Improve remote learning with speech-enabled apps powered by Azure Cognitive Services

by Scott Muniz | Aug 26, 2020 | Azure, Microsoft, Technology, Uncategorized

This article is contributed. See the original author and article here.

Improve remote learning with speech-enabled apps powered by Azure Cognitive Services

This post was co-authored by Melissa Ma, Yueying Liu, Anny Dow and Sheng Zhao  

Online learning has grown rapidly over the last couple of months as schools and organizations adapt to new ways of connecting and methods of education. Speech technology can play a significant role in making distance learning more engaging and accessible to students of all backgrounds. With Azure Cognitive Services, developers can quickly add speech capabilities to applications, bringing online learning to life.

Enhancing language fluency with pronunciation assessment

One key element in language learning is improving pronunciation skills. For new language learners, practicing pronunciation and getting timely feedback is essential to becoming a more fluent speaker. In the current environment, online language learning and the ability to practice anytime, anywhere, has become even more important.

At the Build conference in May, we announced the preview of the pronunciation assessment capability, powered by Speech to Text. 

The pronunciation assessment capability evaluates speech pronunciation and gives speakers feedback on the accuracy and fluency of spoken audio, allowing users to benefit from:

• Highly accurate evaluations – Provides consistent and accurate evaluation results using a machine learning-based approach that correlates highly with speech assessments conducted by native experts. The pronunciation assessment model was trained with 100,000+ hours of speech data from native English speakers and is highly robust. It assesses three dimensions of pronunciation: accuracy, fluency and completeness. Pronunciation assessment can provide evaluations at multiple levels of granularity, returning accuracy scores for specific phonemes, words, sentences, or even whole articles.
• Ability to account for inserted and omitted words – Enables rich configuration parameters to support flexibility in using the API. Using NLP techniques and EnableMiscue setting, pronunciation assessment can detect errors such as extra, missing, or repeated words—when compared to reference text—to assist in more accurate scoring. This is particularly useful for longer paragraphs of text.
• Real-time streaming – Supports streaming upload on audio files for immediate feedback.

With pronunciation assessment, language learners can practice, get instant feedback, and improve their pronunciation. Online learning solution providers or educators can use the capability to evaluate pronunciation of multiple speakers in real-time. Pronunciation assessment currently supports the English language.

Educational organizations, like the Tomorrow Advancing Life (TAL) Education Group, are already building applications using pronunciation assessment to help students practice language learning remotely.

“Effectively and efficiently teaching accurate pronunciation to students of different levels is a big challenge, both in class and outside of class. The Speech service’s pronunciation assessment capability provides a powerful solution to address this challenge. We’ve been highly impressed by the robustness of pronunciation assessment and its ability to deal with noisy environments, and how well it correlates with pronunciation evaluations conducted by our teachers.”

– Xiangyu Hu, AI Scientist of Tomorrow Advancing Life (TAL) Education Group  

Learn how you can get started with the pronunciation assessment using our tutorial video and download source code from Github to try out.

Developing interactive courses with Text to Speech

Another way that Speech technology can support better online learning experiences is through Text to Speech, a Speech service feature that converts text to lifelike speech. Educators can create interactive materials with highly expressive and humanlike voices using Neural Text to Speech (Neural TTS), now available in 36 voices with 31 languages. (Learn about our most recent languages here.)

With Neural TTS, developers can add natural-sounding voice to learning materials, for scenarios like slide narration. Neural TTS can also be used for reading aloud any content, facilitating new ways for students to interact with material as well as increasing accessibility for students with learning differences. Educational organizations can also use Neural TTS to create AI-powered virtual “teachers” that interact with students to make online courses more engaging.

Experience the Neural Voices with the new Edge browser

With the Custom Neural Voice capability, online learning solution providers can further create interactive learning experiences for their students in a voice that represents their brand, or develop unique voices for different characters. For example, Duolingo, one of the world’s most popular language learning apps, is creating unique voices for different characters used in the lessons.    

Using SSML or the Audio Content Creation tool, users can further finetune audio characteristics like voice style, rate, pitch, and pronunciation to fit their scenarios—no code required. Text to Speech also supports different speaking styles—like cheerfulness and empathy—making it easier to bring audiobooks to life. Recently we have just added 10 new voice styles, available in Chinese (Xiaoxiao voice) and will be expanded to other languages.

To learn more about Audio Content Creation, watch the video tutorial.

To learn more and get started adding speech to your educational applications, check out our resources below:

Pronunciation Assessment

• Try out our demo
• Learn more with our documentation 
• Check out easy-to-deploy samples
• Watch the video introduction and video tutorial

Text to Speech

• Check out our demo
• Learn more with our documentation
• Follow the QuickStart
• Learn more about responsible deployment of Custom Neural Voice
• Video tutorial for the Audio Content Creation tool

How To Block Azure VHD Download?

by Scott Muniz | Aug 25, 2020 | Azure, Microsoft, Technology, Uncategorized

This article is contributed. See the original author and article here.

Abstract

Encryption of Azure VM disk is a vast topic and an important one. Especially if you are a bank then your info security team is going to run behind it. I have been working with few leading banks in India  and encryption of Azure VM disk is one of the longest discussed topic, I experienced in recent times.

While you encrypt the disk of Azure VM using either “Storage [Server] side encryption” or “Azure Disk Encryption”; security teams are always in fear of one question –

“What if someone downloads my VHD from Azure portal? How do I protect my data?”

Well this blog is an answer to above question! So Let us start with some background on encryption and understand why customers or security teams may ask to block the VHD download.

Why security team need to block VHD Download?

Encryption of Azure VM disk is possible in two ways –     

1. Server Side Encryption
2. Azure Disk Encryption

Server side encryption [a.k.a. Storage Side Encryption – hereafter referred as SSE] should suffice the organization security needs in most of the cases.

The most common question I have seen is below –

Question: If my Azure VM is encrypted using SSE and I download the VHD. Then using this VHD if we create a VM will it be encrypted and data on it will be non readable?

Answer: No. As soon as the data leaves the boundary of underlying storage, it is decrypted. Hence if you provision VM vhd or data disk vhd after download, the data will be readable.

Reference blog post mentioning this is here – https://www.sanganakauthority.com/2020/01/azure-vm-disk-encryption-storage-side.html.

This triggers the requirement of “why we want to restrict Azure VM VHD download?”.

This way customer organization can avoid Azure Disk Encryption using Bitlocker or DMCrypt [hereafter referred as ADE] and especially avoid complexities involved in the implementation and management. Here I am not saying ADE is bad. It is still best way to encrypt. However if customer is interested in avoiding operational overheads in ADE, then SSE is really handy.

If SSE is used then after download of Azure VM VHD, the data theft may not be avoided. Therefore it becomes necessary for extra sensitive data VHD’s; to block download from Azure portal completely.

How do I block Azure VM VHD download?

It would have been really easy if we can put up an “Azure Policy” at the subscription level to block the VHD download. Unfortunately there is no such policy inbuilt. We can build custom policy and I have already tried it.

Important aspect for policy is about having an “Action” in policy. However “Actions” in Azure policy is a legacy syntax and as of today it supports only “write” action.

For VHD download we will have to use “Action” equals to “Microsoft.Compute/disks/beginGetAccess/action” which is not a write action and hence we can’t achieve this using Azure policy. I think “Actions” suits better in RBAC section as they reflect permissions for users to execute certain action. Hence we will need to implement “block VHD download” using RBAC.

Implementing RBAC for restricting Azure VHD download

The download permissions on the Azure VM disk is assigned through RBAC setting “Microsoft.Compute/disks/beginGetAccess/action”. So if we restrict this access in an Azure custom role we should be able to achieve “restrict Azure VM disk download” option .

To define an Azure custom role it is always a good start to use any existing Azure built in role. For our requirement “Contributor” roles seems to be best fit. I found out contributor role as shown below from Azure portal. To create custom role with “VHD download deny” permission; clone this role as shown below –

Clone Azure built Role of Contributor

On the basic information of Clone windows, enter information as shown below. “Custom role name” can be of your choice. Then click on Next.

Provide Basic information for creating custom role

You will see Permissions tab with first permission with “*”. Means Contributor role has almost all operations access on Azure portal. Except that Contributor can’t assign a role to any other user.

On the permissions tab itself we will need to “deny VHD download” option. Therefore on Permissions tab click on “Exclude Permissions” as shown below –

Click on Exclude Permissions

Then search for “disk” and select Compute resource provider as shown below –

Select Compute

Under Microsoft.Compute permissions screen search for option “Other : Get Disk SAS URI” under Microsoft.Compute/disks as shown below. Select the checkbox against it and click on Add.

Other : Get Disk SAS URI

After this you will see an action “Microsoft.Compute/disks/beginGetAccess/action” is added in NotAction as shown below –

Verify Other : Get Disk SAS URI check is successful

Then click on “Review + Create” option and then click on “Create” to have this role created under your subscription. You can find this role as below to check if role addition is successful.

Verify if role is created

Then click on “add” to assign this custom role to a user of your choice.

Verifying of denying Azure VM VHD download

After successful role assignment, login to Azure portal with the user who has assigned the custom role. Open any Virtual Machine from the portal and go to Disks -> Click on OS disk Name. the click on “Disk Export” option and click on Generate URL button. This button actually generates the SAS URL which can be used to download Azure VM disk from Azure portal.

When we click on “Generate URL” button, you will find that download vhd is no more allowed as shown below –

VHD Download is restricted by RBAC role

This is how you can restrict Azure VM disk download from the Azure portal using custom RBAC.

Conclusion

Hope this post will help you to satisfy your security requirement and help you settle with SSE disk encryption.

If you are more interested to know about Azure Disk encryption frequently asked real world questions then visit here.

Azure CLI – az config and the new dynamic extension installer are now live!

by Scott Muniz | Aug 25, 2020 | Azure, Microsoft, Technology, Uncategorized

This article is contributed. See the original author and article here.

We are thankful for all the encouragement and positive feedback you’ve shared with us since our recent feature releases enhancing the Azure CLI’s user experience. Since then, we have doubled down our effort and are excited to share with you some more progress in this space. This month, the spotlight will be on the new experimental feature az config alongside its unique capability to dynamically install extensions 

Transforming az configure to az config

If you are one of our typical users who script and automate on a regular basis, then you must have tried az configure to configure basic settings. We heard from you that you felt limited by its defaulting capabilities or the lack thereof in this command (since you can only set “defaults” in tool) and therefore have put together a simpler, more familiar version of the command, with more configuration options for you to use.

Az config is the transformed version of the original az configure command. Its subcommands come in the form of positional arguments which makes it more git-like and more syntactically intuitive to use. Our team intended to experiment new ideas with a similar command name, while preserving the current state of az configure — thereby the birth of az config. With az config, you can now config various settings across all sections in az that were previously only configurable by directly editing the configuration file.

 Figure1: Comparison between az configure vs. az config

It also enables you to unset and clear configs in tool, which was previously unavailable. This further equip you to smoothly complete your end to end jobs to be done, without ever having to leave the tool               

Note: az config is in the experimental state to get more feedback from users like you. Hence, we are currently supporting both this and az configure. We do plan to merge the two and eventually support only one command across all in tool settings so if you have specific preferences/feedback, please do share them with us. We’d love to incorporate your feedback in the final product.

Installing extensions dynamically with az config

Did you know that we have over 80 Azure CLI extensions available for you to use?

If not, we highly encourage you to explore and try them out — Azure service teams have invested tremendous amount of effort to bridge the feature gaps so you can perform all kinds of tricks within az, irrespective of whether you are a newbie or an experienced power user of the Azure CLI (extensions). If you have been frustrated at some point in time with the lack of discoverability and errors around extensions, then the following feature is for you.

Dynamic extension installer is Azure CLI’s intelligent and interactive way to install extensions on your behalf, after you’d attempted to use extension commands when the extension has yet to be installed. It’s now part of Azure CLI core and you can configure the settings via the new az config command.

By default, it’s set to no because we’d like you to be in control with the settings; this means you will receive the command_not_found error as usual if you attempt to use an extension command without the extension being installed. However when it’s set to yes_without_prompt, the tool will automatically install the extensions and rerun your extension command. Consider the following comparison when spinning up a MySQL database using az mysql up:

 Figure 2: Comparison of dynamic extension installer settings, no vs. yes_without_prompt

We can see that the previously unavoidable error is now out of the picture with this capability

This setting is especially handy in automation use cases – imagine your page long script leverages multiple extension commands that have frequent updates. With the dynamic installer in place, the hassle around extension management is conveniently eliminated

If you prefer using your CLI interactively in a terminal or shell, there are a couple other options for you to choose from. For instance, with az config set extension.use_dynamic_install=yes_prompt, the tool will first prompt you a reminder prior to installing the any extension on your behalf

Here’s where you can learn more about all the settings. Please feel free to try them out and let us know what you think about this feature!

Call to action

We’d love for you to try out these new experiences and share us your feedback on their usability and applicability for your day-to-day use cases.

Similar to last time, some of these improvements are early in the preview or experimental stage but we certainly do look forward to improving them to serve you better. If you’re interested, here is where you can learn more about new features in the ever improving Azure CLI.

Thank you for reading! We’re excited to share with you more delightful features in upcoming releases!