Recent Blogs
- Impacts to TSPs delivering courses that currently use an Azure Pass.Dec 07, 2024130Views0likes0Comments
- Take your marketing campaigns further with campaigns in a box (CiaB), collections of ready-made, high-quality marketing assets designed to deepen customer engagement, simplify your marketing efforts, and win customers. Microsoft offers both new and refreshed co-branded campaigns for the following solution areas: Data & AI (Azure), Modern Work, Business Applications, Digital & App Innovation (Azure), Infrastructure (Azure), and Security. Get started today by visiting the Partner Marketing Center, where you'll find resources such as execution guides, customizable nurture tactics, and more. Create interest in AI adoption among audiences. As AI technology grabs headlines and captures imaginations, use this campaign to illustrate your audiences' unique opportunity to harness the power of AI to deliver value faster. Learn more about the campaign: Era of AI: Show audiences how to take advantage of the potential of AI to drive business value and showcase the value in Microsoft AI solutions delivered and tailored by your organization Data & AI (Azure) Use one of the Data & AI campaigns to demonstrate how your customers can win customers with AI-enabled differentiation. Show how they can transform their businesses with generative AI, a unified data estate, and solutions like Microsoft Fabric, Microsoft Power BI, and Azure Databricks. Campaigns include: Innovate with the Azure AI Platform: Help your customers understand the potential of generative AI solutions to differentiate themselves in the market, and inspire them to build GenAI solutions with Azure AI Platform. Unify Your Intelligent Data and Analytics Platform (ENT): Show enterprise audiences how unifying data and analytics on an open foundation can help streamline data transformation and business intelligence. Unify Your Intelligent Data and Analytics Platform (SMB): Create awareness and urgency for SMBs to adopt Microsoft Fabric as the AI-powered, unified data platform that will suit their analytics needs. Innovate with the Azure AI Platform, Unify Your Intelligent Data and Analytics Platform (ENT), Unify Your Intelligent Data and Analytics Platform (SMB) Modern Work Access the Modern Work campaign to help SMBs understand how they can effectively transform their businesses with AI capabilities. Learn more about the campaign: Microsoft 365 Copilot SMB: Increase your audience's understanding of the larger potential of Microsoft 365 Copilot and how AI capabilities can help accelerate growth and transform operations. Microsoft 365 Copilot SMB Business Applications Nurture interest with customers ready to modernize and transform their business operations with these BizApps go-to-market resources. Campaigns include: Migrate and Modernize Your ERP with Microsoft Dynamics 365: Position yourself as the right partner to modernize or replace your customers' legacy on-premises ERP systems with a Copilot-powered ERP. Business Central for SMB: Offer customers Microsoft Dynamics 365, a comprehensive business management solution that connects finance, sales, service, and operations teams with a single application to boost productivity and improve decision-making. Migrate and Modernize Your ERP with Microsoft Dynamics 365, Business Central for SMB Digital & App Innovation (Azure) Position yourself as the strategic AI partner of choice and empower your customers to grow their businesses by helping them build new AI applications faster and gain agility with intelligent experiences. Campaigns include: Build and Modernize AI Apps: Help customers building new AI-infused applications and modernizing their application estate take advantage of the Azure AI application platform. Accelerate Developer Productivity: Engage decision-makers responsible for productive development and position your organization as uniquely suited to help customers take advantage of the power of AI-assisted development tools like GitHub Copilot and the Microsoft developer platform to innovate and deliver faster. Build and Modernize AI Apps; Accelerate Developer Productivity Infrastructure (Azure) Work with your customers to transform their digital operations and help them tap into the cloud to expand capabilities and boost their return on investment. Campaigns include: Migrate VMware Workloads to Azure: Help partners capitalize on the partnership between VMware and Microsoft so they can migrate VMware workloads to Azure in an efficient and cost-effective manner. Migrate and Secure Windows Server and SQL Server to Azure (ENT): Showcase the high return on investment (ROI) of using an adaptive cloud purpose-built for AI workloads, and help customers understand the value of migrating to Azure at their own pace. Migrate VMware Workloads to Azure, Migrate and Secure Windows Server and SQL Server to Azure ENT Security Demonstrate the power of unified security solutions offered by Microsoft and help customers understand the importance of robust cybersecurity in today's tech landscape. Campaigns include: Defend Against Cybersecurity Threats: Increase your audience's understanding of the powerful, AI-driven Microsoft unified security platform, which integrates Microsoft Sentinel, Defender XDR, Security Exposure Management, Security Copilot, and Microsoft Threat Intelligence. Data Security: Show customers how Microsoft Purview can help fortify data security in a world facing increasing cybersecurity threats Defend Against Cybersecurity Threats, Data Security Get started now!Dec 06, 202435Views0likes0Comments
- In 2022, we knew legacy on-premise systems were not going to sustain us as a fully independent contact center solution for the dozens of customers we serve. At Purple, we needed a cloud-based solution that enabled us to deliver better customer support and engagement—and allowed us to stay competitive in the market. We looked at four options, but it was an easy decision for us: Azure Communication Services bridges the gap between outdated infrastructure and a secure, scalable platform, enabling our entire business to expand its services while ensuring data is securely managed and compliant with regulatory standards. How we transformed Purple’s technological base with Azure Communication Services Our previous investments in Microsoft Teams and Teams Direct Routing for PSTN connectivity aligned seamlessly with Azure Communication Service’s interoperable framework. By adopting ACS, we modernized our technological stack and expanded our service capabilities to include reception and delegation services. Azure Communication Service’s efficiency has allowed us to develop a cost-effective, reliable solution with minimal development effort while also addressing data storage and compliance requirements. Sensitive customer data is now stored securely within customers’ Azure tenants, enhancing security and regulatory compliance. The seamless integration and robust features of ACS have significantly enhanced our product offerings, making a complex system feel intuitive and easy for our users. This is exactly what we need to stay ahead in a competitive market. Integrating AI for enhanced contact center capabilities The migration and integration processes presented logistical and technical challenges, particularly in transferring large volumes of PSTN minutes and seamlessly transitioning services for existing customers without disrupting their operations. But our team at Purple did a great job integrating ACS into client operations, which has bolstered our position in the contact center market. Leveraging ACS features—such as call automation, direct routing, job router, call recording, transcription, and media functionalities—we enhanced our communication capabilities to support chat, email, and SMS services. We also tap into several Microsoft AI technologies to improve our contact center capabilities. Services like speech-to-text (STT), text-to-speech (TTS), transcription, summarization, and sentiment analysis provide actionable insights for businesses and agents. For optimized performance, planned integrations with Copilot studio let managers and customers query specific contact center metrics, such as agent availability and peak interaction times. Flexibility and scalability translate to cost-effectiveness for customers With ACS’s flexibility and scalability, we've developed a business model centered around cost-effectiveness and reliability. Its pay-as-you-go structure supports unlimited agents and queues, charging customers based on usage, which has reduced our costs by up to 50% and improved stability by 83% compared to older solutions. At Purple, we offer granular billing that differentiates costs for VoIP minutes, call recordings, and transcriptions. Integration with platforms like Salesforce, Jira, and Dynamics365 further streamlines operations, and helps us deliver a seamless, high-quality, cost-effective experience for all of our clients. We are excited about the AI-driven collaboration with Microsoft, which enhances our voice, chat, and CRM integration services, delivering significant value to our customers. This partnership will optimize the end-user experience, seamlessly integrate existing customer data, and provide a more cost-effective solution for businesses to scale and elevate their customer interactions. - Purple Chief Technology Officer Tjeerd VerhoeffDec 06, 202467Views0likes0Comments
- In document processing, dealing with documents that contain a mix of handwritten and typed text presents a unique challenge. Often, these documents also feature handwritten corrections where certain sections are crossed out and replaced with corrected text. Ensuring that the final extracted content accurately reflects these corrections is crucial for maintaining data accuracy and usability. In our recent endeavors, we explored various tools to tackle this issue, with a particular focus on Document Intelligence Studio and Azure AI Foundry's new Field Extraction Preview feature. The Challenge Documents with mixed content types—handwritten and typed—can be particularly troublesome for traditional OCR (Optical Character Recognition) systems. These systems often struggle with recognizing handwritten text accurately, especially when it coexists with typed text. Additionally, when handwritten corrections are involved, distinguishing between crossed-out text and the corrected text adds another layer of complexity, as the model is confused with which value(s) to pick out. Our Approach Initial Experiments with Pre-built Models To address this challenge, we initially turned to Document Intelligence Studio's pre-built invoice model, which provided a solid starting point. However, it would often extract both the crossed-out value as well as the new handwritten value under the same field. In addition, it did not always match the correct key to field value. Custom Neural Model Training Next, we attempted to train a custom neural model in the Document Intelligence Studio, which leverages Deep Learning for predicting key document elements, allowing for further adjustments and refinements. It is recommended to use at least 100 to 1000 sample files to achieve more accurate and consistent results. When training models, it is crucial to use text-based PDFs (PDFs with selectable text) as they provide better data for training. The model's accuracy improves with more varied training data, including different types of handwritten edits. Without enough training data or variance, the model may overgeneralize. Therefore, we uploaded approximately 100 text-based pdfs's (PDF has selectable text) to Azure AI Foundry and manually corrected the column containing handwritten text. After training on a subset of these files, we built and tested our custom neural model on the training data. The model performed impressively, achieving a 92% confidence score in identifying the correct values. The main drawbacks were the manual effort required for data labeling and the 30 minutes needed to build the model. During our experiments, we noticed that when extracting fields from a table, labeling and extracting every column comprehensively rather than just a few columns resulted in higher accuracy. The model was better at predicting when it had a complete view of the table Breakthrough with Document Field Extraction (Preview) Finally, the breakthrough came when we leveraged the new Document Field Extraction Preview feature from Azure AI Foundry. This feature demonstrated significant improvements in handling mixed content and provided a more seamless experience in extracting the necessary information. Field Description Modification: One of the key steps in our process was modifying the field descriptions within the Field Extraction Preview feature. By providing detailed descriptions of the fields we wanted to extract, we helped the AI understand the context and nuances of our documents better. Specifically, we wanted to make sure that the value extracted for FOB_COST was the handwritten correction, so we wrote in the Field Description: "Ignore strikethrough or 'x'-ed out text at all costs, for example: do not extract red / black pen or marks through text. Do not use stray marks. This field only has numbers." Correction Handling: During the extraction process, the AI was able to distinguish between crossed-out text and the handwritten corrections. Whenever a correction was detected, the AI prioritized the corrected text over the crossed-out content, ensuring that the final extracted data was accurate and up-to-date. Performance Evaluation: After configuring the settings and field descriptions, we ran several tests to evaluate the performance of the extraction process. The results were impressive, with the AI accurately extracting the corrected text and ignoring the crossed-out sections. This significantly reduced the need for manual post-processing and corrections Results The new Field Extraction Preview feature in Azure AI Foundry exceeded our expectations. The modifications we made to the field descriptions, coupled with the AI's advanced capabilities, resulted in a highly efficient and accurate document extraction process. The AI's ability to handle mixed-content documents and prioritize handwritten corrections over crossed-out text has been a game-changer for our workflow. Conclusion For anyone dealing with documents that contain a mix of handwritten and typed text, and where handwritten corrections are present, we highly recommend exploring Azure AI Studio's Field Extraction Preview feature. The improvements in accuracy and efficiency can save significant time and effort, ensuring that your extracted data is both reliable and usable. As we continue to refine our processes, we look forward to even more advancements in document intelligence technologies.Dec 06, 202482Views0likes0Comments
- 1 MIN READAfter 1 July 2025, it will no longer be possible to query Azure IMDS endpoints at the IP address 168.63.129.16. Please begin using 169.254.169.254 to communicate with Azure IMDS as soon as possible. Officially, IMDS APIs can only be queried at 169.254.169.254. However, due to the internal design of Azure, IMDS endpoints can also be queried at the IP address 168.63.129.16 from within a virtual machine. Some customers are using this unofficial pathway to communicate with IMDS. An upcoming change in Azure will permanently block IMDS requests on 168.63.129.16. After 1 July 2025, you won’t be able to access Azure IMDS endpoints with that IP. You can continue to use 168.63.129.16 to call into IMDS APIs until up until that date, but we recommend you begin your transition now. REQUIRED ACTION Fix all URLs using 168.63.129.16 to prepare for its decoupling from IMDS. For example, this IMDS token endpoint URL would soon be blocked: curl -s -H Metadata:true --noproxy "*" "http://168.63.129.16/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/" To avoid service disruptions, fix URLs to include 169.254.169.254., as in this example: curl -s -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/”Dec 06, 202445Views0likes0Comments
- The Resilient Ecommerce Reference Application is a synthetic workload that mirrors a simple, bare-bones, e-commerce platform. The purpose of it is to demonstrate how to use Azure Resiliency best practices to achieve availability during zonal outages or components outages.Dec 06, 2024109Views0likes0Comments
- Connect with popular security skill-building offerings and resources from Microsoft Ignite 2024 From simplifying infrastructure management and improving regulatory compliance to better navigating the modern cyberthreat landscape and building a security-first culture with AI, Ignite 2024 covered a ton of ground. Even if you didn’t join this year’s conference, you can explore expert content to inform and foster your security journey on our Security hub on Microsoft Learn. Designed for learners at all levels, the Security hub on Microsoft Learn is your go-to resource for security skill-building offerings, now easier to find, based on your interest and objectives. Find expert guidance aligned to your security journey. Whether you need to build foundational security skills, gain specialized knowledge, or prove your capabilities with Microsoft Credentials, get the guidance you need. Explore the latest resources organized by security focus area. Learn to understand advances in Zero Trust, identity and access, security operations, IT security, and much more. Connect with like-minded communities, partners, and other thought leaders. Join the conversation, and get inspired to level up your skills and knowledge. Validate your cloud skills with Microsoft Learn challenges According to research examined by Science Direct, gaining complementary AI skills can increase wages by an average of 21%. Starting November 19, 2024, at 4:00 PM (16:00) UTC and running through January 10, 2025 at 4:00 PM (16:00) UTC, you can unlock new AI skills the Microsoft Learn Challenge | Ignite Edition. The Challenge includes eight expert-led learning paths: Prepare for next generation data analytics with Microsoft Fabric: Accelerate your career as a data analytics professional. Learn how to connect, ingest, store, analyze, and report on data with Microsoft Fabric. Prepare for Exam DP-600 and your future as a Microsoft Certified Fabric Analytics Engineer. Build trustworthy AI solutions on Microsoft Azure: Gain knowledge on secure, reliable AI with Microsoft Azure. Learn responsible AI practices, content filtering, and model evaluation while mitigating risks to meet the highest safety standards. Innovate & secure your migration to Microsoft Azure: Learn how to migrate and manage your workloads with Microsoft Azure, tools, and services. Bring Azure innovation to your environment with improved scalability, security, and reliability. Create agents in Microsoft Copilot Studio: Learn how to migrate and manage your workloads with Microsoft Azure, tools, and services. Bring Azure innovation to your environment with improved scalability, security, and reliability. Microsoft 365 Copilot for administrators: Master Microsoft 365 Copilot security and compliance. Prepare data, configure tenants, assign licenses, drive user adoption, and optimize Copilot experiences with extensibility options. Secure your data in the age of AI: Learn to adapt security strategies for evolving AI tech. Protect endpoints, data, and apps with Microsoft Purview and Defender. Stay ahead in safeguarding your organization's AI infrastructure. Get started with Microsoft Copilot for Security: Learn how Copilot can help secure your organization at machine speed! Explore generative AI, understand Microsoft Security Copilot features, and gain skills to use in both embedded and stand-alone experiences. Build AI apps with Microsoft Azure services and best practices: Learn to build cloud-native AI apps, create back-end databases, and integrate Azure OpenAI services. Gain practical skills for scaling AI and develop AI solutions for your organization on Azure. Ready to level up on your AI skills journey? Register for the Microsoft Learn Challenge today. Prove your real-world technical expertise with our latest Microsoft Applied Skills Professionals focused on data security and threat protection can demonstrate and differentiate their expertise by earning these new Microsoft Applied Skills: Implement information protection and data loss prevention by using Microsoft Purview: Demonstrate your ability to implement Microsoft Purview Information Protection and DLP, and validate your ability to discover, classify, and protect sensitive data in Microsoft 365, effectively implementing data security by using Microsoft Purview. This assessment is particularly relevant for information protection and compliance administrators, in addition to security operations Analysts. Implement retention, eDiscovery, and Communication Compliance in Microsoft Purview: Earn this Applied Skill by proving your ability to implement retention, eDiscovery, Communication Compliance, and content search in Microsoft Purview. This could be an especially good fit for compliance administrators who are familiar with Microsoft 365 services and Microsoft Purview and have experience administering compliance in Microsoft 365. Defend against threats using Microsoft Defender XDR: Earn this credential by demonstrating your ability to use Microsoft Defender XDR to detect and respond to cyberthreats. Candidates for this credential should be familiar with investigating and gathering evidence about attacks on endpoints. They should also have experience using Microsoft Defender for Endpoint and Kusto Query Language (KQL). Take our most up-to-date Virtual Training Days for free No matter your security skill level, our free Microsoft Security Virtual Training Days will help you gain the technical skills and knowledge you need to enable employees to work securely and achieve more from anywhere. To keep pace with today’s fast-moving security landscape, we updated three of our most popular Virtual Training Days: Modernize your SecOps with Microsoft Sentinel: Learn how to deploy your Microsoft Sentinel SIEM instance, migrate your existing rules, and add content hub solutions including data connectors, analytic rules, hunting queries and workbooks. These solutions enable you to perform detections, investigations, incident management, and threat hunting. Additionally, you can learn how to optimize your security data to maximize your coverage and better manage costs. We will also demonstrate how Microsoft Security Copilot can help security operations teams to move faster with skills like guided response, natural language to KQL translation, and analysis of malicious scripts. Implement data security with Microsoft Purview: Learn how to discover sensitive data, identify critical data security risks, and dynamically tailor DLP controls using Microsoft Purview solutions including Information Protection, Data Loss Prevention, Insider Risk Management, and Adaptive Protection. The session will explore practical use cases for these products, demonstrating how they can secure AI applications and analyze organizational risks. You'll learn to protect data across generative AI tools like Microsoft Copilot for Microsoft 365 and third-party AI applications, implement dynamic protections to prevent data leaks, and ensure compliance in an AI-first world. Defend against threats with extended detection and response: Learn how to perform investigations and remediations with Microsoft Defender XDR and Defender for Endpoint. You will be introduced to the Unified Security Operations Platform (SIEM in XDR), and will see how to deploy the solution and use Microsoft Sentinel capabilities in Microsoft Defender XDR. Microsoft Sentinel SIEM in XDR topics also include SOC Optimization. They will perform advanced hunting using KQL queries, remediate security alerts, and perform detections, investigations, and threat hunting in Defender XDR. You will also learn how attack disruption works with incidents and alerts, and how to use Microsoft Security Copilot to investigate and perform incident management.Dec 06, 2024253Views1like0Comments
- What’s New in Meta Llama 3.3 70B? The latest Llama model focuses on enhancements in reasoning, coding, and instruction following, making it one of the most versatile and advanced open models available. Key features include: Improved Outputs: Generate step-by-step reasoning and accurate JSON responses for structured data requirements. Expanded Language Support: Multilingual capabilities in eight major languages, including English, French, Hindi, and Thai. Enhanced Coding Capabilities: Greater coverage of programming languages, improved error handling, and detailed code feedback. Task-Aware Tool Use: Smarter tool invocation that respects predefined parameters and avoids unnecessary calls. This model ensures developers achieve similar performance to the larger 405B model but at a fraction of the cost, making high-quality generative AI accessible to a broader audience. A Foundation for Responsible AI According to Meta, Llama models are designed with responsibility at its core. Meta’s safety protocols ensure the model is not only powerful but also aligned with ethical AI standards. Features like Llama Guard 3 and Prompt Guard offer developers built-in safeguards to prevent misuse, making Llama an ideal choice for safe AI deployment. Driving Real-World Impact Llama models have already demonstrated their potential to transform industries: Education: Empowering students and educators with multilingual AI assistants. Software Development: Enhancing productivity with accurate coding assistance. Enterprise Applications: Streamlining customer support, data analysis, and content generation. As the global community continues to adopt generative AI, the Meta Llama 3.3 70B model will play a pivotal role in unlocking new possibilities while ensuring safety and inclusivity. Coming soon to Azure AI Foundry Model Catalog. Learn more about Meta LlamaDec 06, 2024305Views1like0Comments
- Welcome back to our blog! Today, we're diving into the world of SharePoint Advanced Management (SAM) and how it integrates with Microsoft 365 Copilot to enhance your SharePoint experience. Whether you're looking to improve access management, secure sensitive data, or prepare for Copilot deployment, SAM offers a suite of tools to help you achieve your goals. What is SharePoint Advanced Management? SharePoint Advanced Management (SAM) is an add-on for Microsoft 365 that provides advanced access policies and content lifecycle management to secure SharePoint sites. It's particularly useful for organizations preparing for Microsoft 365 Copilot, as it offers greater visibility and transparency into site activities and oversharing. Key Features of SAM Restricted SharePoint Search: This feature allows administrators to temporarily restrict search access to certain SharePoint sites while reviewing and auditing site permissions. It's a useful tool for managing highly sensitive sites during Copilot deployment. Advanced Access Policies: SAM includes advanced access policies and site content lifecycle management tools, such as Microsoft Purview, to ensure that users have the correct access to data without any additional permissions. Licensing and Entitlements: Starting in January 2025, SharePoint Advanced Management will be included for free for customers with a Microsoft 365 Copilot license. This means that organizations with Copilot licensing will have access to all SAM features without needing additional licenses. Site Lifecycle Management: SAM allows administrators to create policies for site ownership and compliance, ensuring that SharePoint sites remain healthy and well-maintained. For example, administrators can set policies to notify site owners of inactive sites and take actions such as archiving or restricting access. Conditional Access Policies: Administrators can enforce access controls based on specific conditions, such as location or device compliance, to ensure that only authorized users can access sensitive sites and data. Preparing for Copilot with SAM One of the primary benefits of SAM is its ability to help organizations prepare for Microsoft 365 Copilot. By providing tools to manage site access, audit activities, and enforce compliance, SAM ensures that your SharePoint environment is optimized for Copilot deployment. This includes setting up sensitivity labels, data loss prevention (DLP) policies, and retention policies to protect your data and prevent oversharing. In Summary SharePoint Advanced Management is a powerful tool for organizations looking to enhance their SharePoint experience and prepare for Microsoft 365 Copilot. With features like restricted search, advanced access policies, and site lifecycle management, SAM provides the tools and transparency needed to secure your SharePoint sites and ensure compliance. If you're interested in learning more about SAM and how it can benefit your organization, reach out to your Microsoft team for more information.Dec 06, 202483Views1like0Comments
- The identity security landscape is advancing at an unprecedented pace. As global events and rapidly evolving AI reshape the cybersecurity environment, maintaining security has become more critical than ever. To address the escalating scale and impact of cyberattacks, Microsoft introduced the Secure Future Initiative (SFI), a cohesive initiative that harnesses Microsoft’s full capabilities to enhance cybersecurity across our organization and products. This initiative reflects both internal insights and invaluable feedback from customers, governments, and partners, guiding us to focus on the most meaningful ways to shape the future of security. At Microsoft Ignite last month, we announced several key updates to stay ahead of the evolving threat landscape and secure access in the AI era, including: Security Copilot in Microsoft Entra: Expanding the public preview to embed Security Copilot directly into the Microsoft Entra admin center, enabling easy access to identity insights within the admin experience. Enhancements in Microsoft Entra Private Access: Introducing new capabilities like Quick Access Policies, App Discovery, Private Domain Name System (DNS), and Network Connectors. Advancements in Microsoft Entra Internet Access: Adding support for Continuous Access Evaluation (CAE) and Transport Layer Security (TLS) inspection. Real-time password spray detection in Microsoft Entra ID Protection. Device-bound passkey support in Microsoft Authenticator for iOS and Android. Native authentication in Microsoft Entra External ID. What’s new in Microsoft Entra experience and Health monitoring. For a deeper dive into these updates, read the blog, ‘Ignite: AI and SASE innovations in Microsoft Entra’ on the Microsoft Community Hub. And today, we’re sharing security improvements and innovations across Microsoft Entra from October to November 2024, organized by product for easier navigation. To learn more, watch the video What’s new in Microsoft Entra for a quick overview of product updates, and explore the What’s new blade in the Microsoft Entra Admin Center for detailed insights. Microsoft Entra ID New releases Dynamic Administrative Units Microsoft Entra Health Monitoring, Health Metrics Feature Log analytics sign-in logs schema is in parity with MSGraph schema Change announcements Security improvements Update to security defaults [Action may be required] In line with Microsoft's Secure Future Initiative, we’re removing the option to skip multifactor authentication (MFA) registration for 14 days when security defaults are enabled. All users will be required to register for MFA on their first login after security defaults are turned on. This change affects newly created tenants starting on December 2, 2024 and will be rolled out to existing tenants starting in January 2025. Enablement of passkeys in Authenticator for passkey (FIDO2) organizations with no key restrictions [Action may be required] Starting mid-January 2025, after general availability of passkeys in Microsoft Authenticator, organizations with the Passkey (FIDO2) authentication methods policy enabled without key restrictions will be enabled for passkeys in Microsoft Authenticator in addition to FIDO2 security keys. In Security Info, users will have the option to add Passkey in Microsoft Authenticator as an authentication method. Additionally, when Conditional Access authentication strengths policy enforces passkey authentication, users without a passkey will be prompted to register a passkey in Microsoft Authenticator. Organizations that prefer not to enable this change should enable key restrictions in the Passkey (FIDO2) authentication methods policy. Click here to learn more. Encrypted access tokens for Microsoft APIs [Action may be required] As of October 2024, Microsoft is gradually enabling encrypted access tokens across more of its APIs. This change alters the format of access tokens for Microsoft-owned APIs. Action required: Client applications should treat access tokens as opaque strings, meaning they should not attempt to read, inspect, or parse them. Only the web APIs that are the intended recipients of the access tokens should be parsing and validating them. Why this matters: If applications rely on specific token formats, such as expecting a URI in the ‘aud’ claim rather than a GUID, these assumptions may cause functionality issues as token formats change. If your client application currently parses access tokens, please review and update your code in line with best practices outlined on the Microsoft Identity Platform documentation. Change in format for aud claim in access tokens for Microsoft Graph [Action may be required] Considering our ongoing commitment to security, we’re making a minor change to tokens issued for Microsoft Graph after January 15, 2025. In rare cases, this may cause impact to applications if the client application is parsing the access token and expecting a specific format of the aud claim. As described in documentation, access tokens should be parsed and validated only by the resource API, and client applications should treat the access token as an opaque string to avoid impact from this or future changes. Ensure the right people can continue to access security advisories in Azure Service Health [Action may be required] To ensure sensitive security advisories are only received by people with elevated permissions, we’re making changes to role-based access control (RBAC) in Azure Service Health beginning February 28, 2025. To make the change, we’ll: Introduce a new version of the Resource Health API on February 28, 2025, which ensures security advisory events will only be accessible to privileged users. Enable RBAC for security advisory events in the Azure portal on August 31, 2025. Enable RBAC for security advisory events in Azure Resource Graph on September 15, 2025. These changes may impact you if you receive security advisories in one of the ways listed below. Required action If you’re using the Azure portal: Review your security RBAC assignments before August 31, 2025 and make changes or additions as needed. If you access events through Resource Health API: Update to the new Resource Health API before old versions are deprecated on September 15, 2025. Use FetchEventDetails to view sensitive security information going forward. If you’re using Azure Resource Graph: Review the ServiceHealthResources properties that will require elevated access and make changes or additions before September 15, 2025. Visit Microsoft Learn to read more about these changes and stay informed about Azure security issues. Public preview refresh - Hardware OATH tokens [Action may be required] On November 14, we launched a new version of the Hardware OATH tokens public preview. This update supports end-user self-assignment, activation, and delegated admin access. For more details, refer to the public documentation. To take advantage of this update, create tokens using the MS Graph API. The new experience will run alongside the legacy version until its deprecation, which will be announced through ‘What's new in Microsoft Entra?’ and M365 Message Center posts. To migrate now, remove tokens from the old system and recreate them in the new one using MS Graph. At General Availability, an MS Graph API will be available for per-user token migration without user disruption. Entra ID: Expansion of WhatsApp as an MFA one-time passcode delivery channel [Action may be required] Starting December 2024, users in India and other countries may start receiving MFA text messages via WhatsApp. Only users that are enabled to receive MFA text messages as an authentication method and already have WhatsApp on their phone will get this experience. If a user with WhatsApp on their device is unreachable or doesn’t have internet connectivity, they will quickly fall back to the regular SMS channel. In addition, users receiving OTPs via WhatsApp for the first time will be notified of the change in behavior via SMS text message. If you’re a Microsoft Entra workforce customer and currently leverage the text-message authentication method, we recommend you notify your helpdesk about this upcoming change. Additionally, if you don’t want your users to receive MFA text messages through WhatsApp, you may disable text messages as an authentication method in your organization. Please note that we highly encourage organizations to move to using more modern, secure methods like Microsoft Authenticator and passkeys in favor of telecom and messaging app methods. This feature update is available by default. Review our phone authentication documentation to learn more. This rollout will happen automatically with no admin action required. You may want to notify your users about this change and update any relevant documentation as appropriate. Identity modernization Important update: Azure AD Graph retirement [Action may be required] The retirement of the Azure AD Graph API service began on September 2024 and will eventually impact both new and existing applications. We’re now completing the deployments of the first phase of Azure AD Graph retirement, and new applications will not be able to use Azure AD Graph APIs unless they’re configured for extended access. Microsoft Graph is the replacement for Azure AD Graph APIs, and we strongly recommend immediately migrating use of Azure AD Graph APIs to Microsoft Graph and limiting any further development using Azure AD Graph APIs. Timeline for incremental retirement of Azure AD Graph API service Phase start date Impact on existing apps Impact on new apps September 1, 2024 None. New apps are blocked from using Azure AD Graph APIs, unless the app is configured to allow extended Azure AD Graph access by setting blockAzureAdGraphAccess to false. Any new apps must use Microsoft Graph February 1, 2025 Application is unable make requests to Azure AD Graph APIs unless it is configured to allow extended Azure AD Graph access by setting blockAzureAdGraphAccess to false. July 1, 2025 Azure AD Graph is fully retired. No Azure AD Graph API requests will function. Required action To avoid service disruptions, please follow our instructions to migrate applications to Microsoft Graph APIs. If you need to extend Azure AD Graph access for an app to July 2025 If you have not fully completed app migrations to Microsoft Graph, you can extend this retirement. If you set the blockAzureADGraphAccess attribute to false in the application’s authenticationBehaviors configuration, the application will be able to use Azure AD Graph APIs through June 30, 2025. Further documentation can be found here. New applications will receive a 403 error when attempting to access Azure AD Graph APIs unless this setting is set to false. For all existing applications that will not complete migration to Microsoft Graph in 2024, plan to set this configuration now. If you need to find Applications in your tenant using Azure AD Graph APIs We’ve provided two Entra recommendations that show information about applications and service principals that are actively using Azure AD Graph APIs in your tenant. These new recommendations can support your efforts to identify and migrate the impacted applications and service principals to Microsoft Graph. References: Migrate from Azure Active Directory (Azure AD) Graph to Microsoft Graph Azure AD Graph app migration planning checklist Azure AD Graph to Microsoft Graph migration FAQ Important update: AzureAD and MSOnline PowerShell retirement [Action may be required] As of March 30, 2024, the legacy Azure AD PowerShell, Azure AD PowerShell Preview, and MS Online modules are deprecated. These modules will continue to function through March 30, 2025, after which they will be retired and stop functioning. Microsoft Graph PowerShell SDK is the replacement for these modules and you should migrate your scripts to Microsoft Graph PowerShell SDK as soon as possible. To help you identify usage of Azure AD PowerShell in your tenant, you can use the Entra Recommendation titled Migrate Service Principals from the retiring Azure AD Graph APIs to Microsoft Graph. This recommendation will show vendor applications that are using Azure AD Graph APIs in your tenant, including AzureAD PowerShell. Microsoft Entra Sign-In Logs can also be used to identify logins made from MS Online and Azure AD PowerShell in your tenant. Sign-in events (interactive and non-interactive) with the application name Azure Active Directory PowerShell are made by MS Online and/or Azure AD PowerShell clients. We’re making substantial new and future investments in the PowerShell experience for managing Microsoft Entra, with the public preview of the Microsoft Entra PowerShell module. This new module builds upon the Microsoft Graph PowerShell SDK and brings scenario-focused cmdlets. It’s fully interoperable with all cmdlets in the Microsoft Graph PowerShell SDK, enabling you to perform complex operations with simple, well-documented commands. The module also offers a backward compatibility option to simplify migration from the deprecated AzureAD Module. New free subscription rollout: Microsoft Entra ID Free [No action required] Beginning on December 11, 2024, tenants created via signup for M365 products will include a new subscription labeled “Microsoft Entra ID Free.” This rollout will expand to cover all product signup flows by February 7, 2025. For newly created tenants, this will appear in your list of billing subscriptions under “All Billing Subscriptions” in the Entra and Azure portals or on the “Subscriptions” page in the M365 Admin Center. This is a tenant-level subscription with no associated cost and requires no action. In the future, this subscription will keep track of all new tenants created with the same billing account, allowing customers to maintain an inventory of all new tenants and demonstrate ownership of a tenant in case customers ever lose administrative access. For more information on what you can do right now to find all your tenants, please visit https://aka.ms/TenantDiscoveryFAQ. Enhancing user experience Suggested access packages in My Access [No action is required] As communicated earlier, we're excited to introduce a new Microsoft Entra ID Governance feature in My Access: a curated list of suggested access packages. This will allow users to quickly view the most relevant access packages (based off their peers' access packages and previous requests) without scrolling through a long list. We’ll deploy this to all Microsoft Entra ID Governance customers as an opt-in preview by the end of December, with in-product messaging to highlight the change. You may want to update any relevant documentation to reflect the refreshed UX as appropriate. Microsoft Entra ID Governance New releases Microsoft Entra Connect Sync Version 2.4.27.0 is now available Change announcements Deprecation of Microsoft Identity Manager (MIM) hybrid reporting to Microsoft Entra audit log feature [Action may be required] The MIM hybrid reporting feature, introduced with Microsoft Identity Manager (MIM) 2016, is being deprecated. This feature allowed the MIM hybrid reporting agent to send event logs from the MIM service to Microsoft Entra, enabling reports for password reset using self-service password reset (SSPR) and self-service group management (SSGM) in the Microsoft Entra audit log. This is replaced by using Azure Arc agent to send those event logs to Azure Monitor, as this allows more flexible reports. As of November 2025, the cloud endpoints used by the MIM hybrid reporting agent will no longer be available, and customers should transition to Azure Monitor or similar. Other MIM and Entra ID Connect Health capabilities are unaffected by this deprecation. Microsoft Entra External ID New releases SMS as an MFA method in Microsoft Entra External ID Change announcements Enhancements to Attribute Collection in Microsoft Entra External ID [No action is required] Starting January 2025, we’re excited to announce an important update to the attribute collection page in Entra External ID. When users sign up, they will now see a persistent label next to each input field for both built-in and custom attributes. This enhancement serves two key purposes: Improved Accessibility: The persistent labels will help ensure compliance with accessibility standards, making the sign-up process more user-friendly for all. Enhanced Context: By clearly labeling each attribute collection field with the corresponding user attribute name, users will have better context, especially when values are pre-filled. Microsoft Entra Private Access New releases Quick access policies Best Regards, Shobhit Sahay Add to Favorites: What’s New in Microsoft Entra Stay informed about Entra product updates and actionable insights with What’s New in Microsoft Entra. This new hub in the Microsoft Entra admin center offers you a centralized view of our roadmap and change announcements across the Microsoft Entra identity and network access portfolio. Learn more about Microsoft Entra Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds. Microsoft Entra News and Insights | Microsoft Security Blog Microsoft Entra blog | Tech Community Microsoft Entra documentation | Microsoft Learn Microsoft Entra discussions | Microsoft CommunityDec 06, 2024479Views1like0Comments
- In a recent ‘Think like a People Scientist’ webinar, I was joined by Dean Napier, a People Analytics Manager at Derivco, a software development house with about 2000 employees. Derivco has been a leader in the gaming industry for over 30 years, with the majority of the employee population made up of software developers and engineers. As a People Analytics function, Dean and his team have extensively been using Viva Insights for over two years now. The team has built sustained analytics that span the entire employee lifecycle. During this session, Dean explained how Derivco integrated behavioral data from Viva with survey data and other internal data sources to provide timely and actionable insights to their managers. He also spoke about Derivco’s innovative approach to creating custom manager alerts through an Automated Data Analytics Messenger (ADAM) using Copilot extensibility features (available in Copilot Studio) and Viva data. This session provided a deep dive into how Derivco successfully integrated various data signals to empower managers and drive actionable insights - a challenge we often see in organizations. Read more about our Viva People Science research into manager action taking challenges here. Here are the key takeaways from this session: The importance of a Holistic Listening approach: We presented research into the importance of moving beyond traditional employee engagement surveys to include productivity and resilience signals. This approach helps organizations understand not only how employees feel but how they work and adapt to changes. ADAM - The Automated Data Analytics Messenger: Dean introduced ADAM, a bot developed by Derivco which sends alerts to managers based on data from Viva Insights and other sources. ADAM provides timely, relevant insights and suggested actions, making it easier for managers to support their teams effectively. Examples of Effective Alerts: Dean shared specific examples of alerts, such as a decrease in one-on-one meeting time and an increase in uninterrupted focus time. These alerts not only highlight potential issues but provide managers with practical suggestions and resources to address them. Measuring Impact: Derivco tracks the effectiveness of these alerts by monitoring behavioral changes. For instance, if a manager increases one-on-one meeting time after receiving an alert, it’s considered effective. This approach helps ensure that alerts drive meaningful actions. Future Plans for Adam and Derivco: Dean discussed plans to expand ADAM's capabilities, including scaling alerts for higher-level managers and incorporating more data points from operational and financial data. This will further enhance the ability to provide comprehensive insights across the organization. By integrating various data sources and providing actionable insights through ADAM, Derivco empowered its managers to improve the employee experience at the company. Derivco serves as an inspiring use case for other organizations looking to enhance their employee listening strategies. If you missed our live session, watch the recording below!Dec 06, 202440Views0likes0Comments
- Azure Kubernetes Service (AKS) continues to set the standard for cloud-native platforms, delivering innovations that simplify Kubernetes management and accelerate adoption across industries. At KubeCon North America 2024 and Microsoft Ignite 2024, the spotlight was firmly on advancements designed to empower developers, operators, and businesses in their cloud-native journey. In this blog post, we’ll dive into the key highlights from these landmark events, providing a curated summary to help you stay ahead of the curve in the evolving Kubernetes ecosystem. Key Highlights from KubeCon North America 2024 Network Isolated Clusters (Preview): Isolate AKS clusters from external networks for enhanced security. This feature ensures that your clusters are protected from potential external threats, providing a more secure environment for your applications. Azure Linux 3.0 (Preview): The latest iteration of Azure Linux, optimized for container workloads. Azure Linux 3.0 brings improved performance and reliability, making it an ideal choice for running containerized applications. Advanced Container Networking Services (GA): Improved networking capabilities for containerized applications. These services enhance the connectivity and performance of your containerized workloads, ensuring seamless communication between different components. FQDN Network Policies (Preview): Manage traffic based on Fully Qualified Domain Names, offering granular network control. This feature allows you to define network policies that control traffic flow based on domain names, providing more precise control over your network traffic. Static Egress Gateway (Preview): Streamline outbound traffic with static egress IP addresses. This feature simplifies the management of outbound traffic by providing static IP addresses, making it easier to manage and secure your network. Mixed SKU Node Pools (Preview):Use node pools with varying VM sizes, allowing cost optimization and workload customization. This feature enables you to optimize costs and tailor your node pools to meet the specific needs of your workloads. Seccomp Default Profiles (Preview): Strengthen container security with default Seccomp profiles. These profiles provide an additional layer of security by restricting the system calls that containers can make, reducing the attack surface. Fleet Manager: Simplify management of multiple AKS clusters with a unified interface. Fleet Manager provides a centralized interface for managing multiple clusters, making it easier to oversee and maintain your Kubernetes environment. Multi-cluster Auto-upgrade (Preview): Automatically upgrade multiple AKS clusters in a coordinated manner. This feature ensures that your clusters are always up-to-date with the latest features and security patches, reducing the administrative burden. Cross Cluster Workload Placement (GA): Deploy workloads across multiple AKS clusters for higher resilience and scalability. This feature allows you to distribute your workloads across different clusters, enhancing the resilience and scalability of your applications. Hyperlight: Hyperlight is a groundbreaking open-source project from Microsoft’s Azure Core Upstream team, designed to execute lightweight functions securely and efficiently. Built in Rust, Hyperlight employs hypervisor-based isolation, creating new virtual machines in just 1–2 milliseconds for each function call. This innovation provides robust protection for untrusted code execution, combining strong security guarantees with near-instantaneous performance. Key Highlights from Microsoft Ignite 2024 AKS Security Dashboard - Defender (Preview): AKS is introducing a security dashboard in the portal. You can now have full visibility over the vulnerabilities of runtime and host in your AKS cluster. The Defender for Cloud blade in the Azure Kubernetes Service (AKS) portal offers a simplified and streamlined experience for the resource owner or a cluster administrator. Trusted Launch Enabled AKS Nodes (Preview): Trusted launch improves the security of generation 2 virtual machines (VMs) by protecting against advanced and persistent attack techniques. It enables administrators to deploy AKS nodes, which contain the underlying virtual machines, with verified and signed. IMDS Restriction (Preview): Restrict access to Instance Metadata Service (IMDS) for improved security. This feature enhances the security of your AKS clusters by limiting access to the metadata service, reducing the risk of unauthorized access. Auto-instrumentation with Application Insights (Preview): Auto-instrumentation automatically injects the Azure Monitor OpenTelemetry distro into your application pods to generate application monitoring telemetry. This feature simplifies the process of monitoring your applications, providing valuable insights into their performance and health. Upgrade Algorithm Improvements (GA): AKS upgrades currently fail when encountering a Pod drain failure. To improve upgrade efficiency, a new algorithm is being introduced. It allows you to configure upgrades so that if a node is blocked, AKS will use any available surge capacity to continue upgrading other nodes, labeling the blocked node as 'quarantined'. Failure error messages are updated to reflect the post-upgrade status accurately. Fleet Property-based Scheduling/Override (Preview): Assign workloads based on custom properties across multiple clusters. This feature provides more flexibility in managing your workloads, allowing you to schedule them based on specific properties. New: Multi Region Compute Fleet - Dynamically distribute workloads across regions: Achieve seamless multi-region scaling and workload distribution with the new Multi-Region Compute Fleet feature. Designed to optimize resource utilization and enhance application availability, this feature allows you to dynamically deploy and manage compute resources across multiple Azure regions. AKS Automatic Dynamic System Node Pools (Preview): Dynamically scale system node pools based on workload requirements. This feature allows your AKS clusters to automatically adjust the size of system node pools, ensuring optimal resource utilization. With these innovations, AKS and Azure’s cloud-native platforms are better positioned to meet the demands of modern, complex Kubernetes workloads. Explore Further: For a deeper dive into these features and announcements: Check out the AKS blog for KubeCon for updates from the open-source community and AKS product team. The Ignite session catalog is your one-stop reference. This link points to a search for all AKS and Kubernetes related announcements. Subscribe to the AKS YouTube channel, where you can catch Brendan Burns’ video on Microsoft’s open-source investments (watch here) and the recordings from the AKS Pre-Day For KubeCon sessions most talks were recorded and are already available on the CNCF YouTube channel. You can also find session slides on the KubeCon schedule webpage. AKS Blog: http://aka.ms/aks/blog AKS Public Roadmap: https://aka.ms/aks/roadmap Dec 06, 2024120Views1like0Comments
- Learn more about SQL, Azure OpenAI Service, Microsoft 365, and Azure with insights from Microsoft MVPs.Dec 06, 202440Views0likes0Comments
- This holiday season, Microsoft 365 Copilot is here to help you and your organization free up time and focus on what’s important. We’ve put together seven of our favorite Copilot prompts for preparing for out of office, planning holiday events, and catching up on work quickly. Share the prompt examples below with your users to inspire greater Copilot usage during the season! 1. Thank your team (Outlook) A heartfelt end-of-the-year message can make your team feel valued and recognized for their hard work, setting a positive tone for the upcoming year. Prompt: Write an end-of-the-year message to my team congratulating them on a great year and all the work on [Project Monaco]. Use a warm and appreciative tone with some light humour. Consider incorporating bullet points to highlight specific achievements or milestones. Try it in Outlook – Create a new email, select “Draft with Copilot” and paste this prompt. Pro tip: Use Copilot to tailor the email further, like adjusting the tone or length of the email or including the names of your co-workers in the prompt to make the response more personal. 2. Set your out-of-office message (Business Chat) Need to setup an out-of-office reply? Copilot can draft a festive message for you, spreading holiday cheer while ensuring your contacts know when you'll be back and who to reach out to in your absence. You can even request a reminder for how to set Out of Office replies in Outlook. Prompt: Write some funny Out of Office email responses to use while I'm on vacation from [Dates]. Also include steps for how to set this in Outlook. Try it in Business Chat via this link. Pro tip: Ask Copilot to turn the messages into poems! 3. Keep your team updated on important holiday details (Word) Be confident everyone is on the same page regarding office hours, vacation schedules, and key deadlines. Leverage this prompt to create a template that you can customize and share with your team to maintain smooth operations and foster a supportive, well-coordinated team environment. Prompt: Create a template for a holiday schedule that outlines office hours, team members' vacation days, and any important deadlines during the holiday season Try it: Create a blank document on Word, and ask Copilot to generate this template for you. Pro tip: Select the paperclip icon to attach relevant emails, files, or meetings as references to the prompt to further tailor Copilot’s response. 4. Kickstart team event planning (Business Chat) Need help with catering for a team event? Streamline the party planning process with Copilot. From menu comparison to cost analysis, Copilot will help with the research and ensure you make the best choices for your team. Prompt: List options for a local catering company that can support a holiday event for 20 people. Be sure to include companies that have vegetarian and gluten-free options. Try it in Business Chat via this link, or paste the above prompt into Copilot. Pro tip: Adjust the prompt and ask Copilot to look for catering companies within your city or town and have options for delivery. 5. Brainstorm gift options (Business Chat) Copilot can be your go-to assistant for brainstorming gift ideas this holiday season. Use Copilot to help you find the perfect gift to make your colleagues, friends, and family feel special. Prompt: Suggest some holiday gift ideas for my clients that are under $50 each. Ensure the list contains innovative and engaging items that ensures these are memorable. Please include a brief description of what the item is, how much it costs, and the expected reaction from different client personalities. Make the title of each item in the list a link of where to purchase it. Try it in Business Chat via this link, or paste the above prompt into Copilot. Pro tip: Experiment with this prompt to get a more personalized response – make sure the toggle is set to Work mode and ask Copilot to suggest gifts for the top 5 people you’ve recently collaborated with. 6. Catching up after the holidays (Outlook) Let Copilot help you get up to speed on important emails after you have taken some well-deserved time off. Prompt: Summarize the emails I've received over the past two weeks and prioritize them based on urgency. Try it in Outlook by selecting the Copilot icon on the right side of the top banner in the new Outlook application (or Outlook on the web). 7. Prepare for your first day (Business Chat) Feel confident on your first day back to work after the holidays by using Copilot to prepare for your meetings. Copilot will provide a recap of relevant meetings and communications. Prompt: Help me prepare for my next meeting. Try it in Business Chat via this link, or paste the above prompt into Copilot and make sure it’s toggled to Work. As you celebrate the season, let Microsoft 365 Copilot be your organization’s holiday helper. Combining specific, useful prompts with the right Microsoft 365 applications ensures users are making the most out of Copilot. For additional Copilot prompt inspiration and skilling, encourage people at your organization to explore the Copilot Prompt Gallery, where they can discover, save, and share their favorite prompts. Looking for more resources to drive Microsoft 365 Copilot adoption? Check out new Copilot user engagement tools and templates on the Microsoft Adoption site, including: User onboarding email templates (download link) Manager onboarding resources (download link) Happy Holidays! Please note that outputs may vary when using these Copilot prompts. Large language models output varying responses, even for the same exact prompts. When utilizing these suggested prompts, expect new/fresh answers from Copilot. Users should still review the outputs from Copilot to ensure that the final output aligns with the users’ goals.Dec 06, 2024357Views2likes1Comment
- We continue to expand the Azure Marketplace ecosystem. For this volume, 210 new offers successfully met the onboarding criteria and went live. See details of the new offers below:Dec 06, 202485Views1like0Comments
- by Vishal Yadav, Nikhil Pandey Introduction Large Language Models (LLMs) have transformed the landscape of natural language processing (NLP) with their ability to understand and generate human-like text. However, their size and complexity often pose challenges in terms of deployment, speed, and cost. Usually for specialized niche tasks, we end up deploying the best available model even though we don’t utilize all its capabilities. This is where distillation comes in, offering a method to create (fine-tune) smaller, customized, more efficient models, while retaining much of the performance of a significantly larger state-of-the-art model. What is distillation? Distillation is a technique designed to transfer knowledge of a large pre-trained model (the "teacher") into a smaller model (the "student"), enabling the student model to achieve comparable performance to the teacher model. This technique allows users to leverage the high quality of larger LLMs, while reducing inference costs in a production environment, thanks to the smaller student model. How distillation works? In distillation, knowledge can be transferred from teacher to student model in several ways. Here, we specifically discuss response-based, offline distillation, where the student model learns to mimic the output (only predictions) of the teacher model, and the teacher model is not trained during distillation. Teacher Model: A large, high-capacity teacher model that is already pre-trained on massive datasets. This model has learnt rich representations and complex patterns from the data which allows it to generalize well even on unseen tasks. Knowledge Extraction: The teacher model generates outputs based on given inputs, which are then used as training data for the student model. This involves not just mimicking outputs but also understanding the underlying reasoning processes. Student Model Training: A smaller student model is trained using the extracted knowledge as a guide. The student model learns to mimic the teacher model's behavior and predictions on specific tasks. Advantages Reduced Size: The resulting student model is significantly smaller, making it easier to deploy in resource-constrained environments. Lower Cost: Running smaller models incurs lower operational costs while maintaining competitive performance levels. Task-Specific Optimization: Distillation can be tailored for specific applications, enhancing efficiency and accuracy. Performance: Smaller models exhibit significantly lower latency compared to larger models, which in turn boosts the throughput of the deployment. Customization: Distillation allows users to select desirable traits from multiple larger models and transfer them to smaller models. Personalization: Personality traits can be incorporated into the model, enabling it to respond with relevant answers when queried about its personality. Synthetic Data Generation: At scale data generation can be done either only for labels or from scratch using just seed/meta data. Generalization: Distillation can help student models generalize better by learning from the teacher model's knowledge and avoiding overfitting. Improved Multilingual Capabilities: The multilingual performance of smaller models can be significantly enhanced with the help of teacher models making them suitable for global applications. Distillation in Azure AI Foundry Distillation as a Service is now supported on Azure allowing a variety of task types and more to be added soon. Following tasks are supported. Summarization: Given a document (article) to summarize, generate an entity-dense summary of the document. Conversational Assistant: Generate AI assistant responses on single-turn and multi-turn conversational datasets. To generate each response, the available chat history and the current user prompt are utilized. Natural Language Understanding (NLU) o MATH: Generate numeric answers to math problems. o Natural Language Inference (NLI): Given premise and hypothesis, determine if premise entails the hypothesis, or contradicts the hypothesis, or is neutral i.e. neither entails not contradicts the hypothesis. o Multiple-Choice Question Answering: Given question and answer choices, determine the correct answer choice. Distillation Process Overview of the two-step distillation process: (1) Generate synthetic data using a task-specific, elaborate prompt (2) Train (and infer from) the student model using a shorter prompt (Figure source: https://arxiv.org/pdf/2410.18588) The distillation process involves two main steps: generate high quality synthetic data (labels) using the teacher model, followed by instruction-based finetuning of the student model. Data Generation High-quality data generation is crucial for the student model's performance. Azure provides a proprietary library of advanced prompts, to generate high-quality synthetic data for all supported tasks, utilizing techniques such as Chain of Thought (CoT) or Chain of Density (CoD), and other best practices. This option can be enabled by passing the `enable_chain_of_thought` parameter while invoking the distillation pipeline, ensuring reasoning-based answers and consequently high-quality data for distillation. Instruction Fine-Tuning The next step is to fine-tune the smaller model using the task-specific generated data. This involves using a concise, task-specific prompt and training with the input and generated output (excluding reasoning steps). These innovations ensure significant performance gains for a given task while minimizing the cost (number of tokens) for the user. When using user-provided prompts, the same prompt is applied in both data generation and fine-tuning. Distillation Code Snippet Distillation is supported by the Azure SDK and CLI. Support for this was added in version 1.22.0 of azure-ai-ml. Ensure that the azure-ai-ml package is >= 1.22.0 before using the code snippet below. Model Offerings Teacher Models Currently Meta Llama 3.1 405B Instruct is supported as the teacher model for distillation. Student Models Currently Meta Llama 3.1 8B Instruct is supported as the student model for distillation. Soon all Microsoft’s Phi 3 and 3.5 Instruct series models will also be available for distillation. The following table demonstrates our current and upcoming student model offerings. Student Model Region Availability Meta Llama 3.1 8B Instruct West US 3 Available Phi 3/3.5 Instruct East US 2 Coming Soon At the time of this writing, fine-tuning of Meta Llama 3.1 Instruct series of models, and deployment of such fine-tuned models, is only available in West US 3 region. Whereas fine-tuning of Microsoft’s Phi 3 Instruct series of models, and deployment of such fine-tuned models, is only available in East US 2 region. Ensure your AI Foundry project is setup in the appropriate region for your selected student model. Notebooks Distilling Large Language Models for NLI Tasks: A Practical Guide Notebook - Distillation with Large Language Models This notebook provides a comprehensive guide on how to distil a large teacher model into a smaller student model, specifically for Natural Language Inference (NLI) tasks. It uses the Meta Llama 3.1 405B Instruct as the teacher and the Meta Llama 3.1 8B Instruct as the student model. Key Highlights Teacher and Student Models: The process uses Meta Llama 3.1 405B Instruct as the teacher model and Meta Llama 3.1 8B Instruct as the student model. Prerequisites: Ensure you have subscribed to the required models and set up an AI Foundry project in the West US 3 region for distillation of a Meta Llama 3.1 8B Instruct student model. SDK Installation: Install necessary SDKs such as azure-ai-ml, azure-identity, and mlflow. Dataset Preparation: Use the ConjNLI dataset from Hugging Face for training and validation. Distillation Job: Configure and run the distillation job to transfer knowledge from the teacher to the student model. Deployment: Optionally, deploy the distilled model to a serverless endpoint and perform sample inferences. This notebook simplifies the complex task of model distillation, making it accessible even to those new to NLP and model training. Results Using the ConjNLI dataset and Chain-Of-Thought (CoT) distillation, we obtain the following accuracy (%) metrics. Dataset Student Model Teacher (405B) with CoT Prompting Student with CoT Prompting Student Distilled on CoT-prompted Teacher Output ConjNLI (dev) Meta Llama 3.1 8B Instruct 69.98 52.81 63.88 ConjNLI (dev) Phi 3 Mini 128k Instruct 69.98 43.98 57.78 Distillation with the Meta Llama 3.1 8B Instruct and Phi 3 Mini 128k Instruct student models provides approximately 21% and 31% improvement respectively over directly prompting the student model using CoT prompt. For detailed results on other datasets and tasks, we refer the user to check the published results in our knowledge distillation paper. Conclusion Distillation represents a significant step forward in development and deployment of LLM/SLM at scale. By transferring the knowledge from a large pre-trained model (teacher) to a smaller, more efficient model (student), distillation offers a practical solution to the challenges of deploying large models, such as high costs and complexity. This technique not only reduces model size and operational costs but also enhances the performance of student models for specific tasks. The support for distillation on Azure AI Foundry further simplifies the process, making it accessible for various applications, such as summarization, conversational assistance, and natural language understanding tasks. Furthermore, the detailed, hands-on example notebooks provided in Azure Github can help facilitate easier adoption. In summary, distillation not only bridges the gap between generalist understanding and specialized application but also makes the way for a more sustainable and practical approach to leveraging LLMs in real-world scenarios.Dec 06, 2024106Views0likes0Comments
- Introduction The assets of a bank are only accessible to some high-ranking officials, and even they don't have access to individual user lockers. These privacy features help build trust among customers. The same goes with in our IT world. Every user wants their sensitive data to be accessible only to themselves, not even available to those with higher privileges within the company. So, as you move data to the cloud, securing the data assets is critical to building trust with your customers and partners. To enable these kinds of preventions, Azure Synapse supports a wide range of advanced access control features to control who can access what data. These features are: Object-level security Row-level security Column-level security Dynamic data masking Synapse role-based access control In this blog we will explore these features. Object-level security In Azure Synapse, whenever we create tables, views, stored procedures, and functions, they are created as objects. In a dedicated SQL pool these objects can be secured by granting specific permissions to database-level users or groups. For example, you can give SELECT permissions to user accounts or Database Roles to give access to specific objects. To assign permission: GRANT SELECT ON [schema_name].[table_name] TO [user_or_group]; To revoke permission: REVOKE SELECT ON [schema_name].[table_name] FROM [user_or_group]; Additionally, when you assign a user to Synapse Administrator RBAC role, they automatically gain full access to all dedicated SQL pools within that workspace. It allows them to perform any action (including managing permissions) across all databases. In Addition, when a user assigned to the Storage Blob Data Contributor role (have READ, WRITE, and EXECUTE permissions) of data lakes and the data lakes is connected to the workspace like Synapse or Databricks, then these permissions automatically applied to the Spark-created tables. This is known as Microsoft Entra pass-through. Look, when Storage Blob Data Contributor role assigned to me: Then I am able to query my Spark-created table. But when I removed that role from myself. Then it gave me an error! Row-level security RLS is a mechanism to restrict row level access (read, write, ...), based on the user's context data. A typical use cases is like, A common database tables used by multiple tenants to store the data, and in such case, we want each tenant to restrict access to their own data only. It enables this fine-grained access control without having to redesign your data warehouse. It also eliminates the need to use Views to filter out rows for access control management. NOTE: The access restriction logic is located in the database tier and the database system applies the access restrictions every time when the data is access from any tier. This makes the security system more reliable and robust by reducing the surface area of your security system. How to implement RLS? RLS can be implemented by using SECURITY POLICY. RLS is a form of predicate-based access control that works by automatically applying a Security Predicate to all queries on a table. Security Predicate binds the predicate function to the table. Predicate Function is basically a user defined function which determines a user executing the query will have access to the row or not. There are two types of security predicates: Filter predicates: It silently filters out rows that users shouldn't see during SELECT, UPDATE, and DELETE operations. This is used when you want to hide data without disrupting the user experience. For example, in an employee database, filter predicate is used to ensure salespeople can only see their own customer records. They wouldn't even know about records belonging to other salespeople. Block predicates: It explicitly blocking write operations (INSERT, UPDATE, DELETE) that violate pre-defined rules. If a user tries to perform an action that breaks the rules, the operation fails with an error message. This is used where you want to prevent unauthorized modifications. Implementing Filter Predicates Step 1: Creating dummy users and tables, and then grant read access to these objects. CREATE SCHEMA Sales GO CREATE TABLE Sales.Region ( id int, SalesRepName nvarchar(50), Region nvarchar(50), CustomerName nvarchar(50) ); -- Inserting data INSERT INTO Sales.Region VALUES (1, 'Mann', 'Central Canada', 'C1'); INSERT INTO Sales.Region VALUES (2, 'Anna', 'East Canada', 'E1'); INSERT INTO Sales.Region VALUES (3, 'Anna', 'East Canada', 'E2'); INSERT INTO Sales.Region VALUES (4, 'Mann', 'Central Canada', 'C2'); INSERT INTO Sales.Region VALUES (6, 'Anna', 'East Canada', 'E3'); -- Creating Users CREATE USER SalesManager WITHOUT LOGIN; CREATE USER Mann WITHOUT LOGIN; CREATE USER Anna WITHOUT LOGIN; -- Granting Read Access to the Users GRANT SELECT ON Sales.Region TO SalesManager; GRANT SELECT ON Sales.Region TO Mann; GRANT SELECT ON Sales.Region TO Anna; Step 2: Create Security Filter Predicate Function. --Creating Schema for Security Predicate Function CREATE SCHEMA spf; CREATE FUNCTION spf.securitypredicatefunc(@SaleRepName AS NVARCHAR(50)) RETURNS TABLE WITH SCHEMABINDING AS RETURN SELECT 1 AS securitypredicate_result WHERE @SaleRepName = USER_NAME() OR USER_NAME() = 'SalesManager'; The function returns a table with a single value that is 1, when it satisfies the WHERE condition. And SCHEMABINDING ensures that the underlying objects (tables, views, etc.) referenced by the function cannot be modified (dropped or altered) while the function exists. Step 3: Create Security Policy that Filter Predicate Security and binds the predicate function to the table. CREATE SECURITY POLICY MySalesFilterPolicy ADD FILTER PREDICATE spf.securitypredicatefunc(SalesRepName) ON Sales.Region WITH (STATE = ON); Step 4: Test your RLS. EXECUTE AS USER = 'Mann'; SELECT * FROM Sales.Region ORDER BY id; REVERT; When a user (e.g., 'Mann') executes a query on the table, SQL Server automatically invokes the security predicate function for each row in the table. Internally the function is called by SQL Server as part of the query execution plan. So, the permissions required to execute the functions are inherently handled by the SQL Server engine. So, there is no need to explicitly give the permission to functions. Step 5: You can disable RLS by Altering the Security Policy. ALTER SECURITY POLICY MySalesFilterPolicy WITH (STATE = OFF); Column-level security It is similar to RLS, but as its name suggests, it applies at the column level. For example, in financial services, only account managers have access to customer social security numbers (SSN), phone numbers, and other personally identifiable information (PII). Additionally, the method of implementing CLS differs. It is implemented by granting Object level Security. Implementing CLS Step 1: Creating dummy user and table. CREATE USER TestUser WITHOUT LOGIN; CREATE TABLE Membership ( MemberID int IDENTITY, FirstName varchar(100) NULL, SSN char(9) NOT NULL, LastName varchar(100) NOT NULL, Phone varchar(12) NULL, Email varchar(100) NULL ); Step 2: Grant the User to access columns except sensitive columns. GRANT SELECT ON Membership ( MemberID, FirstName, LastName, Phone, Email ) TO TestUser; Step 3: Now if the user tries to access whole columns, it will give error. EXECUTE AS USER = 'TestUser'; SELECT * FROM Membership; Dynamic data masking It is the process of limiting the exposure of sensitive data, to the user who should not have access to viewing it. For example, Customer service agents who need to access customer records but should not see full credit card numbers, which can be masked. You may ask, why can't we use CLS, or why we don't completely restrict the access? Because of these reasons: - A CLS will completely restrict the access of reading and altering columns. But when a masking is applied on a column, it doesn't prevent updates to that column. So, if users receive masked data while querying the masked column, the same users can update the data if they have write permissions. In masking you can use SELECT INTO or INSERT INTO to copy data from a masked column into another table that will store as masked data (assuming it's exported by a user without UNMASK privileges). But in CLS you can't do anything, if you don't have access to restricted column. NOTE: Administrative users and roles (such as sysadmin or db_owner) can always view unmasked data via the CONTROL permission, which includes both the ALTER ANY MASK and UNMASK permission. You can grant, or revoke UNMASK permission at the database-level, schema-level, table-level or at the column-level to a user, database role, Microsoft Entra identity or Microsoft Entra group. Implementing DDM Step 1: Creating dummy user. CREATE USER MaskingTestUser WITHOUT LOGIN; Step 2: Create a table and apply the masking on required columns. CREATE TABLE Data.Membership ( FirstName VARCHAR(100) MASKED WITH (FUNCTION = 'partial(1, "xxxxx", 1)') NULL, LastName VARCHAR(100) NOT NULL, Phone VARCHAR(12) MASKED WITH (FUNCTION = 'default()') NULL, Email VARCHAR(100) MASKED WITH (FUNCTION = 'email()') NOT NULL, DiscountCode SMALLINT MASKED WITH (FUNCTION = 'random(1, 100)') NULL ); -- inserting sample data INSERT INTO Data.Membership VALUES ('Kapil', 'Dev', '555.123.4567', 'kapil@team.com', 10); Here, I have applied both default and custom masking functions. Step 3: Granting the SELECT permission on the schema where the table resides. Users view masked data. GRANT SELECT ON SCHEMA::Data TO MaskingTestUser; Step 4: Granting the UNMASK permission allows Users to see unmasked data. GRANT UNMASK TO MaskingTestUser; Step 5: Use the ALTER TABLE statement to add a mask to an existing column in the table, or to edit the mask on that column. ALTER TABLE Data.Membership ALTER COLUMN LastName ADD MASKED WITH (FUNCTION = 'partial(2,"xxxx",0)'); ALTER TABLE Data.Membership ALTER COLUMN LastName VARCHAR(100) MASKED WITH (FUNCTION = 'default()'); Synapse role-based access control Basically, it leverages the built-in roles to assign permissions to users, groups, or other security principals to manage who can: Publish code artifacts and list or access published code artifacts. Execute code on Apache Spark pools and integration runtimes. Access linked (data) services that are protected by credentials. Monitor or cancel job executions, review job output and execution logs.Dec 06, 202477Views0likes0Comments
- Microsoft Fabric is an end-to-end analytics and data platform designed for enterprises that require a unified platform. It provides for ingestion, transformation, real-time workload, Machine Learning and Reporting through a comprehensive suite of services including Data Engineering, Data Factory, Data Science, Real-Time Analytics, Data Warehouse, and Databases. Sometime back we had the opportunity from the SfMC team to help a customer implement a PoC using Microsoft Fabric. In this series of blogs, we will demonstrate how we helped our customer to implement a Data Warehouse PoC using the ELT (Extract, Load, Transform) approach. In these blogs, we use data from SQL Server’s sample databases, giving us a straightforward and accessible way to illustrate the data warehousing scenario implemented at the customer. The following were the customer requirements: Build the enterprise grade Data Warehouse solution in Microsoft Fabric Ingest data from 59 diverse sources across 130 different countries Source data from ADLS (JSON) , Azure and on-prem SQL Server databases and other data sources. PoC scope: ELT approach ingest (OLTP DB & ADLS Gen2) data directly into the Warehouse Transformation using stored procedures to load the production schema Solution Summary: Ingest OLTP data from source SQL Server (full load) using meta data driven copy activity to load data into staging schema of the Data Warehouse. Stored procedures to process the staging data along with data from ADLS shortcuts. Load the production Dimension tables. Application’s customer data arrives into ADLS storage as JSON files. Stored Procedures to process the data and load Customer dimension and Fact data using incremental load. Built 6 Dimensions and 1 Fact. Build reports. Sample overview of items that were implemented: Sample report from the PoC: To implement this PoC, you may need to download the following files: You can download them from: Download all the required files to local drive (eg: C:\temp). We assume that you already have a Fabric tenant setup with a Fabric Capacity (you will need a F64 capacity to test the co-pilot feature else a F2 capacity will be sufficient). If Fabric is not enabled, use the link below to enable Fabric for your organization. Step by Step Guide to Enable Microsoft Fabric for Microsoft 365 Developer Account You will also need: A logical SQL Server (link to how to deploy one, link to how to add local IP address to the firewall exception) ADLS Gen2 Account (link to how to deploy one, how to create a container) Once created, navigate to the “Data Storage” section and create a container name it levelup or a name of choice Open the container “levelup”and create a folder called “JSON_FILES” Install Storage Explorer, configure to connect to your Azure subscription, and navigate to storage account container. Upload five JSON files from the downloaded folder “JSON_FILES” to ADLS Gen2 in the "levelup" container under the "JSON_FILES" folder. Upload the following folders by choosing “Upload Folder” from Azure Storage Explorer. Sales_SalesOrderDetail Sales_SalesOrderHeader The above two folders containing Delta files, will be used for creating shortcuts in the Lakehouse which will be used for building the tables within the Warehouse in the subsequent tasks. After the uploads, you should have the folders below inside your Levelup container. Next, create a database on the Azure SQL Server by using the bacpac files downloaded earlier: Connect to Azure SQL Logical Server using SSMS (if you don’t have, you can download here) Right click on Databases and select the option “Import Data-Tier Application”. Follow the screen captures below to complete the database bacpac import. Note: Depending upon DTU/V-core chosen, the Import activities might take up 30 mins. The initial setup is now complete. Continue to the next blog to start with the data ingestion portionDec 06, 2024128Views2likes0Comments
- This two-day event is the biggest in-person conference focused on Microsoft Business Applications in Spanish. This year, it made again a huge impact in the worldwide Spanish.Dec 06, 202445Views0likes0Comments
- Stretched clusters in Azure Local, version 22H2 (formerly Azure Stack HCI, version 22H2) entail a specific technical implementation of storage replication that spans a cluster across two sites. Azure Local, version 23H2 has evolved from a cloud-connected operating system to an Arc-enabled solution with Arc Resource Bridge, Arc VM, and AKS enabled by Azure Arc. Azure Local, version 23H2 expands the requirements for multi-site scenarios beyond the OS layer, while Stretched clusters do not encompass the entire solution stack. Based on customer feedback, the new Azure Local release will replace the Stretched clusters defined in version 22H2 with new high availability and disaster recovery options. For Short Distance Rack Aware Cluster is a new cluster option which spans two separate racks or rooms within the same Layer-2 network at a single location, such as a manufacturing plant or a campus. Each rack functions as a local availability zone across layers from OS to Arc management including Arc VMs and AKS enabled by Azure Arc, providing fault isolation and workload placement within the cluster. The solution is configured with one storage pool to reduce additional storage replication and enhance storage efficiency. This solution delivers the same Azure deployment and management experience as a standard cluster. This setup is suitable for edge locations and can scale up to 8 nodes, with 4 nodes in each rack. Rack Aware Cluster is currently in private preview and is slated to public preview and general release in 2025. For Long Distance Azure Site Recovery can be used to replicate on-premises Azure Local virtual machines into Azure and protect business-critical workloads. This allows Azure cloud to serve as a disaster recovery site, enabling critical VMs to be failed over to Azure in case of a local cluster disaster, and then failed back to the on-premises cluster when it becomes operational again. If you cannot fail over certain workloads to cloud and require long distance of disaster recovery, like in two different cities, you can leverage Hyper-V Replica to replicate Arc VMs to the secondary site. Those VMs will become Hyper-V VMs on the secondary site, they will become Arc VMs once they fail back to the original cluster on the first site. Additional Options beyond Azure Local If the above solutions in Azure Local do not cover your needs, you can fully customize your solution with Windows Server 2025 which introduces several advanced hybrid cloud capabilities designed to enhance operational flexibility and connectivity across various environments. Additionally, it offers various replication technologies like Hyper-V Replica, Storage Replica and external SAN replication that enable the development of tailored datacenter disaster recovery solutions. Learn more from the Windows Server 2025 now generally available, with advanced security, improved performance, and cloud agility - Microsoft Windows Server Blog What to do with existing Stretched clusters on version 22H2 Stretched clusters and Storage Replica are not supported in Azure Local, version 23H2 and beyond. However, version 22H2 stretched clusters can stay in supported state in version 23H2 by performing the first step of operating system upgrade as shown in the following diagram to 23H2 OS. The second step of the solution upgrade to Azure Local is not applicable to stretched clusters. This provides extra time to assess the most suitable future solution for your needs. Please refer to the About Azure Local upgrade to version 23H2 - Azure Local | Microsoft Learn for more information on the 23H2 upgrade. Refer the blog on Upgrade from Azure Stack HCI, version 22H2 to Azure Local | Microsoft Community Hub. Conclusion We are excited to be bringing Rack Aware Clusters and Azure Site Recovery to Azure Local. These high availability and disaster recovery options allow customers to address various scenarios with a modern cloud experience and simplified management.Dec 05, 20241.3KViews9likes0Comments
- Today we’re sharing an overview on how to upgrade from Azure Stack HCI, version 22H2 to our latest release Azure Local, version 23H2.Dec 05, 2024208Views0likes0Comments
- Join us for our digital event on January 15th focused on Security Solutions designed specifically for nonprofit-focused partners. This event will provide you with the knowledge and tools to better assist your customers in securing their digital environments while unlocking incremental service revenue opportunities. Topics Introduction to Microsoft Security Service Edge (SSE) - Private Access and Internet Access. Strategies to protect any identity and secure access to any resource with multi-cloud identity and network access solutions. Unified identity and network access management to safeguard your digital assets. How will this event benefit your customers? By attending this event, you'll be equipped with the latest knowledge and strategies to help your customers: Implement robust security measures tailored to their unique needs. Navigate the complexities of identity governance and global secure access. Enhance their overall security posture and protect their valuable data. Register now for this exceptional opportunity to enhance your expertise and support your customers in achieving their security goals. January 15, 8:00 am – 9:30 am (GMT-08:00) | Register here January 15, 9:00 am – 10:30 am (GMT +11:00) | Register hereDec 05, 202434Views0likes0Comments
- We are pleased to announce a limited preview of a new query hint, ABORT_QUERY_EXECUTION. The hint is intended to be used as a Query Store hint to let administrators block future execution of known problematic queries, for example non-essential ad hoc queries impacting application workloads. At this time, the preview is available for a limited number of customers in Azure SQL Database only. To participate, please fill out a short form: https://forms.office.com/r/8sZrLUD2rV. Frequently Asked Questions Is there any risk in participating in this preview? As with any preview feature, there is a risk of bugs that can affect your workloads. Is this new feature supported by Microsoft Support during the limited preview? No. However, the Microsoft team running the preview will provide support on a best-effort basis. The feature will be fully supported once it is generally available (GA). How do I use this? Use Query Store catalog views or SSMS reports to find the query ID of the query you want to block, and execute sys.sp_query_store_set_hints. For example: EXEC sys.sp_query_store_set_hints @query_id = 17, @query_hints = N'OPTION (USE HINT (''ABORT_QUERY_EXECUTION''))'; What happens when a query with this hint is executed? This hint can be specified directly or as a Query Store hint. In either case, the query fails immediately with a severity 16 error: Query execution has been aborted because the ABORT_QUERY_EXECUTION hint was specified. How do I unblock a query? Remove the hint by executing sys.sp_query_store_clear_hints with the same value for the @query_id parameter. Can I block a query that is not yet recorded in Query Store? No. At least one complete execution of the query must be recorded in Query Store. That query execution does not have to be successful. This means that a query that started executing but was canceled or timed out can be blocked. When I add the hint, does it abort any currently executing queries? No. The hint only aborts future query executions. You can use KILL to abort currently executing queries. What permissions are required to use this? As with all other Query Store hints, the ALTER permission on the database is required to set and clear the hint. Can I block all queries matching a query hash? Not directly. As with all other Query Store hints, you must use a query ID to set a hint. However, you can create automation that will periodically find all new query IDs matching a given query hash and block them.Dec 05, 2024347Views4likes0Comments
- 7 MIN READWe are pleased to announce the public preview of bidirectional audio streaming, enhancing the capabilities of voice based conversational AI. During Satya Nadella’s keynote at Ignite, Seth Juarez demonstrated a voice agent engaging in a live phone conversation with a customer. You can now create similar experiences using Azure Communication Services bidirectional audio streaming APIs and GPT 4o model. In our recent Ignite blog post, we announced the upcoming preview of our audio streaming APIs. Now that it is publicly available, this blog describes how to use the bidirectional audio streaming APIs available in Azure Communication Services Call Automation SDK to build low-latency voice agents powered by GPT 4o Realtime API. How does the bi-directional audio streaming API enhance the quality of voice-driven agent experiences? AI-powered agents facilitate seamless, human-like interactions and can engage with users through various channels such as chat or voice. In the context of voice communication, low latency in conversational responses is crucial as delays can cause users to perceive a lack of response and disrupt the flow of conversation. Gone are the days when building a voice bot required stitching together multiple models for transcription, inference, and text-to-speech conversion. Developers can now stream live audio from an ongoing call (VoIP or telephony) to their backend server logic using the bi-directional audio streaming APIs, leverage GPT 4o to process audio input, and deliver responses back with minimal latency for the caller/user. Building Your Own Real-Time Voice Agent In this section, we walk you through a QuickStart for using Call Automation’s audio streaming APIs for building a voice agent. Before you begin, ensure you have the following: Active Azure Subscription: Create an account for free. Azure Communication Resource: Create an Azure Communication Resource and record your resource connection string for later use. Azure Communication Services Phone Number: A calling-enabled phone number. You can buy a new phone number or use a free trial number. Azure Dev Tunnels CLI: For details, see Enable dev tunnel. Azure OpenAI Resource: Set up an Azure OpenAI resource by following the instructions in Create and deploy an Azure OpenAI Service resource. Azure OpenAI Service Model: To use this sample, you must have the GPT-4o-Realtime-Preview model deployed. Follow the instructions at GPT-4o Realtime API for speech and audio (Preview) to set it up. Development Environment: Familiarity with .NET and basic asynchronous programming. Clone the quick start sample application: You can find the quick start at Azure Communication Services Call Automation and Azure OpenAI Service. git clone https://github.com/Azure-Samples/communication-services-dotnet-quickstarts.git After completing the prerequisites, open the cloned project and follow these setup steps. Environment Setup Before running this sample, you need to set up the previously mentioned resources with the following configuration updates: Setup and host your Azure dev tunnel Azure Dev tunnels is an Azure service that enables you to expose locally hosted web services to the internet. Use the following commands to connect your local development environment to the public internet. This creates a tunnel with a persistent endpoint URL and enables anonymous access. We use this endpoint to notify your application of calling events from the Azure Communication Services Call Automation service. devtunnel create --allow-anonymous devtunnel port create -p 5165 devtunnel host 2. Navigate to the quick start CallAutomation_AzOpenAI_Voice from the project you cloned. 3. Add the required API keys and endpoints Open the appsettings.json file and add values for the following settings: DevTunnelUri: Your dev tunnel endpoint AcsConnectionString: Azure Communication Services resource connection string AzureOpenAIServiceKey: OpenAI Service Key AzureOpenAIServiceEndpoint: OpenAI Service Endpoint AzureOpenAIDeploymentModelName: OpenAI Model name Run the Application Ensure your AzureDevTunnel URI is active and points to the correct port of your localhost application. Run the command dotnet run to build and run the sample application. Register an Event Grid Webhook for the IncomingCall Event that points to your DevTunnel URI (https://<your-devtunnel-uri/api/incomingCall>). For more information, see Incoming call concepts. Test the app Once the application is running: Call your Azure Communication Services number: Dial the number set up in your Azure Communication Services resource. A voice agent answer, enabling you to converse naturally. View the transcription: See a live transcription in the console window. QuickStart Walkthrough Now that the app is running and testable, let’s explore the quick start code snippet and how to use the new APIs. Within the program.cs file, the endpoint /api/incomingCall, handles inbound calls. app.MapPost("/api/incomingCall", async ( [FromBody] EventGridEvent[] eventGridEvents, ILogger<Program> logger) => { foreach (var eventGridEvent in eventGridEvents) { Console.WriteLine($"Incoming Call event received."); // Handle system events if (eventGridEvent.TryGetSystemEventData(out object eventData)) { // Handle the subscription validation event. if (eventData is SubscriptionValidationEventData subscriptionValidationEventData) { var responseData = new SubscriptionValidationResponse { ValidationResponse = subscriptionValidationEventData.ValidationCode }; return Results.Ok(responseData); } } var jsonObject = Helper.GetJsonObject(eventGridEvent.Data); var callerId = Helper.GetCallerId(jsonObject); var incomingCallContext = Helper.GetIncomingCallContext(jsonObject); var callbackUri = new Uri(new Uri(appBaseUrl), $"/api/callbacks/{Guid.NewGuid()}?callerId={callerId}"); logger.LogInformation($"Callback Url: {callbackUri}"); var websocketUri = appBaseUrl.Replace("https", "wss") + "/ws"; logger.LogInformation($"WebSocket Url: {callbackUri}"); var mediaStreamingOptions = new MediaStreamingOptions( new Uri(websocketUri), MediaStreamingContent.Audio, MediaStreamingAudioChannel.Mixed, startMediaStreaming: true ) { EnableBidirectional = true, AudioFormat = AudioFormat.Pcm24KMono }; var options = new AnswerCallOptions(incomingCallContext, callbackUri) { MediaStreamingOptions = mediaStreamingOptions, }; AnswerCallResult answerCallResult = await client.AnswerCallAsync(options); logger.LogInformation($"Answered call for connection id: {answerCallResult.CallConnection.CallConnectionId}"); } return Results.Ok(); }); In the preceding code, MediaStreamingOptions encapsulates all the configurations for bidirectional streaming. WebSocketUri: We use the dev tunnel URI with the WebSocket protocol, appending the path /ws. This path manages the WebSocket messages. MediaStreamingContent: The current version of the API supports only audio. Audio Channel: Supported formats include: Mixed: Contains the combined audio streams of all participants on the call, flattened into one stream. Unmixed: Contains a single audio stream per participant per channel, with support for up to four channels for the most dominant speakers at any given time. You also get a participantRawID to identify the speaker. StartMediaStreaming: This flag, when set to true, enables the bidirectional stream automatically once the call is established. EnableBidirectional: This enables audio sending and receiving. By default, it only receives audio data from Azure Communication Services to your application. AudioFormat: This can be either 16k pulse code modulation (PCM) mono or 24k PCM mono. Once you configure all these settings, you need to pass them to AnswerCallOptions. Now that the call is established, let's dive into the part for handling WebSocket messages. This code snippet handles the audio data received over the WebSocket. The WebSocket's path is specified as /ws, which corresponds to the WebSocketUri provided in the configuration. app.Use(async (context, next) => { if (context.Request.Path == "/ws") { if (context.WebSockets.IsWebSocketRequest) { try { var webSocket = await context.WebSockets.AcceptWebSocketAsync(); var mediaService = new AcsMediaStreamingHandler(webSocket, builder.Configuration); // Set the single WebSocket connection await mediaService.ProcessWebSocketAsync(); } catch (Exception ex) { Console.WriteLine($"Exception received {ex}"); } } else { context.Response.StatusCode = StatusCodes.Status400BadRequest; } } else { await next(context); } }); The method await mediaService.ProcessWebSocketAsync() processesg all incoming messages. The method establishes a connection with OpenAI, initiates a conversation session, and waits for a response from OpenAI. This method ensures seamless communication between the application and OpenAI, enabling real-time audio data processing and interaction. // Method to receive messages from WebSocket public async Task ProcessWebSocketAsync() { if (m_webSocket == null) { return; } // Start forwarder to AI model m_aiServiceHandler = new AzureOpenAIService(this, m_configuration); try { m_aiServiceHandler.StartConversation(); await StartReceivingFromAcsMediaWebSocket(); } catch (Exception ex) { Console.WriteLine($"Exception -> {ex}"); } finally { m_aiServiceHandler.Close(); this.Close(); } } Once the application receives data from Azure Communication Services, it parses the incoming JSON payload to extract the audio data segment. The application then forwards the segment to OpenAI for further processing. The parsing ensures data integrity ibefore sending it to OpenAI for analysis. // Receive messages from WebSocket private async Task StartReceivingFromAcsMediaWebSocket() { if (m_webSocket == null) { return; } try { while (m_webSocket.State == WebSocketState.Open || m_webSocket.State == WebSocketState.Closed) { byte[] receiveBuffer = new byte; WebSocketReceiveResult receiveResult = await m_webSocket.ReceiveAsync(new ArraySegment(receiveBuffer), m_cts.Token); if (receiveResult.MessageType != WebSocketMessageType.Close) { string data = Encoding.UTF8.GetString(receiveBuffer).TrimEnd('\0'); await WriteToAzOpenAIServiceInputStream(data); } } } catch (Exception ex) { Console.WriteLine($"Exception -> {ex}"); } } Here is how the application parses and forwards the data segment to OpenAI using the established session: private async Task WriteToAzOpenAIServiceInputStream(string data) { var input = StreamingData.Parse(data); if (input is AudioData audioData) { using (var ms = new MemoryStream(audioData.Data)) { await m_aiServiceHandler.SendAudioToExternalAI(ms); } } } Once the application receives the response from OpenAI, it formats the data to be forwarded to Azure Communication Services and relays the response in the call. If the application detects voice activity while OpenAI is talking, it sends a barge-in message to Azure Communication Services to manage the voice playing in the call. // Loop and wait for the AI response private async Task GetOpenAiStreamResponseAsync() { try { await m_aiSession.StartResponseAsync(); await foreach (ConversationUpdate update in m_aiSession.ReceiveUpdatesAsync(m_cts.Token)) { if (update is ConversationSessionStartedUpdate sessionStartedUpdate) { Console.WriteLine($"<<< Session started. ID: {sessionStartedUpdate.SessionId}"); Console.WriteLine(); } if (update is ConversationInputSpeechStartedUpdate speechStartedUpdate) { Console.WriteLine($" -- Voice activity detection started at {speechStartedUpdate.AudioStartTime} ms"); // Barge-in, send stop audio var jsonString = OutStreamingData.GetStopAudioForOutbound(); await m_mediaStreaming.SendMessageAsync(jsonString); } if (update is ConversationInputSpeechFinishedUpdate speechFinishedUpdate) { Console.WriteLine($" -- Voice activity detection ended at {speechFinishedUpdate.AudioEndTime} ms"); } if (update is ConversationItemStreamingStartedUpdate itemStartedUpdate) { Console.WriteLine($" -- Begin streaming of new item"); } // Audio transcript updates contain the incremental text matching the generated output audio. if (update is ConversationItemStreamingAudioTranscriptionFinishedUpdate outputTranscriptDeltaUpdate) { Console.Write(outputTranscriptDeltaUpdate.Transcript); } // Audio delta updates contain the incremental binary audio data of the generated output audio // matching the output audio format configured for the session. if (update is ConversationItemStreamingPartDeltaUpdate deltaUpdate) { if (deltaUpdate.AudioBytes != null) { var jsonString = OutStreamingData.GetAudioDataForOutbound(deltaUpdate.AudioBytes.ToArray()); await m_mediaStreaming.SendMessageAsync(jsonString); } } if (update is ConversationItemStreamingTextFinishedUpdate itemFinishedUpdate) { Console.WriteLine(); Console.WriteLine($" -- Item streaming finished, response_id={itemFinishedUpdate.ResponseId}"); } if (update is ConversationInputTranscriptionFinishedUpdate transcriptionCompletedUpdate) { Console.WriteLine(); Console.WriteLine($" -- User audio transcript: {transcriptionCompletedUpdate.Transcript}"); Console.WriteLine(); } if (update is ConversationResponseFinishedUpdate turnFinishedUpdate) { Console.WriteLine($" -- Model turn generation finished. Status: {turnFinishedUpdate.Status}"); } if (update is ConversationErrorUpdate errorUpdate) { Console.WriteLine(); Console.WriteLine($"ERROR: {errorUpdate.Message}"); break; } } } catch (OperationCanceledException e) { Console.WriteLine($"{nameof(OperationCanceledException)} thrown with message: {e.Message}"); } catch (Exception ex) { Console.WriteLine($"Exception during AI streaming -> {ex}"); } } Once the data is prepared for Azure Communication Services, the application sends the data over the WebSocket: public async Task SendMessageAsync(string message) { if (m_webSocket?.State == WebSocketState.Open) { byte[] jsonBytes = Encoding.UTF8.GetBytes(message); // Send the PCM audio chunk over WebSocket await m_webSocket.SendAsync(new ArraySegment<byte>(jsonBytes), WebSocketMessageType.Text, endOfMessage: true, CancellationToken.None); } } This wraps up our QuickStart overview. We hope you create outstanding voice agents with the new audio streaming APIs. Happy coding! For more information about Azure Communication Services bidirectional audio streaming APIs , check out: GPT-4o Realtime API for speech and audio (Preview) Audio streaming overview - audio subscription Quickstart - Server-side Audio StreamingDec 05, 2024120Views1like0Comments
- 5 MIN READIn today’s rapidly evolving technological landscape, managing applications across hybrid and multi-cloud environments has emerged as a complex challenge. Enter Azure Arc-enabled Kubernetes, a groundbreaking solution designed to simplify and streamline these operations. Let’s delve into the myriad offerings of Azure Arc-enabled Kubernetes and illustrate how it can transform hybrid and multi-cloud management for you. What is Azure Arc-enabled Kubernetes? Azure Arc-enabled Kubernetes extends Azure management capabilities to Kubernetes clusters running on-premises, at the edge, or in other cloud environments. By integrating with the Azure ecosystem, it provides a unified management experience, enabling you to manage, govern, and secure your Kubernetes clusters from a single control plane. Key Features and Offerings Unified Management Azure Arc-enabled Kubernetes brings all your Kubernetes clusters, whether on-premises or in the cloud, under one management umbrella. This unified approach simplifies operations, such as monitoring, reducing the complexity and overhead associated with managing disparate environments. Consistent Deployment One of the standout features of Azure Arc-enabled Kubernetes is its ability to deliver consistent deployment across various environments. By using GitOps-based configuration, you can ensure that your applications and infrastructure are deployed consistently, regardless of the underlying infrastructure. This consistency enhances reliability and reduces the risk of misconfigurations. Enhanced Security and Compliance Security and compliance are paramount in today’s IT landscape. Azure Arc-enabled Kubernetes leverages Azure Security Center and Azure Policy to provide robust security and compliance capabilities. With policy enforcement and threat detection, you can ensure that your Kubernetes clusters meet stringent security standards. Seamless Integration with Azure Services Azure Arc-enabled Kubernetes integrates seamlessly with a wide array of Azure services. Whether it’s Azure Monitor for observability, Azure DevOps for CI/CD pipelines and GitOps, or Azure Machine Learning for AI workloads, you can leverage Azure’s rich ecosystem to enhance your Kubernetes environments. Flexibility and Scalability Azure Arc-enabled Kubernetes offers unparalleled flexibility and scalability. It allows you to run your applications where it makes the most sense—on-premises, at the edge, or in the cloud—without compromising on management capabilities. This flexibility ensures that you can scale your operations seamlessly as your business grows. Simplifying Hybrid and Multi-Cloud Management Streamlined Operations Managing hybrid and multi-cloud environments traditionally involves dealing with multiple management tools and interfaces. Azure Arc-enabled Kubernetes streamlines these operations by providing a single management platform. This simplification reduces operational overhead and allows your IT team to focus on strategic initiatives rather than mundane management tasks. Centralized Governance Governance is a critical aspect of managing hybrid and multi-cloud environments. With Azure Arc-enabled Kubernetes, you can apply policies consistently across all your Kubernetes clusters. This centralized governance ensures that your environments comply with corporate and regulatory standards, regardless of where they are hosted. Improved Visibility Visibility is key to effective management. Azure Arc-enabled Kubernetes provides comprehensive visibility into your Kubernetes clusters through Azure Monitor and Azure Security Center. This enhanced visibility allows you to monitor the health, performance, and security of your clusters in real-time, enabling proactive management and quicker issue resolution. Reduced Total Cost of Ownership (TCO) By consolidating management operations and leveraging Azure’s integrated services, Azure Arc-enabled Kubernetes can significantly reduce the total cost of ownership. This reduction in TCO is achieved through decreased operational complexity, improved resource utilization, and the elimination of the need for multiple management tools. Real-World Use Cases To better understand the impact of Azure Arc-enabled Kubernetes, let’s explore some real-world use cases: Financial Services In the financial services industry, data privacy and compliance are of utmost importance. Azure Arc-enabled Kubernetes allows financial institutions to manage their Kubernetes clusters across on-premises data centers and public clouds, ensuring consistent security policies and compliance with regulatory requirements. Take a look at one of our customer’s case study: Microsoft Customer Story-World Bank invests in greater efficiency and security with Microsoft Azure Arc Healthcare Healthcare organizations can leverage Azure Arc-enabled Kubernetes to manage their applications across hybrid environments. This capability is crucial for maintaining data sovereignty and complying with health regulations while enabling efficient application deployment and management. Retail Retail businesses often operate in a hybrid environment, with applications running in on-premises data centers and public clouds. Azure Arc-enabled Kubernetes provides a unified management platform, allowing retailers to manage their applications consistently and efficiently, enhancing customer experiences and operational efficiency. Take a look at one of our customer’s case study: Microsoft Customer Story-DICK’S Sporting Goods creates an omnichannel athlete experience using Azure Arc and AKS Getting Started with Azure Arc-enabled Kubernetes Prerequisites Before you start, ensure that you have the following prerequisites in place: An Azure subscription Kubernetes clusters (on-premises, at the edge, or in other cloud environments) Azure CLI installed Basic knowledge of Kubernetes and Azure For additional prerequisites please refer here How to Discover and Deploy Kubernetes applications that support Azure Arc-enabled clusters: Discover Kubernetes Applications: 1. In the Azure portal, search for Marketplace on the top search bar. In the results, under Services, select Marketplace. 2. You can search for an offer or publisher directly by name, or you can browse all offers. To find Kubernetes application offers, on the left side under Categories select Containers. 3. You'll see several Kubernetes application offers displayed on the page. To view all of the Kubernetes application offers, select See more. 4. Search for the applications using the ‘publisherId’ that was identified earlier as part of discovering applications that support connected clusters. Deploying a Kubernetes application using the Azure Portal: 1. On the Plans + Pricing tab, review the options. If there are multiple plans available, find the one that meets your needs. Review the terms on the page to make sure they're acceptable, and then select Create. 2. Select the resource group and Arc-enabled cluster to which you want to deploy the application. 3. Complete all pages of the deployment wizard to specify all configuration options that the application requires. 4. When you're finished, select Review + Create, then select Create to deploy the offer. 5. When the application is deployed, the portal shows Your deployment is complete, along with details of the deployment. 6. Lastly, verify the deployment navigating to the cluster you recently installed the extension on, then navigate to Extensions, where you'll see the extension status. If the deployment was successful, the Status will be Succeeded. If the status is Creating, the deployment is still in progress. Wait a few minutes then check again. Conclusion Azure Arc-enabled Kubernetes is a powerful solution that simplifies hybrid and multi-cloud management for tech enthusiasts and enterprises alike. With its unified management capabilities, consistent deployment, enhanced security, and seamless integration with Azure services, it transforms the way you manage your Kubernetes clusters. By adopting Azure Arc-enabled Kubernetes, you can streamline operations, improve visibility, and reduce costs, all while leveraging the flexibility and scalability of hybrid and multi-cloud environments. Embrace the future of Kubernetes management with Azure Arc and unlock the full potential of your hybrid and multi-cloud strategy. 😄Dec 05, 202473Views0likes0Comments