This article is contributed. See the original author and article here.
In recent scenarios encountered with our customers, we have come across a specific need: restricting certain users from using SQL Server Management Studio (SSMS) or other applications to connect to a designated database in Azure SQL Database. A common solution in traditional SQL Server environments, like the use of LOGIN TRIGGERS, is not available in Azure SQL Database. This limitation poses a unique challenge in database management and security.
To address this challenge, I’d like to share an alternative that combines the power of Extended Events in Azure SQL Database with PowerShell scripting. This method effectively captures and monitors login events, providing administrators with timely alerts whenever a specified user connects to the database using a prohibited application, such as SSMS.
How It Works
Extended Events Setup: We start by setting up an Extended Event in Azure SQL Database. This event is configured to capture login activities, specifically focusing on the application name used for the connection. By filtering for certain applications (like SSMS), we can track unauthorized access attempts.
PowerShell Script: A PowerShell script is then employed to query these captured events at regular intervals. This script connects to the Azure SQL Database, retrieves the relevant event data, and checks for any instances where the specified users have connected via the restricted applications.
Email Alerts: Upon detecting such an event, the PowerShell script automatically sends an email notification to the database administrator. This alert contains details of the unauthorized login attempt, such as the timestamp, username, and application used. This prompt information allows the administrator to take immediate corrective measures.
Advantages
Proactive Monitoring: This approach provides continuous monitoring of the database connections, ensuring that any unauthorized access is quickly detected and reported.
Customizable: The method is highly customizable. Administrators can specify which applications to monitor and can easily adjust the script to cater to different user groups or connection parameters.
No Direct Blocking: While this method does not directly block the connection, it provides immediate alerts, enabling administrators to react swiftly to enforce compliance and security protocols.
This article provides a high-level overview of how to implement this solution. For detailed steps and script examples, administrators are encouraged to tailor the approach to their specific environment and requirements.
Extended Event
CREATE EVENT SESSION Track_SSMS_Logins
ON DATABASE
ADD EVENT sqlserver.sql_batch_starting(
ACTION(sqlserver.client_app_name, sqlserver.client_hostname, sqlserver.username, sqlserver.session_id)
WHERE (sqlserver.client_app_name LIKE '%Management Studio%')
)
ADD TARGET package0.ring_buffer
(SET max_events_limit = 1000, max_memory = 4096)
WITH (EVENT_RETENTION_MODE = NO_EVENT_LOSS, MAX_DISPATCH_LATENCY = 5 SECONDS);
GO
ALTER EVENT SESSION Track_SSMS_Logins ON DATABASE STATE = START;
Query to run using ring buffers
SELECT
n.value('(@timestamp)[1]', 'datetime2') AS TimeStamp,
n.value('(action[@name="client_app_name"]/value)[1]', 'varchar(max)') AS Application,
n.value('(action[@name="username"]/value)[1]', 'varchar(max)') AS Username,
n.value('(action[@name="client_hostname"]/value)[1]', 'varchar(max)') AS HostName,
n.value('(action[@name="session_id"]/value)[1]', 'int') AS SessionID
FROM
(SELECT CAST(target_data AS xml) AS event_data
FROM sys.dm_xe_database_session_targets
WHERE event_session_address =
(SELECT address FROM sys.dm_xe_database_sessions WHERE name = 'Track_SSMS_Logins')
AND target_name = 'ring_buffer') AS tab
CROSS APPLY event_data.nodes('/RingBufferTarget/event') AS q(n);
Powershell Script
# Connection configuration
$Database = "DBNAme"
$Server = "Servername.database.windows.net"
$Username = "username"
$Password = "pwd!"
$emailFrom = "EmailFrom@ZYX.com"
$emailTo = "EmailTo@XYZ.com"
$smtpServer = "smtpservername"
$smtpUsername = "smtpusername"
$smtpPassword = "smtppassword"
$smtpPort=25
$ConnectionString = "Server=$Server;Database=$Database;User Id=$Username;Password=$Password;"
# Last check date
$LastCheckFile = "c:tempLastCheck.txt"
$LastCheck = Get-Content $LastCheckFile -ErrorAction SilentlyContinue
if (!$LastCheck) {
$LastCheck = [DateTime]::MinValue
}
# SQL query
$Query = @"
SELECT
n.value('(@timestamp)[1]', 'datetime2') AS TimeStamp,
n.value('(action[@name="client_app_name"]/value)[1]', 'varchar(max)') AS Application,
n.value('(action[@name="username"]/value)[1]', 'varchar(max)') AS Username,
n.value('(action[@name="client_hostname"]/value)[1]', 'varchar(max)') AS HostName,
n.value('(action[@name="session_id"]/value)[1]', 'int') AS SessionID
FROM
(SELECT CAST(target_data AS xml) AS event_data
FROM sys.dm_xe_database_session_targets
WHERE event_session_address =
(SELECT address FROM sys.dm_xe_database_sessions WHERE name = 'Track_SSMS_Logins')
AND target_name = 'ring_buffer') AS tab
CROSS APPLY event_data.nodes('/RingBufferTarget/event') AS q(n)
WHERE
n.value('(@timestamp)[1]', 'datetime2') > '$LastCheck'
"@
# Create and open SQL connection
$SqlConnection = New-Object System.Data.SqlClient.SqlConnection
$SqlConnection.ConnectionString = $ConnectionString
$SqlConnection.Open()
# Create SQL command
$SqlCommand = $SqlConnection.CreateCommand()
$SqlCommand.CommandText = $Query
# Execute SQL command
$SqlAdapter = New-Object System.Data.SqlClient.SqlDataAdapter $SqlCommand
$DataSet = New-Object System.Data.DataSet
$SqlAdapter.Fill($DataSet)
$SqlConnection.Close()
# Process the results
$Results = $DataSet.Tables[0]
# Check for new events
if ($Results.Rows.Count -gt 0) {
# Prepare email content
$EmailBody = $Results | Out-String
$smtp = New-Object Net.Mail.SmtpClient($smtpServer, $smtpPort)
$smtp.EnableSsl = $true
$smtp.Credentials = New-Object System.Net.NetworkCredential($smtpUsername, $smtpPassword)
$mailMessage = New-Object Net.Mail.MailMessage($emailFrom, $emailTo)
$mailMessage.Subject = "Alert: SQL Access in database $Database"
$mailMessage.Body = "SQL Access Alert in database $Database on server $Server at $LastCheck."
$smtp.Send($EmailBody)
# Save the current timestamp for the next check
Get-Date -Format "o" | Out-File $LastCheckFile
}
# Remember to schedule this script to run every 5 minutes using Windows Task Scheduler
Of course, that using SQL auditing o Log analytics will be another alternative.
You’re in for a treat! The world of e-commerce has undergone a massive transformation over the past few years, and it’s all thanks to the revolutionary concept of composable commerce. This approach has taken the industry by storm, and it’s not hard to see why. Composable commerce is versatile, scalable, and innovative approach, allowing businesses of all sizes to provide exceptional customer experiences across various platforms and devices.
In this article, we’ll look closer at the intricacies of composable commerce, exploring its core benefits and examining how it’s changing the game for the e-commerce industry. Get ready to be blown away by the possibilities of composable commerce!
Image: Multiple Ecommerce Channels
Many organizations have started adopting Dynamics 365 Commerce, a composable commerce engine to enable customers to unify back office, in-store and e-commerce channels. While also serving as the single integration point for third-party channel solutions. This gives customers the key advantage of using a variety of best of breed commerce solutions to engage and deliver goods and services to their customers.
What is Composable Commerce:
Composable commerce is a contemporary approach to e-commerce that separates the front-end (presentation layer) and back-end (commerce logic) of an e-commerce platform. Unlike traditional e-commerce systems, where changes to one component can affect the other, composable commerce decouples these two layers, enabling independent development and greater flexibility. This separation allows for greater agility, faster innovation, and the ability to adapt quickly to changing market demands.
Image: Composable Commerce Diagram
In contrast, traditional e-commerce systems often have monolithic front and back ends, leading to certain limitations. Modifying the underlying codebase to change the front-end design or user experience can be complex and time-consuming. Additionally, traditional systems are not easily scalable across different devices or channels. Composable commerce addresses these challenges by allowing businesses to easily update their website’s design or incorporate new features without disrupting the core e-commerce functionality.
What options do companies have:
Businesses have two powerful options to customize their e-commerce experiences: headless commerce and composable commerce. Headless commerce allows companies to develop and update front-end and back-end components independently, enabling quick adaptation to market changes and experimentation with innovative features. Composable commerce takes flexibility and customization to the next level by enabling businesses to select modular components from different vendors, providing the ultimate flexibility to create an e-commerce ecosystem that is tailored to their unique needs.
Benefits of Composable Commerce:
To start with, the flexibility and agility of a digital environment is continuously evolving, thus using a decouple architecture business can quickly adapt to customers changing preferences. Separating the front-end from the back end ensures that branding, user experience, and functionality stay consistent across various channels. By having cohesive experience across web, mobile, social, media, voice assistant and other Artificial Intelligence (AI), Virtual Reality (VR), Augmented Reality (AR), Voice Commerce, based emerging technologies lead to higher customer satisfaction, engagement, and loyalty.
Image: With composable commerce, businesses can provide cohesive experience to customers on various channels
In addition, scalability and performance are also greatly enhanced because businesses can independently scale each layer resulting in better resource allocation. Websites can now handle increased traffic, sales volume, and complex operations leading to faster page upload time and better user experience.
End-user Benefits:
Whether customers interact with your brand through a website, mobile app, voice assistant, marketplace, or social media platform, composable commerce ensures a seamless and tailored experience. In addition, faster loading times and improved website performance reduce the long wait time for the entire page to load, resulting in a smoother and more responsive user interface. More importantly customers are browsing via desktop, smartphone, tablet, or using voice assistants to access your products and services seamlessly. This omni-channel capability enhances convenience and accessibility for customers, meeting their expectations for a seamless cross-channel experience. Dynamics 365 Commerce enables businesses to build this experience.
Empowering Vision: ABB Optical Group’s Intelligent Contact Lens Ordering Platform with Microsoft Dynamics 365″
Embarking on a technological evolution, ABB Optical Group introduces its Intelligent Contact Lens Ordering Platform, a game-changer crafted in collaboration with Visionet Systems Inc. and Microsoft. This innovation involved the implementation of Microsoft Dynamics 365 Finance and Operations, Azure Cloud, and Data Lake, providing a solid technological foundation. ABB Optical aimed to transcend its legacy Patient Ordering Platform, yourlens.com, seeking a modern, intelligent, and scalable user experience. This vision materialized through the development of a robust Minimum Viable Product(MVP), introducing a microservices headless experience and harnessing the capabilities of Microsoft D365 Retail and HQ APIs, alongside Proof of Concepts.
The outcome was nothing short of transformative. The MVP’s successful pilot garnered positive feedback, propelling the rapid development of additional customer-demanded features. In just six months, Visionet spearheaded the launch of phase two of the Abby Platform, seamlessly integrating a data analytics component through Data Lake with Dynamics 365 F&O and Power BI. ABB Optical Group now stands at the forefront of innovation, offering eyecare providers and patients an intelligent, forward-thinking ordering system.
Conclusion:
In conclusion, the emergence of composable commerce signifies a pivotal shift in the digital marketplace. This approach, distinguished by its modular structure, cloud-native integration, and technology-independent capabilities, provides businesses with unparalleled flexibility and adaptability. It enables businesses to customize their digital experiences, integrate seamlessly with best of breed solution providers for individual capabilities, and respond swiftly to market changes and complexities.
Learn more
Dynamics 365 Commerce delivers a comprehensive, yet composable, set of capabilities for both consumer and business-facing organizations seeking to expand beyond traditional digital commerce limitations and improve customer engagement, build brand awareness, streamline purchasing, and deliver exceptional customer experiences.
This article is contributed. See the original author and article here.
We’re looking for Microsoft Fabric Analytics Engineers to take our new beta exam. Do you have subject matter expertise in designing, creating, and deploying enterprise-scale data analytics solutions? If so, and if you know how to transform data into reusable analytics assets by using Microsoft Fabric components, such as lakehouses, data warehouses, notebooks, dataflows, data pipelines, semantic models, and reports, be sure to check out this exam. Other helpful qualifications include the ability to implement analytics best practices in Fabric, including version control and deployment.
This certification could be a great fit if you have in-depth familiarity with the Fabric solution and you have experience with data modeling, data transformation, Git-based source control, exploratory analytics, and languages, including Structured Query Language (SQL), Data Analysis Expressions (DAX), and PySpark.
Review the Exam DP-600 (beta) page for details, and check out the self-paced learning paths and instructor-led training there. The Exam DP-600 study guide alerts you for key topics covered on the exam.
Ready to prove your skills?
Take advantage of the discounted beta exam offer. The first 300 people who take Exam DP-600 (beta) on or before January 25, 2024, can get 80 percent off market price.
To receive the discount, when you register for the exam and are prompted for payment, use code DP600Winfield. This is not a private access code. The seats are offered on a first-come, first-served basis. As noted, you must take the exam on or before January 25, 2024. Please note that this beta exam is not available in Turkey, Pakistan, India, or China.
The rescore process starts on the day an exam goes live—8 to 12 weeks after the beta period, and final scores for beta exams are released approximately 10 days after that. For details on the timing of beta exam rescoring and results, read my post Creating high-quality exams: The path from beta to live.
Get ready to take Exam DP-600 (beta)
Explore the Fabric Career Hub. Access live training, skills challenges, group learning, and career insights.
Join the Fabric Cloud Skills Challenge. Complete all modules in the challenge within 30 days and become eligible for 50% off the cost of a Microsoft Certification exam. This 50% discount can’t be used toward the Exam DP-600 (beta). If you miss the beta period, you can use it later once the exam goes live or for another live certification exam.
Did you know that you can take any role-based exam online? Online delivered exams—taken from your home or office—can be less hassle, less stress, and even less worry than traveling to a test center, especially if you’re adequately prepared for what to expect. To find out more, check out my blog post Online proctored exams: What to expect and how to prepare.
Ready to get started?
Remember, the number of spots for the discounted beta exam offer is limited to the first 300 candidates taking Exam DP-600 (beta) on or before January 25, 2024.
This article is contributed. See the original author and article here.
In the race to deliver engaging in-store experiences, Microsoft is uniquely positioned to equip retailers with the tech they need to transform their store team’s workdays. At the National Retail Federation (NRF) 2024, we are announcing new solutions designed to enable store teams to efficiently meet customers’ expectations and improve the retail experience in this new era of AI.
This article is contributed. See the original author and article here.
As we ring in the start of 2024, we’re gearing up to showcase a host of new innovations across Microsoft Teams at the annual National Retail Federation (NRF) conference, taking place January 14th – January 16th in New York City.
We’re announcing new solutions designed to enable store teams to efficiently meet customers’ expectations and improve the retail experience in this new era of AI.
Keep reading below for the latest product and feature capabilities coming to Teams to help simplify operations and enable first-class retail experiences for all retail workers – including the frontline.
Enhanced Store Team Communication and Collaboration
Route announcements to frontline teams by location, department, and role Target important announcements to the right frontline employees based on location, department, and job role information. Targeted announcements will surface on the Teams home experience so your frontline employees will never miss an important communication. This feature will be generally available in March 2024. Learn more.
Boost frontline teamwork with auto-generated role and department tagging Reach the right person at the right time with automatic tags for your frontline teams. Tags for department and job roles can be configured and created automatically for your frontline workers in the Teams Admin Center. Frontline employees can leverage these automatic tags in their frontline teams to connect with the right person every time. This feature will be in public preview in February 2024. Learn more.
Bring answers to communities for easier information sharing In Viva Engage in Teams, answers from Q&A conversations will now be available in communities, better enabling frontline workers to easily source needed information. This feature will be generally available January 2024.
Monitor how employee engagement drives business performance Also coming to Viva Engage in Teams, network analytics will bring AI-powered theme extraction and employee retention metrics to users to help enhance insights into workforce dynamics and help drive informed decision making. This feature will be generally available in February 2024. Learn more.
Automatically hear push-to-talk transmissions from multiple channels Frontline workers using Walkie Talkie in Teams now have the option to automatically hear incoming transmissions from any of their pinned favorite Teams channels. With this new feature, users can stay better connected to multiple channels without needing to switch channels manually. This feature will be generally available by end of month. Learn more on how to get started.
Use any generic wired (USB-C and 3.5mm) headset for instant team communication on Android Frontline workers often need to instantly communicate with each other even when their phones are locked. We integrated Walkie Talkie in Teams with audio accessories partners to make this experience possible with the dedicated push-to-talk (PTT) button on headsets, which instantly brings up walkie talkie for clear and secure voice communication. In addition to select specialized headsets, we are excited to announce that Walkie Talkie in Teams will now work with any generic wired (USB-C and 3.5mm) headsets on Android.
As long as the generic headsets have a control to play/pause button or to accept/decline calls, frontline workers can tap the play/pause button to start and stop transmissions on walkie talkie. Frontline organizations will be able to easily start using walkie talkie with these lower-cost generic headsets. This feature will be generally available starting February 2024. Learn more.
Streamline Retail Store Operations
Allow frontline teams to set their shift availability for specific dates Frontline workers will now have the flexibility to set their availability preferences on specific dates, enhancing their ability to manage unique scheduling needs. This added feature complements existing options for recurring weekly availability. This feature is available in January 2024. To learn more about recent enhancements to Shifts in Teams, read the latest blog – Discover the latest enhancements in Microsoft Shifts.
Easily deploy shifts at scale for your frontline Teams admins can now standardize Shifts settings across all frontline teams and manage them centrally by deploying Shifts to frontline teams at scale in the Teams admin center. You can select which capabilities to turn on or off like (showing open shifts, swap shift requests, offer shift requests, time off requests, and time clock.)
Admins can also identify schedule owners and create scheduling groups uniformly for all frontline teams at the tenant level and create schedule groups and time-off reasons that will be set uniformly across all frontline teams. Your frontline managers are able to start using Shifts straight out-of-the-box with minimal setup required. This feature is currently in public preview and will be generally available in March 2024. Learn more.
Streamline Teams deployment for your frontline and manage at scale Whether due to seasonality or the natural turnover seen on the frontline in retail, simplifying user membership is key to easing management needs. Now generally available, Microsoft has added new capabilities in the Teams Admin Center to deploy frontline dynamic teams at scale for your entire frontline workforce. Through the power of dynamic teams, team membership is automatically managed and always up to date with the right users as people enter, move within, or leave the organization using dynamic groups from Entra ID.
This deployment tool streamlines the admin experience to create a Teams structure that maps the frontline workforces’ real-world into digital world and makes it easy to set up a consistent channel structure to optimize for strong frontline collaboration on day one. Available in February, customers can use custom user attributes in Entra ID to define frontline and location attributes, with additional enhancements that make it easier to assign team owners by adding a people picker to the setup wizard.
Map your operational hierarchy to frontline teams Admins will be able to set up their frontline operational hierarchy to map their organization’s structure of frontline locations and teams to a hierarchy in the Teams Admin Center. Admins can also define attributes for their teams that range from department information to brand information. The operational hierarchy coupled with this added metadata will enable frontline apps and experiences in the future like task publishing. This feature will be in public preview in January 2024. Learn more.
Leverage generative AI to streamline in-store shift management Store managers can also identify items such as open shifts, time off, and existing shifts with a new Shifts plug-in for Microsoft 365 Copilot. Microsoft 365 Copilot can now ground prompts and retrieve insights for frontline managers leveraging data from the Shifts app in addition to user and company data it has access to such as Teams chat history, SharePoint, emails, and more.
Automate and simplify corporate to store task publishing With task publishing, you can now create a list of tasks and schedule them to be automatically published to your frontline teams on a regular cadence, such as every month on the 15th. Once you publish a list, the task publishing feature will handle the scheduling and ensure that the list is published at the desired cadence. This feature is useful for tasks that need to be done regularly, such as store opening and closing processes or conducting periodic inspections and compliance checks. This feature will be generally available in March 2024.
Publish a task that everyone in the team must complete This new capability provides the option to create a task that every member of the recipient team must complete. Organizations can assign tasks like complete training or review a new policy to all or a specific set of frontline workers. The task will be created for each worker at the designated location. This feature will become generally available in March 2024.
Require additional completion requirements for submitting tasks When you create a task within the task publishing feature, you have the option to request a form and/or photo completion. When you publish that task, each recipient team will be unable to mark the task complete until the form is submitted by a member of the team. This ensures that the task is completed properly by each team member.
Additionally, with approval completion requirements, organizations can hold frontline managers and their teams accountable for verifying the work was done to standard before reflecting that work as completed. This allows an organization to increase attention to detail and accountability for important tasks. These features will become generally available in March 2024.
Secure and Manage your Business
Simplify authentication with domain-less sign-in Since a single device is often shared among multiple frontline workers, they need to sign-in and out multiple times a day throughout a shift or across shifts. Typing out long user names with a domain is prone to mistakes and can be time consuming. With domain-less sign-in, frontline workers can now sign-in to Teams quicker using only the first part of their username (i.e., without the domain), then enter the password to access Teams on shared and corporate-managed devices. For example, if the username is 123456@microsoft.com or alland@microsoft.com, users can now sign in with only “123456” or “alland”, respectively.
We’re excited to share more updates and new features throughout the calendar year. To learn more about how Microsoft Teams empowers frontline workers, please visit our webpage to learn how.
This article is contributed. See the original author and article here.
In an industry defined by both growth and disruption, retailers are depending on technology to navigate challenges ranging from shifting purchase habits to supply chain complexities. Next week, at the National Retail Federation (NRF) Big Show, Microsoft will demonstrate Dynamics 365 solutions powered by AI to help accelerate retail agility and innovation in the next decade.
Gain valuable AI insights for your business
Learn more at the National Retail Federation Big Show
Microsoft Dynamics 365 Customer Insights, providing retailers with AI-powered experiences to transform daily marketing workflows.
Microsoft Dynamics 365 Supply Chain Management, providing AIpowered guidance for demand planning, streamlining procurement, and enhancing supply chain visibility.
NRF attendees can learn more about the transformative power of AI across the retail industry by attending two Big Ideas Sessions hosted by Shelley Bransten, Corporate Vice President, Global Retail, Consumer Goods, and Gaming Industries, and Kathleen Mitford, Corporate Vice President, Global Industry Marketing.
Helping retailers personalize the shopping experience
Retailers often tell us that they’re under pressure to get marketing and customer experience projects and campaigns to market faster and are asked to do more with less. Yet, the processes and tools they use haven’t evolved to meet this demand.
Deploying a project to market requires various roles or specialists, costly third-party agencies, and siloed applications to review data and create content. Monitoring results for optimization also becomes a timely and tedious task, having to track down the right people with the right application and the right data. These challenges not only hinder a campaign’s time to market and employee productivity, but can also result in a disjointed customer experience.
It’s not just our customers who are feeling the burden of these challenges. The market is feeling it too. For instance, 63% of surveyed retailers said they hope they can improve their marketing with AI in the next 18 to 24 months.1 In the age of AI, shouldn’t it be easier to get your campaigns to market?
We are announcing new Copilot features in Dynamics 365 Customer Insights that will transform how marketers manage and maintain projects and campaigns, increasing productivity, efficiency, and speed to market. These new capabilities build on Copilot features introduced in the past year, including, but not limited to, the ability to generate content ideas, query customer data using natural language, and create customer segments and journeys using next-generation AI.
Marketers can kick-start their marketing project by writing their campaign objective in natural language, or by uploading an existing creative brief. The project board is then generated using the prompt or brief, connected organizational data, and previous campaigns in Customer Insights. The project board streamlines and connects all workflows into one place for building and managing marketing assets.
“These new copilot capabilities in Dynamics 365 Customer Insights will enable us to focus our time and energy in the right places—better informing us on optimization priorities without the need to dig into details manually. That alone saves so much time.”
—Hannah Harper, Leatherman, Digital Marketing Manager
From the project board, marketers can view the campaign’s target audience and segments, as well as recommendations from Copilot for additional segments that may not have been previously considered. Selecting a suggested audience segment automatically generates a complementary customer journey, saving marketers time while also helping them deliver a personalized customer experience.
End-to-end customer journeys containing personalized touchpoints, such as promotional emails or event invitations, are generated using Copilot. Through our partnership with Typeface and its enterprise-grade generative AI capabilities, marketers can produce brand-authentic images across assets, supercharging personalized content for greater impact—all from within Dynamics 365 Customer Insights. Additionally, Typeface helps align content to the organization’s brand guidelines, including themes, fonts, and product images—extracted from a central asset library.
“Every aspect of the enterprise is already being redefined with generative AI, from developer to product to sales experiences. By combining Dynamics 365 Customer Insights with Typeface’s powerful storytelling engine, we’re fundamentally reshaping campaign workflows with generative AI by starting with just a goal. This means personalizing content at an unprecedented scale, bridging the gap between content and data, and ushering in a new era of marketing creativity and productivity.”
—Abhay Parasnis, Founder and CEO of Typeface
These Copilot capabilities will be available in preview in the first quarter of 2024, with general availability by the third quarter of 2024. Existing Customer Insights customers can sign up now for the early access public preview program here.
This is just the beginning; we will be delivering further content curation, journey testing, and metrics monitoring to optimize campaigns. Our vision is that, together, this new AI-first experience will transform how marketers work by reducing the complexities of end-to-end campaign management and enhancing marketer productivity and ROI.
Click the image below to watch a video and learn more about our vision.
Build a real-time retail supply chain
In 2024, retail supply chains face countless challenges, from labor shortages and increasing costs to complexities across omnichannel retail experiences. Enterprise AI solutions, now readily available for retailers, can power greater efficiency, productivity, and innovation across the supply chain.
At Microsoft, we aim to deliver new supply chain innovations powered by Copilot to our customers through our open, flexible, and collaborative Microsoft platform; helping organizations to reduce risk, manage inventory, plan with flexibility, and make quick decisions across the whole supply chain.
New copilot capabilities to improve demand planning
A retailer’s success hinges on having the right inventory at the right place at the right time, and that starts with successful demand planning. We recently announced new demand planning capabilities in Dynamics 365 in November 2023 that uses AI, machine learning, and external signals to predict demand accurately, and now we are enhancing it with Copilot. This will help planners understand how a forecast was generated and help them find patterns and anomalies.
Copilot will also help them make sense of complex relationships across datasets using natural language interactions, and it will also assist with the routine tasks of making demand review reports, saving the planners time to focus on high-priority activities.
Some of our customers, including Domino’s Pizza UK & Ireland, can use the new demand planning capabilities to make smart predictions from the data and insights.
“The demand planning capabilities in Dynamics 365 are helping us make the right decisions to lower wastage, avoid unnecessary deliveries, and be cybersafe.”
—Neha Batra, Head of Business Solutions, Domino’s Pizza UK & Ireland
The new demand planning capabilities create a more flexible, simplified, and intuitive user experience. Planners have an increased level of trust and can rely more on the forecast, knowing how it’s generated. The latest demand planning capabilities help reduce excess inventory and increase working capital for retailers.
New Copilot capabilities to improve productivity and proactively mitigate disruptions
In November 2023, we also announced new Copilot capabilities in preview for Dynamics 365 that enable supply chain teams to take actions based on insights with conversational help while in the flow of work. This helps increase productivity and improved collaboration among employees across the supply chain and other cross-functional teams to proactively mitigate disruptions and further automate their workflows. See the capabilities in action.
We also added new Copilot capabilities that will enhance inventory visibility and enable businesses to promise orders with improved accuracy, significantly helping brands elevate their consumers’ buying experience.
In addition, a new copilot capability that helps to streamline procurement is now generally available. Procurement teams can seamlessly handle the purchase order changes in a scalable and efficient manner and assess the impact of changes downstream to production and distribution before making the right decision.
Generate product enrichment content for e-commerce sites with Copilot
Informative, story-rich product content can drive customer engagement and sales on e-commerce sites. Creating that content, however, can be time-consuming and challenging. In October 2023, we launched in preview the ability for business-to-business and business-to-consumer online retailers to use Copilot in Dynamics 365 Commerce to generate enriched product marketing content for their websites. This helps to decrease the time it takes to create compelling marketing content, while increasing productivity and increasing the overall number of online orders.
Visit our Microsoft booth at NRF this year to see these innovations in action.
Sunday, January 14, 2024 | 1:00 – 1:30 PM Eastern Standard Time (EST)
Join this interactive session to hear about one retailer’s AI journey to date. Hosted by Microsoft’s Corporate Vice President, Retail, Consumer Goods & Gaming Industries, Shelley Bransten, you’ll also learn about new AI-focused findings from Futurum Research and all new AI capabilities in Microsoft Cloud for Retail that will help power your AI transformation.
Generative AI and large language models have captured the attention of executives across industries. While the technology’s use cases seem endless, smart retailers and brands must identify and prioritize the applications of generative AI that will be most valuable to their organization and partner with organizations who will treat their data with the highest privacy standards. Join us to hear how Microsoft is helping organizations large and small maximize their generative AI opportunities safely and responsibly.
Retailers are swimming in data all day, every day. Even with sophisticated legacy technologies and cutting-edge data science, the majority of that data goes uncollected. Insights stay hidden—often in plain sight. But that’s starting to change. AI tools are enabling retailers to understand their customers, merchandising, supply chains, operations, and workforces better than ever before. Join us to hear about the myriad insights that retailers are drawing from newfound and increasingly precise data sources to run leaner, smarter stores.
This article is contributed. See the original author and article here.
One of the common adoption blockers we have heard of from our partners is that they cannot standardize their security and management practices on Microsoft 365 Lighthouse because they cannot manage all their customers using it. This has made it challenging to standardize procedures such as resetting passwords, identifying risky users, or simply navigating a customer admin portal with delegated access. While we made it simple to search and discover users across the SMB customers you were managing in Microsoft 365 Lighthouse, you still needed a second process for the customers you were not managing in Microsoft 365 Lighthouse. This was primarily due to the requirement for Microsoft 365 Business Premium. While we have expanded support for a limited set of subscriptions to manage a customer in Lighthouse over the past couple of years, it was still limited to subscriptions that offered premium security value, preventing you from having a single solution.
Today, we expand support for all your commercial and educational SMB customers. This enables you as a partner to create standardized processes for managing all your SMB customers in Lighthouse. Here are a few of the scenarios you can do now with all your Microsoft 365 SMB customers using Lighthouse:
Anticipate your customers’ needs with proactive account management made easy with Sales Advisor opportunities. Anticipate your customers’ needs. Discover the best ways to add value and support business growth with AI-powered insights and recommendations.
Simplified delegated access across all your customer tenants. Configure granular delegated access to your customers’ tenants to manage users, devices, and data quickly and easily. Reduce risk by rightsizing delegated permissions across your organization while improving your productivity with a guided wizard that helps you scale best practices from across the MSP industry to set up Granular Delegated Access Privileges (GDAP).
Screenshot of Microsoft 365 Lighthouse Granular Delegated Access Privileges setup wizard.
Assist with everyday user management. Lighthouse enables end-to-end user management, which allows you to create new users and quickly search and modify existing user details, including managing security groups, licensing, etc., and offboarding users. In addition to basic user management, Lighthouse adds value by providing management views across your Microsoft SMB customers that allow you to quickly identify and act on inactive accounts, Global Admin accounts, risky user behavior, and multi-factor authentication.
Screenshot of Microsoft 365 Lighthouse showing how to search for a user and view the user’s details.
Gain visibility into any Microsoft 365 incidents or advisories affecting your customers with a multi-tenant Service health dashboard.
Screenshot of Microsoft 365 Lighthouse Service Health page.
One of the challenges of managing multiple customers is that you often need to use different admin portals, such as the Microsoft 365 admin center, the Azure portal, Microsoft Intune, or Exchange, to name a few. Lighthouse lets you quickly and securely access other Microsoft admin portals for each of your SMB customers in the context of your partner tenant credentials using GDAP. Lighthouse users can leverage our security and management scenarios and seamlessly jump to another Microsoft admin portal when necessary.
Screenshot of Microsoft 365 Lighthouse showing how to navigate into a customer’s Microsoft Entra admin portal.
We are just getting started and will continue to expand on the capabilities we offer to manage the breadth of customers you have in the coming months. So, check back often to learn what is new with Lighthouse.
Not able to manage a customer in Lighthouse?
Here are cases where you will still find that a customer has limited management capabilities in Lighthouse and how you can change it.
By far, the most common cause a customer is “Limited” in that the customer tenant no longer has any active subscriptions and is no longer in use. If this is the case, the recommendation is to remove the reseller relationship (and GDAP relationships (Partner-led termination of a granular admin relationship – Partner Center | Microsoft Learn). It is a best practice to remove relationships that are no longer needed to reduce unnecessary exposure to your organization.
customer tenant is in the Government Cloud. Unfortunately, we cannot support the management of this customer in Microsoft 365 Lighthouse.
The customer is not an SMB and has more than 2,500 licensed users.
You are not in the same geographic area as the customer. If you have customers in a different geographic area, you can set up Lighthouse in that region to manage them.
To know why a specific customer is limited, click on Tenants link from the left navigation within Lighthouse and click the “Limited” link to bring up details on why they are not fully managed in Lighthouse:
Tenant list showing Contoso as “Limited” because delegated access has not been configured.
If you have a customer tenant using the Microsoft 365 services and you only have Limited management capabilities within Lighthouse, we want to know. You can leave comments below or use the feedback mechanism in Lighthouse. We want to enable you to manage all your active Microsoft 365 SMB customer tenants in Lighthouse.
This article is contributed. See the original author and article here.
In September 2023, we announced that Dynamics 365 Customer Insights and Dynamics 365 Marketing are coming together as one offering named Dynamics 365 Customer Insights, an AI driven solution which revolutionizes your customers’ experiences.
Within this solution are two apps:
Customer Insights – Data (previously known as Dynamics 365 Customer Insights) that empowers you to know your customers through 360-degree profile.
Customer Insights – Journeys (previously known as Dynamics 365 Marketing) allows you to engage your customers with personalized experiences based on the profile.
In the same timeframe, we also announced the transition from outbound marketing to real-time. The transition to real-time is independent from product name or licensing changes.
New customer environments only include real-time journeys and event management. Existing customers, if necessary, can add outbound marketing through a self-serve interface. We will continue to support outbound marketing but will not be adding new enhancements. We encourage all customers to transition to and use the exciting new capabilities available in real-time journeys. In this blog we cover how to plan for the transition to real-time and the resources that are available to you to help make this seamless.
How do the changes impact me?
If you are a new customer of the Customer Insights – Journeys app, you get real-time journeys only (including Event planning). So you start with the most current and advanced technology and avoid the time & expense of transitioning from outbound later.
Existing customer environments using outbound marketing, show the new product name but otherwise remained unchanged. When provisioning new, copying an existing, or upgrading a solutions-only environment to paid, outbound marketing is not installed by default.
If the system detects there is an existing environment with outbound marketing (in the same geo), then Settings > Version page shows Enable outbound link to install outbound. If you do not see the link or have issues enabling outbound, reach out to us directly as explained in the Transition overview page (see links in the resources section later).
When should I transition to Real-time?
Though we haven’t announced a date for ending outbound support the time to transition is now! Rest assured, we will use our product telemetry data and customer feedback to provide an adequate time window to ensure all customers can plan and complete their transition before support for outbound is ended.
But why wait? Real-time journeys offers most of the capabilities that outbound marketing has and a lot more that outbound doesn’t (and will not) such as the ability to respond and react in near-real time, high scale of 100M contacts/300M interactions in public preview (even more on the roadmap), and new & exciting capabilities with generative AI/Copilot, etc.
How to transition?
You can transition all at once or gradually depending on your business needs, capabilities you use in outbound marketing, and resources availability.
In a one-shot transition, you will recreate all your journeys, segments, and other assets in real-time journeys and then switch over to them over a short period (a few days).
The other approach is to transition gradually over time. You can create all your new campaigns in real-time journeys and leave your current campaigns running in outbound marketing until they complete. This way you build confidence and train your team gradually over time. We’ve prepared guidance on how to manage consent in hybrid/transition situations. With custom reporting capability (see release plan below), single analytics across both outbound and real-time can be created for the hybrid situation.
We know that most of your effort is usually spent in creating and finalizing emails, so we have built a tool in real-time journeys to let you Import outbound emails, templates, and content blocks so you can preserve and reuse them. You will also have a tool to help you quickly migrate consent records.
With either approach, you will want to take a stock of what capabilities of outbound marketing you currently use, how they are supported in real-time journeys, and if there is a need to transfer any data or assets from outbound marketing to real-time journeys. In the transition resources section of our product documentation area, you will find a page for each functional area that has guidance, workarounds, and roadmap for specific capabilities. If you find there are some specific capabilities in outbound marketing that you need but are not yet available in real-time journeys, be assured that we are working to add them as fast as we can. For example, we already have a published release plan for these commonly asked for features:
Forms – unmapped custom fields, form prefill, update none/multiple entities on submission, leads with parent contact
Please note that the above is not an exhaustive list. We release new updates every month. We use your feedback to revise our roadmap continuously to ensure you can transition with confidence.
Conclusion
A large number of customers are already using and benefiting from ease of use and scale offered by real-time. Over the next few months, we are prioritizing work to ensure transitioning to real-time journeys is easy and quick for every customer. While outbound marketing continues to be available and supported for existing customers, we strongly recommend everyone still using outbound marketing transition to real-time journeys to propel your business into the future of marketing and customer experience.
This article is contributed. See the original author and article here.
The start of a new year is often seen as a time to reflect on the past, plan for the future, and set New Year’s resolutions for ourselves. It is also a key time for business leaders to set goals to help their organizations and teams accomplish more in the new year, whether those goals are a new product release, business growth, or workplace culture improvement.
Furthermore, we know that simply writing down your goals is often not enough to achieve them! You also need to communicate your goals with key stakeholders, track your progress, and measure your results. This can be challenging, especially if your organization has multiple goals, competing priorities, or cross-team dependencies.
This is where Viva Goals and Microsoft Copilot can help.
Viva Goals is Microsoft’s solution for creating, managing, and tracking organizational goals. It is founded on the Objective and Key Result (OKR) framework, yet can be customized to meet other goal-setting strategies. To learn more about changing your goal terms from “Objectives and Key Results” to other frameworks or labels, visit our page on customizing terminology in Viva Goals.
With the content generation and summarization capabilities in Copilot in Viva Goals, creating and tracking your goals is becoming even easier.
Quickly create your goals with Copilot in Viva Goals
One challenge we frequently hear from customers is uncertainty about getting started with writing actionable, outcome-driven goals. Setting appropriate and ambitious goals can be daunting, but using Copilot can make the process easier.
From a quick click of the “Copilot” button in the Viva Goals app (available on Microsoft Teams or in your browser), Copilot is ready to help you generate new goals or OKRs:
Copilot in Viva Goals can be accessed from the tool bar or the Copilot icon within Viva Goals.
Copilot in Viva Goals can help you generate goals in two different ways:
Generating new goals based on context you provide (ex: industry, roles, business mission)
Clicking “Help me generate new OKRs” means Copilot will help you in crafting OKRs, using the conversational interface and its repository of sample OKRs.
Copilot in Viva Goals will generate goals based on prompts or information you provide in the chat.
By asking Copilot to “Write an OKR for this year’s plans to roll out Microsoft Copilot to employees across my organization,” you may get a result like:
Objective: Roll out Microsoft Copilot to employees across the organization Key Result (KR): Train 60% of our employees on the basics of taking the “Copilot for Microsoft 365” training in Viva Learning KR: Set up all required infrastructure and hardware to support Microsoft Copilot for these employees KR: Ensure 60% all newly hired employees have used Microsoft Copilot in their first month of onboarding
Note that this content is AI-generated and will change based on inputs / sample data.
Using the Copilot interface, you can ask Copilot to regenerate these OKRs, refine them (“be more conservative,” “increase the adoption rate,” etc.), or publish them to your Viva Goals instance.
Generating goals from a document you provide (ex: business plan, strategy paper)
Oftentimes, business leaders will already have strategy or business planning documents they have been circulating with their leadership teams. This can be a great place to get started: by uploading these strategy documents to Viva Goals , Copilot can then identify potential goals from the document and format into actionable OKRs. This capability is currently available for local .docx files, and will be expanding file types and file sources in the coming months.
Copilot in Viva Goals can use content from your existing documents to suggest outcome-based goals.
One thing to remember: using Copilot means that you, as the user, are always in control of what gets saved, published, and shared.
Copilot in Microsoft 365 can also be helpful in writing goals
For users that are not currently using Viva Goals, or are looking for suggestions on annual goals elsewhere, Copilot in M365 can be a great place to get started. Copilot in Word or in the Microsoft Copilot web experience can be great resources for creating the right goals for you and your organization. You can use prompts like “Write 3 OKRs for building a new (product/service) in the new year” or “Provide some goal suggestions for boosting employee morale” and work with Microsoft Copilot to refine these goals.
Furthermore, at Ignite last November (2023), we also announced that Microsoft 365 Copilot will be enhanced with Viva in early 2024. This means users will have access to Viva functionality within the Copilot for Microsoft 365 experience, including a chat experience that works across Viva data and apps to support employees, managers, and leaders. To learn more, check out the announcement from our blog in November, New ways Microsoft Copilot and Viva are transforming the employee experience.
Just make sure that after creating your goals, you are communicating these goals to your stakeholders and tracking your progress!
Summarizing your goals with Copilot
With Copilot, it is even easier to summarize and share your goal progress. Copilot uses context from your goal status updates and check-ins to generate summaries of your progress, making it even easier to share your current status with other teams and leadership.
Copilot in Viva Goals will quickly summarize your goals for easy sharing.
You can work with Copilot to tailor the update messages to your audience by asking the conversational AI to make the summary content more succinct, detailed, or professional. Looking to quickly share these updates with your teams, audiences or stakeholders? Use functionality within Viva Goals to broadcast your updates to email via Outlook or to post on Viva Engage with just a few clicks.
With the Viva Goals integration into Viva Engage, it’s easier than ever to share your team goals with your community.
It has never been easier to get started with setting and tracking your goals with Microsoft and Viva Goals, especially with the power of AI. Always make sure to review Copilot’s responses to make sure the suggestions and content it presents are relevant to your organization and your goals.
Set your 2024 Goals with Copilot today
Copilot in Viva Goals is available to Viva suite customers in public preview since December 2023 and will be Generally Available in early 2024. NOTE: Customers with Viva suite licenses interested in using Copilot in Viva Goals should work with their IT Admins to enable public preview of Copilot for users from their Microsoft Admin Center. To learn more about enabling Copilot in Viva Goals, please visit our Copilot in Viva Goals documentation.
Microsoft will also be hosting a webinar session on January 31st, 8am US-PT, for those interested in a live demo and to hear how Copilot in Viva Goals is helping address goal-setting and tracking challenges. More details available at Microsoft Virtual Event “Discovering the Power of Copilot in Viva Goals”.
Have feedback about Copilot in Viva Goals? Use the feedback tool in Viva Goals to let us know your thoughts.
From the Microsoft Viva Goals team to yours, we wish you success in achieving your goals in the new year!
This article is contributed. See the original author and article here.
One of the best practices for securing your organization’s data is to follow the principle of least privilege, which means granting users the minimum level of permissions they need to perform their tasks. Microsoft Entra ID helps you apply this principle by offering a wide range of built-in roles as well as allowing you to create custom roles and assign them to users or groups based on their responsibilities and access needs. You can also use Entra ID to review and revoke any role assignments that are no longer needed or appropriate.
It can be easy to lose track of role assignments if admin activities are not carefully audited and monitored. Routine checks of role assignments and generating alerts on new role assignments are one way to track and manage privileged role assignment.
Chances are that when a user with privileged roles is approached, they’ll say they need the role. This may be true; however, many times users will unknowingly say they need those permissions to carry out certain tasks when they could be assigned a role with lower permissions. For example, a user will be able to reset user passwords as a Global Administrator, but that does not mean they can’t do that with another role with far less permissions.
Defining privileged permissions
Privileged permissions in Entra ID can be defined as “permissions that can be used to delegate management of directory resources to other users, modify credentials, authentication or authorization policies, or access restricted data.” Entra ID roles each have a list of permissions defined to them. When an identity is granted the role, the identity also inherits the permissions defined in the role.
It’s important to check the permissions of these roles. The permissions defined in all built-in roles can be found here. For example, there are a few permissions that are different for the Privileged Authentication Administrator role than the Authentication Administrator role, giving the former more permissions in Entra ID. The differences between the authentication roles can be viewed here.
Another example of having differences between similar roles is for the end user administration roles. The differences and nuances between these roles are outlined in detail here.
Auditing activity
To decide if a user really needs a role, it’s crucial to monitor their activities and find the role with the least privilege that allows them to carry out their work. You’ll need Entra ID audit logs for this. Entra ID audit logs can either be sent to a Log Analytics Workspace or connected to a Sentinel instance.
There are two methods that can be used to get the events of carried out by admin accounts. The first will make use of the IdentityInfo table, which is only available in Sentinel after enabling User and Entity Behavior Analytics (UEBA). If you aren’t using UEBA in Sentinel or if you’re querying a Log Analytics Workspace, then you’ll need to use the second method in the next heading.
Using Microsoft Sentinel
To ingest Entra ID audit logs into Microsoft Sentinel, the Microsoft Entra ID data connector must be enabled, and the Audit Logs must be ticked as seen below.
Figure 1 Entra ID data connector in Sentinel with Audit logs enabled
The IdentityInfo table stores user information gathered by UEBA. Therefore, it also includes the Entra ID roles a user has been assigned. This makes it very simple to get a list of accounts that have been assigned privileged roles.
The query below will give a unique list of activities an account has taken, as well as which roles the account has been assigned:
This will give results for all accounts that carried out tasks in Entra ID and may generate too many operations that were not privileged. To filter for specific Entra ID roles, the following query can be run where the roles are defined in a list. Three roles have been added as examples, but this list can and should be expanded to include more roles:
let PrivilegedRoles = dynamic(["Global Administrator",
"Security Administrator",
"Compliance Administrator"
]);
AuditLogs
| where TimeGenerated > ago(90d)
| extend ActorName = iif(
isnotempty(tostring(InitiatedBy["user"])),
tostring(InitiatedBy["user"]["userPrincipalName"]),
tostring(InitiatedBy["app"]["displayName"])
)
| extend ActorID = iif(
isnotempty(tostring(InitiatedBy["user"])),
tostring(InitiatedBy["user"]["id"]),
tostring(InitiatedBy["app"]["id"])
)
| where isnotempty(ActorName)
| join (IdentityInfo
| where TimeGenerated > ago(7d)
| where strlen(tostring(AssignedRoles)) > 2
| summarize arg_max(TimeGenerated, *) by AccountUPN
| project AccountObjectId, AssignedRoles)
on $left.ActorID == $right.AccountObjectId
| where AssignedRoles has_any (PrivilegedRoles)
| summarize Operations = make_set(OperationName) by ActorName, ActorID, Identity, tostring(AssignedRoles)
| extend OperationsCount = array_length(Operations)
| project ActorName, AssignedRoles, Operations, OperationsCount, ActorID, Identity
| sort by OperationsCount desc
Once the query is run, the results will give insights into the activities performed in your Entra ID tenant and what roles those accounts have. In the example below, the top two results don’t pose any problems. However, the third row contains a user that has the Global Administrator role and has created a service principal. The permissions needed to create a service principal can be found in roles less privileged than the Global Administrator role. Therefore, this user can be given a less privileged role. To find out which role can be granted, check this list, which contains the least privileged role required to carry out specific tasks in Entra ID.
Figure 2 Actions taken by users in Entra ID
Using Log Analytics Workspace
Figure 3 Configuring the forwarding of Entra ID Audit logs to a Log Analytics Workspace
To ingest Entra ID audit logs into a Log Analytics Workspace follow these steps.
Because there is no table that contains the roles an identity has been granted, you’ll need to add the list of users to the query and filter them. There are multiple ways to get a list of users who have been assigned a specific Entra ID role. A quick way to do this is to go to Entra ID and then select Roles and administrators. From there, select the role and export the identities that have been assigned to it. It’s important to have the User Principal Names (UPNs) of the privileged users. You’ll need to add these UPNs, along with the roles the user has, to the query. Some examples have been given in the query itself. If the user has more than one role, then all roles must be added to the query.
Once you run the query, the results will give insights into the activities performed in your Entra ID tenant by the users you have filtered for. In the example below, the top two results can cause problems. Both have the Global Administrator role, but their operations don’t necessitate to have that role. The permissions needed for these operations can be found in roles less privileged than the Global Administrator role. Therefore, these users can be given a less privileged role. To find out which role can be granted, check this list, which contains the least privileged role required to carry out specific tasks in Entra ID.
Figure 4 Actions taken by users in Entra ID
If this user still requires the Global Administrator role then the Security Administrator role will become redundant as the Global Administrator contains more permissions than the Security Administrator role.
Conclusion
Keeping accounts with privileges that are not required is keeping your attack surface greater than it needs to be. By ingesting Entra ID Audit logs, you can query and identify users who have unnecessary and over-privileged roles. You can then find a suitable alternative role for them.
Recent Comments