TheNote
Microsoft Teams Blog articles Note
GooglePlay AppStore

Microsoft Teams Blog articles

Microsoft Teams Blog on TechNet is a dedicated platform for Microsoft Teams covering various topics including upcoming features, product improvements, and best practices to enhance user experience. It contains articles by Microsoft product team members, MVPs, and other experts in the field. The blog posts address different aspects of Microsoft Teams such as configuration, deployment, troubleshoot, user feedback, and shared knowledge.
Microsoft Teams Blog articles techcommunity.microsoft.com
RSS techcommunity.microsoft.com
RSS Hunter RSS Hunter Aug 19, 2024

Thread Of Notes

Authenticating AWS Workloads to Azure Functions using Workload Identity Federation

This guide explains how to implement Workload Identity Federation between AWS and Microsoft Entra ID. This modern approach enhances security by eliminating the need for static credentials. Organizations can securely connect services across AWS and Azure in a multi-cloud environment. Workload Identity Federation allows Azure to trust identities from external providers like AWS by validating OIDC tokens. This is particularly useful for cross-cloud pipelines and removing secret rotation overhead. The process involves setting up trust between AWS and Microsoft Entra ID. An AWS resource generates a short-lived OIDC token, which is then exchanged for an Azure access token. Permissions are attached to the Azure Function app via App Roles. Finally, the AWS resource calls the Azure Function using the obtained Azure token. The setup includes configuring IAM roles and federated credentials on both AWS and Azure. This detailed technical configuration enables secure service-to-service authentication without storing secrets. The guide concludes by validating the setup through a series of commands.
https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/authenticating-aws-workloads-to-azure-functions-using-workload/ba-p/4531603 techcommunity.microsoft.com
RSS Hunter RSS Hunter Yesterday

Ep 41 | Unlock Growth in the Nonprofit Market with AI, Security, and Microsoft Elevate

Microsoft partners have historically overlooked the nonprofit sector due to perceptions of low budgets and complexity. However, this view is changing as the nonprofit sector represents a vast, underserved market ripe for growth. Microsoft Elevate, an evolution of Tech for Social Impact, offers deep discounts, Azure grants, and enablement resources to these organizations. Partners are crucial for driving adoption and value realization as most nonprofits lack direct Microsoft engagement. The common misconception of nonprofits having no budget is false; they often manage significant funds and prioritize efficiency and measurable impact. Partners can differentiate by focusing on operational efficiency, donor trust, security, and empowering teams with limited resources. The real opportunity lies in services like security, cloud migrations, AI readiness, and managed services, with security being an effective entry point due to increasing cyber threats. AI tools like Microsoft Copilot offer significant potential for nonprofits to automate tasks, improve donor engagement, and enhance decision-making. The National Mall experience transformation exemplifies how technology can expand a nonprofit's mission and impact. To get started, partners should define their offerings, leverage Elevate resources, identify opportunities, lead with assessments, and build repeatable solutions. The nonprofit sector is a strategic growth area where partnership, purpose, and profitability converge.
https://techcommunity.microsoft.com/t5/partner-news/ep-41-unlock-growth-in-the-nonprofit-market-with-ai-security-and/ba-p/4526881 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

Dynamic Pages in Mail Merge

Is there any way to dynamically turn pages in a document on or off during a mail merge? Building a welcome packet for an event, and some people need to see Page A.  Others need to see Page B instead.  If it were just simple text differences between the two, I could merge in the content itself, but the pages are wildly different, with images and other elements. Thanks
https://techcommunity.microsoft.com/t5/word/dynamic-pages-in-mail-merge/m-p/4531584#M12074 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

onedrive sync issues

Hi We use OneDrive for Business and need a solution for sharing files and folders among a team while maintaining proper access permissions. Currently, each team member's Desktop and Documents folders are synced with their own personal OneDrive for Business account. In addition, we have a separate common OneDrive account that has been added to all team members' PCs, and all team members have Owner permissions on that account. When a user creates a folder or saves a file in the shared OneDrive location, it is actually being created under the common OneDrive account, not in the user's personal OneDrive. While this allows everyone to access the same files, we frequently experience synchronization conflicts and sync issues between users. What is the Microsoft-recommended approach for this type of collaboration? Is using a common OneDrive account with multiple owners a supported best practice, or should we instead use a SharePoint document library (or another Microsoft 365 solution) for shared team files, permissions, and reliable synchronization? Thanks
https://techcommunity.microsoft.com/t5/onedrive/onedrive-sync-issues/m-p/4531573#M14681 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

Microsoft 365 E7 and Agent 365 Are Now Generally Available: The Future of AI-Powered

The workplace is entering a new era where artificial intelligence is no longer just a helpful tool — it is becoming an active partner in how people work, collaborate, and make decisions. Microsoft has taken another major step in this direction with the general availability of Microsoft 365 E7 and Agent 365, bringing advanced AI capabilities, enterprise-grade security, and intelligent automation to organizations worldwide.https://dellenny.com/microsoft-365-e7-and-agent-365-are-now-generally-available-the-future-of-ai-powered-work-has-arrived/
https://techcommunity.microsoft.com/t5/microsoft-365/microsoft-365-e7-and-agent-365-are-now-generally-available-the/m-p/4531571#M59444 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

How to Use Resource Monitor and Performance Monitor in Windows 11: A Complete Guide

A slow computer can be frustrating, especially when you are working, gaming, studying, or running important applications. Many Windows 11 users notice problems like high CPU usage, low memory, slow startup times, or applications freezing but do not know where to find the cause.https://dellenny.com/how-to-use-resource-monitor-and-performance-monitor-in-windows-11-a-complete-guide/
https://techcommunity.microsoft.com/t5/windows-11/how-to-use-resource-monitor-and-performance-monitor-in-windows/m-p/4531570#M43367 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

Windows 10 Extended Security Updates: A Bridge to Your Windows 11 Experience

Technology changes quickly, but upgrading your computer does not always happen overnight. Whether you are waiting for the right time to buy a new PC, preparing your files, checking hardware compatibility, or simply adjusting to a new operating system, moving from one Windows version to another takes planning. To make this transition easier, Microsoft introduced the Windows 10 Extended Security Updates (ESU) program a way to help keep eligible Windows 10 devices protected while users move toward the Windows 11 experience.https://dellenny.com/windows-10-extended-security-updates-a-bridge-to-your-windows-11-experience/
https://techcommunity.microsoft.com/t5/windows-11/windows-10-extended-security-updates-a-bridge-to-your-windows-11/m-p/4531569#M43366 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

Master the Command Line with GitHub Copilot CLI:

The terminal is becoming an essential tool for aspiring AI engineers and software developers. GitHub Copilot CLI integrates an AI agent directly into the command line, offering powerful slash commands for advanced functionality beyond simple Q&A. Mastering these commands transforms Copilot CLI from a chatbot into a valuable pair programmer, crucial for modern industry expectations. Employers now expect graduates to be proficient with AI developer tools, and early adoption provides advantages in speed and good development habits. Slash commands are accessed by typing a forward slash at the Copilot CLI prompt, triggering an autocomplete menu. Key shortcuts include /help for quick assistance, @ for file references, # for GitHub issues, and ! for raw shell commands. For learning and planning, /plan helps create code roadmaps, /research provides in-depth investigations, /ask allows for side questions without cluttering history, and /model lets you select AI models for specific tasks. Commands like /diff review changes, /review provides automated code feedback, and /security-review checks for vulnerabilities, all mimicking professional workflows. Session management commands such as /resume, /context, /compact, and /undo help maintain workflow continuity and enable fearless experimentation. Environment setup is enhanced by /init for repository instructions, /mcp for server configuration, /agent for specialized task selection, and /memory for preference management. A typical student workflow involves planning, coding, diffing changes, reviewing, checking security, and undoing errors if necessary, mirroring professional team cycles. It is vital to learn with AI as an accelerator, not a replacement, by understanding explanations, complying with policies, avoiding secrets, and verifying AI outputs. Ultimately, slash commands unlock Copilot CLI's potential as a development partner, fostering professional habits and a deeper understanding of AI systems.
https://techcommunity.microsoft.com/t5/educator-developer-blog/master-the-command-line-with-github-copilot-cli/ba-p/4531566 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

Action Required: Migrate Your Copilot CLI MCP Config Away from .vscode/mcp.json

The GitHub Copilot CLI has removed its incomplete support for .vscode/mcp.json configuration files. It now exclusively reads Model Context Protocol (MCP) server definitions from dedicated files. These files are .mcp.json in your project's root or .github/mcp.json within your repository. Your existing .vscode/mcp.json file will continue to function for VS Code itself. The key differences between the VS Code and Copilot CLI formats are the top-level key and the requirement for a type field. For the Copilot CLI, the top-level key should be mcpServers, and each server entry needs a type, like "local" or "http". To migrate, locate your .vscode/mcp.json, then create a new .mcp.json file with the adjusted format. Alternatively, you can place the converted content in .github/mcp.json for broader repository access. After creating the new file, verify the migration by running copilot mcp list in the relevant directory. This ensures your MCP servers are recognized and the startup warning message disappears. Remember to repeat this migration process for every project that uses a .vscode/mcp.json file.
https://techcommunity.microsoft.com/t5/educator-developer-blog/action-required-migrate-your-copilot-cli-mcp-config-away-from/ba-p/4531562 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 28

Partner Blog | From planning to execution: FY27 priorities for cloud and AI partners

Microsoft is focusing on key areas for partner success as the fiscal year ends and a new one begins. A digital event, MCAPS Start for Partners on July 22, will offer early clarity on FY27 priorities and partner opportunities. This event aims to connect Microsoft's platform vision with practical ways partners can leverage AI. It will provide guidance on modernizing IT, data utilization, and building AI solutions. Early alignment through this event will help partners shape their solution focus and customer conversations. Following this, the Microsoft Partner FY27 GTM Kickoff Event on July 28 will build on the foundation of strategic alignment. This event will focus on practical execution planning for FY27 go-to-market priorities. It will cover Azure solution plays, Microsoft Marketplace, and software development opportunities. Partners can tailor their experience by selecting an area of primary interest, such as Commercial Cloud and AI. The GTM Kickoff is designed to help partners refine their plans before customer engagement intensifies. Registration for both events is now open.
https://techcommunity.microsoft.com/t5/partner-news/partner-blog-from-planning-to-execution-fy27-priorities-for/ba-p/4531084 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 27

Need to Restore PST Files to Office 365 Mailboxes - What's the Best Approach

Hey everyone, I have a task coming up where I need to restore several PST files back into Office 365 mailboxes. Haven't done this before at this scale and honestly not sure where to begin. I've looked at Microsoft's native import service through Purview but I have a few concerns: Some of the PST files are quite large — not sure how well it handles thatI need to restore only specific folders for some users, not the entire PSTI'm worried about data consistency after the restoreWould prefer something that doesn't require too many admin roles or complex setup For those who have done PST to Office 365 restores — what approach worked best for you? Any tools, tips, or things to watch out for that you wish you knew before starting?
https://techcommunity.microsoft.com/t5/microsoft-365/need-to-restore-pst-files-to-office-365-mailboxes-what-s-the/m-p/4531485#M59441 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 27

The Indentity Verification step failed due to Microsoft Trusted IDV AU10TIX issue

A Microsoft Partner of eight years experienced an unexpected Identity Verification trigger on their Partner Dashboard. This verification, handled by AU10TIX, failed because the VerifiedID issued by the platform was missing the partner's last name. Consequently, the Identity Verification status changed to Rejected. The partner is now unable to retry the verification process as the "Resolve" button is no longer accessible. Two support tickets have been opened, but the first was closed prematurely. The second ticket has received no response within the stated SLA. This issue is preventing the renewal of the company's partner benefits package. It is also blocking the publication of their ISV offering on the Microsoft Marketplace. The partner is concerned about how the retry process will function given the previous failure. There is uncertainty about whether AU10TIX will issue a new VerifiedID or indicate that one has already been issued.
https://techcommunity.microsoft.com/t5/partner-compliance-verification/the-indentity-verification-step-failed-due-to-microsoft-trusted/m-p/4531439#M1592 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 27

Local-First and Fully Traced: Routing Between Ollama, Foundry Local, and Microsoft Foundry

Publishing agent projects involves a tension between powerful cloud-based AI behaviors and the limited patience of users who will only try a project for a few minutes. To address this, a hybrid approach routes requests to different tiers of models based on availability, under a single contract. This ensures that even if cloud services fail, a local fallback with the same schema and code path is used. Forkability, or the ability to run a project on another's machine, is made reliable through this approach. Observability, through detailed logging and tracing, builds user trust by making it clear which path served each request and why.The system prioritizes local models but can seamlessly fall back to cloud-based Foundry models if local options are unavailable or encounter errors. This resilience is managed automatically within functions like create_chat_completion, which handles multiple failure modes without the caller needing to intervene. When a fallback occurs, it is explicitly logged and made visible in the replay log, providing a transparent record of the process. The system allows for per-role routing, enabling different agents within the system to utilize specific models, whether cloud or local. Runtime configuration can be adjusted through a settings console, permitting changes to routing modes and model assignments without restarting the application. Timeouts and retries are strictly bounded to prevent the system from stalling, ensuring a fast and informative error experience for users.
https://techcommunity.microsoft.com/t5/educator-developer-blog/local-first-and-fully-traced-routing-between-ollama-foundry/ba-p/4529694 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 27

Why do you permit unverified emails?

Microsoft, why do you permit unverified emails to come to our inboxes and junk boxes? I tried to create a rule that would automatically delete any unverified emails but it isn't working. (Likewise, I created a rule to automatically delete any email with the word "p*nis" in the subject line, but that isn't working, either.) If they are unverified, why do you allow them?
https://techcommunity.microsoft.com/t5/windows-11/why-do-you-permit-unverified-emails/m-p/4531420#M43356 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 27

MCP for Beginners: Why Every AI Engineer and Developer Should Learn the Model Context Protocol

The Model Context Protocol (MCP) aims to integrate brilliant but world-blind large language models with real-world data and tools by providing a standardized integration layer. Microsoft's open-source MCP for Beginners curriculum offers a hands-on approach to learning this protocol. MCP acts as a universal translator, enabling AI applications to connect to any tool or data source through a single protocol, simplifying integrations from an M x N problem to an M + N problem. The protocol is built on a client-server model with primitives like Tools, Resources, Prompts, Sampling, Elicitation, and Roots. Communication occurs over JSON-RPC using transports for local processes and remote servers.The MCP for Beginners curriculum has been updated to align with the latest MCP Specification 2025-11-25 and official SDKs. It now covers expanded primitives like Sampling, Elicitation, Roots, and Tasks, with improved security through dependency auditing and code fixes. New lessons introduce practical topics such as adversarial multi-agent reasoning, MCP Hosts, MCP Inspector for debugging, and pagination. The curriculum is structured into phases: Foundations, Building, Growing, and Mastery, with a comprehensive 13-lab capstone project.MCP is essential for AI engineers, developers, and students, offering a standardized way to build agents and integrate AI with existing systems. The course emphasizes responsible and secure design, incorporating principles like least privilege, tool annotations, and proper authentication. Learning MCP now provides an opportunity to master a developing technology with a free, multi-language curriculum and a strong focus on building portfolio-worthy projects. The protocol turns the complex challenge of AI integration into a simple, reusable process.
https://techcommunity.microsoft.com/t5/microsoft-developer-community/mcp-for-beginners-why-every-ai-engineer-and-developer-should/ba-p/4530623 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Take control of your PostgreSQL maintenance

Azure Database for PostgreSQL flexible server now offers enhanced self-service maintenance controls within the Azure portal. These new capabilities empower users to manage platform updates, security patches, and engine upgrades more effectively. Users can now view upcoming maintenance events, including their scheduled time and type. Crucially, eligible maintenance can be rescheduled to a preferred date and time, up to two weeks in the future. This flexibility is vital for production workloads that cannot tolerate unexpected downtime during critical business periods. Additionally, users have the option to apply eligible maintenance on demand, allowing them to initiate updates when it best suits their operational schedule. After maintenance is completed, a detailed history is available for review, supporting operational and audit-related workflows. These controls aim to reduce stress and provide greater certainty for managing database infrastructure. While currently available in the Azure portal, CLI and API support are planned for the future. For deferrals longer than two weeks, users will need to submit an Azure support request.
https://techcommunity.microsoft.com/t5/microsoft-blog-for-postgresql/take-control-of-your-postgresql-maintenance/ba-p/4529918 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Accelerate channel-led growth by activating partners through Microsoft Marketplace

Unlock new revenue opportunities and scale your go-to-market strategy by activating your channel ecosystem through Microsoft Marketplace. This comprehensive sales and marketing playbook provides software companies with practical guidance, proven frameworks, and ready-to-use assets to recruit, enable, and grow channel partnerships in a modern, cloud-first marketplace.Learn how to streamline transactions, simplify procurement, and expand into new markets using Marketplace capabilities such as resale-enabled offers and multiparty private offers empowering partners to co-sell more effectively and reach customers who are actively investing in cloud and AI solutions.Whether you’re looking to build a repeatable channel-led sales motion, increase deal velocity, or strengthen partner engagement, this playbook delivers actionable insights to help you drive scalable growth through Microsoft Marketplace.Read the full article: Activating channel partners on Microsoft Marketplace: A sales and marketing playbook
https://techcommunity.microsoft.com/t5/microsoft-marketplace-community/accelerate-channel-led-growth-by-activating-partners-through/m-p/4531410#M1696 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Generic Best Practices for HikariCP with Azure Database for PostgreSQL

Connection pooling is crucial for Azure Database for PostgreSQL performance, as establishing new connections is resource-intensive. HikariCP, a popular Java connection pool, can encounter issues if misconfigured, leading to exhaustion, stale connections, or latency. Maximum lifetime controls how long connections are reused before being retired, with 30 minutes being a common, effective setting. Minimum idle connections should ideally match the maximum pool size to ensure immediate availability for traffic spikes. Idle timeout determines how long unused connections stay before removal, with the default 10 minutes offering a good balance. Maximum pool size is critical; too small causes timeouts, while too large overwhelms the database. A conservative starting point for maximum pool size is 10-20, adjusted after load testing. Enabling TCP keepalive prevents stale connections caused by network devices. Monitoring active and idle connections, acquisition time, and pool exhaustion helps identify correct sizing. Long-running queries are often the root cause of pool exhaustion, so query performance must be investigated. A sample production configuration is provided, balancing these parameters for Azure Database for PostgreSQL. The primary goal is a healthy balance between application responsiveness and database resource consumption, not simply maximizing connections. Following these practices improves scalability, latency, and reliability for applications connecting to Azure Database for PostgreSQL.
https://techcommunity.microsoft.com/t5/azure-database-support-blog/generic-best-practices-for-hikaricp-with-azure-database-for/ba-p/4531059 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

From M365 MSP to M365 E7 MSP: Your Playbook is Here

This document outlines how Microsoft 365 partners can leverage their existing M365 expertise to offer Copilot services. It emphasizes that Copilot readiness is an extension of current data governance practices like oversharing remediation and MFA enforcement. Partners with established security and governance services have a significant competitive advantage. The playbook structures the Copilot journey into five phases: Assess, Activate, Adopt, Optimize & Govern, and Extend with Agents, integrating seamlessly into existing operational cadences. It proposes a tiered "Good/Better/Best" commercial packaging model for Copilot services, targeting different buyer personas. The document highlights the importance of governance and security, particularly addressing the risk of amplified oversharing with Copilot. It introduces AgentOps as a high-margin service for workflow automation beyond basic Copilot assistance. Recommendations for the next 30 days include internal piloting, defining a readiness checklist and service catalogue, and targeting existing managed customers. The core message is to treat Copilot readiness as a data governance exercise to unlock recurring revenue and deepen customer relationships.
https://techcommunity.microsoft.com/t5/partner-news/from-m365-msp-to-m365-e7-msp-your-playbook-is-here/ba-p/4530981 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

June 2026 Meeting Recap - Intune, AI‑Powered Power Apps, and Career Pathways in Tech

Ananse Tech Community shared resources from their June 25, 2026 meeting focusing on Intune, AI-powered Power Apps, and tech career pathways. A recording of the event is available on YouTube under the Ananse Tech Community channel via a provided link. The presentation slides from the meeting are also accessible in a PowerPoint file. Attendees are encouraged to complete a post-event survey using a given link. The next Ananse Tech Community event is scheduled for July 23, 2026, at 6 pm. This upcoming session will focus on "AI-Powered Work: Smarter Meetings, Smarter Content, Smarter Business." Details for future events can be found on their LinkedIn events page. Individuals interested in speaking at future community events should fill out a designated form. Those wishing to volunteer or sponsor Ananse Tech Community events should contact them via email. The community values member insights and encourages active participation. Ananse Tech aims to maintain strong tech engagement among its members.
https://techcommunity.microsoft.com/t5/ananse-tech-community/june-2026-meeting-recap-intune-ai-powered-power-apps-and-career/m-p/4531403#M2 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Lessons Learned #541:Automatic Plan Correction vs External Tables: A Practical Lesson from the Field

Azure SQL Database's Automatic Plan Correction is a valuable feature for addressing query plan regressions. It leverages Query Store to detect when a query's execution plan degrades and can automatically revert to a previously good plan. However, queries involving external tables have unique execution characteristics due to their reliance on remote data access. These queries might not always be suitable candidates for Automatic Plan Correction because their performance is influenced by factors beyond the local database. Therefore, it's important to identify queries that reference external tables and assess if they should participate in the FORCE_LAST_GOOD_PLAN feature. Reviewing the execution plan of an external table query reveals a Remote Query operator, indicating its dependency on remote resources. The performance of such queries is affected by the remote database, network latency, and data retrieval size, not just the local plan. Consequently, potential benefits of automatic plan forcing for these queries need careful evaluation. The process involves finding the specific Query Store query ID associated with external table queries. Once identified, that query ID can be excluded from Automatic Plan Correction. This is achieved by disabling FORCE_LAST_GOOD_PLAN for that particular query. This targeted exclusion allows Automatic Plan Correction to remain active for other queries while ensuring that external table queries are managed individually.
https://techcommunity.microsoft.com/t5/azure-database-support-blog/lessons-learned-541-automatic-plan-correction-vs-external-tables/ba-p/4531400 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

The state of MCP security in 2026

A year after their initial security analysis, the authors revisit Model Context Protocol (MCP) implementations, noting its rapid evolution from experimentation to production use. MCP now enables models to act as software, introducing a critical trust boundary around tool interactions. Key changes in the latest release candidate include enhanced request inspection, tighter identity checks, and sandboxed interactive UI capabilities. However, the protocol itself does not enforce security, leaving implementation to users.The primary risks have shifted, with prompt injection and tool poisoning remaining significant threats. In this scenario, malicious instructions embedded in tool descriptions or outputs can hijack agent actions, leading to data exfiltration or unauthorized operations. Authorization and the confused deputy problem have seen significant rework, now aligning with OAuth 2.1 standards and audience-bound tokens to prevent servers from exploiting user privileges. Over-broad access and credential aggregation remain concerns, where a single compromised server with excessive permissions can lead to widespread breaches.Supply chain risks and "rug pulls" are increasingly prevalent, as compromised dependencies or unexpected server changes can introduce vulnerabilities. Unregistered "shadow MCP" implementations also pose a governance challenge, as unseen servers cannot be secured or patched. Command injection and sandbox escape are still a concern for locally run servers that process unsanitized input, potentially allowing arbitrary code execution. Enterprises must adopt deliberate adoption strategies, focusing on server inventory, identity and policy enforcement, and continuous monitoring.Validating current documentation and SDKs, and contributing practical hardening examples, are crucial steps for organizations. The authors encourage community contribution to MCP's security features and RFCs. Future discussions will delve into practical implementation guides for these security controls.
https://techcommunity.microsoft.com/t5/microsoft-security-community/the-state-of-mcp-security-in-2026/ba-p/4531327 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

New Security Controls in Edge for Business

Microsoft Edge for Business integrates security controls directly within the browser to protect data and users. It extends Conditional Access, Purview DLP, and Defender controls to all sessions, regardless of device management status. The browser can block sensitive data from reaching unsanctioned AI services, a critical feature for preventing data leakage. Contractors can be restricted to company data boundaries on unmanaged devices through Intune App Protection Policies. Clipboard and screenshot actions are controllable, with pasting into unapproved apps being automatically blocked. Edge for Business uses on-device AI and computer vision to detect and block fake support scam pages in real time, enhancing threat protection. Extension management is centralized in the Microsoft 365 admin center, allowing administrators to control what can be installed. These controls operate natively, powered by Microsoft's security stack, including Entra ID, Purview, and Defender. Work profiles on Edge create isolated browser environments for users, especially contractors, on unmanaged devices. This approach ensures data security and compliance without the complexity of managing dedicated hardware.
https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/new-security-controls-in-edge-for-business/ba-p/4531027 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Title Plan Update - June 26, 2026

📁June 26, 2026 - Title Plan Now Available Access the latest Instructor-Led Training (ILT) updates anytime at http://aka.ms/Courseware_Title_Plan to ensure you're always working from the most current version.📌 Reminder: To help you stay informed more quickly and consistently, we’ve moved to a weekly publishing cadence for the title plan. This means each update may include fewer changes but ensures you’re always up to date.
https://techcommunity.microsoft.com/t5/ilt-communications-blog/title-plan-update-june-26-2026/ba-p/4531383 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Auto fill cells depending on another cells content

I'm OK with Excell, but by no means an expert. I'm creating a sheet that will calculate gas purge volumes, and I've got most of the cells sorted with calculations based on other cells, but one of them is giving me a headache. It's probably simple for those with experience. So...   I have cell E2 which contains a drop down list (linked to another sheet) which gives options (which are meter sizes) E6, U6, G4, U16, etc. What I'm trying to do is get the column F2 to auto fill depending what is selected in E2. So, if someone selects meter size U6, cell F2 will auto populate with the number 0.0028, if they select meter size E6 then cell F2 will auto populate with the number 0.008, etc Sorry if the use of E6, U6 etc complicates things, those are the actual names of the meters.   Any help is greatly appreciated.
https://techcommunity.microsoft.com/t5/excel/auto-fill-cells-depending-on-another-cells-content/m-p/4531377#M259114 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Ask Microsoft Anything: Microsoft Defender Attack Disruption

Microsoft Defender offers an AI-powered capability called attack disruption. This feature stops ongoing attacks rapidly by analyzing attacker intent. It identifies compromised assets to prevent further damage. The goal is to contain threats before they can spread throughout a system. An upcoming event will feature product experts discussing this capability. This event is a Microsoft 'Ask Microsoft Anything' (AMA) session. AMAs allow direct engagement with Microsoft employees. The session will include a brief presentation and live Q&A. Attendees can submit questions beforehand or during the live event. Experts will answer questions directly in the video feed.
https://techcommunity.microsoft.com/t5/microsoft-security-events/ask-microsoft-anything-microsoft-defender-attack-disruption/ec-p/4531369#M2597 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

mssql-python 1.10.0: Service Principal Bulk Copy, More Reliable Arrow Text, and a Core Timeout Fix

The mssql-python 1.10.0 release enhances authentication flexibility, cross-platform text reliability, and bulk load stability. A key improvement is the addition of Active Directory Service Principal support for Bulk Copy operations. This allows for tenant-aware token creation during the authentication handshake, improving enterprise automation scenarios. The library now handles Unicode text fetching more robustly by requesting SQL_CHAR values as SQL_C_WCHAR for consistent behavior across different operating systems and locales. This ensures more predictable Arrow-based reads regardless of encoding or locale configurations. The bundled Rust core dependency, mssql-py-core, has been updated to version 0.1.5. This update includes crucial fixes for bulk load connection timeout issues. Non-ASCII VARCHAR data in the Arrow fetch path is now handled correctly through UTF-16LE decoding, ensuring accuracy across various environments. Users can upgrade to the latest version using pip install --upgrade mssql-python. This update is particularly beneficial for those using Azure Entra ID authentication with Bulk Copy. The developers expressed gratitude to the community for their contributions.
https://techcommunity.microsoft.com/t5/sql-server-blog/mssql-python-1-10-0-service-principal-bulk-copy-more-reliable/ba-p/4531096 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Windows 11 license transfer problem on a Virtual Machine

Hi everyone, I'm stuck with a Windows 11 Pro activation issue after a VM crash and could use some advice. Context: > Years ago, I got a Windows 10 Pro digital license through the Windows Insider Program and used it on bare metal. Fast forward to about two years ago, I successfully migrated that license over to a Windows 11 Pro VM inside a virtual machine. What went wrong: > The virtual machine glitched out, forcing me to completely wipe that VM and spin up a brand new one. Now, when I try to activate the new VM using the Activation Troubleshooter and selecting “I changed hardware on this device recently”, it won't let me transfer the license. The system says there are no usable licenses linked to my Microsoft Account for this machine. I assume Microsoft's activation servers are treating the new VM as an entirely different motherboard/hardware configuration, while the old "hardware" profile is still holding onto the license. Since the old VM is deleted, I can't log into it to unbind it. Has anyone dealt with this specific Insider license migration issue on VMs? Is there any way to clear the old VM instance from my MSA (Microsoft Account) devices to free up the license, or am I forced to contact MS support?
https://techcommunity.microsoft.com/t5/windows-insider-program/windows-11-license-transfer-problem-on-a-virtual-machine/m-p/4531367#M44298 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

10 things to know before enabling Microsoft 365 Backup

Microsoft 365 Backup is a platform designed to enhance an organization's data recovery capabilities for Exchange Online, SharePoint, and OneDrive. It offers built-in resiliency and compliance, ensuring backup data remains within the Microsoft 365 trust boundary and adheres to the same regulations as live content. The service boasts fast restore speeds, capable of recovering up to 1-3 TB per hour, making it ideal for rapid restoration after incidents. It's specifically built for bulk recovery scenarios, such as ransomware attacks, allowing for mass rollback of affected content. Users can choose between daily fast restore points for quick recovery or granular restore points available every 10 minutes for specific point-in-time needs. Configuration can be done at scale using dynamic rules based on groups or CSV uploads for up to 50,000 entries. Pricing is a straightforward pay-as-you-go model at $0.15 per GB per month of protected content, billed through Azure. A 90-day safety net period is provided if backup is disabled, during which existing backups remain restorable. Microsoft actively communicates roadmap and feature updates, and comprehensive support channels are available through existing Microsoft 365 support. To get started, users need specific admin roles and a pay-as-you-go billing policy connected to an Azure subscription, with no agents or additional software required.
https://techcommunity.microsoft.com/t5/microsoft-365-blog/10-things-to-know-before-enabling-microsoft-365-backup/ba-p/4529275 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Ability Summit 2026: Accessibility-first innovation and your next partner opportunity

Accessibility is a growing business imperative and commercial opportunity for partners, driven by a demand for inclusive innovation. This trend is evident across AI, collaboration, learning, and customer experience, where an accessibility-first approach creates differentiated services and solutions. Organizations increasingly view accessibility as integral to their AI adoption, employee experience, and customer engagement strategies. Partners can lead higher-value conversations by integrating accessibility into discussions about innovation, trust, and long-term business impact. The expectation for technology to function consistently across diverse abilities and environments is accelerating with AI adoption. A study found many individuals experience daily task difficulties and would use assistive tools more if enhanced by AI. Furthermore, employees feel a stronger commitment to employers who prioritize assistive tools. Partners can expand participation, enhance experiences, and build trust by embedding accessibility into their offerings. They can lead by incorporating accessibility into conversations about AI transformation, modern work, and application innovation. Microsoft Marketplace showcases partners like Level Access and Inclusively that are translating accessibility-first innovation into practical customer value. Solutions such as Level Access streamline digital accessibility workflows, while Inclusively's Retain Connector helps employees access available benefits and resources. By integrating accessibility into core business and technology strategies, partners can deepen trust, increase strategic relevance, and create sustained value. This opportunity spans all organization sizes, as leaders increasingly consider accessibility for growth, workforce experience, and technology modernization. The Microsoft partner ecosystem is well-positioned to meet this rising demand for accessibility-first solutions.
https://techcommunity.microsoft.com/t5/partner-news/ability-summit-2026-accessibility-first-innovation-and-your-next/ba-p/4529539 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

My last W11 update was in Oct-24. The trouble shooter wrongly says 'fixed'

I navigated to: Settings > System > Troubleshoot > Other troubleshooters After the troubleshooter said "fixed" I ran the Windows Update tool. I then checked for Windows update history and got the confusing message "You're up to date/Your device is missing important updates. Make sure to keep your device on and plugged in so updates can complete" which I always do anyway. I've run the process several times and always get the same result.
https://techcommunity.microsoft.com/t5/windows-11/my-last-w11-update-was-in-oct-24-the-trouble-shooter-wrongly/m-p/4531361#M43352 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Copilot in Excel - Web vs Desktop

Hello Community! Over the past few months, I've noticed that when using Copilot in Excel, the newest features appear in Excel on Web for weeks or months (also PowerPoint, and possibly Word and other M365 Applications) before appearing in Excel on Desktop App. Right now, this is occurring with Plan mode appearing in Excel Web although not Excel Desktop.  Does anyone know why this occurs?
https://techcommunity.microsoft.com/t5/microsoft-365-copilot/copilot-in-excel-web-vs-desktop/m-p/4531352#M6617 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

Azure IoT guidance for DigiCert Global Root G1 trust-store updates in sovereign clouds

The technology industry is retiring trust in the DigiCert Global Root G1 certificate. This change affects some Azure IoT devices and applications connecting to Azure IoT service APIs. Specifically, customers using Azure Government (Fairfax) or Azure China (Mooncake) environments are impacted if their operating systems or trust stores are updated to remove trust for this older root. Azure public cloud customers are not affected as their endpoints already use newer certificate chains. This is a client-side trust store change, not a security incident or service outage.The issue arises when updated client trust stores no longer recognize the DigiCert Global Root G1. Devices and applications that rely on these updated trust stores may fail to establish TLS connections and encounter certificate trust errors. Symptoms include an inability to connect to Azure IoT during the TLS handshake, "untrusted root" or "unknown CA" errors, and the cessation of telemetry or API calls.To mitigate this, it is recommended to validate OS, firmware, and CA bundle updates in a test environment before production rollout. If connectivity issues arise after an update, pausing the rollout and rolling back the update may restore functionality. For persistent issues, contacting Microsoft Support is advised. Checking if recent updates occurred and if the errors are certificate-related can help diagnose the problem. The core of the issue lies in the client's trust store no longer recognizing a previously trusted root certificate.
https://techcommunity.microsoft.com/t5/internet-of-things-blog/azure-iot-guidance-for-digicert-global-root-g1-trust-store/ba-p/4530393 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 26

New in Microsoft Marketplace: June 26, 2026

Microsoft Marketplace has launched 275 new offers for cloud solutions and AI applications. ABELDent Local Plus provides dental practice management with local server capabilities and a cloud migration path. Access CM streamlines care delivery with mobile monitoring, scheduling, and reporting. Access Provider Manager helps local authorities manage adult social care providers efficiently. Acies optimizes workflows for IT professionals through efficient testing and performance enhancement. AI Regulation Radar tracks EU and UK AI regulatory changes for legal and compliance teams. AKQUINET 365 DataBridge Core accelerates Dynamics 365 Business Central integrations with secure middleware. Approvals automates internal document workflows via Microsoft Teams for enhanced transparency. AskTheChamp for HR uses AI to provide instant answers from HR documents, improving self-service. Asset Management on the Power Platform inventories and monitors IT equipment. AutomAssist IDM links technical documents to machines via QR codes for easy shop floor access. Automatic Posting Date for Business Central ensures accurate document posting dates. Bocada Cloud Storage centralizes monitoring and reporting for multiple backup applications on Azure. Chatpulse analyzes chatbot performance to identify and resolve issues. Code Audit API scans for leaked secrets and dependency vulnerabilities. Codefinder UNSPSC simplifies UNSPSC code classification using AI and natural language search. Credit Intelligence Platform offers AI-driven credit decisioning for banks in emerging markets. Custodeum unifies identity governance and license optimization for secure credential management. Darrow Privacy Radar scans for privacy risks on public websites and apps. DART AI Clinical Data Analyst allows querying of data systems and automates Excel tasks. Darwinbox is a global, AI-powered human capital management platform for enterprises. Dokku on Azure provides a self-hosted Platform as a Service environment. Email Triage API structures emails for support routing, providing priority and action items. Epsilon Digital Analytics AI Agent validates invoices for accuracy and compliance. Fabric Lens provides estate intelligence for Microsoft Fabric and Power BI. Federisk enables collaborative AI model training for banks without sharing raw data. Finance Research API from You.com delivers source-verified financial answers. FormsSquare is an AI platform for insurance underwriting and broker workflows. GuiWriter is an AI tool for songwriters to draft lyrics. Huntress Managed Identity Security Posture Management audits and enforces Microsoft 365 identity security. Image API offers text-to-image generation, background removal, and upscaling. ISS - Calendar Overlay consolidates multiple event calendars on SharePoint pages. JP Document Intelligence API accurately reads various Japanese document types.
https://techcommunity.microsoft.com/t5/marketplace-blog/new-in-microsoft-marketplace-june-26-2026/ba-p/4531102 techcommunity.microsoft.com
CdXz5zHNQW_v7o5SseMNU.png
RSS Hunter RSS Hunter Jun 25

Microsoft SPARK: Powering America’s Genesis Mission for Scientific Discovery

The U.S. Department of Energy has launched the Genesis Mission to accelerate scientific discovery using artificial intelligence. This national effort unifies DOE's 17 National Laboratories with advanced computing and data resources. The aim is to significantly boost research productivity and innovation within ten years. Genesis aligns with national AI action plans to reduce foreign dependence and leverage American scientific strength. Microsoft's SPARK program is designed to support the Genesis Mission's goals. SPARK provides program management, technical expertise, and investments in AI and scientific computing. A dedicated Program Management Office will act as a central point for collaboration. An AI-for-Science Center of Excellence will help labs implement AI solutions. Microsoft is also offering substantial Azure cloud service credits for research. Additionally, they are investing in professional and technical services for the National Laboratories. SPARK furthers co-development of challenge problems through joint research and development. This partnership aims to achieve tangible scientific outcomes and maintain America's leadership in science.
https://techcommunity.microsoft.com/t5/public-sector-blog/microsoft-spark-powering-america-s-genesis-mission-for/ba-p/4531069 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Need information on generating sample events for Threat Intelligence" (both duplicate posts)

Attack Simulation Training campaigns do not generate Threat Intelligence events. Their logs are found only within the Attack Simulation Training section, not in general Threat Intelligence telemetry. This is a common reason why expected events might not appear. For EICAR test files, the correct place to check for detection is crucial. You need to look for specific RecordType values used for Defender for Office 365 threat events. These include values like 28 for phishing/malware and 41 for Safe Links events. Ensure Purview audit logging is enabled in your tenant before attempting any tests. Sending the EICAR string as a .txt attachment from an external mailbox can generate a malware detection. Verify this detection appears in the Email & collaboration → Explorer → Malware tab first. Once confirmed there, the underlying ThreatIntelligence record should exist. Similarly, use a known safe-but-flagged test URL to trigger ThreatIntelligenceUrl events. If detections show in Explorer but not via the Management API, investigate API subscription and permission issues. This is separate from the detection mechanism itself.
https://techcommunity.microsoft.com/t5/microsoft-defender-threat/need-information-on-generating-sample-events-for-threat/m-p/4531085#M63 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Can the Microsoft Defender portal show the server details as per security group?

Microsoft Defender for Endpoint offers a solution for managing cross-vendor server monitoring through Device Groups and Role-Based Access Control (RBAC). Device groups act as the primary scoping unit, allowing administrators to categorize servers by vendor or company. These groups can be populated automatically using matching rules based on tags, operating system, or naming patterns. RBAC roles are then linked to Entra security groups, granting specific permissions only to designated device groups. This ensures that users within a particular company's Entra group only see their assigned servers, alerts, and incidents within the Defender portal. Global administrators maintain full visibility across all device groups. The setup involves creating device groups under Endpoints > Permissions > Device groups and then configuring roles and Entra group assignments under Permissions > Roles. It's crucial to note that this RBAC model scopes alerts, incidents, advanced hunting, and inventory, but not organization-wide features like global threat analytics. For servers managed via Microsoft Defender for Cloud and not onboarded to Defender for Endpoint, Azure RBAC at the subscription or resource group level provides a similar scoping mechanism. Clarifying which Defender product is in use is essential for recommending the correct solution.
https://techcommunity.microsoft.com/t5/microsoft-defender-threat/can-the-microsoft-defender-portal-show-the-server-details-as-per/m-p/4531083#M62 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Microsoft Defender Incident – Handling incident severity change

The Microsoft Graph API for security incidents does not offer a dedicated endpoint to track field-level history or audit logs for transitions. Specifically, there is no queryable change log for incident severity, only the current value and a last update timestamp. Furthermore, Graph change notifications, or webhooks, are not documented as supported for security incidents. Support for webhooks is only available for the legacy alerts resource, which is slated for deprecation. Consequently, polling is currently the only supported method for monitoring changes to security incidents. To effectively track severity changes, implement a polling strategy that filters for incidents updated since the last poll. This involves using the $filter=lastUpdateDateTime gt {last_poll_timestamp} parameter in your API requests. When new incident data is retrieved, compare the incoming severity with the previously stored severity for that incident in your own system. This client-side comparison allows you to detect severity transitions. Store key information like incident ID, severity, and last update time from each poll to facilitate these comparisons. Be aware that this method provides the approximate time of change, meaning it indicates a change occurred between poll intervals rather than the precise second of transition. The frequency of your polling will determine the granularity of this timing information.
https://techcommunity.microsoft.com/t5/microsoft-defender-xdr/microsoft-defender-incident-handling-incident-severity-change/m-p/4531082#M2707 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Announcing Microsoft.Data.SqlClient 7.0.2 and 6.1.6

Microsoft.Data.SqlClient has released stable servicing updates, versions 7.0.2 and 6.1.6, now available on NuGet. These updates introduce crucial enhancements and bug fixes for improved security and functionality. A significant feature is the addition of Web Account Manager (WAM) broker support for Microsoft Entra ID authentication modes on Windows. This integration facilitates OS-brokered token handling, leading to better single sign-on and support for Conditional Access and Windows Hello. The Text Data Stream (TDS) parser has been strengthened with strict data-length bounds checks to enhance security against malformed protocol payloads. Additionally, a null-reference issue in SqlDataReader during buffer-based reads has been resolved, now surfacing argument validation errors correctly. The Always Encrypted column master key signature verification cache has also been fixed, ensuring accurate application of cached results. For users of version 7.0.2, it is recommended to upgrade companion extension packages to the same version for compatibility. Instructions for installing or updating the packages via NuGet are provided. Release notes for both versions are available on GitHub. New users can find introductory documentation, and those migrating from System.Data.SqlClient can refer to a porting cheat sheet. Issues encountered can be reported on GitHub.
https://techcommunity.microsoft.com/t5/sql-server-blog/announcing-microsoft-data-sqlclient-7-0-2-and-6-1-6/ba-p/4531075 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Exempt a specific container in MDC

The built-in policy for enforcing immutable root filesystems in containers offers granular control through native exclusions. This policy is implemented using the Azure Policy Add-on for Kubernetes, acting as a Gatekeeper constraint. Key exclusion parameters include specific container names, image prefixes, and entire namespaces. These parameters allow for precise configuration without needing a full policy exemption. For instance, excluding system namespaces like kube-system is possible. Configuration can be managed through Defender for Cloud's "Take action" tab or via Environment Settings within Security policies. If multiple containers are legitimately unable to run read-only, excluding specific container names is the recommended approach. This method ensures the policy remains enforced across the rest of the cluster. Full policy exemptions should be reserved for compliance and audit tracking. Parameter-based exclusions are presented as the more native and maintainable solution for operational exceptions.
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/exempt-a-specific-container-in-mdc/m-p/4531081#M2153 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Exempt - Azure CSPM Recommendation" (Terraform exemption

The reason a standalone policyAssignmentId or policyDefinitionId isn't found for this recommendation is because it's part of a larger built-in initiative. This specific control resides within the "ASC Default" or Microsoft Cloud Security Benchmark initiative assignment. To exempt a resource from this control, you need to target the initiative assignment ID. Furthermore, you must specify the individual control to be exempted using its policy definition reference ID.In Terraform's azurerm_resource_policy_exemption, the policy_assignment_id should point to the initiative's ID. The policy_definition_reference_ids field takes an array to scope the exemption to the specific control. Finding this reference ID involves searching for the recommendation's definition in the Azure Portal and then locating its corresponding entry within the initiative's policyDefinitions array.Before automating, decide on the exemption category: "Waiver" for accepted risk, or "Mitigated" if an equivalent control is in place. Also, consider the scope of the exemption. Applying it at the resource level is generally safer, but for multiple similar resources, using a tag-based resourceSelectors block can offer scalability. This approach avoids creating individual exemption blocks for each resource.
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/exempt-azure-cspm-recommendation-quot-terraform-exemption/m-p/4531079#M2152 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Secure AI at scale: Join the Microsoft Entra + Purview webinar series

Artificial intelligence is rapidly transforming how data is handled, access is managed, and risks are amplified, outpacing traditional security measures. Sensitive data now flows through AI prompts, browsers, and agents, extending identities to non-human actors and rendering traditional perimeters insufficient. To address this, organizations need a practical strategy for protecting data, governing access, and managing risk as AI adoption scales. A unified approach integrating identity, access, and data protection is crucial for end-to-end AI security. Microsoft is launching a three-part webinar series, "Securing Data and Access in the Era of AI," to help implement this strategy. The series will feature experts from Microsoft Entra and Microsoft Purview. Attendees will learn to protect sensitive data across various platforms, govern access for users and AI agents, and reduce risk while enabling innovation. The webinars aim to provide practical steps for securing data, governing access, and mitigating risk throughout an organization's AI journey. Specific sessions will cover data and identity controls for browsers and networks, as well as how to unlock AI agents securely. The overarching goal is to redefine trust, data, and access in the age of AI.
https://techcommunity.microsoft.com/t5/microsoft-entra-blog/secure-ai-at-scale-join-the-microsoft-entra-purview-webinar/ba-p/4530257 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Registering user becomes local admin on Joined Devices

Entra joined devices automatically grant local administrator privileges to the joining user and a specific Entra ID role. This elevated privilege is not visible through typical administrative interfaces or audit logs as it's a direct addition to the local group. Users don't appear explicitly in the administrators list; their access is granted via the Primary Refresh Token upon sign-in. To confirm this on a device, sign in as the user and check group memberships for the device-local Administrators SID. Refreshing this privilege requires signing out and back in after running dsregcmd /refreshprt, as locking the screen is insufficient. This feature is exclusive to Entra joined devices, not workplace-joined ones. The "Manage Additional local administrators" setting is a tenant-wide option for the same Device Administrator role and cannot be applied individually. To prevent automatic local administrator assignment for new joins, set "Registering user is added as local administrator" to None. Future local administrator management can be handled through Windows Autopilot or Intune policies, but existing devices will retain their current settings.
https://techcommunity.microsoft.com/t5/microsoft-entra/registering-user-becomes-local-admin-on-joined-devices/m-p/4531078#M10346 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

The governance shift: RBAC, URBAC, data lake, and MSSP

The transition to Microsoft Defender XDR introduces significant governance changes that are crucial for a unified Security Operations Center to function effectively. Initially, existing Azure RBAC assignments remain functional, and Sentinel data stays in its current location, ensuring day-one continuity. However, the platform enables powerful new capabilities, including data-scoped permissions not tied to a single workspace. It also introduces a tiered data model, allowing for long-term data retention at a lower cost and multi-tenant management spanning up to 100 customer tenants with a single sign-in.The shift involves evolving roles and personas, moving from classic Azure RBAC to Unified RBAC (URBAC). While URBAC becomes the primary source of permissions once enabled, Azure RBAC continues to function for specific use cases like automation roles and service principals, which are not yet fully supported by URBAC. URBAC offers a more granular approach, with data-scoped and cross-workspace permissions, and supports row-level RBAC for enhanced security. Security analysts, engineers, and managers will see changes in how their permissions are managed within this new model.A key governance construct is the Sentinel data lake, which mirrors analytics-tier data, providing a single source of truth for historical threat hunting, compliance, and investigations. This separation of "hot" detection data from "warm/cold" investigation data optimizes costs and simplifies querying. The data lake supports KQL queries across all connected Sentinel workspaces and can query external data sources without moving them.For Managed Security Service Providers (MSSPs) and large enterprises, multi-tenant management in Defender XDR simplifies operations by offering a unified cross-tenant view. While it does not replace Azure Lighthouse, it streamlines daily tasks with a centralized management system for up to 100 tenants. This unified view enhances incident investigation, advanced hunting, and content distribution across multiple environments. The transition emphasizes a move towards a more integrated and capable governance framework for modern security operations.
https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/the-governance-shift-rbac-urbac-data-lake-and-mssp/ba-p/4528607 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25

Activating channel partners on Microsoft Marketplace: A sales and marketing playbook

This playbook guides software companies in leveraging Microsoft Marketplace for channel partnerships, enabling new revenue streams for cloud and AI solutions. Microsoft is enhancing its channel-led sales through the Marketplace, simplifying collaboration for software companies, partners, and distributors. Channel partners benefit from streamlined transactions, access to customers with Azure consumption commitments, and global sales expansion.A key first step is to identify target markets with high revenue potential and existing partner traction. Companies should then build a target partner list, prioritizing those with market coverage and readiness for Marketplace sales. The playbook emphasizes articulating the value of Marketplace to channel partners, highlighting simplified procurement and access to new customers.Next, companies must set up preferred deal constructs, whether through resale-enabled offers or multiparty private offers, and ensure partners meet all necessary prerequisites. Enabling channel partner sales teams is crucial, requiring robust sales enablement kits, incentives, and a clear process for support. Companies should also compare customer lists and utilize Microsoft incentives to maximize sales.Internal sales teams must be aligned to avoid channel conflict, ensuring they are not penalized for partner-closed Marketplace deals. Tracking pipeline and optimizing sales performance are essential, using Microsoft Partner Center Insights to monitor sales, customer acquisition, and partner performance. Based on these insights, companies can refine their strategy, expand their partner list, and scale their channel-led sales motion.The playbook provides numerous customizable assets, including email templates, pitch decks, and a target partner list template, to facilitate each step of the process. Ultimately, the goal is to activate, optimize, and scale channel-led sales through the Microsoft Marketplace.
https://techcommunity.microsoft.com/t5/marketplace-blog/activating-channel-partners-on-microsoft-marketplace-a-sales-and/ba-p/4531047 techcommunity.microsoft.com
RSS Hunter RSS Hunter Jun 25