Manage your Azure resources using automation tasks

by Contributed | Feb 24, 2021 | Technology

This article is contributed. See the original author and article here.

There are different ways to manage your Azure resources depending on your specific needs. With automation tasks, Azure offers a simple way to manage a specific resource or resource group using automation task templates. These templates depend on the Azure resource. For example, for an Azure virtual machine, you can create an automation task that turns on or turns off that virtual machine on a predefined schedule or sends the resource’s monthly cost. This can be especially helpful if you are trying to reduce the cost of your Azure VMs.

An automation task is actually a workflow that runs on the Azure Logic Apps service behind the scenes. Automation tasks are currently in preview and support sending monthly cost for all Azure resources and special templates for Azure virtual machines, Azure Storage accounts, and Azure Cosmos DB.

You might now think how this is different from Azure Automation. For that, you can check out the following article on Microsoft Docs.

How to create an automation task

Creating an automation task is simple. In the Azure Portal, find the resource you want to manage, and on the resource menu, scroll to the Automation section and select Tasks.

Create automation task for an Azure resource

Now you will see the existing automation tasks, or you can click on Add to add a new automation task from a template.

Add a Task

You can select the template you want to use. Under Authentication, the necessary connections for that specific task appear. You will need to create these connections.

Authentication

In the configuration section, you can add additional information for the task. In this example, I start the virtual machine every day at 10 am.

Task Configuration

After the automation task has been created, you can see it under Tasks. You can see the tasks and view the runs, as well as edit the task.

View and edit automation tasks

You can do in-line editing to make simple changes, but you can also open it in the Logic Apps Designer.

Logic Apps Designer

Conclusion

Automation Tasks is currently in preview and provides an easy and simple way to manage Azure resources. If you want to learn more, check out Microsoft Docs. If you want to provide feedback, report bugs, or ask questions, you can contact the Azure logic Apps team.

Azure Service Bus | Receive Messages from DLQ for Queue/Subscription

by Contributed | Feb 23, 2021 | Technology

This article is contributed. See the original author and article here.

Azure Service Bus queues and topic subscriptions provide a secondary subqueue, called a dead-letter queue(DLQ). The dead-letter queue need not to be explicitly created and can’t be deleted or otherwise managed independent of the main entity.
Azure Service Bus messaging overview – Azure Service Bus | Microsoft Docs

Messages that can’t be processed because of various reasons fall into DLQ. Below are few conditions where messages will fall into DLQ:
1. Not matching with the filter condition
2. TTL expired, header exceed
3. Quota exceed for header size
4. Max delivery count reached
5. Session enabled and sending messages without sessionID
6. Using more than 4 forward to

Case:
To receive DLQ messages from queue/subscription

Pre-Requisites:

1. Service Bus namespace
2. Already created queue/subscription
3. Should have messages in DLQ either for queue/subscription
4. Service Bus Explorer

We have multiple ways to receive messages from DLQ.

Using Service Bus Explorer:

1. Download the “Service Bus Explorer” from: https://github.com/paolosalvatori/ServiceBusExplorer


2. Open service bus explorer and click File and connect it.

3. From the drop down, select connection string and provide the connection string of the namespace level.

4. Once it is successfully connected, you will see Service Bus Explorer shows the count of the DLQ message.
   In the below screenshot, there are 11 messages currently in the DLQ for the queue “ankitatest“.
   

    

   
   


5. To receive messages from DLQ through SB explorer, you need to click on that particular queue and then click on “Deadletter” tab then one dialogue box will pop up then you need to click on “Receive and Delete”. The default value is Top10 so top10 messages will be received from DLQ.

        The updated DLQ message count is now 1.

Through C# Code:

In the given screenshot, we have 12 messages in DLQ for queue and we wanted to receive them.

I will run the below code which will receive the message from the mentioned queue. Once you run the code successfully, you will see the message ID in the console window as below.

Now, check on SB explorer and you will see 1 message has been gone from DLQ.

class Program
    {
        static void Main(string[] args)
        {
            RetrieveMessageFromDeadLetterForQueue();
            RetrieveMessageFromDeadLetterForSubscription();
        }
        public static void RetrieveMessageFromDeadLetterForQueue()
        {
            var receiverFactory = MessagingFactory.Create(
                 "sb://<ServiceBusNamespaceName>.servicebus.windows.net/",
                 new MessagingFactorySettings
                 {
                     TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("RootManageSharedAccessKey", "<NamespaceLevelKey>"),
                     NetMessagingTransportSettings = { BatchFlushInterval = new TimeSpan(0, 0, 0) }
                 });
            string data = QueueClient.FormatDeadLetterPath("<QueueName>");
            var receiver = receiverFactory.CreateMessageReceiver(data);
            receiver.OnMessageAsync(
            async message =>
            {
                var body = message.GetBody<Stream>();
                lock (Console.Out)
                {
                    Console.WriteLine(message.MessageId);
                }
                await message.CompleteAsync();
            },
            new OnMessageOptions { AutoComplete = false, MaxConcurrentCalls = 1 });
        }
        public static void RetrieveMessageFromDeadLetterForSubscription()
        {
            var receiverFactory = MessagingFactory.Create(
                 "sb://<NS>.servicebus.windows.net/",
                 new MessagingFactorySettings
                 {
                     TokenProvider = TokenProvider.CreateSharedAccessSignatureTokenProvider("RootManageSharedAccessKey", "<NamespaceLevelSASKey>"),
                     NetMessagingTransportSettings = { BatchFlushInterval = new TimeSpan(0, 0, 0) }

                 });

            string data = SubscriptionClient.FormatDeadLetterPath("<TopicName>", "<SubscriptionName>");

            var receiver = receiverFactory.CreateMessageReceiver(data);

            receiver.OnMessageAsync(

            async message =>
            {
                var body = message.GetBody<Stream>();
                lock (Console.Out)
                {
                    Console.WriteLine("Message ID :" + message.MessageId);
                }
                await message.CompleteAsync();
            },
            new OnMessageOptions { AutoComplete = false, MaxConcurrentCalls = 1 });
        }
    }

How to use REST API to send notifications to Baidu device?

by Contributed | Feb 23, 2021 | Technology

This article is contributed. See the original author and article here.

This article will introduce how to use Azure Notification Hub REST API to send a notification to device with Baidu Push. It provides an example of how to retrieve the PNS handle and send notification to device using REST API with Baidu Push.

Pre-requirement :

Before starting, you must setup a Baidu Push environment and create a application in Android Studio.

• Download Baidu Push Android SDK


• Create a Baidu Push account and create application : Getting Started with Baidu Push (baidu.com)


• Create an application in Android Studio : Connect your app to the notification hub | Microsoft Docs

Getting started with Azure Notification Hub using Baidu

1. Enter API Key and SECRET KEY in Azure Portal -> Notification Hub -> Baidu (Android China).
   
   Note : Go to the Configuration page of the Baidu Push application and you can find API KEY and SECRET KEY.
   


2. Execute your application in Android Studio and you should see below keywords in.
   errorCode=0 : 0 means the device is registered successfully via Baidu SDK.
   userId : copy this for next step
   channelId: copy this for next step
   


3. Create a registration for the device. This method generates a registration ID, which you can subsequently use to retrieve, update, and delete this registration.
   – Request
   
   
   
   
   
   
   
   
   
   
   
   
   

   Method	Request URI
   POST	https://<notification_hub_namespace>.servicebus.windows.net/<notification_hub_name>/registrations/?api-version=2015-01

   
   
   – Request Headers
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   

   Request Header	Description
   Content-Type	application/atom+xml;type=entry;charset=utf-8
   Authorization	Azure Service Bus access control with Shared Access Signatures – Azure Service Bus | Microsoft Docs
   x-ms-version	2015-01

   
   
   – Request Body
   XML
   

   <?xml version="1.0" encoding="utf-8"?>
   <entry xmlns=http://www.w3.org/2005/Atom>
       <content type="application/xml">
           <BaiduRegistrationDescription xmlns:i=http://www.w3.org/2001/XMLSchema-instance xmlns=http://schemas.microsoft.com/netservices/2010/10/servicebus/connect>
               <BaiduUserId>{userId}</BaiduUserId>
               <BaiduChannelId>{channelId}</BaiduChannelId>
           </BaiduRegistrationDescription >
       </content>
   </entry>

   
   – Response Code
   
   

   
   
   
   
   
   
   
   
   
   
   
   

   Code	Description
   200	Registration created successfully.

   
   
   – Response Body
   Upon success, a validated Atom entry is returned. It includes read-only elements such as ETag, RegistrationId, and ExpirationTime. For example:
   XML
   

   <entry a:etag="W/&quot;1&quot;" xmlns=http://www.w3.org/2005/Atom xmlns:a=http://schemas.microsoft.com/ado/2007/08/dataservices/metadata>
       <id>https://notificationhubn.servicebus.windows.net/notificationhub1/registrations/{registerId}?api-version=2015-01</id>
       <title type="text">{registerId}</title>
       <published>2021-02-19T06:52:22Z</published>
       <updated>2021-02-19T06:52:22Z</updated>
       <link rel="self" href=https://notificationhubn.servicebus.windows.net/notificationhub1/registrations/{registerId}?api-version=2015-01/>
       <content type="application/xml">
           <BaiduRegistrationDescription xmlns=http://schemas.microsoft.com/netservices/2010/10/servicebus/connect xmlns:i=http://www.w3.org/2001/XMLSchema-instance>
               <ETag>1</ETag>
               <ExpirationTime>9999-12-31T23:59:59.999</ExpirationTime>
               <RegistrationId>{registerId}</RegistrationId>
               <BaiduUserId>{userId}</BaiduUserId>
               <BaiduChannelId>{channelId}</BaiduChannelId>
           </BaiduRegistrationDescription>
       </content>
   </entry>​



4. Use Test Send to check whether the device is registered successfully in the previous step.
   


5. Sends a Baidu native notification through a notification hub.
   – Request
   
   
   
   
   
   
   
   
   
   
   
   
   

   Method	Request URI
   POST	https://<notification_hub_namespace>.servicebus.windows.net/<notification_hub_name>/messages/?api-version=2015-04

   
   
   – Request Headers
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   
   

   Request Header	Description
   Content-Type	application/json;charset=utf-8
   Authorization	Azure Service Bus access control with Shared Access Signatures – Azure Service Bus | Microsoft Docs
   ServiceBusNotification-DeviceHandle	{RegistrationId}
   ServiceBusNotification-Format	baidu
   x-ms-version	2015-04

   
   
   – Request Body
   JSON
   

   {"title":"Title","description":"Notification Hub test notification"}​

   
   – Response Code

   
   
   
   
   
   
   
   
   
   
   
   
   

   Code	Description
   201	Message successfully send to Baidu.

   
   


6. Your device should receive the notification you send in previous step in few seconds.

Additional Reference :

• Create a registration | Microsoft Docs


• Direct send | Microsoft Docs

Business Email: Uncompromised – Part One

by Contributed | Feb 23, 2021 | Technology

This article is contributed. See the original author and article here.

This blog is part one of a three-part series focused on business email compromise.

Business email compromise (BEC) is a type of phishing attack that targets organizations, with the goal of stealing money or critical information. BEC has become a top-of-mind concern for CISOs – according to the Federal Bureau of Investigation, in 2019, BEC was the costliest type of cybercrime, accounting for 50% of all losses worldwide. Since 2016, BEC has accounted for more than 26 billion dollars in losses. Large corporations to small businesses, all have fallen victim to these attacks.

At Microsoft we have been actively working to block these attacks and working to disrupt attacker networks that look to propagate such crime. Microsoft Defender for Office 365 provides industry leading capabilities to protect against these sorts of attacks.

So how do these attacks work? How can organizations best protect themselves? In this blog series, we will explore the evolution of BEC attack tactics, provide a refresher on existing and new capabilities in Defender for Office 365 that help detect these attacks, and best practices that customers should follow to secure themselves against BEC attacks.

Anatomy of Business Email Compromise Attacks

The classic form of business email compromise involves targeting a set of employees through emails that seem to come from an email address that visually looks like someone the employee should trust. Once the trust is established, unsuspecting employees can be asked to execute fraudulent wire transfers or asked to reply with critical information. Unlike other email-based threats, these attacks do not rely on malicious files or links and instead rely on deception of trust and can be highly effective.

Here’s an example of a BEC attack we have observed recently.

Figure 1: A real-world BEC attack

At first glance, the email appears to come from the CEO to her employee and looks like a legitimate business email request for a payment. But upon further examination we detect that the sender is not the real CEO. The attackers use different techniques to make the email address look convincing.

Display name or From address look-alike (user impersonation)

Email clients use email properties like “Display Name” and “From Address” to show the sender of the email. Attackers forge these properties to make it visually look like a real sender. When we take a closer look at the below example, we see the mail came from a look-alike email address with a slightly different spelling.

Figure 2: User impersonation using a look-alike email addresses

Attackers often use spelling tricks or special characters to make the email name look convincing, and detecting these large number of possible combinations through naked eye or basic regular expressions (regex) can be quite challenging.

Domain address look-alike (domain impersonation)

In this technique, the attacker forges the email domain that visually looks like the domain of the victim’s organization or like the domain of one of their business partners. For example, in the below example, the email seems to come from a domain that looks like contoso.com but is spelled with a “zero” instead of an “o”.

Figure 3: Domain impersonation using a look-alike domain

Exact Domain Spoofing

In this technique, the attacker forges the domain to look exactly like the domain of the victim’s organization or like the domain of one of their business partners.  Since they are exactly same, they make for a more convincing attack. Email protocols rely on email authentication standards such as SPF, DKIM, and DMARC to enable domain owners to “authenticate” their mails. If the domain does not configure these settings, they can be spoofed by the attacker to make an email look legitimate but will instead come from the attacker’s email server. In the example below, when we inspect the mail, the domain that the victim sees is contoso.com, but the actual sender is different.

Figure 4: Domain spoofing achieved through forgery

We refer to these classic attacks as single stage attacks. We see attackers leverage one or more of the above techniques to impersonate/spoof executives, business partners, IT/HR staff and more. The email content can contain a basic request to purchase gift cards, request HR or financial data, or request to process an invoice with updated payment details.

Figure 5: Single stage BEC attacks

Now that we have reviewed the attack techniques, let’s take a closer look at how we can protect against them.

User & Domain Impersonation Protection in Defender for Office 365

Detecting user and domain impersonation at scale and in a fast-evolving attack landscape requires systems that can quickly understand relationships between senders and recipients, detect anomalies in those relationships and detect “visual similarity” across many possible combinations.

Configuring AI-powered and policy-based protections

Microsoft Defender for Office 365 does this by employing a capability called Mailbox Intelligence, an AI-powered technology that builds a communication graph of every user. Once enabled, this system continuously learns about a user’s email patterns and their communication graph. When a BEC email is received, the system automatically detects an anomaly against the user’s graph. It then runs a powerful multi-pass algorithm to detect “visual similarity” across a large combination of user and domain names.

Security administrators can configure user, domain, and mailbox intelligence-based protection settings in the Anti-Phishing Policy within the Security Center. Once configured, these capabilities protect all users in the organization from attacks looking to impersonate any of their communication contacts. In an environment where anyone in an organization can be targeted by impersonation attacks, organizations need this capability to protect all users in the organization.

Figure 6: Mailbox Intelligence uses AI to build a communication graph for every user.

We introduced these capabilities in Defender for Office 365 in 2018 and we are constantly updating them based on the latest threat patterns.

Hunting for BEC Attacks (Coming Soon!)

Given the targeted nature of BEC attacks, security analysts are looking for additional ways to analyze and hunt for information about these attacks in their environment.

To further increase the efficiency of the response of SecOps teams to impersonation-based attacks, we are rolling out new pivots in Threat Explorer to enable your security analysts to hunt for user and domain impersonation attempts in your organization. Threat Explorer helps security teams investigate and respond to threats efficiently, and these new capabilities allow analysts to dive deeper into potential BEC attacks. The new pivots will help security analysts answer questions like “Who is impersonating my CEO?”, “who is being targeted?”, “is a protected domain of my organization being impersonated?” and “are we seeing any false positives?” Admins can also configure alerts to be notified and Threat Tracker queries to quickly discover new attacks.

Figure 7: Use Threat Explorer to hunt for impersonated users.

Domain Spoofing Protection & Email Authentication Checks in Defender for Office 365

Preventing spoofing with email authentication standards

To identify spoofing attempts, email standards like SPF, DKIM, and DMARC are evaluated on every incoming message. Office 365 honors these standards for domains that have properly configured these settings. Emails that fail DMARC checks will be sent to quarantine or routed to junk mail. You can learn more about email authentication in Office 365, and its implications on spoofing here.

Spoof Intelligence to prevent spoofing attacks

While DMARC is a useful tool in the email ecosystem, despite its value, our service-wide telemetry indicates that a large number of the domains that send email into your organization have not implemented DMARC or may not enforce it. This leaves your organization vulnerable as these domains can still be spoofed leaving the door open to business email compromise. This is important – If your partners and vendors have not enforced DMARC on their domains, their domains can be spoofed by attackers in deceptive emails to your users.

To address this challenge, Defender for Office 365 and Exchange Online Protection (EOP) use an industry-first technology called Spoof Intelligence. It uses advanced algorithms to learn about a domain’s email sending patterns and can flag anomalies. And most importantly, through this approach using Spoof Intelligence, Defender for Office 365 and EOP also extend spoofing protections to domains that might not have implemented DMARC yet.

Both spoof protection capabilities are enabled by default and are being constantly updated to learn from latest attacks.

Coming up in Part 2….

BEC attacks can be fairly complex and look extremely convincing. And they can result in a lot of damage to organizations that don’t have the appropriate protection. In this blog, we’ve looked at one flavor of BEC attacks – single stage attacks. We have also seen how capabilities in Defender for Office 365, described above, prevent the core components of business email compromise. In the next blog post, we’ll dive into more advanced flavors of BEC attacks, and talk about the different capabilities in Microsoft Defender for Office 365 that help you prevent, detect, and respond to multi-stage BEC attacks. Stay tuned!

To learn more about Microsoft Defender for Office 365, or to get started today, visit aka.ms/DefenderO365.

Your Guide to Mixed Reality @ Microsoft Ignite Spring 2021

by Contributed | Feb 23, 2021 | Technology

This article is contributed. See the original author and article here.

Looking forward to another virtual Microsoft Ignite this spring? We are thrilled to highlight the four Mixed Reality stories to watch! These sessions will enable you to understand the blend between our physical and digital worlds, learn the basics of Mixed Reality Business Apps, and discover how Mixed Reality empowers humanity.

Reminder that Microsoft Ignite Spring 2021 is happening on March 2-4! Here’s your handy guide to the 4 sessions we’ve lined up for you this year. Microsoft Ignite is free to attend, so what are you waiting for? Register today!

Accelerate your journey in mixed reality with these 4 sessions!

Click to learn more about each Mixed Reality session below, and discover ways to immerse yourself (and meet your fellow technologists!) in this fast-growing space during the event:

So You Want to Switch to a Mixed Reality Career | 3/2/21 1:00 pm – 1:30 pm PT

Speakers: Amara Anigbo, April Speight, Archana Iyer, Catherine Diaz

Want to pursue a career in mixed reality but not sure where to start? Interested in mixed reality but feeling intimidated about what you currently don’t know (yet!) about the technology? Fret not! Join this session and hear #RealTalk from our speakers on how they took a leap of faith and achieved their dream of working in mixed reality. Learn how to acquire and build on core mixed reality skills so you can unlock your tech superpowers and create positive impact in the blend of our physical and digital worlds. 

So You Want to Switch to a Mixed Reality Career Panel @ Microsoft Ignite 2021

Intro to Mixed Reality Business Apps | 3/3/2021 12-12:30PM PT 
Speakers: Payge Winfield and Katie Glerum (Mt Sinai Hospital)

Believe it or not, ANYONE can get started with infusing mixed reality into their daily lives. Join us at this session to build your confidence with Mixed Reality Business Apps like Remote Assist! Hear from Mt Sinai Hospital about practical use cases of mixed reality in healthcare and learn about deployment best practices so you can empower your organization with mixed reality today!

Intro to Mixed Reality Business Applications with Payge Winfield and Katie Glerum (Mt Sinai Hospital)

Blending Worlds: Empowering Humans through Mixed Reality | 3/2/21 9:15 – 9:45 PM PT

Speakers: Xerxes Beharry, Alexandra Petty, Alexander Meijers, Niels Broekhaus

The power and potential of mixed reality in changing the world is tremendous, and we are only at the tip of the iceberg as we navigate the new normal of a distributed, remote workforce. Join this session to hear from our speakers on how they are leveraging mixed reality to solve complex problems, create positive social impact and empower ALL humans. Learn about where they believe the future of mixed reality is headed and the role you can play in driving this transformation.

Blending Worlds – Humans of IT Panel

Table Talk: Mixed Reality Business Applications (Dynamics 365 and Power Platform) | 3/2/21 9:30-10PM PT | Speakers: Anj Cerbolles, Daniel Christian, Aditya Setyonugroho, Guest appearance by April Speight

Join this table talk to interact with your peers and share ideas on how mixed reality business applications across Dynamics 365 and Power Platform are transforming workplaces everywhere! Hear from our Business Applications MVPs as Anj Cerbolles and Daniel Christian, and Azure Ranger consultant Adityo Setyonugroho as they guide you through various common use case scenarios and inspire you to unlock the power of mixed reality in your organization.

Ready to dig in? Add these sessions to your Schedule Builder now!

We hope you’re as excited as we are about Microsoft Ignite Spring 2021 and all the featured Mixed Reality sessions we’ve lined up for you. Register online to secure your virtual seat now, and we’ll see you there!

#MSIgnite #MixedReality