This article is contributed. See the original author and article here.
We’re excited to spotlight our Microsoft Security Experts Discussion Space—a dedicated community designed for cybersecurity practitioners to connect, share insights, and learn together. As we embark on this journey, we want to provide some tips on how you can kickstart and actively participate in discussions, fostering a vibrant and collaborative community of practice.
Getting Started: Tips for Users
Explore Community Topics: Engage in discussions on a variety of topics, such as delving into Defender Experts features, crafting advanced hunting queries, or leveraging Graph API for automation. These are just starting points—feel free to suggest and explore your own areas of interest.
Ask Questions: Don’t hesitate to ask questions, whether you’re a beginner seeking guidance or an expert looking for a fresh perspective. Our community is here to help.
Share Your Expertise: If you have experience in a particular area, share your insights and tips. Your knowledge can be incredibly valuable to others.
Engage in Conversations: Participate in ongoing discussions by providing feedback, sharing your experiences, or offering alternative viewpoints. Engaging with others is key to building a thriving community.
Let’s Get the Conversation Going!
To kick things off, we invite you to check out our most recent thread regarding Sentinel Automation based on Defender Experts Notifications (DENs). This community is a space for collaboration, and your input shapes its growth. Remember, a vibrant community is built on active participation. So, let’s ignite conversations, share knowledge, and make this tech community a hub of inspiration and expertise!
This article is contributed. See the original author and article here.
In past roles, I spent hundreds of hours with colleagues developing our annual strategic plan. We created committees, subcommittees, and teams to identify priorities and initiatives grounded to the organization’s mission and vision. We would ambitiously set our goals for the year and even identify success metrics. While intentions were good, our strategic outcomes always fell short.
Why? This conventional approach took too long, lacked accountability and the rigid planning cycle inhibited our ability to adapt to changing organization needs and shifting priorities. We got stuck in the “set and forget” cycle of setting goals at the beginning of the year and never knowing if our everyday activities at the individual contributor and team levels even rolled up to those institutional goals.
At Microsoft we recognize a defined set of corporate goals not only instills a sense of purpose, accountability, and agility but also helps companies mitigate uncertainty.
How do we escape the organizational goal-setting rut?
In today’s environment when organizations are required to operate faster and more efficiently, having an adaptable goal planning and management processes are essential. Microsoft Viva Goals is a goal management solution that helps ease goal planning and management. Viva Goals helps companies escape the goal-setting rut with capabilities to communicate goals across the organization, measure progress, and realign priorities as needed.
CAI, a global consulting firm, shared how Microsoft Viva Goals helped boost their business agility and enable operational alignment by streamlining its goal planning and management processes. Historically CAI relied on disparate Excel spreadsheets, making it difficult to align strategies across the company. Viva Goals provided them with one centrally managed solution that readily supported an adaptable goal setting strategy. With Viva Goals, CAI was able to move away from Excel spreadsheets and a conventional, linear approach.
“We don’t create a traditional business plan now. We use Viva Goals with our customer-facing project teams to manage progress, align strategy, and create accountability to high-level objectives.”
– Richard Tree: Chief Operating Officer, CAI
Today they are successfully setting business goals, objectives and key results (OKRs) and aligning teams to organizational priorities while at the same time delivering consistent and high-quality services to their customers. They are able to stay agile and responsive to their customers’ needs by modernizing their approach to goal setting.
Read more about CAI’s Viva Goals journey to learn how they were able to boost business agility and operational alignment by adoption an OKR framework.
Bridging the gap between goal setting strategy and execution
Another issue companies face in their goal setting journey is a disconnect between strategy and execution. Commonly, corporate goals are set at the leadership level and not communicated to business units and teams within a company. This makes it hard for individuals to know if their work is impacting the company’s bottom line.
To bridge this gap and help break the “set and forget” cycle, Viva Goals enables leaders to send regular updates across the organization, teams, and even individual views. With better transparency, internal teams are able to align priorities so they can achieve results together.
Microsoft customer, OC Tanner, discussed their journey from goal setting strategy to successful execution with Viva Goals. Regarded as a manufacturing leader and pioneer of the employee recognition industry, they realized that to maintain their leadership position, they needed clear and concise goals communicated across the organization. They chose Viva Goals to help them focus on the most critical priorities.
“Viva Goals helps us keep OKRs established and aligned for the appropriate planning periods and creates visibility across the entire team.”
– Jason Andersen: Vice President of Product, O.C. Tanner
Today OC Tanner incorporates OKRs into all planning and collaborative processes. Viva Goals also plays a key role in their semiannual and quarterly planning processes, which have helped to align everyone on their tasks and ensure their work is laddering up to the big picture. In short, OC Tanner successfully bridged the gap between strategy and execution with Viva Goals.
Read more about how OC Tanner was able to create “unity in focus” with Viva Goals.
Adapting a continuous goal-management framework
Consistent with my own planning experience described in the introduction, many organizations find goal setting arduous. To help better understand the goal setting challenges, Microsoft commissioned a study by Forrester Consulting, 2023 State Of Goal Setting Report.
One of the findings Forrester reported was that although goal setting provides structure and a common vision, the lack of organization wide visibility to corporate goals can hinder teams from meeting their goals. In addition, Forrester also reported that company leaders who regularly revisit and set goals to align with the rhythm of business, were not doing so at other levels of the organization. This also results in employees feeling disconnected and unmotivated with the goal setting process.
At Microsoft, we believe a continuous goal-setting planning lifecycle is an important component to success. The continuous planning cycle involves shorter planning cycles, ability to measure and report progress, analyze performance using scenario-based models, adjust priorities as needed, and repeat for the next evaluation cycle. This approach allows companies to make necessary adjustments to meet their corporate goals and help keep everyone focused on the right work.
Viva Goals provides companies with the tools to define agile processes and framework for planning, measuring, analyzing and adjusting priorities as needed. With the ability to connect to the project management and data tools employees use regularly, such as Azure Dev Ops, Microsoft Project, Microsoft Planner and Power BI, Viva Goals can provide visibility into how progress on daily work is impacting goals.
Using next generation AI from Copilot, Viva Goals helps power organizations to streamline the entire goal management process from start to finish. Whether it be quarterly or monthly planning cycles, Viva Goals enables companies to readily measure, analyze and adjust goals on a regular basis. For more information on how Viva Goals supports continuous planning lifecycle, watch Viva Goals video.
Aligning OKRs across the organization leads to stronger engagement and motivation
In July 2023 we hosted a Viva Goals webinar, “Where are we going?”: How to chart your Viva Goals journey, where we asked more than 100 participants what their biggest goal setting challenge was. Not surprisingly, alignment was the top answer.
Sample responses from participants in our July 2023 webinar
In our experience it’s not just getting alignment at the onset of the goal setting process, it’s also maintaining alignment across the organization. Microsoft customer, Svea Solar, relies on Viva Goals to help employees connect to the company’s founding purpose from the moment they are hired.
“We use Viva Goals to demystify what’s important for each function and get people up to speed faster.”
– Wilhelm Kugelberg: Strategy & Business Development Manager, Svea Solar
Sharing corporate goals provides new hires understand with what they need to do and, more importantly, why their work is important. Svea Solar quickly noticed that aligning employees on OKRs from the moment they are hired, led to stronger engagement and motivation to focus on the right things.
Consistent with Svea Solar’s experience, at Microsoft we also recommend a top-down alignment for stronger impact. Just as important is cross-functional alignment within and across groups to help reduce redundancies as well as leverage the power of meaningful collaboration to achieve operational excellence.
Read more about how Viva Goals helped Svea Solar achieve more and drive efficiency by defining distinct goals.
Viva Goals empowers teams
Effective goal setting not only can lead to stronger alignment, but also empowers teams to work together for greater impact. Goal setting requires commitment, communication, and top-down alignment. In addition, it also requires communication and transparency so employees at all levels understand their contributions and impact. Viva Goals provides companies with the capabilities to be successful in their goal setting journey.
For successful adoption across your organization here are some best practices we have learned in our own journey:
Get executive buy-in to the process and commitment to provide clarity on vision and overall objectives.
Identify OKR champions to scale to and coach individual teams for consistent quality standard. At Microsoft, our OKR champions helped ensure a reasonable number of OKRs are selected for each team which fostered teams to focus on a few items for stronger impact.
Develop and manage organizational OKRs as an outcome of continuous strategic planning cycles and not as a separate, distinct activity. At Microsoft, our OKR champions meet monthly to share best practices and ensure teams are creating clear OKRs on high-level objectives.
Adjust OKRs and priorities on a regular basis with dynamic goal-management practices.
Provide visibility at all levels so leadership team can see progress towards objectives and individual contributors have visibility into how their work contributes to objectives.
To better support your goal setting journey, technology plays a key role in helping to ease the process. Viva Goals provides visibility into organization objectives, enables transparency for both leaders and individual contributors, offers a dashboard to readily measure progress, and integrates with Microsoft ecosystem tools such as Teams, Outlook, PowerBI, Excel and PowerPoint, for easier communication, reporting, and integration.
For questions on Viva Goals, leave us a comment or question below. We are happy to answer your questions on Viva Goals.
For more information on Viva Goals, check out these resources
This article is contributed. See the original author and article here.
Microsoft Fabric is an all-in-one analytics solution for enterprises that covers everything from data movement to data science, Real-Time Analytics, and business intelligence .It offers a comprehensive suite of services, including data lake, data engineering, and data integration, all in one place. This makes it an ideal platform for technical students and entrepreneurial developers looking to streamline their data engineering and analytics workflows.
High-Level Overview of Microsoft Fabric
Microsoft Fabric brings together new and existing components from Power BI, Azure Synapse, and Azure Data Factory into a single integrated environment. These components are then presented in various customized user experiences.Fabric brings together experiences such as Data Engineering, Data Factory, Data Science, Data Warehouse, Real-Time Analytics, and Power BI onto a shared SaaS foundation.
This integration provides several advantages :
An extensive range of deeply integrated analytics in the industry.
Shared experiences across experiences that are familiar and easy to learn.
Developers can easily access and reuse all assets.
A unified data lake that allows you to retain the data where it is while using your preferred analytics tools.
Centralized administration and governance across all experiences.
Benefits of Learning and Using Microsoft Fabric
Learning and using Microsoft Fabric can provide numerous benefits. Here are a few key ones: Simplicity: With Fabric, you don’t need to piece together different services from multiple vendors. Instead, you can enjoy a highly integrated, end-to-end, and easy-to-use product that is designed to simplify your analytics needs. Efficiency: Fabric allows creators to concentrate on producing their best work, freeing them from the need to integrate, manage, or understand the underlying infrastructure that supports the experience. Scalability: Microsoft Fabric is a powerful platform that offers scalability, resilience, simplified development, fault tolerance, and support for microservices, making it an ideal choice for businesses aiming to stay agile and competitive in today’s digital landscape.
Microsoft Learn Resources for Microsoft Fabric
Microsoft Learn offers a variety of resources to help you get started with Microsoft Fabric. Here are a few key ones:
Get started with Microsoft Fabric – Training: This learning path includes 11 modules that cover everything from an introduction to end-to-end analytics using Microsoft Fabric to administering Microsoft Fabric.
Microsoft Fabric documentation: This comprehensive documentation provides an overview of Microsoft Fabric, its capabilities, and how to use it.
So, whether you’re a technical student looking to expand your skillset or an entrepreneurial developer aiming to streamline your data workflows, Microsoft Fabric is definitely worth considering.
This article is contributed. See the original author and article here.
One such error for Azure SQL Database users employing DataSync is: “Database provisioning failed with the exception ‘Column is of a type that is invalid for use as a key column in an index.” This article aims to dissect this error, providing insights and practical solutions for database administrators and developers.
Understanding the Error:
This error signifies a mismatch between the column data type used in an index and what is permissible within Azure SQL DataSync’s framework. Such mismatches can disrupt database provisioning, a critical step in synchronization processes.
Data Types and Index Restrictions in DataSync:
Azure SQL Data Sync imposes specific limitations on data types and index properties. Notably, it does not support indexes on columns with nvarchar(max)that our customer has. Additionally, primary keys cannot be of types like sql_variant, binary, varbinary, image, and xml. What is SQL Data Sync for Azure? – Azure SQL Database | Microsoft Learn
Practical Solutions:
Modify Data Types: If feasible, alter the data type from nvarchar(max) to a smaller variant .
Index Adjustments: Review your database schema and modify or remove indexes that include unsupported column types.
Exclude Problematic Columns: Consider omitting columns with unsupported data types from your DataSync synchronization groups.
If you are looking for a way to modernize your Windows applications, streamline your development process, and scale your business with Azure, you might be interested in learning how other customers have achieved these goals by using Windows Containers on Azure Kubernetes Service (AKS).
Windows Containers on AKS is a fully managed Kubernetes service that allows you to run your Windows applications alongside Linux applications in the same cluster, with seamless integration and minimal code modifications. Windows Containers on AKS offers a number of benefits, such as:
Reduced infrastructure and operational costs
Improved performance and reliability
Faster and more frequent deployments
Enhanced security and compliance
Simplified management and orchestration
Stay tuned for new stories that will be published soon, featuring customers from new industries and with new scenarios using Windows Containers.
In the meantime, we invite you to check out the Windows Container GitHub repository, where you can find useful resources, documentation, samples, and tools to help you get started. You can also share your feedback, questions, and suggestions with the Windows Container product team and the community of users and experts.
This article is contributed. See the original author and article here.
In the rapidly evolving AI landscape, Microsoft Dynamics 365 Business Central is taking the lead with innovations that have equipped more than 30,000 small and medium-sized businesses to achieve success. Powered by next-generation AI, Microsoft Copilot offers new ways to enhance workplace efficiency, automate mundane tasks, and unlock creativity. At a time when nearly two in three people say they struggle with having the time and energy to do their job, Copilot helps to free up capacity and enables employees to focus on their most meaningful work.1
Dynamics 365 Business Central brings the power of AI to small and medium-sized businesses to help companies work smarter, adapt faster, and perform better. AI in Dynamics 365 Business Central improves the way work gets done, enabling you to:
Get answers quickly and easily using natural language.
Save time by automating tedious, repetitive tasks.
Spark creativity with creative content ideas.
Anticipate and overcome business challenges.
Reclaim time for important work
In a small or medium-sized business, there is often a lot to do and not many people to help get it all done, so it’s important to make the most of your limited resources to accomplish your goals. Everyday activities like tracking down documents and bringing new employees up to speed can drain your valuable time. What if you had an AI-powered assistant ready to help you find exactly what you need without the hassle?
Available in early 2024, conversational chat using Copilot in Dynamics 365 Business Central helps you answer questions quickly and easily, locate records faster, and even learn new skills—all using natural language. Save time and effort by navigating to documents without having to use traditional menus, and rapidly onboard new users with answers to questions on how, when, or why to do things. Copilot is your everyday AI companion, helping you to speed through tasks, build momentum, and free time for your most impactful work.
Streamline month-end tasks with enhanced bank reconciliation
Reconciling bank statement transactions with your financial system has often been a tedious monthly chore. Meticulously matching every line item to new or existing accounting entries takes time (and isn’t the most exciting way to spend an afternoon.) In the past, Business Central helped by auto-matching many of the simple one-to-one transactions, but the logic wasn’t able to decipher more complex scenarios such as when multiple charges were paid in a single transaction.
Now, Copilot in Business Central makes bank reconciliation even easier by analyzing bank statements that you import into Business Central, matching more transactions, and proposing entries for transactions that weren’t auto-matched. By comparing and interpreting transaction descriptions, amounts, dates, and patterns across fields, Copilot can help you improve the accuracy of your bank reconciliation while reducing manual effort.
Unlock creativity with marketing text suggestions
Copilot in Business Central helps product managers save time and drive sales with compelling AI-generated marketing text suggestions. Using key attributes like color and material, Copilot can create product descriptions in seconds tailored to your preferred tone, format, and length. Once you’ve made any adjustments, you can easily publish to Shopify or other ecommerce platforms with just a few clicks. Discover how Copilot can help you banish writer’s block and launch new products with ease.
Boost customer service with inventory forecasting
Effective inventory management is crucial in a competitive business environment as it can significantly influence a company’s success and customer retention. This process involves balancing customer service with cost control. Maintaining low inventory reduces working capital, but risks missing sales due to stock shortages. Using AI, the Sales and Inventory Forecast extension uses past sales data to forecast future demand, helping to prevent stockouts. Once a shortfall is identified, Business Central streamlines the replenishment process by generating vendor requests, helping you keep your customers happy by fulfilling their orders on time, every time.
Reduce risk with late payment prediction
Managing receivables effectively is vital for a business’s financial wellbeing. With the Late Payment Prediction extension, you can reduce outstanding receivables and refine your collections approach by forecasting if outstanding sales invoices are likely to be paid on time. For instance, if a payment is anticipated to be delayed, you could modify the payment terms or method for that customer. By proactively addressing potential late payments and adapting accordingly, you can minimize overdue receivables, reduce risk of non-payment, and ultimately improve your financial performance.
Improve financial stability with Cash Flow Analysis
Powered by AI, Business Central can create a comprehensive Cash Flow Analysis to help you monitor your company’s cash position. Cash flow is a critical indicator of a company’s solvency, and cash flow analysis is an important future-focused planning tool that helps you maintain control over your financial health and make proactive adjustments to meet all your financial commitments. With insights from Business Central, you can pivot quickly to safeguard your company’s fiscal wellbeing, such as obtaining loans to cover cash shortfalls or cutting back on credit when you have surplus cash.
Work smarter with Copilot in Business Central
Copilot in Business Central gives your company an edge with AI-powered innovations that are a catalyst for unleashing human potential, fostering creativity, and driving efficiency in ways previously unimaginable. The integration of AI into everyday business processes is not just about staying ahead in a competitive market, it’s about redefining what’s possible in the workplace. With Business Central, your company is empowered to navigate today’s complex business environment with agility, precision, and a renewed focus on what truly matters.
Dynamics 365 Business Central
Work smarter, adapt faster, and perform better with Business Central.
This article is contributed. See the original author and article here.
Introduction
This blog post walks through how to setup anAzure Managed Lustre Filesystem (AMLFS)that will automatically synchronise to an Azure BLOB Storage container. The synchronisation is achieved using the Lustre HSM (Hierarchical Storage Management) interface combined with theRobinhood policy engineand atoolthat reads the Lustre changelog and synchronises metadata with the archived storage. Thelfsazsyncrepository on GitHub contains a Bicep template to deploy and setup a virtual machine for this purpose.
Disclaimer: Thelfsazsyncdeployment is not a supported Microsoft product you are responsible for the deployment and operation of the solution. There are updates that need applying to AMLFS that will require a Support Request to be raised through the Azure Portal. These updates could effect the stabaility of AMLFS and customer requiring the same level of SLA should speak to their Microsoft representative.
Initial Deployment
The following is required before running thelfsazsyncBicep template:
Virtual Network
Azure BLOB Storage Account and container (HNS is not supported)
AMLFS deployedwithout HSM enabled
Thelfsazsyncrepository contains atest/infra.bicepexample to create the required resources:
To deploy, first create a resource group, e.g.
TODO: set the variables below
resource_group=
location=
az group create –name $resource_group –location $location
Then deploy into this resource group:
az deployment group create –resource-group $resource_group –template-file test/infra.bicep
Note: The bicep file has parameters for names, ip ranges etc. that should be set if you do not want the default values.
Updating the AMLFS settings
Once deployment is complete, navigate to the Azure Portal, locate the AMLFS resource and click on “New Support Request”. The following shows the suggested request to get AMLFS updated:
Thelfsazsyncdeployment sets up a single virtual machine for all tasks. The HSM copytools could be run on multiple virtual machines to increase transfer peformance. The bandwidth for archiving and retrieval is constrained to approximately half the network bandwidth available to the virtual machine. It is important to note that the same network will be utilized for both accessing the Lustre filesystem and accessing Azure Storage. This should be considered when deciding the virtual machine size. The virtual machine sizes and expected network performance is availablehere.
The Bicep template has the following parameters:
Parameter
Description
subnet_id
The ID of the subnet to deploy the virtual machine to
vm_sku
The SKU of the virtual machine to deploy
admin_user
The username of the administrator account
ssh_key
The public key for the administrator account
lustre_mgs
The IP address/hostname of the Lustre MGS
storage_account_name
The name of the Azure storage account
storage_container_name
The container to use for synchonising the data
storage_account_key
A SAS key for the storage account
ssh_port
The port used by sshd on the virtual machine
github_release
Release tag where the robinhood and lemur will be downloaded from
os
The OS to use for the VM (options: ubuntu2004 or almalinux87)
The SAS key can be generated using the following Azure CLI command:
# TODO: set the account name and container name below
account_name=
container_name=
The following Azure CLI command can be used to get the subnet ID:
# TODO: set the variable below
resource_group=
vnet_name=
subnet_name=
az network vnet subnet show –resource-group $resource_group –vnet-name $vnet_name –name $subnet_name –query id –output tsv
The following Azure CLI command can be used to deploy the Bicep template (as an alterative to setting environment variables, the parameters could be set in aparameters.jsonfile):
# TODO: set the variables below
resource_group=
subnet_id=
vmsku=”Standard_D32ds_v4″
admin_user=
ssh_key=
lustre_mgs=
storage_account_name=
storage_container_name=
storage_sas_key=
ssh_port=
github_release=”v1.0.1″
os=”almalinux87″
az deployment group create
–resource-group $resource_group
–template-file lfsazsync.bicep
–parameters
subnet_id=”$subnet_id”
vmsku=$vmsku
admin_user=”$admin_user”
ssh_key=”$ssh_key”
lustre_mgs=$lustre_mgs
storage_account_name=$storage_account_name
storage_container_name=$storage_container_name
storage_sas_key=”$storage_sas_key”
ssh_port=$ssh_port
github_release=$github_release
os=$os
After this call completes the virtual machine will be deployed although it will take more time to install and import the metadata from Azure BLOB storage into the Lustre filesystem. The progress can be monitored by looking at the/var/log/cloud-init-output.logfile on the virtual machine.
Monitoring
The install will set up three systemd services for lhsmd, robinhood and lustremetasync. The log files are located here:
‘lhsmd’: /var/log/lhsmd.log
‘robinhood’: /var/log/robinhood*.log
‘lustremetasync’: /var/log/lustremetasync.log
Default archive settings
The synchronisation parameters can be controlled through the Robinhood config file,/opt/robinhood/etc/robinhood.d/lustre.conf. Below are some of the default settings and their locations in the config file:
Name
Default
Location
Archive interval
5 minutes
lhsm_archive_parameters.lhsm_archive_trigger
Rate limit
1000 files
lhsm_archive_parameters.rate_limit.max_count
Rate limit interval
10 seconds
lhsm_archive_parameters.rate_limit.period_ms
Archive threshold
last modified time > 30 minutes
lhsm_archive_parameters.lhsm_archive_rules
Release trigger
85% of OST usage
lhsm_archive_parameters.lhsm_release_trigger
Small file release
last access > 1 year
lhsm_archive_parameters.lhsm_release_rules
Default file release
last access > 1 day
lhsm_archive_parameters.lhsm_release_rules
File remove
removal time > 5 minutes
lhsmd.lhsmd_remove_rules
To update the config file, edit the file and then restart the robinhood service,systemctl restart robinhood.
The lustremetasync service is processing the Lustre ChangeLog continuously. Therefore, actions will happen immediately unless there is a lot of IO all at once where it may take a few minutes to catch up. The following operations will be handled:
Create/delete directories
Directories are created in BLOB storage as an empty object with the name of the directory. There is metadata on this file to indicate that it is a directory. The same object is deleted when removed on the filesystem.
Create/delete symbolic links
Symbolic links are create in BLOB storage as an empty object with the name of the symbolic link. There is metadata on this file to indicate that it is a symbolic link and this contains the path that it is linking to. The same object is deleted when removed on the filesystem.
Moving files or directories
Moving files or directories requires everything being moved to be restored to the Lustre filesystem. The files are then marked as dirty in their new location and the existing files are deleted from BLOB storage. Robinhood will handle archiving the files again in their new location.
Updating metadata (e.g. ownership and permissions)
The metadata will only be updated for archived files that isn’t modified. Modified files will have the metadata set when Robinhood updated the archived file.
This article is contributed. See the original author and article here.
Welcome to an introduction of the concepts and simple approachrequiredfor executing a successful Proof of Concept (PoC) forMicrosoft Defender External Attack Surface Management (Defender EASM). This article will serve as a high-level guide to help you executea simple framework forevaluating Defender EASM, and other itemsto consider when embarking on the journey tounderstandthe Internet exposed digital assets that comprise your external attack surface, so you can view risks through the same lens as a malicious threat actor.
Planning for the PoC
To ensure success, the first step is planning. This entails understanding the value of Defender EASM, identifying stakeholders who need to be involved, and scheduling planning sessions to determineuse cases & requirements and scope before beginning.
For example, one of the core benefits of the Defender EASM solution is that it provides high value visibility to Security and IT (Information Technology) teams that enables them to:
Identify previously unknown assets
Prioritize risk
Eliminate threats
Extends vulnerability and exposure control beyond the firewall
Next, you should identify all relevant stakeholders, or personas, and schedule in 1-2 short planning sessions to document the tasks and expected outcomes, or requirements. These sessions will establish the definition of success for the PoC.
Who are the common stakeholders that should participate in the initial planning sessions? The answer to that question will be unique to each organization, but some common personas include the following:
Vulnerability Management Teams
IT personnel responsible for Configuration Management, Patching, Asset Inventory Databases
Governance, Risk, & Compliance (GRC) Teams
(Optional) GRC aligned Legal, Brand Protection, & Privacy Teams
Internal Offensive Penetration Testing and Red Teams
Security Operations Teams
Incident Response Teams
Cyber Threat Intelligence, Hunting, and Research Teams
Use Cases & Requirements
Based on the scope, you can begin collaborating with the correct people to establish use cases & requirements to meet the business goals for the PoC. The requirements should clearly define the subcomponents of the overarching business goals within the charter of your External Attack Surface Management Program. Examples of business goals and high-level supporting requirements might include:
Discover Uknown Assets
Find Shadow IT
Discover Abandoned Assets
Resulting from Mergers, Acquistions, or Divestitures
Insufficient Asset Lifecycle Management in Dev/Test/QA Environments
Identification of Vulnerabilities
Lack of Patching or Configuration Management
Assignment of Ownership to Assets
Line of Business or Subsidiary
Based on Geographic Location
On-Prem vs Cloud
Reporting, Automation, and Defender EASM Data Integrations
Determining how success will establish the criteria for a successful or failed PoC. Success and Acceptance Criteria should be established for each requirement identified. Weights may be applied to requirements, but measuring success can be as simple as writing out criteria as below:
Requirement: Custom Reporting
Success Criteria: As a vulnerability manager, I want to view a daily report that shows the assets with CVSSv2 and CVSSv3 scores of 10.
Acceptance Criteria:
Data must be exported to Kusto
Data must contain assets & CVSS (Common Vulnerability Scoring System) scores
Dashboards must be created with PowerBI and accessible to user
Dashboard data must be updated daily
Validation: Run a test to validate that acceptance criteria has been met.
Pass / Fail: Pass
Executing the PoC
Implementation and Technical Validation
We will now look at five different use cases & requirements, define the success andacceptance criteria for each, andvalidate that the requirements are met by observing the outcome of each in DefenderEASM.
Use Case 1:Discover Unknown Assets, Finding Shadow IT
Success Criteria: As a member of the Contoso GRC team, I want to identify Domain assets in our attack surface that have not been registered with the official company email address we use for domain registrations.
Acceptance Criteria:
Defender EASM allows for searches of Domain WHOIS data that returns the “Registrant Email” field in the result set.
Validation:
Click the “Inventory” link on the left of the main Defender EASM page.
Figure: Launch the inventory query screen
Execute a search in Defender EASM that excludes Domains registered with our official company email address of ‘domainadmin@constoso.com’ and returns all other Domains that have been registered with an email address that contains the email domain ‘contoso.com’.
Figure: Query for incorrectly registered Domain assets
Click on one of the domains in the result set to view asset details. For example, “woodgrovebank.com” domain.
When the asset details open and confirm that the domain ‘woodgrovebank.com’ is in the upper left corner.
Click on the “Whois” tab.
Note that this Domain asset has been registered with an email address that does not match the corporate standard (i.e., “employeeName@contoso.com”) and should be investigated for the existence of Shadow IT.
Success Criteria: As a member of the Contoso Vulnerability Management team, who just acquired Woodgrove Bank, I want to ensure acquired web sites using the domain “woodgrovebank.com” are redirected to web sites using the domain “contoso.com”. I need to obtain results of web sites that are not redirecting as expected, as those may be abandoned web sites.
Acceptance Criteria:
Defender EASM allows for search of specific initial and final HTTP (Hypertext Transfer Protocol) response codes for Page assets
Defender EASM allows for search of initial and final Uniform Resource Locator (URL) for Page assets
Validation:
Run a search in Defender EASM that looks for Page assets that have:
Initial response codes that cause HTTP redirects (i.e., “301”, “302”)
Initial URLs that contain “woodgrovebank.com”
Final HTTP response codes of “200”
Final URL, post HTTP redirect, that do not contain “contso.com”
Figure: Query for incorrect page redirection
Click one of the Page assets in the result set to see the asset details.
Use Case 3: Identification of Vulnerabilities, Lack of Patching or Configuration Management
Success Criteria: As a member of the Contoso Vulnerability Management team, I need the ability to retrieve a list of assets with high priority vulnerabilities and remediation guidance in my attack surface.
Acceptance Criteria:
Defender EASM provides a dashboard of prioritized risks in my external attack surface
Defender EASM provides remediation guidance for each prioritized vulnerability
Defender EASM provides an exportable list of assets impacted by vulnerability
Validation:
From the main Defender EASM page, click “Attack Surface Summary” to view the “Attack Surface Summary” dashboard
Click the link that indicates the number of assets impacted by a specific vulnerability to view a list of impacted assets
Figure: Attack Surface Insights Dashboard
Validate that Defender EASM provides additional information about vulnerabilities and remediation guidance.
Click the link in the upper right corner titled “Download CSV report” and validate the contents within
Use Case 4: Assignment of Ownership to Assets, Line of Business or Subsidiary
Success Criteria: As a member of the Contoso GRC team, I need the ability to assign ownership of assets to specific business units through, along with a mechanism to quickly visualize this relationship.
Acceptance Criteria:
Defender EASM provides an approach to assigning ownership via labels
Defender EASM allows users to apply labels to assets that meet specific indicators that indicate affiliation with a specific business unit
Defender EASM provides the ability to apply labels in bulk
Validation:
Click the “Inventory” link on the left of the main Defender EASM page to launch the search screen
Run a search that returns all Page assets that are on the IP Block “10.10.10.0/24”. The Page assets on this network all belong to the Financial Services line of business, so it is the only indicator of ownership needed in this example.
Figure: Query to determine Page asset ownership by IP Block
Select all assets in the result set by clicking the arrow to the right of the checkbox as shown in the following image and choose the option for all assets.
Figure: Selecting assets for bulk modification
Click the link to modify assets, followed by the link to “Create a new label” on the blade that appears.
A new screen will appear that allows the creation of a label. Enter a descriptive “Label name”, an optional “Display name”, select a desired color, and click “Add” to finish creating a label.
Figure: Link to modify assets and create a label
Figure: Create label detail
After creating the label, you will be directed back to the screen to modify assets. Validate that the label was created successfully.
Click into the label text box to see a list of labels available to choose from and select the one that was just created.
Click “Update”
Figure: Label selected assets
Click the bell icon to view task notifications to validate the status of labels update.
Figure: View status of label update task
When the task is complete, run the search again to validate that labels have been applied to the assets owned by the Financial Services organization.
Figure: Query to validate labels have been applied to assets
Identify how the Defender EASM solution has provided increased visibility to your organization’s attack surface in the PoC.
Have you discovered unknown assets related to Shadow IT?
Were you able to find potentially abandoned assets related to an acquisition?
Has your organization been able to better prioritize vulnerabilities to focus on the most severe risks?
Do you know have a better view of asset ownership in your organization?
Feedback?
We would love to hear any ideas you may have to improve our Defender EASM platform or where and how you might use Defender EASM data elsewhere in the Microsoft Security ecosystem or other security 3rd party applications. Please contact us via email at mdesam-pm@microsoft.com to share any feedback you have regarding Defender EASM.
Interested in Learning About New Defender EASM Features?
Please join our Microsoft Security Connection Program if you are not a member and follow our Private & Public Preview events. You will not have access to this exclusive Teams channel until you complete the steps to become a Microsoft Security Connection Program member. Users that would like to influence the direction/strategy of our security products are encouraged to participate in our Private Preview events. Members who participate in these events will earn credit for respective Microsoft product badges delivered by Credly.
Conclusion
You now understand how to execute a simple Defender EASM PoC, to include deploying your first Defender EASM resource, identifying common personas, how to set requirements, and measure success. Do not forget! – you can enjoy a free 30-day trial by clicking on the link below.
This article is contributed. See the original author and article here.
This post is co-authored by John Ryan, Manager Functional Architect Dynamics 365 Field Service, Avanade.
One of the most exciting things about the introduction of AI into tools people use every day to do their jobs is the way AI can help revolutionize the way people work. Especially at the frontlines of business, AI provides organizations with innovative and personalized ways to serve customers. According to IDC, 28% of organizations are investing significantly in generative AI.1 This is what’s exciting about the introduction of Copilot in Microsoft Dynamics 365 Field Service.
No doubt about it: modern solutions like Microsoft Dynamics 365 Field Service have already come a long way in helping frontline workers be more productive and efficient in helping customers. But Copilot takes things to the next level by bringing the power of next-generation AI to the frontlines, enabling faster resolution and better service.
Streamline Field Service operations with Copilot
Copilot provides a leap forward in the field service space.
Enabling next-level support with Copilot for Field Service in Outlook and Microsoft Teams
Email has long been a critical communications tool for frontline managers and technicians. New data from Microsoft’s 2023 Work Trend Index Annual Report reveals that over 60% of frontline workers struggle with having to do repetitive or menial tasks that take time away from more meaningful work.2 Now, the Copilot in Dynamics 365 Field Service Outlook add-in can streamline work order creation with relevant details pre-populated from emails.
So, what does that mean, exactly? Copilot can also optimize technician scheduling with data-driven recommendations based on factors such as travel time, availability, and skillset. Frontline managers can see relevant work orders and review them before creating new work orders, and they can easily reschedule or update those work orders as customers’ needs change. In addition, organizations can customize work orders for their frontline needs by adding, renaming, or rearranging fields. Even better, Copilot can assist frontline managers with work order scheduling in Microsoft Teams, saving time and effort to find the right worker for the job.
Frontline managers can also easily open the Field Service desktop app directly from the Copilot add-in via Outlook or Teams to view work orders. There, they can see booking suggestions in the work order and book a field technician without opening the schedule board. The booking is created in Microsoft Dataverse and also gets recorded on the Field Service schedule board automatically. All this saves frontline managers valuable time because they can stay in the flow of work, reduce clicks and context-switching between apps, and create work orders quickly without copy/paste errors. In the Field Service app, they can also review work order list views and edit a work order right in the list without having to reopen it.
Getting answers faster with natural language search with Copilot in Teams
Searching work orders to find specific details about customer jobs or looking for information about parts inventory used to mean switching between apps and searching across different sources for information. Now, to search for work orders or other customer data, agents can ask Copilot through a Teams search. They simply ask what they’re looking for using natural language, and Copilot will return specific information related to their work orders in Dynamics 365 Field Service including status updates, parts needed, or instructions to help them complete the job. The more agents use Copilot, the more the AI assistant learns and can assist agents at their jobs. The future is now.
Empowering field technicians with modern user experience
Frontline managers aren’t the only team members getting a productivity boost from more modern tools. The new Dynamics 365 Field Service mobile experience, currently in preview for Windows 10 and higher, iOS, and Android devices, empowers field technicians by giving them all the relevant, most up-to-date information they need to manage work orders, tasks, services, and products and get their jobs done thoroughly and efficiently. This modern user experience supports familiar mobile navigation, gestures, and controls to streamline managing work order Tasks, Services, and Products. Technicians can save valuable time by quickly updating the status of a booking, getting driving directions to a customer site, and changing or completing work order details. They can even get detailed information about tasks with embedded Microsoft Dynamics 365 Guides, which provide step-by-step instructions, pictures, and videos.
Changing the game for frontline technicians with Copilot in mobile
For field service technicians, having Copilot generate work order summaries that include concise, detailed descriptions of services as well as pricing and costs is a game changer. Work order summaries are generated by Copilot on the fly, synthesizing information from various tabs and fields to break down tasks, parts, services, and problem descriptions into a simple narrative, making it easy for technicians to understand job requirements. And because field technicians often need to work with their hands, they can use the voice-to-text feature to update work orders by describing details including exactly what they did on a job, when they started and finished, and what parts they used. When the work is completed, they can use the app to collect a digital signature from the customer or use voice-to-text to capture customer feedback.
Learn more about the AI-powered experiences in Dynamics 365 Field Service, Teams, and Microsoft’s mixed reality applications for your frontline workforce announced at Microsoft Ignite 2023:
[1] IDC Analyst Brief sponsored by Microsoft, Generative AI and Mixed Reality Power the Future of Field Service Resolution (Doc #US51300223), October 2023
[2] The Work Trend Index survey was conducted by an independent research firm, Edelman Data x Intelligence, among 31,000 full-time employed or self-employed workers across 31 markets, 6,019 of which are frontline workers, between February 1, 2023, and March 14, 2023. This survey was 20 minutes in length and conducted online, in either the English language or translated into a local language across markets. One thousand full-time workers were surveyed in each market, and global results have been aggregated across all responses to provide an average. Each market is evenly weighted within the global average. Each market was sampled to be representative of the full-time workforce across age, gender, and region; each sample included a mix of work environments (in-person, remote vs. non-remote, office settings vs. non-office settings, etc.), industries, company sizes, tenures, and job levels. Markets surveyed include: Argentina, Australia, Brazil, Canada, China, Colombia, Czech Republic, Finland, France, Germany, Hong Kong, India, Indonesia, Italy, Japan, Malaysia, Mexico, Netherlands, New Zealand, Philippines, Poland, Singapore, South Korea, Spain, Sweden, Switzerland, Taiwan, Thailand, United Kingdom, United States, and Vietnam.
This article is contributed. See the original author and article here.
We are excited to announce that Personal Desktop Autoscale on Azure Virtual Desktop is generally available as of November 15, 2023! With this feature, organizations with personal host pools can optimize costs by shutting down or hibernating idle session hosts, while ensuring that session hosts can be started when needed.
Personal Desktop Autoscale
Personal Desktop Autoscale is Azure Virtual Desktop’s native scaling solution that automatically starts session host virtual machines according to schedule or using Start VM on Connect and then deallocates or hibernates (in preview) session host virtual machines based on the user session state (log off/disconnect).
The following capabilities are now generally available with Personal Desktop Autoscale:
Scaling plan configuration data can be stored in all regions where Azure Virtual Desktop host pool objects are, including Australia East, Canada Central, Canada East, Central US, East US, East US 2, Japan East, North Central US, North Europe, South Central US, UK South, UK West, West Central US, West Europe, West US, West US 2, and West US 3. It needs to be stored in the same region as the host pool objects it will be assigned to, however, we support deploying session host virtual machines in all Azure regions.
You can use the Azure portal, REST API, PowerShell to enable and manage Personal Desktop Autoscale.
The following capabilities are new in public preview with Personal Desktop Autoscale:
Hibernation is available as a scaling action. With the Hibernate-Resume feature in public preview, you will have a better experience as session state persists when the virtual machine hibernates. As a result, when the session host virtual machine starts, the user will be able to quickly resume where they left off. More details of the Hibernate-Resume feature can be found here.
Getting started
To enable Personal Desktop Autoscale, you need to:
Create a personal scaling plan.
Define whether to enable or disable Start VM on Connect.
Choose what action to perform after a user session has been disconnected or logged off for a configurable period of time.
Assign a personal scaling plan to one or more personal host pools.
A screenshot of a scaling plan in Azure Virtual Desktop called “fullweek_schedule”. The ramp-down is shown as repeating every day of the week at 6:00 PM Beijing time, starting VM on Connect. Disconnect settings are set to hibernate at 30 minutes. Log off settings are set to shut down after 30 minutes.
If you want to use Personal Desktop Autoscale with the Hibernate-Resume option, you will need to self-register your subscription and enable Hibernate-Resume when creating VMs for your personal host pool. We recommend you create a new host pool of session hosts and virtual machines that are all enabled with Hibernate-Resume for simplicity. Hibernation can also work with Start VM on Connect for cost optimization.
You can set up diagnostics to monitor potential issues and fix them before they interfere with your Personal Desktop Autoscale scaling plan.
Recent Comments