This article is contributed. See the original author and article here.
The introduction of cross-tenant access settings for Microsoft Entra External ID marked a pivotal shift in how organizations manage security and collaboration across different tenants. This blog post dives into the essence of these settings, focusing on their significance for secure B2B collaboration.
Three key areas of focus, include:
The critical aspect of trusting multifactor authentication (MFA) from business collaborators, including the exploration into the balance between maintaining high security standards and ensuring a seamless user experience for B2B guest users, plus highlighting a perspective to simplify authentication processes and reduce administrative burdens.
Offering a closer look at the cross-tenant access settings and how these settings enable more granular control over cross-tenant collaborations. Real-world use cases illustrate the application of these policies in managing and restricting access to ensure security without hindering productivity and cooperation.
Insights into leveraging Microsoft Entra cross-tenant access policies for improved security and collaboration and to ensure a smooth user experience.
Trust MFA from business collaborators (B2B collaboration) by default
In today’s interconnected digital landscape, organizations are increasingly embracing B2B collaboration to streamline workflows and facilitate cooperation with external partners. As part of this collaborative approach, many businesses routinely create guest user accounts within their Microsoft Entra tenants and grant trusted partners access to their resources.
To enhance security, many have already extended the requirement for MFA to B2B guest users. This, however, requires external users in cross-tenant access scenarios to register an additional authentication method in the foreign tenant.
The need for B2B guest users to register for an additional MFA method in the resource tenant basically increases the account security, but at the same time it adds layers of complexity.
User experience disruption in a B2B collaboration scenario
B2B guest users who have already implemented MFA in their home tenant and have become accustomed to the convenience of advanced MFA methods like Windows Hello for Business, encounter disruptions when attempting to access the resource tenant. Even if users have already provided strong authentication in their home tenant, they will still be prompted for authentication again in the resource tenant.
Figure 1: MFA prompt for B2B guest user who access protected resource in foreign tenant
Administrative overhead for IT and users
Both the guest user and the resource tenant’s IT team face additional administrative tasks. For the guest user, navigating a new MFA setup and maintaining an additional MFA registration can be annoying. For the tenant administrator and the support team, managing these additional MFA registrations can increase overhead significantly.
In cases where a guest user loses access to their device or does not have a backup for a new device, regaining access to their account involves additional administrative tasks for both the guest user and the resource tenant’s IT team. The guest user may need to perform a new MFA setup, while the tenant support team need to manage the additional MFA registrations.
Are you wondering why guest users must register an additional authentication method per resource tenant when they already have one in their home tenant? Well, let’s talk about the trust settings in cross-tenant access settings.
Simplifying the authentication process
A more efficient approach to managing MFA in cross-tenant B2B collaborations is to trust the MFA from a guest’s home tenant. Doing so eliminates the need for additional MFA registration and maintenance in the resource tenant. This means that the user can continue to use his usual strong authentication method that he uses in his home tenant and does not have to register another method in the resource tenant. This is a considerable relief for the user and the support team of the resource tenant no longer has to deal with the MFA registrations of the guests.
The MFA default trust settings are configured in the Microsoft Entra admin center (https://entra.microsoft.com). In the default configuration, a Microsoft Entra ID tenant does not trust any incoming MFA from other tenants. To change the behavior, the inbound defaults must be edited. The following screenshots provide a walkthrough and show the desired configuration. The “Trust multifactor authentication from Microsoft Entra tenants” setting is disabled by default and must be enabled.
Figure 2: Cross-tenant access settings in Microsoft Entra admin center
This simple configuration enables B2B guest users to use their existing MFA in their home tenant to satisfy existing MFA requirements in the resource tenant.
Once configured, B2B guest users can use additional authentication methods that have a higher authentication strength than MFA methods that are only available in a foreign resource tenant. This is a very important advantage because this configuration also enables the use of phishing-resistant authentication methods for B2B collaboration.
Figure 4: Comparison of the authentication methods available in the home tenant and a resource tenant
While this configuration is designed to enhance the user experience and ease the administrative efforts, it can inadvertently create security risks. For instance, guest users might opt for simpler, less secure authentication methods in their home tenant compared to the authentication methods typically used in the resource tenant.
To avoid these risks, the cross-tenant access trust settings work seamlessly with Conditional Access and authentication strengths. Plus, with MFA trust, guest users can use the same phishing-resistant authentication methods used in their home tenant like Windows Hello for Business, FIDO2 keys, and certificate-based authentication to get access to the resource tenant.
This key advantage can be used to increase the login security of guest users. When the default trust settings are adjusted, the Conditional Access policies and authentication strengths should be reviewed at the same time.
We explored the benefits of using MFA trust to leverage the same strong authentication methods used by guest users in their home tenant to improve security, usability and efficiency. In the next chapter, we will look at how tenant administrators can control outbound collaboration settings.
Outbound access restrictions
With Microsoft Entra cross-tenant access settings, organizations can manage their collaboration with other Microsoft Entra organizations. These settings provide more granular control over access, allowing you to manage how you collaborate with external organizations. In this section, we will take a closer look at the outbound settings feature and its capabilities.
Tenant restrictions vs. inbound and outbound settings
Tenant restrictions and cross-tenant access settings are two powerful tools that can help you control access to your organization’s resources. While they are often configured together, it’s important to understand that they operate separately from one another.
“Although tenant restrictions are configured along with your cross-tenant access settings, they operate separately from inbound and outbound access settings.
Cross-tenant access settings give you control when users sign in with an account from your organization.
By contrast, tenant restrictions give you control when users are using an external account.”
Think of cross-tenant access settings this way:
Inbound settings control external account access to your internal apps.
Outbound settings control internal account access to external apps.
Tenant restrictions control external account access to external apps.
To summarize, tenant restrictions allow you to create a policy to control access to external apps when users sign in with an external account from your networks or devices while the inbound and outbound access settings focus on guests accounts in your tenant or guest accounts in resource tenants (what your users is accessing and where).
With this all cleared up let’s focus on using an outbound access setting and a real-world application.
Real-world use case
Let’s have a look at a real-world use case to leverage the outbound settings control. The Contoso organization is used in the following use case:
Contoso would like to implement more detailed controls with B2B business collaborators.
Contoso would like to only collaborate with specific organizations. This includes the ability to securely add or remove partner organizations as the need arises.
Additionally, Contoso would need the ability to restrict applications that can be accessed in any partner resource tenant along with the ability to restrict and control user access to partner resource tenants.
Setup and configuration
To set up the outbound restriction for the needed use case, we will need to configure the outbound defaults. This essentially will block all outbound collaboration. Note that this can be scoped to either include all users, selected users or all or selected external applications.
From within the Microsoft Entra Admin center, navigate to the External Identities menu and select the cross-tenant access setting feature. From here select the default settings config followed by edit outbound defaults. Select Block access followed by the applies to option. We can either select a subset of users or apply this to all users. In this example all users are blocked and all external applications.
Figure 5: Outbound defaults
Figure 6: Outbound block access
Attempting any access in a resource tenant will result in the below notification. This is expected since the tenant wide outbound access default setting is in place explicitly blocking any resource tenant level access.
Figure 7: Resource tenant blocked
By looking at the user sign-in logs, we can establish the same conclusion via the failure reasoned and the resource tenant accessed.
Figure 8: Sign-in logs
To enable collaboration when the outbound access default setting is applied, a tenant ID or domain name of a resource tenant or origin must be included in the cross-tenant access settings of Microsoft Entra. In the example below, the tenant of Contoso’s partner organization “Wingtip Toys” is added and the outbound access configuration setup to allow collaboration with selected Contoso users. In this case, the users with group membership to “External-TR-ContosoAccess” will be allowed access to selected application as per figure 9.
In addition, a Privileged Access Group (PAG) can be used allowing no permeant standing access. Access must be requested via Privileged Identity Management (PIM). The PIM activation process can be set up to require an approver, MFA or additional authentication context via Conditional Access. E.g. step-up authentication or location-based policy restrictions.
Figure 9: Outbound access settings users and groups
Upon configuring the needed outbound access settings any user that is part of the selected user or group outbound configuration setting will be allowed access to the selected external applications. In the below example we can see the demo user accessed a selected external application as per previous configuration.
Figure 11: sign-in log successful
With cross-tenant access and outbound access settings, customers can granularly restrict and control collaboration with external resource tenants. This enables more control over what your internal accounts can access externally and where.
A word of caution: Before enabling, it’s important to understand this is a tenant wide configuration and you will need to understand and evaluate your organizations collaboration needs and scope the outbound access setting and allowed organizations accordingly.
In this blog post, we explored how to use cross-tenant access and outbound access settings in Microsoft Entra to manage and secure external collaboration. Cross-tenant access allows you to share your resources with users from other tenants, while outbound access settings and tenant restrictions let you control which external tenants your users can access. You can configure both features at the tenant level and specify the allowed or blocked organizations according to your business needs. Additionally, we have discussed how to use Default MFA Trust to use existing, strong authentication methods from foreign tenants in cross-tenant access scenarios and improve your security posture.
In the next blog, we will look more closely at tenant restrictions and authentication strengths and contexts. Keep following this blog series, post your feedback, and we hope you join us again.
This article is contributed. See the original author and article here.
In a recent support case, our customer faced an intriguing issue where a query execution in a .NET application was unexpectedly canceled during asynchronous operations against Azure SQL Database. This experience highlighted the nuances of handling query cancellations, which could stem from either a CommandTimeout or a CancellationToken. Through this concise article, I aim to elucidate these two cancellation scenarios, alongside strategies for managing SQL errors, ensuring connection resilience through retries, and measuring query execution time. The accompanying code serves as a practical guide, demonstrating how to adjust timeouts dynamically in an attempt to successfully complete a query, should it face cancellation due to timeout constraints. This narrative not only shares a real-world scenario but also provides actionable insights for developers looking to fortify their .NET applications interacting with Azure SQL Database.
Introduction:
Understanding and managing query cancellations in asynchronous database operations are critical for maintaining the performance and reliability of .NET applications. This article stems from a real-world support scenario where a customer encountered unexpected query cancellations while interacting with Azure SQL Database. The issue brings to light the importance of distinguishing between cancellations caused by CommandTimeout and those triggered by CancellationToken, each requiring a distinct approach to error handling and application logic.
Cancellations: CommandTimeout vs. CancellationToken:
In asynchronous database operations, two primary types of cancellations can occur: one due to the command’s execution time exceeding the CommandTimeout limit, and the other due to a CancellationToken being invoked. Understanding the difference is crucial, as each scenario demands specific error handling strategies. A CommandTimeout cancellation typically indicates that the query is taking longer than expected, possibly due to database performance issues or query complexity. On the other hand, a cancellation triggered by a CancellationToken may be due to application logic deciding to abort the operation, often in response to user actions or to maintain application responsiveness.
Error Handling and Connection Resilience:
Errors during query execution, such as syntax errors or references to non-existent database objects, necessitate immediate attention and are not suitable for retry logic. The application must distinguish these errors from transient faults, where retry logic with exponential backoff can be beneficial. Moreover, connection resilience is paramount, and implementing a retry mechanism for establishing database connections ensures that transient network issues do not disrupt application functionality.
Measuring Query Execution Time:
Gauging the execution time of queries is instrumental in identifying performance bottlenecks and optimizing database interactions. The example code demonstrates using a Stopwatch to measure and log the duration of query execution, providing valuable insights for performance tuning.
Adaptive Timeout Strategy:
The code snippet illustrates an adaptive approach to handling query cancellations due to timeouts. By dynamically adjusting the CommandTimeout and CancellationToken timeout values upon encountering a timeout-related cancellation, the application attempts to afford the query additional time to complete in subsequent retries, where feasible.
Conclusion:
The intersection of CommandTimeout, CancellationToken, error handling, and connection resilience forms the crux of robust database interaction logic in .NET applications. This article, inspired by a real-world support case, sheds light on these critical aspects, offering a pragmatic code example that developers can adapt to enhance the reliability and performance of their applications when working with Azure SQL Database. The nuanced understanding and strategic handling of query cancellations, as discussed, are pivotal in crafting responsive and resilient .NET database applications.
Example C# code:
using System;
using System.Diagnostics;
using System.Data;
using System.Threading;
using System.Threading.Tasks;
using Microsoft.Data.SqlClient;
namespace CancellationToken
{
class Program
{
private static string ConnectionString = "Server=tcp:servername.database.windows.net,1433;User Id=MyUser;Password=MyPassword;Initial Catalog=MyDB;Persist Security Info=False;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;Pooling=true;Max Pool size=100;Min Pool Size=1;ConnectRetryCount=3;ConnectRetryInterval=10;Application Name=ConnTest";
private static string Query = "waitfor delay '00:00:20'";
static async Task Main(string[] args)
{
SqlConnection connection = await EstablishConnectionWithRetriesAsync(3, 2000);
if (connection == null)
{
Console.WriteLine("Failed to establish a database connection.");
return;
}
await ExecuteQueryWithRetriesAsync(connection, 5, 1000, 30000,15);
connection.Close();
}
private static async Task EstablishConnectionWithRetriesAsync(int maxRetries, int initialDelay)
{
SqlConnection connection = null;
int retryDelay = initialDelay;
for (int attempt = 1; attempt <= maxRetries; attempt++)
{
try
{
connection = new SqlConnection(ConnectionString);
await connection.OpenAsync();
Console.WriteLine("Connection established successfully.");
return connection;
}
catch (SqlException ex)
{
Console.WriteLine($"Failed to establish connection: {ex.Message}. Attempt {attempt} of {maxRetries}.");
if (attempt == maxRetries)
{
Console.WriteLine("Maximum number of connection attempts reached. The application will terminate.");
return null;
}
Console.WriteLine($"Waiting {retryDelay / 1000} seconds before the next connection attempt...");
await Task.Delay(retryDelay);
retryDelay *= 2;
}
}
return null;
}
private static async Task ExecuteQueryWithRetriesAsync(SqlConnection connection, int maxRetries, int initialDelay, int CancellationTokenTimeout, int CommandSQLTimeout)
{
int retryDelay = initialDelay;
for (int attempt = 1; attempt <= maxRetries; attempt++)
{
using (var cts = new CancellationTokenSource())
{
cts.CancelAfter(CancellationTokenTimeout*attempt); // Set CancellationToken timeout
try
{
using (SqlCommand command = new SqlCommand(Query, connection))
{
command.CommandTimeout = CommandSQLTimeout*attempt;
Stopwatch stopwatch = Stopwatch.StartNew();
await command.ExecuteNonQueryAsync(cts.Token);
stopwatch.Stop();
Console.WriteLine($"Query executed successfully in {stopwatch.ElapsedMilliseconds} milliseconds.");
return;
}
}
catch (TaskCanceledException)
{
Console.WriteLine($"Query execution was canceled by the CancellationToken. Attempt {attempt} of {maxRetries}.");
}
catch (SqlException ex) when (ex.Number == -2)
{
Console.WriteLine($"Query execution was canceled due to CommandTimeout. Attempt {attempt} of {maxRetries}.");
}
catch (SqlException ex) when (ex.Number == 207 || ex.Number == 208 || ex.Number == 2627)
{
Console.WriteLine($"SQL error preventing retries: {ex.Message}");
return;
}
catch (Exception ex)
{
Console.WriteLine($"An exception occurred: {ex.Message}");
return;
}
Console.WriteLine($"Waiting {retryDelay / 1000} seconds before the next query attempt...");
await Task.Delay(retryDelay);
retryDelay *= 2;
}
}
}
}
}
Tests and Results:
In the course of addressing the query cancellation issue, we conducted a series of tests to understand the behavior under different scenarios and the corresponding exceptions thrown by the .NET application. Here are the findings:
Cancellation Prior to Query Execution:
Scenario: The cancellation occurs before the query gets a chance to execute, potentially due to reasons such as application overload or a preemptive cancellation policy.
Exception Thrown: TaskCanceledException
Internal Error Message: “A task was canceled.”
Explanation: This exception is thrown when the operation is canceled through a CancellationToken, indicating that the asynchronous task was canceled before it could begin executing the SQL command. It reflects the application’s decision to abort the operation, often to maintain responsiveness or manage workload.
Cancellation Due to CommandTimeout:
Scenario: The cancellation is triggered by reaching the CommandTimeout of SqlCommand, indicating that the query’s execution duration exceeded the specified timeout limit.
Exception Thrown: SqlException with an error number of -2
Internal Error Message: “Execution Timeout Expired. The timeout period elapsed prior to completion of the operation or the server is not responding.”
Explanation: This exception occurs when the query execution time surpasses the CommandTimeout value, prompting SQL Server to halt the operation. It suggests that the query may be too complex, the server is under heavy load, or there are network latency issues.
Cancellation Before CommandTimeout is Reached:
Scenario: The cancellation happens before the CommandTimeout duration is met, not due to the CommandTimeout setting but possibly due to an explicit cancellation request or an unforeseen severe error during execution.
Exception Thrown: General Exception (or a more specific exception depending on the context)
Internal Error Message: “A severe error occurred on the current command. The results, if any, should be discarded.rnOperation cancelled by user.”
Explanation: This exception indicates an abrupt termination of the command, potentially due to an external cancellation signal or a critical error that necessitates aborting the command. Unlike the TaskCanceledException, this may not always originate from a CancellationToken and can indicate more severe issues with the command or the connection.
This article is contributed. See the original author and article here.
Azure Cognitive Search & OpenAI Output can be effectively restricted with the help of Azure Entra Security Groups. With Azure Entra Security Groups, organizations can limit access to an Azure search instance or an OpenAI Output instance based on group membership of the user. This ensures that users only have access to the data within the scope of their job responsibilities. Azure Entra Security Groups also provide advanced authentication and authorization services for Azure services, offering additional layers of security for organizations to protect their data.
Azure OpenAI service is being used to create more interactive & intelligent chatbots. A key use case is being able to have the OpenAI service respond to user requests using your own data.
Why filter search results from Azure Cognitive Search
Cognitive Search is a search engine that catalogues all the documents, databases, etc. you provide it. However, there may be situations where you want an index of large amounts of data, but you don’t want every user in healthcare organization to have access to everything.
Protected Health Information (PHI) data
HR data
Classified data
For these situations, you need to adjust the search results based on the user’s identity (The medical professionals, such as doctors, nurses, and other health care workers should have access to PHI data, while other people who are not involved or not authorized should not see it).
With security filters, Azure Cognitive Search supports this use case. When you get search results, security filters let you give extra information to restrict results to only data the user can access.
There are three steps required to implement security filtering
Create an index that includes a field for security filtering (such as Azure Entra security group IDs)
Include which Azure Entra security group IDs are allowed to see the data on initial index of each document
Include the list of Azure Entra security group IDs that the user is a part of so the security filtering can be applied on each query
Create an index that includes a field for security filtering
A security filtering field is required when you create a Cognitive Search index. This field should be filterable and not retrievable.
var index = new SearchIndex(options.SearchIndexName)
{
Fields =
{
new SimpleField("file_id", SearchFieldDataType.String) { IsKey = true, ... },
new SimpleField("file_name", SearchFieldDataType.String) { ... },
...
new SimpleField("group_ids", SearchFieldDataType.Collection(SearchFieldDataType.String))
{ IsFilterable = true, IsHidden = true },
},
...
};
await indexClient.CreateIndexAsync(index);
Include which Azure Entra security group IDs are allowed to see the data on initial index of each document
Each time a new document is uploaded & indexed, you need to include the list of Azure Entra security group IDs that are allowed to have this document in their search results. These Azure Entra security group IDs are GUIDs.
Example REST API call
{
"value": [
{
"@search.action": "upload",
"file_id": "1",
"file_name": "secured_file_a",
"file_description": "File access is restricted to the medical professionals, such as doctors, nurses",
"group_ids": ["entra_security_group_id1"]
},
{
"@search.action": "upload",
"file_id": "2",
"file_name": "secured_file_b",
"file_description": " File access is restricted to the medical professionals, such as doctors, nurses, and other health care workers.",
"group_ids": ["entra_security_group_id1", " entra_security_group_id2"]
},
{
"@search.action": "upload",
"file_id": "3",
"file_name": "secured_file_c",
"file_description": "File access is restricted to third parties and law enforcements",
"group_ids": ["entra_security_group_id3", " entra_security_group_id5"]
}
]
}
Example C#
var searchClient = await GetSearchClientAsync(options);
var batch = new IndexDocumentsBatch();
foreach (var section in sections)
{
batch.Actions.Add(new IndexDocumentsAction(
IndexActionType.MergeOrUpload,
new SearchDocument
{
["file_id"] = section.Id,
["file_name"] = section.SourceFile,
["group_ids"] = section.GroupIds
}
));
IndexDocumentsResult result = await searchClient.IndexDocumentsAsync(batch);
...
}
Provide the IDs of the Azure Entra security groups that the user belongs to so that each query can have security filtering applied to it.
For every query, add the Azure Entra security group IDs that the user belongs to (that are relevant to this application) to the list. Use an OData query to format this.
Example REST API call
POST https://[service name].search.windows.net/indexes/securedfiles/docs/search?api-version=2023-10-01-preview
Content-Type: application/json
api-key: [admin or query key]
{
"filter":"group_ids/any(g:search.in(g, ' entra_security_group_id1, entra_security_group_id2'))"
}
This article is contributed. See the original author and article here.
Recording: As healthcare organizations invested heavily in traditional VDI on-premises solutions are found at a crossroads; continue with complex, costly infrastructure, management overhead or pivot to a future where agility, simplicity, and innovation lead. Windows 365 presents as the steppingstone to revolutionize healthcare experience for windows ecosystems.
This is a virtual webinar event series for healthcare focused on Microsoft Windows 365 Cloud PC Cloud Virtualization Desktop solution (a SaaS product), be sure to follow the full agenda for other sessions:
We have the pleasure of delivering a selective experience with a broad range of speakers focused on healthcare from (technical, specialist and engineering), and make sure to follow them.
Juan Sifuentes
Jesse Asmond
Sam Tulimat
Generated by Copilot.
Key Topics:
Introduction and agenda: Juan, Jesse and Sam introduced themselves and their roles and gave an overview of the session on Windows 365 and how it differs from traditional VDI.
Windows 365 vs traditional VDI: Juan explained how Windows 365 simplifies and automates the provisioning, management and security of cloud PCs, and how it can reduce complexity and cost compared to traditional VDI.
Windows 365 licensing models and use cases: Juan and Sam described the two licensing models for Windows 365: enterprise and frontline, and how they cater to different user scenarios and needs, such as shift workers, task workers, remote workers, etc.
Independent research and resources: Jesse shared some data and insights from Gartner and Forrester on the desktop as a service market and the business value of Windows 365, and also mentioned the availability of trials and partner assistance for customers.
Windows 365 frontline roadmap: Sam gave a preview of the upcoming features and enhancements for Windows 365 frontline, especially for the task worker scenario, such as faster login and resource sharing.
Video Recording
To see the rest of the post, including resources, visit:
This article is contributed. See the original author and article here.
Harness the power of streamlined integration with third-party tax solutions through the universal tax rate API, now generally available in Microsoft Dynamics 365 Finance, Supply Chain Management and project management and accounting functionality of Project Operations. This advancement eases the complexities of managing multiple and frequently changed tax rates and rules across diverse tax jurisdictions for businesses worldwide.
Navigating the Challenges of Tax Calculation
The tax calculation functionality of Dynamics 365 offers highly flexible and powerful tax determination and calculation capabilities right out of the box. It allows customers to input and manage tax rates and rules to cover complex tax scenarios across Dynamics 365 Finance and Supply Chain Management applications. In some countries, tax rates and rules are inherently intricate, demanding constant vigilance and updates to comply with constant changes by local tax authorities across multiple jurisdictions. This complexity escalates for businesses operating internationally, necessitating the maintenance of accurate tax rates and rules for each location. Traditionally, this process has had a high potential for errors, requiring extensive manual data management and exposing businesses to risks of non-compliance, penalties, and reputational harm.
Recognizing these challenges, many businesses opt for third-party tax solutions to automate and simplify their tax calculation processes. However, integrating these solutions with Microsoft Dynamics 365 Finance and Supply Chain Management applications could be a complex endeavor, burdened by the need for deep understanding of the ERP systems data models and business logic, along with ongoing maintenance to ensure alignment with release updates.
Empowering Businesses with the Universal Tax Rate API
In response to these challenges, we are releasing the universal tax rate API as a standardized solution facilitating communication between Microsoft Dynamics 365 Finance and Supply Chain Management applications, and third-party tax solution providers. This API offers a consistent, reliable interface for data exchange, eliminating the need for extensive customization and simplifying the integration process.
Benefits of the Universal Tax Rate API
The universal tax rate API drives simplification and efficiency for users of Dynamics 365 Finance and Supply Chain Management applications. By offering integration with third-party tax solutions, this innovative API dispels the complexities traditionally associated with managing tax rates and rules, enabling businesses to focus on growth and scalability. Harnessing the universal tax rate API enhances compliance and operational efficiency, through delivering:
Simplified Integration: Connect with supported third-party tax solution providers, leveraging their expertise without the need for expensive customizations.
Standardized Communication: Utilize a predefined set of APIs for various tax operations, including address validation, tax calculation, and transaction posting, all employing the JSON format for efficient data exchange.
Enhanced Compliance and Efficiency: Keep your tax calculations accurate and up to date, minimizing risks of non-compliance and improving operational efficiency.
Comprehensive Dynamics 365 coverage: Take advantage of the wide coverage of tax transactions within Dynamics 365 Finance and Supply Chain Management applications, as well as within other Dynamics 365 applications that can be available through the universal tax rate API later.
Utilizing the Universal Tax Rate API
The process of employing the API is straightforward. Upon transaction creation or update, the system identifies taxable transactions configured for external tax calculation. It then prepares and sends a data payload to the chosen tax solution provider via the API. The provider calculates the tax and returns the results, which are then validated and recorded in Dynamics 365 Finance and Supply Chain Management applications for audit and reporting.
Get started today
To begin leveraging this powerful feature, select a compatible third-party tax solution provider that aligns with your business needs from the list on Microsoft Learn. Follow the detailed guide provided in the Connect to an external tax solution provider via the Universal Tax Rate API learning path on Microsoft Learn, ensuring a smooth setup and efficient use of the universal tax rate API in your organization.
Embrace the universal tax rate API to transform your tax calculation process, focusing on compliance, efficiency, and scalability within Microsoft Dynamics 365 Finance and Supply Chain Management applications.
They are a vital component of the global economy, and yet face some of the greatest challenges like labor shortages and supply chain issues. This puts pressure on the workforce to deliver the same consistent quality, but faster and with less support.
But the frontline is also often faced with a technology landscape of siloed information from paper-based processes, legacy systems and different devices all required to do their work. This adds another pressure to frontline workers, who end up spending more time searching for information than creating value in your business.
Golden opportunity for transformation
There is a golden opportunity for business leaders to invest in technology that will power their frontline workforce to improve worker productivity, business process efficiency, and employee retention. And a key part of the opportunity to uplevel your frontline workers is by transforming the way they work with next generation AI.
An image providing statistics about how next-generation AI is transforming productivity across most workforces.
When we talked to customers, we found that AI can help frontline workers in three main ways:
Answers and guidance in the moment: Enable in-the-moment answers and guidance to find the right information they need to make a decision.
Automate common workflows: Speed up everyday processes like reporting incidents or creating tasks to save workers’ much needed time.
Advise workers on what to focus on: Advise and summarize information, from shift handovers to missed communications, so workers can quickly get up to speed on information they need to do their job informed.
We are excited to show you how you can meet these AI needs on the frontline by easily creating a custom copilot that fits your unique frontline use cases using Copilot Studio or by empowering them with the full, out-of-the-box Microsoft Copilot for Microsoft 365.
Create your copilot, your way, for your frontline–with Copilot Studio
We are empowering you to easily build your own custom copilot, your way to meet the specific needs of your frontline workers. Whether you create a copilot for a singular purpose, like HR or IT support, or as a comprehensive copilot to meet the various needs of your frontline, you can create the right AI assistant to meet the challenges faced on your frontline.
Answers and guidance in the moment
We often hear from customers that their frontline workers are struggling with finding the right information in the moment to make a decision quickly. Many of them search across different resources or hundreds of pages of content to find the right answer. In fact, 62% of frontline workers say they struggle with too much time spent searching for information (Work Trend Index, 2022). This hurts their ability to be effective or respond to customers. Create a copilot connected to the knowledge systems you use today like SharePoint, websites or system of records to equip your frontline with the ability to find the right information, guidance and answers at their fingertips. Now AI is helping your frontline workers get answers quickly, spend less time on operations, and improve customer interactions.
An image demonstrating examples of copilot prompts retail frontline workers input on the Microsoft Teams mobile app.
Automate common workflows
Many frontline workers are also struggling with having to handle multiple processes and tasks spread across systems. In fact, data from our Work Trend Index shows that over 60% of frontline workers struggle with repetitive and tedious tasks that take time away from valuable work like providing quality customer service and efficiently fulfilling meaningful components of their work. Create a copilot that automates common workflows like task management with intelligent capabilities to increase execution visibility and smooth task completion. This will enable your team to have more operational visibility into the work that needs to be completed, while also enhancing the ability to execute processes faster.
An image demonstrating how copilot can automate common workflows like task management in the Microsoft Teams mobile app.
Advise workers on what to focus on
We also know that your frontline workers are often faced with a lot of information and work they need to digest and put into action to create the best customer experience and complete work efficiently. But they are often too overwhelmed with the amount of content they need to take into account and miss crucial information that could personalize how they complete work. Create a copilot that advises and shares pertinent information in the moment so they can focus on delivering their best to your customer or the work at hand. Frontline workers will be able to bring more personalized and relevant information into their interactions with customers as well as their tasks to increase customer satisfaction and upselling of products and services.
An image demonstrating how copilot can provide a response that advises and shares pertinent information, such as providing a list of customers with the following prompt: “Do I have visit proposals?”
All of these scenarios can be created today in as fast as a few days using Copilot Studio.
Copilot for Microsoft 365: Your AI assistant at work integrated into the Microsoft 365 apps
For frontline workers who work in the Microsoft 365 apps millions of people use every day like Word, Excel, PowerPoint, Outlook, Teams, and more, you can enable them with an AI assistant at work. We are excited to announce that Copilot for Microsoft 365, which works across your entire universe of data at work and is integrated into the Microsoft 365 apps and the web, will now be available as an add-on to all F SKU licenses. This AI addition will enhance frontline worker and manager productivity by combining powerful large language models with their work content and context to help them deliver at a higher level.
With Copilot for Microsoft 365, frontline workers can recap a patient visit or a regional sales call on a Teams meeting with intelligent notes or quickly catch up on any town halls and trainings they miss. They can find information quickly, whether searching for patient and customer information or scouring through manuals, with content across Microsoft 365. And they can use Copilot to draft and edit customer responses in Outlook to improve customer response rate and satisfaction. This means frontline managers and workers will be able to spend less time searching for and cataloguing information, and more time on the work and human interactions that are meaningful to your business.
Plus, Microsoft Copilot is built on Microsoft’s trusted and comprehensive approach to enterprise-grade security, privacy, identity, compliance, and responsible AI—so you know it’s enterprise ready.
Here’s how you can get started and transform your frontline with AI
Whether you want to enable your frontline workforce with a custom copilot, or a Copilot integrated with Microsoft 365 productivity suite, you can transform your frontline today with next generation AI to uplevel their productivity.
Here are two ways you can get started:
Get started today with Copilot Studio and learn more about how you can transform your business processes with a custom copilot.
Learn more about how Copilot for Microsoft 365 can uplevel the productivity of your frontline workforce. Copilot for Microsoft 365 will be available for Frontline licenses in the coming weeks.
We are looking forward to seeing how you transform your frontline workforce with AI.
This article is contributed. See the original author and article here.
Continuing our vision for Microsoft Copilot to bring the power of generative AI to everyone across work and life, we’re expanding availability and purchase options for individuals and organizations and bringing new value to Copilot Pro subscribers.
This article is contributed. See the original author and article here.
The Microsoft Defender Threat Intelligence (MDTI) team is excited to announce that we are revealing previews for each of our 350+ intel profiles to all Defender XDR customers for the first time. This represents Microsoft’s broadest expansion of threat intelligence content to non-MDTI premium customers yet, adding nearly 340 intel profiles to Defender XDR customers’ view, including over 200 tracked threat actors, tools, and vulnerabilities that Microsoft has not named anywhere else.
Note: Profiles in the standard edition will not contain indicators of compromise (IOCs), which are reserved for MDTI premium customers.
Intel Profiles standard edition experience
You can visit our more than 350 intel profiles on the “Intel profiles” tab under the “Threat intelligence” blade in the left navigation menu:
350+ intel profiles are now available to all Defender XDR customers via the “Intel profiles” tab under the threat intelligence blade, including information on over 200 threat actors, tools, and vulnerabilities that Microsoft has not mentioned publicly to date.
Currently, our corpus of shareable finished threat intelligence contains 205+ named threat actors, 70+ malicious tools, and 75+ vulnerabilities, with more to be released on a continual basis. To view our full catalog for each of the three profile types – Threat Actors, Tools, and Vulnerabilities – click their respective tab near the top of the page.
In the intel profiles page list view, profiles containing limited information are marked with an icon. However, don’t let this symbol stop you – each of these profiles contain the same detailed summary (“Snapshot”) written at the start of the content for premium customers. For threat actor profiles, this section often includes a valuable description of the actor’s origins, activities, techniques, and motivations. On tool and vulnerability profiles, these summaries describe the malicious tool or exploit and illustrate its significance, with details from real-world activity by threat actor groups when available. This information enables leaders of threat intelligence and security programs to take an intel-led approach, starting with the threat actors, tools, and vulnerabilities that matter most to their organization and building a robust strategy outward.
Our intel profiles containing full content can be distinguished from the limited profiles in the list view as they do not contain the icon. Full profiles can contain much additional detail beyond a Snapshot, including:
Real details from past threat actor activity, tool usage, and vulnerability exploits, including phishing templates, malicious attachments, code excerpts and more from actual threat investigations
Detailed TTPs (tactics, techniques, and procedures) and attack path analyses, based on both past and potential future exploitation attempts, and their corresponding MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) techniques
Detections and Hunting Queries, which list alerts and detections that may indicate the presence of the above threats
Advanced Hunting queries to identify adversary presence within a customer’s network
Microsoft Analytic Rules, which result in alerts and incidents to signal detections associated with adversarial activity
Recommendations to protect your organization against the threat
And References for more information.
Full intel profiles contain extensive information on threat actors, tools, and vulnerabilities by leveraging details from actual threat investigations.
On the intel profiles page, each of the tabs for the three profile types contains a local search box, enabling you to quickly discover profiles of interest by matching keywords. Additionally, the Threat actors tab enables you to filter for the Country/Region of Origin and Targets (representing Targeted Industries) of actor groups, helping to narrow the list down to the profiles that are most important to your organization:
Use the filter and search functions to narrow profile lists down to the content that is most relevant to your organization.
With the inclusion of MDTI results in Defender XDR’s global search bar, you also may use this top-level search to discover intel profiles from anywhere in the portal based on keywords. Refer to the linked blog for inspiration on what you can search for and what other MDTI results you can expect.
About intel profiles
Intel profiles are Microsoft’s definitive source of shareable knowledge on tracked threat actors, malicious tools, and vulnerabilities. Written and continuously updated by our dedicated security researchers and threat intelligence experts, intel profiles contain detailed analysis of the biggest threats facing organizations, along with recommendations on how to protect against these threats and IOCs to hunt for these threats within your environment.
As the defender of four of the world’s largest public clouds, Microsoft has unique visibility into the global threat landscape, including the tools, techniques, and vulnerabilities that threat actors are actively using and exploiting to inflict harm. Our team of more than 10,000 dedicated security researchers and engineers is responsible for making sense of more than 65 trillion security signals per day to protect our customers. We then build our findings into highly digestible intel profiles, so high-quality threat intelligence is available where you need it, when you need it, and how you need it.
Just one year after launching intel profiles at Microsoft Secure last year, Microsoft’s repository of shareable threat intelligence knowledge has expanded to over 205 named threat actors, 70 tools, and 75 vulnerabilities, with more added every month.
This article is contributed. See the original author and article here.
In this month’s Empowering.Cloud community update, we cover the latest briefings from MVPs, the Microsoft Teams Monthly Update, updates in the Operator Connect world and upcoming industry events. There’s lots to look forward to!
Jason Wynn, MVP and Presales Specialist at Carillion, shows us how to get the most out of our meeting room experience, troubleshoot some common issues and explains how and why we’re trying to get all this information together.
Use of Teams Admin Center, Microsoft Pro Portal and Power BI reports
MVP Kevin McDonnell introduces us to the topic of M365 for Frontline Workers, including challenges faced by frontline works and how Microsoft 365 can help provide a solution to some of these.
Challenges faced by Frontline Workers
Challenges faced by managers and organizers
Solutions in Microsoft 365 for Frontline Workers include:
M365 can help boost productivity, improve employee experience and provide personalized information and support for Frontline Workers
In this month’s Microsoft Teams monthly update, MVP Tom Arbuthnot gives us the rundown on all the latest Microsoft Teams news, including new certified devices and Shared Calling in TAC.
Teams and Microsoft Apps on Apple Vision Pro
Shared Calling now in Teams Admin Center
Teams 2.1 client cutover coming soon
Improved Copilot in Teams and in Windows for prompting, chat history and a prompt library
Microsoft 365 Backup Public Preview with fast restorability and native data format
Android 9 and Android 10 Device Certificate Extensions
Pexip bringing a ‘Teams-like experience’ to Cloud Video Interop (CVI)
Microsoft Teams Insider Podcast
Complex Voice Strategies for Global Organizations with Zach Bennett
Philipp Beck, Former CEO and Founder of Luware, and MVP Tom Arbuthnot delve into key developments in the world of Microsoft Teams and Contact Center.
Microsoft Teams Operator Connect Updates
The numbers are continuing to rise in the Microsoft Teams Operator Connect world with there now being 89 operators and 86 countries covered. Will we reach 100 providers or countries first?!
Check out our full Power BI report of all the Operators here:
Teams Fireside Chat – 14th March, 16:00 GMT | Virtual
Hosts: MVP Tom Arbuthnot
Guest Speaker: MVPs and Microsoft speakers LIVE from MVP summit
This month’s Teams Fireside Chat is a special one as Tom Arbuthnot will be hosting live from the MVP Summit at the Microsoft campus in Redmond, where he’ll be joined by other MVPs for an expertise-filled session.
Microsoft Teams Devices Ask Me Anything – 18/19th March | Virtual
Microsoft Teams Devices Ask Me Anything is a monthly community which gives you all an update on the important and Microsoft Teams devices news, as well as the chance to ask questions and get them answered by the experts. We have 2 sessions to cover different time zones, so there’s really no excuse not to come along to at least one!
EMEA/NA – 18th March, 16:00 GMT | Virtual
Hosts: MVP Graham Walsh, Michael Tressler, Jimmy Vaughan
Everything You Need to Know as a Microsoft Teams Service Owner at Enterprise Connect – 25th March | In-Person
Training Session: led by MVP Tom Arbuthnot
Whether you’re in the network team, telecoms team or part of the Microsoft 365 team, MVP Tom Arbuthnot’s training session will help you avoid common pitfalls and boost your success as he takes you through everything you need to know as a Microsoft Teams Service Owner.
Teams Fireside Chat – 11th April, 16:00 GMT | Virtual
Hosts: MVP Tom Arbuthnot
Guest Speaker: Vandana Thomas, Product Leader, Microsoft Teams Phone Mobile
Join other community members as we chat with Microsoft’s Product Leader for Teams Phone Mobile, Vandana Thomas on April’s Teams Fireside Chat. As usual, we’ll open up the floor to discussion to bring along your burning Microsoft Teams questions to get them answered by the experts.
Comms vNext – 23-24 April | In-Person | Denver, CO
Comms VNext is the only conference in North America dedicated to Microsoft Communications and Collaboration Technologies and aims to bring the community together for an event full of deep technical sessions from experts, an exhibition hall with 40 exhibitors and some great catering too!
This article is contributed. See the original author and article here.
Most organizations find it’s no longer good enough to just measure successful service engagements solely on whether a customer issue is resolved. Instead, they aim to deliver personalized, fast service experiences at every touchpoint through all engagement channels. The best way to do this is by building long-term customer loyalty and transforming operations with modern, AI-enhanced capabilities across all service processes and interactions. That’s why we are continuously enhancing Microsoft Dynamics 365 Customer Service to empower our customers and help them differentiate their service organizations. Today, we’re happy to announce that Microsoft has been named a Leader in The Forrester WaveTM: Customer Service Solutions, Q1 2024 attaining top scores possible in the business intelligence, process management, and collaboration criteria.
Investing in AI and a unified platform for modernizing customer service
More and more, service agents feel increased pressure to provide smart, fast, and customized answers when presented with customer issues. But finding information and experts to quickly resolve an issue can present its own challenges. According to the Microsoft Work Trend Index, 62% of people spend too much time scouring for information during their workday. For service organizations, agents who must scramble to find information can mean both slower time to resolution for individual cases and a lower number of cases addressed per day overall. The agent experience is the heart of Dynamics 365 Customer Service. The key to improving satisfaction in service delivery is enabling agents to take customer requests from any channel, handle multiple sessions at a time, interact with multiple apps without losing context, and enhance their workflow with productivity tools. Our answer is to provide a solution that helps service organizations harness the power of data, AI, automation, and collaboration to help agents focus on resolving customer issues quickly. Dynamics 365 Customer Service helps service organizations unlock trusted knowledge to accelerate onboarding and case resolution, improve efficiency, and automate tasks for agents in their flow of work.
More recently, we’ve brought Microsoft Copilot into Dynamics 365 Customer Service. Copilot provides real-time, AI-powered assistance to help customer support agents solve issues faster by relieving them from mundane tasks—such as searching and note-taking—and freeing their time for more high-value interactions with customers. Without costly development time, organizations can simply point to their data and, in a few minutes, unlock generative AI-powered conversations across their knowledge bases and other sources. Agents can use Copilot to respond to incoming email, factoring in other relevant customer data to produce a personalized, accurate, and editable reply. Contact center managers can also use Copilot analytics to view usage and better understand how next-generation AI impacts the business. In addition, service agents are empowered with additional AI experiences and automation to help fuel collaboration and productivity for delivering world-class customer service at scale. We recently completed a study that evaluated the impact of Copilot in Dynamics 365 Customer Service on agent productivity for our own Microsoft Support agents providing customer care across the commercial business. They found that agents can quickly look up answers to high-volume requests and avoid lengthy investigations of previously documented procedures. One of our lines of business with these characteristics has realized a 22% reduction in time to close cases using Copilot.
At Microsoft, we strive to enable our customers to empower their customers to engage on their terms, at their optimal times, and on their channels of choice. We believe we have earned our position as a Leader by developing a customer service solution that enables agents to focus on delivering more cutting-edge service experiences by harnessing available data and using the power of generative AI to deliver consistent, personalized customer experiences; maximize their productivity; and optimize service operations. And with our comprehensive service platform that includes automation, knowledge management, collaboration, and more, service organizations can streamline case management, enable more personalized service, and get a clear, 360-degree view into how their service organization is performing. As Forrester points out in its report, “Microsoft’s vision is broader than just customer service, and it’s firmly grounded in three principles: Engagement must be personalized via AI; customer service must be highly collaborative; and outcomes must drive improvements. Microsoft Dynamics 365 Customer Service actualizes this vision.”
Building on next-generation AI that’s enterprise ready
Microsoft Dynamics 365 is built on Microsoft Azure OpenAI Service, so our customers can rest assured that it offers data privacy and protection. Azure OpenAI Service offers a range of privacy features, including data encryption and secure storage, enabling organizations to control access to their data, and provides detailed auditing and monitoring capabilities.
Creating responsible AI solutions
Most importantly, we are committed to creating responsible AI by design. Our work is guided by a core set of principles: fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability. We are putting those principles into practice across the company to develop and deploy AI that will have a positive impact on society.
The Forrester Wave™
Microsoft is a Leader in the The Forrester Wave™: Customer Service Solutions, Q1 2024.
We’re excited to be recognized as a Leader in the Forrester Wave and are committed to providing innovative customer service platform capabilities to help our customers continuously improve their own customer service offerings.
Recent Comments