Microsoft Support & Discussions

Overview Microsoft collects, analyzes, and indexes internet data to assist users in detecting and responding to threats, prioritizing incidents, and proactively identifying adversaries' infrastructure associated with actor groups targeting their organization. We learned how Defender TI provides raw and finished threat intelligence in Module 2. The focus of this module is to dive into the raw intelligence, in the form of internet datasets, Defender TI includes. Defender TI's internet data is categorized into two distinct groups: core and derived. Core datasets include Resolutions, Whois, SSL Certificates, Subdomains, DNS, Reverse DNS, and Services. Derived …

Target User Functions Defender TI datasets are most relevant for enabling quicker and better decision-making throughout daily operations for users operating within the capacity of one of the following functions: [attachment=25074:name] Security Operations Using data collected from various cyber defense tools to analyze events occurring within an environment to mitigate threats. [attachment=25075:name] Incident Response Investigating, analyzing, and responding to cyber incidents within a network or enclave. [attachment=25076:name] Threat Hunting Proactively searching for malware or attackers hiding within a network. …

Overview It is often difficult to determine whether a security alert identified truly malicious activity without the ability to conduct additional research into the entities associated with the alert. Entities could include IP addresses, domain names, hostnames, URLs, file names or hashes, and more. Analysts will have to turn to outside sources to gather needed context on these entities to appropriately triage the activity that has been identified. Defender TI is built on top of over a decade's worth of data collection against Internet datasets. The technologies in place enable data collection, processing, and storage at a scale unmatched by most in the in…

We're thrilled to introduce the Nina Training Series for Defender Threat Intelligence. Whether you're new and just getting to know Defender TI or are already a user and want to hone your skills, this curriculum will ensure you can get the most out of the platform. The following modules contain blogs, videos, and links to helpful resources that will show you how Defender TI works, builds its datasets and threat intelligence, and enables faster, more intelligent threat hunting and incident response. Defender TI Ninja training aims to help you get up to speed and master the advanced threat-hunting and incident-response techniques it offers. The content builds over six…

Introduction A good website should provide a seamless user experience from the home page through to the "Your order has been successfully placed" notification. The seamless experience is critical as only 1 in 40 visitors makes a purchase. Even being at the checkout stage doesn't guarantee a successful sale, as only 1 in 3 customers at the checkout stage makes a purchase. This makes the checkout the most critical step, meaning sellers need to optimize the experience accordingly. The shopping cart is one of the most important parts of a user e-commerce session. The resiliency and latency of these sessions are the two aspects we'll focus on in this blog post. …

You’ve done all the work to build confidence in your data with great data quality, availability and reliability. But how do you know if your data has been tampered with or otherwise experienced an unplanned change? Now SQL Server and Azure SQL Database can answer that question for you. In this episode of Data Exposed: MVP Edition with Anna Hoffman and Karen Lopez, you'll go through a couple of quick demos about Ledger Databases and Tables to see if you can trust your data. Resources: Ledger overview Configure a ledger database Implement a secure environment for a database service Azure SQL Security Playlist Continue reading...

Welcome to our monthly blog series featuring training content aligned to Microsoft Security, compliance, and identity (SCI) solutions on Microsoft Learn. This month, we’re highlighting the latest learning opportunities and resources from Microsoft Ignite. Join the Protect Everything Cloud Skills Challenge There’s still time to get in on the action! Learn about attack vectors, cyberthreats, incident management, and Kusto Query Language (KQL) in the Microsoft Ignite: Protect Everything Cloud Skills Challenge. Complete the modules in this Cloud Skills Challenge by November 9, 2022, to earn a free Microsoft Certification exam. Watch the On-Demand Learn Li…

You’ve done all the work to build confidence in your data with great data quality, availability and reliability. But how do you know if your data has been tampered with or otherwise experienced an unplanned change? Now SQL Server and Azure SQL Database can answer that question for you. In this episode of Data Exposed: MVP Edition with Anna Hoffman and Karen Lopez, you'll go through a couple of quick demos about Ledger Databases and Tables to see if you can trust your data. Resources: Ledger overview Configure a ledger database Implement a secure environment for a database service Azure SQL Security Playlist View/share our latest episod…

I will do a series of posts regarding Synapse connectivity. As there are a lot of topics to cover like inbound, outbound, public and private endpoints, managed VNET, managed private endpoints etc., it will be easier to break these into smaller dedicated posts. In this first article I would like to explore the SQL DW / Dedicated pool public endpoint connectivity When troubleshooting connection issues, you need to think about what is the source and what is the destination and lot of thing in between: What is the source and what is the destination that you want to reach? Source Are you accessing it from your machine or from Spark notebook ru…

Introduction We are introducing a spaceborne data processing Notebook, which has been published to Azure Synapse Analytics Gallery. The Notebook uses STAC API (SpatioTemporal Asset Catalog) to search and download geospatial data from Microsoft Planetary Computer to an Azure Storage account and perform basic geospatial transformation. What is Azure Orbital Analytics? Azure Orbital Analytics is a set of capabilities using spaceborne data and AI that allow you to discover and distribute the most valuable insights. More specifically, Azure Orbital Analytics provides the ability to downlink spaceborne data from Azure Orbital Ground Station (AOGS), first or thir…

Scenario Today I would like to share a scenario that I was working on one of my serverless SQL Pool support cases. The customer asked for an advice on how to monitor serverless SQL requests by using log analytics. The intention of this guide is to help you with choosing the configuration required to easily setup the Synapse Analytics Workspace monitoring and all other considerations about how to monitor serverless SQL requests with Azure Monitor. Spoiler: At the end of this article, I will share the latest version of the serverless workbook posted on the Azure_Synapse_Tool_Box. This includes a really cool way to see query execution information. Before…

After announcing the public preview of critical Microsoft Authenticator security features, we’re thrilled today to share that these features are now Generally Available for you to further secure your organization: Admins can now prevent accidental approvals in Microsoft Authenticator with number matching, location context, and application context. Admins can now better manage the Microsoft Authenticator app with new Admin UX and Admin APIs. For more details about these exciting features, please read below:  Last month, we talked about the increase in MFA fatigue attacks and recommended best practices organizations should adopt to increase thei…

Welcome to the October 2022 update. This month, we had Microsoft Ignite taking place on October 12-14 - check out this What's New in Excel video from our team. Also, Navigation Pane is now generally available (GA) on Excel for Windows - GA coming soon on Excel for Mac. For Windows and Mac Insiders, we're excited to announce Automate Tasks with Office Scripts enabling you to automate repetitive tasks in your spreadsheet workflows. What's more? Insider users of Excel for Windows, you can now paste values using Ctrl+Shift+V. Check out this Excel Features Flyer to find if a specific feature is in your version of Excel Excel for the web: Quickly F…

Azure Active Directory (Azure AD) Identity Protection alerts are now part of Microsoft 365 Defender. Identity compromise is a pivotal component in any successful attack. By taking control over a legitimate organizational account, attackers gain the ability to move around the network, access organizational resources, and compromise more accounts. With sufficient permissions in hand, attackers have the “keys to the kingdom” to finally achieve their objective – encrypting the entire network, exfiltrating emails or other confidential information, or any other malicious goals. Because of this, it is critical for defenders to have wide visibility into identity activitie…

On February 28th 2023 we will introduce changes to the CommonSecurityLog table schema. This means that custom queries will require being reviewed and updated. Out-of-the-box contents (detections, hunting queries, workbooks, parsers, etc.) will be updated by Microsoft Sentinel. Data that has been streamed and ingested before the change will still be available in their former columns and formats. Old columns will therefore remain in the schema. Why are we making this change Several fields, previously defined to be of type Integer, were updated in the ArcSight CEF standard revision, to be of other types. By changing the column data types from System.Int32 to System…

Avans university that is using Power Platform and a student challenge to champions technology awareness and adoption. Netherlands-based Avans University of Applied Sciences is a vocational institution located across three different cities: Breda, 's-Hertogenbosch, and Tilburg. The school has more than 30,000 students, and 40 courses taught in 18 institutes. This is something that teacher Frank van der Kruis finds highly appealing. A huge advocate of digital solutions himself, he’s eager to make teaching more dynamic and engaging. “As teachers, our task is to prepare our students for what awaits them outside the classroom,” he says. “But when it comes…

Symptom: When using Performance Dashboard on Azure SQL Managed Instance you may find that percent of CPU usage is different (lower) than reported by Azure Portal for your Managed Instance. You may wonder which is the correct value. Resolution: When Managed Instance is provisioned you set the number of vCores you desire to have. Assume you choose X vCores you end up with machine that has Y>=X. You will only be charged for X vCores, and the system will restrict your Managed Instance to use only X vCores out of Y This is done to make sure your Instance will always have enouph resources and to avoid distruptions. Now, here is the reason, Azu…

Introduction Database performance is a hot topic among database users and practitioners. Users are always looking for the best performance, preferably out of the box, with no need for additional tuning, and at the most affordable price point. While Azure Database for MySQL is already tuned for the best perfromance out of the box, workloads vary. As a result, specific workloads may require some user intervention to boost and get the most out of a database server's performance. It's always a good idea to benchmark a MySQL server using sysbench to assess the capabilities of the server SKU it is uses. This blog post provides a checklist to help improve MySQL datab…

A number of organizations adopting microservices architectures have looked to service meshes as one of the tools that help these organizations in enforcing enterprise-wide policies and rules for traffic, security, reliability, and monitoring. These are generally categorized into Security, Reliability and Observability. While a networking solution other than service mesh can provide some of these features, it won’t do it without disrupting the application code or existing infrastructure. Service Mesh provides an independent infrastructure layer that can be managed by a separate team and is least intrusive. It deploys a sidecar container to pods by design, which makes it ve…

If you need a remote workstation with graphical acceleration for 3D visualization, Azure has several options available. From the original NV series, with the NVIDIA Tesla M60, to the fifth generation of the family with the NVads A10 v5 series based on the NVIDIA A10 cards. This series is the first one to introduce support for the use of partitioned NVIDIA GPUs with a minimum of 1/6 of the GPU resources in the smaller version with the Standard_NV6ads_A10_v5, up to a maximum of 2 full GPUs per virtual machine in the Standard_NV72ads_A10_v5. In addition, this new generation is based on the latest AMD EPYC 74F3V (Milan) processors with a base frequency of 3.2 GHz and a…

technical takeoff graphic Coming up on Oct 27 2022, 08:00 AM - 08:30 AM (PDT) There will be a Windows 365 Government: setup and configuration session that you don't want to miss. You can also watch this session on YouTube In this session we will share with you the story of Windows 365 Government and how Windows 365 is staying true to principle of simplicity while meeting the the specific needs of US Government agencies and their contractors. Please join Robert Nishi, Roy Barton, Shannon Young, and Tony Checkal as they cover the product and architecture of Windows 365 Government, share some best practices, and address common questions and scenarios from cus…

As part of Cybersecurity Awareness Month, explore the solutions that Microsoft Dynamics 365 Fraud Protection provides to help keep your organization’s data protected. Use the resources on Microsoft Learn to discover methods of supporting data security within your organization, whether you’re a functional consultant, a business user, a data analyst, or a developer. Learn how Fraud Protection helps safeguard customer accounts and build customer trust. Sandra Feinberg, Microsoft Principal Program Manager, offers insight on the subject. She observes that any enterprise using a Dynamics 365 Fraud Protection solution should consider that its high-quality data can be used not on…

I have a varied client base. Many of my customers are traditional larger financial organizations. But I also work with start-ups and software houses. (Microsoft calls these ISVs – Independent Software Vendors). Most software houses don't want to sell software anymore. Instead, they want to repackage their solutions as services, i.e. they want to offer Software as a Service (SaaS). Converting an application to a service is not easy. Even Microsoft had false starts with moving their on-premises applications to cloud-based offerings. Lately, I've spent a lot of time considering Microsoft's Well Architected Framework (WAF). It provides pillars of guidance…

Short link: The Microsoft Purview Data Loss Prevention Ninja Training is here! The Microsoft Purview Data Loss Prevention Ninja Training is here! We are very excited and pleased to announce this rendition of the Ninja Training Series. With all the other training out there, our team has been working diligently to get this content out there. There are several videos and resources out there and the overall purpose of the Microsoft Purview Data Loss Prevention Ninja training is to help you master this realm. We aim to get you up-to-date links to the community blogs, training videos, Interactive Guides, learning paths, and any other relevant documentation. …

In my career I have worked for many organizations where we would launch all of our updates at once, both from the operational side and the development teams. This was messy. Through my career I started looking at new ways to do things. Deploying smaller, more incremental changes. I also found ways to automate easy tasks in my infrastructure so that I could actually take a vacation or have a sick day. I started with PowerShell, then really started to embrace Infrastructure as Code. As I was automating more and more, I needed to stop deploying these things manually as well and find a way to automate things further. I started to then learn about automated deployment, …