Deepening Well-Architected guidance for workloads hosted on Azure

Deepening Well-Architected guidance for workloads hosted on Azure

This article is contributed. See the original author and article here.

I am excited to announce a comprehensive refresh of the Well-Architected Framework for designing and running optimized workloads on Azure. Customers will not only get great, consistent guidance for making architectural trade-offs for their workloads, but they’ll also have much more precise instructions on how to implement this guidance within the context of their organization.


 


Background


Cloud services have become an essential part of the success of most companies today. The scale and flexibility of the cloud offer organizations the ability to optimize and innovate in ways not previously possible. As organizations continue to expand cloud services as part of their IT strategies, it is important to establish standards that create a culture of excellence that enables teams to fully realize the benefits of the modern technologies available in the cloud.


 


At Microsoft, we put huge importance on helping customers be successful and publish guidance that teaches every step of the journey and how to establish those standards. For Azure, that collection of adoption and architecture guidance is referred to as Azure Patterns and Practices.


 


The Patterns and Practices guidance has three main elements:



Each element focuses on different parts of the overall adoption of Azure and speaks to specific audiences, such as WAF and workload teams.


 


What is a workload?


The term workload in the context of the Well-Architected Framework refers to a collection of application resources, data, and supporting infrastructure that function together towards a defined business goal.


brauerblogs_0-1699799318946.png


 


 


Well-architected is a state that is achieved and maintained through design and continuous improvement. You optimize through a design process that results in an architecture that delivers what the business needs while minimizing risk and expense.


 


For us, the workload standard of excellence is defined in the Well-architected Framework – a set of principles, considerations, and trade-offs that cover the core elements of workload architecture. As with all of the Well-architected Framework content, this guidance is based on proven experience from Microsoft’s customer-facing technical experts. The Well-architected Framework continues to receive updates from working with customers, partners, and our technical teams. 


 


Today we have published updates across each of the core pillars of WAF which represent a huge amount of experience and learning from across Microsoft.


 


The refreshed and expanded Well-Architected Framework brings together guidance to help workload teams design, build, and optimize great workloads in the cloud. It is intended to shape discussions and decisions within workload teams and help create standards that should be applied continuously to all workloads.


 


Details of the refreshed Well-Architected Framework


Over the past six months, Microsoft’s cloud solution architects refreshed the Well-Architected Framework by compiling the learnings and experience of over 10,000 engagements that had leveraged the WAF and its assessment.


 


All five pillars of the Well-Architected Framework now follow a common structure that consists exclusively of design principles, design review checklists, trade-offs, recommendation guides, and cloud design patterns.


brauerblogs_1-1699799409019.png


 


Design principles. Presents goal-oriented principles that build a foundation for the workload. Each principle includes a set of recommended approaches and the benefits of taking those approaches. The principles for each pillar have changed in terms of content and coverage.



Design review checklists. Lists roughly codified recommendations that drive action. Use the checklists during the design phase of your new workload and to evaluate brownfield workloads.



brauerblogs_2-1699799567855.png


Trade-offs. Describes tradeoffs with other pillars. Many design decisions force a tradeoff. It’s vital to understand how achieving the goals of one pillar might make achieving the goals of another pillar more challenging.



Recommendation guides. Every design review checklist recommendation is associated with one or more guides. They explain the key strategies to fulfill that recommendation. They also include how Azure can facilitate workload design to help achieve that recommendation. Some of these guides are new, and others are refreshed versions of guides that cover a similar concept.


The recommendation guides include trade-offs along with risks.



  • This icon indicates a trade-off: brauerblogs_4-1699799668144.png

  • This icon indicates a risk: brauerblogs_5-1699799668145.png

     




brauerblogs_3-1699799637074.png


Cloud design patterns. Build your design on proven, common architecture patterns. The Azure Architecture Center maintains the Cloud Design Patterns catalog. Each pillar includes descriptions of the cloud design patterns that are relevant to the goals of the pillar and how they support the pillar.


 


brauerblogs_6-1699799713813.png


The Well-Architected Review assessment has also been refreshed. Specifically, the “Core Well-Architected Review” option now aligns to the new content structure in the Well-Architected Framework. Every question in every pillar maps to the design review checklist for that pillar. All choices for the questions correlate to the recommendation guides for the related checklist item.


 


Using the guidance


The Well-architected Framework is intended to help workload teams throughout the process of designing and running workloads in the cloud.


 


Here are three key ways in which the guidance can help your team be successful:



  1. Use the Well-architected Framework as the basis for your organization’s approach to designing and improving cloud workloads.

  2. Establish the concept of achieving and maintaining a state of well-architected as a best practice for all workload teams

  3. Regularly review each workload to find opportunities to optimize further – use learnings from operations and new technology capabilities to refine elements such as running costs, or attributes aligned to performance, reliability, or security


 


To learn more, see the new hub page for the Well-Architected Framework: aka.ms/waf


 


Dom Allen has also created a great, 6-minute video on the Azure Enablement Series


 

Refresh the Sales experience with Dynamics 365 Sales modern update

Refresh the Sales experience with Dynamics 365 Sales modern update

This article is contributed. See the original author and article here.

Sellers need to navigate large amounts of information to better engage with customers. It’s imperative that they can do that with ease. With the world becoming much more technology aware, sales people expect the business applications they use to be as easy to engage as an app they use in their personal life. 

Well, we have some good news for you: the modern, refreshed look for model-driven apps is now generally available! 

The modern update is a new design option that gives your model-driven apps such as Dynamics 365 Sales a sleek and modern appearance, with improved readability, accessibility, and usability. It also aligns with the Fluent Design System, Microsoft’s design language for creating harmonious and engaging experiences across devices and platforms. 

The features and benefits of the modern update include: 

  • Updated read-only style with a lock icon to indicate non-editable fields. 
  • Updated option set, date time, and duration fields with new Fluent drop-down and combo box controls. 
  • Updated dashboards with a new command bar and integrated sub grids that use the new Power Apps grid control. 
  • Customizable app header colors to match your organizational branding. 
  • A new feature toggle in the header that lets end users try the new look and switch back at any time. 

We understand that each organization has its own nuances and may need more control over the look and feel of the application. They also need added flexibility to switch between different styles according to preference. The modern update is an opt-in feature that does not affect your existing apps or customizations. You can try the new look, by turning on the toggle in the top header bar. 

graphical user interface, application
Try the new modern update by turning on the toggle in the top header bad (highlighted red rectangle)

As soon as you do that, your app will convert into the new look. You can go back to the classic look by turning off the toggle. 

graphical user interface, text, application, email
Revert to the classic look by turning off the toggle (highlighted red rectangle)

We plan to make the new look as default experiences in the upcoming releases. As we are constantly improving the system based on your input and suggestions, please share your feedback with us.

You can read more about these changes in this blog from the PowerApps team: Modern, refreshed look for model-driven apps is generally available (GA) | Microsoft Power Apps 

Next steps:

Learn more about the modern look: Modern, refreshed look for model-driven apps – Power Apps | Microsoft Learn. 

Not yet a Dynamics 365 Sales customer? Take a tour and start your free trial today

The post Refresh the Sales experience with Dynamics 365 Sales modern update appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Service Delivery Manager Profile: Meiko Lopez

Service Delivery Manager Profile: Meiko Lopez

This article is contributed. See the original author and article here.

v:* {behavior:url(#default#VML);}
o:* {behavior:url(#default#VML);}
w:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}

Meiko Lopez
Normal
Joe Cicero
2
277
2023-11-09T21:37:00Z
2023-11-09T21:37:00Z
3
719
4101
34
9
4811
16.00

0x010100A389A42144AF8541BAAFF21480674075

Clean
Clean

false

false
false
false

EN-US
JA
AR-SA

JoeCicero_1-1699565946859.png

 


Service Delivery Manager Profile: Meiko Lopez



Defender Experts for XDR



 



“Be steadfast in the truth – providing comfort and assurance to the customers that you will help them to a resolution.”


-Meiko Lopez, Sr. Product Manager


 



 





In the dynamic world of cybersecurity, heroes emerge to safeguard our customers’ digital realm. One such hero is Meiko Lopez, a senior product manager within Microsoft’s service delivery arm for the Defender Experts for XDR service. With almost 13 years of experience at Microsoft, Meiko brings a wealth of knowledge, skills, and a unique approach to the cybersecurity landscape.


 


Who is Meiko Lopez?


Meiko (pronounced mee-ko) Lopez introduces herself: “My name is Meiko Lopez, and I am a service delivery manager (SDM) for the Microsoft Defender Experts for XDR service.” Her journey at Microsoft has been nothing short of extraordinary.


 


What did you do before becoming an SDM?


Meiko’s journey at Microsoft is a testament to her dedication and versatility. She started as a technical account manager, now known as a customer success account manager. In this role, she served as a “Cyber Champ,” assisting enterprise customers in crafting and executing their IT strategies and aligning them with Microsoft’s solutions. Her early experiences also included roles as a project manager, where she helped customers recover and rebuild their infrastructure after cybersecurity breaches, enhancing their security posture for the long term.


 


Meiko’s transition to a cyber architect role further showcased her technical prowess and leadership. Through these diverse roles, she developed a strong network of partnerships and honed both her business acumen and technical skills. These experiences have enabled her to help customers reach new heights in their cybersecurity journey.


 


What is your typical “day in the life” of an SDM?


Meiko’s day as an SDM is filled with activities aimed at enhancing customer satisfaction and service performance. She conducts operational syncs with her customers, discussing service health and alignment with their business objectives. These discussions also serve as an avenue for collecting feedback and suggestions for operational, technical, and relationship improvements.


 


In addition to customer interactions, Meiko collaborates with other product managers to share customer feedback and prioritize needs. She engages with her team members on various initiatives that enhance visibility both inside and outside their organization, making the Defender Experts for XDR service even more powerful. Her day wraps up by inputting insights from various stakeholders to track backlog items that ultimately improve the service.


 


How do you customize your approach for each customer?


Meiko’s success lies in her ability to customize her partnership with each customer. She takes the time to understand their unique business and operational context. She reviews notes from past conversations, connects with internal stakeholders aligned to the customer, and reviews Defender Experts operational insights to identify areas that will demonstrate value during their discussions. Active engagement with the team of analysts also provides a deeper understanding of the customer’s environment and how they can improve technically.


 


How do you balance technical expertise with the human element?


In the world of cybersecurity, balancing technical expertise with the human element is paramount. Meiko emphasizes the importance of empathy in high-stakes situations. She believes that technical understanding, coupled with the ability to convey information effectively to the appropriate audience, is the key to success. Communication is the linchpin that ensures resolution and instills confidence in customers.


 


Meiko’s advice to those aspiring to enter the cybersecurity field is simple yet powerful: “Go for it. Gain the foundation and grow from there. There are so many facets of cybersecurity that the possibilities are endless. Network and connect with those in cybersecurity to get a first-hand account of what your future could entail. Find what works best for you.”


 


What are some of your unique strengths and qualities?


Beyond her technical skills, Meiko’s unique strengths and qualities benefit her customers in cybersecurity. She’s known for her personable nature, which fosters trust and credibility. In the cybersecurity space, trust is everything, and Meiko’s ability to connect with others has proven invaluable. Her calm demeanor in critical situations provides assurance to customers that they have a dedicated and dependable ally in their corner.


 


Meiko Lopez’s journey is a testament to the diverse opportunities and paths within the cybersecurity field, and her commitment to excellence serves as an inspiration for those entering this dynamic and vital field.



Read Excel File from SharePoint Online and create Records in Dataverse | Power Automate Flow

Read Excel File from SharePoint Online and create Records in Dataverse | Power Automate Flow

One of the most common scenarios is to be able to pick an Excel spreadsheet from a SharePoint Document location and create records in Dataverse. There are several ways to do this. But, one of the most common scenarios could be to use Power Automate Flow and use Excel Online and SharePoint Online connectors to … Continue reading Read Excel File from SharePoint Online and create Records in Dataverse | Power Automate Flow

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Check This Out! (CTO!) Guide (October 2023)

Check This Out! (CTO!) Guide (October 2023)

This article is contributed. See the original author and article here.

 


Hi everyone! Brandon Wilson here once again with this month’s “Check This Out!” (CTO!) guide.


These posts are only intended to be your guide, to lead you to some content of interest, and are just a way we are trying to help our readers a bit more, whether that is learning, troubleshooting, or just finding new content sources! We will give you a bit of a taste of the blog content itself, provide you a way to get to the source content directly, and help to introduce you to some other blogs you may not be aware of that you might find helpful.


From all of us on the Core Infrastructure and Security Tech Community blog team, thanks for your continued reading and support!


 


BrandonWilson_2-1699749666866.png


 


 


Title: Click Through Demo for Windows Server 2012 Extended Security Updates Enabled by Azure Arc


Source: Azure Arc


Author: Dan Richardson


Publication Date: 10/9/2023


Content excerpt:


As many of you know, Windows Server 2012 is reaching end-of-support (EoS) on October 10, 2023. Extended Security enabled by Azure Arc is the best way for customers to get trusted security updates and benefit from cloud capabilities including discovery, management, and patching, all in one offering.


 


BrandonWilson_3-1699749684490.png


 


 


Title: Azure Provides Enhanced Security Awareness with Ubuntu Pro


Source: Azure Compute


Author: Maulik Shah


Publication Date: 10/12/2023


Content excerpt:


Bad actors can expose a new security vulnerability to initiate a DDoS attack on a customer’s infrastructure. This attack is leveraged against servers implementing the HTTP/2 protocol. Windows, .NET Kestrel, and HTTP .Sys (IIS) web servers are also impacted by the attack. Azure Guest Patching Service keeps customers secure by ensuring the latest security and critical updates are applied using Safe Deployment Practices on their VM and VM Scale Sets.  


 


BrandonWilson_4-1699749699296.png


 


 


Title: Azure Monitor Baseline Alerts (AMBA) for Azure landing zone (ALZ) is Generally Available (GA)!


Source: Azure Governance and Management


Author: Paul Grimley


Publication Date: 10/6/2023


Content excerpt:


Some of you may recall back in June we posted a blog introducing AMBA and since then we’ve received a huge amount of interest and adoption in its use as well as hearing from you on what you needed to be able to use AMBA in your environment.


We’ve made significant investment and progress in addressing feedback and fixes and I’m pleased to announce the AMBA pattern for ALZ is now GA! As part of GA we’re also integrating the recommended alerts into the ALZ Azure Portal reference implementation for new deployments (please visit https://aka.ms/alz/portal) with Bicep and Terraform support planned in the near future.


 


BrandonWilson_5-1699749708623.png


 


 


Title: Optimize your Cloud investment with new Azure Advisor Workbooks


Source: Azure Governance and Management


Author: Antonio Ortoll


Publication Date: 10/10/2023


Content excerpt:


Everyone is under pressure to cut costs these days. But in times of economic flux, it’s not just about cutting costs. A successful approach lies in the ability to continuously optimize and prioritize what matters most to drive innovation, productivity, and agility and to realize an ongoing cycle of growth and innovation. Reinvestment opens the opportunity to maintain momentum when everyone else is seeking to downsize – that’s the competitive advantage optimization offers your business.  


 


BrandonWilson_6-1699749720919.png


 


 


Title: Announcing AuthorizationResources in Azure Resource Graph


Source: Azure Governance and Management


Author: Snaheth Thumathy


Publication Date: 10/16/2023


Content excerpt:


We are excited to announce support for Azure RBAC resources in Azure Resource Graph (ARG) via the AuthorizationResources table! You can query your Role Assignments, Role Definitions, and Classic Admins resources. With this table, you’ll be able to quickly answer questions such as “how many users are using a role definition?” or “how many role assignments are used?” or “how many role definitions are used?”. Then, you can act on the results to clean up unused role definitions, remove redundant role assignments, or optimize your existing role assignments using AAD Groups. 


 


BrandonWilson_7-1699749731256.png


 


 


Title: Built-in Azure Monitor alerts for Azure Site Recovery is now in public preview


Source: Azure Governance and Management


Author: Aditya Balaji


Publication Date: 10/29/2023


Content excerpt:


We are happy to share that built-in Azure Monitor alerts for Azure Site Recovery is now in public preview.


With this integration, Azure Site Recovery users will now have:



  • A way to route notifications for alerts to any of the destinations supported by Azure Monitor – which includes email, ITSM, Webhook, Functions etc.

  • An alerting experience for Azure Site Recovery which is consistent with the alerting experience currently available for many other Azure resource types.

  • Enhanced flexibility in terms of choosing which scenarios to get notified for, ability to suppress notifications during planned maintenance windows, and so on.


 


BrandonWilson_8-1699749741425.png


 


 


Title: Announcing General Availability: Azure Change Tracking & Inventory using Azure Monitor agent (AMA)


Source: Azure Governance and Management


Author: Swati Devgan


Publication Date: 10/31/2023


Content excerpt:


We are excited to announce the general availability to configure Azure Change Tracking & Inventory using the Azure Monitor agent (AMA)


The Change Tracking and Inventory service tracks changes to Files, Registry, Software, Services and Daemons and uses the MMA (Microsoft Monitoring Agent)/OMS (Operations Management Suite) agent.


 


BrandonWilson_9-1699749746457.png


 


 


Title: Step-by-Step Guide: Setting up Custom Domain for Azure Storage Account with HTTPS Only Enabled


Source: Azure PaaS


Author: Zoey Lan


Publication Date: 10/3/2023


Content excerpt:


If you are using Azure Storage to host your website, you might want to enable HTTPS Only to ensure secure communication between the client and the server. However, setting up a custom domain with HTTPS Only enabled can be a bit tricky. In this blog, we will guide you through the step-by-step process of setting up a custom domain for your Azure Storage account with HTTPS Only enabled. 


 


BrandonWilson_10-1699749757230.png


 


 


Title: How to Restrict User Visibility of File Share, Queue, and Table Storage Service


Source: Azure PaaS


Author: Sourabh Jain


Publication Date: 10/13/2023


Content excerpt:


Suppose you have a specific requirement wherein the user should not have access to view the File Share, Queue, and Table Storage Services Data. The user should only be able to access and view the containers within the storage account. In this blog, we will delve into the methods and techniques to fulfil this requirement. 


 


BrandonWilson_11-1699749766206.png


 


 


Title: Unlocking Azure Secrets: Using Identities for Key Vault Access


Source: Core Infrastructure and Security


Author: Joji Varghese


Publication Date: 10/2/2023


Content excerpt:


Azure Key Vault is essential for securely managing keys, secrets, and certificates. Managed Identities (MI) allow Azure resources to authenticate to any service that supports Azure AD authentication without any credentials in your code.  For those looking to swiftly test Managed Identities for Azure Key Vault access from a Virtual Machine, this blog provides step-by-step implementation details. We will delve into both User Assigned Managed Identity (UAMI) and System Assigned Managed Identity (SAMI), helping you determine the best approach for your needs.


 


BrandonWilson_12-1699749772564.png


 


 


Title: Mobile Application Management on Windows 11


Source: Core Infrastructure and Security


Author: Atil Gurcan


Publication Date: 10/4/2023


Content excerpt:


Intune is very well known for its ability to manage both devices (aka. MDM) and applications (aka.MAM). The core difference between these two options lies back to the level of management that companies require, or employees accept.


While MDM is seen an appropriate way to manage company-owned devices or a full zero trust environment; MAM is useful when a company wants to make sure employees can use their personal devices to run applications that access to company data, and limit what can be done with that data. From that perspective, it can improve zero trust posture of a company as well; making sure that applications used to access certain data such as the company data complies with certain criteria, that is defined in the application protection policy.


 


BrandonWilson_13-1699749780560.png


 


 


Title: Quick-Start Guide to Azure Private Endpoints with AKS & Storage


Source: Core Infrastructure and Security


Author: Joji Varghese


Publication Date: 10/9/2023


Content excerpt:


Azure Private Endpoints (PE) offer a robust and secure method for establishing connections via a private link. This blog focuses on utilizing PEs to link a Private Azure Kubernetes Service (AKS) cluster with a Storage account, aiming to assist in quick Proof-of-Concept setups. Although we spotlight the Storage service, the insights can be seamlessly applied to other Azure services.


 


BrandonWilson_14-1699749787114.png


 


 


Title: Defender Definition Updates with ConfigMgr – Part 2 – How to set it up


Source: Core Infrastructure and Security


Author: Stefan Röll


Publication Date: 10/16/2023


Content excerpt:


Here is Part 2 of my Blog Defender Definition Updates with ConfigMgr – Part 1 – Learnings from the Field


Currently Defender Definition Updates are called Security Intelligence Update for Windows Defender Antivirus. To keep it consistent with Part 1 of my Blog, I will keep calling them Definition Updates – The updates that are released multiple times per day.


 


BrandonWilson_15-1699749795905.png


 


 


Title: Service Endpoints vs Private Endpoints


Source: Core Infrastructure and Security


Author: Khushbu Gandhi


Publication Date: 10/24/2023


Content excerpt:


For a long time, if you were using the multi-tenant, PaaS version on many Azure services, then you had to access them over the internet with no way to restrict access just to your resources. This restriction was primarily down to the complexity of doing this sort of restrictions with a multi-tenant service. At that time, the only way to get this sort of restriction was to look at using single-tenant solutions like App Service Environment or running service yourself in a VM instead of using PaaS.


 


BrandonWilson_16-1699749803366.png


 


 


Title: Calling Azure Resource APIs from Power Automate Using Graph Explorer


Source: Core Infrastructure and Security


Author: Werner Rall


Publication Date: 10/31/2023


Content excerpt:


In today’s fast-paced technological landscape, cloud integration and automation have ascended as twin pillars of modern business efficiency. Microsoft’s Azure and Power Automate are two titans in this arena, each offering a unique set of capabilities. But what if we could marry the vast cloud resources of Azure with the intuitive workflow automation of Power Automate? In this article, we’ll embark on a digital journey to explore how you can seamlessly call Azure Resource APIs from Power Automate, unlocking new vistas of potential for your business processes. Whether you’re an Azure aficionado, a Power Automate pro, or someone just stepping into the cloud, strap in and let’s dive deep into this integration!


 


BrandonWilson_17-1699749810389.png


 


 


Title: Wired for Hybrid What’s New in Azure Networking September 2023 Edition


Source: ITOps Talk


Author: Pierre Roman


Publication Date: 10/16/2023


Content excerpt:


Azure Networking is the foundation of your infrastructure in Azure. Each month we bring you an update on What’s new in Azure Networking.


In this blog post, we’ll cover what’s new with Azure Networking in September 2023.  In this blog post, we will cover the following announcements and how they can help you.



  • Gateway Load Balancer IPv6 Support

  • Sensitive Data Protection for Application Gateway Web Application Firewall

  • Domain fronting update on Azure Front Door and Azure CDN

  • New Monitoring and Logging Updates in Azure Firewall


 


BrandonWilson_18-1699749817562.png


 


 


Title: What’s new in Microsoft Entra


Source: Microsoft Entra (Azure AD)


Author: Shobhit Sahay


Publication Date: 10/2/2023


Content excerpt:


Microsoft has recently introduced a range of new security tools and features for the Microsoft Entra product family, aimed at helping organizations improve their security posture. With the ever-increasing sophistication of cyber-attacks and the increasing use of cloud-based services and the proliferation of mobile devices, it is essential that organizations have effective tools in place to manage their security scope.


Today, we’re sharing the new feature releases for the last quarter (July – September 2023) and the change announcements (September 2023 change management train). We also communicate these changes on release notes and via email. We’re continuing to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center as well.


 


BrandonWilson_19-1699749824688.png


 


 


Title: Just-in-time access to groups and Conditional Access integration in Privileged Identity Management


Source: Microsoft Entra (Azure AD) 


Author: Joseph Dadzie


Publication Date: 10/2/2023


Content excerpt:


As part of our mission to enable customers to manage access with least privilege, we’re excited to announce the general availability of two additions to Microsoft Entra Privileged Identity Management (PIM): PIM for Groups and PIM integration with Conditional Access.


 


BrandonWilson_20-1699749832526.png


 


 


Title: Step-by-Step Guide to Identify Inactive Users by using Microsoft Entra ID Governance Access Reviews


Source: Microsoft Entra (Azure AD)


Author: Dishan Francis


Publication Date: 10/10/2023


Content excerpt:


Within an organization, inactive user accounts can persist for various reasons, including former employees, service providers, and service accounts associated with products or services. These accounts may remain inactive temporarily or for extended periods. If an account remains inactive for 90 days or more, it is more likely to remain inactive. It’s crucial to periodically review these inactive accounts and eliminate any that are unnecessary. Microsoft Entra ID Governance Access Reviews now offers the capability to detect inactive accounts effectively. 


 


BrandonWilson_21-1699749840579.png


 


 


Title: Microsoft Graph Activity Log is Now Available in Public Preview


Source: Microsoft Entra (Azure AD)


Author: Kristopher Bash


Publication Date: 10/13/2023


Content excerpt:


Today we’re excited to announce the public preview of Microsoft Graph Activity Logs. Have you wondered what applications are doing with the access you’ve granted them? Have you discovered a compromised user and hoped to find out what operations they have performed? If so, you can now gain full visibility into all HTTP requests accessing your tenant’s resources through the Microsoft Graph API.


 


BrandonWilson_22-1699749849889.png


 


 


Title: Entra ID now enables you to receive emails in your preferred language


Source: Microsoft Entra (Azure AD)


Author: Jairo Cadena


Publication Date: 10/17/2023


Content excerpt:


We have received feedback from you—our customers—about the need to have user level language localization. We understand that users would like to receive notifications that have their text adapted to their local language, customs, and standards. 


We have added logic to check multiple places for language information to make the best possible choice for what language we should send an email in, and these changes are now generally available for Privileged Identity Management, Access Reviews and Entitlement Management.


 


BrandonWilson_23-1699749854882.png


 


 


Title: Windows Local Administrator Password Solution with Microsoft Entra ID now Generally Available!


Source: Microsoft Entra (Azure AD)


Author: Sandeep Deo


Publication Date: 10/23/2023


Content excerpt:


Today we’re excited to announce the general availability of Windows Local Administrator Password Solution (LAPS) with Microsoft Entra ID and Microsoft Intune. This capability is available for both Microsoft Entra joined and Microsoft Entra hybrid joined devices. It empowers every organization to protect and secure their local administrator account on Windows and mitigate any Pass-the-Hash (PtH) and lateral traversal type of attacks. 


Since our public preview announcement in April 2023, we’ve continued to see significant growth in deployment and usage of Windows LAPS across thousands of customers and millions of devices. Thank you!  


 


BrandonWilson_24-1699749864452.png


 


 


Title: Delegate Azure role assignment management using conditions


Source: Microsoft Entra (Azure AD)


Author: Stuart Kwan


Publication Date: 10/25/2023


Content excerpt:


Were excited to share the public preview of delegating Azure role assignment management using conditions. This preview gives you the ability to enable others to assign Azure roles but add restrictions on the roles they can assign and who they can assign roles to. 


 


BrandonWilson_25-1699749871594.png


 


 


Title: New security capabilities of Event Tracing for Windows


Source: Windows IT Pro


Author: Jose Sua


Publication Date: 10/11/2023


Content excerpt:


Elevate your security with improved Event Tracing for Windows (ETW) logs. Now you can know who initiated the actions for each device to aid in threat detection and analysis. Whether you’re in cybersecurity, IT, performance, or software development, diagnosing cybersecurity threats has never been easier. In this article, get ready to:



  • Learn about Windows event tracing.

  • Find new security-related information on a Windows device.

  • Interpret security-related events.


 


BrandonWilson_26-1699749882938.png


 


 


Title: The evolution of Windows authentication


Source: Windows IT Pro


Author: Matthew Palko


Publication Date: 10/11/2023


Content excerpt:


As Windows evolves to meet the needs of our ever-changing world, the way we protect users must also evolve to address modern security challenges. A foundational pillar of Windows security is user authentication. We are working on strengthening user authentication by expanding the reliability and flexibility of Kerberos and reducing dependencies on NT LAN Manager (NTLM).


Kerberos has been the default Windows authentication protocol since 2000, but there are still scenarios where it can’t be used and where Windows falls back to NTLM. Our team is building new features for Windows 11, Initial and Pass Through Authentication Using Kerberos (IAKerb) and a local Key Distribution Center (KDC) for Kerberos, to address these cases. We are also introducing improved NTLM auditing and management functionality to give your organization more insight into your NTLM usage and better control for removing it.


 


BrandonWilson_27-1699749891167.png


 


 


Title: Windows passwordless experience expands


Source: Windows IT Pro


Author: Sayali Kale


Publication Date: 10/23/2023


Content excerpt:


The future is passwordless. Microsoft has an ongoing commitment with other industry leaders to enable a world without passwords. Today, we are excited to announce an improved Windows passwordless experience to organizations starting with the September 2023 update for Windows 11, version 22H2.


 


BrandonWilson_28-1699749898579.png


 


 


Title: What’s new for IT pros in Windows 11, version 23H2


Source: Windows IT Pro


Author: Harjit Dhaliwal


Publication Date: 10/31/2023


Content excerpt:


When you update devices running Windows 11, version 22H2 to version 23H2, you’ll get the capabilities we have delivered as part of continuous innovation, including those announced in September, enabled by default. These include:…


 


BrandonWilson_29-1699749905934.png


 


 


 


 


 


Previous CTO! Guides:



 


Additional resources:



 

Best Practices for Offline Mode in the Field Service mobile app – Part 3

Best Practices for Offline Mode in the Field Service mobile app – Part 3

This article is contributed. See the original author and article here.

Advanced Configuration

In this final part of the Field Service Mobile offline blog series, we will discuss some of the more advanced configuration and recommendations for IT pros and partners to get the most out of their offline application. 

Learn more about the offline user experience in Part 1

Learn more about best practices and configuration in Part 2

Limit relationships to avoid slow-running data queries. 

In addition to limiting data being downloaded, it is also important to limit the complexity of expensive SQL queries that are run to fetch that data. Gains realized by reducing data can be offset by complex queries which take longer run on the server. The following best practices can be considered when defining relationships: 

  • If your data model includes several levels of relationships generating multiple joins across tables, consider using simple filters like ‘all records’; it can be faster to download more data up front as part of the one-time initial sync so more frequent delta syncs will be faster without the complex queries.
  • If using time-based filters to reduce records, it is recommended to use time ranges with fixed boundaries. For the most efficient sync experience, you could include fixed time window of last month, current month and next month. If requiring more dynamic time-based filtering, filter using Created on in the last N-days. Using these filtering techniques will help support downloading only recent, relevant data for the Frontline Worker. 
  • Avoid using both custom data filters and selecting relationships on the same table. This will result in complex queries impacting performance.

NOTE: Be aware that using a custom filter creates an OR with relationships, and each relationship creates as an OR as well.

  • Avoid self-joins, where a table is making a circular reference with the same table within customer filters. 
  • If using time-based calendar items that result in downloading many related records and files, consider reducing that time window to reduce total data download

Leveraging ODATA to view Offline Profile configuration. 

Makers may be able to better evaluate joins and complexity of their offline profile by viewing those joins directly via API. The following APIs can be used to view details of the offline profile. 

OData call used to return JSON of the mobile offline profile showing profile filters.

This is the fetch xml for offline profile items for any entity within the profile. This could be used to inspect the complexity and relationships. 

NOTE: For the snippets below

  • {orgurl} is your CRM organization URL 
  • {profileID} is the GUID for your mobile offline profile 
  • {entityname} the logical name of your entity 
  • {entitysetname} is the plural name you assign for your entity (must be lower case) 
  • {fetchXml}: Return value from your get filter ODATA call 

To get started you can locate your profile id leveraging:

https://{orgurl}/api/data/v9.0/mobileofflineprofiles?$select=name,mobileprofileid

To fetch the profile items and filters: 

https://{orgurl}/api/data/v9.0/mobileofflineprofileitemfilters?$filter=_mobileofflineprofileid_value eq ‘{profileID}’ and returnedtypecode eq '{entityname}' and type eq 2&$select=fetchXml,returnedtypecode 

To get the ODATA to test FetchXML for an entity you are including in your profile:

https://{orgurl}/api/data/v9.1/{entitysetname}?fetchXml={fetchXml} 

OData call to find the number of users assigned to a profile.

NOTE: This does not apply to role-based access to profile/apps

https://{orgurl}api/data/v9.0/usermobileofflineprofilememberships?$filter=_mobileofflineprofileid_value eq {profileID}&$count=true 

Understanding Application data & schema changes and their impact on Offline Sync 

The offline sync client uses Dataverse change tracking to find updated records to download. Even a minor change to one column will trigger the re-download of the entire record. Watch out for processes that automatically update many records on a frequent basis as this will lead to longer synchronization times. 

Similarly, when the schema of a data table changes, the offline sync client will re-download records in that table to ensure that no data is missed. Whenever possible, avoid schema changes to offline-enabled tables. When schema changes are required, group them together in a single release or solution update so that data is only re-downloaded for each table one time. 

Leverage “online light up” for edge cases, or scenarios that may not require offline access. 

There are some scenarios where offline access may not be necessary. An example of this may be iOT data which is only a live feed from a connected device that is only accessible online.  

In these cases, you can include that table as part of the user experience in the application, but not include it in the mobile offline profile. By doing so, the views for that table will be accessible to the Field Service Mobile users only when the network is available. 

Leveraging online light up for online-only scenarios helps to reduce data which would otherwise need to be synchronized to the device. It is a great way to meet business needs for uncommon or edge-case scenarios without having to download more data for standard business scenarios that must function offline.  

For standard out of the box forms and views this works without additional logic. When implementing customizations which are intended to be online-only, please refer to Xrm.WebApi (Client API reference) in model-driven apps – Power Apps | Microsoft Learn

Conclusion

This concludes our 3-part blog series on getting the best of your Dynamics 365 Field Service mobile application setup. If there are new enhancement suggestions, it is recommended to submit those asks via the Field Service Mobile Ideas portal: Field Service Mobile – Ideas. This will allow the product team to evaluate new requests and plan for future product release waves. 

And for more best practices, please refer to Platform Offline Best Practices for further offline guidance.  

The post Best Practices for Offline Mode in the Field Service mobile app – Part 3 appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Microsoft at PASS Data Community Summit 2023!

Microsoft at PASS Data Community Summit 2023!

This article is contributed. See the original author and article here.

 


t’s gearing up to be an exciting week November 14th – 17th as we prepare for this year’s Microsoft Ignite and PASS Data Summit all happening at once! While across the way we’ll be sharing the latest from Microsoft all up, taking place at the Convention Center. We’re excited to be with our community digging into all things data. We’re back as premier sponsors together with our partners at Intel.  With over 30+ sessions we’ll cover everything from ground to the cloud, with SQL Server, Azure SQL, all the way up to powering analytics for your data with Microsoft Fabric. This year, we’ll also bring in our developer community with sessions covering our solutions for open-source database, PostgreSQL.


 


We hope you’ll join us to “Connect, Share and Learn” alongside the rest of your peers at the PASS community. The official event kicks off with our keynote Wednesday morning with Shireesh Thota Vice President of Azure Databases who’s been hard at work getting ready for the event:


https://twitter.com/AzureSQL/status/1720185734689079787 


 


Below you’ll find just some of the highlights happening at this year’s PASS Summit:


 


Pre-Cons


Monday: The Cloud Workshop for the SQL DBA


Bob Ward


This workshop will provide a technically led driven approach to translating your knowledge and skills from SQL Server to Azure SQL. You will experience an immersive look at Azure SQL including hands-on labs, no Azure subscription required.


 


Tuesday: Azure SQL and SQL Server: All Things Developers


Brian Spendolini, Anagha Todalbagi


In this workshop, we’ll dedicate a full day to deep diving into each one of these new features such as JSON, Data API builder, calling REST endpoints, Azure function integrations and much more, so that you’ll learn how to take advantage of them right away. Also being covered:



  • Understand the use cases

  • Gain practical knowledge that can be used right away


 


Keynote


Wednesday:
Shireesh Thota, Vice President of Azure Join Microsoft’s Shireesh Thota and Microsoft engineering leaders for a keynote delivered live from Seattle. We’ll showcase how the latest from Microsoft across databases, analytics, including the recently announced Fabric, seamlessly integrate to accelerate the power of your data.


 


General Sessions


30+ more sessions over three days: Check them all out here.
From SQL Server to Azure SQL and analytics and governance, Microsoft’s experts will bring the latest product develops to help you build the right data platform to solve your business needs.


 


Connect, Grow, Learn with us!


As a special offer from Microsoft, enter the code AZURE150 at checkout to receive $150 off on the 3-Day conference pass (in-person).


SQL Server: 30 and thriving!


Already registered? Pop on by opening night as we say Happy Birthday SQL Server!


Govanna_0-1699578230172.png


 


Register today at https://passdatacommunitysummit.com/ 


 


See you there!


 


 


 

Performance and Storage Improvements Coming to Financial Dimensions

Performance and Storage Improvements Coming to Financial Dimensions

This article is contributed. See the original author and article here.

Introduction

A new feature is coming that is designed to improve performance when working with financial dimensions and reduce the overall storage cost of storing financial dimension values. The initial changes for improved performance and reduced storage will being rolling out in application release 10.0.38.  There are 3 new fields being added to the table Dimension code combination (DimensionAttributeValueCombination) for this initial application release.  

You will see this improvement fully realized in application release 10.0.42 when 22 fields and related indexes are removed.  These fields all begin with SystemGeneratedAttribute and are used for processes like financial journal entry.  

Feature details 

Enabling the feature Financial dimension performance and storage improvement feature will allow your environment to use just the 3 fields newly added to this table.   

graphical user interface, application

If you would like to test the removal of the 22 fields and indexes please contact technical support for further information and early enablement before application 10.0.42. Testing this change with any customizations that utilize data directly from this table – which should be very uncommon – will ensure smooth transition when they are permanently removed in 10.0.42.  

Why is this a benefit? Removing these fields and indexes from this highly used table will provide an improved query and insert performance as well as reduced storage cost.  While removing 22 fields is a great benefit, the larger gain for your environment is the removal of the related indexes.   

Call to action 

After enabling this feature in your test environment, verify all of your customizations and key business scenarios. Because all of these data model changes are fully encapsulated in Microsoft owned API calls, there should be no impact for environments with proper customizations. Any customization accessing this table should review the business need and consider other API endpoints for proper access.  

Learn more 

Financial dimensions – Finance | Dynamics 365 | Microsoft Learn 

Define financial dimensions – Finance | Dynamics 365 | Microsoft Learn 

The post Performance and Storage Improvements Coming to Financial Dimensions appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Best Practices for Offline Mode in the Field Service mobile app – Part 3

Best Practices for Offline Mode in the Field Service mobile app – Part 2

This article is contributed. See the original author and article here.

In Part 1 of this series, we discussed the end-user experience of the offline-first Field Service Mobile application. In this second part we will go through some of the configuration and best practices for a successful offline rollout. 

Mobile Offline Configuration & Best Practices

Leverage the out of the box mobile offline profile 

The out of the box Field Service Mobile offline profile is a great starting point when enabling offline for your organization. It has common Field Service tables pre-configured along with some recommended filters to limit data. When modifying the mobile offline profile, it is recommended to not remove existing tables, but only add new/custom tables required by your organization. If you do want to remove tables from the OOTB profile, be sure there are no references or cross-linking in the views as relationships between tables can at times be difficult to identify at first glance. 

Limit offline data synchronized to the device 

One of the most important things to set your organization up for success with mobile offline is enabling the right data for your business scenarios. Given bandwidth and device constraints it is critical that data being synced from the server is limited as much as possible to have a fast and efficient experience.  

We recommend you evaluate your offline data needs by considering the following: 

  • What are the core business scenarios for a given Work Order assigned to the frontline worker using the application? 
  • What is the minimum historical data which is required offline? 
  • What relationships exist between tables which will be required to drive lists/views/lookups and cross references?
  • What elements on the application may not be needed offline and can be considered online only (excluded from the offline profile)?

Determining above may take several conversations with business stakeholders and frontline workers. It is recommended to document these details in text before diving in to configure your mobile offline profile. 

Offline sync and application data 

In addition to the data sync, the first sync will include app data which is used to drive the views and forms of the application. This app data is highly compressed when downloading over the network and unpacks after being downloaded to the device.  

App data includes scripts, images, and other resources from the Microsoft Field Service solution and any additional customization from solution providers and admins. 

While many of the out-of-the-box scripts should not be modified by the organization, for custom app data be sure to follow best practices: 

  • Minify scripts to reduce file size. 
  • Reduce image assets sizes. 
  • Only include assets which are strictly required for mobile app usage.  
Test as a user in real world conditions  

It is important to test changes to your offline profile directly on the mobile application while using an account that mirrors the role that real end-users will ultimately be using to access the device. This is important because different roles in the organization may have different data access levels and have dramatically different results during offline synchronization. 

When testing you can evaluate the Offline Status Page in the application to see which tables are being synchronized and how many records per table are being downloaded.  

In addition to testing with the correct user role, be sure to test or simulate real world conditions; for example, you will want test cases to mirror the following: 

  • Wi-Fi 
  • Cellular (strong) 
  • Cellular (weak/low signal) 
  • No network 

Testing in various network conditions will help you identify hidden issues where a table is missing from the profile or filter condition may be excluding a necessary record. In some cases, internal business logic may go to the server to get the missing record from the mobile offline profile; this provides a better user experience by avoiding errors for connected scenarios but can result in errors when the application is running without network.  

This level of testing will give further validation that your offline configuration has met your business requirements and frontline workers will have success in any network condition. 

Avoid extensive use of Web Resources with the offline application 

Web resources have several offline limitations which can differ by mobile operating system. Due to these limitations and inconsistency between device operating systems, it is recommended to leverage PowerApps Composition Framework (PCF) controls 

Details on web resource limitations can be found in Power Apps documentation. 

Be aware of larger file types such as images, videos, and documents  

Large files and images require some special handling to enable for offline and limit so to avoid consuming excessive amounts of bandwidth or disc space.   

For details on best practices when configuring files and images, please refer to Configure mobile offline profiles for files and images – Power Apps | Microsoft Learn 

Leverage client-side business logic 

The offline-enabled Field Server Mobile application will sync data from the server at regular intervals. If part of a workflow depends on interaction with the server, the response may take minutes to return to the client when the network is available, and not at all if the user is truly offline. To avoid the delay and make the offline experience more consistent, it is recommended to move as much business logic to the client as possible.  

This may involve moving some capabilities traditionally handled by a server-side plugin to the client so it can function properly in offline mode.  

More information on Business Rules: Apply custom business logic with business rules and flows in model-driven apps – Power Apps | Microsoft Learn 

Set sync intervals for your tables 

Within the Mobile Offline Profile configuration each table can have its own sync interval. This interval determines how often that table is checked for updates.  

You can change the sync interval for each table to reduce the frequency of syncing as users use the app. This may reduce network and battery usage.   

It is recommended to set intervals to be less frequent on tables which are not updated often. 

If you’d like to slow down all data downloads, update the sync interval for all tables in the offline profile to a higher interval. 

With the release of Offline Sync Settings in Wave 2 2023, users can control their individual sync settings and set their client to only sync while on Wi-Fi.  These settings can be leverages for scenarios where the Frontline Worker may for work extended periods of time without the need to sync, or have data capacity limits on their cellular plans. 

Moving the mobile offline profile between environments 

Commonly, configuration of the mobile offline profile is done in a sandbox environment and will need to be moved up to a test environment before ultimately being updated in production. To ensure consistently between environments it is recommended you move the offline profile as part of a managed solution. 

This can be accomplished by creating a new solution and then binding the offline profile to that solution which can be exported. Simply re-import the solution to the new environment then publish and your changes will be updated with consistency between environments.  

Watch this space – the next blog is coming in 2 days!

If there are new enhancement suggestions, it is recommended to submit those asks via the Field Service Mobile Ideas portal: Field Service Mobile – Ideas. This will allow the product team to evaluate new requests and plan for future product release waves. 

And for more best practices, please refer to Platform Offline Best Practices for further offline guidance.  

The post Best Practices for Offline Mode in the Field Service mobile app – Part 2 appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

Microsoft is a Leader in The Forrester Wave™: Sales Force Automation, Q3 2023

Microsoft is a Leader in The Forrester Wave™: Sales Force Automation, Q3 2023

This article is contributed. See the original author and article here.

Selling is all about relationships. We hear a lot these days about the disconnect that our increasingly digital world can create. But at Microsoft, we believe that digital tools, especially those powered by generative AI and real-time insights, can help strengthen sellers’ relationships with their customers. We’re continually investing in Microsoft Dynamics 365 Sales to enable sellers to engage with their customers more meaningfully. We are pleased to announce that Microsoft has been named a Leader in The Forrester WaveTM: Sales Force Automation, Q3 2023 report, with top scores possible in the Vision, Innovation, and Roadmap criteria for our sales force automation (SFA) platform.

placeholder

Reducing complexity to drive seller success

The role of a seller has only grown more complex. A process that used to involve a couple of phone calls and face-to-face meetings now includes everything from targeted emails to impromptu online chats. Organizations rely on everything from digital sellers to field sellers to customer success champions to ensure their customers are supported end-to-end throughout the sales journey. Especially with hybrid workplaces and shrinking travel budgets, sellers need assistance from technology to build connections—between colleagues, across multiple data sources, and with customers. 

The challenge is that sellers need to build these connections and foster relationships without sacrificing productivity. According to the Microsoft Work Trend Index, sellers spend more than 66 percent of their day managing email, leaving only about a third of their time for actual sales activities. Our answer is to provide simple solutions—focusing on collaboration, productivity, AI, and insights—to help sellers focus on closing deals. As Forrester states in its report, “Dynamics [365 Sales] showcases how SFA and office productivity solutions work together.” We believe this is what has earned our position as a Leader: we built solutions to give sellers access to real-time customer insights, subject matter experts, relevant data across different sources, and important customer and account information right in their app of choice—no context switching necessary.

Dynamics 365 Sales works natively with Microsoft Teams to create open lines of communication for collaborating and aligning on work items across marketing, sales, and service departments. Additionally, copilot capabilities bring next-generation AI and customer relationship management (CRM) platform updates into collaborative apps like Outlook and Teams, unlocking productivity for sellers whether they are working in Dynamics 365 Sales or Microsoft 365 apps. By helping to eliminate manual data entry, meeting summarization, and other cumbersome processes, Dynamics 365 Sales ensures sellers have more time to create and nourish their customer connections, ultimately driving sales.

Providing insights that improve customer retention—and grow revenue

Referring to Microsoft, Forrester also reports that “Embedded insights are a highlight of the product”—something that Microsoft customer, DP World, knows well. DP World is the leading provider of worldwide, end-to-end supply chain and logistics. DP World implemented Dynamics 365 Sales to help the company diversify and scale after an acquisition that was driving new demand and traffic to the company. Dynamics 365 Sales provides its sellers predictive lead scoring and prioritized worklists based on AI, giving full visibility into its sales funnels and helping it effectively qualify leads and opportunities. This reduced DP World’s sales cycle, enabling five times more proactive sales and two times greater customer retention.

Learn more about sales

We’re excited to have been recognized as a Leader in The Forrester Wave and are committed to providing innovative sales force automation platform capabilities to help our customers accomplish more.

Businesswoman in remote office working on laptop

Microsoft named a Leader

We received top scores in The Forrester Wave™: Sales Force Automation, Q3 2023.

Learn more about:

Contact your Microsoft representative to learn more about the value and return on investments, as well as the latest offers—including a limited-time 26 percent savings on subscription pricing—for Dynamics 365 Sales Premium.


Source: Forrester: “The Forrester Wave™: Sales Force Automation, Q3 2023”, Forrester Research, Inc., 20 September 2023.

The post Microsoft is a Leader in The Forrester Wave™: Sales Force Automation, Q3 2023 appeared first on Microsoft Dynamics 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.