Document management in Microsoft Teams using Dynamics 365 Integration – Part 1

by Contributed | Oct 20, 2023 | Technology

This article is contributed. See the original author and article here.

In any business organization, you need to be able to communicate effectively with your clients and prospects, as well as access and manage relevant documents and data in real-time. Microsoft Teams is a powerful tool that enables seamless collaboration and communication among team members, as well as with external parties. But when it comes to file management in Microsoft Teams, there are some nuances that need to be taken care of.

With Microsoft Teams being built on the capabilities of SharePoint, whatever data we store in Microsoft Teams, is directly stored in SharePoint.

But one of the drawbacks of uploading a file in a Teams conversation is that you have no control over where it is stored. It automatically goes into the root folder of the SharePoint site that is linked to the team. If you want to move the file to a different folder, you would have to do it manually, which is time-consuming.

Other than this, one of the biggest use cases is of Microsoft chats. Most of the time, file sharing happens on chats. So, the question is, where do the files stored in chats go? Well, they are stored in the user’s ‘OneDrive for Business’ account rather than SharePoint.

An altogether another cloud storage!

This makes the search and retrieval of files complicated. Your business is losing money when your employees waste time looking for files rather than focusing on their core tasks, especially if they are sales reps or customer services reps, impacting customer experience as well.

As you can see, one of the drawbacks of using Teams independently for file management is that we have no control over our files.

So, you then have to manually sit and copy/move all such files to a centralized cloud storage. If you miss moving even one file, it will come to bite you back during crunch moments.

And as your business scales, your organization’s data also scales. And with the above challenges we discussed, your organization can face significant hurdles in communication and collaboration.

One solution to the above hurdle is to integrate Microsoft Dynamics 365 and Microsoft Teams and leverage their combined capabilities. Check out this article for a step-by-step guide on integrating Microsoft Teams and Microsoft Dynamics 365.

Suppose you are on a client call using Teams, and the client shares some updates on their order in the form of a note attachment/ directly in the chat. As you have integrated your CRM and Teams, you can add it against the respective record directly.

From within Teams, you can access the ‘Files’ tab of the respective CRM record and store it in the respective SharePoint site. You need to enable SharePoint Integration for this which is natively available. As there is only one SharePoint instance for each tenant, the root site is the same for your Dynamics 365 and Microsoft Teams. So even though the subsites may be different, both Dynamics 365 documents and Microsoft Teams files are stored on the same SharePoint site.

This way, all your files will be stored in your SharePoint and that too against their respective records. To retrieve it, you can just go to the record in CRM and access the file without having to manually go back to the conversations/chats.

One other way to manage files smartly is Inogic’s Attach2Dynamics, a popular file and storage management app.

With Attach2Dynamics, you get a button right on your CRM entity grid (custom or OOB) which lets you manage the cloud (SharePoint) documents right from within your CRM.

Download the app from Microsoft Commercial Marketplace and get a 15-day free trial.

You can drag and drop files and folders from your system directly into your SharePoint. Create new folders in your SharePoint from within CRM, rename, upload, delete, do a deep search, download a sharable copy, email directly as an attachment or as a link, and much more. You get a plethora of options with this advanced UI.

In this way, you can access all your files and folders stored in SharePoint right from your CRM, make updates to them as required, and do a lot more without toggling between different tabs.

Other than Teams, you get most of the attachments through emails. This can also create a gap in document retrieval as some documents are in SharePoint and some in your CRM emails. Also, over a period of time, these email content and attachments consume a lot of your Dynamics 365 space. This gives rise to CRM performance issues and buying additional Dynamics 365 space is also costly.

So, to truly centralize your file storage and take your file management to the next level, move these email attachments as well to the same SharePoint location. And how great it would be if you could automate this process?

With the help of Attach2Dynamics, all the email attachments that you see in your CRM timeline will get automatically moved/copied to your respective SharePoint folder. You would get a direct hyperlink to the document residing in SharePoint for ease of access as well.

How convenient is this real-time migrating of documents to SharePoint!

Get the app today!

No more your client files are scattered in different locations; be it Teams files, Email files, or CRM files.

Note: This app only works in Teams when integrated with Dynamics 365. For more details on how to best use it along with Teams integration, reach out to Inogic at crm@inogic.com.

It does not end with just centralizing the file storage with Teams and Microsoft Dynamics 365 integration, we also need to look at having a custom folder structure and the security aspects of these files which we will cover in our next post. Keep checking this space for it.

Streamline your document management today!

Operationalizing Microsoft Security Copilot to Reinvent SOC Productivity

by Contributed | Oct 19, 2023 | Technology

This article is contributed. See the original author and article here.

In a Security Operations Center (SOC), time to resolve and mitigate both alerts and incidents are of the highest importance. This time can mean the difference between controlled risk and impact, and large risk and impact. While our core products detect and respond at machine speed, our ongoing mission is to upskill SOC analysts and empower them to be more efficient where they’re needed to engage. To bridge this gap, we are bringing Security Copilot into our industry-leading XDR platform, Microsoft 365 Defender, which is like adding the ultimate expert SOC analyst to your team, both raising the skill bar and increasing efficiency and autonomy. In addition to skilling, we know that incident volumes continue to grow as tools get better at detecting, while SOC resources are scarce, so providing this expert assistance and helping the SOC with efficiency are equally important in alleviating these issues.

Security Copilot provides expert guidance and helps analysts accelerate investigations to outmaneuver adversaries at scale. It is important to recognize that not all generative AI is the same. By combining OpenAI with Microsoft’s security-specific model trained on the largest breadth and diversity of security signals in the industry–over 65 trillion to be precise. Security Copilot is built on the industry-transforming Azure OpenAI service and seamlessly embedded into the Microsoft 365 Defender analyst workflows for an intuitive experience.

Streamline SOC workflows

To work through an incident end to end, an analyst must quickly understand what happened in the environment and assess both the risk posed by the issue and the urgency required for remediation. After understanding what happened, the analyst must provide a complete response to ensure the threat is fully mitigated. Upon completion of the mitigation process, they are required to document and close the incident.

When the SOC analyst clicks into an Incident in their queue in the Microsoft 365 Defender portal, they will see a Security Copilot-generated summary of the incident. This summary provides a quick, easy to read overview of the story of the attack and the most important aspects of the incident. Our goal is to help reduce the time to ramp up on what’s happening in the SOC’s environment. By leveraging the incident summary, SOC analysts no longer need to perform an investigation to determine what is most urgent in their environment, making prioritization, understanding impact and required next steps, easy and reducing time to respond.

Figure 1: Microsoft 365 Defender portal showing the Security Copilot-generated incident summary within the Incident page

After verifying the impact and priority of this incident, the analyst begins to review IOCs. The analyst knows that this type of attack usually starts with a targeted attack on an employee and ends with that employee’s credentials being available to the threat actor for the purposes of finding and using financial data. Once the user is compromised the threat actor can live off the land in the organization and has legitimate access to anything that user would normally have access to such as financial account information for the company. This type of compromise must be handled with urgency as the actor will be difficult to track after initial entry and could continue to pivot and compromise other users through the organization. If the targeted organization handles this risk with urgency, they can stop the actor before additional assets/accounts/entities are accessed.

The SOC analyst working on this incident is in the incident summary page and sees that the attack began with a password spray, or the threat actor attempting to access many users with a list of passwords using an anonymous IP address. This must be verified by the analyst to determine urgency and priority of triage. After determining the urgency of this incident, the analyst begins their investigation. In the incident summary, the analyst sees many indicators of compromise including multiple Ips, Cloud Applications, and other emails that may be related to the incident. The analyst sees that Defender disrupt suspended one compromised account and captured additional risk including phishing email identification. In an attempt to cast an organizational-level view, the analyst will investigate these IOCs to see who else interacted with or was targeted by the attacker.

The analyst pivots the hunting experience and sees see another “Security Copilot” button. This will allow the SOC analyst to ask Security Copilot to generate a KQL to review where else in the organization this IOC has been seen. For this example, we use, “Get emails that have ‘sbeavers’ as the sender or receiver in the last 10 days” to generate a KQL query. This reduces the time to produce the query and the need to look up syntax. The analyst now understands there’s another user account that was reached out by the adversary and the SOC needs to validate risk level / check the account state. The “llodbrok” account will be added to the incident by the analyst.

Figure 2: Microsoft Defender Security Portal showing the query assistant within Advanced hunting editor

After identifying all entry vectors and approached users, the SOC analyst shifts focus to the action on targets and what happened next for the incident they are investigating. This incident does not contain a PowerShell IOC, but if the analyst found PowerShell on the “llodbrok” user’s machine, the analyst would be able to click on the PowerShell-related alert and scroll down in the righthand pane to find the evidence component. After the analyst clicks on the PowerShell evidence, they see the “Analyze” button with the Copilot symbols. This will take a command line and turn it into human-readable language. Oftentimes attackers leverage scripts to perform network discovery, elevate privilege, and obfuscate behavior. This script analysis will reduce the time it takes to understand what the command does and respond quickly. Having human-readable scripts is also useful when the analyst is investigating an alert in a language, they are unfamiliar with or haven’t worked with recently.

Figure 3: Microsoft 365 Defender portal showing the Security Copilot-generated script analysis within the Incident page

After the analyst has confirmed these indicators of compromise are legitimate, the next step is to initiate the remediation process. To do this, the analyst navigates back to the Incident page in the Microsoft 365 Defender portal and scrolls down in the right-hand pane. Right below the incident summary, the analyst will see a set of “guided response” recommendations. The SOC analyst has verified the incident IOCs are legitimate and selects the “Classify” dropdown and the option “Compromised Account” to indicate to other analysts this was a true positive of BEC. The SOC analyst also sees ‘quick actions’ they can take to quickly remediate the compromised user’s account, selecting “Reset user password” and “Disable user in Active Directory” and “Suspend user in Microsoft Entra ID.”

In this process, the SOC analyst is assisted by Security Copilot in what actions to take based on past actions taken by the organization in response to similar alerts or incidents in the past. This will improve their abilities from day one, reducing early training requirements.

Figure 4: Microsoft 365 Defender portal showing the guided response within the Incident page

Finally, the analyst needs to send a report to their leadership. Reporting and documenting can be a challenge and time-consuming task, but with Security Copilot, the analyst can generate a post-response activity report with the click in seconds and provide partners, customers, and leadership with a clear understanding of the incident and what actions were taken.

Here is how it works: the SOC analyst selects the “Generate incident report” button in the upper right corner of the Incident page or the icon beside the ‘x’ in the side panel. This generates an incident report, that can be copied and pasted, showing the incident title, incident details, incident summary, classification, investigation actions, remediation actions (manual or automated actions from Microsoft 365 Defender or Sentinel) and follow-up actions.

Figure 5: Microsoft 365 Defender portal showing the Security Copilot-generated incident report within the Incident page

What sets Security Copilot apart

As a part of this effort, our team worked side-by-side with Security Researchers to ensure that we weren’t providing just any response but providing a high-quality output. Today, we are reviewing a few key indicators to inform us of our response quality using clarity, usefulness, omissions, and inaccuracies. These measures are made up of three core areas that our team focused on: lexical analysis, semantic analysis, and human-oriented clarity analysis. There are three core areas that our team focused on: lexical analysis, semantic analysis, and human-oriented clarity analysis. The combination of core areas provides a solid foundation for understanding human comprehension, content similarity, and key insights between the data source and the output. With the help of our quality metrics, we were able to iterate on different versions of these skills and improve the overall quality of our skills by 50%.

Quality measurements are important to us as they help ensure we aren’t losing key insights and that all the information is well connected. Our security Researchers and Data Scientists partnered together across organizations to bring a variety of signals across our product stack, including threat intelligence signals, and a diverse range of expertise to our skills. Security copilot has obviated the necessity for labor-intensive data curation and quality assessment prior to model input.

You’ll be able to read more about how we performed quality validation in future posts.

Share your feedback with us

We could not talk about a feature without also talking about how important your feedback is to our teams. Our product teams are constantly looking for ways to improve our product experience, and listening to the voices of our customers is a crucial part of that process SOC analysts can provide feedback to Microsoft through each of the skill’s User Interface (UI) components (as shown below). Your feedback will be routed to our team and will be used to help influence the direction of products. We use this constant pulse check via your feedback, and a variety of other signals to monitor how we’re doing.

Security Copilot is in Early Access now, but to sign up here to receive updates on Security Copilot and the use of AI in Security. To learn more about Microsoft Security Copilot, visit the website.

Getting started

1. Analyze scripts and codes with Security Copilot in Microsoft 365 Defender | Microsoft Learn


2. Summarize incidents with Security Copilot in Microsoft 365 Defender | Microsoft Learn


3. Create incident reports with Security Copilot in Microsoft 365 Defender | Microsoft Learn


4. Use guided responses with Security Copilot in Microsoft 365 Defender | Microsoft Learn


5. Microsoft Security Copilot in advanced hunting | Microsoft Learn

Learning more

• Explore Microsoft Security Copilot product page.


• Want to learn more about Microsoft’s XDR? Visit our website.


• Subscribe to the Microsoft 365 Defender Blog to stay up to date with our latest innovations and best practices.

Microsoft Entra ID Beginner’s Tutorial (Azure Active Directory)

by Contributed | Oct 18, 2023 | Technology

This article is contributed. See the original author and article here.

Simplify and improve security for sign-in experiences with Microsoft Entra ID, the new name for Azure Active Directory. Microsoft Entra ID is a unified identity provider to sign into your non-Microsoft services, like Google, AWS, Salesforce, and ServiceNow.

See how it’s used to manage service licensing for Microsoft 365, Office 365, Enterprise Mobility + Security, and Microsoft Purview. It features unique capabilities like conditional access, passwordless authentication, Single Sign-on, and Dynamic Groups. Perform the most common day-to-day tasks, like adding and editing user accounts, options for groups and what each do, as well as managed identities, role assignment, admin units, and additional core capabilities.

Jeremy Chapman, director of Microsoft 365 and a long-time endpoint management and directory services admin, explains the setup and configuration.

Just one email address to remember.

Access ALL your work services and apps. Enhanced security with multi-factor authentication and Conditional Access. Take a tour of Microsoft Entra ID.

Go beyond password-only authentication.

It just isn’t safe. Choose from multiple authentication strengths — like FIDO2 keys, Windows Hello, biometric sign-in & Microsoft’s Authenticator app. See the Microsoft Entra admin center.

Single Sign-On across devices and apps.

Microsoft Entra ID integrates with device management. Get started.

Watch our video here:

Known issue: Incorrect count for onboarded Microsoft Defender for Endpoint devices report

by Contributed | Oct 17, 2023 | Technology

This article is contributed. See the original author and article here.

We were recently alerted to an issue where devices onboarded to Microsoft Defender for Endpoint are not properly reflected in the Microsoft Intune admin center report for devices with/without the Defender for Endpoint sensor. We’ve identified a bug that is causing incorrect counts for the number of devices onboarded to Defender for Endpoint and are working on a fix that is expected to be released later this year. The report is located under Endpoint security > Microsoft Defender for Endpoint and on the connector page.

Note: This is a reporting bug only. It does not impact onboarding to Defender for Endpoint.

A screenshot highlighting the Devices with/without Microsoft Defender for Endpoint sensor report in Endpoint security.

Temporary workaround

As a temporary workaround, check for the Defender for Endpoint onboarding status in the Antivirus agent status report under Reports > Microsoft Defender Antivirus. Look for the columns for MDE Onboarding Status and MDE Sense Running State for more information.

We’ll update this post when the fix has rolled out or as more information becomes available. If you have any questions, let us know though comments on this post, or by tagging @IntuneSuppTeam on Twitter.

Welcome to the 2024 Imagine Cup

by Contributed | Oct 16, 2023 | Technology

This article is contributed. See the original author and article here.

Welcome to the 2024 Imagine Cup, a student competition for visionary entrepreneurs building with AI. If you’re passionate about AI, technology, and entrepreneurship, this is your opportunity to unlock your startup’s potential and shine on the global stage. Here’s what you can expect on this exciting journey.

Benefits of participating in Imagine Cup

• Access to AI Technology: Immerse yourself in cutting-edge AI technology with USD1,000 of Azure credits and USD2,500 OpenAI credits. You’ll receive expert guidance to accelerate your startup’s AI journey, giving you a distinct advantage in crafting AI-driven solutions.
  
  


• Expert Mentorship: Imagine Cup goes beyond mere technical guidance; it offers a comprehensive entrepreneurial ecosystem. Through personalized one-to-one guidance from technical and business mentors tailored to your specific needs as a founder, you’ll acquire the essential tools to hone your strategies and successfully navigate the challenges along your startup journey. From helping you leverage Microsoft’s industry-leading AI capabilities for your startup, to inspiring you with what is possible as an entrepreneur, your mentors will be trusted partners on your path to success.

• Prizes and Global Recognition: Seize the opportunity to showcase your startup on a global stage at Microsoft Build! The Imagine Cup champion team will receive USD100,000, while the two runner-up teams will each earn USD50,000. Plus, the winning team secures an exclusive mentorship session with Microsoft Chairman and CEO, Satya Nadella!
  
  

Stages of the Competition

Now, let’s explore the stages of the 2024 Imagine Cup competition:

1. Qualifying: Build the Future with AI (Oct 16 – Jan 24)

Kickstart your Imagine Cup journey by submitting your innovative AI startup idea. Participants in this stage will gain access to Microsoft for Startups Founders Hub, receive USD1,000 in Azure credits, USD2,500 in OpenAI credits, access to self-paced training for technical and entrepreneurial skills. Remember, the earlier you submit to qualifying the earlier you get access to the credits to start building your Minimum Viable Product (MVP).

2. Minimum Viable Product (MVP) Submissions (Jan 26 – Feb 9)

This stage is dedicated to submitting your Minimum Viable Product (MVP), a mandatory step to advance in the competition. Learn more about what is required for your MVP through downloading the Imagine Cup Rules and Regulations.

3. Semifinals: Accelerate Your Growth (Feb 23 – April 12)

Congratulations to the teams who make it to the semifinals! In this stage, you will collaborate with seasoned mentors to refine your business plan and prototype, harnessing AI for your startup’s success. Semifinalists will enjoy networking opportunities, technical guidance, guidance for AI acceleration, personalized one-to-one technical and business mentorship, and access to Founders Hub Level 2, along with an additional USD4,000 in Azure credits.

4. World Championship: Showcase Your Business Globally (April 26 – Build)

Welcome to the pinnacle of Imagine Cup—the Imagine Cup World Championships! The top three teams compete on a global stage at Microsoft Build, showcasing the depth and promise of their startups. Step into the spotlight and demonstrate how technology can drive positive change.

This stage offers global stage visibility, the chance to win an exclusive mentorship session with Microsoft Chairman and CEO, Satya Nadella, and cash prizes of USD100,000 for the winning team and USD50,000 for the two runner-up teams.

How to get started

But that’s not all! As you embark on your Imagine Cup journey, consider starting with the Imagine Cup Cloud Skills Challenge. It’s your chance to learn essential AI, tech, and entrepreneurial skills for the competition.

Imagine Cup 2024 is your pathway to innovation, mentorship, and global recognition. Join us today and unleash your startup’s potential. Submit the proof of concept for your business by January 24. However, the sooner you apply, the sooner you gain access to your benefits.

Together, we’ll create a brighter future through AI-driven entrepreneurship. Along the way, connect with a vibrant community of changemakers and drive meaningful positive change through your journey as a founder.

Register for the 2024 Imagine Cup

Kusto NLog connector now supports Azure Data Explorer Free Clusters

by Contributed | Oct 14, 2023 | Technology

This article is contributed. See the original author and article here.

Introduction

NLog is a popular logging framework used by developers to log messages from .NET applications. NLog, a robust logging framework, captures and stores critical information, providing essential insights for debugging and optimization.

Earlier in the summer we released the open-source NLog connector for Azure Data Explorer. Azure Data Explorer (ADX) is a fast and highly scalable data exploration service that can be used to store and analyze large volumes of data. 

In this blog post, we walk you through the latest enhancements in NLog connector for Azure Data Explorer which marks a significant leap forward in offering seamless integration with Azure Data Explorer for an unparalleled application behavior insights and monitoring.

In the latest connector update, a host of powerful features has been introduced. This includes seamless support for Free Azure Data Explorer Clusters and integration with KQL Database in Microsoft Fabric Real-Time Analytics. Now, developers can dive into the world of ADX without the need for an Azure account subscription or credit card. Simply create a free ADX account, and you’re all set to harness the full potential of your logs using an ADX cluster.

Leveraging the expressive power of Kusto Query Language (KQL), developers can uncover invaluable insights into their application’s behavior, performance metrics, error occurrences, and even detect anomalies. This newfound capability opens a world of possibilities for fine-tuning and optimizing applications based on data-driven decisions.

Moreover, bid farewell to the IngestionEndpoint property and embrace the power of Kusto Connection Strings. These strings serve as your all-access pass to a range of authentication modes, including the convenient User Prompt Authentication and the secure User Token Authentication.

Diving into the ADX Target Sample Application with latest updates

You can find the detailed initial setup steps in the previous blog post here: Getting started with NLog and Azure Data Explorer – Microsoft Community Hub

This will be like the previous blog but in context of Free Cluster and Connection string support.

Pre-requisites:

• .NET 6 and above


• An ADX free cluster and database. If you do not have one, Quickstart: Create an Azure Data Explorer cluster and database – Azure Data Explorer | Microsoft Learn

Steps

Create a table in Azure Data Explorer to store logs. The following command can be used to create a table with the name “ADXNLogSample”.

.create table ADXNLogSample (Timestamp:datetime, Level:string, Message:string, FormattedMessage:dynamic, Exception:string, Properties:dynamic)

Clone the NLog-ADX target git repo.

git clone https://github.com/Azure/azure-kusto-nlog-sink.git

Set the following environment variables in the sample application:

• CONNECTION_STRING : Kusto ConnectionString of ADX cluster created.


• Eg: Data Source=https://ingest-..kusto.windows.net;Fed=True


• DATABASE: The name of the database to which data should be ingested into.

Simply build and run the application:

• Install the ADX Target for NLog

The ADX Target for NLog is available as a NuGet package. To install it, open the Package Manager Console and enter the following command:

dotnet add package NLog.Azure.Kusto --version 2.0.1

Build the application and run it

• Open a Powershell window, navigate to NLog ADX Target base folder and run the following command.   

  dotnet build



• Once build got completed, navigate to src/Nlog.Azure.Kusto.Samples/ run the following command to run the sample application.

  dotnet run



• This is making the sample application, open a login prompt in your default browser, where you need to enter your username and password.

• The ingested log data can be verified by querying the created log table (ADXNLogSample in our case) by using the following KQL command.

  ADXNLogSample | take 10​

Conclusion

The NLog Azure Data Explorer Target connector is a great tool for log management that allows developers to send their log messages to ADX for analysis and visualization. With the new features of the connector such as support for ADX free cluster and Microsoft Fabric cluster, developers can now use ADX without an Azure account or credit card. By using KQL queries, developers can gain insights into their application behavior, performance, errors, and anomalies. We hope this article has helped you understand how to use the new features of the connector and how to make sense of your logs using an ADX cluster.

Documentation: Ingest data with the NLog sink into Azure Data Explorer – Azure Data Explorer | Microsoft Learn

Open-Source Repository: Azure/azure-kusto-nlog-sink: Nlog custom target for storing logs to ADX (github.com)

NLog Kusto Connector Nuget: NuGet Gallery | NLog.Azure.Kusto 2.0.1