Blog - Page 780 of 941 - Dr. Ware Technology Services

Oxford AI Edge Engineer with Learn Live TV

by Contributed | Oct 1, 2020 | Uncategorized

This article is contributed. See the original author and article here.

Excited to announce our event on Microsoft Learn Live TV with The University of Oxford hands on labs walking through Microsoft Learn Modules.

Register via Microsoft Reactors at http://www.meetup.com/pro/microsoft-reactor

12^th October session

Sharpen your #AI #Edge skills 12th of Oct 1PM PDT Learn how to create a create a DevOps solution for Azure IoT Edge devices @pjdecarlo and @UniofOxford on Learn TV Register now http://aka.ms/oxdevops

13^th Oct session

Sharpen your #AI #Edge skills 13th of Oct 1PM PDT Learn how to develop secure IoT solutions with Azure Sphere and IoT Hub with @dglover and @MSFTImagine Live on Learn TV Register now http://aka.ms/oxIotHub

19^th Oct Session

Sharpen your #AI #Edge skills 19th of Oct 1PM PDT Use Azure IoT Edge to access a pre-built AI service & do language detection with @jimbobbennett and @MSFTImagine Live on Learn TV Register now http://aka.ms/oxcog

20^th Oct Session

Sharpen your #AI #Edge skills 20th of Oct 1PM PDT Learn how to develop secure IoT with Azure Sphere & IoT Central with @dglover & @MSFTImagine Live on Learn TV Register now http://aka.ms/oxIoTCentral

Infrastructure + Security: Noteworthy News (September, 2020)

by Contributed | Oct 1, 2020 | Uncategorized

This article is contributed. See the original author and article here.

Stanislav Belov
Jennifer Ross
2
6
2020-10-01T16:02:00Z
2020-10-01T16:02:00Z
1
2157
12295
102
28
14424
16.00

True
72f988bf-86f1-41af-91ab-2d7cd011db47
2017-11-26T16:38:40.3467680Z
General
Automatic
General

Clean
Clean

false
false
false

EN-US
X-NONE
<w:LidThemeComplexscript>X-NONE</w:LidThemeComplexscript>

You are reading the September issue of the Infrastructure + Security: Noteworthy News series! As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Microsoft Azure

Best practices to simplify governing employee access across your applications, groups and teams

As requirements change with new applications being added, or users needing additional access rights, IT staff may not know who should have access or to which applications. To succeed at scale, an identity governance process must enable all users’ access to be able to change with their needs, without burdening IT staff to be involved in each access request.

Announcing the public preview of Microsoft Graph change notifications delivery via Azure Event Hubs

We’re pleased to announce the public preview of an additional delivery mode for Microsoft Graph change notifications. You can now use Azure Events Hubs to receive change notifications instead of traditional webhooks.

Azure Cost Optimization Tools

Azure providing services as a utility, being consumed on demand it drives a fundamental change that impacts planning, bookkeeping, and organization. The ability to have virtually unlimited compute resources at one’s disposable means your organization must always be wary of excess costs that are not providing business value. The tools listed here will help your organization get an idea of where it is spending the most and where some cost optimization might be had.

Enterprise grade Kubernetes on Azure

Welcome to Ignite 2020 the online edition. In this article, Brendan is excited to share even more features that help all of our users build and secure their applications on the Azure Kubernetes Service (AKS).

Available for private preview: New Bookings experience and capabilities help streamline scheduling

Bookings is a Microsoft 365 app built to help organizations and businesses easily manage and simplify the complexities of scheduling. We are continuing to evolve Bookings and address the growing need to schedule and manage appointments both inside and outside of your organization. We are bringing you an enhanced, redesigned user experience and adding new capabilities to support broader use cases and large-scale deployment.

Authorize developer accounts by using Azure Active Directory in Azure API Management – Multi Tenants

It is practical to enable access to the developer portal for users from multiple Azure Active Directories. This article show you how to manage the external groups of multiple tenants.

What’s new in Microsoft Information Governance and Records Management

The unprecedented times we’re living in have dramatically accelerated remote work and collaboration, creating unique challenges for organizations of all sizes. During Microsoft Ignite 2020 we announced new capabilities in Microsoft Information Governance and Records Management to help customers meet these unique challenges such as regulatory record labels, Yammer message policies and much more.

Windows Server

Exchange News and Announcements – Microsoft Ignite 2020 Edition

We are announcing that the next versions of Exchange Server, SharePoint Server, Skype for Business Server and Project Server will be available in the second half of 2021, and are only available with the purchase of a subscription license. Subscription entitles access to support, product updates, security and time zone patches.

Third-Party Updates and Windows Update for Business

While using Windows Updates for Business (WUfB) is not for everyone, its simplicity and familiar end-user experience make it quite attractive to many organizations. One thing that WUfB does not provide today is updates for third-party products. For that, you need to continue to use an on-premises solution like Microsoft Endpoint Manager Configuration Manager to complement WUfB.

System Center 2012 Configuration Manager is Approaching End of Support

Microsoft System Center 2012 Configuration Manager has a support and servicing lifecycle during which we provide new features, software updates, security fixes, etc. This lifecycle lasts for a minimum of 10 years from the date of the product’s initial release. Check out this article to see when products will reach end of support.

Windows Client

Revised end of service date for Windows 10, version 1803: May 11, 2021

support We have heard your feedback and understand your need to focus on business continuity in the midst of the global pandemic. As a result, we have decided to delay the scheduled end-of-service date for the Enterprise, Education and IoT Enterprise editions of Windows 10, version 1803.

Windows lifecycle fact sheet

Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to update, upgrade or make other changes to your software.

Using SharePoint Online CSOM to Capture Versions of Document Sets

With the latest release of SharePoint Online Client Components aka CSOM (Client-Side Object Model) (version: 16.1.20317.12000 or above), we now support methods to capture versions of Document Sets in SharePoint Online document libraries.

Microsoft Endpoint Manager announces support for Windows Virtual Desktop machines

With Windows Virtual Desktop, you can move from a simple Proof-of-Concept (PoC) to a fully operational environment faster than ever before. This week, Microsoft announced several new capabilities that make it even easier to deploy, secure and scale your virtual desktop deployments. Microsoft Endpoint Manager customers can leverage our integration with Windows Virtual Desktop to help manage and operate their deployments efficiently and accelerate the move to a secure remote work solution.

Security

Conditional Access policies now apply to all client applications by default

Organizations use Azure AD Conditional Access to enforce Zero-Trust Least-Privileged Access policies. To help organizations more easily achieve a secure Zero Trust posture, we’re announcing 2 updates to help customers block legacy authentication: new Conditional Access policies will apply to legacy authentication clients by default and the client apps condition, including improvements to the client apps admin experience, is now in General Availability.

Azure Active Directory External Identities goes premium with advanced security for B2C

Over the past six months, we have seen organizations adapt to remote business environments and engage with an unprecedented number of external users, and we’ve seen our own service usage growing like crazy for B2B and B2C scenarios. We are excited to announce the Public Preview of Conditional Access and Identity Protection for Azure Active Directory (Azure AD) B2C.

Office 365 ATP is now Microsoft Defender for Office 365

At Ignite we announced Microsoft 365 Defender which brings the threat protection service portfolio across Microsoft 365 together under a unified brand. Microsoft 365 Defender offers powerful prevention, detection, hunting and response capabilities to threats across identities, endpoints, cloud apps, email, and documents. This new unified branding is a testament to our continued endeavor to integrate the different threat protection focused services across Microsoft.

Announcing Priority Account Protection in Microsoft Defender for Office 365

We are excited to announce the public preview of a critical new feature in the Microsoft Defender for Office 365 portfolio – Priority Account Protection. This capability is extremely valuable in helping security teams prioritize focus on critical individuals within the organization, offer them differentiated protection and thwart costly breaches in the process.

Introducing Microsoft Tunnel for remote access to corporate resources from iOS and Android

Microsoft Endpoint Manager is pleased to announce a public preview of Microsoft Tunnel Gateway. The Microsoft Tunnel Gateway solution allows Microsoft Intune-enrolled iOS and Android devices to access on-premises apps and resources. Tunnel is fully integrated with the Microsoft 365 cloud and takes advantage of single sign-on capabilities using Azure Active Directory (AAD) authentication from the client to Tunnel Gateway.

A unified approach to data loss prevention from Microsoft

Protecting sensitive data from risky or inappropriate sharing, transfer or use is simplified with Microsoft’s unified approach to Data Loss Prevention (DLP). With the recent Public Preview of Microsoft Endpoint DLP, we added native fully built-in DLP capabilities to Windows 10, Office Apps (e.g. Excel), and Microsoft Edge to help prevent risky or inappropriate sharing, transfer, or use of sensitive data across applications or services.

Secure external collaboration using sensitivity labels

In this article we are going to clarify a topic which has been causing a lot of confusion and questions among our customers: “How do we securely share emails and documents with someone outside of our organization using sensitivity labels?”

Updates and Support Lifecycle

Preview: Automatic VM guest patching for Windows VMs in Azure

Enabling automatic VM guest patching for your Windows VMs helps ease update management by safely and automatically patching virtual machines to maintain security compliance. Automatic VM guest patching is currently in Public Preview.

Released: September 2020 Quarterly Exchange Updates

We are announcing the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previously released security updates.

September 2020 Hybrid Configuration Wizard Update

We are happy to announce an update to the Exchange Hybrid Configuration Wizard (HCW) which enables either a Full or Minimal Hybrid deployment from a single on-premises organization to more than one cloud tenant.

Microsoft Information Protection SDK 1.7: Now Available

We’re pleased to announce that the Microsoft Information Protection SDK version 1.7 is now generally available via NuGet and Download Center.

Products reaching End of Support for 2020

Microsoft Premier Support News

Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.

Announcing Major Performance Improvements for Azure SQL Managed Instance | Data Exposed

by Contributed | Oct 1, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

In this episode of Data Exposed with Vladimir Ivanovic, he announces a set of major performance improvements for Azure SQL Managed Instances, which enable customers to migrate their more performance-hungry database workloads to Azure SQL Managed Instance. These improvements are automatically enabled for all existing and future Azure SQL Managed Instances at no extra charge, making Azure SQL Managed Instance the best fully-managed database platform for mission-critical workloads.

Watch on Data Exposed

Resources:

Azure SQL Managed Instance Resource Limits
Service Tier Characteristics

View/share our latest episodes on Channel 9 and YouTube!

Azure VMs at GTC: New Options for Workloads of Any Size

by Contributed | Oct 1, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

This year at NVIDIA GTC, we’re excited to expand on our announcement of new GPU VM sizes available to Azure customers that continue our promise of providing VMs for every workload, at any scale- from a few inferences, to training multi-billion parameter natural language models.

The first is a flagship scale-up and scale-out offering, built on the NVIDIA A100 Tensor Core GPU– the ND A100 v4 platform- for users requiring the next frontier of AI training capabilities, which we unveiled in August. Equally important, however, in rounding out the Azure AI GPU portfolio, is a new and efficient NVIDIA T4 Tensor Core GPU-equipped VM series. The NC T4 v3 VMs are a cost-effective yet powerful option for customers looking to deploy machine learning in real-time production contexts.

Azure is committed to offering our customers the performance, pricing, unique features and worldwide availability they need to be successful in the rapidly changing landscape of accelerated cloud infrastructure. Four other generations of NVIDIA GPUs are also available to our customers worldwide, with a dozen Virtual Machine size options, including the industry’s only public cloud VMs with NVIDIA Mellanox InfiniBand scale-out networking.

Flagship NVIDIA A100– powered Azure VMs for Demanding AI Training and Compute

During the AI and GPU Infrastructure at Every Scale in Azure session [A22245TW] at GTC, we’ll be disclosing more details around the NVIDIA A100-powered ND A100 v4 product for high-end GPU computing in the cloud. This brand new offering, built around eight NVIDIA A100 Tensor Core GPUs, is poised to fulfill the most demanding AI training requirements for customers with large models, and enable a new class of tightly coupled, distributed HPC workloads. With ND A100 v4, customers can harness the power of interconnected GPUs, each connected via PCIe Gen 4 with an independent NVIDIA Mellanox HDR 200 Gigabit InfiniBand link.

Scalable from eight GPUs and a single VM, to hundreds of VMs and thousands of A100 GPUs- a scale rivaling some of the world’s largest supercomputers- clustering is turnkey with out-of-box support for NVIDIA’s NCCL2 communication library. Distributed workloads benefit from topology-agnostic VM placement and a staggering 1.6 Terabits of interconnect bandwidth per virtual machine, configured automatically via standard Azure deployment constructs such as VM Scale Sets.

Designed in close partnership with NVIDIA, the ND A100 v4 supports the same industry standard Machine Learning frameworks, communication libraries, and containers commonly deployed on-premise as a standard Azure VM offering.

The ND v4 is in limited preview now, with an expanded public preview arriving late this year.

NVIDIA T4–Powered Azure VMs for Right-Sizing Cloud GPU Deployments

Also new to Azure are NVIDIA T4 Tensor Core GPUs, providing a hardware-accelerated VM for AI/ML workloads with a low overall price point.

The NC T4 v3 series provides a cost-effective, lightweight GPU option for customers performing real-time or small–batch inferencing, enabling them to right-size their GPU spending for each workload. Many customers don’t require the throughput afforded by larger GPU sizes, and desire a wider regional footprint. For these use cases, adopting the NC T4 v3 series with no additional workload-level changes is an easy cost optimization. For customers with larger inferencing needs, Azure continues to offer NVIDIA V100 VMs such as the original NC v3 series, in one, two and four GPU sizes.

The NC T4 v3 is an ideal platform for adding real-time AI-powered intelligence to services hosted in Azure. The new NC T4 3 VMs are currently available for preview in the West US 2 region, with 1 to 4 NVIDIA T4 Tensor Core GPUs per VM, and will soon expand in availability with over a dozen planned regions across North America, Europe and Asia.

To learn more about NCasT4_v3-series virtual machines, visit the NCasT4_v3-series documentation.

Azure Stack Hub and Azure Stack Edge is now available with GPUs

Azure Stack Hub is available with multiple GPU options. For example the NVIDIA V100 Tensor Core GPU, which enables customers to run compute intense machine learning workloads in disconnected or partially connected scenarios. The NVIDIA T4 Tensor Core GPU is available in both Azure Stack Hub and Azure Stack Edge and provides visualization, inferencing, and machine learning for less computationally intensive workloads. With NVIDIA Quadro Virtual Workstation running on the NVIDIA T4 instance of Azure Stack Hub, creative and technical professionals can access the next generation of computer graphics and RTX-enabled applications, enabling AI-enhanced graphics and photorealistic design.

Learn more about these recent announcements here: Azure Stack Hub and Azure Stack Edge.

Microsoft Sessions at NVIDIA GTC

Session Title	Location	Speakers	Session Type
Accelerate Your ML Life Cycle on Azure Machine Learning (A22247) Azure Machine Learning helps scale out deep learning training and inferencing using distributed deep learning frameworks to parallelize computation with NVIDIA GPUs. See how you can scale your ML workflows in a repeatable manner and automate and drive cost efficiencies into the entire ML life cycle across model building, training, deployment, and management.	US	Keiji Kanazawa Principal Program Manager, Microsoft	Live Tuesday, Oct 6, 08:00 – 08:50 PDT
Accelerating PyTorch Model Training and Inferencing with NVIDIA GPUs and ONNX Runtime [A22270] Extend the Microsoft experience of training large natural language model with ONNX Runtime and Azure Machine Learning to your own scenarios.	US	Natalie Kershaw Senior Program Manager, Microsoft	On Demand
Visualization and AI inferencing using Azure Stack Hub and Azure Stack Edge [A22269] Learn how you can use Azure Stack Hub or Edge to run machine learning models at the edge locations close to where the data is generated. We’ll demonstrate how to train the model in Azure or Azure Stack Hub to run the same application code across cloud GPU and edge devices and distribute these models to edge, using hosted services like Azure IoT Edge or as Kubernetes containers.	US	Vivek N Darera Principal Program Manager, Microsoft	On Demand

AI and GPU Infrastructure at Every Scale in Azure [A22245] Join us for a brief walkthrough of Azure’s GPU-equipped infrastructure capabilities, from visualization to massively-parallel AI training supercomputers powered by the latest NVIDIA A100 GPUs and Mellanox HDR InfiniBand. From the cutting edge of AI research to production deployment of ML services worldwide — and any scenario in between — Azure has a VM for every workload.	US	Ian Finder Senior Program Manager, Microsoft	On Demand

Azure Sphere 20.09 security updates

by Contributed | Oct 1, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

Another Azure Sphere release has occurred and to accommodate the release I am presenting another security blog post. We are committed to keep our system secure against evolving security threats which takes both internal and external effort, the most recent external effort being the Azure Sphere Security Research Challenge that has wrapped up. Let’s get to the list of changes and fixes done on the system without wasting any further time.

Our list of security enhancements and fixes:

Upgrade to Linux Kernel 5.4.59
Fix littlefs pagecache memory information leak
Modify littlefs to zero memory on truncate
Validate file sizes during truncation in littlefs
Identified and added more input validations in Pluton Runtime
Add missing mprotect check from previously reported unsigned code execution bug by Cisco Talos
More memory pointer validations in SW to avoid using pointers pointing to improper areas between NW and SW
Set proper Azure Sphere capabilities on azcore when executed by the kernel per report from McAfee ATR

We are always striving in our work to improve our security promises and to enhance the platform. It is known that we have been doing fuzzing for awhile, however all of our fuzzing has been pieces of the system. We have been working hard and have now advanced our ability to allow full end to end fuzzing of the system, expanding our testing abilities and giving us one more tool to use to help identify coding flaws. Coding flaws are only part of the issue though, tools looking for a crash will never catch information leakage nor catch bugs that allow for privilege escalation due to improper validations which opens up whole new arenas of validations that need to be reviewed.

As I’ve heard a lot recently “onwards and upwards”.

Jewell Seay
Azure Sphere OSP Security Lead

Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.

by Contributed | Oct 1, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

Given the richness and potential sensitivity of data stored in security solutions such as Azure Sentinel they can become important targets for external threat actors who gain access to the environment as well as malicious insiders and therefore should be monitored for specific threats. To assist in this a new feature was recently added to Log Analytics (the technology the underpins Azure Sentinel’s log storage and query capabilities), that allows you to capture an audit log of all queries run against the workspace. In this blog we will look at how we can use this new audit feature to monitor and hunt in these audit logs to find potentially malicious activity.

My colleague Sarah Young has shared a great blog covering some aspects of the audit log and how it can be combined with Azure Activity data to give you a wider perspective on user activity. In this blog I am going to take it a step further and deep dive into the details of the logs and look at some hunting and detection queries for this log source that we recently released.

Details of how to set up this audit logging can be found in the audit log documentation. For this blog we are assuming you are writing the audit logs into an Azure Sentinel workspace. Whilst it is possible to write the logs to other sources such as Azure Storage it is recommended for monitoring that you store in an Azure Sentinel Workspace so that you can leverage its capabilities to support hunting and detections.

Anatomy of the Audit Log

Before we start hunting in the logs we need to understand the structure of it and where to find the most valuable data. From a security perspective there are a few fields of particular interest which the table below details. Once you start collecting these audit logs you should spend some time to ensure that you fully understand what they contain.

Column Name	Details
Time Generated	This is the UTC time that the query was submitted.
AADEmail	This is the email/UPN of the user who submitted the query.
RequestClientApp	This is the name of the client type used to run the query, for queries made via the Azure Sentinel UI it will be populated with “ASI_Portal” – this is broadly analogous to a UserAgent.
QueryText	This is as string of the query text that is being executed. It often includes elements not present in the UI, for example you may see “set query_take_max_records=10001;set truncationmaxsize=67108864;” at the start of a query, this is automatically added by the client and was not necessarily entered by the user themselves.
RequestContext	This is the Azure resource the query was run against. This field is useful if you have the audit log from multiple workspaces aggregated in one workspace as this helps you identify the target workspace for the query. If the query covers multiple workspaces there will be multiple values here.
ResponseCode	The is the HTTP response code from submitting the query i.e. 200 indicates the query executed without issue.
ResponseRowCount	The number of result rows the query returned.
ResponseDurationMs	How long the query took to execute and return a response.

Hunting and Detection Opportunities

Users searching for specific VIP user identifiers.

ATT&CK T1530, T1213, T1020

One of the most obvious and easy detection opportunities with these audit logs is to look for specific key words in the queries being run. Given that security logs often contain an abundance of personal detail a malicious user may want to search the data for specific user activity. We can easily identify this by looking for queries that contains unique identifiers for those users. Below is an example of a query that looks for queries that contains the email addresses of specified VIP users. You could also modify this to include searches for display names or other identifiers. Whilst a security analyst may have legitimate reason to search based on a specific user identifier such as this it would not be expected to be a regular search unless analysts were given specific tasking.

let vips = dynamic(['vip1@email.com','vip2@email.com']);
  let timeframe = 1d;
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where QueryText has_any (vips)
  | project TimeGenerated, AADEmail, RequestClientApp, QueryText, ResponseRowCount, RequestTarget

User searching for secrets.

ATT&CK T1530, T1213

In a similar manner as the query above we can also look for users querying for secrets within logs. It is not uncommon for passwords and other secrets to leak into logs and a malicious actor could easily use KQL to search for these. There have been several high profile incidents where plain text credential’s appeared in logs, such as the incident Twitter reported in 2018, and attackers are likely to take advantage of access to a SIEM solution such as Azure Sentinel to check for this. For more on hunting for credentials in datasets please take a look at this RSA blog.

Given the numerous cases where a user might legitimately search of strings such ‘password’ you will need to tailor the keyword and exclusion lists for your environment.

 // Extend this list with items to search for
  let keywords = dynamic(["password", "pwd", "creds", "credentials", "secret"]);
  // To exclude key phrases or tables to exclude add to these lists
  let table_exclusions = dynamic(["AuditLogs","SigninLogs", "LAQueryLogs", "SecurityEvent"]);
  let keyword_exclusion = dynamic(["reset user password", "change user password"]);
  let timeframe = 7d;
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where RequestClientApp != 'Sentinel-General'
  | extend querytext_lower = tolower(QueryText)
  | where querytext_lower has_any(keywords)
  | project TimeGenerated, AADEmail, QueryText, RequestClientApp, RequestTarget, ResponseCode, ResponseRowCount, ResponseDurationMs, CorrelationId
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail
  | join kind=leftanti ( LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where RequestClientApp != 'Sentinel-General'
  | extend querytext_lower = tolower(QueryText)
  | where QueryText has_any(table_exclusions) or querytext_lower has_any(keyword_exclusion))
  on CorrelationId

New user running query.

ATT&CK T1530, T1213

An attacker who compromises an account could leverage that account to access Azure Sentinel/Log Analytics even if that user does not regularly use the service. Therefore we can hunt for situations where we see a user executing queries who has not recently done so. This query is likely to be too false positive prone to be useful as detection logic but makes a useful hunting starting point.

let lookback = 7d;
  let timeframe = 1d;
  LAQueryLogs
  | where TimeGenerated   between(startofday(ago(lookback))..startofday(ago(timeframe)))
  | summarize by AADEmail
  | join kind = rightanti (LAQueryLogs
  | where TimeGenerated > ago(timeframe))
  on AADEmail
  | project TimeGenerated, AADEmail, QueryText, RequestClientApp, RequestTarget
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

New Service Principal running query.

ATT&CK T1530, T1213

As with new user query we can also hunt for new Service Principals running queries. It is important to cover this perspective as well as Service Principals can also be given access to run queries. Whilst the number of Service Principals running queries is likely to be more static than with users this query is still likely to be false positive prone and therefore is better suited as a hunting query.

 let lookback = 7d;
  let timeframe = 1d;
  LAQueryLogs
  | where TimeGenerated between (ago(lookback)..ago(timeframe))
  | where ResponseCode == 200 and RequestClientApp != "AppAnalytics" and AADEmail !contains "@"
  | distinct AADClientId
  | join kind=rightanti(
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where ResponseCode == 200 and RequestClientApp != "AppAnalytics" and AADEmail !contains "@"
  )
  on AADClientId
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

New client running query.

ATT&CK T1530, T1213, T1020

Often when an account is compromised by an external attacker there are indicators that the account is not being controlled by a legitimate user, one of these indicators can be when the account uses a technology not commonly associated with regular users. We can look for this in the audit log by monitoring for queries executed by a client type we have not previously seen. This query can also be combined with some of the anomaly detection queries detailed later in order to create a more refined detection or hunting query.

let lookback = 7d;
  let timeframe = 1d;
  LAQueryLogs
  | where TimeGenerated between (ago(lookback)..ago(timeframe))
  | where ResponseCode == 200
  | join kind= rightanti(
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  )
  on RequestClientApp
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

Multiple large queries

ATT&CK T1030

A malicious actor with access to a data source may look to exfiltrate date from the source for persistent offline access. During the 2014 breach of Anthem attackers searched across datasets to find material of interest and then extracted these in bulk queries . We can monitor this activity such as this by looking for multiple large queries made by a single user. Most legitimate users are unlikely to run multiple queries that return many thousands for rows as data that size is unmanageable from an analysis perspective.

  let UI_apps = dynamic(['ASI_Portal','AzureMonitorLogsConnector','AppAnalytics']);
  let threshold = 3;
  let timeframe = 1d;
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where (ResponseRowCount == 10001 and RequestClientApp in(UI_apps)) or (ResponseRowCount > 10001 and RequestClientApp !in(UI_apps))
  | summarize count() by AADEmail
  | where count_ > threshold
  | join kind=rightsemi (
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where (ResponseRowCount == 10001 and RequestClientApp in(UI_apps)) or (ResponseRowCount > 10001 and RequestClientApp !in(UI_apps)))
  on AADEmail
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

Data volume anomalies.

ATT&CK T1030

As well as just looking for large query results, we can use KQL’ timeseries capabilities to look for anomalies in the volume of data being returned by a user. Whilst this may generate some false positives for users who only use the service occasionally it is an effective tool for identifying suspicious changes in regular user’s activity.

 let lookback = 7d;
  let threshold = 0;
  LAQueryLogs
  | make-series rows = sum(ResponseRowCount) on TimeGenerated in range(startofday(ago(lookback)), now(), 1h)
  | extend (anomalies, score, baseline) = series_decompose_anomalies(rows,3, -1, 'linefit')
  | mv-expand anomalies to typeof(int), score to typeof(double), TimeGenerated to typeof(datetime)
  | where anomalies > threshold
  | sort by score desc
  | join kind=rightsemi (
  LAQueryLogs
  | summarize make_set(QueryText) by AADEmail, RequestTarget, TimeGenerated = bin(TimeGenerated, 1h))
  on TimeGenerated
  | project TimeGenerated, AADEmail, RequestTarget, set_QueryText
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

Cross workspace query anomalies

ATT&CK T1530, T1213, T1020

As well as looking for anomalies in data volume we can also look for anomalies in the number of different workspaces that a user is querying. A user who regularly runs queries against a single workspace who then suddenly starts querying multiple workspaces is a potential indicators of malicious activity.

 let lookback = 30d;
  let timeframe = 1d;
  let threshold = 0;
  LAQueryLogs
  | where TimeGenerated between (ago(lookback)..ago(timeframe))
  | mv-expand(RequestContext)
  | extend RequestContextExtended = split(RequestTarget, "/")
  | extend Subscription = tostring(RequestContextExtended[2]), ResourceGroups = tostring(RequestContextExtended[4]), Workspace = tostring(RequestContextExtended[8])
  | summarize count(), HistWorkspaceCount=dcount(Workspace) by AADEmail
  | join (
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | mv-expand(RequestContext)
  | extend RequestContextExtended = split(RequestTarget, "/")
  | extend Subscription = tostring(RequestContextExtended[2]), ResourceGroups = tostring(RequestContextExtended[4]), Workspace = tostring(RequestContextExtended[8])
  | summarize make_set(Workspace), count(), CurrWorkspaceCount=dcount(Workspace) by AADEmail
  ) on AADEmail
  | where CurrWorkspaceCount > HistWorkspaceCount
  // Uncomment follow rows to see queries made by these users
  //| join (
  //LAQueryLogs
  //| where TimeGenerated > ago(timeframe))
  //on AADEmail
  //| extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

User query result volume variation.

ATT&CK T1530, T1213, T1020

As well as looking for timeseries based anomalies in data volume we can also look for situations where a specific users total returned rows of data for a day increases significantly from the last seven days. Whilst this may produce false positives in occasional users it can be a useful hunting query when looking at users who regularly run queries but who suddenly exhibit suspicious behavior.

let threshold = 10;
  let lookback = 7d;
  let timeframe = 1d;
  let baseline = 10000;
  let diff = 5;
  let anomolous_users = (
  LAQueryLogs
  | where TimeGenerated between(startofday(ago(lookback))..startofday(ago(timeframe)))
  | summarize score=sum(ResponseRowCount) by AADEmail
  | join kind = fullouter (LAQueryLogs
  | where TimeGenerated > startofday(ago(timeframe))
  | summarize score_now=sum(ResponseRowCount) by AADEmail)
  on AADEmail
  | extend hist_score = iif((score/29)*threshold > baseline, (score/29)*threshold, baseline)
  | where isnotempty(score)
  | where score_now > hist_score*diff
  | project AADEmail);
  LAQueryLogs
  | where TimeGenerated > ago(timeframe)
  | where AADEmail in(anomolous_users)
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail
  // Comment out the line below to see the queries run by users.
  | summarize total_rows = sum(ResponseRowCount), NoQueries = count(), AvgQuerySize = sum(ResponseRowCount)/count() by AADEmail

Multiple failed queries.

ATT&CK T1020

Another indicator of suspicious activity is the repeated failure of queries. Regular users are unlikely to have many queries that fail repeatedly. Instead this is likely be caused by misconfigured automated queries. Legitimate services are likely to catch and remediate such issues quickly so searching for repeated failures can help to identify malicious services.

let lookback = 7d;
  let timeframe = 1h;
  let threshold = 10;
  LAQueryLogs
  | where TimeGenerated > ago(lookback)
  | where ResponseCode != 200
  | summarize count() by AADEmail, bin(TimeGenerated, timeframe)
  | where count_ > threshold
  | join kind=rightsemi (
  LAQueryLogs
  | where TimeGenerated > ago(lookback)
  | summarize make_set(QueryText) by AADEmail, bin(TimeGenerated, timeframe))
  on AADEmail, TimeGenerated
  | extend timestamp = TimeGenerated, AccountCustomEntity = AADEmail

All of the queries detailed here are available via the Azure Sentinel GitHub, in addition we are continuing our work to look at these audit logs and we hope to publish additional material on how to use them to make you queries, and team operations more efficient in the near future.

Thanks to Ashwin Patil, Christopher Glyer and Shain Wray for thier input, and ideas on this topic.

Customizing Endpoint Protection Recommendation in Azure Security Center

by Contributed | Oct 1, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

Azure Security Center assesses your environment and enables you to understand the status of your resources, to help you improve the Security Posture. The heart of the Security Center lies in its recommendations. Security recommendations help you to reduce the attack surface across your workloads. One important recommendation that Security Center has is to identify if your computers have an endpoint protection solution installed.

Azure Security Center monitors the status of antimalware protection and reports this under the ‘Enable Endpoint protection’ security control when it identifies the Antimalware solution is not installed or unhealthy. Security Center highlights issues, such as detected threats and insufficient protection, which can make your virtual machines vulnerable to antimalware threats. This is a very important recommendation because malware cannot only be downloaded or installed by threat actors, but also inadvertently by legitimate users who are supposed to access your machines.

Azure Security Center covers a variety of Antimalware vendors today. You can find the list of supported versions in this article. However, in a scenario where you’re using an antimalware protection that is not in the Azure Security Center supported list but you still want to have visibility over the status of this antimalware using Security Center dashboard, how would you tackle this scenario? In this blog, I would like to walk you through a Github artifact that will help you monitor any antimalware you may be using even if it is not in the Security Center supported list.

The Github artifact will deploy a Guest Configuration policy to monitor antimalware in your machines. For context, Azure Guest Configuration Policy can audit settings inside a machine, both for machines running in Azure and Arc Connected Machines, the validation is performed by the Guest Configuration extension and client. Before we deploy this artifact, let’s understand the resources that’s making it all possible.

Expected contents of this Custom Guest Configuration artifact

The completed package is used by Guest Configuration to create the Azure Policy definitions. The package consists of:

– Modules folder

AzureGuestConfigurationPolicy module
DscResources module
(Windows) DSC resource modules required by the MOF

The DSC module in the artifact, is checking CIM Instance (Get-CimInstance) in the SecurityCenter namespace to check for any antivirus product installed in the Windows VM and the query returns the list of antimalware installed in the machine (an example is as shown in Image 1).

Image 1: Get-CimInstance output

In my example here, the VM is running Windows Defender as well as Avast Antivirus. Azure Security Center can discover Windows Defender however, Avast Antivirus discovery is not supported.

The DSC is then trying to identify if there is a process running that executable on the VM, which evaluates the Antivirus is not just installed but it’s running and healthy in a given VM.

The DSC is using Get-Process that will find the process running in the machine (an example is as shown in Image 2). If there’s no instance of a process running the Antivirus executable found, the validation will stop and returns a status of Stopped providing you a clear description.

Image 2: Get-Process output

In summary, If the antimalware is not found in the CIMInstance list, then the DSC returns Absent. If it is found, but doesn’t identify the process running, it will return:

Ensure = “Present”

Status = “Stopped”

If the process is found, then:

Ensure = “Present”

Status = “Running”

For an overview of DSC concepts and terminology, see PowerShell DSC Overview.

Under AzureGuestConfigurationPolicy folder, you’ll find a module (AzureGuestPolicyHelper.psm1) that will help you create policy package, upload it directly to your Azure subscription and will configure everything for you. Let’s take a step back and review the resources in here.

When auditing Windows, Guest Configuration uses a Desired State Configuration (DSC) resource module to create the configuration file. The DSC configuration defines the condition that the machine should be in. If the evaluation of the configuration fails, the policy effect auditIfNotExists is triggered and the machine is considered non-compliant.

In our example, under the Configuration folder you’ll notice a bogus configuration which is needed for Azure Guest Configuration policy during execution. So here, the configuration that will be used for the policy. In our scenario, we want to monitor Antivirus making sure the antivirus is installed and the agent is running. Find the sample below for reference,

Configuration MonitorAntivirus

{

Import-DscResource -ModuleName EndPointProtectionDSC

Node MonitorAntivirus

{

EPAntivirusStatus AV

{

AntivirusName = “Windows Defender”

Status = “Running”

Ensure = “Present”

}

cd $env:Temp

MonitorAntivirus

NOTE: Though I’m specifying Windows Defender as the AntivirusName in the configuration file, it could really be anything. You could monitor for any Antivirus software you might be running, during the compile time, which takes me to my next section – Parameters file.

The script is using parameters file (sample below for reference) which basically tells the Azure Guest Configuration policy to monitor for that specific Antivirus software that you specify during the assignment.

Remember, you can use wildcard entry too. For eg., if you want to monitor for ‘Avast Antivirus’ and you’re not sure what is the complete name of the Antivirus Windows is referring it as, you can simply type in as Avast*

Name = ‘AntivirusName’

DisplayName = ‘Antivirus Name’

Description = “Name of the Antivirus Software to monitor.”

ResourceType = “EPAntivirusStatus”

ResourceId = ‘AV’

ResourcePropertyName = “AntivirusName”

DefaultValue = ‘Windows Defender’

#AllowedValues = @(‘Avast’,’Windows Defender’,’CrowdStrike’,’Sentinel One’)

}

)

This entire configuration is compiled into a .MOF file which will eventually be stored in the Azure blob storage account that you specify during the execution.

Make sure to read about how Azure Policy’s Guest Configuration works that will help you understand this script in detail.

Execution of this Custom Guest Configuration policy:

Pre-requisites:

Make sure to download the entire artifact from the Github repository and save the unzipped folder to your local machine under ‘C:Program FilesWindowsPowerShellModules’ before the execution.
To audit settings inside a machine, the Guest Configuration extension and a managed identity is required to audit Azure virtual machines. To deploy the extension at scale, make sure to choose appropriate scope and assign the policy initiative ‘Deploy prerequisites to enable Guest Configuration policies on virtual machines’ under Azure Policies as shown in the image (Image 3) below.

Image 3: Deploy Prerequisites to enable Guest Configuration Policies in VMs

Refer to this article, to understand Scope in Azure Policy.

Image 4: Policies under Guest Configuration Policy Initiative

To understand the Effect Type of the policies, please refer to this article

Once you’ve assigned the Guest Configuration policy to a specific Scope, you can monitor the Compliance of the policy from the ‘Compliance’ section under ‘Azure Policy’. As shown in the below Image 5.

Image 5: Guest Configuration Policy Initiative showing Compliance

Once you have taken care of the pre-requisites, proceed with the execution of the policy.

Execution:

Open the PowerShell as an administrator and run the command ‘New-EPDSCAzureGuestConfigurationPolicyPackage’ which will create policy package for you in your Azure Subscription.
You’ll first be prompted to enter a Resource Group Name, Resource Group Location, Storage Container Name, Storage account name and Storage SKU name
You’ll then be prompted to login to your Azure Subscription
Refer to this article to learn about Storing Guest Configuration artifacts.
Once connected to your subscription, the script will compile the DSC configuration to a MOF file and will publish the Configuration package to the storage account (you defined in Step 2) in the blob storage (as shown in the below image 6)
This eventually generates a Guest Configuration policy and publishes the Initiative under Definitions of the Azure Policies as a Guest configuration policy.
Under the Policies tab, you’ll notice all the individual policy definitions in the initiative that contribute to this control, as shown in image 7 and Image 8.

Policy Execution

Image 6: Configuration file that’s uploaded to Storage blob Container

Image 7: Initiative to monitor AntivirusImage 8: Policies under the Initiative

Now it’s time to assign this Initiative to the scope you desire to target. The term scope refers to all the resources, resource groups, subscriptions, or management groups that the definition is assigned to.

Please refer this article, to learn more about the assignment and for steps to assign it via PowerShell and Azure CLI.

While you’re assigning this Initiative to a Scope, you could modify the Assignment name if required as shown in the gif below.

Policy Assignment

Once you’ve assigned the custom policy, review the Compliance state of the policies by navigating to ‘Compliance’ under Azure Policy and selecting the Initiative. The Resource compliance tab provides a granular view of each resource that’s evaluated by a member policy of the currently viewed control.

Checking Compliance

In my example, I’m monitoring to gather details of VMs which do not have installed and not running. I’ve two resources (epptest (VM without Avast Installed) and vmclient (VM with Avast Installed)) in the selected scope. The script is identifying the VM that do not have Avast installed and raising the non-compliance of the resource with the help of ‘Audit policy’.

Assign the Custom Initiative to Azure Security Center

You can add the custom Initiative to Security Center to receive recommendations if your environment doesn’t follow the policy you created. As we learnt above, Security Center automatically runs continuous scans to analyze the security state of your Azure resources. When Security Center identifies potential security vulnerabilities, it creates recommendations that guide you through the process of configuring the needed security controls. Security Center updates the Endpoint Protection issue recommendations within 8 hours.

To assign this Custom Initiative, navigate to Security Policy under Security center and choose the desired subscription or Management Group. Click on ‘Add a Custom Initiative’ under Your Custom Initiatives that should take you to a screen as below (Image 9), find the Initiative created above and click on ‘add’

Image 9: Add Custom Initiative

Your new Initiative takes effect and you can see the impact in two ways:

From the Security Center sidebar, under Policy & Compliance, select Regulatory compliance. The compliance dashboard opens to show your new custom initiative alongside the built-in initiatives.
You’ll begin to receive recommendations if your environment doesn’t follow the policy you’ve defined.

To see the resulting recommendations for your policy, click Recommendations from the sidebar to open the recommendations page. The recommendations will appear with a “Custom recommendations” label as shown in Image 10

Image 10: Custom Recommendations

NOTE: Make sure to disable the Endpoint protection policy (in the built-in ASC initiative) that generates missing Endpoint protection recommendation inorder to prevent it appearing again and to avoid it to be counted to the overall Secure score.

The disable policy changes can take up to 12 hours to take effect.

Refer to this article to disable a recommendation to appear by disabling the specific policy that generates the recommendations.

Enhance custom Recommendations

You can further enhance your custom recommendations similar to the built-in recommendations. The built-in recommendations supplied with Azure Security Center includes details such as severity levels and remediation instructions. If you want to add this type of information to your custom recommendation, follow this article

This GitHub Artifact as well as many other can be found here:

Direct Link to GitHub sample

Azure Security Center GitHub Repo

Additional Resource:

Big shoutout to Microsoft365DSC which made this all possible. Check it out.

Are you an organization using Endpoint protection outside of what ASC supports? Don’t worry anymore, go ahead and deploy this policy to witness the magic.

Reviewer

Special Thanks to @Yuri Diogenes, Principal Program Manager in the CxE ASC Team for reviewing this article.

New transactable offers from Unravel Data, Tidal Migrations, and NGINX in Azure Marketplace

by Contributed | Oct 1, 2020 | Azure, Technology, Uncategorized

This article is contributed. See the original author and article here.

Microsoft partners like Unravel Data, Tidal Migrations, and NGINX deliver transact-capable offers, which allow you to purchase directly from Azure Marketplace. Learn about these offers below:

Unravel for Azure HDInsight: This monitoring, tuning, and troubleshooting tool from Unravel gives you instant visibility into Microsoft Azure HDInsight clusters with a single click. Unravel provides AI-powered recommendations and automated actions to optimize big data pipelines and applications, maximizing cost savings. Unravel for Azure HDInsight installs Unravel on an edge node in your cluster. Try it free for 14 days.

Unravel for Azure Databricks and Azure HDInsight: Unravel’s monitoring, tuning, and troubleshooting tool for Spark on Microsoft Azure Databricks and HDInsight provides granular chargeback and cost optimization for big data workloads. Evaluate your migration from on-premises Hadoop to Azure, optimize your cluster resources, provide essential context to DataOps teams, and maximize Spark performance and reliability in the cloud.

Tidal Migrations Platform: The Tidal Migrations platform provides your team with a simple, fast, and cost-effective cloud migration management solution. Its efficient tools enable you to gather and organize information in an application-centric way, with source code analysis and PDF cloud application assessment reports. Share dashboards and collaborate as you discover, assess, plan, and execute your migration to Microsoft Azure.

Tidal Migrations -Premium Insights for Database: This add-on to your Tidal Migrations subscription enables you to quickly analyze your databases, identifying roadblocks to cloud migrations based on more than 100 unique characteristics. Databases are analyzed based on their metadata, looking at specific schema objects and permissions, as well as any proprietary features that won’t be available in the target platforms.

Tidal Migrations -Premium Insights for Source Code: Use this add-on to your Tidal Migrations subscription to provide insights about the applications you plan to refactor or replatform to Microsoft Azure. Scan your application source code, identifying roadblocks to cloud migrations based on 140+ patterns. Detect the frameworks in use (Struts, Rails, jQuery, etc.) as well as vulnerabilities in your code today.

NGINX Plus: Deliver applications with performance, reliability, security, and scale with NGINX Plus on Microsoft Azure. NGINX Plus is lightweight yet serves as an all-in-one load balancer, reverse proxy, API gateway, and content cache. Deploy quickly and cost-effectively with NGINX Plus, and benefit from speeds of less than 30 milliseconds.

Collection of Useful Tools for QA/Test Engineers

by Contributed | Oct 1, 2020 | Uncategorized

This article is contributed. See the original author and article here.

Edited by @Edwin Hernandez

Please find below a collection of publicly available tools that I find valuable for QA/Test Engineers, either for Performance Testing or UI Test automation. These tools have been passed around internally on the MSFT Test Team, some of them for years. Most of them cover a tiny niche and thus can be considered a bit buried or obscure, but if they are what you need, they can help you.

BUILD QUALITY CHECKS

(First reported by Bernhard Vogel)

Using Azure DevOps “Build Quality Checks“ tasks, you can easily control that the quality steadily goes up from build to build. There are various smart metrics to use, i.e. compare test coverage of the previous build with the current build and if it trends down > fail the build.

Policies:

The Build Quality Checks task currently supports two policies (click the link for details):

Warnings Policy – Allows you to fail builds based on the number of build warnings.
Code Coverage Policy – Allows you to fail builds based on the code coverage value of your tests.

Available here: https://marketplace.visualstudio.com/items?itemName=mspremier.BuildQualityChecks#overview

SCREEN TO GIF

(First reported by Johnathan Liu)

This tool allows you to record a selected area of your screen and save it as a Gif.
I have to share out this very cool tool called ScreenToGif that was shown to me by a couple of TAMs in the UK. It allows you to record your actions on screen and turn them into awesome animated gifs. I could see this being incredibly useful for tutorials, repros, and demos.
You can share animated gifs on Twitter/Yammer and other social networks.

Features:

Record your screen and save directly to a gif looped animation.

Pause and continue to record.
Move the window around to record what you want.
You can add Text, Subtitles, and Title Frames.
Edit the frames, add filters, revert, make yoyo style, change frame delay, add a border, add progress bars.
Export frames.
Crop and Resize.
You can work even while the program is recording.
Remove frames that you don’t want.
Select a folder to save the file automatically or select one before encoding.

Add the system cursor to your recording.
Very small-sized, portable, and multi-language executable.
Start/Pause and stop your recording using your F keys.
Multi-language: Portuguese, Spanish, Romanian, Russian, Swedish, Greek, French, Simplified Chinese, Italian, Vietnamese, and Tamil.
GreenScreen unchanged pixels to save kilobytes.
You can apply actions/filters to selected frames.
Fullscreen Recording.
Snapshot Mode.
Drag and Drop to add frames in the editor.

Available here: https://www.microsoft.com/en-us/p/screentogif/9n3sqk8pds8g?activetab=pivot:overviewtab#

BOT SERVICE STRESS TOOLKIT

(First reported by Bernhard Vogel, a tool created by Daniel Amadei)

Bot Service Stress Toolkit is based on Apache JMeter (which is an open-source stress-testing product provided by the Apache Software Foundation).
Features

Leverages JMeter to make it easy and visual to perform stress tests on Bots.
Capable of not only making requests to the Bots but also receiving responses and correlating them back to the original requests, measuring the whole cycle.
Capable of asserting responses if needed, by leveraging native JMeter assertions.
Capable of loading test data from files or other data sources supported by JMeter.
Capable of displaying test results in graphs, tables, and/or saving it to CSV files by leveraging native JMeter capabilities as well.
Measures throughput and latency of your Bot Service applications taking consideration of the whole cycle from the request to when the response is received.
Able to stress test bots built-in Bot Builder SDK v3 or v4.
Able to stress test bots running locally or in Azure Bot Service.

You can find more info along with the documentation on how to install, create & run tests here: http://github.com/damadei/BotServiceStressToolkit.

WINDOWS 10 MODERN TERMINAL

(Reported by Edwin Hernandez)

New Modern Terminal was created by Microsoft as an open-source project. This Windows 10 app can have several types of shells as tabs on the same terminal window, even Unix shell.
The project is still on preview but looks great so far:

Give it a try:

https://www.microsoft.com/store/productId/9N0DX20HK701

AZURE DEVOPS DEMO GENERATOR

(Reported by Darren Rich)

Have you been looking for an example VisualStudio.com site that has:

Docker-based Java web application along with build & release definitions, to deploy the application to the Docker containers in the Azure App Service (Linux) using VSTS
SonarQube template contains code of MyShuttle, a sample application that will be provisioned and customized to analyze the code during the build and improve code quality.
Octopus template contains code for a sample PHP application which will be compiled using VSTS Build and deployed using Octopus Deploy on to an Azure App service.

Can you answer yes to any of the following questions?

I’m creating my own VSTS site to learn more about (Docker, AKS, GitHub CICD, Octopus, Selenium, Deployment Groups, WhiteSource-Bold)?
I’m using the PartsUnlimited project to do XXX?
Let me e-mail SmartPersonName and see if she can quickly create a demo VSTS site for the meeting?

If you answered yes then you should check out the Azure DevOps Demo Generator site and the corresponding docs page at https://docs.microsoft.com/en-us/vsts/demo-gen/use-vsts-demo-generator-v2?view=vsts

UNIX EPOCH CONVERTER

(Reported by Darren Rich)

It is very common to come across query string parameters that have a HUGE number assigned to them. You look around forever and do not find a solution.
One VERY COMMON source of these seemingly odd numbers is a value referred to as Unix Time. The next time you are trying to see if that number you are trying to parameterize is the Unix time you can find the current one at a very cool site.

Current Millis ‐ Milliseconds since Unix Epoch

Convert milliseconds to date – UNIX timestamp – UTC. Leap seconds: Leap seconds are one-second adjustments added to the UTC to synchronize it with solar time.

currentmillis.com

DEBUGGING TOOLS

(By Edwin Hernandez)

There are some tools used by developers and QA Engineers to do debugging of application, either on the front end or backend as well as the communications between them. These are not so obscure, these are known tools that you may already use, but just in case I wanted to include them on this list:

Wireshark. Packet analyzer for network traffic debugging

Fiddler. Http traffic debugger that uses a proxy to look at communication coming in and out of a host.

Performance Analysis of Logs (PAL) Tool. The PAL tool reads in a performance monitor counter log and analyzes it using complex, but known thresholds.

DebugDiag. Assists in troubleshooting issues such as hangs, slow performance, memory leaks or memory fragmentation, and crashes in any user-mode process.

PerfView. Performance-analysis tool that helps isolate CPU and memory-related performance issues. It is a Windows tool, but it also has some support for analyzing data collected on Linux machines. It works for a wide variety of scenarios but has several special features for investigating performance issues in code written for the .NET runtime.

And update on an old tool:

WinDbg Preview. Multipurpose debugger for Windows that can be used to debug kernel-mode and user-mode code, analyze crash dumps, and examine the CPU registers while the code executes. Microsoft just updated WinDbg to have more modern visuals, faster windows, a full-fledged scripting experience, and Time Travel Debugging. WinDbg Preview is using the same underlying engine as WinDbg, so all the commands, extensions, and workflows still work.

September in HLS: Security, Collaboration, Power BI, Meetings, KidsX, and Medical Imaging Server!

by Contributed | Oct 1, 2020 | Uncategorized

This article is contributed. See the original author and article here.

We had a lot of activity this month, including posts around Security, Collaboration, Power BI, Meetings, KidsX, and Medical Imaging Server! See below for our Healthcare and Life Sciences blog summary for September:

HLS “Show Me How” Post:

Transcribe and Translate with Microsoft Word Online in Microsoft Teams – Michael Gannotti, Principal Microsoft Teams Technical Specialist: Mike walks through the easy creation of transcriptions from audio recordings, as well as translation for language accessibility. Watch this to see what you can do with recordings made from a smart phone, video files from a meeting recording and more.

Webcasts Recorded:

Making the most of Microsoft 365 on iOS – Microsoft + Imprivata: In this HLS Partner Plays webcast recording, Randy Nale, Healthcare Technology Strategist at Microsoft, and Wes Wright, CTO at Imprivata, show us how to boost efficiency in the demanding hospital setting using Imprivata Mobile and Microsoft 365. Check it out here.
HLS Security Monthly with Scott: The HLS Security Monthly features Microsoft’s Scott Murray covers relevant enterprise security topics. In this inaugural episode, Microsoft’s Scott Murray and Tony Sims discuss how easy it is to get started with evaluating Defender ATP via the Evaluation Lab offering that is built right into the Defender platform. Watch it here.
How To Ensure Collaboration Security in Microsoft Teams: Do you want to ensure security for your users as they collaborate in Microsoft Teams? On Wednesday, September 30th, Microsoft Technical Specialists Pete and Sam brought in speakers from Microsoft’s trusted partner Unify Square. They dove in beyond the basic native Teams governance with third party specialty tools. Click here for the recording and resources.
Power Healthcare Hour – Healthcare Data Strategy Workshop and Power BI Licensing: Microsoft’s Greg Beaumont showcases the pilot episode of the Power Healthcare Hour, where Tail Wind Informatics previews an upcoming webinar “Data Strategy for Healthcare Systems”, reviews common challenges and strategic frameworks, and gives general advice for Healthcare industry around data initiatives and leveraging Power BI licensing. Learn more here.
Voices of #HealthcareCloud – Multi-disciplinary huddles with Microsoft Teams: Watch as Microsoft’s Shelly Avery and Josh Thompson show us how to leverage the power of the Microsoft cloud to break down functional boundaries and improve cross functional collaboration through multi-disciplinary huddles in Teams.

Upcoming Webcasts:

Finding the Right Meeting Solution for your Workspace: All of our work spaces are in the midst of drastic change. Whether you’re coming back to the office, working from home, planning for the future of collaboration, or some combination, there is a best practice out there for you and your organization. On Wednesday, October 14th, at 12 Noon EST, we are teaming up with Poly to deliver a CollabCast with Sam and Pete, focused on finding the right meeting solutions for your workspaces. Details here.
HLS Security Monthly with Scott: During this live webcast, Microsoft’s Scott Murray and Jeremy Windmiller are going to touch on some of the security highlights from Ignite focusing on a handful that are directly relevant to Healthcare and Life Sciences. Click here for more information.

Healthcare Industry Expert Posts:

Pediatric Hospitals Collaborating to Advance Digital Innovation: In this podcast, Ryan Tubbs, Digital Transformation Officer for Microsoft Healthcare, speaks with Omkar Kulkarni, Chief Innovation Officer for Children’s Hospital Los Angeles, about their latest initiative, KidsX. Watch and learn.
Introducing the Medical Imaging Server for DICOM: Microsoft recently released a new Open Source Software (OSS) that provides developers with a powerful tool to migrate medical imaging data to the cloud and integrate imaging metadata with clinical data in FHIR using DICOM Cast technology. Microsoft’s Heather Cartwright explains its impact on the next horizon of health data transformation in this article.
Microsoft Azure and PyTorch help AstraZeneca apply advanced machine learning to drug discovery: At a time when biopharmaceutical scientists must comb through massive amounts of data in the quest to deliver life-changing medicines, Microsoft Azure Machine Learning and PyTorch are helping global biopharmaceutical company AstraZeneca aim to accelerate its drug discovery research. Find out more here.

Best Practice Resources:

Microsoft Security Matters Newsletter – August 2020 – Jeremy Windmiller, Enterprise Security Architect: Jeremy has been providing a newsletter to customers that consolidates resources for Microsoft Security Products and Services. Check out the August newsletter.
Microsoft GxP Cloud Guidelines: Microsoft’s Senior Director of Business Development and Life Sciences, Daniel Carchedi, talks through how to leverage cloud-based solutions on any device, while supporting “good practice” quality guidelines and regulations. More details around operating GxP applications on Azure, Dynamics 365 and Microsoft 365 are in this post.