This article is contributed. See the original author and article here.
Introduction
Supply Chain Management lets you manage, track, and verify compliance with export control restrictions prior to confirming, picking, packing, shipping, and invoicing sales orders. The new advanced export control functionality allows you to manage your export control policies using a native Microsoft Dataverse solution that interfaces directly with your Supply Chain Management instance. Supply Chain Management then enforces compliance with international trade regulations by consulting your export-control policies in real time.
The export control dataverse solution allows you to keep track of the many different rules and policies, expressing these rules, including complex ones, using formulas similar to those in Microsoft excel. The fact that it is a dataverse-based solution also allows your other systems to access your export control rules thanks to the hundreds of connectors available for Dataverse.
The solution implements five primary concepts:
Jurisdictions
A jurisdiction is a set of codes, categories, restrictions, exceptions and licenses. It represents a set of configurations that apply to incoming requests. Like the US International Traffic in Arms Regulation (ITAR), US Export Administration Regulations (EAR) or EU Dual Use.
You can create as well your own jurisdiction for your companies internal policies.
Codes and categories
The codes that make up a jurisdiction are often referred to as Export Control Classification Numbers (ECCNs).
An example of an export control classification number is 7A994, which is defined by the United States Export Administration Regulations (US EAR) export control jurisdiction. This classification number applied to “Other navigation direction finding equipment, airborne communication equipment, all aircraft inertial navigation systems not controlled under 7A003 or 7A103, and other avionic equipment, including parts and components.” According to the US EAR, ECCN 7A994 is a part of the *Anti Terrorism (AT)* control category.
Restrictions
Each export control jurisdiction defined a set of restrictions under which export control actions should be disallowed unless an exception exists.
Exceptions
Exceptions allow an action even though a restriction would otherwise block it. Common types of exceptions include licenses, blanket exemptions, and corporate policies.
Exceptions are defined the same way as restrictions, but also provide extra requirements that apply when the exception is used, such as the need to display a message to the user o to print text and licenses on documents.
Licenses
Licenses are the specific permissions to be able to trade an item or set of items in a given context. It is common that the authorities are the ones providing the licenses.
This article is contributed. See the original author and article here.
Microsoft Learn has a passionate and inspiring community to support your learning journey wherever it may take you. Here we highlight a few of our global learners who have shared their stories about making successful career changes using Microsoft Learn. Our learners inspire us with their perseverance, ingenuity, and the courage to reinvent themselves (Zoologist to Functional Consultant!). Many had to make a significant career change due to the pandemic, proving to us all that if they could make a switch during such a challenging time, we can all be successful with the right learning path and helpful resources in place. Each career changer started by identifying their goal and strategically working toward it–and you can do the same.
Here are a few of their stories:
Introducing Manoj Bora: Hospitality industry to IT Pro
Photo of Manoj Bora
Manoj came to Microsoft Learn from 20 years in the hospitality industry. When the pandemic struck, he lost his job, and the peace of mind that comes with a stable career. In March 2020, he was forced to start over, finding odd jobs and doing manual labor to provide for his family. At that point, Manoj decided to turn to the tech industry to take advantage of the many career opportunities he found available. He explored careers as a developer, software testing, SAP, and Oracle, but it was Microsoft Dynamics 365 which appealed to him most as he had transferable skills. He dove deep into Dynamics 365 but quickly realized he needed structured and practical training – this led him to Microsoft Learn. Gradually with the help of self-paced learning content, community discussion forums, user groups, and Microsoft organized events, Manoj was able to establish his new career in IT. Today, he works as a Dynamics 365 Customer Engagement Functional Consultant.
“Even if you do not have a computer science degree or any IT expertise,” Manoj points out, “if you put your focus on learning something new, you can achieve it with amazing Microsoft Learn content, the helpful Microsoft community, and the evolution of low-code, no-code Power Platform.”
Key insight from Manoj:His advice to other learners is to identify your learning goals ahead of time and pursue all possibilities because Microsoft Learn offers so many resources and learning paths.
Introducing Ikenna Udeani: Student to Data Analyst
Photo of Ikenna Udeani
Ikenna was fresh out of college when he discovered Microsoft Learn. Our platform played a crucial role in helping Ikenna secure his first job immediately after graduation. Microsoft Learn was instrumental in preparing him to earn the Microsoft Certified: Azure Data Fundamentals certification, which he showcased on his LinkedIn profile. This caught the attention of hiring managers, and as a result, he was offered a job—but he didn’t stop there. Ikenna went on to earn six additional certifications, while also working towards two more new certifications.
“I can’t overstate the impact that Microsoft Learn has had on my professional growth and development,” says Ikenna. “I would highly recommend it to anyone looking to enhance their skills and advance their career in the tech industry.”
Key insight from Ikenna: His favorite feature on Microsoft Learn is the sandbox environment, which allowed him to get interactive experience using various Azure features for free and to practice his skills.
Introducing Nikhil More: Zoology college educator to Functional Consultant
Photo of Nikhil More
Our learners come to Microsoft Learn with diverse backgrounds—Nikhil’s includes a master’s degree in zoology and experience in ecological research and teaching. Like many others, the pandemic brought unexpected changes to his life, and he lost his job as a college teacher. That’s when he discovered Microsoft Learn, and quickly realized that the platform had a well-structured approach aligned with the job he aspired to achieve. The continuous learning opportunities provided by Microsoft Learn ensure that he’s always at the forefront of industry trends and equipped to deliver exceptional results.
“It has empowered me to bridge the gap between my biology background and a thriving career in technology,” says Nikhil. “The platform has not only provided me with the knowledge I needed but also bolstered my sense of confidence and purpose. With Microsoft Learn as my guide, I am excited to see where my Dynamics 365 career takes me next.”
Key insight from Nikhil: One of his favorite aspects of Microsoft Learn is that it provides a structured learning path, offering modules and courses that gradually build your knowledge. It feels like you’re embarking on an exciting journey, with each module representing a new stop along the way.
Has Microsoft Learn helped you on your journey to building skills and achieving your goals? Fill out our form for a chance to have your story featured. We can’t wait to hear from you!
This article is contributed. See the original author and article here.
This week, we launched a new playlist on the Microsoft Azure YouTube channel that includes all episodes of our interview series, Microsoft SaaS Stories: Learn from Software Experts. This series highlights partners at various stages of their software as a service (SaaS) journey and their unique experiences building, publishing, and growing on the Microsoft commercial marketplace.
In my role as an Engineering Manager at Microsoft, I’ve seen our software partners take a variety of approaches to SaaS. The most successful companies were the ones that spent the time to understand the scope and steps within the journey to SaaS, both on the business and technical sides. As my team helped companies through this journey to build resilient, scalable, secure applications, they each learned unique insights that enabled their success. I saw a significant opportunity to connect companies at different stages in this journey so that they could share and learn from others to be some of the most successful on our platform and in the market.
Here is a summary of each episode we’ve produced so far:
Episode 1: Basis Theory. CTO Brandon Weber shares how they built confidence with customers by creating an easy-to-use SaaS platform that scales while remaining reliable and secure. Learn the challenges they encountered running a 24/7 service while evolving the service and handling customer growth.
Episode 2: Zammo. In this episode with Zammo’s Stacey Kyler and Nicholas Spagnola, we learn about their significant growth in business and much faster time to close based on having their products in the marketplace. They share their experience building for Azure and running a No-Code Conversational AI Software SaaS platform.
Episode 3: Wolfpack. In this episode with Wolfpack’s Koen den Hollander, we learn how they built their SaaS application for retail customers, and how connecting engineers directly to customers enables them to deliver value at scale.
Episode 4: Vocean. In this episode, we explore how Vocean built their SaaS application that changes the way organizations make decisions. They share the importance of taking time to plan, learn, and listen to experts around you before rushing to build features.
Episode 5: Access Infinity. In this episode, we talk to Access Infinity’s Managing Director, Keshav Nagaraja and explore how Access Infinity saw an opportunity in their consulting business to create platforms that help their customers at scale, and how they came up with a pricing model that drives positive user behaviors.
Episode 6: Sage. In this episode, we learn how Sage embraced the opportunities to shift their application to SaaS, how they used SaaS as an opportunity to simplify their pricing model, and how they use a simple set of principles to guide complex changes.
Are you a partner with a SaaS solution on marketplace who is interested in sharing your SaaS story? Comment below and our team will reach out to learn more about your story!
This article is contributed. See the original author and article here.
Copilot AI is reshaping customer service just like it’s changing every other aspect of business operations. Before now, customer service managers had no way to gauge the results of their efforts to incorporate AI in their practices. Copilot analytics in Dynamics 365 Customer Service fills that gap, offering deep insights into the operational impact of an organization’s investment in AI-enhanced customer service.
Key metrics and insights
To view Copilot analytics, go to Customer Service historical analytics and select the Copilot tab. Here, comprehensive metrics and insights provide a holistic perspective on the value that Copilot adds to your customer service operations.
Usage metrics
Daily Active Users: The number of individual agents who engaged with Copilot at least once in a day over the specified date range
Total Copilot AI Responses: The aggregate number of responses that Copilot provided in a day over the specified date range
Number of Responses Used: The number of Copilot responses from which an agent copied text
Percentage of Copilot AI Responses Used: The proportion of Copilot responses from which agents copied text
Productivity metrics: Cases
Total Cases Resolved: The aggregate number of cases that agents resolved while Copilot was available
Number of Cases Resolved Using Copilot AI: The number of cases that agents resolved with Copilot’s help
Percentage of Cases Resolved Using Copilot AI: The proportion of cases that agents resolved with Copilot’s help
Average Days to Close for Cases: The average number of days it took agents to resolve cases, with and without Copilot’s help
Case Throughput: The average number of cases that agents resolved per day, with and without Copilot’s help
Productivity metrics: Conversations
Total Conversations: The aggregate number of agent-customer interactions that involved Copilot
Number of Conversations Using Copilot AI: The number of completed conversations in which Copilot played a role
Percentage of Conversations Using Copilot AI: The proportion of conversations in which Copilot played a role
Average Conversation Handle Time: The average duration of conversations in which Copilot played a role
Conversation Throughput: The average number of completed conversations (excluding emails and voice interactions) per day in which Copilot played a role
Satisfaction metrics
Agent Ratings: Agents’ ratings of Copilot’s responses, both positive and negative
The potential of Copilot analytics
Copilot analytics gives leaders of organizations that use Dynamics 365 Customer Service a comprehensive toolset to assess the impact of Copilot on their customer support functions. By analyzing key metrics, supervisors and managers can make informed decisions, optimize processes, and elevate levels of customer satisfaction.
It’s important to recognize that Copilot analytics is a transformative asset for customer service organizations. As you explore its capabilities, you’ll find that its insights have the potential to drive improvements in the productivity of your customer service teams.
AI solutions built responsibly
Enterprise grade data privacy at its core. Azure OpenAI offers a range of privacy features, including data encryption and secure storage. It allows users to control access to their data and provides detailed auditing and monitoring capabilities. Copilot is built on Azure OpenAI, so enterprises can rest assured that it offers the same level of data privacy and protection.
Responsible AI by design. We are committed to creating responsible AI by design. Our work is guided by a core set of principles: fairness, reliability and safety, privacy and security, inclusiveness, transparency, and accountability. We are putting those principles into practice across the company to develop and deploy AI that will have a positive impact on society.
Learn more about Copilot analytics
Watch a video to learn how copilot AI searches company knowledge sources and generates optimized responses in a single click.
This article is contributed. See the original author and article here.
We are excited to announce that we are currently rolling out a new feature called SharePoint News for Email. This feature enables you to convert your SharePoint News Posts intro distributions that can be read fully in email inboxes. You can now engage your audience directly in their inbox and track their mail reads.
Four pictures – showing the news article in SharePoint – sending email feature – news in the email client – statistics for the view
To create a News post for email, select a “Made for email” template from the news template picker:
Selection of the templates for new news article – showing the email ready templates.
When you are finished authoring, you can now post your news and send it fully to email in one step.
SharePoint News visible in the SharePoint portal and in the email client.
Sending a page as an email will not change existing site permissions, and sending a page as an email will not give your recipients access to the original page if they don’t already have it. You can think of sending mail by email as making someone a photocopy of a page in a book. They can read that page, but nothing else in the book.
Live video demo on the feature.
Frequently asked questions
When will this happen?
This update will roll out to Targeted Release customers starting August 2023, and to all customers by the end of September.
This article is contributed. See the original author and article here.
On July 11, 2023, we introduced Microsoft’s identity-centric security service edge (SSE) solution and two new services: Microsoft Entra Private Access and Microsoft Entra Internet Access, which are now in public preview. In this blog, we take a deeper look into Microsoft
Entra Private Access.
Figure 1: Traditional network security stacks and legacy VPNs are no longer sufficient
Microsoft Entra Private Access
Traditional network security approaches that use legacy VPNs simply cannot scale to modern demands. Once your remote users connect to your corporate network through VPN, they are granted excessive access to your entire network, all it takes is a single compromised user account, infected device, or open port for an attacker to gain entry, move laterally, and access your most critical assets.
Microsoft Entra Private Access, an identity-centric Zero Trust Network Access (ZTNA), reduces the operational complexity and cost of legacy VPNs, while eliminating excessive access and preventing lateral movement. It modernizes access to private applications and resources,helping users quickly and easily connect to private applications from any device and any network, whether they’re at home, remote, or in their corporate office.
What makes Private Access unique
As part of Microsoft’s SSE solution, Private Access is built on Zero Trust principles. It verifies every user and enforces least privilege, giving users access only to the private applications and resources they need.Private Access significantly expands Entra ID Application Proxy capabilities in Microsoft Entra to a complete ZTNA solution that shares the same connectors but offers so much more, it helps you simplify and secure access to any private resource on any port, and protocol.You can apply policies that enable secure, segmented, and granular access to all your private applications in your corporate network, on-premises, or in the cloud. For customers already using Application Proxy, they can seamlessly transition to Private Access – all existing use-cases and access to existing private web applications would continue to work with no disruption.
You can create and enforce per-app, least privilege access controls based on the granular Conditional Access policies that are enriched with context about users, devices, and their locations. You can also terminate ongoing sessions in response to anomalies or changes in user context or device health. For example, if a user connects from one part of the world and then immediately connects from another part of the world (what we call “impossible travel”), you can enforce re-authorization or step up to a stronger authentication method.
Private Access enables secure access to any application, on-premises or cloud-based, and it works across any port or protocol, including RDP, SSH, SMB, FTP, and anything else that uses TCP or UDP. In addition, you can enable single sign-on (SSO) using SAML or http headers or even legacy Kerberos authentication for both web and non-web applications, without making any changes to those applications.
With Private Access delivered from one of the largest global private networks, Microsoft global network, your private applications are not only more secure, but your employees can also access them faster compared to legacy VPNs. The unmatched scale and vast global network edge presence enables you to optimally connect your users and devices to private resources, especially those who work in a hybrid or remote work environment.
Figure 2: Secure access to all private applications, for users anywhere, with an identity-centric Zero Trust Network Access (ZTNA).
Private Access key capabilities
Microsoft Entra Private Access can help you enable secure access to all your private applications and resources. Key capabilities include:
Fast and easy migration from legacy VPNs with Quick Access. Replacing legacy VPNs with an identity-centric ZTNA minimizes the risk of implicit trust and lateral movement. Using Quick Access, you can easily configure broad private IP ranges and fully qualified domain names (FQDNs) to quickly enable identity-centric, Zero-Trust-based access to all private resources.
Figure 3: Fast and easy migration from legacy VPNs with Quick Access
Enhanced identity-centric security controls for all private applications. With Private Access, you can create Conditional Access policies and multi-factor authentication (MFA) that require modern authentication for accessing any private application, even those using legacy protocols such as Kerberos and NT LAN Manager (NTLM). This brings policies based on the sensitivity of the application, level of user risk, network compliance, and so forth to legacy applications. For example, you can easily require multi-factor authentication (MFA) and device compliance checks for users trying to access remote desktop (RDP), secure shell (SSH) or SMB applications.
Figure 4: Enhanced identity-centric security controls for all private applications
Automatic private application discovery and onboarding.You candiscover private applications, including existing App Proxy private web applications, whether the applications are hosted locally in a private network, in an on-premises data center, or in the cloud. You can then onboard them to Microsoft Entra ID, group them, and define granular access policies.
Figure 5: Automatic private application discovery and onboarding
Granular segmented applicationaccess. Instead of granting remote users access to your entire network, as traditional VPNs do, you can define granular segmented access policies for each application or group of applications based on user, device, or processes running on the endpoint.
Figure 6: Granular segmented application access
Intelligent local access. Employees need a consistent security posture whether they’re accessing private applications remotely or on-premises. The intelligent local access capability enables fast and seamless ZTNA for users, whether they’re within the corporate network or connecting remotely from anywhere outside corporate network boundaries. For example, a user while on the corporate network can connect to on-premises private applications such as RDP or SMB while CA policies such as MFA are still enforced, and application traffic remains local on the corporate network.
Figure 7: Intelligent local access
Getting started with Entra Private Access
Global Secure Access (preview) is the centralized location in the Microsoft Entra admin center where you can configure and manage Microsoft Entra Private Access. Remote workers don’t need to use a VPN to access these resources if they have the Global Secure Access Client installed. The client quietly and seamlessly connects them with the resources they need. The most current version of the client can be downloaded from the Microsoft Entra admin center. You can install the client interactively, silently with the /quiet switch, or use mobile device management platforms like Microsoft Intune to deploy it to their devices.
QuickAccess makes it very easy to get started with a minimum configuration for Private Access, especially when you are planning to move from legacy VPN to ZTNA. After completing initial configurations, and once you deploy a connector agent on-premises, to enable quick access all you need to do is specify the IP address, IP address range, or FQDN and port number. You can then assign specific conditional access policies, which QuickAccess applies to ALL app segments you configured. For example, you can create a “myRDP app” and assign it an IP address-based app segment. You only need to provide a name for the private app, then select the connector you wish to use with the app, and then specify the IP address/range and port number. You can then access your destination by simply launching an RDP session from your remote client machine.
Figure 8: Configure Quick Access to an RDP application
To learn about different use cases and scenarios, configuration prerequisites and how to enable secure access to your private network resources through the client, remote network connectivity, Quick Access, and more, go to the Global Secure Access documentation page.
This article is contributed. See the original author and article here.
Summary
Data in ADX (aka Kusto aka RTA in Fabric) almost always has columns that contain datetime values like 2023-08-01 16:45 and sometimes timespan values like 2 hours or 36 minutes.
In this article I’ll describe how these values are represented in ADX in Power Query and in Power BI.
Notice that I don’t just say Power BI because timespan values have different types in Power Query and in Power BI.
This article is contributed. See the original author and article here.
When building an application, one of the things we have to work alongside with is business requirements but we mostly forget about the users, “Is this application accessible to the users?”
User’s Interaction and accessibility are many of the factors that needs to be discussed when building an application. It’s important to consider how efficient your application is to your users.
Check out this Podcast Episode on A Girl in Love with Tech Podcast where I and Microsoft Snr Program Manager Ilya Fainberg who role is researching market trends and understanding customer needs to formulate product strategy. Helping customers succeed in their journey to the Microsoft Cloud by advising on best practices and product discussed about the importance of User’s Experience in Microsoft Power Platform
In this article, we would learn about simple user’s needs we can easily work on when building a Power apps application but first, let us understand what Power Apps is
What is Microsoft Power Apps?
Microsoft Power Apps is a low-code or no- code tool in the Microsoft Power Platform ecosystem that is used in building business applications with or without the use of programming languages. Microsoft has been able to bridge that gap, where both developers and non-developers have free rays in building solutions. What this means is that, the platform can be extended by code making it a pro code platform for professional developers.
What to look at for
1. Simple icons: it is advisable to use icons in place to help increase space and avoid distractions. Make use of icons that are understandable on what it does.
2. Consistency: When building an application, especially when you have many screens in the application. It’s important to consider the consistency of the controls in your screen especially the width and height.
3. Colours: How well you use your colours is very important, especially to the users, it has to be accessible, not contrasting the other, the colour should not be too dull. These are the few examples to consider when working with colours
The font colour and background colour of your screen should be accessible. Check the Colour contrast checker to see which colour works best.
When using an image in the screen the colour in the background of the image should not contradict the background colour of your screen.
Use primary colours to point out the main objective. A good example of not working well with colors is using a green colour for the delete icon.
4. Avoiding distractions: Application should always be easy to use. A user should not need a manual to use your application.
5. Performance: Improving how users interact with your applications should be met. A few examples to consider when working in an application:
Application should not take too long to load or respond to an action.
When a user clicks on a button they expect that something will happen. Button controls should not be used as a text control.
6. Size: The font type and size should be readable and accessible. Check here and learn more about accessible fonts.
7.Responsive: Building an application, always think about the use of your application on different devices. When building an application one of the mistakes we make is not having an idea or design of how the application layout will look like on different types of screens.
This article is contributed. See the original author and article here.
With ongoing advancements in technology, there has been a continuous shift in how we learn, network, and interact with each other. Communities in Teams experience enables students and mentors to connect and bring out a true sense of connection among them.
IIT Madras, one of the leading engineering institutions in India, has been using Teams to enable mentorship-led communities along with their Microsoft Learn for Educators (MSLE) effort in their data science program. Mentors connect with the students to help them with course curriculum and technical questions related to various Microsoft certification courses that they are encouraging their students to take up, both asynchronously and with live online office hours, in one place.
In this article, we will explore how IIT Madras created communities for mentorship cohorts and engaged their students to help them easily connect with one another and have a go-to space for upskilling and networking.
Why create mentorship communities on Teams?
Building a strong connection between the mentors and mentees is critical for folks to achieve goals and learn from each other. This is especially true if the students are from diverse geographical locations, ages, roles, and backgrounds. The BS Degree in Data Science and Application Program offered by IIT Madras is born out of the philosophy of democratizing education and has seen wide acceptance both inside and outside the country.
With data science being a buzzword in the industry for quite some time, the BS program aims to provide without compromising the strong academic foundations needed in this arena. Knowledge of cloud computing and use of cloud resources is a significant extracurricular component where IIT Madras is working with Microsoft (through a faculty development program – Microsoft Learn for Educator program) to enable Microsoft Cloud-related certifications, both in Data Science and Application Development, for its students. Communities in Teams provides a single platform for students to connect, engage, and build relationships with their fellow students and mentors before and after their sessions.
This community is the centralized space for students to find information related to their out-of-class mentoring sessions scheduled in the program and address all questions and concerns. Students can
Find the program schedule
Engage with the coordinating team
Track important dates
Help, interact, and collaborate with peers
Resolve queries in real time
One-stop access to all your reading materials
Connect with your trainers/mentors
Follow upcoming events
Additionally, since students could potentially use Teams in their colleges, it serves as an excellent opportunity for them to navigate on a single platform.
How is IIT Madras creating and managing mentorship cohorts in Communities in Teams?
IIT Madras has been using Communities in Teams as a platform for all its students and mentors to build relationships, expand their network, and motivate students in finishing their Microsoft certification programs.
For every mentorship session, they share the QR code/ invite link of the community to all its registered participants. Students join the community before/during the course delivery session to connect asynchronously with their peers and discuss key elements discussed during the session.
The mentors/coordinating team shares all the required details of the cloud certification including meeting details, and prerequisites, and supports students by providing them a platform to ask questions, seek guidance, and share their certificates.
These communities also act as a knowledge resource for all the students aiming to get themselves certified with other certifications as IIT Madras leverages the existing community network they have built to cross-promote the upcoming mentorship sessions and certifications.
Here is what IIT Madras has to say about Teams
In the unique context of IIT Madras BS Degree in Data Science and Programming, the mentorship communities through MS Teams help emulate the informal learning environment that is available in the regular on-campus programs for extra-curricular activities. This is a very significant activity as students aiming to get Cloud Certifications not only get guidance from their peers/seniors who have already completed their journey but also promote a strong sense of belonging. We are really happy to be part of this journey with Microsoft Teams and are looking forward to having a strong community built within this space.
Overall, these communities have been helping the students to engage proactively, find easy resolution of queries, and stay motivated to complete their programs and certifications.
Best practices to keep in mind while creating student-mentor communities on Teams
Set Community Description, Avatar, and Guidelines: Once the community is created, ensure the community description encourages participation and delivers the goal of the community. Additionally, fill out any specific community guidelines you want to communicate to members of the community. Having a community avatar makes the community more real. Learn more about updating the community details.
Restrict Community Join Link Sharing: To ensure the community remains secure and limited to authorized members, disable the option to share the community join link and enable requests for members to join. This step prevents the link from being shared outside the intended audience, maintaining the privacy and exclusivity of the community. Learn more about how to disable the option to share a community link
Create an engagement plan: Plan your engagement for 2 weeks beforehand as starters to kick-start conversations in the community. You can have multiple types of posts planned with details on who will post and when.
Change your profile name so members can uniquely identify you as the mentor. You can use titles such as Your Name – Mentor
Diversify Communities: Consider creating separate communities for every certification/program type. This segmentation allows for more targeted discussions and networking opportunities within specific cohorts.
Empower the community to lead: A community becomes strong and sustainable only when leaders are nurtured within the community and empowered. As part of this, there is a cognitive apprenticeship within the community through which students can move up to become Mentors and Community managers.
By following these steps, you can harness the power of Communities in Teams to create vibrant communities that foster connections, facilitate networking, and enhance the overall mentorship experience.
How to send feedback and suggestions?
We are always happy to receive feedback and suggestions to make our product even better. To participate in our feedback program and help us in our endeavor, please follow the steps below:
This article is contributed. See the original author and article here.
PIM for Groups
Entra ID (formerly Azure AD) offers the Privileged Identity Management (PIM) for Groups feature, enabling users to attain just-in-time membership and ownership of groups, thus governing access to a range of services. This feature allows the implementation of policies similar to those in PIM for Entra ID Roles and PIM for Azure Resources, allowing the configuration of actions like approval enforcement, multi-factor authentication (MFA), justification requirements, and activation time limits. Each PIM for Groups configured group features two distinct policies, catering to membership and ownership activation. This means that if an account is both an eligible owner and an eligible member of a group, each of them have their own activation.
Microsoft 365 Defender RBAC offers centralized permissions management for the following services:
Defender for Endpoint
Defender for Identity
Defender for Cloud Apps
Defender for Office 365
Microsoft Defender Vulnerability Management
Secure score
When a role is created, the services which the role covers can be selected. The advantage of using the new M365 Defender RBAC as opposed to the legacy RBAC for each individual service is that it is possible to grant permissions to multiple services from just a single role assignment. If you have been using legacy RBAC assignments it’s very simple to import those roles into the new M365 Defender unified RBAC. The steps for importing the roles can be found here.
M365 Defender unified RBAC workloads need to be activated before they are applied. Until the workloads are activated Defender will apply the legacy RBAC model for each individual service.
When creating an M365 Defender role you will need to create an assignment for it. Assignments will have a scope (which Defender data sources the assignment will apply to) and Entra ID users or groups (which users or groups the assignment will be applied to).
As group membership can define getting M365 Defender roles, and group membership can be given in a just-in-time manner, it means that indirectly M365 Defender roles can be given in a just-in-time manner.
The steps to set this up would be the following.
Create the Entra ID group and add members
In the Azure portal go to Azure Active Directory and click on Groups and then New group.
Figure 1 Creating new group
Enter the details as required.
Figure 2 Adding details to group being created
Add Eligible Members to the group
Go to the Azure portal and search for Azure AD Privileged Identity Management in the search bar. Once there, select Groups on the left side of the menu. The group needs to be discovered before eligible members can be added. To discover the group, search the group name and select Discover groups.
Figure 3 Discover groups to manage with PIM
Select the group and click Manage groups.
Figure 4 Manage group using PIM
Click on OK.
Figure 5 Onboarding selected groups
Now the group should be visible. Select the group and click Assignments, then Add assignments in the Eligible assignments tab. If it is not added to this tab, the assignment will be active and not eligible.
Figure 6 Adding assignment to PIM managed group
Select the members to be added to the group.
Figure 7 Selecting members
Figure 8 Selecting members
Select Eligible and enter the start and end dates of the eligibility assignment. Once the correct dates are set click Done. Finish the assignment process.
Figure 9 Setting details of eligible membership
Now there should be the account added in the Eligible assignments tab on the groups membership.
Figure 10 Viewing eligible assignment of groups members
Now the group has PIM eligible members.
Create the M365 Defender Role
M365 Defender roles can be created in the M365 Defender portal. If you have the correct permissions you can click on Permissions on the left side in the menu.
Figure 11 Permissions tab in Defender menu
Under Microsoft 365 Defender select Roles.
Figure 12 Microsoft 365 Defender Roles in permissions page
Click on Create custom role. Enter the name of the role and click Next.
Figure 13 Beginning the creation of a custom role
On the Choose permissions tab click on each permission an select the level of access you want the role to have.
Figure 14 Permissions selection screen
Figure 15 Example permissions for Security Operations
Once the permissions you want are selected click on Next.
Figure 16 Permissions selected for each group
On the next screen assignment are created for the role. The assignments created will determine which account are assigned this role. Click on Add assignment.
Figure 17 Adding assignment to role
Enter the assignment name and select the group created in Step 1. Click Add.
Figure 18 Entering assignment details
Move to the next screen by clicking Next. Review the permissions and click Submit.
Figure 19 Reviewing and submitting the roles settings
As mentioned earlier, the M365 Defender RBAC has to be activated for workloads so that it can be applied. If this hasn’t been done already then it will need to be activated. On the main page for M365 Defender Roles there will be a note if any workload has not been activated. If this note is there then you will need to Activate workloads.
Figure 21 Activating workloads
Users perspective
Once a user has been made an eligible member of the group they can activate their membership and get temporarily assigned to the M365 Defender role. The user will have to follow these steps:
Go to Azure AD Privileged Identity Management and to the Groups tab in the menu on the left. The group should be visible. If the group is not visible, verify that the user is an eligible member of the group and that the group was ‘discovered’ by the admins. These steps can be found in the previous sections. Select Activate role.
Figure 22 Activating group membership
On the next screen select Activate on the group you want to activate the membership for.
Figure 23 Activating group membership
Select the duration the membership should last for and add a reason. Select Activate.
Figure 24 Activating group membership
After activating the role, if the membership status of the group is checked, you will see the account there with details about when the membership was activated.
Figure 25 Viewing the activated group membership
The users view in M365 Defender before and after activating the group membership, and therefore getting assigned the M365 Defender role. Notice that after the role is assigned the user can see menus for Defender related activities.
Figure 26 The Defender menu before activating the group membership
Figure 27 The Defender menu after activating the group membership
Wrapping it up
PIM for Groups paired with M365 Defender RBAC offers a solution for those looking for just-in-time Defender access. These can also be used in combinations. For example, if you want a certain sures to always have read access but access to take device actions should be granted just-in-time, then a read-only Defender role can be assigned permanently and the role for taking device actions can be granted to the group via the steps mentioned above.
Recent Comments