Monthly news – February 2024

Monthly news – February 2024

by | Feb 4, 2024 | Technology

This article is contributed. See the original author and article here.

























Microsoft Defender for Cloud


Monthly news


February2024 Edition


 teaser.png


This is our monthly “What’s new” blog post, summarizing product updates and various new assets we released over the past month. In this edition, we are looking at all the goodness from January 2024.



























Legend:
Product videos.png Product videos webcast recordings.png Webcasts (recordings) Docs on MS.png Docs on Microsoft Blogs on MS.png Blogs on Microsoft
GitHub.png GitHub External.png External content Product improvements.png Product improvements Public Preview sign-up.png Announcements
















































 Microsoft Defender for Cloud
Public Preview sign-up.png

 


 We’re announcing the release of Defender for Cloud’s agentless malware detection for Azure virtual machines (VM), AWS EC2 instances and GCP VM instances, as a new feature included in Defender for Servers Plan 2. Agentless malware detection for VMs is now included in our agentless scanning platform. Agentless malware scanning utilizes Microsoft Defender Antivirus anti-malware engine to scan and detect malicious files. Any detected threats, trigger security alerts directly into Defender for Cloud and Defender XDR, where they can be investigated and remediated. The Agentless malware scanner complements the agent-based coverage with a second layer of threat detection with frictionless onboarding and has no effect on your machine’s performance.

 


Learn more about agentless malware scanning for servers.
Public Preview sign-up.png We’re announcing the general availability (GA) of the integration between Defender for Cloud and Microsoft Defender XDR (formerly Microsoft 365 Defender). The integration brings competitive cloud protection capabilities into the Security Operations Center (SOC) day-to-day. With Microsoft Defender for Cloud and the Defender XDR integration, SOC teams can discover attacks that combine detections from multiple pillars, including Cloud, Endpoint, Identity, Office 365, and more.

 


Learn more about the alerts and incidents in Microsoft Defender XDR.
Blogs on MS.png Container security is an integral part of Microsoft Defender for Cloud, a Cloud Native Application Platform (CNAPP) as it addresses the unique challenges presented by containerized environments, providing a holistic approach to securing applications and infrastructure in the cloud-native landscape. As organizations embrace multicloud, the silos between cloud environments can become barriers for a holistic approach to container security. Defender for Cloud continues to adapt, offering new capabilities that resonate with the fluidity of multicloud architecture. Our latest additions to AWS and GCP seamlessly traverse cloud silos and provide a comprehensive and unified view of container security posture.

 


In this blog we dive deep into agentless container security for AWS and GCP.

Product improvements.png


 


 We have added nine new Azure security recommendations aligned with the Microsoft Cloud Security Benchmark. These new recommendations are currently in public preview.
Blogs on MS.png Cybersecurity risks pose a significant threat to organizations of all sizes. As a result, security teams must be diligent in their efforts to protect their networks and data from potential breaches. However, with the increasing complexity of the digital environment and the expanding attack surface, security teams are faced with more and more tasks to improve the organization’s posture as well as investigating potential incidents. This can lead to critical security risks being overlooked or delayed, leaving organizations vulnerable to cyber-attacks. It becomes increasingly more important to estimate the risk created by the security issues in the environment’s configuration and to prioritize their mitigation correctly.

 


Prioritized cyber risks allow security teams to focus their efforts and resources on the most critical threats, ensuring that they are addressed promptly and effectively, which ultimately helps to reduce the organization’s overall risk profile.

 


In this article we discuss a new feature in Defender CSPM helping customers to rank the security issues in their environment configuration and fix them accordingly. This feature is based on the presented framework and enhances the risk prioritization capabilities of Defender CSPM.
Blogs on MS.png While containers have revolutionized modern software development, the complexity of dependencies in containerized environments and the expanded attack surface they present are still significant hurdles for security professionals. The initial step in securing these environments involves identifying vulnerabilities within container images. Yet, the most time-consuming task can often be identifying the right development team to address these vulnerabilities, particularly the mission-critical ones. Microsoft Defender for Cloud addresses this critical need with its container mapping feature. This blog post explores how Defender for Cloud streamlines the process of tracing vulnerabilities in container images back to their origins in CI/CD pipelines, specifically within Azure DevOps and GitHub environments. This functionality is key to facilitating effective developer remediation workflows, thereby enhancing the security posture of cloud-native applications.

 


This blog post explores how Defender for Cloud streamlines the process of tracing vulnerabilities in container images back to their origins in CI/CD pipeline to facilitate the vulnerability remediation process.
webcast recordings.png Watch new episodes of the Defender for Cloud in the Field show to learn about the Agentless malware detection, and Unified insights from Microsoft Entra Permissions Management
GitHub.png Microsoft Defender for Servers plans require Azure Arc deployment on AWS/GCP machines. This interactive workbook provides an overview of machines in your environment showing their Azure Arc Connected Machine agent deployment status.
Blogs on MS.png Discover how other organizations successfully use Microsoft Defender for Cloud to protect their cloud workloads. This month we are featuring Petrobras – a multinational oil and gas company – that uses Microsoft security solutions, including Defender for Cloud, to secure their environment.
webcast recordings.png Join our experts in the upcoming webinars to learn what we are doing to secure your workloads running in Azure and other clouds.

 


 


Note: If you want to stay current with Defender for Cloud and receive updates in your inbox, please consider subscribing to our monthly newsletter: https://aka.ms/MDCNewsSubscribe

 

Building AI Agent Applications Series – Understanding AI Agents

Building AI Agent Applications Series – Understanding AI Agents

by | Feb 3, 2024 | Technology

This article is contributed. See the original author and article here.

Do you know about AI Agents? How to apply AI Agents in different scenarios? For AI Agents, Microsoft released the open source framework Autogen. But what is its relationship with Semantic Kernel and Prompt flow? I hope this series can answer your questions. Let everyone have a clear understanding of AI Agents, how to combine Autogen, Semantic Kernel, and Prompt flow to build intelligent applications

Around artificial intelligence, humans have made many attempts in different industries and different application scenarios. With the emergence of LLMs, we have transitioned from traditional chatbots with process predefinition plus semantic matching to Copilot applications that interact with LLMs through natural language. In the past year or so, everyone has mainly focused on basic theories based on LLMs. In 2024 we should enter the application scenario of LLMs. We have a lot of papers, application frameworks, and practices from large companies to support the implementation of LLMs applications. So what is the final form of our so-called artificial intelligence applications? What you can think of is GitHub Copilot for programming assistance, Microsoft 365 Copilot for office scenarios, and Microsoft Copilot on Windows or Bing, etc. But think about the application of Copilot, which relies more on individuals to guide or correct through prompt words, and does not achieve fully intelligent applications. In the 1980s, we began to try to do fully intelligent work, and AI Agent is a fully intelligent best practice.


 


The agent interacts with the scene where it is located, receives instructions or data in the application scene, and decides different responses based on the instructions or data to achieve the final goal. Intelligent agents not only have human thinking capabilities, but can also simulate human behavior. They can be simple systems based on business processes, or they can be as complex as machine learning models. Agents use pre-established rules or models trained through machine learning/deep learning to make decisions, and sometimes require external control or supervision.


 


Characteristics of the AI agent:




  1. Planning, divide steps based on tasks, and have a chain of though. With LLMs, it can be said that the planning ability of the agent is greatly enhanced, and the understanding of the task can be more accurate.




  2. Memory the ability to remember behavior and part of logic, the ability to store experiences, and the ability to self-reflect.




  3. Tool Chain, such as code execution capabilities, search capabilities, and computing capabilities. It can be said that he has strong mobility




  4. perceive and obtain information such as pictures, sounds, temperatures, etc. based on the scene, thus providing better conditions for execution.





Technical support for realizing intelligent agents


There is considerable application practice in the application of LLMs.


There are many frameworks for implementing intelligent agents. The previously mentioned Semantic Kernel or Autogen can implement intelligent agents. The Assitants API has also been added under OpenAI to enhance the model’s capabilities in agents. Now OpenAI’s Assitants API opens up the capabilities of code interpretation, retrieval, and function calling. Assitants API of Azure OpenAI Service is also coming soon, which can be said to provide enough wisdom for the application capabilities of agents.


Many people pay more attention to the application layer framework. People often compare Semantic Kernel and Autogen. After all, both are from Microsoft and have good task or plan orchestration capabilities. However, some people always feel that the two have many similarities.



Semantic Kernel vs Autogen


Semantic Kernel focuses on effectively dividing individual tasks into steps in Copilot applications. This is also the charm of the Semantic Kernel Planner API. Autogen, on the other hand, focuses more on the construction of agents, dividing tasks to complete goals and assigning tasks to different agents. Each agent executes individually or interactively according to the assigned tasks. Behind each agent’s task can be a streaming task arrangement, or an extended method for solving problems, or skills triggered by corresponding prompts, which can be organized in conjunction with Semantic Kernel plugins. When we want to have a stable task output, we can also add prompt flow to evaluate the output.


 


aiagent.png



Use Semantic Kernel to implement AI agents.


Semantic Kernel has added support for agents in the Experimental library, introduced AgentBuilder, and combined with the Assistant API to complete the brain configuration of the agent. The corresponding planning, memory and tools are defined using different plugins.




var yourAgent = await new AgentBuilder()

                        .WithOpenAIChatCompletion(“OpenAI Assitants API”, “OpenAI Key”)

                        .WithInstructions(“Your agent instruction”)

                        //.FromTemplate(EmbeddedResource.Read(“Your agent YAML”))

                        .WithName(“Your Agent Name”)

                        .WithDescription(“Your Agent Desctiption”)

                        .WithPlugin(“Your Agent Plugins”)

                        .BuildAsync();


Notice



  1. WithOpenAIChatCompletion requires OpenAI/Azure OpenAI Service models that support Assistants API (soon to be released). Currently supported OpenAI models are GPT-3.5 or GPT-4 models.

  2. WithInstructions We need to give clear task instructions and inform the agent how to execute it. This is equivalent to a process. You need to describe it clearly, otherwise the accuracy will be reduced.

  3. .FromTemplate can also use Template to describe task instructions

  4. .WithName The name is required to make the call more clear.

  5. .WithPlugin is based on different skills and tool chains for the agent to complete tasks. This corresponds to the content of Semantic Kernel.


Let’s take a simple scenario and hope to build a .NET console application through an agent, compile and run it, and require it to be completed through an agent. From this scenario, we need two agents – the agent that generates the .NET CLI script and the agent that runs the .NET CLI script. In Semantic Kernel, we use different plugins to define the required planning, memory and tools. The following is the relevant structure diagram.


 


dotNETAgent.png


 


You can get sample code from Semantic Kernel CookBook 
https://github.com/microsoft/SemanticKernelCookBook/tree/main/workshop/dotNET/workshop3/dotNETAgent


Application scenarios of AI agents


AI Agents are an important scenario for LLMs applications, and building agent applications will be an important technical field in 2024. We currently have three main forms of intelligence, such as single AI agent, multi- AI agents, and hybrid AI agent.


 


hybridAgent.png


 


Single AI Agent


Work completed in specific task scenarios, such as the agent workspace under GitHub Copilot Chat, is an example of completing specific programming tasks based on user needs. Based on the capabilities of LLMs, a single agent can perform different actions based on tasks, such as requirements analysis, project reading, code generation, etc. It can also be used in smart homes and autonomous driving.


 


Multi-AI agents


This is the work of mutual interaction between AI agents. For example, the above-mentioned Semantic Kernel agent implementation is an example. The AI agent generated by the script interacts with your AI agent that executes the script. Multi-agent application scenarios are very helpful in highly collaborative work, such as software industry development, intelligent production, enterprise management, etc.


 


Hybrid AI Agent


This is human-computer interaction, making decisions in the same environment. For example, smart medical care, smart cities and other professional fields can use hybrid intelligence to complete complex professional work.


At present, the application of intelligent agents is still very preliminary. Many enterprises and individual developers are in the exploratory stage. Taking the first step is very critical. I hope you can try it more. I also hope that everyone can use Azure OpenAI Service to build more agent applications.


 


Resources



  1. Microsoft Semantic Kernel https://github.com/microsoft/semantic-kernel

  2. Microsoft Autogen https://github.com/microsoft/autogen

  3. Microsoft Semantic Kernel CookBook https://github.com/microsoft/SemanticKernelCookBook

  4. Pursuit of “wicked smartness” in VS Code https://code.visualstudio.com/blogs/2023/11/13/vscode-copilot-smarter

New Microsoft Teams bulk installer is now available for Windows

by | Feb 2, 2024 | Technology

This article is contributed. See the original author and article here.

We are happy to share that the new Microsoft Teams bulk installer is now available for Windows.



We shared the news of the general availability of new Microsoft Teams in this blog post, and we have also made available tools that help admins to install the new Teams app. More details can be found in Bulk deploy the new Microsoft Teams desktop client.



Online deployment: Download and install the latest new Teams app machine wide:



  • Command (Run with admin privilege): teamsbootstrapper.exe -p

  • During online deployment, the bootstrapper app detects the CPU architecture of the system and downloads the corresponding installer of most recently released new Teams client and installs the client machine wide.


Offline deployment: Install pre-downloaded new Teams client MSIX package machine wide: Download Microsoft Teams Desktop and Mobile Apps 



  • For admins concerned with network bandwidth usage of online deployment, offline deployment mode is a great alternative. Admins can download the client only once and use the bootstrapper to bulk deploy machines in their tenant.

  • Command for local path (Run with admin privilege): teamsbootstrapper.exe -p -o “c:pathtoteams.msix”

  • Command for UNC path (Run with admin privilege): teamsbootstrapper.exe -p -o “uncpathtoteams.msix”

  • During offline deployment, the bootstrapper app installs the admin specified package from either local system or UNC path. Please make sure the correct version of new Teams client is downloaded.


Bulk remove new Teams:



  • Command for deleting every occurrence of new Teams installation: teamsbootstrapper.exe -x

  • If you choose the bulk removal option, it will uninstall both the machine level and the user level installations. New Teams app instances that are running will be stopped.


We advise admins to use the bulk installer tool to install new Teams client for their tenants.



  • There are separate new Teams installer files depending on the target system’s CPU architecture: X64/X86/AMR64. The bootstrapper automatically detects the system architecture and downloads the appropriate installer file to avoid performance.

  • Online mode automatically downloads the most recent released version of the new Teams app. This prevents the problem of outdated versions of the app being installed over and over, which can increase network usage (outdated app versions will update to the newest release right after installation), and slow down essential feature or security updates.

  • The bootstrapper can be deployed by admins using the deployment tools they already have for example intune/sccm.


Upcoming features and bug fixes:



  • Auto start support – Create a new command line option that launches the new Teams app for all users on the machine after provisioning.

3 new ways the Microsoft Intune Suite offers security, simplification, and savings

3 new ways the Microsoft Intune Suite offers security, simplification, and savings

by | Feb 1, 2024 | Business, Forrester Research, Hybrid Work, Microsoft 365, Technology

This article is contributed. See the original author and article here.

The main components of the Microsoft Intune Suite are now generally available. Read about how consolidated endpoint management adds value and functionality for security teams.

The post 3 new ways the Microsoft Intune Suite offers security, simplification, and savings appeared first on Microsoft 365 Blog.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

How Microsoft 365 Delivers Trustworthy AI Blog Post

by | Feb 1, 2024 | Technology

This article is contributed. See the original author and article here.

How Microsoft 365 Delivers Trustworthy AI Whitepaper 


 


In the rapidly evolving business landscape, corporations are perpetually in search of innovative strategies that can amplify productivity and bolster security. Microsoft President Brad Smith wrote in his blog: AI advancements are revolutionizing knowledge work, enhancing our cognitive abilities, and are fundamental to many aspects of life. These developments present immense opportunities to improve the world by boosting productivity, fostering economic growth, and reducing monotony in jobs. They also enable creativity, impactful living, and discovery of insights in large data sets, driving progress in various fields like medicine, science, business, and security. However, the integration of AI into business operations is not without its hurdles. Companies are tasked with ensuring that their AI solutions are not only robust but also ethical, dependable, and trustworthy. 


How Microsoft 365 Delivers Trustworthy AI is a comprehensive document providing regulators, IT pros, risk officers, compliance professionals, security architects, and other interested parties with an overview of the many ways in which Microsoft mitigates risk within the artificial intelligence product lifecycle. The document outlines the Microsoft promise of responsible AI, the responsible AI standard, industry leading frameworks, laws and regulations, methods of mitigating risk, and other assurance-providing resources. It is intended for a wide range of audiences external to Microsoft, who are interested in or involved in the development, deployment, or use of Microsoft AI. As Charlie Bell, EVP of Security at Microsoft describes in his blog, “As we watch the progress enabled by AI accelerate quickly, Microsoft is committed to investing in tools, research, and industry cooperation as we work to build safe, sustainable, responsible AI for all.” 


The commitments and standards conveyed in this paper operate at the Microsoft cloud level – these promises and processes apply to AI activity across Microsoft. Where the paper becomes product specific, its sole focus is Microsoft Copilot for Microsoft 365. This does not include Microsoft Copilot for Sales, Microsoft Copilot for Service, Microsoft Copilot for Finance, Microsoft Copilot for Azure, Microsoft Copilot for Microsoft Security, Microsoft Copilot for Dynamics 365, or other Copilots outside of Microsoft 365.  


At Microsoft, we comprehend the significance of trustworthy AI. We have formulated a comprehensive strategy for responsible and secure AI that zeroes in on addressing specific business challenges such as safeguarding data privacy, mitigating algorithmic bias, and maintaining transparency. This whitepaper addresses our strategy for mitigating AI risk as part of the Microsoft component of the AI Shared Responsibility Model 


The document is divided into macro sections with relevant articles within each:  



  • Responsible and Secure AI at Microsoft – this section focuses on Microsoft’s commitment to responsible AI and what this looks like in practice. The articles within address key topics including:  



  • The Office of the Responsible AI – read this to gain a deeper understanding of what comprises this division within Microsoft. 

  • The Responsible AI Standard and Impact Assessment – every Microsoft AI project must adhere to the Responsible AI Standard and have a valid impact assessment completed. 

  • Microsoft’s voluntary White House commitments – learn more about the commitments the White House made and how Microsoft shares these principles in our development and deployment practices. 

  • Artificial Generative Intelligence Security team – learn about Microsoft’s center of excellence for Microsoft’s generative AI security and the initiatives being driven by this team. 
     



  • Addressing New Risk – this section centers on the ways in which Microsoft is continuously improving its security practices and service design to mitigate new risk brought forth by the era of AI. As Brad Smith states in his blog, “Even as recent years have brought enormous improvements, we will need new and different steps to close the remaining cybersecurity gap.” This section addresses many actions Microsoft takes to address novel and preexisting risks in the era of AI. The articles within address salient topics including:  



  • The copilot copyright commitment – how Microsoft addresses the risk of customers inadvertently using copywritten material via Microsoft AI services.  

  • Updating the Security Development Lifecycle (SDL) to address AI risk – the ways Microsoft has adapted our SDL to identify and prioritize AI specific risks.  

  • Copilot tenant boundaries and data protection with shared binary LLMs – this article describes how your data remains protected and secured throughout the data flow process to the copilot LLMs and back to your end user in this multi-tenant environment. 

  • Copilot data storage and processing – this section answers the question, “what are the data storage and processing commitments applicable to Microsoft 365 copilot today?” 
     



  •  AI specific regulations and frameworks for assurance – this section describes upcoming regulations relevant to artificial intelligence and how Microsoft plans to address each. Regulations and frameworks addressed include:  



  • European Union AI Act 

  • ISO 42001 AI Management System 



  • Cyber Executive Order (EO 14028) 

  • NIST AI Risk Management Framework 
     



  • Assurance Providing Resources – this comprises miscellaneous resources to providing customers assurance that Microsoft is mitigating risk as part of the shared responsibility model.   



  • Defense-in-depth: controls preventing model compromise in the production environment – this article outlines an entire Microsoft control set designed to mitigate model compromise through defense-in-depth.  


As with everything Microsoft does, this whitepaper is subject to continuous update and improvement. Please reach out to your Microsoft contacts if you have questions regarding this content; thank you for your continued support and utilization of Microsoft AI.  


 


Download the Whitepaper 


We hope this whitepaper has provided you with valuable insights into how Microsoft delivers trustworthy AI across its products and services. If you want to learn more about our responsible and secure AI strategy, you can download the full whitepaper here: https://aka.ms/TrustworthyAI. This document will give you a comprehensive overview of the Microsoft promise of responsible AI, the responsible AI standard, industry leading frameworks, laws and regulations, methods of mitigating risk, and other assurance-providing resources. You will also find detailed information on how Microsoft Copilot for Microsoft 365 adheres to these principles and practices. Download the whitepaper today and discover how Microsoft can help you achieve your AI goals with confidence and trust.