Azure Managed Lustre with Automatic Synchronisation to Azure BLOB Storage

by Contributed | Nov 30, 2023 | Technology

This article is contributed. See the original author and article here.

Introduction

This blog post walks through how to setup an Azure Managed Lustre Filesystem (AMLFS) that will automatically synchronise to an Azure BLOB Storage container. The synchronisation is achieved using the Lustre HSM (Hierarchical Storage Management) interface combined with the Robinhood policy engine and a tool that reads the Lustre changelog and synchronises metadata with the archived storage. The lfsazsync repository on GitHub contains a Bicep template to deploy and setup a virtual machine for this purpose.

Disclaimer: The lfsazsync deployment is not a supported Microsoft product you are responsible for the deployment and operation of the solution. There are updates that need applying to AMLFS that will require a Support Request to be raised through the Azure Portal. These updates could effect the stabaility of AMLFS and customer requiring the same level of SLA should speak to their Microsoft representative.

Initial Deployment

The following is required before running the lfsazsync Bicep template:

• Virtual Network


• Azure BLOB Storage Account and container (HNS is not supported)


• AMLFS deployed without HSM enabled

The lfsazsync repository contains a test/infra.bicep example to create the required resources:

To deploy, first create a resource group, e.g.

TODO: set the variables below

resource_group=

location=

az group create –name $resource_group –location $location

Then deploy into this resource group:

az deployment group create –resource-group $resource_group –template-file test/infra.bicep

Note: The bicep file has parameters for names, ip ranges etc. that should be set if you do not want the default values.

Updating the AMLFS settings

Once deployment is complete, navigate to the Azure Portal, locate the AMLFS resource and click on “New Support Request”. The following shows the suggested request to get AMLFS updated:

The lctl commands needed are listed here.

Deploying Azure BLOB Storage Synchronisation

The lfsazsync deployment sets up a single virtual machine for all tasks. The HSM copytools could be run on multiple virtual machines to increase transfer peformance. The bandwidth for archiving and retrieval is constrained to approximately half the network bandwidth available to the virtual machine. It is important to note that the same network will be utilized for both accessing the Lustre filesystem and accessing Azure Storage. This should be considered when deciding the virtual machine size. The virtual machine sizes and expected network performance is available here.

The Bicep template has the following parameters:

The SAS key can be generated using the following Azure CLI command:

# TODO: set the account name and container name below

account_name=

container_name=

start_date=$(date -u +”%Y-%m-%dT%H:%M:%SZ”)

expiry_date=$(date -u +”%Y-%m-%dT%H:%M:%SZ” –date “next month”)
az storage container generate-sas

   –account-name $account_name

   –name $container_name

   –permissions rwld

   –start $start_date

   –expiry $expiry_date

   -o tsv

The following Azure CLI command can be used to get the subnet ID:

# TODO: set the variable below

resource_group=

vnet_name=

subnet_name=

az network vnet subnet show –resource-group $resource_group –vnet-name $vnet_name –name $subnet_name –query id –output tsv

The following Azure CLI command can be used to deploy the Bicep template (as an alterative to setting environment variables, the parameters could be set in a parameters.json file):

# TODO: set the variables below

resource_group=

subnet_id=

vmsku=”Standard_D32ds_v4″

admin_user=

ssh_key=

lustre_mgs=

storage_account_name=

storage_container_name=

storage_sas_key=

ssh_port=

github_release=”v1.0.1″

os=”almalinux87″

az deployment group create

    –resource-group $resource_group

    –template-file lfsazsync.bicep

    –parameters

        subnet_id=”$subnet_id”

        vmsku=$vmsku

        admin_user=”$admin_user”

        ssh_key=”$ssh_key”

        lustre_mgs=$lustre_mgs

        storage_account_name=$storage_account_name

        storage_container_name=$storage_container_name

        storage_sas_key=”$storage_sas_key”

        ssh_port=$ssh_port

        github_release=$github_release

        os=$os

After this call completes the virtual machine will be deployed although it will take more time to install and import the metadata from Azure BLOB storage into the Lustre filesystem. The progress can be monitored by looking at the /var/log/cloud-init-output.log file on the virtual machine.

Monitoring

The install will set up three systemd services for lhsmd, robinhood and lustremetasync. The log files are located here:

• ‘lhsmd’: /var/log/lhsmd.log


• ‘robinhood’: /var/log/robinhood*.log


• ‘lustremetasync’: /var/log/lustremetasync.log

Default archive settings

The synchronisation parameters can be controlled through the Robinhood config file, /opt/robinhood/etc/robinhood.d/lustre.conf. Below are some of the default settings and their locations in the config file:

To update the config file, edit the file and then restart the robinhood service, systemctl restart robinhood.

The lustremetasync service is processing the Lustre ChangeLog continuously. Therefore, actions will happen immediately unless there is a lot of IO all at once where it may take a few minutes to catch up. The following operations will be handled:

• 
  

  Create/delete directories

  
  

  Directories are created in BLOB storage as an empty object with the name of the directory. There is metadata on this file to indicate that it is a directory. The same object is deleted when removed on the filesystem.

  
  


• 
  

  Create/delete symbolic links

  
  

  Symbolic links are create in BLOB storage as an empty object with the name of the symbolic link. There is metadata on this file to indicate that it is a symbolic link and this contains the path that it is linking to. The same object is deleted when removed on the filesystem.

  
  


• 
  

  Moving files or directories

  
  

  Moving files or directories requires everything being moved to be restored to the Lustre filesystem. The files are then marked as dirty in their new location and the existing files are deleted from BLOB storage. Robinhood will handle archiving the files again in their new location.

  
  


• 
  

  Updating metadata (e.g. ownership and permissions)

  
  

  The metadata will only be updated for archived files that isn’t modified. Modified files will have the metadata set when Robinhood updated the archived file.

  
  

References

• Azure Managed Lustre File System Documentation


• GitHub repositories
  
  
  
  • lfsazsync
  
  
  • Robinhood
  
  
  • lemur
  
  
  
  

Defender EASM – Performing a Successful Proof of Concept (PoC)

by Contributed | Nov 29, 2023 | Technology

This article is contributed. See the original author and article here.

Welcome to an introduction of the concepts and simple approach required for executing a successful Proof of Concept (PoC) for Microsoft Defender External Attack Surface Management (Defender EASM). This article will serve as a high-level guide to help you execute a simple framework for evaluating Defender EASM, and other items to consider when embarking on the journey to understand the Internet exposed digital assets that comprise your external attack surface, so you can view risks through the same lens as a malicious threat actor.

Planning for the PoC 

To ensure success, the first step is planning. This entails understanding the value of Defender EASM, identifying stakeholders who need to be involved, and scheduling planning sessions to determine use cases & requirements and scope before beginning. 

For example, one of the core benefits of the Defender EASM solution is that it provides high value visibility to Security and IT (Information Technology) teams that enables them to: 

• Identify previously unknown assets 


• Prioritize risk 


• Eliminate threats 


• Extends vulnerability and exposure control beyond the firewall 

Next, you should identify all relevant stakeholders, or personas, and schedule in 1-2 short planning sessions to document the tasks and expected outcomes, or requirements. These sessions will establish the definition of success for the PoC.  

Who are the common stakeholders that should participate in the initial planning sessions? The answer to that question will be unique to each organization, but some common personas include the following: 

• Vulnerability Management Teams 


• IT personnel responsible for Configuration Management, Patching, Asset Inventory Databases 


• Governance, Risk, & Compliance (GRC) Teams 

• (Optional) GRC aligned Legal, Brand Protection, & Privacy Teams 


• Internal Offensive Penetration Testing and Red Teams 


• Security Operations Teams 


• Incident Response Teams 


• Cyber Threat Intelligence, Hunting, and Research Teams 

Use Cases & Requirements 

Based on the scope, you can begin collaborating with the correct people to establish use cases & requirements to meet the business goals for the PoC. The requirements should clearly define the subcomponents of the overarching business goals within the charter of your External Attack Surface Management Program. Examples of business goals and high-level supporting requirements might include: 

• Discover Uknown Assets 

• Find Shadow IT 

• Discover Abandoned Assets 

• Resulting from Mergers, Acquistions, or Divestitures 


• Insufficient Asset Lifecycle Management in Dev/Test/QA Environments  

• Identification of Vulnerabilities 

• Lack of Patching or Configuration Management 

• Assignment of Ownership to Assets 

• Line of Business or Subsidiary 


• Based on Geographic Location 


• On-Prem vs Cloud 

• Reporting, Automation, and Defender EASM Data Integrations 

• Data Connector integration with Log Analytics or Kusto 

• Use of a reporting or visualization tool, such as PowerBI 


• Logic Apps to automate management of elements of your attack surface 

Prerequisites to Exit the Planning Phase 

• Completion of the Planning Phase! 


• Configure an Azure Active Directory or personal Microsoft account. Login or create an account here. 


• Set up a Free 30-day Defender EASM Trial 

– Visit the following link for information related to setting up your Defender EASM attack surface today for free. 

• Deploy & Access the Defender EASM Platform 

– Login to Defender EASM 

– Follow the deployment Quick Start Guide 

Measuring Success?

Determining how success will establish the criteria for a successful or failed PoC. Success and Acceptance Criteria should be established for each requirement identified. Weights may be applied to requirements, but measuring success can be as simple as writing out criteria as below:

Requirement: Custom Reporting

Success Criteria: As a vulnerability manager, I want to view a daily report that shows the assets with CVSSv2 and CVSSv3 scores of 10.

Acceptance Criteria:

• Data must be exported to Kusto


• Data must contain assets & CVSS (Common Vulnerability Scoring System) scores


• Dashboards must be created with PowerBI and accessible to user


• Dashboard data must be updated daily

Validation: Run a test to validate that acceptance criteria has been met.

Pass / Fail: Pass

Executing the PoC 

Implementation and Technical Validation 

We will now look at five different use cases & requirements, define the success and acceptance criteria for each, and validate that the requirements are met by observing the outcome of each in Defender EASM. 

Use Case 1: Discover Unknown Assets, Finding Shadow IT 

Success Criteria: As a member of the Contoso GRC team, I want to identify Domain assets in our attack surface that have not been registered with the official company email address we use for domain registrations.

Acceptance Criteria: 

• Defender EASM allows for searches of Domain WHOIS data that returns the “Registrant Email” field in the result set.  

Validation: 

1. Click the “Inventory” link on the left of the main Defender EASM page. 

Figure: Launch the inventory query screen

2. Execute a search in Defender EASM that excludes Domains registered with our official company email address of ‘domainadmin@constoso.com’ and returns all other Domains that have been registered with an email address that contains the email domain ‘contoso.com’.

Figure: Query for incorrectly registered Domain assets

3. Click on one of the domains in the result set to view asset details. For example, “woodgrovebank.com” domain.


4. When the asset details open and confirm that the domain ‘woodgrovebank.com’ is in the upper left corner.


5. Click on the “Whois” tab.


6. Note that this Domain asset has been registered with an email address that does not match the corporate standard (i.e., “employeeName@contoso.com”) and should be investigated for the existence of Shadow IT.

Figure: WHOIS asset details

Resources:

• Understand asset details: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/understanding-asset-details


• Domain asset filters: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/domain-asset-filters


• Understanding WHOIS:  https://en.wikipedia.org/wiki/WHOIS

Use Case 2: Abandoned Assets, Acquisitions

Success Criteria: As a member of the Contoso Vulnerability Management team, who just acquired Woodgrove Bank, I want to ensure acquired web sites using the domain “woodgrovebank.com” are redirected to web sites using the domain “contoso.com”.  I need to obtain results of web sites that are not redirecting as expected, as those may be abandoned web sites.

Acceptance Criteria:

• Defender EASM allows for search of specific initial and final HTTP (Hypertext Transfer Protocol) response codes for Page assets


• Defender EASM allows for search of initial and final Uniform Resource Locator (URL) for Page assets

Validation:

1. Run a search in Defender EASM that looks for Page assets that have:
   
   
   
   1. Initial response codes that cause HTTP redirects (i.e., “301”, “302”)
   
   
   2. Initial URLs that contain “woodgrovebank.com”
   
   
   3. Final HTTP response codes of “200”
   
   
   4. Final URL, post HTTP redirect, that do not contain “contso.com”
   
   
   
   

Figure: Query for incorrect page redirection

2. Click one of the Page assets in the result set to see the asset details.

Figure: Page asset overview

1. Validate:
   
   
   
   1.  Initial URL contains “woodgrovebank.com”
   
   
   2. Initial response code is either “301” or “301”
   
   
   3. Final URL does not contain “contoso.com”
   
   
   4. Final response code is “200”
   
   
   
   

Resources:

• Asset details summary view: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/understanding-asset-details


• Defender EASM inventory filters overview: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/inventory-filters


• Page asset filters: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/page-asset-filters


• HTTP Response Codes: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes

Use Case 3: Identification of Vulnerabilities, Lack of Patching or Configuration Management

Success Criteria: As a member of the Contoso Vulnerability Management team, I need the ability to retrieve a list of assets with high priority vulnerabilities and remediation guidance in my attack surface.

Acceptance Criteria:

• Defender EASM provides a dashboard of prioritized risks in my external attack surface


• Defender EASM provides remediation guidance for each prioritized vulnerability


• Defender EASM provides an exportable list of assets impacted by vulnerability

Validation:

1. From the main Defender EASM page, click “Attack Surface Summary” to view the “Attack Surface Summary” dashboard


2. Click the link that indicates the number of assets impacted by a specific vulnerability to view a list of impacted assets

Figure: Attack Surface Insights Dashboard

3. Validate that Defender EASM provides additional information about vulnerabilities and remediation guidance.


4. Click the link in the upper right corner titled “Download CSV report” and validate the contents within

Figure: Vulnerability remediation details

Resources:

• Understanding dashboards: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/understanding-dashboards


• Understanding CVEs: https://nvd.nist.gov/vuln

Use Case 4: Assignment of Ownership to Assets, Line of Business or Subsidiary

Success Criteria: As a member of the Contoso GRC team, I need the ability to assign ownership of assets to specific business units through, along with a mechanism to quickly visualize this relationship.

Acceptance Criteria:

• Defender EASM provides an approach to assigning ownership via labels


• Defender EASM allows users to apply labels to assets that meet specific indicators that indicate affiliation with a specific business unit


• Defender EASM provides the ability to apply labels in bulk

Validation:

1. Click the “Inventory” link on the left of the main Defender EASM page to launch the search screen


2. Run a search that returns all Page assets that are on the IP Block “10.10.10.0/24”. The Page assets on this network all belong to the Financial Services line of business, so it is the only indicator of ownership needed in this example.

Figure: Query to determine Page asset ownership by IP Block

3. Select all assets in the result set by clicking the arrow to the right of the checkbox as shown in the following image and choose the option for all assets.

Figure: Selecting assets for bulk modification

5. Click the link to modify assets, followed by the link to “Create a new label” on the blade that appears.


6. A new screen will appear that allows the creation of a label. Enter a descriptive “Label name”, an optional “Display name”, select a desired color, and click “Add” to finish creating a label.

Figure: Link to modify assets and create a label

Figure: Create label detail

7. After creating the label, you will be directed back to the screen to modify assets. Validate that the label was created successfully.


8. Click into the label text box to see a list of labels available to choose from and select the one that was just created.


9. Click “Update”

Figure: Label selected assets

10. Click the bell icon to view task notifications to validate the status of labels update.

Figure: View status of label update task

11. When the task is complete, run the search again to validate that labels have been applied to the assets owned by the Financial Services organization.

Figure: Query to validate labels have been applied to assets

Resources:

• Asset modification overview: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/labeling-inventory-assets


• Defender EASM inventory filters overview: https://learn.microsoft.com/en-us/azure/external-attack-surface-management/inventory-filters

Finishing the PoC

Summarize Your Findings

Identify how the Defender EASM solution has provided increased visibility to your organization’s attack surface in the PoC.

1. Have you discovered unknown assets related to Shadow IT?


2. Were you able to find potentially abandoned assets related to an acquisition?


3. Has your organization been able to better prioritize vulnerabilities to focus on the most severe risks?


4. Do you know have a better view of asset ownership in your organization?

Feedback?

We would love to hear any ideas you may have to improve our Defender EASM platform or where and how you might use Defender EASM data elsewhere in the Microsoft Security ecosystem or other security 3^rd party applications. Please contact us via email at mdesam-pm@microsoft.com to share any feedback you have regarding Defender EASM.

Interested in Learning About New Defender EASM Features?

 Please join our Microsoft Security Connection Program if you are not a member and follow our Private & Public Preview events. You will not have access to this exclusive Teams channel until you complete the steps to become a Microsoft Security Connection Program member. Users that would like to influence the direction/strategy of our security products are encouraged to participate in our Private Preview events. Members who participate in these events will earn credit for respective Microsoft product badges delivered by Credly.

Conclusion

You now understand how to execute a simple Defender EASM PoC, to include deploying your first Defender EASM resource, identifying common personas, how to set requirements, and measure success. Do not forget! – you can enjoy a free 30-day trial by clicking on the link below.

You can discover your attack surface discovery journey today for free.

Personal Desktop Autoscale on Azure Virtual Desktop generally available

by Contributed | Nov 28, 2023 | Technology

This article is contributed. See the original author and article here.

We are excited to announce that Personal Desktop Autoscale on Azure Virtual Desktop is generally available as of November 15, 2023! With this feature, organizations with personal host pools can optimize costs by shutting down or hibernating idle session hosts, while ensuring that session hosts can be started when needed.

Personal Desktop Autoscale

Personal Desktop Autoscale is Azure Virtual Desktop’s native scaling solution that automatically starts session host virtual machines according to schedule or using Start VM on Connect and then deallocates or hibernates (in preview) session host virtual machines based on the user session state (log off/disconnect).

The following capabilities are now generally available with Personal Desktop Autoscale:

• Scaling plan configuration data can be stored in all regions where Azure Virtual Desktop host pool objects are, including Australia East, Canada Central, Canada East, Central US, East US, East US 2, Japan East, North Central US, North Europe, South Central US, UK South, UK West, West Central US, West Europe, West US, West US 2, and West US 3. It needs to be stored in the same region as the host pool objects it will be assigned to, however, we support deploying session host virtual machines in all Azure regions.


• You can use the Azure portal, REST API, PowerShell to enable and manage Personal Desktop Autoscale.

The following capabilities are new in public preview with Personal Desktop Autoscale:

• Hibernation is available as a scaling action. With the Hibernate-Resume feature in public preview, you will have a better experience as session state persists when the virtual machine hibernates. As a result, when the session host virtual machine starts, the user will be able to quickly resume where they left off. More details of the Hibernate-Resume feature can be found here.

Getting started

To enable Personal Desktop Autoscale, you need to:

• Create a personal scaling plan.


• Define whether to enable or disable Start VM on Connect.


• Choose what action to perform after a user session has been disconnected or logged off for a configurable period of time.


• Assign a personal scaling plan to one or more personal host pools.

A screenshot of a scaling plan in Azure Virtual Desktop called “fullweek_schedule”. The ramp-down is shown as repeating every day of the week at 6:00 PM Beijing time, starting VM on Connect. Disconnect settings are set to hibernate at 30 minutes. Log off settings are set to shut down after 30 minutes.

If you want to use Personal Desktop Autoscale with the Hibernate-Resume option, you will need to self-register your subscription and enable Hibernate-Resume when creating VMs for your personal host pool. We recommend you create a new host pool of session hosts and virtual machines that are all enabled with Hibernate-Resume for simplicity. Hibernation can also work with Start VM on Connect for cost optimization.

You can set up diagnostics to monitor potential issues and fix them before they interfere with your Personal Desktop Autoscale scaling plan.

Helpful resources

We encourage you to learn more about setting up autoscale and review frequently asked questions for more details on how to use autoscale for Azure Virtual Desktop. You may also find these resources helpful:

• https://aka.ms/hibernate-resume


• Reduce Compute Costs by Pausing VMs (now in public preview)


• Microsoft Mechanics: Automated scaling, imaging & monitoring


• Azure Academy: Enabling and managing Personal Desktop Autoscale

Azure AI Health Insights: New built-in models for patient-friendly reports and radiology insights

by Contributed | Nov 27, 2023 | Technology

This article is contributed. See the original author and article here.

Azure AI Health Insights: New built-in models for patient-friendly and radiology insights

Azure AI Health Insights is an Azure AI service with built-in models that enable healthcare organizations to find relevant trials, surface cancer attributes, generate summaries, analyze patient data, and extract information from medical images.

Earlier this year, we introduced two new built-in models available for preview. These built-in models handle patient data in different modalities, perform analysis on the data, and provide insights in the form of inferences supported by evidence from the data or other sources.

The following models are available for preview:

• Patient-friendly reports model* This model simplifies medical reports and creates a patient-friendly simplified version of clinical notes while retaining the meaning of the original clinical information. This way, patients can easily consume their clinical notes in everyday language. Patient-friendly reports model is available in preview.


• Radiology insights model* This model uses radiology reports to surface relevant radiology insights that can help radiologists improve their workflow and provide better care. Radiology insights model is available in preview.

Simplify clinical reports

Patient-friendly reports is an AI model that provides an easy-to-read version of a patient’s clinical report. The simplified report explains or rephrases diagnoses, symptoms, anatomies, procedures, and other medical terms while retaining accuracy. The text is reformatted and presented in plain language to increase readability. The model simplifies any medical report, for example a radiology report, operative report, discharge summary, or consultation report.

The Patient-friendly reports model uses a hybrid approach that combines GPT models, healthcare-specialized Natural Language Processing (NLP) models, and rule-based methods. Patient-friendly reports also uses text alignment methods to allow mapping of sentences from the original report to the simplified report to make it easy to understand.

The system uses scenario-specific guardrails to detect hallucinations, omissions, and any other ungrounded content and does several steps to ensure the full information from the original clinical report is kept and no new additional information is added.

The Patient-friendly reports model helps healthcare professionals and patients consume medical information in a variety of scenarios. For example, Patient-friendly reports model saves clinicians the time and effort of explaining a report. A simplified version of a clinical report is generated by Patient-Friendly reports and shared with the patient, side by side with the original report. The patient can review the simplified version to better understand the original report, and to avoid unnecessary communication with the clinician to help with interpretation. The simplified version is marked clearly as text that was generated automatically by AI, and as text that must be used together with the original clinical note (which is always the source of truth).

Figure 1 Example of a simplified report created by the patient-friendly reports model

Improve the quality of radiology findings and flag follow-up recommendations

Radiology insights is a model that provides quality checks with feedback on errors and mismatches and ensures critical findings within the report are surfaced and presented using the full context of a radiology report. In addition, follow-up recommendations and clinical findings with measurements (sizes) documented by the radiologist are flagged.

Radiology insights inferences, with reference to the provided input that can be used as evidence for deeper understanding of the conclusions of the model. The radiology insights model helps radiologists improve their reports and patient outcomes in a variety of scenarios. For example:

• Surfaces possible mismatches. A radiologist can be provided with possible mismatches between what the radiologist documents in a radiology report and the information present in the metadata of the report. Mismatches can be identified for sex, age and body site laterality. 


• Highlights critical and actionable findings. Often, a radiologist is provided with possible clinical findings that need to be acted on in a timely fashion by other healthcare professionals. The model extracts these critical or actionable findings where communication is essential for quality care. 


• Flags follow-up recommendations. When a radiologist uncovers findings for which they recommend a follow up, the recommendation is extracted and normalized by the model for communication to a healthcare professional. 


• Extracts measurements from clinical findings. When a radiologist documents clinical findings with measurements, the model extracts clinically relevant information pertaining to the findings. The radiologist can then use this information to create a report on the outcomes as well as observations from the report. 


• Assists generate performance analytics for a radiology team. Based on extracted information, dashboards and retrospective analyses, Radiology insights provides updates on productivity and key quality metrics to guide improvement efforts, minimize errors, and improve report quality and consistency.

Figure2 Example of a finding with communication to a healthcare professional

Figure 3 Example of a radiology mismatch (sex) between metadata and content of a report with a follow-up recommendation

Get started today

Apply for the Early Access Program (EAP) for Azure AI Health Insights here.

After receiving confirmation of your entrance into the program, create and deploy Azure AI Health Insights on Azure portal or from the command line.

Figure 4 Example of how to create an Azure Health Insights resource on Azure portal

After a successful deployment, you send POST requests with patient data and configuration as required by the model you would like to try and receive responses with inferences and evidence.

Do more with your data with Microsoft Cloud for Healthcare

With Azure AI Health Insights, health organizations can transform their patient experience, discover new insights with the power of machine learning and AI, and manage protected health information (PHI) data with confidence. Enable your data for the future of healthcare innovation with Microsoft Cloud for Healthcare.

We look forward to working with you as you build the future of health.

• Learn more about Azure AI Health Insights.


• Learn more about Azure Health Data Services.


• Learn more about Microsoft Cloud for Healthcare.


• Learn more about how health companies are using Azure to drive better health outcomes.

• Learn more about Azure AI Health Insights and how to start working with this Azure resource in the Azure AI Health Insights documentation.

*Important

Patient-friendly reports models and radiology insights model are capabilities provided “AS IS” and “WITH ALL FAULTS.” Patient-friendly reports and Radiology insights aren’t intended or made available for use as a medical device, clinical support, diagnostic tool, or other technology intended to be used in diagnosis, cure, mitigation, treatment, or prevention of disease or other conditions, and no license or right is granted by Microsoft to use this capability for such purposes. These capabilities aren’t designed or intended to be implemented or deployed as a substitute for professional medical advice or healthcare opinion, diagnosis, treatment, or the clinical judgment of a healthcare professional, and should not be used as such. The customer is solely responsible for any use of Patient-friendly reports model or Radiology insights model.

A Practical Guide for Beginners: Azure OpenAI with JavaScript and TypeScript (Part 01)

by Contributed | Nov 25, 2023 | Technology

This article is contributed. See the original author and article here.

Introduction

A Practical Guide for Beginners: Azure OpenAI with JavaScript and TypeScript is an essential starting point for exploring Artificial Intelligence in the Azure cloud. This guide will be divided into 3 parts, covering: ‘How to create the Azure OpenAI Service resource,’ How to implement the model created in Azure OpenAI Studio, and finally, how to consume this resource in a Node.js/TypeScript application. This series will help you learn the fundamentals so that you can start developing your applications with Azure OpenAI Service. Whether you are a beginner or an experienced developer, discover how to create intelligent applications and unlock the potential of AI with ease.

Responsible AI

Before we start discussing Azure OpenAI Service, it’s crucial to talk about Microsoft’s strong commitment to the entire field of Artificial Intelligence. Microsoft is deeply dedicated to this topic. Therefore, Microsoft is committed to ensuring that AI is used in a responsible and ethical manner. Furthermore, Microsoft is working with the AI community to develop and share best practices and tools to help ensure that AI is used in a responsible and ethical way, thereby incorporating the six core principles, which are:

• Fairness


• Inclusivity


• Reliability and Safety


• Transparency


• Security and Privacy


• Accountability

If you want to learn more about Microsoft’s commitment to Responsible AI, you can access the link Microsoft AI Principles.

Now, we can proceed with the article!

Understand Azure OpenAI Service

Azure OpenAI Service provides access to advanced OpenAI language models such as GPT-4, GPT-3.5-Turbo, and Embeddings via a REST API. The GPT-4 and GPT-3.5-Turbo models are now available for general use, allowing adaptation for tasks such as content generation, summarization, semantic search, and natural language translation to code. Users can access the service through REST APIs, Python SDK, or Azure OpenAI Studio.

To learn more about the models available in Azure OpenAI Service, you can access them through the link Azure OpenAI Service models.

Create the Azure OpenAI Service Resource

The use of Azure OpenAI Service is limited. Therefore, it is necessary to request access to the service at Azure OpenAI Service. Once you have approval, you can start using and testing the service!

Once your access is approved, go to the Azure Portal and let’s create the Azure OpenAI resource. To do this, follow the steps below:

• Step 01: Click on the Create a resource button.

• Step 02: In the search box, type Azure OpenAI and then click Create.

• Step 03: On the resource creation screen, fill in the fields as follows:

Note that in the Pricing tier field, you can test Azure OpenAI Service for free but with some limitations. To access all features, you should choose a paid plan. For more pricing information, access the link Azure OpenAI Service pricing.

• 
  

  Step 04: Under the Network tab, choose the option: All networks, including the internet, can access this resource. and then click Next.

  
  


• 
  

  Step 05: After completing all the steps, click the Create button to create the resource.

  
  

• Step 06: Wait a few minutes for the resource to be created.

Next steps

In the next article, we will learn how to deploy a model on the Azure OpenAI Service. This model will allow us to consume the Azure OpenAI Service directly in our code.

Oh, I almost forgot to mention! Don’t forget to subscribe to my YouTube Channel! In 2023/2024, there will be many exciting new things on the channel!

Some of the upcoming content includes:

• Microsoft Learn Live Sessions


• Weekly Tutorials on Node.js, TypeScript, & JavaScript


• And much more!

If you enjoy this kind of content, be sure to subscribe and hit the notification bell to be notified when new videos are released. We already have an amazing new series coming up on the YouTube channel this week.

See you in the next article! 

MVP’s Favorite Content: SQL Server and Power Apps

by Contributed | Nov 24, 2023 | Technology

This article is contributed. See the original author and article here.

In this blog series dedicated to Microsoft’s technical articles, we’ll highlight our MVPs’ favorite article along with their personal insights.

Jungsun Kim, Data Platform MVP, Korea

SQL Server technical documentation – SQL Server | Microsoft Learn

“This article introduces various DB technologies ranging from the latest version of SQL Server, Azure SQL, Business Intelligence, to Machine Learning.”

(In Korean: SQL Server 최신 버전, Azure SQL, Business Intelligence, Machine Learning에 이르기까지 다양한 DB기술을 소개합니다.)

*Relevant Activity: I have been writing a series of articles about new features of SQL Server 2022 on my website: 김정선의 Data 이야기 (visualdb.net)

Sergio Govoni, Data Platform MVP, Italy

SQL Server encryption – SQL Server | Microsoft Learn

“Databases in a company are the place where information is stored to drive the company’s production processes. Tera of data, dozens of databases, millions of rows, the entire activity depends on this, and information security can no longer be an option, we have to think about security by design and security by default.”

*Relevant Blog:

– Encryption in your SQL Server backup strategy! | by Sergio Govoni | CodeX | Medium

– Database encryption becomes transparent with SQL Server TDE! | by Sergio Govoni | CodeX | Medium

– Advanced database encryption with SQL Server Always Encrypted! | by Sergio Govoni | CodeX | Medium

– How to manage Always Encrypted columns from a Delphi application! | by Sergio Govoni | CodeX | Medium

James Hickey, Developer Technologies MVP, Canada

SQL Server and Azure SQL index architecture and design guide – SQL Server | Microsoft Learn

“If you work with SQL Server, it’s really helpful to understand advanced information about how indexing works, memory management, etc. You’ll find tips about creating better indexes & queries and how to debug issues better.”

Inhee LEE, Business Applications MVP, Korea

Create a machine ordering app with Power Apps – Online Workshop – Training | Microsoft Learn

“This is a practical course that enables you to understand the power platform comprehensively and organically. Through the practical course, you can learn each element systematically while covering various practical aspects, making it a very suitable course for beginners and intermediate learners. I recommend this course.”

(In Korean: 파워플랫폼에 대한 전체적인 이해를 종합적이고 유기적으로 가능하게 하는 실습과정입니다. 실습과정을 통해서 실무적인 요소를 두루 다루면서도 체계적으로 하나하나 익힐 수 있어서 초보자와 중급자 모두에게 매우 적절한 실습과정이어서 추천했습니다.)

*Relevant Activity: I shared this content with a group of Facebook: Power Platform | Facebook