilities, they can curate a timeline of individual customer interactions, identify relevant behavioral signals in the buying process, and through automated predictive analytics, understand key factors influencing actions and KPIs, such as churn, customer lifetime value (CLTV), net promoter score (NPS), and customer sentiment. Based on those insights, marketing and sales teams can craft real-time single or multi-step personalized journeys that automate the best experiences for each buyer. They can be orchestrated to quickly advance the buyer to the next step of the journey and accelerate the pipeline through marketing-led lead identification that seamlessly notifies sales to contact the buyer at exactly the right time, in the right channel, and with the right offer. “I received a discount exactly when I needed it.”
Through automated lead scoring and AI-powered next-best-action recommendations, these once tedious tasks no longer prohibit sellers from focusing on building relationships and delivering value in every interaction. Based on similar account interactions, sellers can also recommend relevant products to customers (“the salesperson recommended the perfect solution”) and in the long run through repeated on-point exchanges transform relationships (“rep x is my trusted advisor“).
Sellers and marketers can create self-service consumer-like experiences and provide content that contributes to lead generation to meet buyers where they are. “This brand makes valuable information directly available.” They can empower customers to engage on their terms, the conversations are no longer seller-led but guided by the customers’ choice and timing. Customers experiencing self-driven paths are likely to buy more than initially planned.
A key to this is analyzing the effectiveness and pipeline through a common lens and using data to optimize journeys, and personalized content to accelerate the pipeline, improve close rates and increase customer retention.
Bringing these capabilities to the forefront illustrates how CX is driving the need to build sales and marketing alignment. It allows companies to automate empathy and relationship building beyond the sales cycle based not just on who the buyer is, but on the moments that matter to keep the company top of mind, relevant, and the buyer happy. “This was an amazing service from A to Z.”
Transforming customer experience with Dynamics 365 Sales, Dynamics 365 Marketing, and Dynamics 365 Customer Insights
To guide each B2B and business-to-consumer (B2C) business in their CX transformation and accelerate their growth, we provide unrivaled connected sales and marketing capabilities through Dynamics 365 Sales, Marketing, and Customer Insights applications.
Dynamics 365 Customer Insights respects privacy when unifying fragmented data, sometimes from hundreds of data sources across the organizationincluding data from Dynamics 365 Sales, Dynamics 365 Customer Service, Dynamics 365 Supply Chain Management, and Dynamics 365 Marketingto create a unified profile that can be enriched with first- and third-party data sources and used to generate AI-powered insights that identify churn risk and drops in customer sentiment and suggest the next best action to satisfy customers.
These insights about the customer can be activated in real time within Dynamics 365 Marketing to identify segments and preferred channels, trigger flawless journeys, create self-service content, and deliver hyper-personalized experiences not just based on who the customer is, but also in real time based on what they are doing. For example, Biologische Heilmittel Heel, one of the largest pharmaceutical manufacturers of homeopathic remedies worldwide, is using Dynamics 365 to provide its buyersdoctors, pharmacists, and veterinarianswith self-service curated content. Due to the nature of this industry and its complexity across buyers, the message and approach have to be personalized from one customer to the next. This also makes it difficult to support customers throughout their journey with the company. Dynamics 365 has enabled seamless data sharing across the organization, enabling it to understand the customer and orchestrate real-time consumer-like experiences that span sales and marketing while putting the buyer in control.
Through Dynamics 365 Sales, sellers can continue to build seamlessly on marketing efforts. Marketers orchestrate handoffs by identifying prospects showing purchase intent across their buying journey and automatically pass marketing-qualified leads (MQLs) at exactly the right time to optimize sales engagement. With AI-driving sales force automation, sales teams can jumpstart digital selling and meet buyers where they are using sales accelerator sequencing and predictive scoring. Through personalized work lists and AI-optimized next-best-action recommendations, they know exactly what customer and activity to focus on to accelerate sales and increase wins. All these capabilities, along with embedded collaboration and real-time conversation intelligence, boost seller productivity and enable them to read customer signals to know if their engagements and the buyer experience are effective.
Connected, these applications unlock unique opportunities to create individualized experiences that meet customers’ expectations whether they are one-time empathetic interactions or lifetime emotional connections.
Microsoft’s solutions empower your teams to transform CX so that your customer base refers to your organization as “my favorite brand.”
This article is contributed. See the original author and article here.
Financial management is in the midst of a transformative moment. The global operating environment of business today is increasingly complex and prone to turbulence from numerous sources. New business models are disrupting the status quo and challenging the idea of how products and services are delivered and experienced. Finance leaders are assuming greater responsibilities in their organizations and often doing so with smaller team footprints than would have been imaginable a decade ago.
Staying on top of local laws and regulations in several countries is resource-intensive and challenging. Not only do individual countries and regions have their own regulations, but these rules are continuously changing, making compliance a perpetual task that requires close attention. Technology-enabled digital transformation is at the forefront of the tools available to finance leaders who must do more with less. This blog focuses on how Microsoft’s enhanced Tax Calculation capabilities help automate complex tax scenarios and deliver more scalable and easy-to-adopt tax solutions to our customers.
Ernst & Young Global Limited (EY) is one of the largest professional services firms in the world. One of the ways that EY engages with clients is as advisors and system implementers of tax technology. To better understand how Tax Calculation helps organizations scale financial excellence, let’s look at how EY helps its clients quickly deploy highly adaptable tax solutions for their businesses.
“Tax requirements are only getting more complex. Adding flexible and scalable no-code/low-code Tax Calculation capabilities to an already powerful ERP solution, such as Microsoft Dynamics 365, is definitely compelling functionality.”
Greg Hari, Director, Indirect Tax Transformation at EY
Client challenges
In part, one of EY’s clients faced challenges related to significant technical tax complexity across an extensive global footprint. The client’s small finance team was responsible for operating many business scenarios and handling a vast range of transactions.
To effectively manage complex global operations like these from a tax perspective, the business required a solution with the flexibility to scale to support its worldwide footprint and mirror its distinctive corporate structure. At the same time, the solution had to handle today’s unique tax complexities so that the in-house finance team could easily maintain business expertise to operate in all the territories they’re currently in today and allow for future expansion and ever-changing tax regulations.
Traditionally, clients selecting or implementing an enterprise resource planning (ERP) solution in these situations often require an external tax engine to perform tax determination and calculation or frequently end up with a sub-optimal determination solution. And indeed, this was the assumption and potential concern of EY’s client in this circumstance. However, as EY worked with the client during discovery, it explained the features and benefits of the native out-of-the-box Tax Calculation functionality included in Dynamics 365 Finance, which ultimately gave the client assurance over the tax determination that could be delivered.
“A new tax calculation service as a native component of Dynamics 365 was one of the key factors that helped Microsoft cater for the client’s complex requirements. It also gives us ahigh degree of confidence in recommending the solution because we understand it can be configured to meet bespoke requirements without significant coding or expensive customizations.”
Greg Hari, Director, Indirect Tax Transformation at EY
EY successfully supported the client through the implementation and go-live process earlier this year.
Automating complex tax scenarios
The Tax Calculation enhancements to Dynamics 365 released last year have been helping our customers to automate complex tax scenarios that required costly customizations before. Some of the complex scenarios that our customers have successfully enabled while deploying the new Tax Calculation capabilities include:
Transfer price model and limited risk distributor
Consignment warehouses with multiple VAT registrations
EU triangulation transactions
EU VAT on margin
EU distance selling
US origin-based and destination-based sales tax
Tax deductibility by the usage of the goods and services
Organizations can more effectively streamline and automate tax determination and calculation by leveraging our enhanced no-code/low-code tax calculation functionality, which is part of Globalization Studio within Dynamics 365. This can create significant advantages as it allows companies greater functionality to handle more complex enterprise-level scenarios while also reducing some of the maintenance burden and associated risk, even with a relatively small team. It also allows users to easily customize the solution to suit future needs as tax regulations evolve and businesses scale.
A scalable and robust tax calculation service allows both enterprise and small organizations to support and maintain a very effective tax calculation solution in-house.
Greg Hari, Director, Indirect Tax Transformation at EY
The Globalization Studio capabilities offer more than effective tax determination and calculation. Also included are no-code/low-code globalization tools and services and out-of-the-box content for electronic invoicing, tax audit and regulatory reporting, country-specific payment formats, business documents, and more. The combination of these easy-to-use and flexible services and the out-of-the-box content, extended by partners, allows users to operate our solution in more than 200 countries/regions and meet multiple tax compliance requirements and local business practice requirements.
What’s next?
Are you an existing Dynamics 365 user who would like to use the Tax Calculation capabilities in your organization? If so, you can get started today by visiting the Tax Calculation overview documentation.
Or, if you are looking for a solution to optimize across subsidiaries, acquire new companies, or expand internationally and are interested in learning more about the tools to streamline processes, increase compliance, and strategically grow your business globally, we invite you to take a guided tour of Microsoft Dynamics 365 Finance.
This article is contributed. See the original author and article here.
Microsoft is pleased to announce the release of the security baseline package for Windows 11, version 22H2!
Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and customize / implement as appropriate.
This release includes numerous changes to further assist in the security of enterprise customers. Changes have been made for additional protections around hardware and driver security, credential theft, printers, DNS, and account lockout.
Kernel Mode Hardware Enforced Stack Protection
A new feature has been added to the setting located in SystemDevice GuardTurn On Virtualization Based Security called Kernel Mode Hardware Enforced Stack Protection. This new setting is applicable to Windows 11, version 22H2 and above, and provides additional security enhancement for kernel code.
There is a hardware dependency for this new feature that requires Intel Tiger Lake and beyond or AMD Zen3 and beyond.
This setting has a dependency on HVCI (Virtualization Based Protection of Code Integrity). There shouldn’t be any issues as long as enterprises are following the baselines but, if the organization deviates from HVCI, then Kernel Mode Hardware Enforced Stack Protection cannot be enabled.
In enforcement mode, the security baseline configures this setting to Enabled.
Important: If the hardware platform does not support it, then no enforcements are enabled.
While compatibility concerns are unlikely, customers are encouraged to test compatibility to ensure an incompatible driver doesn’t lead to instability.
New in Windows 11, version 22H2, are a set of features to better protect enterprise users who still rely on a username and password for Windows authentication.
These new features, located in Windows ComponentsWindows Defender SmartScreenEnhanced Phishing Protection, ensure that enterprise credentials cannot be used for malicious or unintended purposes. Related user activity is logged in the Microsoft Defender for Endpoint portal.
Because this is an end-user option, the security baseline enforces enablement of the service (the Service Enabled setting) to ensure that the enterprise credentials used in the system are appropriately monitored and audited.
Based on Microsoft Defender SmartScreen’s robust security infrastructure, when a user enters their credentials into a known phishing or malicious site, the service alerts the user as illustrated below. In this scenario, the setting Notify Malicious is set to Enabled.
Should an enterprise user re-use their corporate credentials in another application or website, a notification is displayed and logged, as illustrated below. In this scenario, the setting Notify Password Reuse is set to Enabled.
Should the user decide to save their passwords in Notepad, WordPad, or other Office applications, this activity is logged with Microsoft Defender for Endpoint and the user is notified of the activity, as illustrated below. In this scenario, the setting Notify Unsafe App is set to Enabled.
Depending on your userbase, incoming support calls may question why the prompts are occurring. Microsoft advises that organizations inform security personnel and end users about the feature and how it helps keep credentials protected.
Printers
It is critical to continue to protect enterprise customers in print scenarios. With Windows 11, version 22H2, several new settings under Administrative TemplatesPrinters are enabled to further protect enterprises, including the following:
Support for RedirectionGuard is added to the print service. RedirectionGuard is a security measure that prevents the use of non-administratively created redirection primitives from being followed within a given process. The setting Configure Redirection Guard is now Enabled as part of the baseline.
Historically, Named Pipes were allowed with Print Spoolers. The use of TCP for the settings Configure RPC connection and Configure RPC listener is now enforced.
Configure RPC over TCP port ensures that the incoming and outgoing connections default to a dynamic TCP port.
Note: This setting typically requires a boundary (firewall) change to allow for a successful connection.
Manage processing of queue-specific files (also called CopyFilesPolicy) was first introduced as a registry key in response to CVE-2021-36958 in September of 2021. This setting allows standard color profile processing using the inbox mscms.dll executable and nothing else. The security baseline is to configure this setting to Enabled with the option of Limit queue-specific files to color profiles.
Limit print driver installation to Administrators was introduced to the security baselines as part of the SecGuide.ADMX before an inbox policy was available. This policy is now contained within the OS, and the MS Security Guide setting is deprecated. However, since both settings write to the same location, the configured values still appear in both locations. The explanatory text in the MS Security Guide is updated to point users to the new location.
Configure RPC packet level privacysetting for incoming connections has been added to SecGuide.ADMX as a result of CVE-2021-1678 and is set to Enabled as part of the baseline. The work of creating and deploying registry keys is now included in the security baseline until the setting becomes inbox to Windows.
DNS Hardening
The setting Configure DNS over HTTPS (DoH) name resolution, located under Administrative TemplatesNetworkDNS Client, was added as part of Windows 11 and Windows Server 2022. It is not yet part of the security baseline because it is too early to mandate encrypted DNS. Enterprises that wish to use encrypted DNS may take the following steps to implement it:
Deploy their own Secure DNS over HTTPS (DoH) server infrastructure, whether self-managed or provided by a vendor.
Configure Windows to use these DoH resolvers.
When DoH servers cannot be reached, enterprises may require their endpoints to hard fail using encryption should the threat model requires this activity.
Note: This requirement breaks scenarios such as captive portals, so it is not a recommended general practice.
The security baseline will adopt this setting in a future release. See Secure DNS Client over HTTPS (DoH) for additional information on DoH.
Configure NetBIOS settings
The setting Configure NetBIOS settings, located under Administrative TemplatesNetworkDNS Client, is configured to Enabled with a sub value of Disable NetBIOS name resolution on public networks. If applicable for your enterprise, optionally adjust this setting to Disable NetBIOS name resolution. In a future release of the security baseline, all name resolution over NetBIOS will be disabled.
Credential Theft Protection
Windows allows the use of custom security support providers and authentication providers to extend the authentication capabilities available during the login flow beyond those supported natively by Windows. These providers are loaded into Local Security Authority Subsystem Service (LSASS). Although they can provide a legitimate function, custom security packages can also be abused by attackers to gain persistence or to access and steal credentials stored in Windows. A new setting has been added to protect against this scenario:
The setting Allow Custom SSPs and APs to be loaded into LSASS, located under SystemLocal Security Authority, restricts the loading of custom security packages.
We recommend that you disable loading custom packages unless the custom package you are using is known.
Additional Local Security Authority (LSA) protection provides defense by running LSA as a protected process. LSA protection was first introduced in the Windows 8.1 security baseline, as part of the original Pass-the-Hash mitigations.
A new setting Configure LSASS to run as a protected process, located under SystemLocal Security Authority, is now included inbox with Windows 11, version 22H2.
The new setting is not backported. Therefore, all previous operating systems should continue to use the MS Security Guide setting LSA Protection, contained in SecGuide.ADMX. The security baseline continues to enforce the value of Enabled with UEFI Lock but does add a new configuration option that allows for LSA protection without UEFI lock. This brings it into parity with other features that support UEFI lock, like Credential Guard and Hypervisor-Protected Code Integrity, and allows more flexibility.
The legacy Multiple Provider Router (MPR) provides notifications to registered credential managers or network providers when there is a logon event or a password change event. MPR was created so that providers that need a user’s password can collect and store credentials. This functionality is used by legitimate applications, but it can also be abused by attackers to harvest logon credentials.
A new settingEnable MPR notifications for the system, located under Windows ComponentsWindows Logon Options is used to disable MPR notifications.
We recommend that you configure this setting to block password disclosure to providers.
Attack Surface Reduction
A new rule Block abuse of exploited vulnerable signed drivers is now included as part of the operating system baselines as part of the Microsoft Defender Antivirus GPO. This rule applies across both client and server and helps prevent an application from writing a vulnerable signed driver to disk.
A new policy Allow Administrator account lockout, located under Security SettingsAccount PoliciesAccount Lockout Policy is added to mitigate brute-force authentication attacks. The recommended values for the policies Account lockout duration and Reset account lockout counter after are adjusted to be consistent with the defaults for out-of-the-box Windows installations.
Existing Windows installations, including upgrades to Windows 11, version 22H2, have not configured by default the Allow Administrator account lockout or other account lockout policies.
Other Changes
Corrected in this release was a mismatch between the security baseline documentation and the accompanying Group Policy for Microsoft Defender Antivirus settings. The documentation stated that Windows ComponentsMicrosoft Defender AntivirusReal-time ProtectionTurn on behavior monitoring should be set to Enabled, but the actual GPO remained in a Not Configured state. This is corrected in this release.
This article is contributed. See the original author and article here.
Today, Microsoft announced the general availability of Windows 11 2022 Update, the first major update to the operating system that secures your hybrid work. This update includes some critically important new features designed to keep your organization safe in an ever-changing threat landscape without compromising the Windows experiences that help your employees collaborate and do their best work.
Recent Comments