In a typical SOC environment, Tier 1 analysts are responsible for reviewing incoming security incidents. They're in charge of investigating and resolving non-critical alerts, including the identification of false positives. When a critical incident is detected, the Tier 1 analyst must quickly escalate it to the Tier 2 or 3 team for a more thorough investigation. In this case study, you will take on the role of a Tier 1 analyst and discover how Copilot for Security can support you throughout the investigation. It is a tool designed to enable you to assess and manage incidents with greater efficiency and effectiveness.
Let’s use a security incident in the Microsoft Defender XDR portal for our case study. As shown in the next screen capture, this high-severity incident involves three devices, four users and one email account. It consists of a correlation of 25 alerts generated by different Microsoft security solutions. This incident, titled 'Multi-stage incident involving Initial access & Lateral movement on multiple endpoints reported by multiple sources' appears complex, extensive, and intimidating.
As soon as you start examining this incident in the Microsoft Defender XDR portal, Copilot for Security is already present on the incident page, as shown in the next diagram. It automatically creates a summary of the incident, providing a clear overview of the attack. Additionally, it offers tailored guidance for responding to the incident through its Guided Response feature, which is also accessible on the incident page.
Rather than sifting through all 25 alerts in the incident to understand the attack, let’s review the summary provided by Copilot for Security first. You can copy the incident summary for further review using Copilot’s “Copy to clipboard” option. This feature is illustrated in the next screenshot.
For your reference, here is the full incident summary copied from Copilot:
The high severity incident 'Multi-stage incident involving Initial access & Lateral movement on multiple endpoints reported by multiple sources' occurred between 2024-08-06 17:15:43 UTC and 2024-08-11 00:01:42 UTC. It was tagged as Credential Phish and Lateral Movement.
InitialAccess: The incident began at 2024-08-06 17:15:43 UTC when user 'kdickens' clicked on a malicious URL 'hxxps://fm06722326.mangodune-7572a721.eastus.azurecontainerapps.io/'.
Discovery: At 2024-08-06 17:16:17 UTC, a suspicious sequence of exploration activities were detected on 'mb-winclient' (Windows 10), involving the processes 'whoami.exe', 'powershell.exe' (running as SYSTEM), and impacting users 'pgustavo' and 'kdickens'.
DefenseEvasion: At 2024-08-06 17:16:20 UTC, a process was injected with potentially malicious code on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
Execution: At 2024-08-06 17:16:20 UTC, a malicious PowerShell Cmdlet was invoked on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
CredentialAccess: At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.
LateralMovement: At 2024-08-06 17:17:09 UTC, an ongoing hands-on-keyboard attack via Impacket toolkit was detected on 'mb-adfs' (Windows Server 2022), involving the processes 'lsass.exe' (running as SYSTEM), 'powershell.exe' (running as SYSTEM), and impacting users 'LocalSystem' and 'adfsadmin'.
Persistence: At 2024-08-06 17:17:10 UTC, suspicious service creation was detected on 'mb-adfs' (Windows Server 2022), involving the process 'services.exe' (running as SYSTEM), and impacting user 'adfsadmin'.
CredentialAccess: At 2024-08-06 17:18:20 UTC, an ADFS private key extraction attempt was detected on 'mb-adfs' (Windows Server 2022), impacting user 'adfsadmin'.
DefenseEvasion: At 2024-08-11 00:01:42 UTC, an attempt to hide the use of a dual-purpose tool was detected on 'mb-adfs' (Windows Server 2022), involving the file 'jyglecpm.1v0.exe', and impacting user 'adfsadmin'.
As seen from the incident summary, Copilot for Security provides an overview of the incident that helps you to quickly understand the scope and impact of the attack. It groups the suspicious events into distinct attack stages, outlining the attack’s progression from initial access to lateral movement and persistent access. Each stage is detailed with specific timestamps and a concise summary of the events. In a typical investigation, the security analyst would need to create a similar incident outline manually. With Copilot, this process is now automated and much faster.
After reviewing the incident summary, it’s clear that this is a highly involved incident with multiple sophisticated attacks. As a Tier 1 analyst, your goal is to quickly assess the attacks, rule out the false positives, determine the impact of the incident, and decide whether it needs to be escalated. Let’s dive into some of the incident investigations and see how Copilot for Security can assist throughout the process.
Initial Access, Discovery, and Defense Evasion
The initial access occurs when the attacker gains entry into the target system or network. In this case, the attacker employs a common attack tactic by tricking the user to click on a malicious link, to establish the initial foothold within the user’s corporate network. The following excerpt is from the incident summary generated by Copilot.
InitialAccess: The incident began at 2024-08-06 17:15:43 UTC when user 'kdickens' clicked on a malicious URL 'hxxps://fm06722326.mangodune-7572a721.eastus.azurecontainerapps.io/'.
Once an attacker gains access to the corporate network, he/she needs to gather information about the environment. For instance, running the Windows process “whoami.exe” to gather details about the current user’s identity and environment. Executing “whoami /groups” shows the groups to which the current user belongs, revealing user’s access level and permissions within the system. This process is documented during the Discovery phase.
Discovery: At 2024-08-06 17:16:17 UTC, a suspicious sequence of exploration activities were detected on 'mb-winclient' (Windows 10), involving the processes 'whoami.exe', 'powershell.exe' (running as SYSTEM), and impacting users 'pgustavo' and 'kdickens'.
So far, the attack techniques encountered are standard and frequently observed. For a Tier 1 analyst, these techniques are familiar and well-known, making the investigation relatively simple.
However, starting from the Defense Evasion phase, things may get a bit tricky. You see a process injection event in the alert:
DefenseEvasion: At 2024-08-06 17:16:20 UTC, a process was injected with potentially malicious code on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
What might “a process was injected with potentially malicious code” indicate? What’s a process injection? Let’s consult with Copilot for Security.
You can switch from the embedded experience of Copilot to its standalone mode. This allows you to ask Copilot more questions using its prompt feature. In the Microsoft Defender XDR portal, you may have noticed that there is an ellipsis right inside the Copilot pane. It offers several options for you, including the one “Open in Copilot for Security”. Selecting this option enables you to switch from the Copilot’s embedded experience to its standalone mode. This is shown in the next screen capture.
The “Open in Copilot for Security” feature also allows you to continue your current Copilot session in the standalone experience, preserving any ongoing work or context from the embedded experience. In this standalone mode, you can use the prompt feature to ask additional questions or seek further information, as shown in the next screenshot:
Prompt to Copilot for Security: Can you tell me more about DefenseEvasion: a process was injected with potentially malicious code on 'mb-winclient' (Windows10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1'
The response from Copilot provides an overview of process injection and its characteristics:
The term "process injection" typically refers to a technique used by attackers to execute arbitrary code in the address space of a separate live process. This technique improves the stealth and evasion capabilities of malware since the execution of the malicious code does not result in the creation of a new process, making it harder to detect.
The full Copilot response is displayed in the next screen capture:
The process injection overview may still be somewhat abstract. You can follow up with Copilot for a more detailed description using a prompt seen in the next screen capture.
The next diagram presents a portion of the response from Copilot for Security. With this response from Copilot, you have a better understanding of process injection.
The information from Copilot adds more context and insights for this alert, enabling you, the Tier 1 analyst, to start a more thorough investigation immediately.
Back to the Microsoft Defender XDR portal, analysts typically leverage the Defender for Endpoint Timeline feature to investigate the event that might have triggered the alert “A process was injected with potentially malicious code.” The next screenshot shows that in the Timeline, Defender XDR recorded a device event, “powershell.exe executed a script,”. This event led Defender for Endpoint to immediately detect and report “powershell.exe process contains suspicious patterns in AMSI content related to ‘Process Injection’ and other techniques.” This then leads to the triggering of the process injection alert.
Defender XDR also provides the detailed PowerShell process commands that you can ask Copilot to analyze, as shown in the next screen capture.
With Copilot’s information on process injection, and combining the details from the device events, especially that the PowerShell script was executed from the user’s downloads directory, it’s clear that this is likely a malicious attack rather than a false positive. The use of a more advanced technique of process injection suggests that this case should be escalated to the Tier 2 team for further investigation.
In Defender XDR’s Timeline feature, security analysts typically review device events that occurred around the time the security alert was triggered to identify any additional malicious activity. This process is both time-consuming and labor-intensive. But now Copilot for Security can handle the heavy lifting for you. Let’s return to the Copilot standalone environment and use its prompt feature to accomplish this.
The prompt seen in the next screenshot instructs Copilot for Security to use a Defender KQL query to retrieve all device process events from around the time of the process injection activity. It then asks Copilot to analyze these events for any signs of suspicious activity.
As shown in the next screen capture, Copilot has flagged a few events that are worth investigating further.
You can ask Copilot for Security to further investigate these events with additional prompts in Copilot’s standalone experience.
This investigation may take some time to finish. However, as a Tier 1 analyst, you have concluded that these are likely malicious events involving sophisticated attack techniques. The Tier 2 team will need to carry out a more in-depth investigation. In the meantime, you can move on to the next set of security alerts.
Credential Access
In the incident summary, Copilot for Security also mentions a suspected DCSync attack as part of Credential Access activity:
CredentialAccess: At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.
What is a DCSync attack? Rather than spending a lot of time researching it online, you can leverage Copilot for Security’s standalone experience to quickly get an idea of what it is and how it works.
Prompt to Copilot for Security: In your incident summary, you mentioned that "At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'." What's a DCSync attack? Can you provide its TTPs?
The next screenshot displays the question you can ask Copilot, along with some of its responses.
Copilot for Security first provides an overview of the DCSync attack with some specific examples. It then walks you through the steps involved in a typical DCSync attack, as seen in the next snapshot.
After reviewing the information provided by Copilot for Security, you should have a better understanding of the key aspects of a DCSync attack and how it operates. If there are more questions or if further clarification is needed, you can always use Copilot’s prompt feature to gain additional insights.
Once you have a solid understanding of the DCSync attack, you can apply this knowledge to assist the security incident investigation. Back in the Defender XDR portal, when you examine the alert story for the “suspected DCSync attack” alert, you’ll likely notice something is off when the end user sends a replication request to a domain controller, as seen in the screen capture.
You can confirm your suspicion with Copilot by entering the following prompt in Copilot’s standalone mode:
Is it common for a regular user on a Windows 10 device to send a replication request to a DC?
As seen in the next screen capture, Copilot for Security confirms that “it is not common for a regular user on a Windows 10 device to send a replication request to a Domain Controller (DC). In a typical Active Directory environment, only Domain Controllers replicate data amongst themselves.”
At this point, you likely can confirm this is a true security incident, not a false positive. Given the nature of the attack, it will require further investigation by the Tier 2 team.
Without the help from Copilot for Security, researching and confirming whether suspicious behavior is truly malicious can be time-consuming and labor-intensive. However, with Copilot for Security, it is faster and more straightforward to confirm malicious activities. Additionally, its provided explanations offer more context, helping the Tier 1 analyst to assess the impact and severity of the incident. This enables the analyst to quickly decide if the incident needs to be escalated to the Tier 2 team or not.
Lateral Movement
In this same security incident, there is an alert for “an ongoing hands-on-keyboard attack via Impacket toolkit”:
LateralMovement: At 2024-08-06 17:17:09 UTC, an ongoing hands-on-keyboard attack via Impacket toolkit was detected on 'mb-adfs' (Windows Server 2022), involving the processes 'lsass.exe' (running as SYSTEM), 'powershell.exe' (running as SYSTEM), and impacting users 'LocalSystem' and 'adfsadmin'.
While the description of the Impacket toolkit in the Microsoft Defender XDR portal is helpful, but for more detailed insight, you can turn to Copilot for Security’s standalone experience and ask:
Can you tell me more about the Impacket tool? Where is it used most often? How is it exploited by attackers?
Copilot provides a more thorough description of this toolkit:
It’s worth noting that in Copilot’s description of the toolkit, it was emphasized that while Impacket is a legitimate tool, it can also be exploited by attackers. Copilot included several simple examples to illustrate this:
While Impacket is a legitimate tool with many valid uses, it can also be exploited by attackers due to its powerful capabilities. For example, attackers can use Impacket to move laterally across a network, execute commands on remote systems, or extract sensitive information such as password hashes.
Copilot for Security then highlighted a specific attack scenario, pointing out that Impacket can be used to carry out a DCSync attack. And, as the Tier 1 analyst, you have just confirmed that a DCSync attack is involved in the same security incident.
It's also worth mentioning that while using Copilot for Security, it captures the sequence of your prompts and responses in a session. A session is a distinct interaction period with Copilot for Security, during which Copilot retains the context of the conversation. This allows it to provide relevant answers to subsequent requests, ensuring that the conversation flows logically, and that each response builds upon the previous ones.
Persistence
As we proceed with the incident summary generated by Copilot for Security, the next security alert is a suspicious service creation event occurred during the persistence stage:
Persistence: At 2024-08-06 17:17:10 UTC, suspicious service creation was detected on 'mb-adfs' (Windows Server 2022), involving the process 'services.exe' (running as SYSTEM), and impacting user 'adfsadmin'.
If you start examining this alert in the Microsoft Defender XDR portal, you will notice that Defender for Identity and Defender for Endpoint EDR all generated similar alerts, likely for the same suspicious event, as seen in the next screen capture:
Let’s first take a look at “suspicious service creation” alert triggered in Defender for Identity, as shown next:
The service path listed in the alert looks suspicious and it is encoded. Let's use the following prompt to consult Copilot and understand its purpose.
Can you decode then tell me more about this service path: %COMSPEC% /C “powershell.exe -EncodedCommand QwA6AFwAUwBjAHIAaQBwAHQAcwBcAFIAZQBuAGEAbQBlAFAAbwB3AGUAcgBzAGgAZQBsAGwALgBwAHMAMQA=”
The next screen capture displays the response from Copilot for Security:
Copilot for Security provides a detailed breakdown of the service path. It identifies the encoded command as base64 encoding and decodes it for you. It then concludes with a summary: “this service path is used to execute the RenamePowershell.ps1 PowerShell script located in the C:\Scripts\ directory. The use of base64 encoding can often be a technique to obfuscate the actual command being run, which could be a sign of malicious activity.”
This information is helpful. Let's continue examining the other related security alerts. The “suspicious service registration” alert triggered in Defender for Endpoint likely pertains to the same suspicious activity that was just looked at. This alert provides a little bit more information and mentions “services.exe modified service image file”, as shown next.
Using the following prompt, let’s see what Copilot for Security can find out:
Can you explain in more detail about the following event: services.exe modified service image file from to %COMSPEC% /C "powershell.exe -EncodedCommand QwA6AFwAUwBjAHIAaQBwAHQAcwBcAFIAZQBuAGEAbQBlAFAAbwB3AGUAcgBzAGgAZQBsAGwALgBwAHMAMQA=" for service WDUAPJKVADPWOQLFGQSH
The screenshot shown next displays Copilot’s response.
Copilot’s findings for this “suspicious service registration” alert closely align with its analysis on the “suspicious service creation” alert triggered in Defender for Identity. This confirms the suspicion that the two alerts from different security solutions are both reporting the same malicious activity. However, because the Defender for Endpoint alert points out a "services.exe modified service image file" and this detail was included in the prompt, Copilot for Security can now provide additional insights in its analysis that weren't present in the previous report. You now have a clear picture of this malicious activity: the services.exe process has been set to run RenamePowershell.ps1 whenever the WDUAPJKVADPWOQLFGQSH service is started. For your reference, the following snippet is taken from Copilot's last response:
It's worth noting that changes to service image file paths, especially those involving scripts or unusual locations, can be a sign of malicious activity. In this case, the services.exe process has been instructed to launch a PowerShell script whenever the WDUAPJKVADPWOQLFGQSH service is started, which is unusual behavior and could potentially be malicious.
This example also highlights the importance of effective prompting. The more specific information you provide to Copilot, the more relevant and precise responses you’re likely to receive.
In addition, this example highlights the Microsoft Defender XDR's capability to integrate and correlate data across various Defender solutions. When different Defender tools detect the same malicious activity, they each generate separate alerts. Microsoft Defender XDR then aggregates these alerts into a unified incident. This correlation helps to provide a comprehensive view of the threat.
Credential Access
Let's review one more alert from the incident summary provided by Copilot for Security: suspicious credential access event involving an ADFS private key extraction:
CredentialAccess: At 2024-08-06 17:18:20 UTC, an ADFS private key extraction attempt was detected on 'mb-adfs' (Windows Server 2022), impacting user 'adfsadmin'.
You will use Copilot for Security to again get a better understanding of the alert. In the Microsoft Defender XDR portal, the device Timeline very often shows the events that led to the alert being triggered. For this security alert, the device event, "jyglecpm.1v0.exe ran an LDAP query", triggered the alert “ADFS private key extraction attempt”, as seen in the next screenshot. To further investigate this device event, one option is to utilize Copilot for Security to analyze the command line for jyglecpm.1v0.exe. You can perform this directly within the Microsoft Defender XDR portal leveraging the embedded experience of Copilot for Security. Alternatively, in standalone mode, you can paste the command line into the Copilot prompt and request for analysis.
As shown in the next screen capture, Copilot for Security offers a detailed analysis of the command line through its embedded experience.
From the Copilot analysis excerpt shown below, you can sense something isn’t right when jyglecpm.1v0.exe performed the LDAP query:
The provided command line script executes a file named "jyglecpm.1v0.exe" in a hidden window. It then uses the '-encodedCommand' parameter to run a base64-encoded command. The base64 string decodes to a PowerShell script located at 'C:\Scripts\ExportADFSTokenSigningCert.ps1'. This suggests that the script is likely used to execute a hidden process and then run a PowerShell script, possibly for malicious purposes.
To further investigate, you can first get a sense of what are the normal LDAP operations by prompting Copilot with the following questions in its standalone experience:
The next screenshot displays the information provided back by Copilot:
Based on Copilot’s explanation, you quickly gain an understanding of LDAP and how it operates. LDAP queries are typically initiated by client applications or services that need to access data stored in a directory service. For instance, an email client might perform an LDAP query to retrieve the email addresses of users within an organization.
Now you may be wondering, why would an unfamiliar and rarely seen process like "jyglecpm.1v0.exe" need to run an LDAP query to access data in a directory service? It is especially suspicious with its encoded command line. Let’s continue to consult Copilot with the prompt shown in the next screenshot:
Copilot for Security, leveraging its vast amount of knowledge, comments: “The command line script you provided does not appear to be a normal LDAP operation. It executes …” The full response from Copilot is displayed in the next screen capture:
Without the assistance of Copilot for Security, determining whether a behavior is truly malicious can be time-consuming and labor-intensive. Traditional methods typically involve extensive manual research, multiple clicks, and complex navigation through various user interface elements. Analysts often need to sift through many data points and conduct in-depth analyses to assess the severity of threats, which can delay the identification of true risks.
However, with Copilot for Security, this process becomes significantly more efficient and straightforward. Analysts can quickly ask specific questions about suspicious behavior rather than spending extended periods researching online. By providing additional context and explanations directly within the platform, Copilot enables Tier 1 analysts to quickly understand the nature and severity of an incident. This instant clarity allows analysts to make informed decisions and determine whether escalation to Tier 2 or 3 teams is necessary, thus accelerating threat response and reducing the overall time spent on investigation.
Updated Sep 25, 2024
Version 1.0
No CommentsBe the first to comment
Share
"}},"componentScriptGroups({\"componentId\":\"custom.widget.Social_Sharing\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"component({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"Component","render({\"context\":{\"component\":{\"entities\":[],\"props\":{}},\"page\":{\"entities\":[\"board:SecurityCopilotBlog\",\"message:4251623\"],\"name\":\"BlogMessagePage\",\"props\":{},\"url\":\"https://techcommunity.microsoft.com/blog/securitycopilotblog/case-study-harnessing-copilot-for-security-in-defending-against-cyberthreats/4251623\"}}})":{"__typename":"ComponentRenderResult","html":""}},"componentScriptGroups({\"componentId\":\"custom.widget.MicrosoftFooter\"})":{"__typename":"ComponentScriptGroups","scriptGroups":{"__typename":"ComponentScriptGroupsDefinition","afterInteractive":{"__typename":"PageScriptGroupDefinition","group":"AFTER_INTERACTIVE","scriptIds":[]},"lazyOnLoad":{"__typename":"PageScriptGroupDefinition","group":"LAZY_ON_LOAD","scriptIds":[]}},"componentScripts":[]},"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/community/NavbarDropdownToggle\"]})":[{"__ref":"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/common/QueryHandler\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCoverImage\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCoverImage-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeTitle\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTimeToRead\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageSubject\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageSubject-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserLink\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserLink-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserRank\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserRank-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageTime\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageTime-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageBody\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageBody-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageCustomFields\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageCustomFields-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageRevision\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageRevision-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageReplyButton\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageReplyButton-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/messages/MessageAuthorBio\"]})":[{"__ref":"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/users/UserAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/ranks/UserRankLabel\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/users/UserRegistrationDate\"]})":[{"__ref":"CachedAsset:text:en_US-components/users/UserRegistrationDate-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeAvatar\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeDescription\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"components/tags/TagView/TagViewChip\"]})":[{"__ref":"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1743095130000"}],"cachedText({\"lastModified\":\"1743095130000\",\"locale\":\"en-US\",\"namespaces\":[\"shared/client/components/nodes/NodeIcon\"]})":[{"__ref":"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1743095130000"}]},"CachedAsset:pages-1743150526968":{"__typename":"CachedAsset","id":"pages-1743150526968","value":[{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"BlogViewAllPostsPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CasePortalPage","type":"CASE_PORTAL","urlPath":"/caseportal","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CreateGroupHubPage","type":"GROUP_HUB","urlPath":"/groups/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CaseViewPage","type":"CASE_DETAILS","urlPath":"/case/:caseId/:caseNumber","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"InboxPage","type":"COMMUNITY","urlPath":"/inbox","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"HelpFAQPage","type":"COMMUNITY","urlPath":"/help","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"IdeaMessagePage","type":"IDEA_POST","urlPath":"/idea/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"IdeaViewAllIdeasPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"LoginPage","type":"USER","urlPath":"/signin","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"BlogPostPage","type":"BLOG","urlPath":"/category/:categoryId/blogs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"UserBlogPermissions.Page","type":"COMMUNITY","urlPath":"/c/user-blog-permissions/page","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ThemeEditorPage","type":"COMMUNITY","urlPath":"/designer/themes","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TkbViewAllArticlesPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllEvents","type":"CUSTOM","urlPath":"/Events","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"OccasionEditPage","type":"EVENT","urlPath":"/event/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"OAuthAuthorizationAllowPage","type":"USER","urlPath":"/auth/authorize/allow","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"PageEditorPage","type":"COMMUNITY","urlPath":"/designer/pages","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"PostPage","type":"COMMUNITY","urlPath":"/category/:categoryId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForumBoardPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TkbBoardPage","type":"TKB","urlPath":"/category/:categoryId/kb/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"EventPostPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"UserBadgesPage","type":"COMMUNITY","urlPath":"/users/:login/:userId/badges","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"GroupHubMembershipAction","type":"GROUP_HUB","urlPath":"/membership/join/:nodeId/:membershipType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"MaintenancePage","type":"COMMUNITY","urlPath":"/maintenance","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"IdeaReplyPage","type":"IDEA_REPLY","urlPath":"/idea/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"UserSettingsPage","type":"USER","urlPath":"/mysettings/:userSettingsTab","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"GroupHubsPage","type":"GROUP_HUB","urlPath":"/groups","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForumPostPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"OccasionRsvpActionPage","type":"OCCASION","urlPath":"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"VerifyUserEmailPage","type":"USER","urlPath":"/verifyemail/:userId/:verifyEmailToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"AllOccasionsPage","type":"OCCASION","urlPath":"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"EventBoardPage","type":"EVENT","urlPath":"/category/:categoryId/events/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TkbReplyPage","type":"TKB_REPLY","urlPath":"/kb/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"IdeaBoardPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CommunityGuideLinesPage","type":"COMMUNITY","urlPath":"/communityguidelines","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CaseCreatePage","type":"SALESFORCE_CASE_CREATION","urlPath":"/caseportal/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TkbEditPage","type":"TKB","urlPath":"/kb/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForgotPasswordPage","type":"USER","urlPath":"/forgotpassword","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"IdeaEditPage","type":"IDEA","urlPath":"/idea/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TagPage","type":"COMMUNITY","urlPath":"/tag/:tagName","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"BlogBoardPage","type":"BLOG","urlPath":"/category/:categoryId/blog/:boardId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"OccasionMessagePage","type":"OCCASION_TOPIC","urlPath":"/event/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ManageContentPage","type":"COMMUNITY","urlPath":"/managecontent","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ClosedMembershipNodeNonMembersPage","type":"GROUP_HUB","urlPath":"/closedgroup/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CommunityPage","type":"COMMUNITY","urlPath":"/","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForumMessagePage","type":"FORUM_TOPIC","urlPath":"/discussions/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"IdeaPostPage","type":"IDEA","urlPath":"/category/:categoryId/ideas/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"CommunityHub.Page","type":"CUSTOM","urlPath":"/Directory","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"BlogMessagePage","type":"BLOG_ARTICLE","urlPath":"/blog/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"RegistrationPage","type":"USER","urlPath":"/register","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"EditGroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForumEditPage","type":"FORUM","urlPath":"/discussions/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ResetPasswordPage","type":"USER","urlPath":"/resetpassword/:userId/:resetPasswordToken","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1730819800000,"localOverride":null,"page":{"id":"AllBlogs.Page","type":"CUSTOM","urlPath":"/blogs","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TkbMessagePage","type":"TKB_ARTICLE","urlPath":"/kb/:boardId/:messageSubject/:messageId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"BlogEditPage","type":"BLOG","urlPath":"/blog/:boardId/:messageSubject/:messageId/edit","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ManageUsersPage","type":"USER","urlPath":"/users/manage/:tab?/:manageUsersTab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForumReplyPage","type":"FORUM_REPLY","urlPath":"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"PrivacyPolicyPage","type":"COMMUNITY","urlPath":"/privacypolicy","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"NotificationPage","type":"COMMUNITY","urlPath":"/notifications","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"UserPage","type":"USER","urlPath":"/users/:login/:userId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"OccasionReplyPage","type":"OCCASION_REPLY","urlPath":"/event/:boardId/:messageSubject/:messageId/comments/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ManageMembersPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/manage/:tab?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"SearchResultsPage","type":"COMMUNITY","urlPath":"/search","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"BlogReplyPage","type":"BLOG_REPLY","urlPath":"/blog/:boardId/:messageSubject/:messageId/replies/:replyId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"GroupHubPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TermsOfServicePage","type":"COMMUNITY","urlPath":"/termsofservice","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"CategoryPage","type":"CATEGORY","urlPath":"/category/:categoryId","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"ForumViewAllTopicsPage","type":"FORUM","urlPath":"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"TkbPostPage","type":"TKB","urlPath":"/category/:categoryId/kbs/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"},{"lastUpdatedTime":1743150526968,"localOverride":null,"page":{"id":"GroupHubPostPage","type":"GROUP_HUB","urlPath":"/group/:groupHubId/:boardId/create","__typename":"PageDescriptor"},"__typename":"PageResource"}],"localOverride":false},"CachedAsset:text:en_US-components/context/AppContext/AppContextProvider-0":{"__typename":"CachedAsset","id":"text:en_US-components/context/AppContext/AppContextProvider-0","value":{"noCommunity":"Cannot find community","noUser":"Cannot find current user","noNode":"Cannot find node with id {nodeId}","noMessage":"Cannot find message with id {messageId}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-0","value":{"title":"Loading..."},"localOverride":false},"User:user:-1":{"__typename":"User","id":"user:-1","uid":-1,"login":"Deleted","email":"","avatar":null,"rank":null,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":"ANONYMOUS","registrationTime":null,"confirmEmailStatus":false,"registrationAccessLevel":"VIEW","ssoRegistrationFields":[]},"ssoId":null,"profileSettings":{"__typename":"ProfileSettings","dateDisplayStyle":{"__typename":"InheritableStringSettingWithPossibleValues","key":"layout.friendly_dates_enabled","value":"false","localValue":"true","possibleValues":["true","false"]},"dateDisplayFormat":{"__typename":"InheritableStringSetting","key":"layout.format_pattern_date","value":"MMM dd yyyy","localValue":"MM-dd-yyyy"},"language":{"__typename":"InheritableStringSettingWithPossibleValues","key":"profile.language","value":"en-US","localValue":"en","possibleValues":["en-US"]}},"deleted":false},"Theme:customTheme1":{"__typename":"Theme","id":"customTheme1"},"Category:category:security-copilot":{"__typename":"Category","id":"category:security-copilot","entityType":"CATEGORY","displayId":"security-copilot","nodeType":"category","depth":4,"title":"Security Copilot","shortTitle":"Security Copilot","parent":{"__ref":"Category:category:microsoft-security"}},"Category:category:top":{"__typename":"Category","id":"category:top","displayId":"top","nodeType":"category","depth":0,"title":"Top","entityType":"CATEGORY","shortTitle":"Top"},"Category:category:communities":{"__typename":"Category","id":"category:communities","displayId":"communities","nodeType":"category","depth":1,"parent":{"__ref":"Category:category:top"},"title":"Communities","entityType":"CATEGORY","shortTitle":"Communities"},"Category:category:products-services":{"__typename":"Category","id":"category:products-services","displayId":"products-services","nodeType":"category","depth":2,"parent":{"__ref":"Category:category:communities"},"title":"Products","entityType":"CATEGORY","shortTitle":"Products"},"Category:category:microsoft-security":{"__typename":"Category","id":"category:microsoft-security","displayId":"microsoft-security","nodeType":"category","depth":3,"parent":{"__ref":"Category:category:products-services"},"title":"Microsoft Security","entityType":"CATEGORY","shortTitle":"Microsoft Security","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:SecurityCopilotBlog":{"__typename":"Blog","id":"board:SecurityCopilotBlog","entityType":"BLOG","displayId":"SecurityCopilotBlog","nodeType":"board","depth":5,"conversationStyle":"BLOG","title":"Microsoft Security Copilot Blog","description":"","avatar":null,"profileSettings":{"__typename":"ProfileSettings","language":null},"parent":{"__ref":"Category:category:security-copilot"},"ancestors":{"__typename":"CoreNodeConnection","edges":[{"__typename":"CoreNodeEdge","node":{"__ref":"Community:community:gxcuf89792"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:communities"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:products-services"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:microsoft-security"}},{"__typename":"CoreNodeEdge","node":{"__ref":"Category:category:security-copilot"}}]},"userContext":{"__typename":"NodeUserContext","canAddAttachments":false,"canUpdateNode":false,"canPostMessages":false,"isSubscribed":false},"boardPolicies":{"__typename":"BoardPolicies","canPublishArticleOnCreate":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied","args":[]}}},"shortTitle":"Microsoft Security Copilot Blog","repliesProperties":{"__typename":"RepliesProperties","sortOrder":"REVERSE_PUBLISH_TIME","repliesFormat":"threaded"},"tagProperties":{"__typename":"TagNodeProperties","tagsEnabled":{"__typename":"PolicyResult","failureReason":null}},"requireTags":true,"tagType":"PRESET_ONLY"},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/cmstNC05WEo0blc\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/cmstNC05WEo0blc","height":512,"width":512,"mimeType":"image/png"},"Rank:rank:4":{"__typename":"Rank","id":"rank:4","position":6,"name":"Microsoft","color":"333333","icon":{"__ref":"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/cmstNC05WEo0blc\"}"},"rankStyle":"OUTLINE"},"User:user:419033":{"__typename":"User","id":"user:419033","uid":419033,"login":"biyuexu","deleted":false,"avatar":{"__typename":"UserAvatar","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS00MTkwMzMtNjIxMDcxaUY5RDNGQTNCMEQ5MUMyMzg"},"rank":{"__ref":"Rank:rank:4"},"email":"","messagesCount":2,"biography":null,"topicsCount":2,"kudosReceivedCount":7,"kudosGivenCount":1,"kudosWeight":1,"registrationData":{"__typename":"RegistrationData","status":null,"registrationTime":"2019-10-02T12:35:27.660-07:00","confirmEmailStatus":null},"followersCount":null,"solutionsCount":0},"BlogTopicMessage:message:4251623":{"__typename":"BlogTopicMessage","uid":4251623,"subject":"Case Study: Harnessing Copilot for Security in Defending Against Cyberthreats","id":"message:4251623","revisionNum":16,"repliesCount":0,"author":{"__ref":"User:user:419033"},"depth":0,"hasGivenKudo":false,"board":{"__ref":"Blog:board:SecurityCopilotBlog"},"conversation":{"__ref":"Conversation:conversation:4251623"},"messagePolicies":{"__typename":"MessagePolicies","canPublishArticleOnEdit":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","key":"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied","args":[]}},"canModerateSpamMessage":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","key":"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied","args":[]}}},"contentWorkflow":{"__typename":"ContentWorkflow","state":"PUBLISH","scheduledPublishTime":null,"scheduledTimezone":null,"userContext":{"__typename":"MessageWorkflowContext","canSubmitForReview":null,"canEdit":false,"canRecall":null,"canSubmitForPublication":null,"canReturnToAuthor":null,"canPublish":null,"canReturnToReview":null,"canSchedule":false},"shortScheduledTimezone":null},"readOnly":false,"editFrozen":false,"moderationData":{"__ref":"ModerationData:moderation_data:4251623"},"teaser":"
\n
\n
Get ready to dive into a real-life security incident within Microsoft Defender XDR! In this case study, you’ll take on the role of a security analyst and uncover how Copilot for Security can empower you throughout the investigation. Let’s see how you can tackle cyber threats head-on!
","body":"
In a typical SOC environment, Tier 1 analysts are responsible for reviewing incoming security incidents. They're in charge of investigating and resolving non-critical alerts, including the identification of false positives. When a critical incident is detected, the Tier 1 analyst must quickly escalate it to the Tier 2 or 3 team for a more thorough investigation. In this case study, you will take on the role of a Tier 1 analyst and discover how Copilot for Security can support you throughout the investigation. It is a tool designed to enable you to assess and manage incidents with greater efficiency and effectiveness.
\n
\n
Let’s use a security incident in the Microsoft Defender XDR portal for our case study. As shown in the next screen capture, this high-severity incident involves three devices, four users and one email account. It consists of a correlation of 25 alerts generated by different Microsoft security solutions. This incident, titled 'Multi-stage incident involving Initial access & Lateral movement on multiple endpoints reported by multiple sources' appears complex, extensive, and intimidating.
\n
\n
\n
\n
As soon as you start examining this incident in the Microsoft Defender XDR portal, Copilot for Security is already present on the incident page, as shown in the next diagram. It automatically creates a summary of the incident, providing a clear overview of the attack. Additionally, it offers tailored guidance for responding to the incident through its Guided Response feature, which is also accessible on the incident page.
\n
\n
\n
\n
Rather than sifting through all 25 alerts in the incident to understand the attack, let’s review the summary provided by Copilot for Security first. You can copy the incident summary for further review using Copilot’s “Copy to clipboard” option. This feature is illustrated in the next screenshot.
\n
\n
\n
\n
For your reference, here is the full incident summary copied from Copilot:
\n
The high severity incident 'Multi-stage incident involving Initial access & Lateral movement on multiple endpoints reported by multiple sources' occurred between 2024-08-06 17:15:43 UTC and 2024-08-11 00:01:42 UTC. It was tagged as Credential Phish and Lateral Movement.
\n
\n
\n
InitialAccess: The incident began at 2024-08-06 17:15:43 UTC when user 'kdickens' clicked on a malicious URL 'hxxps://fm06722326.mangodune-7572a721.eastus.azurecontainerapps.io/'.
\n
Discovery: At 2024-08-06 17:16:17 UTC, a suspicious sequence of exploration activities were detected on 'mb-winclient' (Windows 10), involving the processes 'whoami.exe', 'powershell.exe' (running as SYSTEM), and impacting users 'pgustavo' and 'kdickens'.
\n
DefenseEvasion: At 2024-08-06 17:16:20 UTC, a process was injected with potentially malicious code on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
\n
Execution: At 2024-08-06 17:16:20 UTC, a malicious PowerShell Cmdlet was invoked on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
\n
CredentialAccess: At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.
\n
LateralMovement: At 2024-08-06 17:17:09 UTC, an ongoing hands-on-keyboard attack via Impacket toolkit was detected on 'mb-adfs' (Windows Server 2022), involving the processes 'lsass.exe' (running as SYSTEM), 'powershell.exe' (running as SYSTEM), and impacting users 'LocalSystem' and 'adfsadmin'.
\n
Persistence: At 2024-08-06 17:17:10 UTC, suspicious service creation was detected on 'mb-adfs' (Windows Server 2022), involving the process 'services.exe' (running as SYSTEM), and impacting user 'adfsadmin'.
\n
CredentialAccess: At 2024-08-06 17:18:20 UTC, an ADFS private key extraction attempt was detected on 'mb-adfs' (Windows Server 2022), impacting user 'adfsadmin'.
\n
DefenseEvasion: At 2024-08-11 00:01:42 UTC, an attempt to hide the use of a dual-purpose tool was detected on 'mb-adfs' (Windows Server 2022), involving the file 'jyglecpm.1v0.exe', and impacting user 'adfsadmin'.
\n
\n
\n
As seen from the incident summary, Copilot for Security provides an overview of the incident that helps you to quickly understand the scope and impact of the attack. It groups the suspicious events into distinct attack stages, outlining the attack’s progression from initial access to lateral movement and persistent access. Each stage is detailed with specific timestamps and a concise summary of the events. In a typical investigation, the security analyst would need to create a similar incident outline manually. With Copilot, this process is now automated and much faster.
\n
\n
After reviewing the incident summary, it’s clear that this is a highly involved incident with multiple sophisticated attacks. As a Tier 1 analyst, your goal is to quickly assess the attacks, rule out the false positives, determine the impact of the incident, and decide whether it needs to be escalated. Let’s dive into some of the incident investigations and see how Copilot for Security can assist throughout the process.
\n
\n
\n
Initial Access, Discovery, and Defense Evasion
\n
The initial access occurs when the attacker gains entry into the target system or network. In this case, the attacker employs a common attack tactic by tricking the user to click on a malicious link, to establish the initial foothold within the user’s corporate network. The following excerpt is from the incident summary generated by Copilot.
\n
\n
InitialAccess: The incident began at 2024-08-06 17:15:43 UTC when user 'kdickens' clicked on a malicious URL 'hxxps://fm06722326.mangodune-7572a721.eastus.azurecontainerapps.io/'.
\n
\n
Once an attacker gains access to the corporate network, he/she needs to gather information about the environment. For instance, running the Windows process “whoami.exe” to gather details about the current user’s identity and environment. Executing “whoami /groups” shows the groups to which the current user belongs, revealing user’s access level and permissions within the system. This process is documented during the Discovery phase.
\n
\n
Discovery: At 2024-08-06 17:16:17 UTC, a suspicious sequence of exploration activities were detected on 'mb-winclient' (Windows 10), involving the processes 'whoami.exe', 'powershell.exe' (running as SYSTEM), and impacting users 'pgustavo' and 'kdickens'.
\n
\n
So far, the attack techniques encountered are standard and frequently observed. For a Tier 1 analyst, these techniques are familiar and well-known, making the investigation relatively simple.
\n
\n
However, starting from the Defense Evasion phase, things may get a bit tricky. You see a process injection event in the alert:
\n
\n
DefenseEvasion: At 2024-08-06 17:16:20 UTC, a process was injected with potentially malicious code on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
\n
\n
What might “a process was injected with potentially malicious code” indicate? What’s a process injection? Let’s consult with Copilot for Security.
\n
\n
You can switch from the embedded experience of Copilot to its standalone mode. This allows you to ask Copilot more questions using its prompt feature. In the Microsoft Defender XDR portal, you may have noticed that there is an ellipsis right inside the Copilot pane. It offers several options for you, including the one “Open in Copilot for Security”. Selecting this option enables you to switch from the Copilot’s embedded experience to its standalone mode. This is shown in the next screen capture.
\n
\n
\n
\n
The “Open in Copilot for Security” feature also allows you to continue your current Copilot session in the standalone experience, preserving any ongoing work or context from the embedded experience. In this standalone mode, you can use the prompt feature to ask additional questions or seek further information, as shown in the next screenshot:
\n
\n
\n
\n
Prompt to Copilot for Security: Can you tell me more about DefenseEvasion: a process was injected with potentially malicious code on 'mb-winclient' (Windows10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1'
\n
\n
The response from Copilot provides an overview of process injection and its characteristics:
\n
\n
The term \"process injection\" typically refers to a technique used by attackers to execute arbitrary code in the address space of a separate live process. This technique improves the stealth and evasion capabilities of malware since the execution of the malicious code does not result in the creation of a new process, making it harder to detect.
\n
\n
The full Copilot response is displayed in the next screen capture:
\n
\n
\n
\n
The process injection overview may still be somewhat abstract. You can follow up with Copilot for a more detailed description using a prompt seen in the next screen capture.
\n
\n
\n
\n
The next diagram presents a portion of the response from Copilot for Security. With this response from Copilot, you have a better understanding of process injection.
\n
\n
\n
\n
The information from Copilot adds more context and insights for this alert, enabling you, the Tier 1 analyst, to start a more thorough investigation immediately.
\n
\n
Back to the Microsoft Defender XDR portal, analysts typically leverage the Defender for Endpoint Timeline feature to investigate the event that might have triggered the alert “A process was injected with potentially malicious code.” The next screenshot shows that in the Timeline, Defender XDR recorded a device event, “powershell.exe executed a script,”. This event led Defender for Endpoint to immediately detect and report “powershell.exe process contains suspicious patterns in AMSI content related to ‘Process Injection’ and other techniques.” This then leads to the triggering of the process injection alert.
\n
\n
\n
\n
Defender XDR also provides the detailed PowerShell process commands that you can ask Copilot to analyze, as shown in the next screen capture.
\n
\n
\n
\n
With Copilot’s information on process injection, and combining the details from the device events, especially that the PowerShell script was executed from the user’s downloads directory, it’s clear that this is likely a malicious attack rather than a false positive. The use of a more advanced technique of process injection suggests that this case should be escalated to the Tier 2 team for further investigation.
\n
\n
In Defender XDR’s Timeline feature, security analysts typically review device events that occurred around the time the security alert was triggered to identify any additional malicious activity. This process is both time-consuming and labor-intensive. But now Copilot for Security can handle the heavy lifting for you. Let’s return to the Copilot standalone environment and use its prompt feature to accomplish this.
\n
\n
The prompt seen in the next screenshot instructs Copilot for Security to use a Defender KQL query to retrieve all device process events from around the time of the process injection activity. It then asks Copilot to analyze these events for any signs of suspicious activity.
\n
\n
\n
\n
As shown in the next screen capture, Copilot has flagged a few events that are worth investigating further.
\n
\n
\n
\n
You can ask Copilot for Security to further investigate these events with additional prompts in Copilot’s standalone experience.
\n
\n
This investigation may take some time to finish. However, as a Tier 1 analyst, you have concluded that these are likely malicious events involving sophisticated attack techniques. The Tier 2 team will need to carry out a more in-depth investigation. In the meantime, you can move on to the next set of security alerts.
\n
\n
\n
Credential Access
\n
In the incident summary, Copilot for Security also mentions a suspected DCSync attack as part of Credential Access activity:
\n
\n
CredentialAccess: At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.
\n
\n
What is a DCSync attack? Rather than spending a lot of time researching it online, you can leverage Copilot for Security’s standalone experience to quickly get an idea of what it is and how it works.
\n
\n
Prompt to Copilot for Security: In your incident summary, you mentioned that \"At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.\" What's a DCSync attack? Can you provide its TTPs?
\n
\n
The next screenshot displays the question you can ask Copilot, along with some of its responses.
\n
\n
\n
\n
Copilot for Security first provides an overview of the DCSync attack with some specific examples. It then walks you through the steps involved in a typical DCSync attack, as seen in the next snapshot.
\n
\n
\n
\n
After reviewing the information provided by Copilot for Security, you should have a better understanding of the key aspects of a DCSync attack and how it operates. If there are more questions or if further clarification is needed, you can always use Copilot’s prompt feature to gain additional insights.
\n
\n
Once you have a solid understanding of the DCSync attack, you can apply this knowledge to assist the security incident investigation. Back in the Defender XDR portal, when you examine the alert story for the “suspected DCSync attack” alert, you’ll likely notice something is off when the end user sends a replication request to a domain controller, as seen in the screen capture.
\n
\n
\n
\n
You can confirm your suspicion with Copilot by entering the following prompt in Copilot’s standalone mode:
\n
\n
Is it common for a regular user on a Windows 10 device to send a replication request to a DC?
\n
\n
As seen in the next screen capture, Copilot for Security confirms that “it is not common for a regular user on a Windows 10 device to send a replication request to a Domain Controller (DC). In a typical Active Directory environment, only Domain Controllers replicate data amongst themselves.”
\n
\n
\n
\n
At this point, you likely can confirm this is a true security incident, not a false positive. Given the nature of the attack, it will require further investigation by the Tier 2 team.
\n
\n
Without the help from Copilot for Security, researching and confirming whether suspicious behavior is truly malicious can be time-consuming and labor-intensive. However, with Copilot for Security, it is faster and more straightforward to confirm malicious activities. Additionally, its provided explanations offer more context, helping the Tier 1 analyst to assess the impact and severity of the incident. This enables the analyst to quickly decide if the incident needs to be escalated to the Tier 2 team or not.
\n
\n
\n
Lateral Movement
\n
In this same security incident, there is an alert for “an ongoing hands-on-keyboard attack via Impacket toolkit”:
\n
\n
LateralMovement: At 2024-08-06 17:17:09 UTC, an ongoing hands-on-keyboard attack via Impacket toolkit was detected on 'mb-adfs' (Windows Server 2022), involving the processes 'lsass.exe' (running as SYSTEM), 'powershell.exe' (running as SYSTEM), and impacting users 'LocalSystem' and 'adfsadmin'.
\n
\n
While the description of the Impacket toolkit in the Microsoft Defender XDR portal is helpful, but for more detailed insight, you can turn to Copilot for Security’s standalone experience and ask:
\n
\n
Can you tell me more about the Impacket tool? Where is it used most often? How is it exploited by attackers?
\n
\n
Copilot provides a more thorough description of this toolkit:
\n
\n
\n
\n
It’s worth noting that in Copilot’s description of the toolkit, it was emphasized that while Impacket is a legitimate tool, it can also be exploited by attackers. Copilot included several simple examples to illustrate this:
\n
\n
While Impacket is a legitimate tool with many valid uses, it can also be exploited by attackers due to its powerful capabilities. For example, attackers can use Impacket to move laterally across a network, execute commands on remote systems, or extract sensitive information such as password hashes.
\n
\n
Copilot for Security then highlighted a specific attack scenario, pointing out that Impacket can be used to carry out a DCSync attack. And, as the Tier 1 analyst, you have just confirmed that a DCSync attack is involved in the same security incident.
\n
\n
It's also worth mentioning that while using Copilot for Security, it captures the sequence of your prompts and responses in a session. A session is a distinct interaction period with Copilot for Security, during which Copilot retains the context of the conversation. This allows it to provide relevant answers to subsequent requests, ensuring that the conversation flows logically, and that each response builds upon the previous ones.
\n
\n
\n
Persistence
\n
As we proceed with the incident summary generated by Copilot for Security, the next security alert is a suspicious service creation event occurred during the persistence stage:
\n
\n
Persistence: At 2024-08-06 17:17:10 UTC, suspicious service creation was detected on 'mb-adfs' (Windows Server 2022), involving the process 'services.exe' (running as SYSTEM), and impacting user 'adfsadmin'.
\n
\n
If you start examining this alert in the Microsoft Defender XDR portal, you will notice that Defender for Identity and Defender for Endpoint EDR all generated similar alerts, likely for the same suspicious event, as seen in the next screen capture:
\n
\n
\n
\n
Let’s first take a look at “suspicious service creation” alert triggered in Defender for Identity, as shown next:
\n
\n
\n
\n
The service path listed in the alert looks suspicious and it is encoded. Let's use the following prompt to consult Copilot and understand its purpose.
\n
\n
Can you decode then tell me more about this service path: %COMSPEC% /C “powershell.exe -EncodedCommand QwA6AFwAUwBjAHIAaQBwAHQAcwBcAFIAZQBuAGEAbQBlAFAAbwB3AGUAcgBzAGgAZQBsAGwALgBwAHMAMQA=”
\n
\n
The next screen capture displays the response from Copilot for Security:
\n
\n
\n
\n
Copilot for Security provides a detailed breakdown of the service path. It identifies the encoded command as base64 encoding and decodes it for you. It then concludes with a summary: “this service path is used to execute the RenamePowershell.ps1 PowerShell script located in the C:\\Scripts\\ directory. The use of base64 encoding can often be a technique to obfuscate the actual command being run, which could be a sign of malicious activity.”
\n
\n
This information is helpful. Let's continue examining the other related security alerts. The “suspicious service registration” alert triggered in Defender for Endpoint likely pertains to the same suspicious activity that was just looked at. This alert provides a little bit more information and mentions “services.exe modified service image file”, as shown next.
\n
\n
\n
\n
Using the following prompt, let’s see what Copilot for Security can find out:
\n
\n
Can you explain in more detail about the following event: services.exe modified service image file from to %COMSPEC% /C \"powershell.exe -EncodedCommand QwA6AFwAUwBjAHIAaQBwAHQAcwBcAFIAZQBuAGEAbQBlAFAAbwB3AGUAcgBzAGgAZQBsAGwALgBwAHMAMQA=\" for service WDUAPJKVADPWOQLFGQSH
\n
\n
The screenshot shown next displays Copilot’s response.
\n
\n
\n
\n
Copilot’s findings for this “suspicious service registration” alert closely align with its analysis on the “suspicious service creation” alert triggered in Defender for Identity. This confirms the suspicion that the two alerts from different security solutions are both reporting the same malicious activity. However, because the Defender for Endpoint alert points out a \"services.exe modified service image file\" and this detail was included in the prompt, Copilot for Security can now provide additional insights in its analysis that weren't present in the previous report. You now have a clear picture of this malicious activity: the services.exe process has been set to run RenamePowershell.ps1 whenever the WDUAPJKVADPWOQLFGQSH service is started. For your reference, the following snippet is taken from Copilot's last response:
\n
\n
It's worth noting that changes to service image file paths, especially those involving scripts or unusual locations, can be a sign of malicious activity. In this case, the services.exe process has been instructed to launch a PowerShell script whenever the WDUAPJKVADPWOQLFGQSH service is started, which is unusual behavior and could potentially be malicious.
\n
\n
This example also highlights the importance of effective prompting. The more specific information you provide to Copilot, the more relevant and precise responses you’re likely to receive.
\n
\n
In addition, this example highlights the Microsoft Defender XDR's capability to integrate and correlate data across various Defender solutions. When different Defender tools detect the same malicious activity, they each generate separate alerts. Microsoft Defender XDR then aggregates these alerts into a unified incident. This correlation helps to provide a comprehensive view of the threat.
\n
\n
\n
Credential Access
\n
Let's review one more alert from the incident summary provided by Copilot for Security: suspicious credential access event involving an ADFS private key extraction:
\n
\n
CredentialAccess: At 2024-08-06 17:18:20 UTC, an ADFS private key extraction attempt was detected on 'mb-adfs' (Windows Server 2022), impacting user 'adfsadmin'.
\n
\n
You will use Copilot for Security to again get a better understanding of the alert. In the Microsoft Defender XDR portal, the device Timeline very often shows the events that led to the alert being triggered. For this security alert, the device event, \"jyglecpm.1v0.exe ran an LDAP query\", triggered the alert “ADFS private key extraction attempt”, as seen in the next screenshot. To further investigate this device event, one option is to utilize Copilot for Security to analyze the command line for jyglecpm.1v0.exe. You can perform this directly within the Microsoft Defender XDR portal leveraging the embedded experience of Copilot for Security. Alternatively, in standalone mode, you can paste the command line into the Copilot prompt and request for analysis.
\n
\n
As shown in the next screen capture, Copilot for Security offers a detailed analysis of the command line through its embedded experience.
\n
\n
\n
\n
From the Copilot analysis excerpt shown below, you can sense something isn’t right when jyglecpm.1v0.exe performed the LDAP query:
\n
\n
The provided command line script executes a file named \"jyglecpm.1v0.exe\" in a hidden window. It then uses the '-encodedCommand' parameter to run a base64-encoded command. The base64 string decodes to a PowerShell script located at 'C:\\Scripts\\ExportADFSTokenSigningCert.ps1'. This suggests that the script is likely used to execute a hidden process and then run a PowerShell script, possibly for malicious purposes.
\n
\n
To further investigate, you can first get a sense of what are the normal LDAP operations by prompting Copilot with the following questions in its standalone experience:
\n
\n
\n
\n
The next screenshot displays the information provided back by Copilot:
\n
\n
\n
\n
Based on Copilot’s explanation, you quickly gain an understanding of LDAP and how it operates. LDAP queries are typically initiated by client applications or services that need to access data stored in a directory service. For instance, an email client might perform an LDAP query to retrieve the email addresses of users within an organization.
\n
\n
Now you may be wondering, why would an unfamiliar and rarely seen process like \"jyglecpm.1v0.exe\" need to run an LDAP query to access data in a directory service? It is especially suspicious with its encoded command line. Let’s continue to consult Copilot with the prompt shown in the next screenshot:
\n
\n
\n
\n
Copilot for Security, leveraging its vast amount of knowledge, comments: “The command line script you provided does not appear to be a normal LDAP operation. It executes …” The full response from Copilot is displayed in the next screen capture:
\n
\n
\n
\n
Without the assistance of Copilot for Security, determining whether a behavior is truly malicious can be time-consuming and labor-intensive. Traditional methods typically involve extensive manual research, multiple clicks, and complex navigation through various user interface elements. Analysts often need to sift through many data points and conduct in-depth analyses to assess the severity of threats, which can delay the identification of true risks.
\n
\n
However, with Copilot for Security, this process becomes significantly more efficient and straightforward. Analysts can quickly ask specific questions about suspicious behavior rather than spending extended periods researching online. By providing additional context and explanations directly within the platform, Copilot enables Tier 1 analysts to quickly understand the nature and severity of an incident. This instant clarity allows analysts to make informed decisions and determine whether escalation to Tier 2 or 3 teams is necessary, thus accelerating threat response and reducing the overall time spent on investigation.
","body@stringLength":"42116","rawBody":"
In a typical SOC environment, Tier 1 analysts are responsible for reviewing incoming security incidents. They're in charge of investigating and resolving non-critical alerts, including the identification of false positives. When a critical incident is detected, the Tier 1 analyst must quickly escalate it to the Tier 2 or 3 team for a more thorough investigation. In this case study, you will take on the role of a Tier 1 analyst and discover how Copilot for Security can support you throughout the investigation. It is a tool designed to enable you to assess and manage incidents with greater efficiency and effectiveness.
\n
\n
Let’s use a security incident in the Microsoft Defender XDR portal for our case study. As shown in the next screen capture, this high-severity incident involves three devices, four users and one email account. It consists of a correlation of 25 alerts generated by different Microsoft security solutions. This incident, titled 'Multi-stage incident involving Initial access & Lateral movement on multiple endpoints reported by multiple sources' appears complex, extensive, and intimidating.
\n
\n
\n
\n
As soon as you start examining this incident in the Microsoft Defender XDR portal, Copilot for Security is already present on the incident page, as shown in the next diagram. It automatically creates a summary of the incident, providing a clear overview of the attack. Additionally, it offers tailored guidance for responding to the incident through its Guided Response feature, which is also accessible on the incident page.
\n
\n
\n
\n
Rather than sifting through all 25 alerts in the incident to understand the attack, let’s review the summary provided by Copilot for Security first. You can copy the incident summary for further review using Copilot’s “Copy to clipboard” option. This feature is illustrated in the next screenshot.
\n
\n
\n
\n
For your reference, here is the full incident summary copied from Copilot:
\n
The high severity incident 'Multi-stage incident involving Initial access & Lateral movement on multiple endpoints reported by multiple sources' occurred between 2024-08-06 17:15:43 UTC and 2024-08-11 00:01:42 UTC. It was tagged as Credential Phish and Lateral Movement.
\n
\n
\n
InitialAccess: The incident began at 2024-08-06 17:15:43 UTC when user 'kdickens' clicked on a malicious URL 'hxxps://fm06722326.mangodune-7572a721.eastus.azurecontainerapps.io/'.
\n
Discovery: At 2024-08-06 17:16:17 UTC, a suspicious sequence of exploration activities were detected on 'mb-winclient' (Windows 10), involving the processes 'whoami.exe', 'powershell.exe' (running as SYSTEM), and impacting users 'pgustavo' and 'kdickens'.
\n
DefenseEvasion: At 2024-08-06 17:16:20 UTC, a process was injected with potentially malicious code on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
\n
Execution: At 2024-08-06 17:16:20 UTC, a malicious PowerShell Cmdlet was invoked on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
\n
CredentialAccess: At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.
\n
LateralMovement: At 2024-08-06 17:17:09 UTC, an ongoing hands-on-keyboard attack via Impacket toolkit was detected on 'mb-adfs' (Windows Server 2022), involving the processes 'lsass.exe' (running as SYSTEM), 'powershell.exe' (running as SYSTEM), and impacting users 'LocalSystem' and 'adfsadmin'.
\n
Persistence: At 2024-08-06 17:17:10 UTC, suspicious service creation was detected on 'mb-adfs' (Windows Server 2022), involving the process 'services.exe' (running as SYSTEM), and impacting user 'adfsadmin'.
\n
CredentialAccess: At 2024-08-06 17:18:20 UTC, an ADFS private key extraction attempt was detected on 'mb-adfs' (Windows Server 2022), impacting user 'adfsadmin'.
\n
DefenseEvasion: At 2024-08-11 00:01:42 UTC, an attempt to hide the use of a dual-purpose tool was detected on 'mb-adfs' (Windows Server 2022), involving the file 'jyglecpm.1v0.exe', and impacting user 'adfsadmin'.
\n
\n
\n
As seen from the incident summary, Copilot for Security provides an overview of the incident that helps you to quickly understand the scope and impact of the attack. It groups the suspicious events into distinct attack stages, outlining the attack’s progression from initial access to lateral movement and persistent access. Each stage is detailed with specific timestamps and a concise summary of the events. In a typical investigation, the security analyst would need to create a similar incident outline manually. With Copilot, this process is now automated and much faster.
\n
\n
After reviewing the incident summary, it’s clear that this is a highly involved incident with multiple sophisticated attacks. As a Tier 1 analyst, your goal is to quickly assess the attacks, rule out the false positives, determine the impact of the incident, and decide whether it needs to be escalated. Let’s dive into some of the incident investigations and see how Copilot for Security can assist throughout the process.
\n
\n
\n
Initial Access, Discovery, and Defense Evasion
\n
The initial access occurs when the attacker gains entry into the target system or network. In this case, the attacker employs a common attack tactic by tricking the user to click on a malicious link, to establish the initial foothold within the user’s corporate network. The following excerpt is from the incident summary generated by Copilot.
\n
\n
InitialAccess: The incident began at 2024-08-06 17:15:43 UTC when user 'kdickens' clicked on a malicious URL 'hxxps://fm06722326.mangodune-7572a721.eastus.azurecontainerapps.io/'.
\n
\n
Once an attacker gains access to the corporate network, he/she needs to gather information about the environment. For instance, running the Windows process “whoami.exe” to gather details about the current user’s identity and environment. Executing “whoami /groups” shows the groups to which the current user belongs, revealing user’s access level and permissions within the system. This process is documented during the Discovery phase.
\n
\n
Discovery: At 2024-08-06 17:16:17 UTC, a suspicious sequence of exploration activities were detected on 'mb-winclient' (Windows 10), involving the processes 'whoami.exe', 'powershell.exe' (running as SYSTEM), and impacting users 'pgustavo' and 'kdickens'.
\n
\n
So far, the attack techniques encountered are standard and frequently observed. For a Tier 1 analyst, these techniques are familiar and well-known, making the investigation relatively simple.
\n
\n
However, starting from the Defense Evasion phase, things may get a bit tricky. You see a process injection event in the alert:
\n
\n
DefenseEvasion: At 2024-08-06 17:16:20 UTC, a process was injected with potentially malicious code on 'mb-winclient' (Windows 10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1', and impacting users 'pgustavo' and 'kdickens'.
\n
\n
What might “a process was injected with potentially malicious code” indicate? What’s a process injection? Let’s consult with Copilot for Security.
\n
\n
You can switch from the embedded experience of Copilot to its standalone mode. This allows you to ask Copilot more questions using its prompt feature. In the Microsoft Defender XDR portal, you may have noticed that there is an ellipsis right inside the Copilot pane. It offers several options for you, including the one “Open in Copilot for Security”. Selecting this option enables you to switch from the Copilot’s embedded experience to its standalone mode. This is shown in the next screen capture.
\n
\n
\n
\n
The “Open in Copilot for Security” feature also allows you to continue your current Copilot session in the standalone experience, preserving any ongoing work or context from the embedded experience. In this standalone mode, you can use the prompt feature to ask additional questions or seek further information, as shown in the next screenshot:
\n
\n
\n
\n
Prompt to Copilot for Security: Can you tell me more about DefenseEvasion: a process was injected with potentially malicious code on 'mb-winclient' (Windows10), involving the files 'ContosoADFSadmincreds.ps1', 'Midnight161.ps1'
\n
\n
The response from Copilot provides an overview of process injection and its characteristics:
\n
\n
The term \"process injection\" typically refers to a technique used by attackers to execute arbitrary code in the address space of a separate live process. This technique improves the stealth and evasion capabilities of malware since the execution of the malicious code does not result in the creation of a new process, making it harder to detect.
\n
\n
The full Copilot response is displayed in the next screen capture:
\n
\n
\n
\n
The process injection overview may still be somewhat abstract. You can follow up with Copilot for a more detailed description using a prompt seen in the next screen capture.
\n
\n
\n
\n
The next diagram presents a portion of the response from Copilot for Security. With this response from Copilot, you have a better understanding of process injection.
\n
\n
\n
\n
The information from Copilot adds more context and insights for this alert, enabling you, the Tier 1 analyst, to start a more thorough investigation immediately.
\n
\n
Back to the Microsoft Defender XDR portal, analysts typically leverage the Defender for Endpoint Timeline feature to investigate the event that might have triggered the alert “A process was injected with potentially malicious code.” The next screenshot shows that in the Timeline, Defender XDR recorded a device event, “powershell.exe executed a script,”. This event led Defender for Endpoint to immediately detect and report “powershell.exe process contains suspicious patterns in AMSI content related to ‘Process Injection’ and other techniques.” This then leads to the triggering of the process injection alert.
\n
\n
\n
\n
Defender XDR also provides the detailed PowerShell process commands that you can ask Copilot to analyze, as shown in the next screen capture.
\n
\n
\n
\n
With Copilot’s information on process injection, and combining the details from the device events, especially that the PowerShell script was executed from the user’s downloads directory, it’s clear that this is likely a malicious attack rather than a false positive. The use of a more advanced technique of process injection suggests that this case should be escalated to the Tier 2 team for further investigation.
\n
\n
In Defender XDR’s Timeline feature, security analysts typically review device events that occurred around the time the security alert was triggered to identify any additional malicious activity. This process is both time-consuming and labor-intensive. But now Copilot for Security can handle the heavy lifting for you. Let’s return to the Copilot standalone environment and use its prompt feature to accomplish this.
\n
\n
The prompt seen in the next screenshot instructs Copilot for Security to use a Defender KQL query to retrieve all device process events from around the time of the process injection activity. It then asks Copilot to analyze these events for any signs of suspicious activity.
\n
\n
\n
\n
As shown in the next screen capture, Copilot has flagged a few events that are worth investigating further.
\n
\n
\n
\n
You can ask Copilot for Security to further investigate these events with additional prompts in Copilot’s standalone experience.
\n
\n
This investigation may take some time to finish. However, as a Tier 1 analyst, you have concluded that these are likely malicious events involving sophisticated attack techniques. The Tier 2 team will need to carry out a more in-depth investigation. In the meantime, you can move on to the next set of security alerts.
\n
\n
\n
Credential Access
\n
In the incident summary, Copilot for Security also mentions a suspected DCSync attack as part of Credential Access activity:
\n
\n
CredentialAccess: At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.
\n
\n
What is a DCSync attack? Rather than spending a lot of time researching it online, you can leverage Copilot for Security’s standalone experience to quickly get an idea of what it is and how it works.
\n
\n
Prompt to Copilot for Security: In your incident summary, you mentioned that \"At 2024-08-06 17:17:07 UTC, a suspected DCSync attack (replication of directory services) was detected on 'mb-winclient' (Windows 10), impacting user 'pgustavo'.\" What's a DCSync attack? Can you provide its TTPs?
\n
\n
The next screenshot displays the question you can ask Copilot, along with some of its responses.
\n
\n
\n
\n
Copilot for Security first provides an overview of the DCSync attack with some specific examples. It then walks you through the steps involved in a typical DCSync attack, as seen in the next snapshot.
\n
\n
\n
\n
After reviewing the information provided by Copilot for Security, you should have a better understanding of the key aspects of a DCSync attack and how it operates. If there are more questions or if further clarification is needed, you can always use Copilot’s prompt feature to gain additional insights.
\n
\n
Once you have a solid understanding of the DCSync attack, you can apply this knowledge to assist the security incident investigation. Back in the Defender XDR portal, when you examine the alert story for the “suspected DCSync attack” alert, you’ll likely notice something is off when the end user sends a replication request to a domain controller, as seen in the screen capture.
\n
\n
\n
\n
You can confirm your suspicion with Copilot by entering the following prompt in Copilot’s standalone mode:
\n
\n
Is it common for a regular user on a Windows 10 device to send a replication request to a DC?
\n
\n
As seen in the next screen capture, Copilot for Security confirms that “it is not common for a regular user on a Windows 10 device to send a replication request to a Domain Controller (DC). In a typical Active Directory environment, only Domain Controllers replicate data amongst themselves.”
\n
\n
\n
\n
At this point, you likely can confirm this is a true security incident, not a false positive. Given the nature of the attack, it will require further investigation by the Tier 2 team.
\n
\n
Without the help from Copilot for Security, researching and confirming whether suspicious behavior is truly malicious can be time-consuming and labor-intensive. However, with Copilot for Security, it is faster and more straightforward to confirm malicious activities. Additionally, its provided explanations offer more context, helping the Tier 1 analyst to assess the impact and severity of the incident. This enables the analyst to quickly decide if the incident needs to be escalated to the Tier 2 team or not.
\n
\n
\n
Lateral Movement
\n
In this same security incident, there is an alert for “an ongoing hands-on-keyboard attack via Impacket toolkit”:
\n
\n
LateralMovement: At 2024-08-06 17:17:09 UTC, an ongoing hands-on-keyboard attack via Impacket toolkit was detected on 'mb-adfs' (Windows Server 2022), involving the processes 'lsass.exe' (running as SYSTEM), 'powershell.exe' (running as SYSTEM), and impacting users 'LocalSystem' and 'adfsadmin'.
\n
\n
While the description of the Impacket toolkit in the Microsoft Defender XDR portal is helpful, but for more detailed insight, you can turn to Copilot for Security’s standalone experience and ask:
\n
\n
Can you tell me more about the Impacket tool? Where is it used most often? How is it exploited by attackers?
\n
\n
Copilot provides a more thorough description of this toolkit:
\n
\n
\n
\n
It’s worth noting that in Copilot’s description of the toolkit, it was emphasized that while Impacket is a legitimate tool, it can also be exploited by attackers. Copilot included several simple examples to illustrate this:
\n
\n
While Impacket is a legitimate tool with many valid uses, it can also be exploited by attackers due to its powerful capabilities. For example, attackers can use Impacket to move laterally across a network, execute commands on remote systems, or extract sensitive information such as password hashes.
\n
\n
Copilot for Security then highlighted a specific attack scenario, pointing out that Impacket can be used to carry out a DCSync attack. And, as the Tier 1 analyst, you have just confirmed that a DCSync attack is involved in the same security incident.
\n
\n
It's also worth mentioning that while using Copilot for Security, it captures the sequence of your prompts and responses in a session. A session is a distinct interaction period with Copilot for Security, during which Copilot retains the context of the conversation. This allows it to provide relevant answers to subsequent requests, ensuring that the conversation flows logically, and that each response builds upon the previous ones.
\n
\n
\n
Persistence
\n
As we proceed with the incident summary generated by Copilot for Security, the next security alert is a suspicious service creation event occurred during the persistence stage:
\n
\n
Persistence: At 2024-08-06 17:17:10 UTC, suspicious service creation was detected on 'mb-adfs' (Windows Server 2022), involving the process 'services.exe' (running as SYSTEM), and impacting user 'adfsadmin'.
\n
\n
If you start examining this alert in the Microsoft Defender XDR portal, you will notice that Defender for Identity and Defender for Endpoint EDR all generated similar alerts, likely for the same suspicious event, as seen in the next screen capture:
\n
\n
\n
\n
Let’s first take a look at “suspicious service creation” alert triggered in Defender for Identity, as shown next:
\n
\n
\n
\n
The service path listed in the alert looks suspicious and it is encoded. Let's use the following prompt to consult Copilot and understand its purpose.
\n
\n
Can you decode then tell me more about this service path: %COMSPEC% /C “powershell.exe -EncodedCommand QwA6AFwAUwBjAHIAaQBwAHQAcwBcAFIAZQBuAGEAbQBlAFAAbwB3AGUAcgBzAGgAZQBsAGwALgBwAHMAMQA=”
\n
\n
The next screen capture displays the response from Copilot for Security:
\n
\n
\n
\n
Copilot for Security provides a detailed breakdown of the service path. It identifies the encoded command as base64 encoding and decodes it for you. It then concludes with a summary: “this service path is used to execute the RenamePowershell.ps1 PowerShell script located in the C:\\Scripts\\ directory. The use of base64 encoding can often be a technique to obfuscate the actual command being run, which could be a sign of malicious activity.”
\n
\n
This information is helpful. Let's continue examining the other related security alerts. The “suspicious service registration” alert triggered in Defender for Endpoint likely pertains to the same suspicious activity that was just looked at. This alert provides a little bit more information and mentions “services.exe modified service image file”, as shown next.
\n
\n
\n
\n
Using the following prompt, let’s see what Copilot for Security can find out:
\n
\n
Can you explain in more detail about the following event: services.exe modified service image file from to %COMSPEC% /C \"powershell.exe -EncodedCommand QwA6AFwAUwBjAHIAaQBwAHQAcwBcAFIAZQBuAGEAbQBlAFAAbwB3AGUAcgBzAGgAZQBsAGwALgBwAHMAMQA=\" for service WDUAPJKVADPWOQLFGQSH
\n
\n
The screenshot shown next displays Copilot’s response.
\n
\n
\n
\n
Copilot’s findings for this “suspicious service registration” alert closely align with its analysis on the “suspicious service creation” alert triggered in Defender for Identity. This confirms the suspicion that the two alerts from different security solutions are both reporting the same malicious activity. However, because the Defender for Endpoint alert points out a \"services.exe modified service image file\" and this detail was included in the prompt, Copilot for Security can now provide additional insights in its analysis that weren't present in the previous report. You now have a clear picture of this malicious activity: the services.exe process has been set to run RenamePowershell.ps1 whenever the WDUAPJKVADPWOQLFGQSH service is started. For your reference, the following snippet is taken from Copilot's last response:
\n
\n
It's worth noting that changes to service image file paths, especially those involving scripts or unusual locations, can be a sign of malicious activity. In this case, the services.exe process has been instructed to launch a PowerShell script whenever the WDUAPJKVADPWOQLFGQSH service is started, which is unusual behavior and could potentially be malicious.
\n
\n
This example also highlights the importance of effective prompting. The more specific information you provide to Copilot, the more relevant and precise responses you’re likely to receive.
\n
\n
In addition, this example highlights the Microsoft Defender XDR's capability to integrate and correlate data across various Defender solutions. When different Defender tools detect the same malicious activity, they each generate separate alerts. Microsoft Defender XDR then aggregates these alerts into a unified incident. This correlation helps to provide a comprehensive view of the threat.
\n
\n
\n
Credential Access
\n
Let's review one more alert from the incident summary provided by Copilot for Security: suspicious credential access event involving an ADFS private key extraction:
\n
\n
CredentialAccess: At 2024-08-06 17:18:20 UTC, an ADFS private key extraction attempt was detected on 'mb-adfs' (Windows Server 2022), impacting user 'adfsadmin'.
\n
\n
You will use Copilot for Security to again get a better understanding of the alert. In the Microsoft Defender XDR portal, the device Timeline very often shows the events that led to the alert being triggered. For this security alert, the device event, \"jyglecpm.1v0.exe ran an LDAP query\", triggered the alert “ADFS private key extraction attempt”, as seen in the next screenshot. To further investigate this device event, one option is to utilize Copilot for Security to analyze the command line for jyglecpm.1v0.exe. You can perform this directly within the Microsoft Defender XDR portal leveraging the embedded experience of Copilot for Security. Alternatively, in standalone mode, you can paste the command line into the Copilot prompt and request for analysis.
\n
\n
As shown in the next screen capture, Copilot for Security offers a detailed analysis of the command line through its embedded experience.
\n
\n
\n
\n
From the Copilot analysis excerpt shown below, you can sense something isn’t right when jyglecpm.1v0.exe performed the LDAP query:
\n
\n
The provided command line script executes a file named \"jyglecpm.1v0.exe\" in a hidden window. It then uses the '-encodedCommand' parameter to run a base64-encoded command. The base64 string decodes to a PowerShell script located at 'C:\\Scripts\\ExportADFSTokenSigningCert.ps1'. This suggests that the script is likely used to execute a hidden process and then run a PowerShell script, possibly for malicious purposes.
\n
\n
To further investigate, you can first get a sense of what are the normal LDAP operations by prompting Copilot with the following questions in its standalone experience:
\n
\n
\n
\n
The next screenshot displays the information provided back by Copilot:
\n
\n
\n
\n
Based on Copilot’s explanation, you quickly gain an understanding of LDAP and how it operates. LDAP queries are typically initiated by client applications or services that need to access data stored in a directory service. For instance, an email client might perform an LDAP query to retrieve the email addresses of users within an organization.
\n
\n
Now you may be wondering, why would an unfamiliar and rarely seen process like \"jyglecpm.1v0.exe\" need to run an LDAP query to access data in a directory service? It is especially suspicious with its encoded command line. Let’s continue to consult Copilot with the prompt shown in the next screenshot:
\n
\n
\n
\n
Copilot for Security, leveraging its vast amount of knowledge, comments: “The command line script you provided does not appear to be a normal LDAP operation. It executes …” The full response from Copilot is displayed in the next screen capture:
\n
\n
\n
\n
Without the assistance of Copilot for Security, determining whether a behavior is truly malicious can be time-consuming and labor-intensive. Traditional methods typically involve extensive manual research, multiple clicks, and complex navigation through various user interface elements. Analysts often need to sift through many data points and conduct in-depth analyses to assess the severity of threats, which can delay the identification of true risks.
\n
\n
However, with Copilot for Security, this process becomes significantly more efficient and straightforward. Analysts can quickly ask specific questions about suspicious behavior rather than spending extended periods researching online. By providing additional context and explanations directly within the platform, Copilot enables Tier 1 analysts to quickly understand the nature and severity of an incident. This instant clarity allows analysts to make informed decisions and determine whether escalation to Tier 2 or 3 teams is necessary, thus accelerating threat response and reducing the overall time spent on investigation.
Get ready to dive into a real-life security incident within Microsoft Defender XDR! In this case study, you’ll take on the role of a security analyst and uncover how Copilot for Security can empower you throughout the investigation. Let’s see how you can tackle cyber threats head-on!
","introduction":"","coverImage":null,"coverImageProperties":{"__typename":"CoverImageProperties","style":"STANDARD","titlePosition":"BOTTOM","altText":""},"currentRevision":{"__ref":"Revision:revision:4251623_16"},"latestVersion":{"__typename":"FriendlyVersion","major":"1","minor":"0"},"metrics":{"__typename":"MessageMetrics","views":3342},"visibilityScope":"PUBLIC","canonicalUrl":null,"seoTitle":null,"seoDescription":null,"placeholder":false,"originalMessageForPlaceholder":null,"contributors":{"__typename":"UserConnection","edges":[]},"nonCoAuthorContributors":{"__typename":"UserConnection","edges":[]},"coAuthors":{"__typename":"UserConnection","edges":[]},"blogMessagePolicies":{"__typename":"BlogMessagePolicies","canDoAuthoringActionsOnBlog":{"__typename":"PolicyResult","failureReason":{"__typename":"FailureReason","message":"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied","key":"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied","args":[]}}},"archivalData":null,"replies":{"__typename":"MessageConnection","edges":[],"pageInfo":{"__typename":"PageInfo","hasNextPage":false,"endCursor":null,"hasPreviousPage":false,"startCursor":null}},"customFields":[],"revisions({\"constraints\":{\"isPublished\":{\"eq\":true}},\"first\":1})":{"__typename":"RevisionConnection","totalCount":16}},"Conversation:conversation:4251623":{"__typename":"Conversation","id":"conversation:4251623","solved":false,"topic":{"__ref":"BlogTopicMessage:message:4251623"},"lastPostingActivityTime":"2024-09-26T08:00:00.036-07:00","lastPostTime":"2024-09-26T08:00:00.036-07:00","unreadReplyCount":0,"isSubscribed":false},"ModerationData:moderation_data:4251623":{"__typename":"ModerationData","id":"moderation_data:4251623","status":"APPROVED","rejectReason":null,"isReportedAbuse":false,"rejectUser":null,"rejectTime":null,"rejectActorType":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExMWk5OTQ4MTc1RjNFRDE2OTZG?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExMWk5OTQ4MTc1RjNFRDE2OTZG?revision=16","title":"Title.jpg","associationType":"TEASER","width":1317,"height":660,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExM2kyMjg4MkU4QzIyMzRDRkI0?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExM2kyMjg4MkU4QzIyMzRDRkI0?revision=16","title":"Picture1.png","associationType":"BODY","width":936,"height":245,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExNWk4RDg4MkIzOUY0NThCNjEw?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExNWk4RDg4MkIzOUY0NThCNjEw?revision=16","title":"Picture2.png","associationType":"BODY","width":936,"height":364,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExNmkyNzZFNTg0NDFCNkE2ODkz?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjExNmkyNzZFNTg0NDFCNkE2ODkz?revision=16","title":"Picture3.png","associationType":"BODY","width":936,"height":290,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEyN2kxNzZFQjMxQjM5RUVBQTNE?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEyN2kxNzZFQjMxQjM5RUVBQTNE?revision=16","title":"Picture11.png","associationType":"BODY","width":991,"height":291,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEyOGk2QjdERUQ1MTBGRDYyNTZF?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEyOGk2QjdERUQ1MTBGRDYyNTZF?revision=16","title":"Picture12.png","associationType":"BODY","width":972,"height":386,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEyOWk4Mzg0RDdEMzBDQTM1Qjgx?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEyOWk4Mzg0RDdEMzBDQTM1Qjgx?revision=16","title":"Picture13.png","associationType":"BODY","width":994,"height":414,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzMGk0NDE2NEUyN0ZDMjA2MzQz?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzMGk0NDE2NEUyN0ZDMjA2MzQz?revision=16","title":"Picture14.png","associationType":"BODY","width":936,"height":113,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzMWlCQjk1ODJBMkU4OUZENzZB?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzMWlCQjk1ODJBMkU4OUZENzZB?revision=16","title":"Picture15.png","associationType":"BODY","width":808,"height":403,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzMmkyNEE0MkI5MDczNjYzNzAz?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzMmkyNEE0MkI5MDczNjYzNzAz?revision=16","title":"Picture16.png","associationType":"BODY","width":936,"height":424,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzM2lGREQwNTUzQjRDMzk5NDQ3?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzM2lGREQwNTUzQjRDMzk5NDQ3?revision=16","title":"Picture17.png","associationType":"BODY","width":936,"height":340,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzNmk2Q0YwOTI1REZENjBGOEYw?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzNmk2Q0YwOTI1REZENjBGOEYw?revision=16","title":"Picture18.png","associationType":"BODY","width":936,"height":124,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzN2kwQTgyRTU5MDNBQjlEMEE3?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzN2kwQTgyRTU5MDNBQjlEMEE3?revision=16","title":"Picture19.png","associationType":"BODY","width":936,"height":437,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzOGlCMTg3OEU5QUQ2NTNFRkU4?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzOGlCMTg3OEU5QUQ2NTNFRkU4?revision=16","title":"Picture20.png","associationType":"BODY","width":970,"height":421,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzOWkyRTlDRDc5MjdEOTA1OTU1?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjEzOWkyRTlDRDc5MjdEOTA1OTU1?revision=16","title":"Picture21.png","associationType":"BODY","width":962,"height":444,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0MGk0ODBCNTY1NDNGN0UxRERC?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0MGk0ODBCNTY1NDNGN0UxRERC?revision=16","title":"Picture22.png","associationType":"BODY","width":936,"height":312,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0MWlBQUYzMEY0RjY4OTc3REQx?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0MWlBQUYzMEY0RjY4OTc3REQx?revision=16","title":"Picture23.png","associationType":"BODY","width":936,"height":396,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0MmlGNUExM0U0MjE1NUQ3QUIw?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0MmlGNUExM0U0MjE1NUQ3QUIw?revision=16","title":"Picture24.png","associationType":"BODY","width":962,"height":455,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0NmlFNUY0NjEwMDkxNzBCMDQy?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0NmlFNUY0NjEwMDkxNzBCMDQy?revision=16","title":"Picture25.png","associationType":"BODY","width":936,"height":375,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0N2lEMEM1MkFFNDNBMThBNTI1?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0N2lEMEM1MkFFNDNBMThBNTI1?revision=16","title":"Picture26.png","associationType":"BODY","width":936,"height":326,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0OGlEODA0MjlBNzQ1NTQ3QjVB?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0OGlEODA0MjlBNzQ1NTQ3QjVB?revision=16","title":"Picture27.png","associationType":"BODY","width":936,"height":400,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0OWlBRDY4N0RDNjA5MDExODdC?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE0OWlBRDY4N0RDNjA5MDExODdC?revision=16","title":"Picture28.png","associationType":"BODY","width":936,"height":328,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE1MGk3Nzg5QUM1NUFENEMxRjVB?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE1MGk3Nzg5QUM1NUFENEMxRjVB?revision=16","title":"Picture29.png","associationType":"BODY","width":936,"height":337,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE1MWlEQzc4MEEyMzg4NUIwNkFE?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE1MWlEQzc4MEEyMzg4NUIwNkFE?revision=16","title":"Picture30.png","associationType":"BODY","width":936,"height":349,"altText":null},"AssociatedImage:{\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE1Mmk5NTVDQjM2QUE4MzA0QzBE?revision=16\"}":{"__typename":"AssociatedImage","url":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjUxNjIzLTYyMjE1Mmk5NTVDQjM2QUE4MzA0QzBE?revision=16","title":"Picture31.png","associationType":"BODY","width":805,"height":139,"altText":null},"Revision:revision:4251623_16":{"__typename":"Revision","id":"revision:4251623_16","lastEditTime":"2024-09-25T16:48:15.045-07:00"},"CachedAsset:theme:customTheme1-1743150526467":{"__typename":"CachedAsset","id":"theme:customTheme1-1743150526467","value":{"id":"customTheme1","animation":{"fast":"150ms","normal":"250ms","slow":"500ms","slowest":"750ms","function":"cubic-bezier(0.07, 0.91, 0.51, 1)","__typename":"AnimationThemeSettings"},"avatar":{"borderRadius":"50%","collections":["default"],"__typename":"AvatarThemeSettings"},"basics":{"browserIcon":{"imageAssetName":"favicon-1730836283320.png","imageLastModified":"1730836286415","__typename":"ThemeAsset"},"customerLogo":{"imageAssetName":"favicon-1730836271365.png","imageLastModified":"1730836274203","__typename":"ThemeAsset"},"maximumWidthOfPageContent":"1300px","oneColumnNarrowWidth":"800px","gridGutterWidthMd":"30px","gridGutterWidthXs":"10px","pageWidthStyle":"WIDTH_OF_BROWSER","__typename":"BasicsThemeSettings"},"buttons":{"borderRadiusSm":"3px","borderRadius":"3px","borderRadiusLg":"5px","paddingY":"5px","paddingYLg":"7px","paddingYHero":"var(--lia-bs-btn-padding-y-lg)","paddingX":"12px","paddingXLg":"16px","paddingXHero":"60px","fontStyle":"NORMAL","fontWeight":"700","textTransform":"NONE","disabledOpacity":0.5,"primaryTextColor":"var(--lia-bs-white)","primaryTextHoverColor":"var(--lia-bs-white)","primaryTextActiveColor":"var(--lia-bs-white)","primaryBgColor":"var(--lia-bs-primary)","primaryBgHoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))","primaryBgActiveColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","primaryBorderActive":"1px solid transparent","primaryBorderFocus":"1px solid var(--lia-bs-white)","primaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","secondaryTextColor":"var(--lia-bs-gray-900)","secondaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","secondaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","secondaryBgColor":"var(--lia-bs-gray-200)","secondaryBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","secondaryBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","secondaryBorder":"1px solid transparent","secondaryBorderHover":"1px solid transparent","secondaryBorderActive":"1px solid transparent","secondaryBorderFocus":"1px solid transparent","secondaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","tertiaryTextColor":"var(--lia-bs-gray-900)","tertiaryTextHoverColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))","tertiaryTextActiveColor":"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.9))","tertiaryBgColor":"transparent","tertiaryBgHoverColor":"transparent","tertiaryBgActiveColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)","tertiaryBorder":"1px solid transparent","tertiaryBorderHover":"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","tertiaryBorderActive":"1px solid transparent","tertiaryBorderFocus":"1px solid transparent","tertiaryBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","destructiveTextColor":"var(--lia-bs-danger)","destructiveTextHoverColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.95))","destructiveTextActiveColor":"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) * 0.9))","destructiveBgColor":"var(--lia-bs-gray-200)","destructiveBgHoverColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))","destructiveBgActiveColor":"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))","destructiveBorder":"1px solid transparent","destructiveBorderHover":"1px solid transparent","destructiveBorderActive":"1px solid transparent","destructiveBorderFocus":"1px solid transparent","destructiveBoxShadowFocus":"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","__typename":"ButtonsThemeSettings"},"border":{"color":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","mainContent":"NONE","sideContent":"LIGHT","radiusSm":"3px","radius":"5px","radiusLg":"9px","radius50":"100vw","__typename":"BorderThemeSettings"},"boxShadow":{"xs":"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)","sm":"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)","md":"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","lg":"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)","__typename":"BoxShadowThemeSettings"},"cards":{"bgColor":"var(--lia-panel-bg-color)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":"var(--lia-box-shadow-xs)","__typename":"CardsThemeSettings"},"chip":{"maxWidth":"300px","height":"30px","__typename":"ChipThemeSettings"},"coreTypes":{"defaultMessageLinkColor":"var(--lia-bs-link-color)","defaultMessageLinkDecoration":"none","defaultMessageLinkFontStyle":"NORMAL","defaultMessageLinkFontWeight":"400","defaultMessageFontStyle":"NORMAL","defaultMessageFontWeight":"400","forumColor":"#4099E2","forumFontFamily":"var(--lia-bs-font-family-base)","forumFontWeight":"var(--lia-default-message-font-weight)","forumLineHeight":"var(--lia-bs-line-height-base)","forumFontStyle":"var(--lia-default-message-font-style)","forumMessageLinkColor":"var(--lia-default-message-link-color)","forumMessageLinkDecoration":"var(--lia-default-message-link-decoration)","forumMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","forumMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","forumSolvedColor":"#148563","blogColor":"#1CBAA0","blogFontFamily":"var(--lia-bs-font-family-base)","blogFontWeight":"var(--lia-default-message-font-weight)","blogLineHeight":"1.75","blogFontStyle":"var(--lia-default-message-font-style)","blogMessageLinkColor":"var(--lia-default-message-link-color)","blogMessageLinkDecoration":"var(--lia-default-message-link-decoration)","blogMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","blogMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","tkbColor":"#4C6B90","tkbFontFamily":"var(--lia-bs-font-family-base)","tkbFontWeight":"var(--lia-default-message-font-weight)","tkbLineHeight":"1.75","tkbFontStyle":"var(--lia-default-message-font-style)","tkbMessageLinkColor":"var(--lia-default-message-link-color)","tkbMessageLinkDecoration":"var(--lia-default-message-link-decoration)","tkbMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","tkbMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaColor":"#4099E2","qandaFontFamily":"var(--lia-bs-font-family-base)","qandaFontWeight":"var(--lia-default-message-font-weight)","qandaLineHeight":"var(--lia-bs-line-height-base)","qandaFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkColor":"var(--lia-default-message-link-color)","qandaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","qandaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","qandaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","qandaSolvedColor":"#3FA023","ideaColor":"#FF8000","ideaFontFamily":"var(--lia-bs-font-family-base)","ideaFontWeight":"var(--lia-default-message-font-weight)","ideaLineHeight":"var(--lia-bs-line-height-base)","ideaFontStyle":"var(--lia-default-message-font-style)","ideaMessageLinkColor":"var(--lia-default-message-link-color)","ideaMessageLinkDecoration":"var(--lia-default-message-link-decoration)","ideaMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","ideaMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","contestColor":"#FCC845","contestFontFamily":"var(--lia-bs-font-family-base)","contestFontWeight":"var(--lia-default-message-font-weight)","contestLineHeight":"var(--lia-bs-line-height-base)","contestFontStyle":"var(--lia-default-message-link-font-style)","contestMessageLinkColor":"var(--lia-default-message-link-color)","contestMessageLinkDecoration":"var(--lia-default-message-link-decoration)","contestMessageLinkFontStyle":"ITALIC","contestMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","occasionColor":"#D13A1F","occasionFontFamily":"var(--lia-bs-font-family-base)","occasionFontWeight":"var(--lia-default-message-font-weight)","occasionLineHeight":"var(--lia-bs-line-height-base)","occasionFontStyle":"var(--lia-default-message-font-style)","occasionMessageLinkColor":"var(--lia-default-message-link-color)","occasionMessageLinkDecoration":"var(--lia-default-message-link-decoration)","occasionMessageLinkFontStyle":"var(--lia-default-message-link-font-style)","occasionMessageLinkFontWeight":"var(--lia-default-message-link-font-weight)","grouphubColor":"#333333","categoryColor":"#949494","communityColor":"#FFFFFF","productColor":"#949494","__typename":"CoreTypesThemeSettings"},"colors":{"black":"#000000","white":"#FFFFFF","gray100":"#F7F7F7","gray200":"#F7F7F7","gray300":"#E8E8E8","gray400":"#D9D9D9","gray500":"#CCCCCC","gray600":"#717171","gray700":"#707070","gray800":"#545454","gray900":"#333333","dark":"#545454","light":"#F7F7F7","primary":"#0069D4","secondary":"#333333","bodyText":"#333333","bodyBg":"#FFFFFF","info":"#409AE2","success":"#41C5AE","warning":"#FCC844","danger":"#BC341B","alertSystem":"#FF6600","textMuted":"#707070","highlight":"#FFFCAD","outline":"var(--lia-bs-primary)","custom":["#D3F5A4","#243A5E"],"__typename":"ColorsThemeSettings"},"divider":{"size":"3px","marginLeft":"4px","marginRight":"4px","borderRadius":"50%","bgColor":"var(--lia-bs-gray-600)","bgColorActive":"var(--lia-bs-gray-600)","__typename":"DividerThemeSettings"},"dropdown":{"fontSize":"var(--lia-bs-font-size-sm)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius-sm)","dividerBg":"var(--lia-bs-gray-300)","itemPaddingY":"5px","itemPaddingX":"20px","headerColor":"var(--lia-bs-gray-700)","__typename":"DropdownThemeSettings"},"email":{"link":{"color":"#0069D4","hoverColor":"#0061c2","decoration":"none","hoverDecoration":"underline","__typename":"EmailLinkSettings"},"border":{"color":"#e4e4e4","__typename":"EmailBorderSettings"},"buttons":{"borderRadiusLg":"5px","paddingXLg":"16px","paddingYLg":"7px","fontWeight":"700","primaryTextColor":"#ffffff","primaryTextHoverColor":"#ffffff","primaryBgColor":"#0069D4","primaryBgHoverColor":"#005cb8","primaryBorder":"1px solid transparent","primaryBorderHover":"1px solid transparent","__typename":"EmailButtonsSettings"},"panel":{"borderRadius":"5px","borderColor":"#e4e4e4","__typename":"EmailPanelSettings"},"__typename":"EmailThemeSettings"},"emoji":{"skinToneDefault":"#ffcd43","skinToneLight":"#fae3c5","skinToneMediumLight":"#e2cfa5","skinToneMedium":"#daa478","skinToneMediumDark":"#a78058","skinToneDark":"#5e4d43","__typename":"EmojiThemeSettings"},"heading":{"color":"var(--lia-bs-body-color)","fontFamily":"Segoe UI","fontStyle":"NORMAL","fontWeight":"400","h1FontSize":"34px","h2FontSize":"32px","h3FontSize":"28px","h4FontSize":"24px","h5FontSize":"20px","h6FontSize":"16px","lineHeight":"1.3","subHeaderFontSize":"11px","subHeaderFontWeight":"500","h1LetterSpacing":"normal","h2LetterSpacing":"normal","h3LetterSpacing":"normal","h4LetterSpacing":"normal","h5LetterSpacing":"normal","h6LetterSpacing":"normal","subHeaderLetterSpacing":"2px","h1FontWeight":"var(--lia-bs-headings-font-weight)","h2FontWeight":"var(--lia-bs-headings-font-weight)","h3FontWeight":"var(--lia-bs-headings-font-weight)","h4FontWeight":"var(--lia-bs-headings-font-weight)","h5FontWeight":"var(--lia-bs-headings-font-weight)","h6FontWeight":"var(--lia-bs-headings-font-weight)","__typename":"HeadingThemeSettings"},"icons":{"size10":"10px","size12":"12px","size14":"14px","size16":"16px","size20":"20px","size24":"24px","size30":"30px","size40":"40px","size50":"50px","size60":"60px","size80":"80px","size120":"120px","size160":"160px","__typename":"IconsThemeSettings"},"imagePreview":{"bgColor":"var(--lia-bs-gray-900)","titleColor":"var(--lia-bs-white)","controlColor":"var(--lia-bs-white)","controlBgColor":"var(--lia-bs-gray-800)","__typename":"ImagePreviewThemeSettings"},"input":{"borderColor":"var(--lia-bs-gray-600)","disabledColor":"var(--lia-bs-gray-600)","focusBorderColor":"var(--lia-bs-primary)","labelMarginBottom":"10px","btnFontSize":"var(--lia-bs-font-size-sm)","focusBoxShadow":"0 0 0 3px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)","checkLabelMarginBottom":"2px","checkboxBorderRadius":"3px","borderRadiusSm":"var(--lia-bs-border-radius-sm)","borderRadius":"var(--lia-bs-border-radius)","borderRadiusLg":"var(--lia-bs-border-radius-lg)","formTextMarginTop":"4px","textAreaBorderRadius":"var(--lia-bs-border-radius)","activeFillColor":"var(--lia-bs-primary)","__typename":"InputThemeSettings"},"loading":{"dotDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)","dotLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.5)","barDarkColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.06)","barLightColor":"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l), 0.4)","__typename":"LoadingThemeSettings"},"link":{"color":"var(--lia-bs-primary)","hoverColor":"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) - 10%))","decoration":"none","hoverDecoration":"underline","__typename":"LinkThemeSettings"},"listGroup":{"itemPaddingY":"15px","itemPaddingX":"15px","borderColor":"var(--lia-bs-gray-300)","__typename":"ListGroupThemeSettings"},"modal":{"contentTextColor":"var(--lia-bs-body-color)","contentBg":"var(--lia-bs-white)","backgroundBg":"var(--lia-bs-black)","smSize":"440px","mdSize":"760px","lgSize":"1080px","backdropOpacity":0.3,"contentBoxShadowXs":"var(--lia-bs-box-shadow-sm)","contentBoxShadow":"var(--lia-bs-box-shadow)","headerFontWeight":"700","__typename":"ModalThemeSettings"},"navbar":{"position":"FIXED","background":{"attachment":null,"clip":null,"color":"var(--lia-bs-white)","imageAssetName":"","imageLastModified":"0","origin":null,"position":"CENTER_CENTER","repeat":"NO_REPEAT","size":"COVER","__typename":"BackgroundProps"},"backgroundOpacity":0.8,"paddingTop":"15px","paddingBottom":"15px","borderBottom":"1px solid var(--lia-bs-border-color)","boxShadow":"var(--lia-bs-box-shadow-sm)","brandMarginRight":"30px","brandMarginRightSm":"10px","brandLogoHeight":"30px","linkGap":"10px","linkJustifyContent":"flex-start","linkPaddingY":"5px","linkPaddingX":"10px","linkDropdownPaddingY":"9px","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkColor":"var(--lia-bs-body-color)","linkHoverColor":"var(--lia-bs-primary)","linkFontSize":"var(--lia-bs-font-size-sm)","linkFontStyle":"NORMAL","linkFontWeight":"400","linkTextTransform":"NONE","linkLetterSpacing":"normal","linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkBgColor":"transparent","linkBgHoverColor":"transparent","linkBorder":"none","linkBorderHover":"none","linkBoxShadow":"none","linkBoxShadowHover":"none","linkTextBorderBottom":"none","linkTextBorderBottomHover":"none","dropdownPaddingTop":"10px","dropdownPaddingBottom":"15px","dropdownPaddingX":"10px","dropdownMenuOffset":"2px","dropdownDividerMarginTop":"10px","dropdownDividerMarginBottom":"10px","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","controllerIconColor":"var(--lia-bs-body-color)","controllerIconHoverColor":"var(--lia-bs-body-color)","controllerTextColor":"var(--lia-nav-controller-icon-color)","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","controllerHighlightColor":"hsla(30, 100%, 50%)","controllerHighlightTextColor":"var(--lia-yiq-light)","controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerColor":"var(--lia-nav-controller-icon-color)","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","hamburgerBgColor":"transparent","hamburgerBgHoverColor":"transparent","hamburgerBorder":"none","hamburgerBorderHover":"none","collapseMenuMarginLeft":"20px","collapseMenuDividerBg":"var(--lia-nav-link-color)","collapseMenuDividerOpacity":0.16,"__typename":"NavbarThemeSettings"},"pager":{"textColor":"var(--lia-bs-link-color)","textFontWeight":"var(--lia-font-weight-md)","textFontSize":"var(--lia-bs-font-size-sm)","__typename":"PagerThemeSettings"},"panel":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-bs-border-radius)","borderColor":"var(--lia-bs-border-color)","boxShadow":"none","__typename":"PanelThemeSettings"},"popover":{"arrowHeight":"8px","arrowWidth":"16px","maxWidth":"300px","minWidth":"100px","headerBg":"var(--lia-bs-white)","borderColor":"var(--lia-bs-border-color)","borderRadius":"var(--lia-bs-border-radius)","boxShadow":"0 0.5rem 1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.15)","__typename":"PopoverThemeSettings"},"prism":{"color":"#000000","bgColor":"#f5f2f0","fontFamily":"var(--font-family-monospace)","fontSize":"var(--lia-bs-font-size-base)","fontWeightBold":"var(--lia-bs-font-weight-bold)","fontStyleItalic":"italic","tabSize":2,"highlightColor":"#b3d4fc","commentColor":"#62707e","punctuationColor":"#6f6f6f","namespaceOpacity":"0.7","propColor":"#990055","selectorColor":"#517a00","operatorColor":"#906736","operatorBgColor":"hsla(0, 0%, 100%, 0.5)","keywordColor":"#0076a9","functionColor":"#d3284b","variableColor":"#c14700","__typename":"PrismThemeSettings"},"rte":{"bgColor":"var(--lia-bs-white)","borderRadius":"var(--lia-panel-border-radius)","boxShadow":" var(--lia-panel-box-shadow)","customColor1":"#bfedd2","customColor2":"#fbeeb8","customColor3":"#f8cac6","customColor4":"#eccafa","customColor5":"#c2e0f4","customColor6":"#2dc26b","customColor7":"#f1c40f","customColor8":"#e03e2d","customColor9":"#b96ad9","customColor10":"#3598db","customColor11":"#169179","customColor12":"#e67e23","customColor13":"#ba372a","customColor14":"#843fa1","customColor15":"#236fa1","customColor16":"#ecf0f1","customColor17":"#ced4d9","customColor18":"#95a5a6","customColor19":"#7e8c8d","customColor20":"#34495e","customColor21":"#000000","customColor22":"#ffffff","defaultMessageHeaderMarginTop":"40px","defaultMessageHeaderMarginBottom":"20px","defaultMessageItemMarginTop":"0","defaultMessageItemMarginBottom":"10px","diffAddedColor":"hsla(170, 53%, 51%, 0.4)","diffChangedColor":"hsla(43, 97%, 63%, 0.4)","diffNoneColor":"hsla(0, 0%, 80%, 0.4)","diffRemovedColor":"hsla(9, 74%, 47%, 0.4)","specialMessageHeaderMarginTop":"40px","specialMessageHeaderMarginBottom":"20px","specialMessageItemMarginTop":"0","specialMessageItemMarginBottom":"10px","__typename":"RteThemeSettings"},"tags":{"bgColor":"var(--lia-bs-gray-200)","bgHoverColor":"var(--lia-bs-gray-400)","borderRadius":"var(--lia-bs-border-radius-sm)","color":"var(--lia-bs-body-color)","hoverColor":"var(--lia-bs-body-color)","fontWeight":"var(--lia-font-weight-md)","fontSize":"var(--lia-font-size-xxs)","textTransform":"UPPERCASE","letterSpacing":"0.5px","__typename":"TagsThemeSettings"},"toasts":{"borderRadius":"var(--lia-bs-border-radius)","paddingX":"12px","__typename":"ToastsThemeSettings"},"typography":{"fontFamilyBase":"Segoe UI","fontStyleBase":"NORMAL","fontWeightBase":"400","fontWeightLight":"300","fontWeightNormal":"400","fontWeightMd":"500","fontWeightBold":"700","letterSpacingSm":"normal","letterSpacingXs":"normal","lineHeightBase":"1.5","fontSizeBase":"16px","fontSizeXxs":"11px","fontSizeXs":"12px","fontSizeSm":"14px","fontSizeLg":"20px","fontSizeXl":"24px","smallFontSize":"14px","customFonts":[{"source":"SERVER","name":"Segoe UI","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"},{"style":"NORMAL","weight":"300","__typename":"FontStyleData"},{"style":"NORMAL","weight":"600","__typename":"FontStyleData"},{"style":"NORMAL","weight":"700","__typename":"FontStyleData"},{"style":"ITALIC","weight":"400","__typename":"FontStyleData"}],"assetNames":["SegoeUI-normal-400.woff2","SegoeUI-normal-300.woff2","SegoeUI-normal-600.woff2","SegoeUI-normal-700.woff2","SegoeUI-italic-400.woff2"],"__typename":"CustomFont"},{"source":"SERVER","name":"MWF Fluent Icons","styles":[{"style":"NORMAL","weight":"400","__typename":"FontStyleData"}],"assetNames":["MWFFluentIcons-normal-400.woff2"],"__typename":"CustomFont"}],"__typename":"TypographyThemeSettings"},"unstyledListItem":{"marginBottomSm":"5px","marginBottomMd":"10px","marginBottomLg":"15px","marginBottomXl":"20px","marginBottomXxl":"25px","__typename":"UnstyledListItemThemeSettings"},"yiq":{"light":"#ffffff","dark":"#000000","__typename":"YiqThemeSettings"},"colorLightness":{"primaryDark":0.36,"primaryLight":0.74,"primaryLighter":0.89,"primaryLightest":0.95,"infoDark":0.39,"infoLight":0.72,"infoLighter":0.85,"infoLightest":0.93,"successDark":0.24,"successLight":0.62,"successLighter":0.8,"successLightest":0.91,"warningDark":0.39,"warningLight":0.68,"warningLighter":0.84,"warningLightest":0.93,"dangerDark":0.41,"dangerLight":0.72,"dangerLighter":0.89,"dangerLightest":0.95,"__typename":"ColorLightnessThemeSettings"},"localOverride":false,"__typename":"Theme"},"localOverride":false},"CachedAsset:text:en_US-components/common/EmailVerification-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/common/EmailVerification-1743095130000","value":{"email.verification.title":"Email Verification Required","email.verification.message.update.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. To change your email, visit My Settings.","email.verification.message.resend.email":"To participate in the community, you must first verify your email address. The verification email was sent to {email}. Resend email."},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/Loading/LoadingDot-1743095130000","value":{"title":"Loading..."},"localOverride":false},"CachedAsset:quilt:o365.prod:pages/blogs/BlogMessagePage:board:SecurityCopilotBlog-1743150524577":{"__typename":"CachedAsset","id":"quilt:o365.prod:pages/blogs/BlogMessagePage:board:SecurityCopilotBlog-1743150524577","value":{"id":"BlogMessagePage","container":{"id":"Common","headerProps":{"backgroundImageProps":null,"backgroundColor":null,"addComponents":null,"removeComponents":["community.widget.bannerWidget"],"componentOrder":null,"__typename":"QuiltContainerSectionProps"},"headerComponentProps":{"community.widget.breadcrumbWidget":{"disableLastCrumbForDesktop":false}},"footerProps":null,"footerComponentProps":null,"items":[{"id":"blog-article","layout":"ONE_COLUMN","bgColor":null,"showTitle":null,"showDescription":null,"textPosition":null,"textColor":null,"sectionEditLevel":"LOCKED","bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"OneColumnQuiltSection","columnMap":{"main":[{"id":"blogs.widget.blogArticleWidget","className":"lia-blog-container","props":null,"__typename":"QuiltComponent"}],"__typename":"OneSectionColumns"}},{"id":"section-1729184836777","layout":"MAIN_SIDE","bgColor":"transparent","showTitle":false,"showDescription":false,"textPosition":"CENTER","textColor":"var(--lia-bs-body-color)","sectionEditLevel":null,"bgImage":null,"disableSpacing":null,"edgeToEdgeDisplay":null,"fullHeight":null,"showBorder":null,"__typename":"MainSideQuiltSection","columnMap":{"main":[],"side":[{"id":"custom.widget.Social_Sharing","className":null,"props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":true,"title":"Share","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"MainSideSectionColumns"}}],"__typename":"QuiltContainer"},"__typename":"Quilt","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-pages/blogs/BlogMessagePage-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-pages/blogs/BlogMessagePage-1743095130000","value":{"title":"{contextMessageSubject} | {communityTitle}","errorMissing":"This blog post cannot be found","name":"Blog Message Page","section.blog-article.title":"Blog Post","archivedMessageTitle":"This Content Has Been Archived","section.section-1729184836777.title":"","section.section-1729184836777.description":"","section.CncIde.title":"Blog Post","section.tifEmD.description":"","section.tifEmD.title":""},"localOverride":false},"CachedAsset:quiltWrapper:o365.prod:Common:1743150326779":{"__typename":"CachedAsset","id":"quiltWrapper:o365.prod:Common:1743150326779","value":{"id":"Common","header":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"community.widget.navbarWidget","props":{"showUserName":true,"showRegisterLink":true,"useIconLanguagePicker":true,"useLabelLanguagePicker":true,"className":"QuiltComponent_lia-component-edit-mode__0nCcm","links":{"sideLinks":[],"mainLinks":[{"children":[],"linkType":"INTERNAL","id":"gxcuf89792","params":{},"routeName":"CommunityPage"},{"children":[],"linkType":"EXTERNAL","id":"external-link","url":"/Directory","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft365","params":{"categoryId":"microsoft365"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-teams","params":{"categoryId":"MicrosoftTeams"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows","params":{"categoryId":"Windows"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-securityand-compliance","params":{"categoryId":"microsoft-security"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"outlook","params":{"categoryId":"Outlook"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"planner","params":{"categoryId":"Planner"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"windows-server","params":{"categoryId":"Windows-Server"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"azure","params":{"categoryId":"Azure"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"exchange","params":{"categoryId":"Exchange"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-endpoint-manager","params":{"categoryId":"microsoft-endpoint-manager"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-q-l-server","params":{"categoryId":"SQL-Server"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-2","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities","url":"/","target":"BLANK"},{"children":[{"linkType":"INTERNAL","id":"education-sector","params":{"categoryId":"EducationSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"a-i","params":{"categoryId":"AI"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"i-t-ops-talk","params":{"categoryId":"ITOpsTalk"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"partner-community","params":{"categoryId":"PartnerCommunity"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-mechanics","params":{"categoryId":"MicrosoftMechanics"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"healthcare-and-life-sciences","params":{"categoryId":"HealthcareAndLifeSciences"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"public-sector","params":{"categoryId":"PublicSector"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"io-t","params":{"categoryId":"IoT"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"driving-adoption","params":{"categoryId":"DrivingAdoption"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"s-m-b","params":{"categoryId":"SMB"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"startupsat-microsoft","params":{"categoryId":"StartupsatMicrosoft"},"routeName":"CategoryPage"},{"linkType":"EXTERNAL","id":"external-link-1","url":"/Directory","target":"SELF"}],"linkType":"EXTERNAL","id":"communities-1","url":"/","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external","url":"/Blogs","target":"SELF"},{"children":[],"linkType":"EXTERNAL","id":"external-1","url":"/Events","target":"SELF"},{"children":[{"linkType":"INTERNAL","id":"microsoft-learn-1","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"linkType":"INTERNAL","id":"microsoft-learn-blog","params":{"boardId":"MicrosoftLearnBlog","categoryId":"MicrosoftLearn"},"routeName":"BlogBoardPage"},{"linkType":"EXTERNAL","id":"external-10","url":"https://learningroomdirectory.microsoft.com/","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-3","url":"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-4","url":"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-5","url":"https://docs.microsoft.com/learn/topics/sci/?wt.mc_id=techcom_header-webpage-m365","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-6","url":"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-7","url":"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-8","url":"https://docs.microsoft.com/learn/teams/?wt.mc_id=techcom_header-webpage-teams","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-9","url":"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet","target":"BLANK"},{"linkType":"EXTERNAL","id":"external-2","url":"https://docs.microsoft.com/learn/azure/?WT.mc_id=techcom_header-webpage-m365","target":"BLANK"}],"linkType":"INTERNAL","id":"microsoft-learn","params":{"categoryId":"MicrosoftLearn"},"routeName":"CategoryPage"},{"children":[],"linkType":"INTERNAL","id":"community-info-center","params":{"categoryId":"Community-Info-Center"},"routeName":"CategoryPage"}]},"style":{"boxShadow":"var(--lia-bs-box-shadow-sm)","controllerHighlightColor":"hsla(30, 100%, 50%)","linkFontWeight":"400","dropdownDividerMarginBottom":"10px","hamburgerBorderHover":"none","linkBoxShadowHover":"none","linkFontSize":"14px","backgroundOpacity":0.8,"controllerBorderRadius":"var(--lia-border-radius-50)","hamburgerBgColor":"transparent","hamburgerColor":"var(--lia-nav-controller-icon-color)","linkTextBorderBottom":"none","brandLogoHeight":"30px","linkBgHoverColor":"transparent","linkLetterSpacing":"normal","collapseMenuDividerOpacity":0.16,"dropdownPaddingBottom":"15px","paddingBottom":"15px","dropdownMenuOffset":"2px","hamburgerBgHoverColor":"transparent","borderBottom":"1px solid var(--lia-bs-border-color)","hamburgerBorder":"none","dropdownPaddingX":"10px","brandMarginRightSm":"10px","linkBoxShadow":"none","collapseMenuDividerBg":"var(--lia-nav-link-color)","linkColor":"var(--lia-bs-body-color)","linkJustifyContent":"flex-start","dropdownPaddingTop":"10px","controllerHighlightTextColor":"var(--lia-yiq-dark)","controllerTextColor":"var(--lia-nav-controller-icon-color)","background":{"imageAssetName":"","color":"var(--lia-bs-white)","size":"COVER","repeat":"NO_REPEAT","position":"CENTER_CENTER","imageLastModified":""},"linkBorderRadius":"var(--lia-bs-border-radius-sm)","linkHoverColor":"var(--lia-bs-body-color)","position":"FIXED","linkBorder":"none","linkTextBorderBottomHover":"2px solid var(--lia-bs-body-color)","brandMarginRight":"30px","hamburgerHoverColor":"var(--lia-nav-controller-icon-color)","linkBorderHover":"none","collapseMenuMarginLeft":"20px","linkFontStyle":"NORMAL","controllerTextHoverColor":"var(--lia-nav-controller-icon-hover-color)","linkPaddingX":"10px","linkPaddingY":"5px","paddingTop":"15px","linkTextTransform":"NONE","dropdownBorderColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)","controllerBgHoverColor":"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)","linkBgColor":"transparent","linkDropdownPaddingX":"var(--lia-nav-link-px)","linkDropdownPaddingY":"9px","controllerIconColor":"var(--lia-bs-body-color)","dropdownDividerMarginTop":"10px","linkGap":"10px","controllerIconHoverColor":"var(--lia-bs-body-color)"},"showSearchIcon":false,"languagePickerStyle":"iconAndLabel"},"__typename":"QuiltComponent"},{"id":"community.widget.breadcrumbWidget","props":{"backgroundColor":"transparent","linkHighlightColor":"var(--lia-bs-primary)","visualEffects":{"showBottomBorder":true},"linkTextColor":"var(--lia-bs-gray-700)"},"__typename":"QuiltComponent"},{"id":"custom.widget.community_banner","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"usePageWidth":false,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"},{"id":"custom.widget.HeroBanner","props":{"widgetVisibility":"signedInOrAnonymous","usePageWidth":false,"useTitle":true,"cMax_items":3,"useBackground":false,"title":"","lazyLoad":false,"widgetChooser":"custom.widget.HeroBanner"},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"footer":{"backgroundImageProps":{"assetName":null,"backgroundSize":"COVER","backgroundRepeat":"NO_REPEAT","backgroundPosition":"CENTER_CENTER","lastModified":null,"__typename":"BackgroundImageProps"},"backgroundColor":"transparent","items":[{"id":"custom.widget.MicrosoftFooter","props":{"widgetVisibility":"signedInOrAnonymous","useTitle":true,"useBackground":false,"title":"","lazyLoad":false},"__typename":"QuiltComponent"}],"__typename":"QuiltWrapperSection"},"__typename":"QuiltWrapper","localOverride":false},"localOverride":false},"CachedAsset:text:en_US-components/common/ActionFeedback-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/common/ActionFeedback-1743095130000","value":{"joinedGroupHub.title":"Welcome","joinedGroupHub.message":"You are now a member of this group and are subscribed to updates.","groupHubInviteNotFound.title":"Invitation Not Found","groupHubInviteNotFound.message":"Sorry, we could not find your invitation to the group. The owner may have canceled the invite.","groupHubNotFound.title":"Group Not Found","groupHubNotFound.message":"The grouphub you tried to join does not exist. It may have been deleted.","existingGroupHubMember.title":"Already Joined","existingGroupHubMember.message":"You are already a member of this group.","accountLocked.title":"Account Locked","accountLocked.message":"Your account has been locked due to multiple failed attempts. Try again in {lockoutTime} minutes.","editedGroupHub.title":"Changes Saved","editedGroupHub.message":"Your group has been updated.","leftGroupHub.title":"Goodbye","leftGroupHub.message":"You are no longer a member of this group and will not receive future updates.","deletedGroupHub.title":"Deleted","deletedGroupHub.message":"The group has been deleted.","groupHubCreated.title":"Group Created","groupHubCreated.message":"{groupHubName} is ready to use","accountClosed.title":"Account Closed","accountClosed.message":"The account has been closed and you will now be redirected to the homepage","resetTokenExpired.title":"Reset Password Link has Expired","resetTokenExpired.message":"Try resetting your password again","invalidUrl.title":"Invalid URL","invalidUrl.message":"The URL you're using is not recognized. Verify your URL and try again.","accountClosedForUser.title":"Account Closed","accountClosedForUser.message":"{userName}'s account is closed","inviteTokenInvalid.title":"Invitation Invalid","inviteTokenInvalid.message":"Your invitation to the community has been canceled or expired.","inviteTokenError.title":"Invitation Verification Failed","inviteTokenError.message":"The url you are utilizing is not recognized. Verify your URL and try again","pageNotFound.title":"Access Denied","pageNotFound.message":"You do not have access to this area of the community or it doesn't exist","eventAttending.title":"Responded as Attending","eventAttending.message":"You'll be notified when there's new activity and reminded as the event approaches","eventInterested.title":"Responded as Interested","eventInterested.message":"You'll be notified when there's new activity and reminded as the event approaches","eventNotFound.title":"Event Not Found","eventNotFound.message":"The event you tried to respond to does not exist.","redirectToRelatedPage.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.title":"Showing Related Content","redirectToRelatedPageForBaseUsers.message":"The content you are trying to access is archived","redirectToRelatedPage.message":"The content you are trying to access is archived","relatedUrl.archivalLink.flyoutMessage":"The content you are trying to access is archived View Archived Content"},"localOverride":false},"CachedAsset:component:custom.widget.community_banner-en-1743150561112":{"__typename":"CachedAsset","id":"component:custom.widget.community_banner-en-1743150561112","value":{"component":{"id":"custom.widget.community_banner","template":{"id":"community_banner","markupLanguage":"HANDLEBARS","style":".community-banner {\n a.top-bar.btn {\n top: 0px;\n width: 100%;\n z-index: 999;\n text-align: center;\n left: 0px;\n background: #0068b8;\n color: white;\n padding: 10px 0px;\n display:block;\n box-shadow:none !important;\n border: none !important;\n border-radius: none !important;\n margin: 0px !important;\n font-size:14px;\n }\n}","texts":null,"defaults":{"config":{"applicablePages":[],"description":"community announcement text","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.community_banner","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"community announcement text","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_community_banner_community-banner_1a5zb_1 {\n a.custom_widget_community_banner_top-bar_1a5zb_2.custom_widget_community_banner_btn_1a5zb_2 {\n top: 0;\n width: 100%;\n z-index: 999;\n text-align: center;\n left: 0;\n background: #0068b8;\n color: white;\n padding: 0.625rem 0;\n display:block;\n box-shadow:none !important;\n border: none !important;\n border-radius: none !important;\n margin: 0 !important;\n font-size:0.875rem;\n }\n}","tokens":{"community-banner":"custom_widget_community_banner_community-banner_1a5zb_1","top-bar":"custom_widget_community_banner_top-bar_1a5zb_2","btn":"custom_widget_community_banner_btn_1a5zb_2"}},"form":null},"localOverride":false},"CachedAsset:component:custom.widget.HeroBanner-en-1743150561112":{"__typename":"CachedAsset","id":"component:custom.widget.HeroBanner-en-1743150561112","value":{"component":{"id":"custom.widget.HeroBanner","template":{"id":"HeroBanner","markupLanguage":"REACT","style":null,"texts":{"searchPlaceholderText":"Search this community","followActionText":"Follow","unfollowActionText":"Following","searchOnHoverText":"Please enter your search term(s) and then press return key to complete a search."},"defaults":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.HeroBanner","form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":null,"fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[{"id":"max_items","dataType":"NUMBER","list":false,"defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"control":"INPUT","__typename":"PropDefinition"}],"__typename":"ComponentProperties"},"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"},"__typename":"Component","localOverride":false},"globalCss":null,"form":{"fields":[{"id":"widgetChooser","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"title","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useTitle","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"useBackground","validation":null,"noValidation":null,"dataType":"BOOLEAN","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"widgetVisibility","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"moreOptions","validation":null,"noValidation":null,"dataType":"STRING","list":null,"control":null,"defaultValue":null,"label":null,"description":null,"possibleValues":null,"__typename":"FormField"},{"id":"cMax_items","validation":null,"noValidation":null,"dataType":"NUMBER","list":false,"control":"INPUT","defaultValue":"3","label":"Max Items","description":"The maximum number of items to display in the carousel","possibleValues":null,"__typename":"FormField"}],"layout":{"rows":[{"id":"widgetChooserGroup","type":"fieldset","as":null,"items":[{"id":"widgetChooser","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"titleGroup","type":"fieldset","as":null,"items":[{"id":"title","className":null,"__typename":"FormFieldRef"},{"id":"useTitle","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"useBackground","type":"fieldset","as":null,"items":[{"id":"useBackground","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"widgetVisibility","type":"fieldset","as":null,"items":[{"id":"widgetVisibility","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"moreOptionsGroup","type":"fieldset","as":null,"items":[{"id":"moreOptions","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"},{"id":"componentPropsGroup","type":"fieldset","as":null,"items":[{"id":"cMax_items","className":null,"__typename":"FormFieldRef"}],"props":null,"legend":null,"description":null,"className":null,"viewVariant":null,"toggleState":null,"__typename":"FormFieldset"}],"actionButtons":null,"className":"custom_widget_HeroBanner_form","formGroupFieldSeparator":"divider","__typename":"FormLayout"},"__typename":"Form"}},"localOverride":false},"CachedAsset:component:custom.widget.Social_Sharing-en-1743150561112":{"__typename":"CachedAsset","id":"component:custom.widget.Social_Sharing-en-1743150561112","value":{"component":{"id":"custom.widget.Social_Sharing","template":{"id":"Social_Sharing","markupLanguage":"HANDLEBARS","style":".social-share {\n .sharing-options {\n position: relative;\n margin: 0;\n padding: 0;\n line-height: 10px;\n display: flex;\n justify-content: left;\n gap: 5px;\n list-style-type: none;\n li {\n text-align: left;\n a {\n min-width: 30px;\n min-height: 30px;\n display: block;\n padding: 1px;\n .social-share-linkedin {\n img {\n background-color: rgb(0, 119, 181);\n }\n }\n .social-share-facebook {\n img {\n background-color: rgb(59, 89, 152);\n }\n }\n .social-share-x {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .social-share-rss {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .social-share-reddit {\n img {\n background-color: rgb(255, 69, 0);\n }\n }\n .social-share-email {\n img {\n background-color: rgb(132, 132, 132);\n }\n }\n }\n a {\n img {\n height: 2rem;\n }\n }\n }\n }\n}\n","texts":null,"defaults":{"config":{"applicablePages":[],"description":"Adds buttons to share to various social media websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.Social_Sharing","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"Adds buttons to share to various social media websites","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_Social_Sharing_social-share_c7xxz_1 {\n .custom_widget_Social_Sharing_sharing-options_c7xxz_2 {\n position: relative;\n margin: 0;\n padding: 0;\n line-height: 0.625rem;\n display: flex;\n justify-content: left;\n gap: 0.3125rem;\n list-style-type: none;\n li {\n text-align: left;\n a {\n min-width: 1.875rem;\n min-height: 1.875rem;\n display: block;\n padding: 0.0625rem;\n .custom_widget_Social_Sharing_social-share-linkedin_c7xxz_18 {\n img {\n background-color: rgb(0, 119, 181);\n }\n }\n .custom_widget_Social_Sharing_social-share-facebook_c7xxz_23 {\n img {\n background-color: rgb(59, 89, 152);\n }\n }\n .custom_widget_Social_Sharing_social-share-x_c7xxz_28 {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .custom_widget_Social_Sharing_social-share-rss_c7xxz_33 {\n img {\n background-color: rgb(0, 0, 0);\n }\n }\n .custom_widget_Social_Sharing_social-share-reddit_c7xxz_38 {\n img {\n background-color: rgb(255, 69, 0);\n }\n }\n .custom_widget_Social_Sharing_social-share-email_c7xxz_43 {\n img {\n background-color: rgb(132, 132, 132);\n }\n }\n }\n a {\n img {\n height: 2rem;\n }\n }\n }\n }\n}\n","tokens":{"social-share":"custom_widget_Social_Sharing_social-share_c7xxz_1","sharing-options":"custom_widget_Social_Sharing_sharing-options_c7xxz_2","social-share-linkedin":"custom_widget_Social_Sharing_social-share-linkedin_c7xxz_18","social-share-facebook":"custom_widget_Social_Sharing_social-share-facebook_c7xxz_23","social-share-x":"custom_widget_Social_Sharing_social-share-x_c7xxz_28","social-share-rss":"custom_widget_Social_Sharing_social-share-rss_c7xxz_33","social-share-reddit":"custom_widget_Social_Sharing_social-share-reddit_c7xxz_38","social-share-email":"custom_widget_Social_Sharing_social-share-email_c7xxz_43"}},"form":null},"localOverride":false},"CachedAsset:component:custom.widget.MicrosoftFooter-en-1743150561112":{"__typename":"CachedAsset","id":"component:custom.widget.MicrosoftFooter-en-1743150561112","value":{"component":{"id":"custom.widget.MicrosoftFooter","template":{"id":"MicrosoftFooter","markupLanguage":"HANDLEBARS","style":".context-uhf {\n min-width: 280px;\n font-size: 15px;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.c-uhff-link {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.c-uhff {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.c-uhff-nav {\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n .c-heading-4 {\n color: #616161;\n word-break: break-word;\n font-size: 15px;\n line-height: 20px;\n padding: 36px 0 4px;\n font-weight: 600;\n }\n .c-uhff-nav-row {\n .c-uhff-nav-group {\n display: block;\n float: left;\n min-height: 1px;\n vertical-align: text-top;\n padding: 0 12px;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 12px;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.c-list.f-bare {\n font-size: 11px;\n line-height: 16px;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 8px 0;\n margin: 0;\n }\n }\n }\n }\n}\n.c-uhff-base {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(1600px + 10%);\n padding: 30px 5% 16px;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.c-uhff-ccpa {\n font-size: 11px;\n line-height: 16px;\n float: left;\n margin: 3px 0;\n }\n a.c-uhff-ccpa:hover {\n text-decoration: underline;\n }\n ul.c-list {\n font-size: 11px;\n line-height: 16px;\n float: right;\n margin: 3px 0;\n color: #616161;\n li {\n padding: 0 24px 4px 0;\n display: inline-block;\n }\n }\n .c-list.f-bare {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 30px 24px 16px;\n }\n}\n","texts":{"New tab":"What's New","New 1":"Surface Laptop Studio 2","New 2":"Surface Laptop Go 3","New 3":"Surface Pro 9","New 4":"Surface Laptop 5","New 5":"Surface Studio 2+","New 6":"Copilot in Windows","New 7":"Microsoft 365","New 8":"Windows 11 apps","Store tab":"Microsoft Store","Store 1":"Account Profile","Store 2":"Download Center","Store 3":"Microsoft Store Support","Store 4":"Returns","Store 5":"Order tracking","Store 6":"Certified Refurbished","Store 7":"Microsoft Store Promise","Store 8":"Flexible Payments","Education tab":"Education","Edu 1":"Microsoft in education","Edu 2":"Devices for education","Edu 3":"Microsoft Teams for Education","Edu 4":"Microsoft 365 Education","Edu 5":"How to buy for your school","Edu 6":"Educator Training and development","Edu 7":"Deals for students and parents","Edu 8":"Azure for students","Business tab":"Business","Bus 1":"Microsoft Cloud","Bus 2":"Microsoft Security","Bus 3":"Dynamics 365","Bus 4":"Microsoft 365","Bus 5":"Microsoft Power Platform","Bus 6":"Microsoft Teams","Bus 7":"Microsoft Industry","Bus 8":"Small Business","Developer tab":"Developer & IT","Dev 1":"Azure","Dev 2":"Developer Center","Dev 3":"Documentation","Dev 4":"Microsoft Learn","Dev 5":"Microsoft Tech Community","Dev 6":"Azure Marketplace","Dev 7":"AppSource","Dev 8":"Visual Studio","Company tab":"Company","Com 1":"Careers","Com 2":"About Microsoft","Com 3":"Company News","Com 4":"Privacy at Microsoft","Com 5":"Investors","Com 6":"Diversity and inclusion","Com 7":"Accessiblity","Com 8":"Sustainibility"},"defaults":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"components":[{"id":"custom.widget.MicrosoftFooter","form":null,"config":null,"props":[],"__typename":"Component"}],"grouping":"CUSTOM","__typename":"ComponentTemplate"},"properties":{"config":{"applicablePages":[],"description":"The Microsoft Footer","fetchedContent":null,"__typename":"ComponentConfiguration"},"props":[],"__typename":"ComponentProperties"},"form":null,"__typename":"Component","localOverride":false},"globalCss":{"css":".custom_widget_MicrosoftFooter_context-uhf_f95yq_1 {\n min-width: 17.5rem;\n font-size: 0.9375rem;\n box-sizing: border-box;\n -ms-text-size-adjust: 100%;\n -webkit-text-size-adjust: 100%;\n & *,\n & *:before,\n & *:after {\n box-sizing: inherit;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-link_f95yq_12 {\n color: #616161;\n word-break: break-word;\n text-decoration: none;\n }\n &a:link,\n &a:focus,\n &a:hover,\n &a:active,\n &a:visited {\n text-decoration: none;\n color: inherit;\n }\n & div {\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff_f95yq_12 {\n background: #f2f2f2;\n margin: -1.5625;\n width: auto;\n height: auto;\n}\n.custom_widget_MicrosoftFooter_c-uhff-nav_f95yq_35 {\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 0 5%;\n box-sizing: inherit;\n &:before,\n &:after {\n content: ' ';\n display: table;\n clear: left;\n }\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n .custom_widget_MicrosoftFooter_c-heading-4_f95yq_49 {\n color: #616161;\n word-break: break-word;\n font-size: 0.9375rem;\n line-height: 1.25rem;\n padding: 2.25rem 0 0.25rem;\n font-weight: 600;\n }\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_f95yq_57 {\n .custom_widget_MicrosoftFooter_c-uhff-nav-group_f95yq_58 {\n display: block;\n float: left;\n min-height: 0.0625rem;\n vertical-align: text-top;\n padding: 0 0.75rem;\n width: 100%;\n zoom: 1;\n &:first-child {\n padding-left: 0;\n @media only screen and (max-width: 1083px) {\n padding-left: 0.75rem;\n }\n }\n @media only screen and (min-width: 540px) and (max-width: 1082px) {\n width: 33.33333%;\n }\n @media only screen and (min-width: 1083px) {\n width: 16.6666666667%;\n }\n ul.custom_widget_MicrosoftFooter_c-list_f95yq_78.custom_widget_MicrosoftFooter_f-bare_f95yq_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n margin-top: 0;\n margin-bottom: 0;\n padding-left: 0;\n list-style-type: none;\n li {\n word-break: break-word;\n padding: 0.5rem 0;\n margin: 0;\n }\n }\n }\n }\n}\n.custom_widget_MicrosoftFooter_c-uhff-base_f95yq_94 {\n background: #f2f2f2;\n margin: 0 auto;\n max-width: calc(100rem + 10%);\n padding: 1.875rem 5% 1rem;\n &:before,\n &:after {\n content: ' ';\n display: table;\n }\n &:after {\n clear: both;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_f95yq_107 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: left;\n margin: 0.1875rem 0;\n }\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_f95yq_107:hover {\n text-decoration: underline;\n }\n ul.custom_widget_MicrosoftFooter_c-list_f95yq_78 {\n font-size: 0.6875rem;\n line-height: 1rem;\n float: right;\n margin: 0.1875rem 0;\n color: #616161;\n li {\n padding: 0 1.5rem 0.25rem 0;\n display: inline-block;\n }\n }\n .custom_widget_MicrosoftFooter_c-list_f95yq_78.custom_widget_MicrosoftFooter_f-bare_f95yq_78 {\n padding-left: 0;\n list-style-type: none;\n }\n @media only screen and (max-width: 1083px) {\n display: flex;\n flex-wrap: wrap;\n padding: 1.875rem 1.5rem 1rem;\n }\n}\n","tokens":{"context-uhf":"custom_widget_MicrosoftFooter_context-uhf_f95yq_1","c-uhff-link":"custom_widget_MicrosoftFooter_c-uhff-link_f95yq_12","c-uhff":"custom_widget_MicrosoftFooter_c-uhff_f95yq_12","c-uhff-nav":"custom_widget_MicrosoftFooter_c-uhff-nav_f95yq_35","c-heading-4":"custom_widget_MicrosoftFooter_c-heading-4_f95yq_49","c-uhff-nav-row":"custom_widget_MicrosoftFooter_c-uhff-nav-row_f95yq_57","c-uhff-nav-group":"custom_widget_MicrosoftFooter_c-uhff-nav-group_f95yq_58","c-list":"custom_widget_MicrosoftFooter_c-list_f95yq_78","f-bare":"custom_widget_MicrosoftFooter_f-bare_f95yq_78","c-uhff-base":"custom_widget_MicrosoftFooter_c-uhff-base_f95yq_94","c-uhff-ccpa":"custom_widget_MicrosoftFooter_c-uhff-ccpa_f95yq_107"}},"form":null},"localOverride":false},"CachedAsset:text:en_US-components/community/Breadcrumb-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Breadcrumb-1743095130000","value":{"navLabel":"Breadcrumbs","dropdown":"Additional parent page navigation"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBanner-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBanner-1743095130000","value":{"messageMarkedAsSpam":"This post has been marked as spam","messageMarkedAsSpam@board:TKB":"This article has been marked as spam","messageMarkedAsSpam@board:BLOG":"This post has been marked as spam","messageMarkedAsSpam@board:FORUM":"This discussion has been marked as spam","messageMarkedAsSpam@board:OCCASION":"This event has been marked as spam","messageMarkedAsSpam@board:IDEA":"This idea has been marked as spam","manageSpam":"Manage Spam","messageMarkedAsAbuse":"This post has been marked as abuse","messageMarkedAsAbuse@board:TKB":"This article has been marked as abuse","messageMarkedAsAbuse@board:BLOG":"This post has been marked as abuse","messageMarkedAsAbuse@board:FORUM":"This discussion has been marked as abuse","messageMarkedAsAbuse@board:OCCASION":"This event has been marked as abuse","messageMarkedAsAbuse@board:IDEA":"This idea has been marked as abuse","preModCommentAuthorText":"This comment will be published as soon as it is approved","preModCommentModeratorText":"This comment is awaiting moderation","messageMarkedAsOther":"This post has been rejected due to other reasons","messageMarkedAsOther@board:TKB":"This article has been rejected due to other reasons","messageMarkedAsOther@board:BLOG":"This post has been rejected due to other reasons","messageMarkedAsOther@board:FORUM":"This discussion has been rejected due to other reasons","messageMarkedAsOther@board:OCCASION":"This event has been rejected due to other reasons","messageMarkedAsOther@board:IDEA":"This idea has been rejected due to other reasons","messageArchived":"This post was archived on {date}","relatedUrl":"View Related Content","relatedContentText":"Showing related content","archivedContentLink":"View Archived Content"},"localOverride":false},"Category:category:Exchange":{"__typename":"Category","id":"category:Exchange","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Planner":{"__typename":"Category","id":"category:Planner","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Outlook":{"__typename":"Category","id":"category:Outlook","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Community-Info-Center":{"__typename":"Category","id":"category:Community-Info-Center","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:EducationSector":{"__typename":"Category","id":"category:EducationSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:DrivingAdoption":{"__typename":"Category","id":"category:DrivingAdoption","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Azure":{"__typename":"Category","id":"category:Azure","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows-Server":{"__typename":"Category","id":"category:Windows-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:SQL-Server":{"__typename":"Category","id":"category:SQL-Server","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftTeams":{"__typename":"Category","id":"category:MicrosoftTeams","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PublicSector":{"__typename":"Category","id":"category:PublicSector","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft365":{"__typename":"Category","id":"category:microsoft365","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:IoT":{"__typename":"Category","id":"category:IoT","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:HealthcareAndLifeSciences":{"__typename":"Category","id":"category:HealthcareAndLifeSciences","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:SMB":{"__typename":"Category","id":"category:SMB","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:ITOpsTalk":{"__typename":"Category","id":"category:ITOpsTalk","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:microsoft-endpoint-manager":{"__typename":"Category","id":"category:microsoft-endpoint-manager","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftLearn":{"__typename":"Category","id":"category:MicrosoftLearn","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Blog:board:MicrosoftLearnBlog":{"__typename":"Blog","id":"board:MicrosoftLearnBlog","blogPolicies":{"__typename":"BlogPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}},"boardPolicies":{"__typename":"BoardPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:AI":{"__typename":"Category","id":"category:AI","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:MicrosoftMechanics":{"__typename":"Category","id":"category:MicrosoftMechanics","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:StartupsatMicrosoft":{"__typename":"Category","id":"category:StartupsatMicrosoft","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:PartnerCommunity":{"__typename":"Category","id":"category:PartnerCommunity","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"Category:category:Windows":{"__typename":"Category","id":"category:Windows","categoryPolicies":{"__typename":"CategoryPolicies","canReadNode":{"__typename":"PolicyResult","failureReason":null}}},"QueryVariables:TopicReplyList:message:4251623:16":{"__typename":"QueryVariables","id":"TopicReplyList:message:4251623:16","value":{"id":"message:4251623","first":10,"sorts":{"postTime":{"direction":"DESC"}},"repliesFirst":3,"repliesFirstDepthThree":1,"repliesSorts":{"postTime":{"direction":"DESC"}},"useAvatar":true,"useAuthorLogin":true,"useAuthorRank":true,"useBody":true,"useKudosCount":true,"useTimeToRead":false,"useMedia":false,"useReadOnlyIcon":false,"useRepliesCount":true,"useSearchSnippet":false,"useAcceptedSolutionButton":false,"useSolvedBadge":false,"useAttachments":false,"attachmentsFirst":5,"useTags":true,"useNodeAncestors":false,"useUserHoverCard":false,"useNodeHoverCard":false,"useModerationStatus":true,"usePreviewSubjectModal":false,"useMessageStatus":true}},"ROOT_MUTATION":{"__typename":"Mutation"},"CachedAsset:text:en_US-components/community/Navbar-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/community/Navbar-1743095130000","value":{"community":"Community Home","inbox":"Inbox","manageContent":"Manage Content","tos":"Terms of Service","forgotPassword":"Forgot Password","themeEditor":"Theme Editor","edit":"Edit Navigation Bar","skipContent":"Skip to content","gxcuf89792":"Tech Community","external-1":"Events","s-m-b":"Small and Medium Businesses","windows-server":"Windows Server","education-sector":"Education Sector","driving-adoption":"Driving Adoption","microsoft-learn":"Microsoft Learn","s-q-l-server":"SQL Server","partner-community":"Microsoft Partner Community","microsoft365":"Microsoft 365","external-9":".NET","external-8":"Teams","external-7":"Github","products-services":"Products","external-6":"Power Platform","communities-1":"Topics","external-5":"Microsoft Security","planner":"Planner","external-4":"Microsoft 365","external-3":"Dynamics 365","azure":"Azure","healthcare-and-life-sciences":"Healthcare and Life Sciences","external-2":"Azure","microsoft-mechanics":"Microsoft Mechanics","microsoft-learn-1":"Community","external-10":"Learning Room Directory","microsoft-learn-blog":"Blog","windows":"Windows","i-t-ops-talk":"ITOps Talk","external-link-1":"View All","microsoft-securityand-compliance":"Microsoft Security","public-sector":"Public Sector","community-info-center":"Lounge","external-link-2":"View All","microsoft-teams":"Microsoft Teams","external":"Blogs","microsoft-endpoint-manager":"Microsoft Intune and Configuration Manager","startupsat-microsoft":"Startups at Microsoft","exchange":"Exchange","a-i":"AI and Machine Learning","io-t":"Internet of Things (IoT)","outlook":"Outlook","external-link":"Community Hubs","communities":"Products"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarHamburgerDropdown-1743095130000","value":{"hamburgerLabel":"Side Menu"},"localOverride":false},"CachedAsset:text:en_US-components/community/BrandLogo-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/community/BrandLogo-1743095130000","value":{"logoAlt":"Khoros","themeLogoAlt":"Brand Logo"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarTextLinks-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarTextLinks-1743095130000","value":{"more":"More"},"localOverride":false},"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/authentication/AuthenticationLink-1743095130000","value":{"title.login":"Sign In","title.registration":"Register","title.forgotPassword":"Forgot Password","title.multiAuthLogin":"Sign In"},"localOverride":false},"CachedAsset:text:en_US-components/nodes/NodeLink-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/nodes/NodeLink-1743095130000","value":{"place":"Place {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageView/MessageViewStandard-1743095130000","value":{"anonymous":"Anonymous","author":"{messageAuthorLogin}","authorBy":"{messageAuthorLogin}","board":"{messageBoardTitle}","replyToUser":" to {parentAuthor}","showMoreReplies":"Show More","replyText":"Reply","repliesText":"Replies","markedAsSolved":"Marked as Solved","movedMessagePlaceholder.BLOG":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.TKB":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.FORUM":"{count, plural, =0 {This reply has been} other {These replies have been} }","movedMessagePlaceholder.IDEA":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholder.OCCASION":"{count, plural, =0 {This comment has been} other {These comments have been} }","movedMessagePlaceholderUrlText":"moved.","messageStatus":"Status: ","statusChanged":"Status changed: {previousStatus} to {currentStatus}","statusAdded":"Status added: {status}","statusRemoved":"Status removed: {status}","labelExpand":"expand replies","labelCollapse":"collapse replies","unhelpfulReason.reason1":"Content is outdated","unhelpfulReason.reason2":"Article is missing information","unhelpfulReason.reason3":"Content is for a different Product","unhelpfulReason.reason4":"Doesn't match what I was searching for"},"localOverride":false},"CachedAsset:text:en_US-components/messages/ThreadedReplyList-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/ThreadedReplyList-1743095130000","value":{"title":"{count, plural, one{# Reply} other{# Replies}}","title@board:BLOG":"{count, plural, one{# Comment} other{# Comments}}","title@board:TKB":"{count, plural, one{# Comment} other{# Comments}}","title@board:IDEA":"{count, plural, one{# Comment} other{# Comments}}","title@board:OCCASION":"{count, plural, one{# Comment} other{# Comments}}","noRepliesTitle":"No Replies","noRepliesTitle@board:BLOG":"No Comments","noRepliesTitle@board:TKB":"No Comments","noRepliesTitle@board:IDEA":"No Comments","noRepliesTitle@board:OCCASION":"No Comments","noRepliesDescription":"Be the first to reply","noRepliesDescription@board:BLOG":"Be the first to comment","noRepliesDescription@board:TKB":"Be the first to comment","noRepliesDescription@board:IDEA":"Be the first to comment","noRepliesDescription@board:OCCASION":"Be the first to comment","messageReadOnlyAlert:BLOG":"Comments have been turned off for this post","messageReadOnlyAlert:TKB":"Comments have been turned off for this article","messageReadOnlyAlert:IDEA":"Comments have been turned off for this idea","messageReadOnlyAlert:FORUM":"Replies have been turned off for this discussion","messageReadOnlyAlert:OCCASION":"Comments have been turned off for this event"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyCallToAction-1743095130000","value":{"leaveReply":"Leave a reply...","leaveReply@board:BLOG@message:root":"Leave a comment...","leaveReply@board:TKB@message:root":"Leave a comment...","leaveReply@board:IDEA@message:root":"Leave a comment...","leaveReply@board:OCCASION@message:root":"Leave a comment...","repliesTurnedOff.FORUM":"Replies are turned off for this topic","repliesTurnedOff.BLOG":"Comments are turned off for this topic","repliesTurnedOff.TKB":"Comments are turned off for this topic","repliesTurnedOff.IDEA":"Comments are turned off for this topic","repliesTurnedOff.OCCASION":"Comments are turned off for this topic","infoText":"Stop poking me!"},"localOverride":false},"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/community/NavbarDropdownToggle-1743095130000","value":{"ariaLabelClosed":"Press the down arrow to open the menu"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/common/QueryHandler-1743095130000","value":{"title":"Query Handler"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCoverImage-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCoverImage-1743095130000","value":{"coverImageTitle":"Cover Image"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeTitle-1743095130000","value":{"nodeTitle":"{nodeTitle, select, community {Community} other {{nodeTitle}}} "},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTimeToRead-1743095130000","value":{"minReadText":"{min} MIN READ"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageSubject-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageSubject-1743095130000","value":{"noSubject":"(no subject)"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserLink-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserLink-1743095130000","value":{"authorName":"View Profile: {author}","anonymous":"Anonymous"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserRank-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserRank-1743095130000","value":{"rankName":"{rankName}","userRank":"Author rank {rankName}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageTime-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageTime-1743095130000","value":{"postTime":"Published: {time}","lastPublishTime":"Last Update: {time}","conversation.lastPostingActivityTime":"Last posting activity time: {time}","conversation.lastPostTime":"Last post time: {time}","moderationData.rejectTime":"Rejected time: {time}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageBody-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageBody-1743095130000","value":{"showMessageBody":"Show More","mentionsErrorTitle":"{mentionsType, select, board {Board} user {User} message {Message} other {}} No Longer Available","mentionsErrorMessage":"The {mentionsType} you are trying to view has been removed from the community.","videoProcessing":"Video is being processed. Please try again in a few minutes.","bannerTitle":"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the provider's site.","buttonTitle":"Accept","urlText":"watch"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageCustomFields-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageCustomFields-1743095130000","value":{"CustomField.default.label":"Value of {name}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageRevision-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageRevision-1743095130000","value":{"lastUpdatedDatePublished":"{publishCount, plural, one{Published} other{Updated}} {date}","lastUpdatedDateDraft":"Created {date}","version":"Version {major}.{minor}"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageReplyButton-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageReplyButton-1743095130000","value":{"repliesCount":"{count}","title":"Reply","title@board:BLOG@message:root":"Comment","title@board:TKB@message:root":"Comment","title@board:IDEA@message:root":"Comment","title@board:OCCASION@message:root":"Comment"},"localOverride":false},"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/messages/MessageAuthorBio-1743095130000","value":{"sendMessage":"Send Message","actionMessage":"Follow this blog board to get notified when there's new activity","coAuthor":"CO-PUBLISHER","contributor":"CONTRIBUTOR","userProfile":"View Profile","iconlink":"Go to {name} {type}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/users/UserAvatar-1743095130000","value":{"altText":"{login}'s avatar","altTextGeneric":"User's avatar"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/ranks/UserRankLabel-1743095130000","value":{"altTitle":"Icon for {rankName} rank"},"localOverride":false},"CachedAsset:text:en_US-components/users/UserRegistrationDate-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/users/UserRegistrationDate-1743095130000","value":{"noPrefix":"{date}","withPrefix":"Joined {date}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeAvatar-1743095130000","value":{"altTitle":"Node avatar for {nodeTitle}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeDescription-1743095130000","value":{"description":"{description}"},"localOverride":false},"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-components/tags/TagView/TagViewChip-1743095130000","value":{"tagLabelName":"Tag name {tagName}"},"localOverride":false},"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1743095130000":{"__typename":"CachedAsset","id":"text:en_US-shared/client/components/nodes/NodeIcon-1743095130000","value":{"contentType":"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge Base} IDEA {Ideas} OCCASION {Events} other {}} icon"},"localOverride":false}}}},"page":"/blogs/BlogMessagePage/BlogMessagePage","query":{"boardId":"securitycopilotblog","messageSubject":"case-study-harnessing-copilot-for-security-in-defending-against-cyberthreats","messageId":"4251623"},"buildId":"HEhyUrv5OXNBIbfCLaOrw","runtimeConfig":{"buildInformationVisible":false,"logLevelApp":"info","logLevelMetrics":"info","openTelemetryClientEnabled":false,"openTelemetryConfigName":"o365","openTelemetryServiceVersion":"25.1.0","openTelemetryUniverse":"prod","openTelemetryCollector":"http://localhost:4318","openTelemetryRouteChangeAllowedTime":"5000","apolloDevToolsEnabled":false,"inboxMuteWipFeatureEnabled":false},"isFallback":false,"isExperimentalCompile":false,"dynamicIds":["./components/community/Navbar/NavbarWidget.tsx","./components/community/Breadcrumb/BreadcrumbWidget.tsx","./components/customComponent/CustomComponent/CustomComponent.tsx","./components/blogs/BlogArticleWidget/BlogArticleWidget.tsx","./components/external/components/ExternalComponent.tsx","./components/messages/MessageView/MessageViewStandard/MessageViewStandard.tsx","./components/messages/ThreadedReplyList/ThreadedReplyList.tsx","../shared/client/components/common/List/UnwrappedList/UnwrappedList.tsx","./components/tags/TagView/TagView.tsx","./components/tags/TagView/TagViewChip/TagViewChip.tsx"],"appGip":true,"scriptLoader":[{"id":"analytics","src":"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1730819800000/analytics.js?page.id=BlogMessagePage&entity.id=board%3Asecuritycopilotblog&entity.id=message%3A4251623","strategy":"afterInteractive"}]}
Microsoft
