Windows Server

When starting a new thread, I cannot edit the original post (for eliminating typos etc). example: https://techcommunity.microsoft.com/discussions/windows11/blog-windows-11-security-and-how-to-get-there-if-you-want/4358433 View the full article

We are thrilled to introduce the latest advancements in AI with the o1-mini model on Azure OpenAI Service. This new model is a game-changer, bringing enhanced reasoning capabilities that are particularly useful for tackling complex problems in various fields such as science, coding, and math. What is the o1-mini Model? The o1-mini model is adept at complex reasoning tasks, representing a significant advancement in AI capabilities. It can be used by healthcare researchers to annotate cell sequencing data, by physicists to generate complicated mathematical formulas needed for quantum optics, and by developers in all fields to build and execute multi-step workflows. Introducing Reinforcement Fine-Tuning Reinforcement Fine-Tuning (RFT) is a new model customization technique that enables developers to customize our models using dozens to thousands of high-quality tasks. By grading the model’s responses with provided reference answers, this technique reinforces how the model reasons through similar problems and improves its accuracy on specific tasks in that domain. How Does RFT Work? Graders play a crucial role in RFT by evaluating the responses during training. The grader compares the response generated by the model with the correct answer and gives a score from 0 to 1. This helps the model to reason better and improve its accuracy over time. Unlike Supervised Fine-Tuning (SFT), where the model is given the prompt and the completion at one go, RFT involves defining the graders and helping the model arrive at the logic behind choosing the answer with every new example. Real-World Applications of RFT with o1-mini - Reinforcement Fine-Tuning (RFT) unlocks the potential of the o1-mini model to address highly specialized and complex tasks across industries, delivering superior accuracy and domain-specific insights. Healthcare: Researchers can fine-tune the o1-mini model using RFT to annotate cell sequencing data with exceptional precision. By leveraging high-quality, graded annotations, the model learns to deliver more reliable and insightful outputs, accelerating breakthroughs in genomics and personalized medicine. Physics: Physicists can customize the o1-mini model to generate intricate mathematical formulas for quantum optics. With RFT, the model refines its ability to handle nuanced calculations, empowering researchers to address the most challenging problems in their field. These tailored fine-tuning processes highlight the flexibility and power of the o1-mini model when equipped with RFT, enabling domain experts to achieve transformative results. Region Availability The o1-mini RFT is supported in North Central US and Sweden Central. Initially, it will be a code-first experience, with a user interface to follow later on. Example: Base Model vs. Reinforcement Fine-Tuned Model To demonstrate the effectiveness of RFT, we compared the results of the base o1-mini model with the reinforcement fine-tuned o1-mini model on a small dataset. Accuracy of Responses: This measures if the model gives out accurate response for a given question/ prompt which is not part of training dataset. Prompt - Which of the following will not decrease mother to child transmission of HIV? A. Avoid breastfeeding B. Vaginal delivery C. Zidovudine given to mother antenatally and to neonate after birth D. Vitamin A supplementation given to mother Base model (o1-mini ) Reinforcement Fine tuned model ( o1-mini ) The correct answer is: **D. Vitamin A supplementation given to mother** **Explanation:** To determine which option **does not** decrease mother-to-child transmission (MTCT) of HIV, let's evaluate each choice: - **A. Avoid breastfeeding** **Decreases MTCT.** Breastfeeding can transmit HIV from mother to child through breast milk. Avoiding breastfeeding reduces the risk of transmission, especially when safe and feasible alternatives (like formula feeding) are available. - **B. Vaginal delivery** **Potentially Increases MTCT.** Vaginal delivery is associated with a higher risk of HIV transmission compared to a scheduled cesarean section (C-section) performed before the onset of labor and rupture of membranes. Therefore, opting for a vaginal delivery **does not** decrease MTCT and may actually increase the risk compared to a C-section. - **C. Zidovudine given to mother antenatally and to neonate after birth** **Decreases MTCT.** Zidovudine (AZT) is an antiretroviral medication that has been proven to reduce the risk of HIV transmission from mother to child when administered during pregnancy and to the newborn after birth. - **D. Vitamin A supplementation given to mother** **Does Not Affect MTCT.** While Vitamin A is important for overall health and immune function, it is **not** a recognized or effective intervention for reducing the transmission of HIV from mother to child. There is no substantial evidence supporting Vitamin A supplementation as a method to prevent MTCT of HIV. **Conclusion:** - **Option D** (**Vitamin A supplementation given to mother**) does **not** decrease mother-to-child transmission of HIV. B Conciseness of responses: To measure along with accuracy, finetuned model is better in giving crisp responses which results in Lower number of input and output tokens. Prompt: Which of the following is not true for myelinated nerve fibers? A. Impulse through myelinated fibers is slower than non-myelinated fibers B. Membrane currents are generated at nodes of Ranvier C. Saltatory conduction of impulses is seen D. Local anesthesia is effective only when the nerve is not covered by myelin sheath Base model (o1-mini ) Reinforcement Fine tuned model ( o1-mini ) The correct answer is: **A. Impulse through myelinated fibers is slower than non-myelinated fibers** **Explanation:** - **A. Impulse through myelinated fibers is slower than non-myelinated fibers** **Not True.** Myelinated nerve fibers conduct impulses **faster** than non-myelinated fibers. This increased speed is due to a mechanism called **saltatory conduction**, where the action potential "jumps" from one node of Ranvier to the next, reducing the time it takes for the impulse to travel along the nerve fiber. - **B. Membrane currents are generated at nodes of Ranvier** **True.** In myelinated fibers, action potentials are regenerated at the nodes of Ranvier, where the myelin sheath is absent. This allows for the rapid transmission of electrical signals. - **C. Saltatory conduction of impulses is seen** **True.** Saltatory conduction is a hallmark of myelinated nerve fibers, enabling faster and more efficient transmission of electrical impulses compared to non-myelinated fibers. - **D. Local anesthesia is effective only when the nerve is not covered by myelin sheath** **Not True.** Local anesthetics are effective on both myelinated and non-myelinated fibers. In myelinated nerves, anesthetics typically target the sodium channels at the nodes of Ranvier to block nerve conduction. Therefore, the statement that is **not true** for myelinated nerve fibers is **Option A**. A Conclusion As we embark on this journey together, we are not just providing a service; we are creating innovations that can define the future of domain-specific AI applications. We look forward to building use cases across various industry verticals with reinforcement fine-tuning. For more information, please reach out to your Microsoft representatives or account managers. View the full article

We are thrilled to introduce public preview of groundbreaking feature in the Azure OpenAI Service: Direct Preference Optimization (DPO). This new capability is set to revolutionize the alignment of large language models with human preferences, making it easier for customers to generate high-quality training datasets. What is Direct Preference Optimization? Direct Preference Optimization is an innovative alignment technique for large language models that adjusts model weights based on human preferences. Unlike Reinforcement Learning from Human Feedback (RLHF), DPO does not require fitting a reward model and uses binary preferences for training. This makes DPO computationally lighter and faster than RLHF while being equally effective at alignment. Why is DPO Useful? DPO is particularly beneficial in scenarios where there is no clear-cut correct answer, and subjective elements like tone, style, or specific content preferences are important. This approach allows the model to learn from both positive examples (what's considered correct or ideal) and negative examples (what's less desired or incorrect) Simplicity: DPO eliminates the need for a separate reward model, which is required in traditional methods like Reinforcement Learning from Human Feedback (RLHF). This simplification reduces the complexity of the optimization process Stability: By directly optimizing the policy based on human preferences, DPO avoids the instability often associated with training and maintaining multiple models. This leads to more consistent and reliable outcomes Efficiency: DPO is computationally efficient as it does not require the extensive computational resources needed for RLHF. This efficiency allows for faster convergence and lower computational overhead Bias Mitigation: DPO directly incorporates human preferences into the optimization process, which helps in reducing unintended biases in the model's behavior. This alignment with human values ensures that the model's outputs are more desirable and ethical2. Overall, DPO offers a streamlined, stable, and efficient alternative to traditional methods, making it a promising approach for fine-tuning language models to better align with human expectations and values. Dataset Format for DPO The dataset format for DPO differs from SFT. Customers provide a "conversation" containing the system message and the initial user message, followed by "completions" with paired preference data. . The dataset includes three top-level fields: "input," "preferred_output," and "non_preferred_output." Each element in the preferred_output/non_preferred_output must contain at least one assistant message and can only have roles in (assistant, tool). Example for DPO: {"input": {"messages": [{"role": "system", "content": "You are a chatbot assistant. Given a user question with multiple choice answers, provide the correct answer."}, {"role": "user", "content": "Question: One year, the oak trees in a park began producing more acorns than usual. The next year, the population of chipmunks in the park also increased. Which best explains why there were more chipmunks the next year? Answer choices: A: Shady areas increased., B: Food sources increased., C: Oxygen levels increased., D: Available water increased."}]}, "preferred_output": [{"role": "assistant", "content": "B: Food Sources Increased."}], "non_preferred_output": [{"role": "assistant", "content": "A: shady areas increased."}]} Example for SFT: {"messages": [{"role": "system", "content": "You are a chatbot assistant. Given a user question with multiple choice answers, provide the correct answer."}, {"role": "user", "content": "Question: Which characteristic of a cheetah is more likely to be learned rather than inherited? Answer choices: A: speed, B: a spotted coat, C: hunting strategies, D: claws that do not retract"}, {"role": "assistant", "content": "C: Hunting Strategies"}]} Supported Models and Regions DPO is supported for the GPT-4o model. GPT-4o-mini support for DPO will follow soon. Users can preference fine-tune the base model of GPT-4o or supervised fine-tuned models of GPT-4o through this functionality. Getting Started with DPO Prepare datasets in preference formats as described above Select the model and then select the method of customization “Direct Preference Optimization” using Azure AI Foundry Portal (Which has seamless support for all Azure Open AI services) Upload training and validation datasets. Select hyperparameters as needed, our defaults work well too. Review the selections and create fine tuning job. Hyperparameter : What does DPO’s new hyperparameter 'Beta' mean? - Beta indicates temperature parameter for the DPO loss, typically in the range 0.1 to 0.5. This controls how much attention we pay to the reference model: the smaller the beta, the more we allow the model to drift away from the reference model Pricing The Pricing for DPO is same as supervised fine tuning of gpt 4o-mini and gpt 4o models. Pro Tip: Doing supervised fine tuning on the preferred answers before DPO is sometimes needed, depending on the dataset (if too far from the distribution). Here is how to do it through Azure AI Foundry portal. We are excited to bring this new capability to our customers and look forward to seeing the innovative ways you will use Direct Preference Optimization to enhance your AI models. Detailed information would be available soon in documentation. Stay tuned for more updates and happy fine-tuning! Ready to get started? Learn more about Azure OpenAI Service Check out our How-To Guide for Fine Tuning with Azure OpenAI Try it out with Azure AI Foundry View the full article

As we continue to push the boundaries of AI capabilities, we are thrilled to announce several new fine-tuning features in Azure OpenAI Service. Fine-tuning is crucial for meeting customer-specific needs, as it allows organizations to adapt pre-trained models to their unique datasets and requirements. This customization enhances performance, reduces token costs, and ensures that AI solutions are aligned with business goals. In recent months, we have seen a tremendous growth in the consumption of Azure OpenAI Service fine-tuning. More and more organizations are recognizing the value of fine-tuning to create AI models that are tailored to their specific use cases. This trend highlights the increasing demand for flexible and efficient AI solutions that can be easily customized to meet diverse business needs. Introducing o1-mini Reinforcement Fine-Tuning We’re excited to announce the private preview of reinforcement fine-tuning for the o1-mini model. Reinforcement fine-tuning is particularly beneficial for optimizing model behavior in highly complex or dynamic environments, enabling the model to learn and adapt through iterative feedback and decision-making. Designed for exceptional reasoning capabilities particularly in the STEM fields at a fraction of the cost, o1-mini has become a trusted solution for businesses across industries. With fine-tuning now available, you can customize o1-mini to address your specific needs, unlocking new efficiencies and opportunities. For example, financial services providers can optimize the model for faster, more accurate risk assessments or personalized investment advice. In healthcare and pharmaceuticals, o1-mini can be tailored to accelerate drug discovery, enabling more efficient data analysis, hypothesis generation, and identification of promising compounds. Fine-tuning empowers you to align o1-mini with your goals while preserving its hallmark cost-efficiency. Start customizing your AI solutions and see how o1-mini fine-tuning can transform your business. Announcing Direct Preference Optimization Direct Preference Optimization (DPO) is another new alignment technique for large language models, designed to adjust model weights based on human preferences. Unlike Reinforcement Learning from Human Feedback (RLHF), DPO does not require fitting a reward model and uses binary preferences for training. This method is computationally lighter and faster, making it equally effective at alignment while being more efficient. DPO is especially useful in scenarios where subjective elements like tone, style, or specific content preferences are important. We’re excited to announce the public preview of DPO in Azure OpenAI Service, starting with GPT-4o-2024-08-06; GPT-4o-mini-2024-07-18 will be available soon. Distillation: Enhancing Efficiency and Performance for Fine-Tuning We are announcing the public preview of Stored completions, which allows developers to capture and store input-output pairs from models like GPT-4o, building datasets with production data for evaluating and fine-tuning models through a technique called distillation. The Stored completions currently supports GPT-4o-0806 in the Sweden Central region. We plan to expand this feature to include additional models and regions in the future. The comprehensive distillation process includes collecting live traffic from Azure OpenAI endpoints, filtering and subletting that traffic in the Stored Completions UI, exporting it to the Evaluation UI for quality scoring, and finally, fine-tuning from the collected data or a subset based on evaluation scoring. Prompt Caching for Fine-tuned Models We are excited to announce the support for prompt caching in fine-tuning, available for models GPT-4o-0806 and GPT-4o-mini. Prompt caching significantly reduces request latency and costs by reusing recently seen input tokens, which is especially beneficial for longer prompts with identical initial content. This feature ensures faster processing times and offers a 50% discount on input token pricing for Standard deployment types. This is the first time prompt caching for fine-tuning is being highlighted with differentiated pricing, providing substantial benefits to our customers. Here is the pricing table for the above models: Global Standard Deployment for Fine-Tuned Models We are excited to announce the public preview of our global standard deployment for Azure OpenAI fine-tuning! This new deployment option offers developers a cost-effective way to deploy custom models with the same rate limits. Custom model weights might be stored outside the selected GEO while inferencing, providing more choices for custom model deployments and making it ideal for experimentation purposes. Starting with GPT-4o-0806 and GPT-4o-mini, this deployment option offers the flexibility needed for your applications, making it easier to manage and deploy fine-tuned models. Please note that Global Standard fine-tuning deployments currently do not support vision and structured outputs. Azure OpenAI Service is committed to providing a wider range of deployment options to better serve customer needs. Stay tuned for further updates! These new features in Azure OpenAI Service fine-tuning demonstrate our commitment to providing robust, flexible, and efficient AI solutions. With advancements like o1 mini fine-tuning, stored completions, provisioned and global standard deployments, and direct preference optimization, developers have the tools they need to create high-quality, customized AI models. We invite you to explore these new features and take your AI projects to the next level. Stay tuned for more updates and join us in this exciting journey of innovation! View the full article

Hi all, I compiled a large dataset to do some multivariate linear regression modelling. I have one Y variable and 15 X (dependent) variables. I think I set everything up properly with no missing data points, but I keep geeting an error with the LINEST() function. It says check your input ranges and won't even run. Can someone tell me what I may be missing? View the full article

Intro The goal of this blogpost is guidance about what are recommended security settings in Windows 11 (or Windows Server), today. Many of them not enable or enforced. One of the key requirements for Windows 11 is the presence of a "TPM 2.0 chip" on your hardware. Also, Secure Boot and HVCI (Core Isolation) should be enabled. We come to the details of that, later. With flexibility and compatibility, many settings that are feasible are not fully enforcement on Windows 11 24H2 and Windows Server 2022 and 2025, as supported Operating Systems in Mainstream Support. From a high-level perspective, these are settings I would recommend changing in Windows Security center: Recommended settings in Windows Security Device Security > Make sure Core Isolation, Security Chip and Secure Boot are enabled. Device Security > BitLocker BitLocker is optional but recommended. Best keep a physical (printed) copy of the BitLocker Recovery Key and a copy saved to your Microsoft account. BitLocker is feasible if you fear the chance that your computer / device could be stolen, and it contains important files (incl. OneDrive pinned or cached files). It's a bit beyond this guidance, but for BitLocker I would change the local group policy on Windows 11 Pro and enable XTS-AES 256 for the OS drive as, very unfortunately, the BitLocker default encryption is still compatible with Windows 7 (XTS-AES 128). Device Security > Core Isolation and all settings on this page App and Browser Control > Settings for reliability related security Some security settings on this page are linked with the Password and Downloads Security settings in Edge browser. So, you'll notice that Microsoft's feature-rich Chromium based browser is more tightened into the free of charge and market leading Defender security sphere, compared to its pendants like Chrome, Opera et cetera. Remember, while sharing same open-source codebase and combined efforts, MS Edge it a fork. What's about the fuss of TPM, fTPM and vTPM? Several types of TPM, not necessarily a discrete chip A TPM "chip on the hardware", in most modern computers or servers is not a discrete TPM chip on the mainboard, which caused a lot of fuss in 2021 and overpriced chips. And on the top of that allow "easier" local HW attacks. More though, it's a security feature, silicon integrated in your Windows 11 supported processor (CPU). In modern UEFI BIOS this TPM is often called vTPM or fTPM. Why and how-to updating UEFI BIOS (regularly): If you never updated your BIOS on your OEM device or custom built one, please consider doing so. This is what you can expect from UEFI BIOS updates: Security improvements for mainboard, Secure Boot, certificates, and CPU. Intel CPU microcode updates (especially important for Intel 13/14gen) AMD AGESA updates Intel ME firmware and security updates. Many vendors changed default settings for improved TPM and Secure Boot default settings, to comply with Windows 11 requirements. Prerequisites: In all cases make sure that for portable devices, PCs and servers your power remains connected, and you do not shutdown, restart (unless prompted) or power off, during the update. Before starting: Connect Power (esp. portable devices) Make sure to pause / suspend (not disable) BitLocker, if enabled and make sure you can access your Microsoft Account via mobile to access the BitLocker recovery key in worst case. Updating UEFI on OEM Hardware OEM hardware vendors often provide validated UEFI updates directly via Windows Update. These also take care of suspending BitLocker. Power connection advise apply. WU will not prompt you for this. UEFI Security recommendation If you can select it, in UEFI security settings, I would disable SHA-1 / SHA-128 and enable SHA-256 and higher. If you have 256 and 384 support. It's fine to enable both. For custom built PCs please refer to the mainboard vendors manual. They are worth a read. What about TPM and VMs? If you have a TPM, vTPM / fTPM on your hardware and properly configured in UEFI, on top of that, in modern versions of Hyper-V on Windows Client and Windows Server you can enable vTPM for VMs. The VM must be Generation 2, VM Version 9.0 or later and have UEFI enabled. This vTPM offers the same security layer as on physical hardware. Mind that this is also available for recent VMware ESXi 7.0 or later / vSphere but often not enabled or embraced as VM default. Sidenote: What about Windows Server? Windows Server 2022 and 2025 do benefit from the TPM and Secure Boot, same as Windows 11 Clients, however the setup does not enforce specific settings. Why are settings not enforced, strictly? And why the Microsoft account? Secure Boot In fact, anyone can still boot Windows 11 and Windows Server without Secure Boot enabled. Which I think is a huge miss. This should be possible as Secure boot and compatible GOP Bootable devices, such as GPUs are available for exceedingly long time ~2011/2012 of the era of Intel Sandy Bridge, GTX 670, anyone? TPM and Windows Hello TPM, is required for Windows Hello and BitLocker, saving your - never leave the PC towards internet - secure PC login. Microsoft account with Windows Hello in Windows 11 24H2 even supports modern passkeys. < Edge will offering translate this page from German BSI into your own language. Microsoft Account It's more save than password with local Windows accounts like "Administrator / password combinations". Something we had since Windows NT / 3.0 / 95. Still many still insist using these "offline accounts" in fear of having a Microsoft account. Microsoft Account does not usually require internet to login with Windows Hello. As with the enforcement or lazy "allowance" with Microsoft, the discussion on Microsoft Account enforcement in Windows 11, imho, are a bit of double standards. The same personas are often ok to have a Google or Apple Account securing or accessing another sphere, suddenly strictly disagree with security benefits of a highly secure passwordfree Microsoft account to protect and sync their personal settings, OneDrive, Edge on all devices. Trust me, with Windows 11, a Microsoft account and winget, reinstalling / refreshing your Windows PC is like a breeze that smells like Apple(s). The final: Exclusions! Exclusions everywhere! Yes, my face looks exactly like Woody's, thinking about the inconsistencies - I really dislike inconsistencies in general. So my look is like that: Afraid like Woody's, respectfully, not Woody Leonard's, though. There are different people with different opinions and use cases and that's ok. Security on Windows 11 for consumers is important. In the recent 5 years , I saw people being encrypted losing their entire digital life. This would not have happened with recommended top-notch security measures of Microsoft, plus an offline backup, performant and dependable as Macrium Reflect, among other solutions available. Microsoft still does not go all in on security, for consumers. For Windows 11 there are plenty workarounds. Windows Server 2025 does not even include any enforcements, neither Secure Boot, modern CPUs nor TPM. That's a shameful exception to all the rules and fuels the dry taste on Microsoft security-first tongue. Virtual Machines also form exceptions. All of this appears inconsequent and is highly debated everywhere. Please do me a favour, refrain to spawn another place in the comments. It's all well-known. Hope that this guidance is something you can leave thumbs up, regardless "political" and "environmental" decisions. Not speaking for Microsoft, just sharing my knowledge as a Windows Insider and MVP, which is a community-oriented program. Thanks for your feedback on the subject, leaving thumbs up and sharing. Cheers for security and Windows! View the full article

vcvc View the full article

Get answers to your questions about adopting Windows 11 and managing Windows devices across your organization. Find out how to proactively implement and monitor Zero Trust practices. Get tips on keeping devices up to date. Learn how to move forward with cloud-native workloads, even if you have on-premises or hybrid needs. Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community. How does it work? We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have. Post your questions in the Comments early and throughout the one-hour event. Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. View the full article

Get answers to your questions about adopting Windows 11 and managing Windows devices across your organization. Find out how to proactively implement and monitor Zero Trust practices. Get tips on keeping devices up to date. Learn how to move forward with cloud-native workloads, even if you have on-premises or hybrid needs. Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community. How does it work? We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have. Post your questions in the Comments early and throughout the one-hour event. Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. View the full article

Get answers to your questions about adopting Windows 11 and managing Windows devices across your organization. Find out how to proactively implement and monitor Zero Trust practices. Get tips on keeping devices up to date. Learn how to move forward with cloud-native workloads, even if you have on-premises or hybrid needs. Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community. How does it work? We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have. Post your questions in the Comments early and throughout the one-hour event. Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. View the full article

Imagine a workspace where productivity flows smoothly and improves continuously. In the era of generative AI, organizations and employees are experiencing unprecedented enhancements in efficiency and creativity. Generative AI systems can automate routine tasks, freeing up valuable time for employees to focus on more strategic initiatives. These intelligent assistants analyze vast amounts of data to provide actionable insights, helping teams make informed decisions swiftly. Furthermore, they assist in content creation, data analysis, and even customer interactions, ensuring that businesses can operate more effectively and adapt to the ever-evolving market demands. This technological advancement not only optimizes workflows but also empowers employees to innovate and achieve their full potential, ultimately driving success and growth within the organization. Microsoft 365 Copilot is your AI assistant, and Copilot Studio is where you easily create and manage agents – think of these as the new apps for an AI-powered world. Agents connect to your organization’s knowledge and data sources, to automate and execute business processes, working alongside or on behalf of a person, team, or organization. Agents range from simple, prompt-and-response agents to more advanced, fully autonomous agents. We envision a workplace where every organization will have agents, working on behalf of individuals, teams, or functions. What is Copilot Studio agent builder? The Copilot Studio agent builder is a low-code platform that enables users to build custom agents directly within Microsoft 365 Copilot Business Chat (BizChat). This powerful tool allows users to create intelligent agents that can automate tasks, provide valuable insights, and enhance overall productivity. The agent builder offers an intuitive user interface, with seamless integration with various data sources, and quick deployment options. This tool allows you to describe your agent, create, test, and deploy it, making it accessible even to individuals with minimal technical expertise. Key Features Ease of Use: The agent builder is designed for users with minimal coding experience. With its intuitive interface, you can create agents by simply describing the type of agent you want to build and configuring its settings. Customization: You can customize your agent by editing its name, description, and instructions. Additionally, you can add SharePoint sites and documents that your agent should reference, as well as starter prompts to guide its interactions. Integration: The agents built with Copilot Studio can be integrated into various Microsoft 365 applications, including Microsoft Teams, BizChat, and more. This ensures that your agents are accessible wherever you need them. Scalability: The platform supports the creation of knowledge-only agents, with additional capabilities such as image generation coming soon. This allows you to scale your agents' functionality as your business needs evolve. How to get started To help showcase what’s possible with agents created using Copilot Studio agent builder, we have made available agents, pre-built for you, like Career Coach, Prompt Coach and Writing Coach. You can use them as a starting point in creating agents, connect to your knowledge sources and improve your business workflows. Or you can create your own agent. To get started with agent builder. Access BizChat: Go to BizChat experience in Teams, Microsoft365.com/Copilot, or other Microsoft 365 apps. Create an agent: Select "Create an agent" and describe the type of agent you want to build. Add any further descriptions and configure its settings. Customize your agent: Edit the agent's name, description, and instructions. Add relevant SharePoint sites, documents, and prompt starters. Deploy your agent: Once your agent is ready, select "Create" and then "Share" to deploy it within BizChat in your organization. See how to create a mentoring agent using the pre-built Career Coach template Benefits of using Copilot Studio agent builder Enhanced efficiency: Automate repetitive tasks and free up valuable time for your team to focus on strategic activities. Improved customer engagement: Provide timely and accurate responses to customer inquiries, enhancing their overall experience. Streamlined processes: Integrate agents into your existing workflows to streamline operations and improve productivity. Get started building agents today! The Copilot Studio agent builder is a game-changer for businesses looking to leverage the power of intelligent agents. By providing a low-code platform for creating custom agents, it empowers users to enhance efficiency, improve customer engagement, and streamline processes. Whether you're looking to automate tasks or provide valuable insights, the agent builder is a tool worth exploring. Whether a user, developer, or IT professional, with the ability to build agents in Copilot Studio you can build an agent and customize it for your business’s specific needs and processes and get the most of AI. These features are generally available today. Explore the comprehensive documentation and user guide to get started. View the full article

As your AI assistant for work, Microsoft 365 Copilot offers unique capabilities to supercharge productivity by reasoning across your enterprise data. However, as the transformational capability to leverage organizational information enables Copilot to surface valuable insights, it also highlights gaps in content governance—particularly overshared access. In our Ignite breakout session "Prepare your data for Microsoft Copilot with new tools" we shared an example that resonated with many attendees: Imagine typing a query about your org structure into Copilot, only to have confidential details about an upcoming reorganization surface in the response—details you were never meant to see. This scenario underscores the potential challenge of using generative AI with overshared data. To help you address this challenge, we’ve developed a new Microsoft deployment blueprint, Address oversharing in Microsoft 365 Copilot. This practical, phased approach provides a recommended path to help organizations tackle oversharing concerns, prepare their data for AI, and fully unlock the potential of Microsoft 365 Copilot. The oversharing challenge Oversharing happens when permissions are too broad and controls are too few, exposing data unnecessarily. This can lead to: Access to information beyond what the user needs for their role Inappropriate sharing of confidential or sensitive content. Outdated or irrelevant responses from AI, undermining its utility. These issues aren’t always obvious but often stem from five common causes: Site privacy settings that grant access to everyone in the organization. Default sharing options set to “everyone,” bypassing more secure configurations. Broken permission inheritance, where site-level permissions don’t align with those at the file or folder level. Sharing with “everyone except external users” domain group Sites and files without sensitivity labels that enforce policies around how data can be accessed and shared. In our conversations with customers we’ve found that these challenges resonate with organizations of all sizes, many of which are navigating complex data ecosystems with overlapping permissions and years of content governance debt. This is where our new deployment blueprint comes in. It offers a structured methodology to address oversharing risks while preparing your environment for a secure, scalable Copilot deployment, including: An overview of the most common causes of internal oversharing in Microsoft SharePoint A recommended, staged approach to avoid oversharing in a Microsoft 365 Copilot deployment Recommended actions specific to E3 or E5 licenses at each stage Detailed guidance for using the tools in the SharePoint Admin Center, SharePoint Advanced Management (SAM), and Microsoft Purview to identify and mitigate oversharing and ongoing governance concerns. Prepare your information for GenAI with the deployment blueprint The deployment blueprint, Address oversharing in Microsoft 365 Copilot, is designed to take organizations through three key phases: Pilot, Deploy, and Operate. Each phase is flexible, allowing you to start small or scale quickly based on your needs. Phase 1 – the Pilot, is an optional phase intended for customers wanting to test out Copilot. In this phase Copilot is deployed to a small group of users within the organization and access limited to only low-risk content, allowing you to assess oversharing, test governance controls, and build a foundation for scaling Copilot securely. Phase 2 – Deploy (at scale), focuses on scaling Copilot access across your organization while implementing robust data protection measures. Many organizations may want to start at this phase and skip the Pilot phase entirely. In this phase you will identify oversharing risks, apply protections to sensitive data, and increase site privacy. By the end of this phase, Copilot will be securely deployed across your organization, with clear governance practices in place to minimize oversharing risks. Phase 3 – Operate, is about creating a culture of continuous improvement where governance practices are automated, monitored, and optimized over time. This results in a proactive governance framework that evolves with your organization to enhance the security of sensitive data and improve the accuracy and relevance of Copilot responses. For organizations challenged by the scale of their data environments, this phased approach provides clarity and direction. Whether you start small with a pilot or jump straight to deployment, the blueprint helps you take actionable steps toward a more secure, productive future. Your next steps If you’re ready to tackle oversharing concerns and prepare your organization for Microsoft 365 Copilot deployment at scale, the deployment blueprint, Address oversharing in Microsoft 365 Copilot is your guide. Download the blueprint for step-by-step guidance on all three phases. Watch our Ignite session “Prepare your data for Microsoft Copilot with new tools” to dive deeper into these strategies. View the full article

PrimeKey by Keyfactor helps organizations bolster cryptographic-based security through the Microsoft commercial marketplace PrimeKey is part of Keyfactor, a professional services company that was founded in 2001 and won Microsoft Partner of the Year in 2007. PrimeKey simplifies public key infrastructure (PKI) implementations by eliminating repetitive tasks and costly infrastructure through self-service certification solutions and automation for teams without PKI expertise. Whether for Internet of Things (IoT) product security or enterprise information technology initiatives, PrimeKey’s modular, cloud-first architecture makes it easier for customers to deploy quickly without reengineering infrastructure or reissuing certificates. PrimeKey’s solutions are horizontally applicable and span verticals. PrimeKey customers can manage every key and certificate because there are no per-certificate fees. The company is driven by a technology-agnostic approach that allows organizations to integrate their PKI with the best available technology. The platform is built for rapid change and agility. PrimeKey’s flagship product, EJBCA Enterprise Cloud, is hosted solely on Microsoft Azure and is available in the Azure Marketplace. Continue reading hereView the full article

In today’s cloud environment, security and efficient management of storage resources are paramount for organizations. Azure Blob Storage, known for its scalability and robust security, is a popular solution for handling large volumes of unstructured data. However, ensuring secure access to this data requires careful management, particularly when it comes to Shared Access Signatures (SAS) keys, which provide time-limited access to storage resources. To mitigate the risk of unauthorized access, it’s essential to rotate SAS keys regularly. Automating this process not only enhances security by ensuring the timely retirement of outdated keys but also guarantees the secure creation and updating of new keys. In this guide, we’ll show you how to use Azure Automation PowerShell Runbooks to automate the rotation of Azure Blob Storage SAS keys. This solution also covers updating external user credentials used in SQL to access the blob storage, simplifying access management while reducing manual intervention and the potential for human error. By adopting this automated approach, organizations can strengthen their data security practices, align with key management best practices, and ensure uninterrupted, secure access for users—all while minimizing administrative effort. This article will walk you through the process of automating the rotation of Azure Blob Storage SAS keys using Azure Automation PowerShell Runbooks. You’ll learn how to configure the necessary resources and set up permissions to ensure smooth execution. Note: This article uses SQL Managed Instance as an example to outline the steps in detail, which can also be applied to Azure SQL Database for implementation. Prerequisites Before proceeding with the implementation, ensure you meet the following prerequisites: An active Azure subscription. Azure Automation Account with sufficient privileges to perform administrative tasks. Access to an Azure Storage Account, Azure Key Vault, and Azure SQL Managed Instances that will be involved in the automation process. Summary Configure Azure Automation Account Set up an Automation Account in Azure and import required modules for integration. Grant Required Permissions Assign the necessary roles to the Automation Account to enable access to Azure Key Vault, Storage Accounts, and SQL Managed Instances. Create Stored Procedure in SQL Managed Instance Implement a stored procedure to facilitate database credential updates. Create Login and Grant Permissions Create a login for the Automation Account and grant the required permissions to execute operations in the SQL Managed Instance. Setup Documentation Configure Azure Automation Account To start, configure an Azure Automation Account to run the automation scripts and manage resources. Create an Azure Automation Account: Go to the Azure portal and create a new Azure Automation Account. This account will host the PowerShell Runbooks that will automate the SAS key rotation. Import the SQL Server Module: Once the Automation Account is created, import the SQLServer module into the Automation Account. This module allows the Runbook to interact with SQL Managed Instances and perform necessary database operations. a) Go to the Azure Portal and navigate to your Automation Account. b) Select "Modules" under the "Shared Resources" section in the Automation Account. c) Click on "Browse Gallery", and search for "SQLServer" in the gallery. d) Select the "SQLServer" module and click Import. e) Wait for the import to complete and verify the module appears under Installed Modules. Runbook Setup Create a new Runbook, select PowerShell as the type, choose the recommended runtime version, and enter the script code shared (SASKeyRotationAutomationScript.ps1) below as the content. Grant Required Permissions Ensure that the Automation Account has the appropriate permissions to interact with dependent resources such as Azure Key Vault, Storage Account, and SQL Managed Instances. Key Vault: Assign the "Key Vault Secrets Officer" role to the Automation Account on the Key Vault. This role allows the account to manage secrets in the Key Vault, which will be necessary for storing SAS keys. Storage Account: Assign the "Storage Account Key Operator Service Role" to the Automation Account for the relevant Storage Account. This role enables the Automation Account to manage keys for the Storage Account, including generating new SAS tokens. SQL Managed Instances: Assign the "Reader" role to the Automation Account on each SQL Managed Instance. This role allows the Automation Account to read database configurations and settings required for the SAS key update process. Subscription Level: Assign the "Reader" role at the subscription level to ensure that the Automation Account can access all the resources it needs across the subscription. Create Stored Procedure in SQL Managed Instance Next, create a stored procedure in the SQL Managed Instance that will handle updates to the database credentials, as part of the SAS key rotation process. Create the Stored Procedure: Implement the stored procedure UpdateDatabaseScopedCredential.sql within your SQL Managed Instance to manage database credential updates. This procedure will be invoked by the Automation Account during the execution of the Runbook. Create Login and Grant Permissions Create a login for the Automation Account within the SQL Managed Instance and assign the necessary permissions to execute the stored procedure and other required tasks. Execute the Following SQL Commands: USE [master] GO CREATE LOGIN [AutomationAccount] FROM EXTERNAL PROVIDER; GO USE [DBA] GO CREATE USER [AutomationAccount] FOR LOGIN [AutomationAccount]; GRANT EXECUTE ON dbo.UpdateDatabaseScopedCredential TO [AutomationAccount]; GRANT CREATE TABLE TO [AutomationAccount]; Explanation: The above SQL commands will create a login for the Automation Account from an external provider (likely Azure AD), map it to a user, and grant the required permissions to execute the stored procedure and create tables, if necessary, during the process. With these steps completed, your Azure environment will be ready to automate the SAS key rotation and securely manage credentials through Azure Automation. Next, manually run the Runbook to test its functionality, ensuring that it performs as expected. After confirming the successful execution, schedule the Runbook according to your requirements. PowerShell Script File for SAS Key Rotation SASKeyRotationAutomationScript.ps1 #________________________________ #Input parameters #________________________________ $subscriptionId =xxxxx-459a-409f-8339-xxxxxxxx $resourceGroupName = "ProdRG" $storageAccountName = "Prodstorageaccount" $keyVaultName = "Prodkeyvault" $secretName = "SASForHRTK" $SASexpiryDate =90 # days $automationAccountName = "AutomationAccount" $global:NewSASKey=""; $database ="master" Connect-AzAccount -Identity Set-AzContext -subscriptionId $subscriptionId | Out-Null *>$null # Retrieve SQL Managed Instances and construct DNS names $sqlInstances = Get-AzSqlInstance | Select-Object ManagedInstanceName, DnsZone $SQLMIList = $sqlInstances | ForEach-Object { $dnsName = "$($_.ManagedInstanceName).public.$($_.DnsZone).database.windows.net,3342" [PSCustomObject]@{ DNSName = $dnsName } } #_______________________________________________________________ # Variables used #_______________________________________________________________ Write-Output "[$(Get-Date)]: __________________ Beginning of SAS Key Rotation Script __________________" Write-Output "[$(Get-Date)]: Input Parameters for Execution:" # Add input parameters Write-Output "`n[$(Get-Date)]: Subscription ID : $subscriptionId" Write-Output "[$(Get-Date)]: Resource Group Name : $resourceGroupName" Write-Output "[$(Get-Date)]: Storage Account Name : $storageAccountName" Write-Output "[$(Get-Date)]: Key Vault Name : $keyVaultName" Write-Output "[$(Get-Date)]: Secret Name : $secretName" Write-Output "[$(Get-Date)]: SAS Expiry Date : $SASexpiryDate" Write-Output "[$(Get-Date)]: User Principal Name : $UserPrincipalName" Write-Output "[$(Get-Date)]: Connected to subscription: [$( (Get-AzSubscription -subscriptionId $subscriptionId).Name )]`n" Write-Output "[$(Get-Date)]: SQL Managed Instances identified in the current subscription `n" Write-Output ("_" * 60 + "`n"); $SQLMIList.DNSName; Write-Output ("`n" + ("_" * 60)) #_______________________________________________________________ # Generate a new SAS token and update Keyvault #_______________________________________________________________ function GenerateSASToken_And_UpdateKeyVault { $context = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey ((Get-AzStorageAccountKey -ResourceGroupName $resourceGroupName -Name $storageAccountName -WarningAction SilentlyContinue)[0].Value ) -WarningAction SilentlyContinue $expiryTime = (Get-Date).Adddays($SASexpiryDate).ToUniversalTime().ToString("yyyy-MM-ddTHH:mm:ssZ") try { $sasToken = New-AzStorageAccountSASToken -Service Blob -ResourceType Container,Object -Permission "rwdlact" -ExpiryTime $expiryTime -Context $context Write-Output "[$(Get-Date)]: SAS Token generated successfully" $global:NewSASKey=$sasToken } catch { $ErrorOnSASkeyGeneration=$True Write-Output "[$(Get-Date)]: Failed to generate SAS Token. Error: $_" return ("ErrorOnSASkeyGeneration") } $securesasToken = $sasToken | ConvertTo-SecureString -AsPlainText -Force if ($ErrorOnSASkeyGeneration -ne $True) { # Check if the secret exists in Key Vault $secret = Get-AzKeyVaultSecret -VaultName $keyVaultName -Name $secretName -ErrorAction SilentlyContinue try { if ($secret) { # Update the existing secret with the new SAS token $res=Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $secretName -SecretValue $securesasToken -Expires $expiryTime -ContentType ("SASToken_Created_"+(Get-Date -Format "yyyy-MM-dd_HH:mm:ss")) Write-Output "[$(Get-Date)]: Secret updated in Key Vault - $keyVaultName with key - $secretName." } else { # Create a new secret in Key Vault $res=Set-AzKeyVaultSecret -VaultName $keyVaultName -Name $secretName -SecretValue $securesasToken -Expires $expiryTime -ContentType ("SASToken_Created_"+(Get-Date -Format "yyyy-MM-dd_HH:mm:ss")) Write-Output "[$(Get-Date)]: New Secret created in Key Vault - $keyVaultName with key - $secretName." } } catch { # Handle the error Write-Output "[$(Get-Date)]: An error occurred while updating or creating the secret in Key Vault." Write-Output "Error Message: $_" $exception=$True } } } #_______________________________________________________________ # Update Database scope credentials on SQL Managed instance #_______________________________________________________________ function UpdateDatabaseScopeCredential { param ([string]$sqlmi) $myCred = Get-AutomationPSCredential -Name "CredentialforMI" Write-Output "[$(Get-Date)]:Connecting to the Server : $sqlmi" try { #Using managed identity $secureToken = Get-AzAccessToken -ResourceUrl "https://database.windows.net/" -AsSecureString $token = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($secureToken.Token)) $Conn = New-Object System.Data.SqlClient.SqlConnection("Server=$sqlmi;Database=$database;Encrypt=True;Connection Timeout=30;") $Conn.AccessToken = $token $Conn.Open() $Command = $Conn.CreateCommand() $Command.CommandText = "EXEC $database.[dbo].[UpdateDatabaseScopedCredential] '$storageAccountName', '$NewSASKey'" $rowsAffected = $Command.ExecuteNonQuery() if ($rowsAffected -eq -1) { Write-Output "[$(Get-Date)]: The command executed successfully." } else { Write-Output "[$(Get-Date)]: $rowsAffected rows were affected." } Write-Output "[$(Get-Date)]: Updated the SASKey on $sqlmi" } catch { Write-Output "[$(Get-Date)]:An error occurred: $_" } finally { if ($Conn.State -eq 'Open') { $Conn.Close() } } } Write-Output "[$(Get-Date)]: Attempting to generate a new SASToken for Storage account :[$storageAccountName] and update Keyvault :[$keyVaultName]" GenerateSASToken_And_UpdateKeyVault Write-Output "[$(Get-Date)]: Attempting to update the database scope credential for SQL Managed instances" Write-Output "$SQLMIList`n" foreach ($SQLMI in $SQLMIList) { UpdateDatabaseScopeCredential -sqlmi $SQLMI.DNSName } Write-Output "[$(Get-Date)]: __________________ End of SAS Key Rotation Script __________________" SQL Script to Update a Database Scoped Credential UpdateDatabaseScopedCredential.sql Use [DBA] go CREATE OR ALTER PROCEDURE UpdateDatabaseScopedCredential @Storactaccount NVARCHAR(128), @NewKey NVARCHAR(MAX) WITH ENCRYPTION AS BEGIN set nocount on -- Declare variables for dynamic SQL DECLARE @sql NVARCHAR(MAX); DECLARE @dbName NVARCHAR(128); DECLARE @credentialName NVARCHAR(128); IF OBJECT_ID('dbo.SASKeyRotationLogging', 'U') IS NULL BEGIN CREATE TABLE SASKeyRotationLogging (Timestamp DATETIME DEFAULT GETUTCDATE(), Details NVARCHAR(MAX)); END PRINT REPLICATE('_', 100)+ CHAR(13) + CHAR(10)+ '[' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + '] Starting the script to update the credentials on Server [' + @@SERVERNAME + '].'; INSERT INTO master..SASKeyRotationLogging (Details) VALUES ('[' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + '] Starting the script to update the credentials on Server [' + @@SERVERNAME + '].'); INSERT INTO master..SASKeyRotationLogging (Details) SELECT '[' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + '] Database name: ' + name FROM sys.databases WHERE name LIKE '%_ems'; -- Cursor to iterate over databases DECLARE db_cursor CURSOR FOR SELECT name FROM sys.databases WHERE name LIKE '%_ems'; OPEN db_cursor; FETCH NEXT FROM db_cursor INTO @dbName; WHILE @@FETCH_STATUS = 0 BEGIN -- Construct the dynamic SQL to be executed in each database SET @sql = ' USE [' + @dbName + ']; DECLARE @Result TABLE (CredentialName NVARCHAR(128)); INSERT INTO @Result (CredentialName) SELECT c.name AS CredentialName FROM sys.database_scoped_credentials AS c INNER JOIN sys.external_data_sources AS ds ON ds.credential_id = c.credential_id WHERE c.credential_identity = ''SHARED ACCESS SIGNATURE'' AND ds.type = 5 AND ds.location LIKE ''%' + @Storactaccount + '%''; -- Corrected LIKE syntax -- Update the credentials DECLARE @credName NVARCHAR(128); DECLARE cred_cursor CURSOR FOR SELECT CredentialName FROM @Result; OPEN cred_cursor; FETCH NEXT FROM cred_cursor INTO @credName; WHILE @@FETCH_STATUS = 0 BEGIN -- Construct the ALTER DATABASE SCOPED CREDENTIAL command DECLARE @alterSql NVARCHAR(MAX); SET @alterSql = ''ALTER DATABASE SCOPED CREDENTIAL ['' + @credName + ''] WITH IDENTITY = ''''SHARED ACCESS SIGNATURE'''', SECRET = ''''' + @NewKey + ''''';'' EXEC sp_executesql @alterSql; PRINT ''['' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + ''] [Database: ' + @dbName + '] Updated the key for credential ['' + @credName + ''].'' INSERT INTO master..SASKeyRotationLogging (Details) VALUES (''['' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + ''] [Database: ' + @dbName + '] Updated the key for credential ['' + @credName + ''].''); FETCH NEXT FROM cred_cursor INTO @credName; END '; -- Execute the dynamic SQL EXEC sp_executesql @sql, N'@Storactaccount NVARCHAR(128)', @Storactaccount; FETCH NEXT FROM db_cursor INTO @dbName; END; CLOSE db_cursor; DEALLOCATE db_cursor; PRINT '[' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + '] End of script to update the credentials on Server [' + @@SERVERNAME + '].'+ CHAR(13) + CHAR(10)+REPLICATE('_', 100); INSERT INTO master..SASKeyRotationLogging (Details) VALUES ('[' + CONVERT(NVARCHAR(30), GETUTCDATE(), 126) + '] Ending the script to update the credentials on Server [' + @@SERVERNAME + '].'); END View the full article

Hotpatch updates help you ensure rapid protection by installing Windows security updates without having to restart your devices. These updates provide the same level of security as the standard monthly security updates and take effect immediately, without requiring user attention or affecting user productivity. This type of Windows update has been available on Windows Server for the last two years and is now in public preview for Windows 11, version 24H2 Enterprise client devices. Please refer to the links below for more about the technical functionality of hotpatch updates for client and server devices. Time to learn: 100 mins Start here If you only have time for one resource, this is it: Ask Microsoft Anything (AMA): Hotpatching Windows – client and server (33 mins): Get tips on how to enable hotpatch updates for client devices and servers. Hear Microsoft answer questions from the community. Gain the confidence you need to enable day-one protection. Windows 11 + Server + Security + Update management Windows client What's new Hotpatch for client comes to Windows 11 Enterprise (3 mins): Preview hotpatching today! In addition to the overview of benefits and how it works, get started with the prerequisites and tips to enable hotpatching with Windows Autopatch. Windows 11 + 24H2 + Enterprise + Microsoft Intune + Windows Autopatch Hotpatch updates (public preview) (3 mins): Visit our evergreen documentation of hotpatching for Windows client. Learn about key benefits, eligibility requirements, the release cycle, and steps to enroll devices to receive hotpatch updates. Preview + Business premium + A3 + E3 + F3 + 24H2 + VBS + Baseline + LCU + Quality Hotpatch quality update report (public preview) (3 mins): View current hotpatch update status for all devices per policy. See numbers and names of devices that are up to date, hotpatched, not up to date, in progress, not ready, or paused. Display your reports by percentage or by device count. Preview + Reports + Windows Autopatch + Policy + Quality updates Prerequisites Virtualization-based security (VBS) (5 mins): Enable virtualization-based security (VBS) for a device to be offered hotpatch updates. When you set up VBS for the first time, you'll need to restart the device. VBS + Memory + Integrity + Hypervisor-protected code integrity (HVCI) + Kernel + Hardware + Security + VM + Virtualization Disable Compiled Hybrid Portable Execution (CHPE) use (ARM64 only devices) (1 min): Manually set the following registry key on Windows 11, version 24H2 ARM64 CPU based devices and restart the device for the setting to take effect. Registry key: HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management Value: HotPatchRestrictions=1 This setting helps ensure that these devices are fully secure when you install hotpatch updates starting with the December 2024 update. Important This setting forces the use of x86-only binaries. CHPE binaries are compatible with Windows OS x86 and include native ARM64 code to improve performance. However, they may not be compatible with some apps. Test for any application compatibility or performance impacts before rolling out widely. ARM64 + CHPE + Registry key Release notes Release notes for hotpatch public preview on Windows 11, version 24H2 Enterprise clients (time varies): Find information on the improvements and fixes included with each hotpatch update, as well as the baseline and hotpatch update schedule. Windows 11 + 24H2 + Enterprise + Public Preview Windows Server Hotpatching technology Hotpatch for Windows Server (7 mins): Learn about the benefits and the workings of hotpatching for Windows Server 2025 and 2022. Note that Azure Arc-enabled hotpatch is currently in preview. Check the availability of hotpatching for your context, how to enable it, monitor it, or roll it back based on your infrastructure. Windows Server 2025 + Windows Server 2022 + Azure Arc + Azure Stack HCI + VM + Baselines + Group Policy + SCONFIG Enable hotpatch for Azure Arc-enabled servers (preview) (2 mins): Want to preview hotpatch on Azure Arc-enabled servers? All you need to do is deploy the Connected Machine agent and enable Windows Server hotpatch. Read how. Azure + Arc + Windows Server 2025 + Standard + Datacenter + VM Hotpatching: Improving server security and productivity (30 mins): Watch our engineers respond to common questions and scenarios around hotpatching on Windows Server. Learn what hotpatching is, how it simultaneously solves the need for security and productivity at your organization, and its planned roadmap. Windows Server + Security + Update + Cyberthreat + Productivity + Downtime Hotpatching on Windows (13 mins): Why do updates require restarts? What are the security issues with delayed patching? See how hotpatching helps solve these issues, including its architecture, its engine, and the function of the hotpatch address table (HPAT). Kernel + Driver + Security + VM + Azure + HPAT Release notes Release notes for hotpatch on Windows Server 2025 Datacenter Azure Edition (time varies): Find information on the improvements and fixes included with each hotpatch update, as well as baseline and hotpatch update schedule. Windows Server 2025 + Datacenter + Azure Release notes for hotpatch in Azure Automanage for Windows Server 2022 (time varies): Find information on the improvements and fixes included with each hotpatch update, as well as baseline and hotpatch update schedule. Windows Server 2022 + Azure + Automanage Ready to get compliant faster? Try hotpatching and let us know what you think! For more resources on a variety of topics, check out our growing Windows skilling snacks library. Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us @MSWindowsITPro on X and on LinkedIn. Looking for support? Visit Windows on Microsoft Q&A. View the full article

A recent IDC study revealed that companies using generative AI are averaging 3.7x return on investment (ROI) for every $1 spent.* The Business Opportunity of AI study, which was commissioned by Microsoft, also found that in the next 24 months, more companies expect to build custom AI solutions, including AI agents. These findings underscore the importance of investing in AI now—to reap the ROI, stay ahead of industry trends, and meet the increasing customer demand for advanced AI. Partners who provide software, also known as independent software vendors (ISVs), can jump-start their AI initiatives by developing agents in Microsoft 365 Copilot, with help from our development resources. I’ll illustrate this through the example of Solutions2Share, a Microsoft Solutions Partner in Digital & App Innovation. Building the Teams Manager agent with the Copilot stack streamlined development Solutions2Share, based in Germany, develops apps for the governance and management of Microsoft 365 products. It has hundreds of enterprise customers across Europe that rely on Microsoft for digital collaboration tools. Given their strategic alignment with Microsoft, Solutions2Share quickly embraced Copilot and aimed to help their customers use it successfully. They decided to start by building a declarative agent, which runs on the Copilot engine, so they could take advantage of its built-in orchestrator and large language models (LLMs). Read my blog from Microsoft Ignite for more information on declarative agents and custom engine agents (in private preview) as well as guidance on when to build each one. Continue reading hereView the full article

can someone help me to fix the problem? my laptop went blue screen for no apparent reason and later I checked the event log and found these errors at that particular time.also this warning attached below.What should be done? View the full article

This one is all about how to hone your employee experience, effectively. On today's episode, Michelle Caldwell (CEO – Synozur) shares how best to envision and plan for employee effectiveness within the AI era. Michelle puts focus on seeing your company as a comprehensive and integrated framework – a Company Operating System – across people, content, processes, key product use, and more. You’ll discover how to take an empathetic approach to modern workplace experiences, to operate more effectively and achieve your strategic goals. "They have a rare combination of business acumen and deep expertise in the Microsoft Cloud. The Synozur team knows how to put customer needs first and use the best Microsoft tools to meet them." – Jeff Teper, President of Collaborative Apps and Platforms, Microsoft On with the show! The Intrazone, episode 115: Subscribe to The Intrazone podcast + show links and more below. ollage of the colorful, inviting Synozur booth with Michelle Caldwell and team engaging at various events in 2024. Links to important on-demand recordings and articles mentioned in this episode:   Hosts, guests, and related links and information Michelle Caldwell | LinkedIn | Twitter SharePoint | Facebook | @SharePoint | SharePoint community blog | Feedback Mark Kashman |@mkashman [co-host] Chris McNulty |@cmcnulty2000 [co-host] Related videos, common admin articles and sites Synozur (website), plus their Polaris Pathways podcast Microsoft Docs - The home for Microsoft documentation for end users, developers, and IT professionals. Microsoft Tech Community Home Stay on top of Office 365 changes Listen to other Microsoft podcasts Events ON DEMAND Microsoft Ignite 2024 | Incl. SharePoint "event guide"  ESPC | Dec 2-5, 2024 in Stockholm, Sweden (incl. Jeff Teper's ESPC24 keynote on demand) UPCOMING "SharePoint: From Concept to Creation to Impact + Live AMA" webinar with Jeff Teper | Jan. 29, 2025, 9:00 AM - 10:00 AM PST M365 Miami 2025 | Feb.6-7.2025 MVP Summit 2025 | March 24-27.2025 (Redmond, WA & online) Microsoft 365 Community Conference | May 5-8, 2025 (Vegas) SharePoint Intranet Festival (SWOOP Analytics) | May 21, 2025 (Online) European Collaboration Summit | May 26-28, 2025 (Düsseldorf, Germany) + always review and share the CommunityDays.org website to find your next event. Subscribe today! Thanks for listening! If you like what you hear, we'd love for you to Subscribe, Rate and Review on iTunes or wherever you get your podcasts. Be sure to visit our show page to hear all episodes, access the show notes, and get bonus content. And stay connected to the SharePoint community blog and where we’ll share more information per episode, guest insights, and take any questions or suggestions from our listeners and SharePoint users via email at TheIntrazone@microsoft.com. Get The Intrazone anywhere and everywhere Main show page Apple Podcasts Spotify YouTube Pandora TuneIn iHeart RSS feed Podchaser Listen to other Microsoft podcasts at aka.ms/microsoft/podcasts. The Intrazone, a show about the Microsoft 365 intelligent intranet (aka.ms/TheIntrazone) View the full article

I got a new computer and signed into my google linked outlook account but my calendar events are gone. How do you fix this? I still have my old computer and tried exporting the calendar but didn't work. View the full article

Cloud marketplaces are the future of B2B commerce, making it easier for organizations to get the solutions they need. At Microsoft Ignite 2024 in Chicago, the Microsoft commercial marketplace team shared with customers how to unlock the value of the marketplace in the era of AI and updates on the latest marketplace capabilities that help them spend smarter and move faster. Here’s a recap of the customer breakout session, “More than a storefront: unlocking value through the marketplace,” now available on the Ignite website and YouTube, to help you share with your customers why they should purchase your solution through the marketplace. Why cloud marketplaces now? Cloud marketplaces are growing at an unprecedented rate as more organizations than ever are reliant on the cloud. SaaS spending is expected to reach $232B1, which is coupled with the increasing investment in AI. McKinsey estimates that 67% of organizations will invest more in AI over the next three years2. It’s critical that organizations have a seamless and centralized way to procure and manage these solutions so they can scale and achieve meaningful business value. Yet far too many investments are suboptimized. Zylo reported that license waste was the top challenge for IT professionals3. The Microsoft commercial marketplace is one catalog of partner solutions published by software companies and vetted by Microsoft. It’s discoverable through our storefronts (Azure Marketplace and AppSource), within our products like Teams and Azure Portal, and through our group of 35K+ Microsoft sellers worldwide. At the core, the marketplace helps customers simplify B2B commerce by streamlining their entire procurement process. It also enables them to buy how they want to buy – whether that’s directly online, through their preferred channel partner, or with their Microsoft account team. With 95% of the Fortune 500 running on Azure4, many of these organizations already use the marketplace. But it’s not just the enterprise that’s finding value. We see customers of every size and from every industry finding success. What’s new in the marketplace? The marketplace helps customers buy with confidence by trying solutions before they buy and knowing solutions are pre-configured to seamlessly deploy and run on Microsoft technology. It helps them increase efficiency by simplifying their vendor onboarding and having partner solutions billed directly to their Azure invoice. It also helps them spend smarter by maximizing cloud investments because the marketplace counts 100% of Azure benefit eligible purchases towards a customer’s consumption commitment. Here are three new features to look for in the marketplace: Multiparty private offer (MPO) expansion- MPO is now available in the US, UK, and Canada. This allows customers to bring their preferred channel partner to the marketplace to procure solutions on their behalf. This capability will expand soon to customers in additional geographies. Professional services- Customers can now transact professional services alongside software solutions in the US, UK, and Canada. Professional services could be vendor assistance with implementation, employee training, or consulting support. Now, these purchases can be included in a customer’s single Azure invoice, further simplifying invoicing. Flexible billing- Soon the marketplace will support flexible billing, or the ability to align charges with a budget cycle or consumption needs. This helps to ensure uninterrupted invoicing cycles with adaptable contract terms or automatic transitions. Look for this capability in early 2025. The power of marketplace for AI transformation Microsoft is the number one provider of AI services in the world, and the marketplace is part of how we extend AI innovation by connecting customers to the solutions they need. AI solutions are the most purchased category by net new customers4. We’ve seen a 163% increase in AI offers listed by our software partners and a 7X increase in customers visiting AI and machine learning offer pages on our storefronts4. This has translated to a 387% increase in customers purchasing AI offers4. This momentum is driven by the benefits customers get by going through the marketplace, including free trials and proof-of-concept options to ensure that solutions align with their needs before committing. Customers also save time by deploying directly from Azure in a secure environment. With the marketplace, customers can get cutting edge AI technologies that help them build with generative AI and models-as-a-service. They can also extend copilot capabilities through connectors and agents or build their own copilots. In addition to Microsoft’s own AI tools for developers, organizations can find a breadth of offerings from leading AI companies like Aisera, Cohere, LangChain, and Pinecone. There are also many SaaS applications powered by AI that are helping customers experience AI transformation in any number of scenarios from marketing and human resources to operations and supply chain. To see how a customer would leverage the marketplace to build a custom copilot for business users at a manufacturing company, check out this demo from the Ignite stage. AI has also been built into the marketplace to improve the customer experience. Our new AI-powered solution discovery is now available in Azure Portal, helping customers intuitively find solutions with natural language. The search result not only returns solutions but also suggests relevant Microsoft technical documentation to help customers make informed decisions. Customer success story We love showcasing how our customers are finding success through the marketplace. TP (Teleperformance) is a multinational company which offers business services for organizations in 100 countries around the world. Watch the video to see how TP has simplified their cloud portfolio management, unlocked discounts on their Azure infrastructure, and increased time-to-market by streamlining procurement processes. The Ignite session includes an interview with Jatin Suri, Global SVP, Cloud Center of Excellence, who goes into more detail about why the marketplace is key to TP’s procurement strategy. Resources for your customers Learn more: Azure.com/Marketplace Download the eBook: aka.ms/MarketplaceQuickGuide Talk to experts: aka.ms/MarketplaceCustomerOfficeHours Check out the video collection: aka.ms/MPCustomerVideos Get documentation: aka.ms/MarketplaceCustomerDocs 1 Custify, The Future of SaaS: Top Trends and Predictions in 2024 and Beyond, July 12, 2024. 2 McKinsey Global Survey, The state of AI in early 2024: Gen AI adoption spikes and starts to generate value, May 30, 2024. 3 Zylo, Unchecked SaaS Sprawl Leads to an Average of $18M in License Waste Annually 4 Microsoft internal data View the full article

Thank you to everyone for using this and providing feedback! We are listening and we've released updates for both Mixed Reality Link and Windows App on Meta Quest. The changes in this update are: Mixed Reality Link (24.12.12005.0): -Improved error detection for unsupported graphics configurations. -Improved connection reliability on less performant PC's. -Resolved issues with installation on non-OS drives with BitLocker enabled. Windows App for Quest (10.0.19.1303): -Fixed bugs and improved overall app stability View the full article

Hey All, Getting this Error when trying to download Error Log Ensure port TCP/445 (SMB File and Print Sharing) is open on the orchestrator server. The error was: The socket connection was aborted. This could be caused by an error processing your message or a receive timeout being exceeded by the remote host, or an underlying network resource issue. Local socket timeout was '10:00:00'.. I have gone thru the steps in the configuration document and everything is open as it should. just seems it never creates the file and doesn't give any reason other than above error. Thanks in Advance, Bill View the full article

We are pleased to announce that Viva Pulse is now included with your Microsoft 365 Copilot subscription. Together with Viva measurement, it helps highlight opportunities to better plan and accelerate your organization’s Copilot journey by understanding the most impactful actions to improve outcomes. Using Viva Pulse to measure Copilot implementation Viva Pulse is a real-time survey feedback tool, offering flexible and democratized capabilities for change leaders, local champions and managers to gather and act on employee feedback quickly when it matters most. Viva Pulse empowers leaders to gather real-time feedback from teams during Copilot implementation through brief surveys. Pulse helps identify challenges and concerns quickly, enabling prompt and localized responses to improve the Copilot journey. With Viva Pulse, users can unlock answers to the key questions for how teams experience change: How are teams adjusting to Copilot? What Copilot adoption barriers do we need to address? How can we better support Copilot transformation across different groups? Readiness: gauge how willing and capable the target population is to embrace and adopt Copilot when compared to desired goals. Readiness also includes the identification of all tasks and workflows that may benefit most when Copilot-assisted. Adoption: understand how the target population is experiencing Copilot, how Copilot-assisted tasks and roles are being affected, and identify actions to improve implementation, usage, and value. Impact: recognize the value created and outcomes achieved for different levels in the organization and show how ongoing changes in your Copilot journey are enhancing the organization. Lessons learned are applied to other areas of the business, spreading across different processes and teams to create a compounding effect over time. Viva Pulse survey results for the Copilot impact template will be automatically shared to the Microsoft Copilot Dashboard. At this time, individual Copilot impact sentiment will not be joined to behavioral metrics in Viva Insights Analyst Workbench. Look for Copilot Readiness & Adoption Pulse results in Viva Insights Analyst Workbench in the future. Viva Pulse Premium experience vs included with Copilot subscription Viva Pulse is available both as a premium experience and a limited experience available with a Microsoft 365 Copilot subscription. The following list of capabilities are available to Pulse authors and administrators as part of these experiences. Capability Pulse Premium Experience Pulse experience with Microsoft 365 Copilot subscription Pulse content Full access to all research backed templates. Content administration experience to create your own organizational content. Use Copilot standalone & Series templates to measure employee sentiment for Copilot adoption. (Copilot series templates is available in Private Preview right now!) Survey authoring All customization capabilities, including creating your own questions, requests, and series. Authors can rename, delete, reorder questions and schedule Pulse requests. Cross-Viva experiences Integration with Insights Analyst Workbench & Glint follow up surveys. (Both these capabilities to launch in the near future) Integration with Copilot Impact dashboard for Copilot impact Pulse results. Get started with Pulse experience with Copilot subscription For further information on how to get started with the Viva Pulse experience included with your Microsoft 365 Copilot subscription, please read the documentation shared below. Global tenant or Pulse administrators can set up the Pulse experience for their tenant’s users and configure the in-app experience by following the steps mentioned at Set up the in-app Viva Pulse experience. Please make sure the users who will be sending the Pulse requests have a Microsoft 365 Copilot or a Viva Pulse premium and a Microsoft Forms license assigned to them. In order to access the Viva Pulse experience and send Pulse requests, please visit the Viva Pulse home page. If you have any trouble or see the No Access error, please retry in a few minutes. If you continue to face issues loading the Viva Pulse home page, reach out to your account team or Microsoft support team and log an incident with us. Engage with our Viva Product teams to provide feedback What questions does your organization have about measuring Copilot and AI tool’s effectiveness? Are you interested in engaging with us or providing feedback to inform us about the needs during an AI transformation & Copilot implementation journey and how Viva Pulse could help you navigate that? If yes, please contact your account team. View the full article

As we wrap up 2024, we on the Excel team extend our heartfelt gratitude to each and every one of you across our amazing Excel community. Your continued contributions, from providing valuable feedback to helping others learn more, have been instrumental in making Excel better for all. THANK YOU! 2024 was another incredibly exciting year for our Excel community. The Microsoft Excel World Championship returned to ESPN8: The Ocho for the 3rd year in a row. And only a couple weeks ago, this year’s finals of the Microsoft Excel World Championship and Microsoft Excel Collegiate Challenge took place at the HyperX Arena in Las Vegas, where we must say watching the participants in action was simply awe-inspiring. From the MECC team and individual finals to the MEWC semi-finals and finals, their speed, agility, and, above all, passion were unmatched. Many congrats to the winners! 2024 was also another amazing year filled with innovations and delights, from focus cell to regular expression (regex) functions to the general availability of Python in Excel and Copilot in Excel. See our monthly What’s New in Excel for more. Unlocking the power of Copilot in Excel, now generally available: Previously, we talked about the vision of how Copilot in Excel could revolutionize the way you understand your data and make better business decisions. We’ve been listening to your feedback and are excited to share improvements for those of you who depend on Excel regularly. Copilot in Excel is built into your workbook, enabling you to iterate with it quickly and easily. This integration allows you to continually prompt as you work, making it feel like you have an Excel expert right by your side. We heard from those of you who are avid users, that you need even more to supercharge your Excel experience. Copilot in Excel with Python can help you gain deeper insights without needing to be a Python expert. Let’s take a closer look at how Copilot in Excel can help you carry out your daily Excel needs and conduct advanced analysis. Reason over structed data, not just tables Complete tasks such as adding filters or splitting text Highlight important information with formula based conditional formatting Ask Copilot right in your spreadsheet, and Copilot not only executes formulas and formatting, but it also provides steps and explanations along the way Request insights from Copilot using natural language Conduct advanced analysis that was previously out of reach now using Copilot in Excel with Python Transform raw textual data into actionable insights Combining the power of Python and the flexibility of Excel: Last August, in partnership with Anaconda, we introduced an exciting new addition to Excel by integrating Python, making it possible to seamlessly combine Python and Excel analytics within the same workbook, no setup required. Since then, we’ve brought the power of popular Python analytics libraries such as pandas, Matplotlib, and NLTK to countless Excel users. Here are a couple examples of what is possible: Harness advanced analytics for visualizations, data cleaning, machine learning, predictive analytics, and now, even more! Transform data analysis with Copilot in Excel with Python Continued innovations and delights across the platform: Every month, we have the privilege of delivering on-going enhancements to Excel from desktop to the web to mobile devices. Here are a few highlights – see our monthly What’s New in Excel for more: Find your spreadsheet tasks simpler, faster, and more enjoyable Make the active cell more visible and easier to find Simplify and automate translations directly within your spreadsheet Create and edit PivotTables on your iPad Parse text more easily using regular expressions Remove rows from the edge of a range, useful when writing dynamic array formulas or optimizing lambda functions for performance Thank you for your continued contribution to the community. We look forward to 2025 with even more excitement, innovations, and delights with you all. Please let us know how you like a particular feature and what we can improve upon—"Give a compliment" or "Make a suggestion".  You can also submit new ideas or vote for other ideas via Microsoft Feedback. Subscribe to our Excel Blog and the Insiders Blog to get the latest updates. Stay connected with us and other Excel fans around the world – join our Excel Community and follow us on X, formerly Twitter. View the full article

We were lucky to have Irina Parsina and Michael Bohlin from Microsoft as our co-hosts for the session at ESPC in Stockholm, "Empowering Frontline Workers: Transforming Experiences with Teams and Microsoft 365." They brought their A-game, guiding us through the wonders of how to empower frontline workers. We did miss Michael’s tap dancing and Irina’s jazz hands, but they still managed to make the session both entertaining and informative. Hats off to them! Irina Parsina presenting at ESPC24 in Stockholm, Sweden. What did we learn? The Starting Point: 80% of the Global Workforce Did you know that 80% of the global workforce are frontline workers? These folks are the unsung heroes, and Microsoft 365 is here to help them go from zero to hero, all while keeping things as simple, smart, and secure as possible. Simple: One Place to Rule Them All Enter Mona Kane, our fictional store associate who has it all figured out. With Microsoft 365, she can navigate her day seamlessly, starting from her home experience with Viva Connections. Need to clock in? Easy-peasy with out-of-the-box cards and apps. Want to see your shifts or tasks? Just a click away. Need to send targeted announcements? Viva’s got your back. Smart: AI to the Rescue! Frontline workers are optimistic about AI, with 65% hoping it’ll make their lives easier. And why wouldn’t they be? From finding the right information to automating tasks, AI in SharePoint and Teams is like having a personal assistant who never takes a coffee break. Imagine a world where a fridge malfunction triggers a task in your planner, complete with instructions and a thank-you note. “Thank you for saving the environment!” Now that’s a nice touch. Michael Bohlin presenting at ESPC24 in Stockholm, Sweden. Secure: Keeping It Safe and Sane With shared devices and customized home screens, IT can control everything from app access to system settings. And talk about convenience: a global sign-in signs you into all your apps, and a single sign-out logs you out of everything. Plus, Windows 365 Frontline shared mode offers a virtual desktop experience that’s as smooth as butter. Work-Life Balance: Clock In, Clock Out Teams now knows when you’re on the clock, sending notifications only during work hours and muting them when you’re off. It can even block Teams access outside of working hours for those bringing their own devices. Finally, dynamic membership management lets you handle frontline teams with the flexibility of a yoga instructor. So, there you have it! Microsoft 365 is not just a tool; it's a secret weapon, transforming our everyday frontline workers into super-efficient, tech-savvy marvels. Until next time, can we please see some tap dancing and jazz hands? To FLW and beyond, Caroline Kallin View the full article