This article is contributed. See the original author and article here.
Hello everyone,
Today, we’re sharing our March train for feature and breaking changes. We also communicate these changes on release notes and via email. We are continuing to make it easier for our customers to manage lifecycle changes (deprecations, retirements, service breaking changes) within the new Entra admin center as well. In addition, we will be including new feature launch announcements as part of this blog post going forward so you can see both changes to existing features and new features in a single list.
March 2023 change announcements:
Security Improvements
Number Matching Message Center post refresh
Microsoft Authenticator app’s number matching feature has been Generally Available since November 2022. If you haven’t already leveraged the rollout controls (via Azure Portal Admin UX and MSGraph APIs) to smoothly deploy number matching for users of Microsoft Authenticator push notifications, we highly encourage you to do so. We had previously announced that we will remove the admin controls and enforce the number match experience tenant-wide for all users of Microsoft Authenticator push notifications starting February 27, 2023. After listening to customers, we will extend the availability of the rollout controls for a few more weeks. Organizations can continue to use the existing rollout controls until May 8, 2023, to deploy number matching in their organizations. Microsoft services will start enforcing the number matching experience for all users of Microsoft Authenticator push notifications after May 8th, 2023. We’ll also remove the rollout controls for number matching after that date.
Azure Multifactor Authentication Server Beginning September 30, 2024, Azure Multifactor Authentication Server deployments will no longer service multifactor authentication (MFA) requests, which could cause authentications to fail for your organization. To ensure uninterrupted authentication services and to remain in a supported state, organizations should migrate their users’ authentication data to the cloud-based Azure MFA service using the latest Migration Utility included in the most recent Azure MFA Server update. Learn more at Azure MFA Server Migration.
Enabling System-preferred authentication methods
Today, various authentication methods can be chosen by users as their default. However, not all authentication methods provide the same level of security. This situation creates potential risk for organizations when less secure authentication methods are chosen, especially in place of phishing-resistant methods.
To address this, we’re introducing system-preferred authentication for MFA. When enabled, at runtime the most secure authentication method of the user’s registered methods will be requested as the second factor of authentication. This replaces the previous feature, where the user selects a ‘default’ method and is therefore always prompted for that method first, even when more secure methods are registered and available. This functionality is available today using MSGraph API. Once enabled, users will be prompted to sign in using the most preferred authentication method available. Learn more at System-preferred multifactor authentication (MFA) – Azure Active Directory – Microsoft Entra | Microsoft Learn.
Deprecation of ‘Require approved client app’ Conditional Access Grant
On March 31, 2026, theRequire approved client app control in Azure Active Directory (Azure AD) Conditional Access will be retired and no longer enforced. Before that date, you’ll need to transition and start using the Require app protection policy control. We encourage you to make the switch sooner to gain the richer benefits of the Require app protection policy control, which has all the same capabilities, plus:
It verifies the corresponding Intune policy.
It’s applied before a user is granted access.
It has a strengthened security posture.
To avoid any disruptions in service, transitionto using the ‘Require app protection policy’ control in Azure AD Conditional Access by March 31, 2026. If you have questions, get answers from community experts in Microsoft Q&A.
Retirement of managing authentication methods in legacy Multifactor Authentication (MFA) & Self-Service Password Reset (SSPR) policy
Beginning September 30, 2024, we will no longer allow authentication methods to be managed in the legacy MFA and SSPR policies. Organizations should migrate their methods to the converged authentication methods policy where methods can be managed centrally for all authentication scenarios including passwordless, multi-factor authentication and self-service password reset. Learn more at Manage authentication methods for Azure AD.
IPv6 coming to Azure AD
Earlier we announced our plan to bring IPv6 support to Microsoft Azure AD enabling our customers to reach the Azure AD services over IPv4, IPv6, or dual stack endpoints. This is just a reminder that we’ll begin introducing IPv6 support into Azure AD services in a phased approach, starting March 31st, 2023.
If your networks don’t support IPv6, you don’t need to take any action to change your configurations or policies. For most customers, IPv4 won’t completely disappear from their digital landscape, so we aren’t planning to require IPv6 or to deprioritize IPv4 in any Azure AD features or services. We will continue to share additional guidance on IPv6 enablement in Azure AD at this easy to remember link https://aka.ms/azureadipv6.
Accept or decline terms of use as part of the sign-in flow
No functionalities will be removed. The new PDF viewer adds functionality and the limited visual changes in the end-user experiences will be communicated in a future update. If your organization has allow-listed only certain domains, you must ensure your allow-list includes the domains ‘myaccount.microsoft.com’ and ‘*.myaccount.microsoft.com’ for Terms of Use to continue working as expected. For additional information visit https://aka.ms/touuiupdate
Improved My Groups Experience
A new and improved My Groups experience is now available at myaccount.microsoft.com/groups and in May 2023, the old experience will be deprecated. The previous URL (mygroups.microsoft.com) will redirect users to the new experience at myaccount.microsoft.com/groups.
My Groups enables end users to easily manage groups, such as finding groups to join, managing groups they own, and managing existing group memberships. Based on customer feedback, we’ve also added:
Sorting and filtering on lists of groups and group members
A full list of group members in large groups, and
An actionable overview page for membership requests
Today, end users can get the richer benefits of the new My Groups by proactively switching to myaccount.microsoft.com/groups. Navigation between the old and new experiences is available via notification banners on each site.
Note: the ‘Self Service Group Management’ admin controls will no longer be available for the new My Groups and will be deprecated in May 2023. Admins can no longer restrict owners or users from accessing or using My Groups. Admins can still manage end users’ ability to create M365 and Security groups using the settings described here.
If your organization uses myapps.microsoft.com to discover and launch apps, and has set up an allow-list for only specific certificates and/or domains, you’ll need to update your allow-list in order for app launching to continue working as expected. We’ve introduced a new endpoint to launch apps for better performance and resilience. App launch requests will go to a new domain: launcher.myapps.microsoft.com.
If you use myapps.microsoft.com/signin or account.activedirectory.windowsazure.com/applications/signin deep links and have allow-listed only certain certificates, you will need to update your allow-list to include certificates from myapplications.microsoft.com. If you have allow-listed only specific domains or IPs, you will need to update the allow-list to include launcher.myapps.microsoft.com. Please ensure to update your allow-list latest by June 30, 2023 for My Apps portal to continue working as expected.
To easily check if you need to update your certificate allow-list, go to https://myapplications.microsoft.com. If it loads as expected, no update is needed. If you encounter an issue, you’ll need to make an update.
Whichever method you used to allow-list the My Apps certificate in the past, you should use the same method to allow-list the new one coming from My Apps. Retrieving the My Apps certificate that you need to allow-list will vary depending on the browser you’re using. On Edge, select the lock icon in the URL bar, to the left of the URL. Then select the option that says “Connection is secure” from the dropdown. In the “Connection is secure” details, select the certificate icon which will open the Certificate viewer containing the details of the certificate. For additional information visit: Office 365 URLs and IP address ranges – Microsoft 365 Enterprise | Microsoft Learn
The optional experience One-click app configuration of SAML single sign-on, which was available for select SAML apps from the Azure Marketplace or Azure AD application gallery, will be retired in May 2023. All applications that were previously configured using this feature will continue to work as expected, and no action is needed at this time.
My Apps app search behavior will now search across all apps in MyApps and has new launching behavior. When you enter a search term, the My Apps portal will now open in a new tab with your query applied to your list of apps. You can then launch apps from the search results. There will no longer be a “Recently Used” section in the extension user experience.
App Proxy link translation feature will now use dynamic and session-scoped rules. This introduces a new limit of 2250 unique link translations per tenant.
Please ensure you are using the most recent version of the Edge Add-on or Chrome extension. Please note, support for the Firefox version of this extension ended in September 2021.
Azure AD Admin Center will redirect to Microsoft Entra Admin Center
Beginning April 1, 2023, Azure AD Admin Center (https://aad.portal.azure.com) will redirect to Microsoft Entra Admin Center (https://entra.microsoft.com). You will still be able to complete all your Azure AD management tasks from within the new admin center. To ensure uninterrupted access to the management experience, organizations should update their firewall rules.
Will I still be able to access my Azure AD admin portal after April 1st, 2023?
We want to reiterate our commitment to ensuring a smooth transition for our customers from Azure AD Graph to Microsoft Graph. As previously announced, Azure AD Graph will remain available until June 30, 2023. While we reserve the right to retire it at any time after June 2023, we will continue to monitor usage and provide ample time for customers to migrate off the APIs before retiring it. In the meantime, we will continue to offer support for Azure AD Graph with security-related fixes, and we discourage taking production dependencies on Azure AD Graph. All new features and functionalities will only be made in Microsoft Graph. We encourage all customers to prioritize migration to Microsoft Graph. Learn more at Migrate Azure AD Graph apps to Microsoft Graph – Microsoft Graph | Microsoft Docs.
PowerShell Deprecation
As we approach the end of the support period for the three PowerShell Modules – Azure AD, Azure AD Preview, and MSOnline – we want to remind you that the planned deprecation date is June 30th, 2023. Depending on the status of Azure AD API, some cmdlets might stop working after June 30th, 2023. We will continue to check usage and provide time for customers to migrate off the three PowerShell modules before retiring them. We will not retire an API/cmdlet unless we have feature parity for that API in Microsoft Graph.
Until we retire, we will continue to support security-related updates. We encourage you to continue migrating to the Microsoft Graph PowerShell SDK, which still is the focus of all our current and future PowerShell investments.
We want to remind you that the planned retirement date for the Azure AD Graph and MSOnline PowerShell licensing assignment APIs and PowerShell cmdlets for existing tenants is March 31, 2023. APIs and cmdlets will not work for new tenants created after November 1, 2022.
Below is a quick snapshot of our communication schedule.
Category
Definition
Communication schedule
Retirement announcement
Signals the retirement of a feature, capability, or product in a specified period.
Typically, at this point, new customers are not permitted to adopt the service/feature, and engineering investments are reduced for the specified feature.
Later, the feature will no longer be available to any customer as it reaches the “end-of-life” state.
Breaking change: Expected to break the customer/partner experience if the customer doesn’t act or make a change in their workload for continued operation.
Feature change: Change to an existing Identity feature that doesn’t require customer action but is noticeable to the customer. These are typically UI/UX changes.
These changes generally happen more often and require a more frequent communication schedule.
Four times per year (March, June, September, and November)
As always, we’d love to hear your feedback or suggestions. Let us know what you think in the comments below or on the Azure AD feedback forum. You may also send your questions, open issues, and feature requests through Microsoft Q&A by using the tag #AzureADChangeManagementMar2023Train.
This article is contributed. See the original author and article here.
Converting leads and opportunities directly contributes to the company’s revenue. To increase conversion rate companies often need a number of factors to align. First, it’s about matching the right seller to take the deal forward. As a business owner or sales manager, finding the best seller to work on the new lead can really make or break a customer relationship. We need to look carefully not just at the seller with the highest close rate, but also balance that with their availability and expertise to attend to the customer’s needs and requirements.
Applying the right business tactic to close a deal at the right moment is the second key to success. We must recognize where the buyer is in their sales journey and employ the right action to engage. If we can use technology to help provide some guidance on the next actions, it could help all sellers do their best to secure the deal.
With the new Dynamics 365 Sales segments and rules, we can help you achieve those goals!
3 easy steps to supercharge sales conversion:
Organizations that run outreach programs to generate interest want to see a positive return on that investment and get it into sellers’ hands fast. To auto-assign sellers to the right leads and guide them with the right tactics, follow this simple 3-step automation process:
Segment leads based on business strategy. A segment is a collection of records that are grouped together based on certain conditions. For example, location, deal value, language, or product.
Auto-assign sellers using assignment rules. Assignment rules enable new leads and opportunities to be automatically assigned to sellers or sales teams.
Auto-connect the relevant sequence to guide the seller.Sequences help provide best practice engagement steps, by introducing a set of suggested actions for sellers to follow while managing their deals. Sequences can adapt to the way the engagement flows, to ensure they remain relevant and insightful.
Automation flow for leads
Increase assignment productivity by removing repetitive tasks
We see that distribution of leads is often in one of two ways:
Via a sales manager or representative who assigns the leads. This could be manual or using some basic pre-set criteria.
First come first serve basis, where sellers pick up leads for action, from a general ‘pool’.
These options open the door for a potential misbalance of assignment and lack of optimization to customer needs, which without tracking could lead to sellers missing leads.
Let’s explore how using segments can reduce missed opportunities to follow up, remove the repetitiveness, and help boost productivity.
Create Segments
To start with, create segments to classify incoming records based on your business needs. For example, you want to segment all leads coming through your website originating from the USA. In this case, you could create a segment for ‘Leads from US website’.
Create segments – define segment conditions.
Auto-assign sellers to the right lead/opportunity
To increase conversion chances, you want the right seller to work on the right lead/opportunity. This assignment is based on their skill, capacity, availability, location, etc. For example, you may want to assign an opportunity to a specialized seller who works in the same location as the lead. To do that, you can define a rule to find a seller based on their location and specialization.
Define conditions to auto-assign seller
Connect a sequence to guide the seller with the next best action
A sequence will guide the seller with best practices to qualify a lead or take the opportunity forward. Auto-connect a sequence to any record that belongs to a segment via rules and you’re good to go!
Sequence
Quick adjustments to suit a market shift
Changes in the market or the business drivers can often prompt a shift in business tactics. A company may adjust their strategy by giving more importance to certain groups of customers and making sure the right salesperson deals with the most important leads. This is achieved by simply changing the priority order of segments or creating new segments with appropriate priority.
Segment priority
Leverage the benefits of a faster response and guided activities
Auto-assign sellers to act quickly and help increase the chances of success.It is important for a seller to contact a lead early. Theearlier they reach out, the greater their chance of making a connection with that lead and converting them into a customer.* The more time that passes after a lead expresses interest, the likelier they are to lose interest. Segments and assignment rules help assign the sellers as soon as leads are created, enabling them to respond faster.
Enable seller productivity with sequences and segments. Sellers may work on multiple leads and/or opportunities. Switching from one opportunity to another can impact seller productivity. With sequences that are auto-connected to segments, sellers get a clear next best action for each lead or opportunity. This clarity helps them stay focused and be successful.
Enable agility and adaptability to change tactics with changing data. As sellers nurture leads, new information that becomes available may require a change in tactic. For example, an engaged seller started with no knowledge of the lead’s budget. Later, they found out that the lead has $2M to spend. The seller is also met with specialist questions on a product not within their expertise. With this new information, it becomes a priority lead. As such, it must move into a higher priority segment and be assigned to an experienced seller who can maximize the chances of conversion. Allowing leads/opportunities to change segments following changes in data enables your sales team to act accordingly and win deals.
Making it super-easy to create efficient and fast ETL processing the cloud, Azure Data Factory has invested heavily in change data capture features. Today, we are super-excited to announce that Azure Cosmos DB analytics store now supports Change Data Capture (CDC), for Azure Cosmos DB API for NoSQL, and Azure Cosmos DB API for Mongo DB in public preview!
This capability, available in public preview, allows you to efficiently consume a continuous and (inserted, updated, and deleted) data from the analytical store. CDC is seamlessly integrated with Azure Synapse Analytics and Azure Data Factory, a scalable no-code experience for high data volume. As CDC is based on the analytical store, it does not consume provisioned RUs, does not affect the performance of your transactional workloads, provides lower latency, and has lower TCO.
Change Data Capture (CDC) with Analytical store. Click here for supported sink types on Mapping Data Flow.
Consuming incremental data from Cosmos DB
You can consider using analytical store CDC, if you are currently using or planning to use below:
Incremental data capture using Azure Data Factory Data Flow or Copy activity
One-time batch processing using Azure Data Factory
Streaming Cosmos DB data
Capturing deletes, intermediate changes, applying filters or projections or transformations on Cosmos DB Data
Note that analytical store has up to 2 min latency to sync transactional store data
Throughput isolation, lower latency and lower TCO
Operations on Cosmos DB analytical store do not consume the provisioned RUs and so do not impact your transactional workloads. CDC with analytical store also has lower latency and lower TCO, compared to using ChangeFeed on transactional store. The lower latency is attributed to analytical store enabling better parallelism for data processing and reduces the overall TCO enabling you to drive cost efficiencies.
The seamless and native integration of analytical store CDC with Azure Synapse and Azure Data Factory provides the no-code, low-touch experience.
Incremental feed to the analytical platform of your choice
Change data capture capability enables an end-to-end analytical story providing the flexibility to write Cosmos DB data to any of the supported sink types. It also enables you to bring Cosmos DB data into a centralized data lake where you can federate your data from diverse data sources. You can flatten the data, partition it, and apply more transformations either in Azure Synapse Analytics or Azure Data Factory.
On the Azure Synapse Data flow or on the Azure Data Factory Mapping Data flow, choose the Inline dataset type as “Azure Cosmos DB for NoSQL” and Store type as “Analytical”, as seen below.
Capabilities
In addition to providing incremental data feed from analytical store to diverse targets, CDC supports the following capabilities.
Support for applying filters, projections, and transformations on the change feed via source query
You can optionally use a source query to specify filter(s), projection(s), and transformation(s) which would all be pushed down to the analytical store. Below is a sample source-query that would only capture incremental records with Category = ‘Urban’, project only a subset of fields and apply a simple transformation.
Select ProductId, Product, Segment, concat(Manufacturer, ‘-‘, Category) as ManufacturerCategory
from c
where Category = ‘Urban’
Support for capturing deletes and intermediate updates
Analytical store CDC captures deleted records and intermediate updates. The captured deletes and updates can be applied on sinks that support delete and update operations. The {_rid} value uniquely identifies the records and so by specifying {_rid} as key column on the sink side, the updates and deletes would be reflected on the sink.
Filter change feed for a specific type of operation (Insert | Update | Delete | TTL)
You can filter the CDC feed for a specific type of operation. For example, you have the option to selectively capture the Insert and update operations only, thereby ignoring the user-delete and TTL-delete operations.
Support for schema alterations, flattening, row modifier transformations and partitioning
In addition to specifying filters, projections, and transformations via source query, you can also perform advanced schema operations such as flattening, applying advanced row modifier operations and dynamically partitioning the data based on the given key.
Efficient incremental data capture with internally managed checkpoints
Each change in Cosmos DB container appears exactly once in the CDC feed, and the checkpoints are managed internally for you. This helps to address the below disadvantages of the common pattern of using custom checkpoints based on the “_ts” value:
The “_ts” filter is applied against the data files which does not always guarantee minimal data scan. The internally managed GLSN based checkpoints in the new CDC capability ensure that the incremental data identification is done, just based on the metadata and so guarantees minimal data scanning in each stream.
The analytical store sync process does not guarantee “_ts” based ordering which means that there could be cases where an incremental record’s “_ts” is lesser than the last checkpointed “_ts” and could be missed out in the incremental stream. The new CDC does not consider “_ts” to identify the incremental records and thus guarantees that none of the incremental records are missed.
With CDC, there’s no limitation around the fixed data retention period for which changes are available. Multiple change feeds on the same container can be consumed simultaneously. Changes can be synchronized from “the Beginning” or “from a given timestamp” or “from now”.
Please note that the linked service interface for Azure Cosmos DB for MongoDB API is not available on Dataflow yet. However, you would be able to use your account’s document endpoint with the “Azure Cosmos DB for NoSQL” linked service interface as a workaround until the Mongo linked service is supported.
Eg: ON a NoSQL linked service, choose “Enter Manually” to provide the Cosmos DB account info and use the account’s document endpoint (eg: https://.documents.azure.com:443/) instead of the Mongo endpoint (eg: mongodb://.mongo.cosmos.azure.com:10255/)
This article is contributed. See the original author and article here.
Since the November 2021 launch in select geographic regions of the native voice channel in Microsoft Dynamics 365 Customer Service, we have been expanding worldwide to satisfy growing customer demand. We are proud to announce that we now support local country regions as well. As of April 1, 2023, the voice support channel is live in India and Switzerland.
Native voice support channel capabilities
The integrated voice channel allows customer service representatives to communicate with customers on the phone to resolve issues. The India and Switzerland launches include all the features that the voice channel in Customer Service omnichannel environments supports today.
Self-serve voice support channel with Power Virtual Agents
The general availability launch in India and Switzerland also integrates Power Virtual Agents. Subject matter experts can build conversational interactive voice response (IVR) bots in just a few clicks to help customers quickly self-serve, reducing contact center operation costs. Learn how to configure Power Virtual Agents bots for voice.
Azure Communication Services direct routing
The launch of the voice channel in the India and Switzerland is made possible through direct routing from Azure Communication Services, in preview. Direct routing enables you to connect your existing telephony infrastructure to Azure. Learn how you can use the telephony carrier of your choice.
As the native voice channel in Dynamics 365 Customer Service continues to expand in regions, languages, and capabilities, subscribe to this blog for the latest updates. Set up your Dynamics 365 Customer Service environment and install the voice channel today.
This article is contributed. See the original author and article here.
Azure Backup recently announced the general availability of immutable vaults that offer improved protection for your backup data better against ransomware attacks and other malicious actors. Immutable vaults protect your backups by blocking any operations that could lead to loss of recovery points if misused. Further, you can lock the immutability setting to make it irreversible, which can prevent malicious actors from disabling immutability and deleting backups.
Immutability is generally available for Recovery Services vaults as well as Backup vaults.
How it works
Backup data stored using Azure Backup is not accessible directly and the only way to access or manage this data is through the vault. Immutable vaults further help you by preventing any operations that, if used by malicious actors, could lead to the loss of backups. The Immutable vault setting on your vault enables you to block such operations to ensure that your backup data is protected, even if any malicious actors try to delete them to affect the recoverability of data.
The following operations are protected when using immutable vaults:
For Recovery Services vaults:
Operation type
Description
Stop protection with delete data
A protected item can’t have its recovery points deleted before their respective expiry date. However, you can still stop protection of the instances while retaining data forever or until their expiry.
Modify backup policy to reduce retention
Any actions that reduce the retention period in a backup policy are disallowed on Immutable vault. However, you can make policy changes that result in the increase of retention. You can also make changes to the schedule of a backup policy.
Change backup policy to reduce retention
Any attempt to replace a backup policy associated with a backup item with another policy with retention lower than the existing one is blocked. However, you can replace a policy with the one that has higher retention.
For Backup vaults:
Operation type
Description
Stop protection with delete data
A protected item can’t have its recovery points deleted before their respective expiry date. However, you can still stop protection of the instances while retaining data forever or until their expiry.
Enabling immutability and making it irreversible
Enabling a vault to be immutable restricts performing certain operations on your backups. So, Azure Backup provides you an opportunity to ensure all your configurations are as per your requirements before you lock immutability to make it irreversible. Hence, when it comes to immutability your vault can have one of the following states for the setting:
State of Immutable vault setting
Description
Disabled
The vault doesn’t have immutability enabled and no operations are blocked.
Enabled
The vault has immutability enabled and doesn’t allow operations that could result in loss of backups.
However, the setting can be disabled.
Enabled and locked
The vault has immutability enabled and doesn’t allow operations that could result in loss of backups.
As the Immutable vault setting is now locked, it can’t be disabled.
Note that immutability locking is irreversible, so ensure that you take a well-informed decision when opting to lock.
You can enable immutability and then make it irreversible (or ‘lock’ it) through vault properties.
Learn more
Check outthis article to learn more about immutable vaults for Azure Backup.
The custom help toolkits started out as a way to connect your own help content to Dynamics 365 and to customize Microsoft’s help content. But times change, technology changes with them, and we no longer recommend that you customize our content. Instead, we recommend that you create your own help content using any tools you prefer, and then let that override Microsoft’s content.
After April 11, 2023, the toolkits will be archived.
We’re also removing content from our contributor guides that encourages customizing our content. Everyone can still contribute to our documentation, but in English only.
Why are you making this change?
The custom help toolkits are being used less and less. We know custom solutions are still running on versions that are or soon will be unsupported. We expect those migration projects will be complex enough that existing custom help can’t be easily reused.
If you find that you need one of the tools in the archived toolkits, you can download a release package and extract the one you need.
What about custom help?
If you develop a solution that’s based on Dynamics 365, you should continue to deliver documentation for its users. Use any tools you prefer.
If your solution includes Dynamics 365 Finance, Supply Chain Management, or Commerce, and you need to connect your content to the in-product help pane, download the AzureSearchCustomHelp solution. Learn more at Connect a custom help website to the Help pane.
Recent Comments