This article is contributed. See the original author and article here.
Achieving supply chain excellence today requires orchestrating complex global operations with agility, adapting to rapid and continuous change, and navigating economic headwinds and ongoing disruptions. Yet only 22 percent of companies have a proactive supply chain network, meaning disruptions or shifts in supply or demand can quickly escalate into significant issues.1 To truly deliver a proactive, resilient supply chain, Chief Supply Chain Officers (CSCOs) need a clear digital transformation strategy that builds on top of existing investments in data to uncover new insights. At the same time, CSCOs must enable the adoption of new productivity tools, such as generative AI, to help organizations rethink the status quo.
At Microsoft, we recently introduced Microsoft Dynamics 365 Copilot to bring next-generation AI to every line of business. It can help CSCOs solidify the strategic importance of supply chain functions and its value as strategic business partners. That’s why on May 8 through 10 in Orlando, Florida, at the Gartner Supply Chain Symposium Xpo™ 2023, we’re presenting a deep dive into the practical ways organizations can unlock supply chain productivity with a copilot approach to AI.
Practical ways to copilot with AI and unlock productivity
May 9, 2023 at 11:30 AM EST in Northern Hemisphere C, Booth 443
Attendees can also join us at our booth (#443), where we will highlight how supply chain leaders can utilize Microsoft Dynamics 365 to:
Embrace AI-enabled risk mitigation to deliver better business outcomes while improving customer and employee experiences.
Generate intelligent insights and rapidly act on recommendations with Microsoft Supply Chain Center.
Gain agility and deliver world-class fulfillment experiences like accurate available-to-promise (ATP) and direct store delivery (DSD) for direct-to-consumer (DTC) orders.
Generate intelligent insights
At the Gartner Supply Chain Symposium, attendees will see how the Microsoft Supply Chain Center empowers supply chain professionals to use AI copilots to generate actionable insights to increase productivity, shorten lead times, and improve overall supply chain performance.
The Microsoft Supply Chain Platform harmonizes data across legacy and new enterprise resource planning (ERP) and supply chain systems to provide real-time data visibility; facilitate actionable insights; predict supply shortages, potential stockouts, or shipment delays; and improve collaboration across teams and suppliers. The end-to-end visibility possible using Copilot in the Microsoft Supply Chain Center allows leaders to proactively manage supply chain events.
Customers like iFit have leveraged the intelligent insights from Supply Chain Center to reimagine their distribution network, staging products in locations based on customer demand instead of relying on history. In doing so, iFit increased its efficiency from 30 percent to 75 percent in its forward stocking. Before Supply Chain Center, iFit took two weeks to fulfill customer demand far more than the desired two days.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
For most supply chains, particularly those crossing international borders and using multiple transportation modes, disruptions that risk diminishing the customer experience occur regularly. Such disruptions place immense pressure on operation teams to assess the situation, coordinate with various stakeholders, and maintain production momentum. Even simple delays, such as bad weather requiring load rerouting, can cause disruptions with ripple effects of up to two weeks and effecting multiple tiers. Production planners may lack integrated systems, resulting in limited visibility of inbound shipment issues until they experience a delay. At that point, planners contact suppliers and may discover factors, such as weather, causing a two-week production delay.
The planner now has no choice but to push delivery of sales orders out two weeks, giving the sales team and customers little time to pivot and find solutions. The planner may also spend half a day or more manually evaluating purchase orders to understand the impact on operations. Not to mention any time required to adjust production schedules to accommodate the supplier’s updated delivery windows.
Using Dynamics 365 Copilot to integrate supply chain data and provide critical insights, the planner in the scenario above would receive a real-time alert about weather issues at the supplier’s location. The system would also generate an email listing all purchase orders affected by the production delay, reducing the planner’s workload from hours to minutes.
Copilot can also send the planner a list of suggestions that could minimize the impact of the disruptions. Now the planner has time to evaluate alternatives to meet delivery requirements and reschedule production jobs. The result is proactive management of the event, increased agility within the supply chain, shorter recovery times, and, most importantly, mitigating the customer impact in a way that preserves customer relationships and bolsters customer satisfaction.
The above is one practical application of Copilot, but there is considerably more to share. In our recent blog, Applying next-generation AI to the Microsoft Supply Chain Platform, you can take a deeper dive into how Dynamics 365 Copilot is transforming laborious processes, improving efficiency and responsiveness, and enabling enterprise supply chains to optimize operational agility, reduce cost, and improve customer experiences.
Gain agility and deliver world-class fulfillment experiences
Northern Tool + Equipment, a manufacturing and omnichannel retailer with more than 130 stores across the United States, serves a customer base that heavily relies on their tools for their livelihood. Accurate delivery times and product reliability are of the utmost importance. However, Northern Tool + Equipment faced significant challenges due to a fragmented supply chain technology infrastructure, resulting in four to seven days lead times for their extensive product catalog of 100,000 items. This, combined with the complexities of shipping large items like generators and air compressors, made optimizing shipping routes for cost and sustainability difficult.
To overcome these challenges, Northern Tool + Equipment implemented Microsoft Supply Chain Center, an end-to-end supply chain solution that connects disparate systems and harmonizes data across the supply chain. This solution provides a comprehensive understanding of supply and demand, generating insights using AI to uncover patterns and projections based on historical and real-time inventory and order volumes.
Direct-to-consumer (DTC) brands like Northern Tool + Equipment face unique challenges in delivering world-class fulfillment experiences to their customers. With an emphasis on speed, accuracy, and reliability, these brands require agile supply chain solutions that can adapt to continuous change and increasing technology clock speed. Microsoft Supply Chain Center enables DTC brands like Northern Tool + Equipment to gain agility and deliver outstanding customer experiences by offering real-time, highly accurate, available-to-promise (ATP) dates for direct store delivery (DSD) and more.
Learn more about Northern Tool + Equipment’s success in our recent case study.
This embed requires accepting cookies from the embed’s site to view the embed. Activate the link to accept cookies and view the embedded content.
See you at Gartner Supply Chain Symposium Xpo™ 2023
As global supply chains continue reimagining what is possible by applying emerging technologies like AI and Copilot, Microsoft remains dedicated to enabling CSCOs with the solutions and timely insights they need to excel. We hope you can join us at the Gartner Supply Chain Symposium Xpo™ 2023, where you can attend our session using the registration link and engage with our supply chain professionals at our booth. In the meantime, we invite you to check out our guided tour of Dynamics 365 Intelligent Order Management or reach out to learn more today.
Practical ways to copilot with AI and unlock productivity
This article is contributed. See the original author and article here.
Today Data Exposed went live at 9AM PT for a special Ask Me Anything and news update. If you missed the episode, you can find them all at https://aka.ms/AzureSQLYT. This month we’ll recap all the updates in April. This was a special May the Fourth [be with you] episode, and we had great guests (and fun) with the product group and our MVP community.
You can read this blog to get all the updates and references mentioned in the show. Here’s the May 2023 update:
Let’s start with Azure SQL Managed Instance, which had several general availability (GA) announcements in April. First, the GA of Link feature for Azure SQL Managed Instance for SQL Server 2016 and 2019 happened. This capability allows you to set up near real-time replication between a SQL Server and SQL MI. You can use this link for scale, migration, read-only workloads, etc. To learn more, review the announcement blog. The team also announced the GA of CETAS. This stands for Create External Table As Select, which essentially means you can create an external table while in parallel exporting the results of a SELECT statement. This has been a customer ask and you can learn how to take advantage of it here.
For Azure SQL Database, a couple things landed in the security space related to auditing and TDE. Auditing can be connected to a storage account using an access key, but now you can also use a managed identity! For more information, refer to the announcement blog. For transparent data encryption (TDE), using customer-managed keys (CMK) is something we’ve been working on. In public preview, we announced support for database-level as well as cross-tenant TDE with CMK for Azure SQL Database. Prior to this, TDE with CMK was always set at the server level, and is inherited by all encrypted databases associated with that server. The database-level feature allows setting the TDE protector as a customer-managed key individually for each database within the server. The cross-tenant feature allows you to use TDE with CMK without the need to have the Azure SQL logical server be in the same Azure Active Directory (Azure AD) tenant as the Azure Key Vault that stores the customer-managed key used to protect the server. In a limited preview, we recently announced DOP Feedback for Azure SQL Database, learn more about the preview here.
SQL Server on Azure Virtual Machines is powered by the SQL IaaS Agent extension, which enables you to get a lot of benefits for managing your SQL Server Azure VMs with ease. There are a couple of announcements in this space, including that we are retiring modes (no more selecting Lightweight or Full, you just pick to enable the features or not!). We also announced the GA of AAD authentication for SQL Server on Azure VMs. This is available starting with SQL Server 2022, and we have made it easy for you to enable and configure in Azure. Finally, we are always updating and enhancing the SQL IaaS extension, and now we have an auto-upgrade setting! This is on by default for new instances, but you can also opt-in. More information.
For Hybrid, we announced the new centrally managed Azure Hybrid Benefit for SQL Server. This is a new Azure portal feature that helps you improve SQL Server license management at multiple levels, including at account and subscription levels. More information.
On the tooling and developer front, Azure Data Studio 1.43 went GA, including SQL Database Projects extension GA, Connectivity improvements, and other ‘odds and ends’ as Erin Stellato says. Get the details in the release blog. I also want to highlight her awesome (and viral) blog called “April Tools Day” (released on April 1), where she debunks some myths about Azure Data Studio, SSMS, Drivers, and more. I don’t want to summarize it further, because you really should just go read it. We also open-sourced ScriptDOM, which is a powerful .NET library for code parsing, generating an abstract syntax tree (AST) that can be leveraged to apply code formatting, detect antipatterns, and more.
Videos
We continued to release new and exciting episodes this month. Here is the list, or you can just see the playlist we created with all the episodes!
Use Microsoft Purview DevOps policies to control access and limit insider threats
[MVP Edition] Bring your SQL expertise to the Data Lake with Serverless SQL Pools
Don’t let change pass you by! Get started with Change Tracking in your SQL Database
SQL Insider Series: Get Started with Azure Cognitive Search for Azure SQL
Registering SQL Server on Azure Virtual Machines with New IaaS Agent Extension Benefits (Ep. 12)
SQL Server 2022: T-SQL Enhancements [Ep. 6]
[MVP Edition] Capturing Query Metrics in Azure SQL Database
We’ve also had some great Data Exposed Live sessions this year. Subscribe to our YouTube channel to see them all and get notified when we stream.
Events If you are looking to attend some in-person and virtual events this month, the Azure Data team has you covered. We’ll be at the following events and are looking forward to seeing you there! May 6: SQLSaturday Jacksonville – May 5: The SQL Server 2022 Workshop, Bob Ward – May 6: SQL Server 2022 and the Wheel of Power, Bob Ward
May 12:New Stars of Data, Virtual – From your Couch to the Cloud: When and Why to use the Azure Portal, Makena Barickman
May 15-17:Techorama, Belgium – Confidential computing with Always Encrypted using enclaves, Pieter Vanhove
May 22-25:Dell Technologies World, Las Vegas – Microsoft & Dell: Evolve your data strategy with SQL Server and Azure Arc, Bob Ward – Take control of your data using Microsoft Azure Hybrid, Bob Ward
May 23: Red Hat Summit, Boston – Enterprise data management foundations: The benefit of Red Hat platforms for enterprise workloads, Bob Ward
May 23-25: Microsoft Build, Seattle & Online – Increase developer velocity with Azure SQL Database, from data to API – Modernize your applications on Azure SQL Managed Instance Q&A – Do more on Azure SQL Database Hyperscale Q&A – Protect your data from tampering with ledger in Azure Managed Instance – Further, Faster, with Azure Functions and Azure SQL Integration
Blogs to follow
There are a lot of blogs that I follow to stay up to date. If you want more details than I give here, I recommend checking out:
You’ve been hearing a lot about OpenAI and ChatGPT. My pick of the month comes from Valentina Alto, who wrote a super fascinating blog which details how you can use Azure OpenAI and Azure SQL Database to query your SQL tables. You don’t want to miss it!
Until next time…
That’s it for now! Be sure to check back next month for the latest updates. We also release new episodes of Data Exposed on Thursdays at 9AM PT and new #MVPTuesday episodes on the last Tuesday of every month at 9AM PT at aka.ms/DataExposedyt.
Having trouble keeping up? Be sure to follow us on twitter to get the latest updates on everything, @AzureSQL.
This article is contributed. See the original author and article here.
Today, we’re announcing the availability of a much-requested feature for IT administrators planning and deploying Windows feature and quality updates—email alerts! Starting today, you can get notified about Windows known issues documented in the Windows release health section of the Microsoft 365 admin center. This enables you to easily and quickly learn about issues related to Windows updates and make informed decisions about rolling out an update across your environment.
When you sign up, you’ll receive emails about new issues for the versions of the Windows operating system you support, as well as updates to known issues such as:
Changes in issue status
New workarounds
Issue resolution
This new feature is available to IT admins with a Windows or Microsoft 365 tenant, a subscription that provides access to Windows release health in the Microsoft 365 admin center[1], and an eligible admin role.
Watch this short video for a quick step-by-step on how to set up email notifications for Windows known issues.
First, log in to the Microsoft 365 admin center and locate Windows release health under the Health menu. If you don’t see this option or don’t have access to the admin center, contact your organization’s global admin and request access and an admin role in the tenant.
Windows release health in the Microsoft 365 admin center is available to those with an admin role for an organization/tenant with an eligible Windows or Microsoft 365 for Business subscription[1]. By default, the person who purchased your organization’s Microsoft business subscription is the global admin. For more information on admin roles, see Assign admin roles in the Microsoft 365 admin center.
How to subscribe
To sign up for email notifications about Windows known issues, visit Windows release health in the Microsoft 365 admin center. Once there, select Preferences > Email and select Send me email notifications about Windows release heath. From there, do the following:
Enter up to two email addresses to receive the notifications. Each admin can set their own preferences. The limit of two email addresses is per admin account. Addresses can include distribution lists, so you can keep colleagues in your organization informed of issues even if they don’t have access to the admin center.
Select which Windows versions you want to be notified about. If your organization supports multiple versions of Windows, we recommend selecting all that apply.
Lastly, don’t forget to select Save.
Screenshot showing the Windows release health page and preferences for email setup, including the list of supported Windows versions to check off.
Please note that if a single known issue affects more than one version of Windows, you’ll only receive one email. So, there’s no need to worry about duplicate emails, even if you sign up for multiple versions.
You can update your notification preferences anytime. Simply visit the same Windows release health page, select Preferences, and change the Windows versions, the email addresses subscribed, or choose to stop receiving these emails.
Windows release health emails: information and structure
The notification body will include the full content published about the issue in the Windows release health section of the Microsoft 365 admin center. With a quick glance, you’ll be informed of the status of the issue, as well as versions affected. You’ll find links to view the message in the admin center. When available, the text will include links to resources with additional information, along with associated KB articles that can address or resolve an issue.
Share your feedback
Have suggestions about how we can improve our communications about issues? We welcome your feedback. While looking at a known issue in the admin center, select Is this post helpful? and share your thoughts and suggestions. We appreciate your collaboration!
Join us for more demos and discussion
We are actively working on improvements to Windows release health on Microsoft Learn and the Microsoft 365 admin center—now we want to share what’s new in these experiences!
Register for our May 24th webinar to learn about the latest capabilities and when/where we share information about Windows known issues, safeguard holds, hardening changes, monthly updates, lifecycle updates, and new versions of Windows. Share your feedback. Bring your questions. Get informed and help us shape the future of these experiences!
Now it’s easier than ever to stay up to date on Windows known issues and make informed decisions about deploying updates in your organization. Visit admin.microsoft.com and sign in with your Microsoft 365 account to get started. Please let us know your opinion about this email feature in the comments below!
[1]Requires one of the following subscriptions: Microsoft 365 Enterprise E3/A3/F3, Microsoft 365 Enterprise E5/A5, Windows 10 Enterprise E3/A3, Windows 10 Enterprise E5/A5, Windows 11 Enterprise E3/A3, or Windows 11 Enterprise E5/A5.
This article is contributed. See the original author and article here.
Real-time analytics reports provide visibility into the overall support performance of an organization, so supervisors can monitor key operational metrics, make course corrections at the right time, and keep service levels high.
Disclosure date: April 28, 2023 We sent communications to affected customers that we are planning to deprecate the Intraday Insights for Omnichannel for Customer Service.
Deprecation date: May 1, 2023 After this date, we are no longer going to invest in Intraday Insights for Omnichannel for Customer Service.
End of support: October 31, 2023 After this date, we are no longer going to support the Intraday Insights for Omnichannel for Customer Service.
End of life: April 30, 2024 After this date, Intraday Insights for Omnichannel for Customer Service will be taken out of service.
Next Steps
We strongly encourage you to move to Real-time analytics reports in Omnichannel for Customer Service. We will be focusing our future developments on them, and these reports are our recommended solution for all Dynamics 365 Customer Service real-time reporting needs.
Real-time analytics reports provide information about the health and key performance indicators (KPIs) for your organization. Supervisors can use real-time metrics and review work distribution to adjust agent allocation. They can also drill down into agents’ ongoing conversations, view the customer sentiment, and join the conversation if necessary.
Please contact your Success Manager, FastTrack representative, or Microsoft Support if you have any additional questions.
This article is contributed. See the original author and article here.
Last week, I had the privilege of attending the RSA Conference in San Francisco. RSA is an annual event that brings together professionals across the security industry to discuss the latest trends and challenges in cloud security. The conference provides a platform for attendees to learn from experts, network with peers, and explore new products and technologies.
These are three lessons in cloud security I took away from RSA 2023:
Innovation in cloud security will democratize the path to becoming a security expert
As cloud security innovation progresses, it will facilitate the journey for individuals to become security professionals. Microsoft Security Co-pilot serves as a starting point, offering proactive threat hunting and response capabilities to aid organizations in identifying and managing security incidents. Through leveraging machine learning and artificial intelligence to analyze data, Co-pilot reduces the burden on security professionals. To best empower our customers with tooling such as Co-pilot, we must build solutions that are user-friendly security and enhance human knowledge. Augmenting human intelligence with security tooling will not only help solve the cyber skills gap, but also make it possible for all organizations to invest in security.
Securing the data pipeline is a priority
In 2019, the average cost of a data breach was $4M. Today, 88% of organizations still report lacking the confidence to prevent sensitive data loss. Securing the data pipeline has become a critical priority for organizations in today’s digital landscape. As data moves through various systems, devices, and networks, it is vulnerable to cyber threats, making it essential to have robust security measures in place. The data pipeline consists of multiple stages, including data collection, processing, storage, and distribution, and each stage presents unique security challenges. Protecting data at each of these stages is a growing priority for customers, often spurred by increasing regulatory or compliance requirements. Measures such as data encryption, access controls, and threat monitoring are required to secure the end-to-end data flow and protect against unauthorized access, data breaches, and other cyber threats.
We need a strong security ecosystem, including startups and partners, to build out a holistic security posture
Cloud environments are dynamic. To stay up to date, we must prioritize continuous monitoring to match the speed of deployments at cloud-scale. On top of this, our customers face the challenges of an ever-growing attack surface. To match these challenges, we need to lean on a robust security ecosystem. No security company can solve all the challenges in this space; we must invest in partnerships to best protect our customers. In today’s rapidly evolving threat landscape, organizations must also adapt to keep up with attackers who are continually devising new and different approaches. Start-ups propel the entire industry forward through their innovative approaches to security. Similarly, partner solutions fill holes in our ecosystem and ensure we are addressing security holistically for our customers. Security is a team sport. While no single company can do it all, together we are unstoppable. Building and nurturing a security ecosystem is vital to staying ahead of the constantly evolving threat landscape and ensuring a secure digital environment.
This article is contributed. See the original author and article here.
Today, we embark on the next chapter for SharePoint and OneDrive. We are excited to share the latest SharePoint innovations that will make it simpler for customers to build compelling and engaging SharePoint sites and pages alongside a refreshed OneDrive experience.
This article is contributed. See the original author and article here.
ByMarina Khidekel, Chief Content Officer at Thrive Global
Throughout our time spent at home during the pandemic, many of us picked up new rituals and habits that helped us stay positive, grounded, and optimistic. We learned new skills, revisited childhood passions, and started incorporating little activities that became staples in our everyday routines. In fact, many of them are continuing to boost our happiness and well-being.
We asked our Thrive community to share with us the pandemic habits and rituals that are now staples in their routines. Which of these will you implement into your routine?
Five-minute journaling
“I have tried journaling in the past and it never stuck, mainly because I do not consider myself a writer and would judge myself for journaling what I classified as ‘mundane thoughts.’ The five-minute journal was such a nice shift from traditional journaling. It’s quick and easy, allowing me to set an intention for the day with some added reflection at night.”
—Julie Bronsteatter, personal and executive coach, Chicago, IL
Taking evening walks
“During the pandemic, my husband and I took our dog on long walks in the evening. It was a relief to get out of the house and feel the sunshine on our faces. It created space for us to talk to each other about what was happening and how we felt. We found that we took more time to notice the sunset in the evening, sometimes having a cocktail on the patio while watching the world go by. In the chaos of what was happening, it gave us time to ground ourselves individually and as a couple. We still take our evening walks and remember to focus on the positive, staying grounded in who we are and the decisions that we make.”
—Anne McAuley Lopez, content writer, Chandler, AZ
Baking bread from scratch
“I learned to bake bread from scratch during the pandemic. While I love to cook, baking bread always terrified me. It seemed like too daunting a challenge. I decided to face my fear and give it a whirl. While it is not something I do daily, it is definitely still something that I do very regularly. I find that the process is meditative, and the smell of fresh baked bread is such a reward for the work that goes into it!”
—Cindy J., executive search and human resources consultant, Boston, MA
Replacing phone calls with video
“I used to stay in touch with distant relatives and friends via phone calls, texts, and emails, but now that I have the rhythm and the technology in place, I enjoy turning on the video function to connect. It’s added a great dimension to our conversations and the ‘getting ready’ bit is now a nice part of the process. Even the older generation has come on board and enjoys the video calls!”
—Marta Rzeszowska Chavent, management and change consultant, France
Home cooking
“During the lockdowns, I planned and prepared most of my meals, and cooking was therapeutic. I would play an audiobook whilst cooking and was finally able to read two books a month. Another bonus: It was easier to practice intermittent fasting where I’d eat at 2:00 p.m. and stop before 7:00 p.m. This routine gave me structure and saved so much time. Now that we can go out, I still do this at least five days a week, as it makes me feel calm, disciplined, and enriched.”
—Georgina Chang, communication coach and mentor, Singapore
Setting intentions
“One new technique that I picked up during the pandemic that continues to be a positive change for me is setting intentions for every part of my day. This technique is called Segment Intending. I divide the day into three segments, such as personal, work, and family. Each segment has two things that I want or need to accomplish for that day. The intentions I set are always positive. That way, even if some unforeseen and unpleasant circumstances happen, I still train my mind to see the positive in that moment of interaction. It also helps divide your day into manageable segments.”
—Armida Markarova, leadership development and employee engagement, Chicago, IL
Doing at-home workouts
“Since I could not go to my regular gym during the pandemic, I bought an elliptical to be able to do a bit of exercise indoors in winter, as I struggle with seasonal affective disorder. I am a big fan of electronic dance music, so to start off my day in a better mood, I use the elliptical for twenty minutes and I play videos of recorded EDM sets, which I think helped with my endorphins and mentally reminded me of an activity that I would soon get to do again. I still do this on days where I don’t go to the gym!”
“During the pandemic, I increased my outdoor exercise routine — rain, snow, or shine. I began walking on empty country roads for 90 minutes every day. While some days the snow was in my face, I found it invigorating. I just had to walk and my body did the rest. The ritual encompassed simplicity and serenity at the same time. This improved my mood and it’s still a staple in my routine.”
—Cathy Connally, managing partner, Toronto, ON, Canada
Daily free writing
“Every evening, I set a timer and free-write for three minutes. I write anything that needs to come out of my mind and onto the page. It’s been eye-opening, recording the gratitude, the small wins, the creative ideas, and the connection parts of the day that normally I’d overlook or not make the time and space to see. I force myself to write for three minutes and typically the goodness comes out in the last 30 seconds!”
—Lisa Pezik, business strategist and content expert, Ontario, Canada
Checking in with loved ones
“I missed my family and friends, but we have found ways to reassure each other of our love. I stay connected with them through video chats, phone calls, and text messages. I reach out to friends when I am having a bad day, and regularly check in to see how they are doing.”
—Sara Leandro, health coach, Berlin
For more actionable tips and inspiration on strengthening resilience and improving well-being at work and beyond, visit ThriveGlobal.com
Marina Khidekel, Chief Content Officer at Thrive Global
Marina leads strategy, ideation and execution of Thrive Global content company-wide, including cross-platform brand partnership campaigns, editorial tentpoles and partnerships, and the voice of the Thrive app. In her role, she helps people tell their personal stories of going from surviving to thriving, brings Thrive’s audience actionable, science-backed tips for reducing stress and improving their physical and mental well-being, and shares those insights on panels, at conferences, and in national outlets like NBC’s TODAY. Previously, Marina held senior editorial roles at Women’s Health, Cosmopolitan, and Glamour, where she edited award-winning health and mental health features and spearheaded the campaigns and partnerships around them.
This article is contributed. See the original author and article here.
From the rise of remote work to the emergence of AI, SMBs are poised to benefit greatly from a new generation of technology to help grow and scale businesses. Read on to learn more about new investments Microsoft is making to help SMBs achieve more than ever before.
Our Use case Project – Content Manager Mobile App (Register Here)
What is this session about? When the marketing submits the content, they want to use as part of the marketing strategy they are normally using a traditional system of sending emails back and forth with documents of the content. We want to automate this process to make it easier for the Marketing Manager to have a summary of the content, the original content and review it to either approve/reject the content that will be posted on the company’s social media accounts.
Who is it aimed at? This session is aimed at anyone who wants to learn how to build AI powered apps and wants to learn more aboutAzure OpenAI
Solution Considerations before development
Before you build an application, you should have some thought and break down what you want to do before building. This process is often called “Solution Architecting“. While we will not be taking a lot of time doing this, I would like to introduce you to the basics of it.
Watch On Demand – Coming Soon
Speakers: Hadeel Shubair Hadeel is a Regional Cloud Advocate and Data Analytics Engineer for Microsoft, Middle East/Africa region. She holds a Master’s degree in Data Analytics and is passionate about learning and sharing her knowledge on tech topics including Data Analytics, AI, & ML. Before joining Microsoft, Hadeel held several appointments and roles including Google Women in Tech scholar through which she delivered several sessions to the community to motivate and empower young talents. Hadeel also served as part of the Data & Communications team overlooking the organization of the World Government Summit. On the other side, while at University, Hadeel chaired the Women in Engineering club, and was the Chief Editor of the Engineering Newsletter. As a Cloud Advocate for the Microsoft Reactor, Hadeel’s main goal is to take you on a journey to understand & learn more about Data and AI concepts and applications. She’s passionate about technology, education, & growing the Data & AI community across the region.
Someleze Diko Someleze is a young individual that is passionate about upskilling people from different communities using the different technologies at his disposal through being involved with initiatives that upskill and empower people. Today, he is an M365 and Power Platform Cloud Advocate at Microsoft focusing on upskilling students and communities through the Microsoft Power Platform. Before becoming a Cloud Advocate, Someleze was a Gold Microsoft Learn Student Ambassador in which he worked closely with other ambassadors to learn, upskill and empower students in different communities through hosting sessions that cover different Microsoft Technologies. He also served as a United Nations Peace Ambassador alongside his team from Artpeace.
This article is contributed. See the original author and article here.
As you may have heard; Windows LAPS feature is released to Public Preview in the last week of April. It has support for two main scenarios for backing up local administrator password such as storing passwords in Azure AD and Windows Server AD. It also has interoperability with legacy LAPS solution. This article on the other hand; will focus on native cloud deployment for Windows 10/11 clients that does not have legacy LAPS client installed, managed through Intune and either Hybrid Azure AD Joined or Azure AD Joined.
In this blog post, I’ll walk you through basic policy configuration and core Windows LAPS functionalities such as accessing local administrator passwords from different consoles and manually triggering password rotation.
Pre-requisites for enabling Windows LAPS may change in the future, so it is always a good idea to check online documentation first; but the tasks we will cover in this post are as follows:
Enabling local administrator password feature on tenant level
Creating a Windows LAPS Policy
Monitoring policy application
Accessing local administrator passwords that are backed up
Rotating local administrator passwords manually
Enable Azure AD Local Administrator Password Feature
Enabling Local administrator password settings in tenant level can be done in Azure AD portal, Devices node, Device settings view. Option to enable Azure AD Local Administrator Password Solution (LAPS) will be available for configuration.
Snippet from Azure Active Directory Devices Node, Device Settings View
After enabling feature on the tenant level, we can proceed with policy creation.
Creating Local Admin Password Policy
Local Admin Password Solution policies can be configured from Endpoint Security Node, Account Protection view. Clicking on “Create Policy” button will present policy creation wizard.
Snippet from Endpoint Security, Account Protection View
First option will be selecting platform for the policy, and the second option will be policy type itself. As you notice, there are different account protection policy options such as Local User Group Membership or Account Protection as well as Local Admin Password Solution (Windows LAPS). Selecting Local admin password solution (Windows LAPS) from profile list will start policy creation wizard.
Snippet from Endpoint Security, Account Protection Node, Policy Creation View
As always, first step is naming policy as well as giving a description.
Snippet from Policy Creation – Naming Account Protection Policy
Next step is building the policy itself. As you see there are several options regarding Administrator account, password options as well as the directory to backup the local administrator password. Let’s take a deeper look at these options and prepare our Windows LAPS policy.
Snippet from Policy Creation, Configuration Settings View
Backup Directory:
First setting in creating Windows LAPS policy is defining the directory service that will be used to backup the local admin password on the endpoints. It is possible to use Windows Server Active Directory or Azure Active Directory as a means to store local admin passwords. You can also use “Disabled” option to remove existing configuration.
Snippet from Policy Creation, Backup Directory Options
There will be additional settings depending on the backup directory selected. Some of these will include Active Directory specific settings such as “AD Encrypted Password History Size”, “AD Password Encryption Principal” and “AD Password Encryption Enabled” if backup to Active Directory is selected.
Snippet from Policy Creation, Backup Directory Setting – Active Directory only
Only additional setting to configure will be Password Age Days when Azure AD selected as the directory service for backing up the local administrator password. Password Age Days option defaults to 30 days unless it is configured and it is possible to configure this option between 7 days & 365 days while backing up to Azure AD, and 1 day & 365 days while backing up to Active Directory.
Snippet from Policy Creation, Backup Directory Setting – Azure AD
Administrator Account Name: Another setting to configure is the Administrator account name to manage. Policy will use Built-In Administrator SID if not configured. Renaming built-in administrator account will not impact SID monitoring, so you can configure this option to define, if there is another local administrator account present on the endpoint to manage its password.
Snippet from Policy Creation, Administrator Account Name Setting
Password Complexity: Next setting that will require our attention will be Password Complexity. This is where we define how complex local administrator passwords will be on the endpoints. As you can see there are different options to use Large letters, small letters, numbers and special characters in the local administrator password.
Snippet from Policy Creation, Password Complexity Options
Password Length: Another important item to configure is the password length setting which will define the length of local administrator password created based on the complexity requirements defined earlier. It defaults to 14 characters unless defined, and has a minimum of 8 and maximum of 64 character limitation.
Snippet from Policy Creation, Password Length Setting
Post Authentication Actions: Post Authentication Actions will define what will happen to the password, user or device after logging on with the stored local admin credentials. Password will be reset at a minimum, managed account will be logged off or device will be rebooted after the expiry of grace period to make sure password rotation took place. Fort his configuration I will define my policy to reset the password and logoff the managed account upon expiry of the grace period.
Snippet from Policy Creation, Post Authentication Actions Setting
Post Authentication Reset Delay: Post authentication reset delay value will define the time in hours to execute the actions following authenticating with the managed identity as defined earlier. This setting defaults to 24 hours if not configured; and can be set between 0 (disables post authentication actions) and 24 hours.
Snippet from Policy Creation, Post Authentication Reset Delay Settings
Just like all the other device configurations that can be deployed by intune, next step in the policy wizard would be assigning a set of devices for policy application. In my environment i’ve used built in All devices group.
Snippet from Policy Creation, Group Assignment
Monitoring Policy Application
It is possible to monitor Windows LAPS policy application via Intune just like any other policy. One way would be pivoting from policy itself. It is possible to view check-in status per logged on user in the policy details.
Snippet from Windows LAPS Policy Properties, Check-In Status
It is also possible to pivot from a device; checking device configuration view from device properties and validating the policy application to the endpoint.
Snippet from Device Properties, Device Configuration View
When drilled through the device configuration applied, we can see per-setting level status as well. You may see the settings are successfully applied to our device in the following snippet.
Snippet from Device Configuration, Profile Settings View
Accessing Local Admin Passwords
Once the policy is applied on the endpoint, Windows LAPS will create a random local administrator password for the managed credential in the endpoint and will store this as an attribute that is accessible through either Azure AD, or Microsoft Intune. On the other hand, there are some requirements for accessing the local admin password.
Someone who needs to view local admin passwords should be granted with the following rights in Azure AD as stated in the RBAC document here.
An admin / operator user who has correct rights / roles assigned, can access to the local admin password recovery view either following Azure Local administrator password recovery view within Devices Node, ins Azure Active Directory console, or they can use “local admin password” view inside device properties within Microsoft Intune.
For Azure Active Directory, admin / operator can drill on the properties of the endpoint that its local administrator password is looked for; click on Local administrator password recovery link from the left hand side menu. This will bring information about the local administrator password such as when the last password rotation was and when the next password rotation will be, as well as an option to Show local administrator password.
Snippet from Azure Active Directory, Device Properties, Local Administrator Password Recovery View
When clicked on Show local administrator password task, a window will pop-up from the right side of the screen and will Show details about the managed identity such as Account name, SID information, password rotation details as well as local admin password hidden in asterisk with a “Show” button.
Snippet from Azure Active Directory, Local Administrator Password Retrieval
Clicking on Show button will reveal the current local administrator password for the endpoint. Admin / Operator user can then use Copy button to copy the local administrator password to clipboard and use it to do the tasks that require administrator privileges.
Snippet from Azure Active Directory, Local Administrator Password Retrieval
Once the password is used to authentication to the target system, actions defined in post authentication actions policy setting will be executed after a time period defined in post authentication actions delay policy setting. These actions may include rotating password, logging off the managed identity or rebooting the device.
It is also possible to manually trigger local administrator password rotation. Task for Windows LAPS password rotation can be found in the actions menu item for the given endpoint.
Snippet from Microsoft Intune Device Properties, Rotate Local Administrator Password Task
Once clicked, admin / operator user will get a confirmation message stating that old password will no longer be applicable and a new password will be generated after rebooting the device.
Snippet from Microsoft Intune, Local Administrator Password Rotation Confirmation
It is also possible to access local administrator password via Microsoft Intune device properties. Let’s check how and confirm that password for local administrator has changed with rotate local admin password task.
Snippet from Microsoft Intune, Local Administrator Password Rotation
Device properties for a given device has an option for Local admin password. Which has the information about last rotation time for local administrator password, next rotation time for local administration password as well as Show local administrator password task just like the one in Azure Active Directory. Clicking on Show local administrator password task will reveal a similar pop-up from right hand side, that is usable to copy the existing local administrator password for the device.
Wrap Up:
Windows LAPS feature is released to Public Preview while this post is written. It has native support for cloud scenarios such as Hybrid Azure AD Joined devices and Azure AD Joined devices as well as interoperability with legacy LAPS solution. Customers may use Intune to create and deploy Windows LAPS policies and may utilize Azure AD or Microsoft Intune portals to view local administrator password for a given device. It is also possible to utilize Graph API to do certain tasks which can be a subject of another post.
Recent Comments