by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Today, we are excited to announce the public preview of Universal Print, and share news on the partners we are working with. Head over to the official public preview announcement to learn more!
Organizations of all sizes are excited about Universal Print
In March of 2020, we announced the private preview of Universal Print. Today, we have more than 2,500 organizations testing the new service. With the shift to remote work, being able to set up printers and users efficiently and effectively has become more important than ever. Universal Print remains an important part of fulfilling our customers’ business needs, and ~235,000 print jobs have been processed through Universal Print per month since the private preview began in March. Universal Print has enabled employees and teachers to continue printing from home, while critical industries such as healthcare, food processing, and government continue to utilize Universal Print for their needs.
|
“As the largest financial services institution in Norway, printing is critical to our day-to-day business. Universal Print has helped us streamline the way we manage print for cloud connected Windows 10 clients at DNB, and eliminated much of the frustration associated with printing. We have rolled out Universal Print to 1,000 users and counting thus far, and have been very pleased with the overall experience.” – Morten Fagermoen, EUC Architect, DNB Bank ASA
|
At Wild Rose School Division in Alberta, Canada, essential departments have continued to operate. Universal Print has enabled staff members to print from home, minimizing the number of times they had to enter school buildings to run print jobs.
|
“In a situation like this where access to the building is restricted as much as possible, it’s difficult to offer staff high volume print. If our HR or payroll departments need to run checks, they can’t do that from home. Being able to give them Universal Print right now has been a lifesaver. And it’s been able to help keep people safe in the face of a pandemic, by keeping them home as much as possible.” – Scott Hetherington, Senior Systems Analyst, Wild Rose School Division
|
Get involved with Universal Print
For more information on the public preview, please see our announcement post.
We invite you to join our other customers and partners here in the Universal Print Tech Community to discuss your experiences, ask questions or get support. Universal Print is a fully supported service, even during public preview. This community is also where the Universal Print team is sharing what they are working on, and where you can engage with them and share feedback, questions, and requests.
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Today we are excited to announce the public preview of Universal Print, a Microsoft 365 service that enables an intuitive, rich, and secure print experience for users, while helping IT reduce time and effort.
Organizations moving to the cloud with Microsoft 365 have responded en masse since we announced the private preview of Universal Print in March, and today we have more than 2,500 customers testing the new service. Many of them have accelerated their adoption of cloud services and Universal Print because employees and teachers working from home can now print to company or school printers from anywhere when connected to the internet. While many processes have gone paperless, many critical business processes – especially in education, healthcare, and other industries – still require print.
What is Universal Print?
Universal Print provides a user-friendly, easy print experience that also:
- Eliminates the need to install printer drivers because it is built into the Windows experience
- Helps you to find printers both near and outside of your current location
- Enables print from zero-trust networks via single sign-on (SSO) when connected to the internet and authenticated to Azure Active Directory (Azure AD).
For IT professionals who are managing print, Universal Print offers:
- A print solution to unblock the move to the cloud and support print for Azure AD users.
- Managed printing in zero-trust networks.
- Eliminates the need to manage print servers or the need for complex hybrid print solutions.
- A centralized portal that enables robust management capabilities.
- Visibility and insights into your print with reporting.
- Print data stored in the same manner as other Microsoft Office data, in accordance with Microsoft’s data management guidelines.
- Printer deployment and default printer configuration on end-user devices using Microsoft Endpoint Manager (Microsoft Intune).
The ease of sharing a printer with Universal Print
Universal Print public preview rolling out globally
We are ready to roll out the Universal Print public preview to data centers in North America, Europe, and Asia Pacific in waves over the next weeks. We will start with Microsoft 365 E5 and A5 tenants, followed by customers who have a Microsoft 365 E3 or A3 subscriptions, and then those who have Windows 10 E3, A3 and E5 only subscriptions. And finally, we will complete the roll-out with Microsoft 365 Business Premium and Microsoft 365 Firstline F3 customers. Details will be published on the Universal Print release page, where you can start your journey with us.
Partners are essential to Universal Print
Universal Print partners
Customers are not the only ones getting onboard. The service opens opportunities to many partners who are selling print solutions to Microsoft 365 customers.
Partners are hard at work to integrate cloud solutions, software solutions, and printers with Universal Print.
For existing printers, customers can simply use a Universal Print connector application that connects printers to Universal Print. It is available for download and can be installed on any Windows 10 PC, learn more here. However, Printers that natively support Universal Print will offer the best cloud experience.
Brother is actively working on native device support for Universal Print.
|
“Brother is working with Microsoft to offer integration with the Universal Print service on select Brother devices in order for organizations to manage their print infrastructure through Microsoft 365 cloud services. This integration should be complete in early 2021.” — Frank Martin, Senior Director, Solutions Development Business Machine Group
|
Canon Inc. joined the Universal Print effort as a part of the private preview in March, and today is reaffirming its commitment to integrate with Universal Print:
|
“Canon, a leader in digital imaging solutions, will support the Universal Print solution natively with current imageRUNNER ADVANCE products beginning in 2H 2020. uniFLOW Online Express, a free SaaS solution running on Microsoft Azure, can provide device authentication, print/copy/scan/fax reporting, and scan to myself while using Universal Print.” — Isamu Sato, Senior General Manager, Digital Printing Business Operations, Canon Inc.
|
In addition, HP Inc. announced it will work with Microsoft to build a cloud-to-cloud integration with Universal Print and the HP Managed Print Cloud Services platform. Through this collaboration, organizations will be able to increase security, manage devices, and limit print jobs to authorized users.
|
“By collaborating with Microsoft to integrate Universal Print with HP Managed Print Cloud Services, we’re providing our customers with the flexibility to choose the solution that best suits their needs. This cloud-to-cloud integration will enable Universal Print users to print virtually anywhere, simply and securely.” — David Prezzano, General Manager and Global Head, Print Services and Solutions Category, HP Inc.
|
Kofax will be integrating Kofax ControlSuite with Universal Print:
|
“Kofax ControlSuite and Universal Print represent the future of work, providing customers a modern print infrastructure delivered through cloud services. Customers benefit from Microsoft’s cloud services while Kofax ControlSuite provides a single print management, cognitive capture and output management platform across the enterprise, resulting in reduced cost of ownership and improved, secure experiences for employees.” — Chris Huff, Chief Strategy Officer at Kofax.
|
Konica Minolta is partnering with Microsoft to integrate digital workplace services with Universal Print:
|
Konica Minolta is excited about the Universal Print technology from Microsoft that enhances our cloud printing services to the next level. Konica Minolta provides multifunction printers with hybrid print solution, unified technology of on-premises and cloud printing, to add more value to Universal Print – such as print management, secure printing and print-from-anywhere incl. home office to make remote work efficiently. Konica Minolta’s hybrid solution and services with Universal Print help customers digital transformation from on-premises to cloud smoothly to keep pace with customer’s maturity level. — Kazuo Taira, General Manager Digital Workplace Business at Konica Minolta
|
Today, Lexmark announces availability of firmware updates for currently marketed devices to provide native Universal Print support:
|
“Aligning with a cloud strategy is key for our customers as they continue down their journey for document optimization and infrastructure consolidation. Lexmark has a full product portfolio of devices that enable our customers to place the right device where it’s required within their business process. In partnership with Microsoft, we are committed to supporting initiatives such as Universal Print and working together on many other offerings to continue to enable digital transformation for our customers.” — Larry Early, director, Lexmark software and industry marketing
|
NT-ware, a member of the Canon Group, is working on integration with Universal Print for uniFLOW Online.
|
“Cloud technology is the future and Universal Print is another excellent proof that traditional server infrastructure can be moved to the cloud while simultaneously providing new benefits to organizations. uniFLOW Online supports Universal Print and is the answer for businesses seeking enhanced functionality, such as secure printing and scanning, all hosted in Azure.“ — Karsten Huster, CEO, NT-ware
|
PaperCut is building a native Universal Print connector:
|
“PaperCut brings all the print management power you need to give you the best Universal Print experience. The integration’s built in, making it easy for customers to track, control, and secure their Universal Print jobs.” — Jamie McClunie, Product Manager PaperCut
|
Pharos started on the cloud print path in 2013 and is now partnering with Microsoft on Universal Print:
|
Microsoft and Pharos share a vision of a world in which printing is simple, secure, and free of print servers. We look forward to supporting our customers who plan to use Universal Print and Azure Active Directory to simplify their printing operations. — Kevin Pickhardt, CEO, Pharos
|
Ringdale is partnering with us to integrate FollowMe:
|
“Strategically partnering with Microsoft allows Ringdale to augment Universal Print with our security and compliance features that are essential for large enterprises that are transforming their workplaces. Our customers and partners will be able to take advantage of Universal Print with their existing printing fleets.” — Jan Bollmann, Executive Vice President at Ringdale
|
Y Soft is announcing availability of YSoft OMNI BridgeTM, a serverless edge device that instantly connects in-market printers to Universal Print, with YSoft OMNI UP365TM, the first of YSoft OMNI AppsTM:
|
“For companies to accelerate Digital Transformation and take advantage of the Universal Print ecosystem today, they need their existing printer fleets to connect with Universal Print natively or keep maintaining costly on-premises infrastructure. With the YSoft OMNI SeriesTM product family, in particular YSoft OMNI Bridge, a serverless edge device, and YSoft OMNI UP365TM we are proud to work with Microsoft to address the need to support in-market printers with an instant and cost effective way to connect to Universal Print — truly providing businesses with the Future of Print!” — Bruce Leistikow, Director Product Marketing, Y Soft
|
There is a lot of excitement in the print industry with the introduction of Universal Print as part of Microsoft 365.
Give Universal Print a try and let us know how it works for you!
If you would like to participate in the public preview, go aka.ms/UP_TryNow for the details. If you are already part of the private preview, your Universal Print service will continue to work.
We invite you to join our other customers and partners in the Universal Print Tech Community to discuss your experiences, ask questions or get support. Universal Print is a fully supported service, even during public preview. This is also where the Universal Print team is sharing what they are working on, and where you can engage with them and share feedback, questions, and requests.
For more technical details and requirements, see the Universal Print documentation.
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Brother is a leading provider of office equipment technology and document management solutions, including award-winning color and black and white multifunctional printers, scanners, label printers and device-based cloud and mobile technologies.
Brother is working with Microsoft to offer integration with the Universal Print service on select Brother devices for organizations to manage their print infrastructure through Microsoft 365 cloud services. This integration should be complete in early 2021.
Using the Universal Print Console, companies will be able to do the following:
- Keep an eye on printer status, configurations, and availability
- See who’s using the Brother printers and how much they’re printing
- Configure user permissions
- Connect Brother devices natively to Universal Print cloud service without the need for an on-premises Universal Print connector.
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Canon, a leader in digital imaging solutions, is the first partner to work with Microsoft to help create the Universal Print solution.
Native support for Universal Print with imageRUNNER ADVANCE DX and third generation imageRUNNER ADVANCE models is included from version 3.11 of the Unified Firmware Platform, which is scheduled to release in the second half of 2020. This allows users to print to these models using Universal Print without the need for local print servers.
Native connection for both new and older devices
Connecting a supported imageRUNNER ADVANCE device natively to Universal Print is a very simple process for administrators:
- From the Remote User Interface, navigate to the “Network settings” section and select “Settings for Universal Print”
- Here, enter the name of the printer to be used in Universal Print and the registration process is started
- After a few seconds, a registration URL and unique device code is shown
- Click on the registration URL, login with Azure AD credentials, enter the unique code, and complete the process
The administrator can share this print queue to all users in their Azure Active Directory or a selected number of users/groups. Default print settings such as double-sided printing can be applied.
By using the normal “Add Printer” option in Windows 10, the user can connect to the imageRUNNER ADVANCE printer. When printing a document, the user can control the supported functionality provided by the imageRUNNER ADVANCE device such as duplex, staple and hole-punch.
Printing to legacy or current Canon devices which do not support the Unified Firmware Platform is also possible by using the Universal Print connector software.
More information about imageRUNNER ADVANCE models can be found at www.usa.canon.com/simplyadvanced (USA) and https://www.canon-europe.com/business-printers-and-faxes/imagerunner-advance-dx/ (EMEA).
uniFLOW Online Express to support Universal Print by Microsoft
imageRUNNER ADVANCE devices also include a free connection to uniFLOW Online Express, a SaaS service also running on Microsoft Azure. uniFLOW Online Express can provide device authentication, comprehensive print/copy/fax/scan reporting, and scan to myself while using Microsoft Universal Print.
For additional functionality, a subscription to the full version of uniFLOW Online can be purchased. This adds features such as the ability to print via the cloud from other operating systems, secure printing, mobile printing, and scanning to other destinations such as OneDrive, OneDrive for Business, SharePoint Online and other cloud storage services delivering efficient electronic filing solution. In addition, imageRUNNER and imageCLASS/ i-SENSYS models connected to uniFLOW Online can use Universal Print without the need for the Universal Print connector software.
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Much like Universal Print by Microsoft, Kofax ControlSuite ushers in a new era of print and capture management possibilities. Together, ControlSuite and Universal Print empower cloud-ready organizations to take control of their print and capture needs in ways never before possible. The initial Universal Print launch utilizes the Universal Print connector as a proxy between the Universal Print services in the cloud and an organization’s existing on-premises print servers and devices. Kofax is excited to announce that our print-focused ControlSuite products, Equitrac and Output Manager, can work with Universal Print in this scenario to continue delivering the value upon which companies have come to depend.
In its initial release, Universal Print will utilize the Universal Print connector to enable the Universal Print platform to connect to existing print devices which do not natively support the full Universal Print solution. The Universal Print connector allows the Universal Print service to route users’ documents through existing print servers where ControlSuite takes over to speed productivity, ease administrative work, minimize security breaches and reduce compliance costs. The general flow of documents in this architecture is diagrammed below:
Organizations with hybrid cloud/on-premises environments also typically run an on-prem Active Directory. It is important to note that ControlSuite utilizes these on-prem AD systems for authentication. Therefore, customers implementing the Universal Print connector to print to legacy devices will also need to configure Azure AD Connect to synchronize between the Azure AD and on-premises AD systems. This will ensure documents are identified with the appropriate user. After synchronization between AD systems has been configured, ControlSuite installation and configuration is exactly the same as for organizations who have not yet migrated to Universal Print.
After the initial launch of Universal Print, device manufacturers will begin releasing new devices that natively support the Universal Print platform without needing the proxy connector and may even offer firmware updates for existing devices. The shift to native Universal Print functionality will also allow third party vendors like Kofax to enable their products to manage devices through Microsoft Graph API connectivity, thereby reducing or even eliminating the need for on-premises print servers—realizing an even more tightly integrated and seamless user and administrator experience. Kofax looks forward to continuing the journey with Microsoft as the market continues the adoption of Universal Print. Learn more about ControlSuite at Kofax.com/controlsuite.
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
You are reading the July issue of the Infrastructure + Security: Noteworthy News series! As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.
|
Microsoft Azure
|
|
Modern Auth and Unattended Scripts in Exchange Online PowerShell V2
Today, we are happy to announce the Public Preview of a Modern Auth unattended scripting option for use with Exchange Online PowerShell V2. This feature provides customers the ability to run non-interactive scripts using Modern Authentication. This feature requires version 2.0.3-Preview or later of the EXO PowerShell V2 module, available via PowerShellGallery.
|
|
Customize External Identities self-service sign-up with web API integrations
Last month at Microsoft Build, we announced the public preview of Azure Active Directory (Azure AD) External Identities, introducing self-service sign-up for external users. As a follow-up to that announcement, the team has released the public preview of the API connectors feature mentioned in Principal Group PM Manager Robin Goldstein’s blog post. This means you can now invoke web APIs as specific steps in a sign-up flow to trigger cloud-based custom workflows.
|
|
Working with the Azure AD entitlement management API
Azure Active Directory (Azure AD) entitlement management can help you manage access to groups, applications, and SharePoint Online sites for internal users as well as users outside your organization. This beta version of the API now allows you to programmatically create packages.
|
|
ClaimsXRay in AzureAD with Directory Extension
Read on to see how to use the famous ClaimsXRay application with AzureAD to troubleshoot problems with SAML single sign-on for 3rd party tool applications.
|
|
Introducing Microsoft Teams displays
As many people around the world are working remotely, we are seeing an increased need to streamline the work experience and help prioritize what is important. Following our recent blog on Teams product news, we are excited to announce our newest device innovation, Microsoft Teams displays, a category of all-in-one dedicated Teams devices featuring an ambient touchscreen, and a hands-free experience powered by Cortana.
|
|
Migration updates – Migration Manager general availability and SPMT adds Teams support
We are pleased to share Migration Manager – part of the SharePoint admin center – has completed rollout to Microsoft 365, including commercial and government cloud customers. We, too, have updated the SharePoint Migration Tool (SPMT) – adding support for migrating content to Microsoft Teams.
|
|
A New RecoverableItems Experience Comes to Exchange Online!
We are excited to announce that RecoverableItems, a tenant admin PowerShell cmdlet, has shipped to the preview version of Exchange Admin Center with a new UI!
|
|
Azure geo-zone-redundant storage is now general available
Geo-zone-redundant storage (GZRS) and read-access geo-zone-redundant storage (RA-GZRS) are now generally available, offering intra-regional and inter-regional high availability and disaster protection for your applications.
|
|
Azure Storage account failover is now generally available
Customer-initiated Storage account failover is now generally available, allowing you to determine when to initiate a failover instead of waiting for Microsoft to do so. When you perform a failover, the secondary replica of the Storage account becomes the new primary, and the DNS records for all Storage service endpoints—blob, file, queue, and table—are updated to point to this new primary. Once the failover is complete, clients will automatically begin reading from the Storage account and writing data to it in the new primary region, with no code changes.
|
|
Windows Server
|
|
Installation of SCOM Reporting 2019 after UR1
Lately, we have observed a strange issue with users unable to install SCOM reporting 2019 when Update Rollup 1 is installed in the environment. Below are the steps to successfully install the component. Please make sure that you are using the correct Build numbers of Update Rollup.
|
|
Endpoint analytics is now available in public preview
With this initial release of Endpoint analytics, we provide insights to help you understand your devices’ reboot and sign-in times so you can optimize your users’ journey from power on to productivity. It also helps you proactively remediate common support issues before your users become aware of them which can help reduce the number of calls your helpdesk gets. Endpoint analytics even allows you to track the progress of enabling your devices to get corporate configuration data from the cloud, making it easier for employees to work from home.
|
|
How to Troubleshoot Windows Server Network connectivity issues via PowerShell
The Test-NetConnection cmdlet displays diagnostic information for a connection. It supports ping test, TCP test, route tracing, and route selection diagnostics. Depending on the input parameters, the output can include the DNS lookup results, a list of IP interfaces, IPsec rules, route/source address selection results, and/or confirmation of connection establishment.
|
|
Released: Azure SQL Managed Instance Management Pack (7.0.22.0)
System Center Operations Manager Management Pack for Azure SQL Managed Instance is now available. If you have a hybrid data environment and SCOM is your preferred monitoring solution, you can now use it to monitor your Azure SQL Managed Instances in addition to on premises SQL Servers, SQL VMs, and Azure SQL DBs.
|
|
Windows Client
|
|
What’s new for IT pros in Windows 10, version 2004
Windows 10, version 2004, officially known as the Windows 10 May 2020 Update, is now available through Windows Server Update Services (WSUS) and Windows Update for Business, and can be downloaded from Visual Studio Subscriptions, the Software Download Center (via Update Assistant or the Media Creation Tool), and the Volume Licensing Service Center. For those of you exploring your deployment options in a remote work scenario, check out Deploying a new version of Windows 10 in a remote world.
|
|
Active Investigation into Outlook Crashing on Launch
There is a new symptom of Outlook crashing on launch starting on 7/15/2020. A fix has been published but will take time to propagate to worldwide availability.
|
|
Security
|
|
Configure authentication session management with Conditional Access
In complex deployments, organizations might have a need to restrict authentication sessions. Conditional Access controls allow you to create policies that target specific use cases within your organization without affecting all users. Session controls provides you the ability to modify how often the user must re-authenticate.
|
|
Why are my users not prompted for MFA as expected?
It may be frustrating after have MFA enabled for quite some time that now all of a sudden some of your users are no longer receiving the MFA prompt while logging into applications which required this before. Read on to discover why this may be the new user experience.
|
|
Announcing GA: Mark new files as ‘sensitive by default’ in OneDrive and SharePoint
When new files are added to SharePoint or OneDrive in Microsoft 365, it takes a while for them to be crawled and indexed. It takes additional time for the Office Data Loss Prevention (DLP) policy to scan the content and apply rules to help protect sensitive content. If external sharing is turned on, sensitive content could be shared and accessed by guests before the Office DLP rule finishes processing. Instead of turning off external sharing entirely, you can address this issue by using a new PowerShell cmdlet.
|
|
Announcing general availability of the new version of Microsoft Secure Score
Earlier this year we blogged about the latest public preview of Microsoft Secure Score and today we’re pleased to announce that we‘ve completed our global roll out making it generally available to all of our commercial customers.
|
|
Announcing general availability of the new version of Microsoft Secure Score
Earlier this year we blogged about the latest public preview of Microsoft Secure Score and today we’re pleased to announce that we‘ve completed our global roll out making it generally available to all of our commercial customers.
|
|
Creating a Custom Dashboard for Azure Security Center with Azure Resource Graph
Azure Resource Graph (ARG) provides an efficient way to query at scale across a given set of subscriptions for any Azure Resource. With ARG, you can query, visualize, or export Azure Security Center (ASC) recommendations in order to get the information that matters most to you.
|
|
identityProtectionRoot resource type
Identity Protection is a tool that allows organizations to discover, investigate, and remediate identity-based risks in their environment. You can use the following Microsoft Graph APIs to query risks detected by Identity Protection.
|
|
Protect and Secure Cloud-based Applications using Azure MFA
In this guide step by step, we show you how to enable MFA for an Azure App Service web app so authentication is taken care of by Azure Active Directory, and users accessing the app are forced to perform multifactor authentication using conditional access policy that Azure AD will enforce.
|
|
Announcing high value asset tagging in Microsoft Defender ATP
We are excited to introduce a new setting in Microsoft Defender ATP that allows customers to define a machine’s value to the organization.
|
|
Updates and Support Lifecycle
|
|
Support update for Azure AD Premium customers using Microsoft Identity Manager
For Azure AD Premium customers, standard support is available from June 2020 onward, continuing after January 2021, for specific components of Microsoft Identity Manager 2016 Service Pack 2, or later service packs, that enable Azure AD integration. This is in addition to the existing support for Microsoft Identity Manager already provided through the fixed lifecycle policy and plans for support for businesses.
|
|
Impact of Changes to Update Channels for Microsoft 365 Apps
Microsoft recently made changes to the update channels for Microsoft 365 Apps. For the official announcement of these changes, read this blog post. For Microsoft Endpoint Configuration Manager admins that manage Microsoft 365 Apps updates, actions may be required depending on your environment.
|
|
Released: June 2020 Quarterly Exchange Updates
Announcing the availability of quarterly servicing cumulative updates for Exchange Server 2016 and 2019. These updates include fixes for customer reported issues as well as all previously released security updates.
|
|
Azure API Management update – July 2020
A regular Azure API Management service update was started on July 8, 2020. Continue to the article to see what it includes in terms of new features, bug fixes, and changes, along with other improvements.
|
|
Products reaching End of Support for 2020
|
|
Microsoft Premier Support News
|
|
Check out Microsoft Services public blog for new Proactive Services as well as new features and capabilities of the Services Hub, On-demand Assessments, and On-demand Learning platforms.
|
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Project management, scientific experimentation and software engineering all have at least one component in comment: documentation. Without the basic concept of transferring the knowledge of a given operation from the author to the reader, projects of any nature are doomed to become a maintenance issue, with potentially devastating results.
In Data Projects, we have an interesting issue with this documentation. Whilst the project plans, software specifications and so on are well-defined and mostly consistent in nature and delivery method (such as a Microsoft Word document), comments within the code for a given component are not. Different languages, platforms and other constructs make consistency more challenging. This can become a huge issue when the calling or receiving component needs to rely on the operation of the other component.
To state the obvious: At the very least, you should comment your code with complete, informative information. It’s up to you to understand how your language or compiler uses comments, and you will also have to learn how other popular languages use comments since you may need to read source code from your team.
When I learned to program (on a Mainframe, several hundred years ago) I was taught to write comments detailing the flow of the program first, and then go lay in my code underneath the comments I wrote. “Comment-First” coding.
Depending on the language/interpreter, there are (usually) two types of comments: Line and Block. A Line comment is indicated by some set of symbols (such as — in T-SQL), and is terminated with the end of the line. A Block comment uses different symbols to “start” and “stop” comment text (such as /* and */ in T-SQL), and can span multiple lines.
In general, always prefer Block comments to Line comments. The reason is that lines of text often have different ASCII characters to signal the “EOL” or End of Line for a given software/hardware environment – Linux and Windows terminators for instance. Take, for example, this unfortunate comment:
— Whatever you do, do not run
— TRUNCATE TABLE
— On this code!
(Yes, I’ve something just like this) If the — at the start of the line is removed for the middle component by some accident, you can see that would have a tragic result. I recommend the comment be changed to this:
/* Whatever you do, do not run TRUNCATE TABLE
On this code!
*/
Or even
/* Whatever you do, do not run TRUNCATE TABLE On this code! */
That way you’ll get a syntax error alerting you to an issue if you leave out the start or end comment symbols.
As an aside, each language may handle these comments differently, so make sure you understand how they work, or are even stored. For instance, in some SQL dialects, starting a Stored Procedure with a comment may not save the comment in the Stored Procedure definition (although if you keep the source code it’s there of course). For instance, this:
/* Let’s Create a Procedure to deal with that return data: */
CREATE PROC @ReturnMe AS
….
Might be different when you call to view the text of the Stored Procedure than this:
CREATE PROC @ReturnMe AS
/* Let’s Create a Procedure to deal with that return data: */
….
So what is a “Good” Comment? Well, since I am “old-school”, my comments at the start of the code looks like this:
/* <MyObjectOrFileName>
Purpose: <PurposeOf Code>
Author: <AuthorName>
Date Created: <DateCodeOriginallyCreated>
Edits:
<DateEditedAndReason>
<DateEditedAndReason>
*/
/* <Code SegmentComment> */
/* EOF <MyObjectOrFileName>*/
In fact, for Transact-SQL code, I use this handy tip from my friend Dr. Greg Low to make text that a default Query Window in SQL Server Management Studio.
Other tools have similar constructs, or you can just paste that in OneNote to use.
Is all this a bit much? Yes. Until you need it. Also, coding my comments makes me think more about what I am doing, and slows me down a bit to put higher quality into my work.
There is an interesting new development in Data Projects: Notebooks. I use Jupyter Notebooks quite a bit in Data Science work. Jupyter Notebooks have “Cells” that allow you to enter either Code or Text. The text is usually longer, can be formatted, have links and graphics, and can be quite descriptive. In a way, it’s like a hyper set of comments. So are comments still needed in the Code cells?
Like most Data Project questions, the answer is “it depends”. If the Notebook itself is a code artifact, the Code Cells do not need to be further annotated – that’s the point of the text. If, however, the code in a Cell can be “extracted” for use in some other way, or the Text Cell is used to explain the purpose but not the code flow, then yes, comments are still needed.
So stick to the basics in your software engineering and Data Science work, and ensure you comment your code. As I was taught early on, “Pretend that the person that will maintain your code is a very easily triggered person, and knows where you live.” That’s good advice.
by Scott Muniz | Jul 21, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Initial Update: Tuesday, 21 July 2020 12:57 UTC
We are aware of issues within Log Search Alerts and are actively investigating. Some customers may experience issues with missed or delayed Log Search alerts in China Government.
- Work Around: None
- Next Update: Before 07/21 17:00 UTC
We are working hard to resolve this issue and apologize for any inconvenience.
-Mohini
by Scott Muniz | Jul 21, 2020 | Alerts, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
We released System Center Operations Manager Management Pack for Azure SQL Managed Instance recently. It provides comprehensive monitoring capabilities for SQL Managed Instance. If you have a hybrid data environment, you can use a single monitoring solution, SCOM, to monitor all your data assets as we already have management packs for SQL Server and Azure SQL DB.
Discovery
After you install the management pack (MP), there are two templates to get you started: Manual and Automatic Discovery. As the names suggest, you can either discover your instances by adding them manually or automatically discover instances in a given subscription. Both options have wizards that walk you through this setup. We will not explore them in this post as the instructions in the MP guide are very detailed. I just want to point out that you can use either Azure Active Directory (AAD) or SQL Authentication to connect to the instances. You can use a connection with sysadmin rights or there is an option to use the least amount of privileges to monitor the product just like SQL Server MP. This is also explained in detail in the MP guide.
Monitoring
Once you complete all the steps in the wizard, you will be able to see the instances in the SCOM dashboard under Monitoring. Under Microsoft SQL Server folder, you’ll see a subfolder for Microsoft Azure SQL Managed Instance.
Navigate to Microsoft Azure SQL Managed Instance -> Managed Instances -> Database Engines
You can see the instances listed with some details. You can select which columns to display here by right-clicking and selecting Personalize View from the list. If you are using geo-replication, you will see that Geo-Replication Replica Role is listed in Detailed View. It can be Primary or Secondary (or blank if this instance is not participating in geo-replication).
As usual, you can drill down by double-clicking on the instance rows. This will take you to the list of individual monitors and their status. Most of these are the monitors you are familiar with from SQL Server MP.
There is a brand new monitor called Instance Free Storage Space Left. It uses percentages and is set to warn if it goes below 20% but, of course, it is customizable just like all the other monitors. It also shows the actual data in MB.
Navigate to Microsoft Azure SQL Managed Instance -> Managed Instances -> Databases
If you double-click on a geo-replicated database, you will see the new monitor, Geo-Replication Status, under Availability. All the information is on the right hand side. As you can see it can be in one of three states:
- CATCH_UP: This is the healthy state.
- SEEDING: Seeding is happening but until it competes, you can’t connect to the secondary database.
- PENDING: Not in an active continuous-copy relationship. Usually indicates bandwidth related issues.
Also on the Databases view, right-click on a geo-replicated database and select Open->Performance View. You will find the new counter Geo-Replication Lag (sec) along with other counters. This rule collects performance metric for the primary database only and shows the time difference between transactions committed on primary database and persisted on secondary database.
Other Views
You can also explore Managed Instance Agents and Memory-Optimized Data folders for monitors specific to those areas. We will not explore those in this post.
Summary Dashboard under Microsoft Azure SQL Managed Instance provides the usual status-at-a-glance view of everything. Just like other SQL MPs, you can drill down to get to specific monitors/rules and customize it by adding or removing tiles to fit your needs.
Active Alerts view under Microsoft Azure SQL Managed Instance lets you view all your active alerts in a single place just like other SQL MPs.
Summary
Azure SQL Managed Instance Management Pack is very similar to other SQL MPs but also introduces product specific monitors and rules.
by Scott Muniz | Jul 21, 2020 | Alerts, Microsoft, Technology, Uncategorized
This article is contributed. See the original author and article here.
Azure Activity logs provides insight into any subscription-level or management group level events that have occurred in Azure, there are three main categories covered under Azure Activity and a bunch of resource types, for more details click here:
- Azure Resources
- Audit
- Security
Each event in the Activity Log has a particular category . See the sections below for more detail on each category and its schema when you access the Activity log from the portal, PowerShell, CLI, and REST API. The schema is different when you stream the Activity log to storage or Event Hubs:
| Category |
Description |
| Administrative |
Contains the record of all create, update, delete, and action operations performed through Resource Manager. Examples of Administrative events include create virtual machine and delete network security group.
Every action taken by a user or application using Resource Manager is modeled as an operation on a particular resource type. If the operation type is Write, Delete, or Action, the records of both the start and success or fail of that operation are recorded in the Administrative category. Administrative events also include any changes to role-based access control in a subscription. |
| Service Health |
Contains the record of any service health incidents that have occurred in Azure. An example of a Service Health event SQL Azure in East US is experiencing downtime.
Service Health events come in Six varieties: Action Required, Assisted Recovery, Incident, Maintenance, Information, or Security. These events are only created if you have a resource in the subscription that would be impacted by the event. |
| Resource Health |
Contains the record of any resource health events that have occurred to your Azure resources. An example of a Resource Health event is Virtual Machine health status changed to unavailable.
Resource Health events can represent one of four health statuses: Available, Unavailable, Degraded, and Unknown. Additionally, Resource Health events can be categorized as being Platform Initiated or User Initiated. |
| Alert |
Contains the record of activations for Azure alerts. An example of an Alert event is CPU % on myVM has been over 80 for the past 5 minutes. |
| Autoscale |
Contains the record of any events related to the operation of the autoscale engine based on any autoscale settings you have defined in your subscription. An example of an Autoscale event is Autoscale scale up action failed. |
| Recommendation |
Contains recommendation events from Azure Advisor. |
| Security |
Contains the record of any alerts generated by Azure Security Center. An example of a Security event is Suspicious double extension file executed. |
| Policy |
Contains records of all effect action operations performed by Azure Policy. Examples of Policy events include Audit and Deny. Every action taken by Policy is modeled as an operation on a resource. |
Our hunting library for today will shed more lights on “Administrative” category which contains the record of all create, update, delete, and action operations performed through Resource Manager, this means an auditing & reporting activities have to be in place and hence there are a set of operations (Operation Name) which defines a resource types.
Hunting such kind of activities (aka: Demons) require defining the category, operation name “value” & activity value. Before sharing couple of hunting use-cases let’s have a look at a set of administrative operations as a sample:
| Operation name |
Resource type |
| Create or update workbook |
Microsoft.Insights/workbooks |
| Delete Workbook |
Microsoft.Insights/workbooks |
| Set Workflow – Playbook |
Microsoft.Logic/workflows |
| Delete Workflow – Playbook |
Microsoft.Logic/workflows |
| Create Saved Search |
Microsoft.OperationalInsights/workspaces/savedSearches |
| Delete Saved Search |
Microsoft.OperationalInsights/workspaces/savedSearches |
| Update Alert – Analytics Rules |
Microsoft.SecurityInsights/alertRules |
| Delete Alert – Analytics Rules |
Microsoft.SecurityInsights/alertRules |
| Update Alert Rule Response Actions |
Microsoft.SecurityInsights/alertRules/actions |
| Delete Alert Rule Response Actions |
Microsoft.SecurityInsights/alertRules/actions |
| Update Bookmarks |
Microsoft.SecurityInsights/bookmarks |
| Delete Bookmarks |
Microsoft.SecurityInsights/bookmarks |
| Update Cases |
Microsoft.SecurityInsights/Cases |
| Update Case Investigation |
Microsoft.SecurityInsights/Cases/investigations |
| Create Case Comments |
Microsoft.SecurityInsights/Cases/comments |
| Update Data Connectors |
Microsoft.SecurityInsights/dataConnectors |
| Delete Data Connectors |
Microsoft.SecurityInsights/dataConnectors |
| Update Settings |
Microsoft.SecurityInsights/settings |
| Update / Delete NSG |
Microsoft.Network/networkSecurityGroups |
| Create / Update / Delete Pubic IP Addresses |
Microsoft.Network/publicIPAddresses |
| Create / Update / Delete Network Interfaces |
Microsoft.Network/networkInterfaces |
| Route tables actions |
Microsoft.Network/routeTables |
| Create / Update / Delete Front door web app firewall policies |
Microsoft.Network/frontdoorwebapplicationfirewallpolicies |
| DDOS Protection Plans Actions |
Microsoft.Network/ddosProtectionPlans |
| Create / Update / Delete Virtual Networks |
Microsoft.Network/virtualNetworks |
| Create / Update / Delete Front doors |
Microsoft.Network/frontdoors |
| Create / Update / Delete Subnets |
Microsoft.Network/virtualNetworks/subnets |
| Create / Update / Delete Application Gateways |
Microsoft.Network/applicationGateways |
| Create / Update / Delete Update Virtual Network Peerings |
Microsoft.Network/virtualNetworks/virtualNetworkPeerings |
| Firewall Policies Rule Groups Actions |
Microsoft.Network/firewallPolicies/ruleGroups |
| Create / Update / Delete Azure Firewalls |
Microsoft.Network/azureFirewalls |
| Create / Update / Delete Firewall Policies |
Microsoft.Network/firewallPolicies |
| DNS Resources Actions |
Microsoft.Network/getDnsResourceReference |
Use- Cases:
#1 Creating a new Azure Sentinel Analytics – Rule:
AzureActivity
| where Category == "Administrative"
| where OperationNameValue == "Microsoft.SecurityInsights/alertRules/write"
| where ActivitySubstatusValue == "Created"
#2 Deleting an existing Azure Sentinel Analytics – Rule:
AzureActivity
| where Category == "Administrative"
| where OperationNameValue == "Microsoft.SecurityInsights/alertRules/delete"
| where ActivitySubstatusValue == "OK"
#3 Creating a new NSG:
// NSG : 201 Created status means "Created"
AzureActivity
| where Category == "Administrative"
| where OperationNameValue == "Microsoft.Network/networkSecurityGroups/write"
| where ActivitySubstatusValue == "Created"
#4 Updating an Existing NSG:
// NSG : 200 Ok status means "Updated"
AzureActivity
| where Category == "Administrative"
| where OperationNameValue == "Microsoft.Network/networkSecurityGroups/write"
| where ActivitySubstatusValue == "OK"
#5 Creating Virtual Network Subnets:
// Virtual Networks Subnets Creation
AzureActivity
| where Category == "Administrative"
| where OperationNameValue == "Microsoft.Network/virtualNetworks/subnets/write"
| where ActivitySubstatusValue == "Created"
And much more use-cases and hunting queries can be configured, we make it easy so check out the Azure Sentinel Administrative Suspicious Activities Library uploaded to gihub :
AnalyticsRulesAdministrativeOperations
AzureNSG_AdministrativeOperations
AzureSentinelWorkbooks_AdministrativeOperation
AzureVirtualNetworkSubnets_AdministrativeOperationset
Enjoy hunting the demons! and please share your feedback.
Recent Comments