by Contributed | May 31, 2021 | Technology
This article is contributed. See the original author and article here.
Hello everyone, here is part 8 of a series focusing on Endpoint Protection integration with Configuration Manager. This series is recorded by @Steve Rachui, a Microsoft principal premier field engineer.
This tutorial focuses on how Configuration Manager integrates with Windows Defender Application Control and how it can be used to enforce Windows Defender Application Control settings. The session begins with a review of what Windows Defender Application Control is and why it is a critical security component for protecting devices in your enterprise.
This is final video in the Endpoint Protection series. We hope you found the series helpful.
Posts in the series
Go straight to the playlist
by Contributed | May 31, 2021 | Technology
This article is contributed. See the original author and article here.
Overview
SQL Server Migration Assistant (SSMA) is a suite of 5 tools designed to automate migrations from Oracle, Access, DB2, MySQL and SAP ASE (formerly SAP Sybase ASE) to Microsoft SQL. It automates the conversion of database schemas to a Microsoft SQL Server schemas, deployment of the schemas, data migration to the target SQL Server (see below for supported versions), and validation of migrated objects.
What’s new?
The latest releases of SSMA for Oracle enables automatic partition conversion for Oracle partitioned tables while migrating to Azure SQL and SQL on-premises. You can leverage your Oracle partition strategy and accelerate your migration by retaining the partition model even when there is no direct type mapping in SQL. Moreover you can now automatically convert SKIP LOCKED clause and save significant development time.
In addition, this release includes the following:
- SSMA for MySQL, SSMA for Access and SSMA for SAP ASE surface minor performance improvements and bug fixes
- SSMA for DB2 is enhanced with:
- Improved
VARCHAR_FORMAT emulation function
- Fixed table discovery issues for DB2 for i
Downloads
Supported sources and target versions
Source: For the list of supported sources, please review the information on the Download Center for each of the above SQL Server Migration Assistant downloads.
Target: SQL Server 2012, SQL Server 2014, SQL Server 2016, SQL Server 2017, SQL Server 2019, Azure SQL Database, an Azure SQL Database managed instance, and Azure SQL Data Warehouse (Azure Synapse Analytics)*.
*Azure SQL Data Warehouse (Azure Synapse SQL Pool) is supported as a target only when using SSMA for Oracle.
Resources
SQL Server Migration Assistant documentation
Enabling Automatic Conversions for Partitioned Tables (Ep. 5) | Data Exposed
by Contributed | May 31, 2021 | Technology
This article is contributed. See the original author and article here.
According to MSDN article, ‘DISABLE_PARAMETER_SNIFFING’ instructs Query Optimizer to use average data distribution while compiling a query with one or more parameters. This instruction makes the query plan independent on the parameter value that was first used when the query was compiled. This hint name is equivalent to trace flag 4136 or Database Scoped Configuration setting PARAMETER_SNIFFING = OFF.
Looks like it’s a pretty good hint, However, it doesn’t means you can resolve all parameter sniffing issue by using this query hint.
Actually, the sentence ‘Query Optimizer to use average data distribution while compiling a query with one or more parameters’ is not 100% correct. It really depends on what symbol you used in the where clause.
‘DISABLE_PARAMETER_SNIFFING’ is a replacement of variable, these two have exactly same effect. If you are not familiar with selectivity of variable, please review my post Selectivity and Estimated Row: Variable – Microsoft Tech Community
I’m going to use AdventureWorks 2019 in this post.
——————–Please run this script—————
use AdventureWorks2019
go
IF exists(select 1 from sys.tables where name=’SalesOrderDetail’ and schema_id=schema_id(‘dbo’))
drop table SalesOrderDetail
go
select * into SalesOrderDetail from [Sales].[SalesOrderDetail]
go
create statistics iProductID ON SalesOrderDetail(productid) with fullscan
Go
dbcc traceon(3604,2363)
——————–Please run this script—————
For example, following two stored procedure returns exactly same Estimated rows 456.
create proc ptest1
@pid int
as
select * from SalesOrderDetail where productid>=@pid option(use hint(‘DISABLE_PARAMETER_SNIFFING’))
go
create proc ptest2
@pid int
as
declare @pid1 int =@pid
select * from SalesOrderDetail where productid=@pid1
Go
Trace flag 2363 displays more detail about the selectivity.
———————————-trace flag 2363 output———————————-
Begin selectivity computation
Input tree:
LogOp_Select
CStCollBaseTable(ID=1, CARD=121317 TBL: Sales.SalesOrderDetail)
ScaOp_Comp x_cmpEq
ScaOp_Identifier QCOL: [AdventureWorks2019].[Sales].[SalesOrderDetail].ProductID
ScaOp_Identifier COL: @pid
Plan for computation:
CSelCalcHistogramComparison(POINT PREDICATE)
Loaded histogram for column QCOL: [AdventureWorks2019].[Sales].[SalesOrderDetail].ProductID from stats with id 3
Selectivity: 0.0037594
Stats collection generated:
CStCollFilter(ID=2, CARD=456.079)
CStCollBaseTable(ID=1, CARD=121317 TBL: Sales.SalesOrderDetail)
End selectivity computation
———————————-trace flag 2363 output———————————-
121317*0.0037594=456
Please review Selectivity and Estimated Row: Variable – Microsoft Tech Community for other inequations.
by Contributed | May 31, 2021 | Technology
This article is contributed. See the original author and article here.
Whether you are using Microsoft Azure for development, for production workloads, or for both, it’s important to consider the security of the connections to those cloud systems. Virtual private networks are often used to encrypt traffic between a device and Azure using a private tunnel over the public internet – especially for information and systems you don’t want to be made available to the public or open to the possibility of being captured and read. At scale, a site-to-site VPN can be configured to the internet router used by an office (or home office) so the VPN connection can be used by all the devices on that network. But you can also set up a point to site VPN between just one device and Azure – especially useful for laptops and staff who travel or work from home.
Establishing a VPN connection requires some sort of authentication method – commonly a certificate or a username & password. Microsoft Azure point-to-site connections support Azure certificate authentication, authentication with a RADIUS server, or Azure Active Directory authentication with the OpenVPN(r) protocol. Active Directory authentication was limited to only Windows clients, but we’ve just announced a public preview of this capability for macOS.
This means that your macOS device will be able to establish a point-to-site VPN connection to Microsoft Azure using authentication with your Azure Active Directory credentials. And because you’re using native Azure AD authentication, the additional security features of user-based risk policies, conditional access and multi-factor authentication can now also apply from your Mac device when connecting to the VPN. So, for example, you could ensure that macOS VPN connections are only established from allowed locations, or that other locations force a multi-factor-authentication challenge. Note: while authenticating your VPN with Azure Active Directory does not require any additional Azure AD licensing, some of the premium features (like conditional access) do have Azure AD licensing requirements – check the linked feature documentation for details.
Remember: Public preview features are subject to change and don’t come with a Service Level Agreement. Learn more at Choose the right Azure services by examining SLAs and service lifecycle.
Components of a Microsoft Azure Point-to-Site VPN from macOS with Azure Active Directory authentication
A point-to-site VPN connection from macOS to Microsoft Azure requires:
- An Azure Active Directory tenant
- An Azure virtual network
- An Azure virtual network gateway, with the correct point-to-site configuration.
- A macOS device with a correctly configured Azure VPN Client application.
Network architecture showing a point to site VPN from macOS to Microsoft Azure
The detailed steps
Detailed documentation for each of steps is provided at Microsoft Docs and is updated should the product feature or steps change, but I’ll link to each step in the process here. To implement a VPN client for point-to-site OpenVPN protocol connections from macOS (preview):
Configure an Azure Active Directory tenant.
Register the Azure VPN “Enterprise application”
Create a virtual network
Create a virtual network gateway
Note: You can use an existing virtual network or virtual network gateway if you already have one.
Configure the virtual network gateway & download the VPN client (steps 9-13)
Then on the macOS device:
Install the “Azure VPN Client” application from the Apple Store
Import the connection profile (using azurevpnconfig.xml from the VPN client you downloaded)
Now, when you connect to the Azure VPN, you’ll be promoted for your Azure Active Directory credentials!
Azure AD sign-in for the macOS VPN to Azure
Conclusion:
VPNs are an important component of network security, especially with a remote and mobile workforce. Azure Active Directory authentication for the VPN for macOS devices is easy to configure and lets you take advantage of other Azure AD security features you may be using for other devices in your organisation.
Learn more:
What is a VPN Gateway?
Explore Azure networking services
Architect network infrastructure in Azure
Implement network security in Azure
by Contributed | May 31, 2021 | Technology
This article is contributed. See the original author and article here.
CLI for Microsoft 365
Manage Microsoft 365 and SharePoint Framework projects on any platform
CLI for Microsoft 365 is a cross-platform CLI that allows you to manage various configuration settings of Microsoft 365 and SharePoint Framework projects no matter which operating system or shell you use.
While building solutions for Microsoft 365 expands beyond the Windows operating system, managing many of the platform settings is possible only through PowerShell on Windows. As more and more users work on non-Windows machines, it’s inconvenient for them to have to use a Windows virtual machine to configure their tenants. With the CLI for Microsoft 365, you can configure your tenant no matter which operating system you use. Additionally, using CLI for Microsoft 365, you can manage your SharePoint Framework projects.
New version of CLI for Microsoft 365 – v3.10
Following our monthly release cadence, we’ve released a new version of the CLI for Microsoft 365 with some new capabilities. Here are a few of the most noteworthy additions.
Changes
We’ve continued improving CLI building upon the changes we’ve introduced in the previous version.
Added support for printing errors as JSON in JSON output
When scripting using the CLI, it is common to use the JSON output from commands which makes it easier to work with command responses. In the example below that uses PowerShell we can convert the JSON response into a PowerShell object using the ConvertFrom-Json cmdlet.
$lists = m365 todo list list -o json | ConvertFrom-Json
However if an error was thrown, the CLI would return the error as a plain text string and this can be inconvenient as your script is expecting a JSON response.
To help with error handling when using this approach, we have added support for changing the default error output type to JSON. To set the default output type for errors, execute:
m365 cli config set --key printErrorsAsPlainText --value false
Enhanced spo site apppermission commands
When working with site app permissions using the CLI we previously did not return information about the app roles which can be defined, therefore we have added returning the app roles when using the spo site apppermission get and spo site apppermission list commands in the response.
New Commands
Gets Azure AD app registration roles
When creating applications that use Azure AD authentication we can define custom roles that we can assign permissions to users or apps. The application defines and publishes the app roles and interprets them as permissions during authorization.
To return the roles published by an Azure AD application registration by its name, execute:
m365 aad app role list --appName "My app"
Get the value of a CLI for Microsoft 365 configuration option
We recently announced that we added support for configuring the CLI to your own preferences using the cli config set command, this enables you to change some of the default settings such as changing all command outputs to be JSON rather than text.
To return the current value of a CLI configuration option, execute:
m365 cli config get --key output
Upload files using Microsoft Graph
The ability to upload files has been possible in the CLI for some time using the spo file add command, this command however uses SharePoint-based APIs to perform the upload and does not support new authorisation features such as the ability to control app access to specific site collections using the Sites.Selected permission scope.
To add support for the new permission scope, we have added a new command that uses the Microsoft Graph in its implementation, the existing spo file add command will remain to provide backwards compatibility.
To add a file to a specific site, execute:
m365 file add --filePath file.pdf --folderUrl "https://contoso.sharepoint.com/Shared Documents"
Remove a specified Power App
Microsoft Power Apps is a popular no/low code business application development platform in Microsoft 365 and managing apps created by business users is an important maintenance tasks for administrators. We have extended our support for Power Apps by introducing a command to remove Power Apps from an environment.
To remove a specified Microsoft Power App, execute:
m365 pa app remove --name 3989cb59-ce1a-4a5c-bb78-257c5c39381d
Updates a specific application permission for a site
The Microsoft Graph gives us the ability to create site permissions on SharePoint Online or OneDrive sites, which has been possible in the CLI using the spo site apppermission add command, however it was not possible to update these registrations so we have added a new command to add that support.
To update a specific application permission by its name on a given site collection, execute:
m365 spo site apppermission set --siteUrl https://contoso.sharepoint.com/sites/project-x --appDisplayName Foo --permission read
New script samples
CLI for Microsoft 365 is a great tool both for quick adjustments to the configuration of your Microsoft 365 tenant as well as automating more complex tasks. Because CLI for Microsoft 365 is cross-platform you can use it on any OS and in any shell. To help you get started using the CLI for Microsoft 365 for automation scenarios, we started gathering some sample scripts.
If you have any scripts that you use frequently, please share them with us so that we can learn more about the common automation scenarios.
Replace user in Microsoft 365 Group or Microsoft Team with another user
When an employee leaves an organisation you may want to find and replace the employee account with another account.
This script helps update the membership by accepting the old user to be replaced, the new user that will be added and a CSV file containing the groups or teams to be iterated over.
Monitor site collection storage usage
As a SharePoint Administrator one of your tasks is to ensure that the storage being used in your Microsoft 365 tenant does not exceed the allowance of your tenant so this does not negatively impact daily usage.
This
script helps by iterating over all SharePoint Online sites in your Microsoft 365 tenant, listing any sites that are over a defined storage threshold and emails the results to a specific email address.
Add multiple folders in libraries using a CSV file
When adding files into SharePoint Online, a common task is to create a defined folder structure in target document libraries within a target SharePoint Online site before adding the files.
This
script helps by showing how to create folder structures in different document libraries using a CSV file as an input.
Replace SharePoint Online Site Collection Administrator with another user
When an employee leaves an organisation you may want to find and replace the employee account with another account.
The
script helps by removing a user from a given SharePoint Online site collection and adds a new user as a Site Collection Administrator.
Search Power Automate Flows for specific connections
Microsoft Power Automate is a very powerful workflow tool in Microsoft 365 which use connectors to integrate with different platforms, a common connector that is used is the SharePoint Online connector which help simplify requests made to SharePoint Online, however it can be difficult to get a view of which Power Automate Flows are connected to specific SharePoint Online sites.
This
script helps by iterating over all Power Automate Flows in your Microsoft 365 tenant, searches the exported Flows for a given Site Collection URL and returns the results.
Contributors
This release wouldn’t be possible without the help of (in alphabetical order)
Thank you all for the time you chose to spend on the CLI for Microsoft 365 and your help to advance it!
Work in progress
Here are some things that we’re currently working on.
More commands, what else
Microsoft 365 is evolving and new capabilities are being released every day. With CLI for Microsoft 365, we aim to help you manage your tenant on any platform in a consistent way, no matter which part of Microsoft 365 you interact with. While we keep adding new commands to CLI for Microsoft 365 each release, we still barely scratched the surface with what’s possible in Microsoft 365. In the upcoming versions of the CLI for Microsoft, you can expect us to add more commands across the different workloads in Microsoft 365.
Updating Azure AD apps
Recently, we introduced a command to easily create Azure AD app registrations. Because they’re backbone of every app you’d build on Microsoft 365, we think you should be able to create them as easily as possible. So with CLI for Microsoft 365, you can create a fully configured Azure AD app for the most common scenarios with just one line of code.
We’re currently working on adding support for updating Azure AD app registration which will be helpful for example when building apps for Microsoft Teams. Stay tuned!
Script examples
In every release of the CLI for Microsoft 365, we introduce new commands for managing Microsoft 365. With over 350 commands across the different Microsoft 365 services, the CLI for Microsoft 365 has become a powerful tool, not just for managing your tenant but also for automating your daily work.
We’d love to show you how you can use the CLI for Microsoft 365 to build automation scripts in PowerShell Core and Bash. If you have any scripts using SPO or PnP PowerShell that you use frequently, please share them with us so that we can learn more about the common automation scenarios.
‘ensure’ commands
Recently, we shipped our first ensure command – an easy way to help you that a site with specific settings exists. If it doesn’t, CLI creates it for you, if it does, CLI ensures it has the right properties. All in one line of code. We’d love to hear from you how you like it and if it’s something you’d like us to implement for other commands as well.
Try it today
Get the latest release of the CLI for Microsoft 365 from npm by executing:
npm i -g @pnp/cli-microsoft365
Alternatively, you can get the latest release from Docker by executing:
docker run --rm -it m365pnp/cli-microsoft365:latest
If you need more help getting started or want more details about the commands, the architecture or the project, go to aka.ms/cli-m365.
If you see any room for improvement, please, don’t hesitate to reach out to us either on GitHub or twitter.
Recent Comments