New controls for model governance and secure access to on-premises or custom VNET resources
Learn how to create an allowed model listfor the Azure AI model catalog, plus a new way to accesson-premises and custom VNET resources from your managed VNETfor your training, fine-tuning, and inferencing scenarios.Discover the Azure AI Training Profiler: Transforming Large-Scale AI Jobs
Meet the AI Training Profiler Large-scale AI training can be complicated, especially in distributed environments like healthcare, finance, and e-commerce, where the need for accuracy, speed, and massive data processing is crucial. Efficiently managing hardware resources, ensuring smooth parallelism, and minimizing bottlenecks are crucial for optimal performance. The AI Training Profiler powered by PyTorch Profiler inAzure Machine Learning is here to help! By giving you detailed visibility into hardware and software metrics, this tool helps you spot inefficiencies, make the best use of resources, and scale your training workflows like a pro. Why Choose the AI Training Profiler? Running large AI training jobs on distributed infrastructure is inherently complex, and inefficiencies can quickly escalate into increased costs and delays in deploying models. The AI Training Profiler addresses these issues by providing a comprehensive breakdown of compute resource usage throughout the training lifecycle. This enables users to fine-tune and streamline their AI workflows, yielding several key benefits: Improved Performance: Identify bottlenecks and inefficiencies, such as slow data loading or underutilized GPUs, to enhance training throughput. Reduced Costs: Detect idle or underused resources, thereby minimizing compute time and hardware expenses. Faster Debugging: Leverage real-time monitoring and intuitive visualizations to troubleshoot performance issues swiftly. Key Features of the AI Training Profiler GPU Core and Tensor Core Utilization The profiler meticulously tracks GPU kernel execution, reporting utilization metrics such as time spent on forward and backward passes, tensor core operations, and other computation-heavy tasks. This detailed breakdown enables users to pinpoint under-utilized resources and optimize kernel execution patterns. Memory Profiling Memory Allocation and Peak Usage: Monitors GPU memory usage throughout the training process, offering insights into underutilized or over-allocated memory. CUDA Memory Footprint: Visualizes memory consumption during forward/backward propagation and optimizer steps to identify bottlenecks or fragmentation. Page Fault and Out-of-Memory Events: Detects critical events that could slow training or cause job failures due to insufficient memory allocation. Kernel Execution Metrics Kernel Execution Time: Provides per-kernel timing, breaking down execution into compute-bound and memory-bound operations, allowing users to discern whether performance bottlenecks stem from inefficient kernel launches or memory access patterns. Instruction-level Performance: Measures IPC (Instructions Per Cycle) to understand kernel-level performance and identify inefficient operations. Distributed Training Communication Primitives: Captures inter-GPU and inter-node communication patterns, focusing on the performance of primitives like AllReduce, AllGather, and Broadcast in multi-GPU training. This helps users identify communication bottlenecks such as imbalanced data distribution or excessive communication overhead. Synchronization Events: Measures the time spent on synchronization barriers between GPUs, highlighting where parallel execution is slowed by synchronization. Getting Started with the Profiling Process Using the AI Training Profiler is a breeze! Activate it when you launch a job, either through the CLI or our platform’s user-friendly interface. Here are the three environment variables you need to set: Enable/Disable the Profiler: ENABLE_AZUREML_TRAINING_PROFILER: 'true' Configure Trace Capture Duration: AZUREML_PROFILER_RUN_DURATION_MILLISECOND: '50000' Delay the Start of Trace Capturing: AZUREML_PROFILER_WAIT_DURATION_SECOND: '1200' Once your training job is running, the profiler collects metrics and stores them centrally. After the run, this data is analyzed to give you visual insights into critical metrics like kernel execution times. Use Cases The AI Training Profiler is a game-changer for fine-tuning large language models and other extensive architectures. By ensuring efficient GPU utilization and minimizing distributed training costs, this tool helps organizations get the most out of their infrastructure, whether they're working on cutting-edge models or refining existing workflows. In conclusion, the AI Training Profiler is a must-have for teams running large-scale AI training jobs. It offers the visibility and control needed to optimize resource utilization, reduce costs, and accelerate time to results. Embrace the future of AI training optimization with the AI Training Profiler and unlock the full potential of your AI endeavors. How to Get Started? The feature is available as a preview, you can just set up the environment variables and start using the profiler! Stay tuned for future repository with many samples that you can use as well!December 2024 Feature Updates
The Azure Communication Services team is excited to share several new product and feature updates released in September through December 2024. (You can view previous blog articles.) As the year ends, we have many features that are being released, and for readability have organized these features into three areas: Front-end APIs for voice and video calling. Noise suppression, new components in the open-source iOS and Android UI libraries, and new Teams interop features help virtual meeting and contact center applications deliver a high-quality end-user communication experience. Back-end APIs for voice and video calling. The Rooms and Call Automation APIs enable your services to route, manage, and structure both scheduled and unscheduled VOIP and video calling. We’ve added new capabilities for contact center applications and PSTN-enabled virtual meetings. APIs for SMS and Email. New 10DLC phone numbers supported and enhanced email APIs improve the effectiveness and scale of your SMS and email conversations and campaigns. Client (front-end) APIs for Voice & Video Calling Improve audio quality by enabling advanced Noise Suppression on Web Desktop browsers Status: GA Azure Communications Services now includes background audio noise suppression in its WebJS Calling SDK. This feature improves call quality by reducing background noise and ensuring that the speaker's voice remains clear and understandable. This technology is useful in environments with high levels of ambient noise, such as open offices or public spaces, where extraneous sounds can interfere with communication. By filtering out ambient noise, noise suppression helps participants concentrate on the conversation without interruptions. Advanced noise suppression models used by Azure Communication Services can manage various distracting noises, such as a dog barking and background conversations. For more information, see Tutorial: Add audio filters to improve the quality in your audio calling experience - An Azure Communication Services tutorial on how to enable advanced audio filters | Microsoft Learn Teams user interop calling Status: GA Azure Communication Services Calling applications can now directly call individual Microsoft Teams users. Those Teams users can be using Microsoft Teams or be an authenticated ACS Calling SDK endpoint. This feature makes Teams interoperability more complete; you can build custom ACS apps connecting people to: Individual Teams users Teams call queues and auto-attendants Teams meetings Business-2-consumer contact center and meeting applications can use these features to keep external customers in highly tailored websites and app experiences. Using this feature also keeps all employee and agent communication activity in a single hub: Teams. For more information, see Capabilities for Microsoft Teams users in Azure Communication Services calls. Native UI Library customization & accessibility Status: GA We have a suite of new features for the open source Calling Native UI Library that provide enhanced customization options and improved accessibility for developers building communication experiences on Android and iOS. Developers can use these APIs to make video calling better fit their brand identity, provide better user experiences, and ensure their services are accessible to a wider audience. Empowering Brands Change interface colors to match brand themes. Customize call title and subtitle for personalized interactions. Configure the button bar by adding, removing, or modifying action buttons to suit specific business workflows. Healthcare Providers: A telemedicine platform can now align its in-call interface with its brand colors, giving patients a familiar and trustworthy experience. Customizing the call title to display “Telemedicine Session” and adding subtitles like “Dr. Jane Doe” help ensure that patients know exactly whom they’re speaking with. Developers can further tailor the call interface by adding or removing buttons, such as a custom “End Consultation” button. Custom Workflows for Customer Support: Enterprises providing customer support through calling can now use customized buttons to streamline the user experience. For example, instead of a generic button layout, they can configure buttons like “Hold,” “Transfer to Supervisor,” or “Open Ticket” to match their specific operational workflows. This not only improves agent efficiency but also enhances customer satisfaction. Captions components Accessibility is a key consideration for businesses aiming to reach diverse audiences. Closed captions for Azure Communication Services and Teams interop calls can significantly enhance the communication experience for users with hearing impairments, or for situations where audio clarity may be compromised such as noisy environments. You are welcome to explore our tutorials to adjust colors, bar button layout, title and subtitle, and enable closed captions on your calls using the Calling Native UI Library. Native UI Library – Combined Call and Chat Status: GA The Call and Chat UI Library components are now available in GA for both Android and iOS. The Call and Chat UI Library samples provide ready-to-use code for using both Azure Communication Services call and chat functions. Customer Support Applications: Integrate real-time voice/video calls and chat to provide a seamless support experience for your customers. Using these samples, customer support teams can easily manage multiple conversations, record interactions, and provide live assistance; all while keeping a user-friendly experience. Telemedicine Platforms: Healthcare providers can leverage these samples to offer virtual consultations with real-time communication between doctors and patients. The call recording and chat history features ensure compliance and provide a clear record for follow-up care. Education Platforms: Create virtual classrooms with integrated video call and chat functions, enabling educators to engage with students in real time. Teachers can host live sessions while managing questions and discussions via chat for an enhanced learning experience. The Call and Chat UI Library Samples are available now: Android Sample iOS Sample Remote Mute VoIP participants Status: GA Conducting disruption free group meetings, virtual –appointments, and B2C engagements often require controls to manage noise from inattentive participants. A participant might be driving and speaking to their friends without realizing that their noise and conversation is being relayed to participants in the meeting. The ability to remotely mute a VoIP participant comes handy in such situations. It enables another participant to remotely mute one or more VoIP participants in the call. Participants who are muted can unmute themselves when they need to speak. The ability to remotely mute a participant is now generally available for Azure Communication Services calls with the following specific functions: A VoIP user remotely mutes all other VoIP participants in an Azure Communications Services Rooms and group calls using the following API: await call.muteAllRemoteParticipants(); A VoIP user remotely mutes one or several VoIP participants in an Azure communications services Rooms and group calls using the following API: await call.remoteParticipants[0].mute(); In Azure Communication Services Rooms calls, only VoIP users with “Presenter” role can mute other participants to avoid undesired remote mutes. When a local call participant is muted by another participant, it raises the mutedByOthers event. This event causes the client to notify the VoIP participant that they have been muted. For more information, please see: Manage calls - An Azure Communication Services how-to guide | Microsoft Learn Extended caller information Status: GA Incoming call notifications now include the caller line id (CLID) and calling party name (CNAM). This information can be used to identify the phone number of an incoming call. For more information, see CallerInfo interface and Manage Calls. const incomingCallHandler = async (args: { incomingCall: IncomingCall }) => { const incomingCall = args.incomingCall; // Get information about caller console.log(callerInfo.displayName); console.log(callerInfo.identifier); }; Service (back-end) APIs for Voice & Video Calling Call Automation and Rooms APIs for telephony enabled meetings Status: GA Developers use Azure Communication Services Rooms and Azure Communication Services Calling for a wide variety of scenarios: medical appointments, telebanking, virtual classrooms, and coaching. The Azure Communication Services Rooms API helps developers structure virtual meetings. The Azure Communication Services Call Automation APIs enables service applications to use REST APIs and server SDKs to answer phone calls, add VOIP users, or otherwise control the Azure Communication Services Calling system. These two systems now work together to support advanced meeting scenarios. One new feature we’re introducing is PSTN dial out from Rooms. Developers can use Call Automation to ring external interpreters, social services representatives, and other professionals to join the meeting. You can use phone numbers leased directly from Azure or numbers you bring via Azure Direct Connect. Many other Call Automation features, such as bidirectional audio streaming, are also available in Rooms managed calls. For more information, see: Azure Communication Services Rooms overview - An Azure Communication Services concept document | Microsoft Learn. Improved bot-to-user voice interactions with APIs for barge-in, hold, transfer & more Status: GA In addition to server programmability of Rooms and troubleshooting improvements, we’ve also made an array of other improvements to Call Automation that allow for more powerful bots and interactive voice response (IVR). Hold/Unhold: Provide developers with the capability to play music while putting participants on hold through supported file formats of WAV and MP3. Play multiple audio files: We've enhanced our existing Play and Recognize APIs to support the ability for developers to provide multiple audio files, Text, and SSML inputs when requesting a Play or Recognize action. Play barge-in: Developers can now provide barge-in capability to the Play action, enabling you to interrupt a current prompt, such as hold music, with a new message such as wait time announcement. Play started event: We're also enabling a playStarted event to let developers know that a play prompt has started. VoIP to PSTN transfer: Developers can now transfer VoIP users to PSTN/SIP endpoints. For inbound PSTN calls, the call connection object now contains the PSTN number the user dialed to. To get started with Call Automation, see: Call Automation overview - An Azure Communication Services concept document | Microsoft Learn. Troubleshooting improvements for Call Automation Status: GA We've made improvements to help developers troubleshoot Call Automation. Now, you receive notifications if the CreateCall or Answer APIs fail asynchronously through the new CreateCallFailed and AnswerFailed events. Along with these events, we provide error codes for various participant leave and call end scenarios, helping you make informed decisions about what to do next. We've also revamped the error code documentation to offer better guidance for handling issues independently. In addition, you can now view Call Automation callback events in Azure metrics. For more information, see: Our updatedtroubleshooting guide for troubleshooting response codes. Our docs onhow to view Azure Communication Services Callback events via Azure Metrics. Call Recording Enhancements for Reliability Status: GA We have introduced new functionality within the Bring Your Own Storage(BYOS) for call recording. This enhancement now provides customers with the option to download their recordings and receive notifications if recording uploads to their storage fail due to misconfigurations. When the first attempt to upload to a customer’s blob storage fails, status and error codes are provided. These codes address common issues such as: Managed Identity not enabled Permissions not set up correctly Container does not exist Invalid container name or storage path These error messages aim to reduce the loss of recordings by providing timely notifications for manual action (such as direct download) and guiding customers to resolve configuration issues for BYOS. APIs for SMS & Email 10 Digit Long Code SMS Status: Public Preview We’re excited to announce the public preview launch of 10-digit long code (10DLC) SMS in Azure Communication Services, providing enterprises with a trusted and scalable messaging solution to connect with their customers efficiently and compliantly. What is 10DLC SMS? 10DLC SMS is a dedicated messaging channel designed for businesses to send messages using local phone numbers. 10DLC offers a unique, registered phone number for your business, enhancing trust and ensuring compliance with carrier regulations. Perfect for transactional alerts, promotional messages, and customer service, 10DLC ensures higher message deliverability while adhering to industry standards. Benefits of Using 10DLC SMS: Improved Deliverability: 10DLC ensures higher message deliverability compared to traditional long codes, making it an effective way to ensure your messages reach your customers. Local Presence: Using a local 10-digit number provides a more personal and trusted connection with your customers, increasing engagement and response rates. Cost-effective: 10DLC offers a more affordable option compared to short codes, providing businesses with an efficient and cost-effective way to send high-volume messages. Versatility: Perfect for various use cases, including transactional messages, customer support, promotions, and marketing campaigns. Documentation Links: SMS Concepts Apply for 10DLC numbers SMS FAQ Enhance email communication with inline attachments Status: Public Preview The Azure Communication Service email service now supports inline image attachments. Email communication is more than just text. It's about creating engaging and visually appealing messages that capture the recipient's attention. One way to engage email recipients is by using inline attachments, which enable you to embed images directly within the email body. Inline attachments are images or other media files that are embedded directly within the email content, rather than being sent as separate attachments. Inline attachments let the recipient view the images as part of the email body, enhancing the overall visual appeal and engagement. Using inline attachments Inline attachments are typically used for: Improved Engagement: Inline images can make your emails more visually appealing and engaging. Better Branding: Embedding your logo or other brand elements directly in the email can reinforce your brand identity. Enhanced User Experience: Inline images can help illustrate your message more effectively, making it easier for recipients to understand and act on your content. Benefits of using CID for inline attachments We use the HTML attribute content-ID (CID) to embed images directly into the email body. Using CID for inline attachments is considered the best approach for the following reasons: Reliability: CID embedding references the image data using a unique identifier, rather than embedding the data directly in the email body. CID embedding ensures that the images are reliably displayed across different email clients and platforms. Efficiency: CID enables you to attach the image to the email and reference it within the HTML content using the unique content-ID. This method is more efficient than base64 encoding, which can significantly increase the size of the email and affect deliverability. Compatibility: CID is supported by most email clients, ensuring that your inline images are displayed correctly for most recipients. Security: Using CID avoids the need to host images on external servers, which can pose security risks. Instead, the images are included as part of the email, reducing the risk of external content being blocked or flagged as suspicious. For more information, see: Using inline attachments Quickstart - Send email with attachments using Azure Communication Services Quickstart - Send email with inline attachments using Azure Communication Services Multiple custom domains per Azure Communication Services email resource Status: Public Preview Developers can now connect multiple custom domains with the same Azure Communication Services resource. This feature enables Developers to manage their Azure Communication Services resources more effectively to support various business applications or customers using different custom domains. Some scenarios where this feature is useful include: Messaging organizations that need to support multiple custom domains across several applications can use one Azure Communication Services resource to manage and support these applications, reducing resource management efforts. SaaS service providers can manage many customers with fewer Azure Communication Services resources. Note: We enable customers to link up to 100 custom domains to a single communication service resource. All Mail-From addresses configured under these custom domains are accessible for the communication service resource. You can only link verified custom domains. For more information on connecting verified domains, see: How to connect a verified email domain - An Azure Communication Services quick start guide | Microsoft Learn Support for customer provided Message-Id in email headers Status: Public Preview Azure Communication Services recently released an update that respects the customer provided unique message-ids in email headers. Many customers use their custom message-ids to monitor the entire lifecycle of the messages. Prior to this release, the Azure Communication Services platform generated a unique message-id for every request before delivery, requiring customers to map these message-ids within their applications. With the new release, if the custom message-ids provided by customers are unique, the Azure Communication Services platform doesn’t override them. This enhancement enables customers to directly correlate delivery analytics from the Azure Communication Services platform with their internal application analytics. Examples of customer use cases for custom message-ids include marketing campaigns and maintaining conversational context.Security Baseline for M365 Apps for enterprise v2412
Microsoft is pleased to announce the release of the recommended security configuration baseline settings for Microsoft 365 Apps for enterprise, version 2412. Please download the content from the Microsoft Security Compliance Toolkit, test the recommended configurations, and implement as appropriate. This baseline builds on the previous Office baseline we released June 2023. The highlights of this baseline include: Added a new setting to Microsoft Project around blocking macros from the internet The recommended settings in this security baseline correspond with the administrative templates version 5473, released on 10/10/2024. Deployment options for the baseline IT Admins can apply baseline settings in different ways. Depending on the method(s) chosen different registry keys will be written and they will be observed in order of precedence: Office cloud policies will override ADMX/Group Policies which will override end user settings in the Trust Center. Cloud policies may be deployed with the Office cloud policy service for policies in HKCU. Cloud policies apply to a user on any device accessing files in Office apps with their AAD account. In Office cloud policy service, you can create a filter for the Area column to display the current Security Baselines, and within each policy's context pane the recommended baseline setting is set by default. Learn more about Office cloud policy service. ADMX policies may be deployed with Microsoft Endpoint Manager (MEM) for both HKCU and HKLM policies. These settings are written to the same place as Group Policy, but managed from the cloud in MEM. There are two methods to create and deploy policy configurations: Administrative templates or the settings catalog. Group Policy may be deployed with on premise AD DS to deploy Group Policy Objects (GPO) to users and computers. The downloadable baseline package includes importable GPOs, a script to apply the GPOs to local policy, a script to import the GPOs into Active Directory Group Policy, updated custom administrative template (SecGuide.ADMX/L) file, all the recommended settings in spreadsheet form and a Policy Analyzer rules file. GPOs included in the baseline Most organizations can implement the baseline’s recommended settings without any problems. However, there are a few settings that will cause operational issues for some organizations. We've broken out related groups of such settings into their own GPOs to make it easier for organizations to add or remove these restrictions as a set. The local-policy script (Baseline-LocalInstall.ps1) offers command-line options to control whether these GPOs are installed. "MSFT Microsoft 365 Apps v2412" GPO set includes “Computer” and “User” GPOs that represent the “core” settings that should be trouble free, and each of these potentially challenging GPOs: “DDE Block - User” is a User Configuration GPO that blocks using DDE to search for existing DDE server processes or to start new ones. “Legacy File Block - User” is a User Configuration GPO that prevents Office applications from opening or saving legacy file formats. "Legacy JScript Block - Computer" disables the legacy JScript execution for websites in the Internet Zone and Restricted Sites Zone. “Require Macro Signing - User” is a User Configuration GPO that disables unsigned macros in each of the Office applications. Block macros from running in Office files from the internet Microsoft Project now supports a configurable setting to block macros from running in Office files from the internet. To maintain consistency across applications the security baseline will enforce the default of Enabled. If you have questions or issues, please let us know via the Security Baseline Community or this post.Introducing the Data-Bound Reference Layer in Azure Maps Visual for Power BI
The Data-Bound Reference Layer in Azure Maps for Power BIelevates map-based reporting by allowing users to visually explore, understand, and act on their data. This feature enables new possibilities for data analysts, business leaders, and decision-makers reliant on spatial insights.Resiliency Best Practices You Need For your Blob Storage Data
Maintaining Resiliency in Azure Blob Storage: A Guide to Best Practices Azure Blob Storage is a cornerstone of modern cloud storage, offering scalable and secure solutions for unstructured data. However, maintaining resiliency in Blob Storage requires careful planning and adherence to best practices. In this blog, I’ll share practical strategies to ensure your data remains available, secure, and recoverable under all circumstances. 1. Enable Soft Delete for Accidental Recovery (Most Important) Mistakes happen, but soft delete can be your safety net and. It allows you to recover deleted blobs within a specified retention period: Configure a soft delete retention period in Azure Storage. Regularly monitor your blob storage to ensure that critical data is not permanently removed by mistake. Enabling soft delete in Azure Blob Storage does not come with any additional cost for simply enabling the feature itself. However, it can potentially impact your storage costs because the deleted data is retained for the configured retention period, which means: The retained data contributes to the total storage consumption during the retention period. You will be charged according to the pricing tier of the data (Hot, Cool, or Archive) for the duration of retention 2. Utilize Geo-Redundant Storage (GRS) Geo-redundancy ensures your data is replicated across regions to protect against regional failures: Choose RA-GRS (Read-Access Geo-Redundant Storage) for read access to secondary replicas in the event of a primary region outage. Assess your workload’s RPO (Recovery Point Objective) and RTO (Recovery Time Objective) needs to select the appropriate redundancy. 3. Implement Lifecycle Management Policies Efficient storage management reduces costs and ensures long-term data availability: Set up lifecycle policies to transition data between hot, cool, and archive tiers based on usage. Automatically delete expired blobs to save on costs while keeping your storage organized. 4. Secure Your Data with Encryption and Access Controls Resiliency is incomplete without robust security. Protect your blobs using: Encryption at Rest: Azure automatically encrypts data using server-side encryption (SSE). Consider enabling customer-managed keys for additional control. Access Policies: Implement Shared Access Signatures (SAS) and Stored Access Policies to restrict access and enforce expiration dates. 5. Monitor and Alert for Anomalies Stay proactive by leveraging Azure’s monitoring capabilities: Use Azure Monitor and Log Analytics to track storage performance and usage patterns. Set up alerts for unusual activities, such as sudden spikes in access or deletions, to detect potential issues early. 6. Plan for Disaster Recovery Ensure your data remains accessible even during critical failures: Create snapshots of critical blobs for point-in-time recovery. Enable backup for blog & have the immutability feature enabled Test your recovery process regularly to ensure it meets your operational requirements. 7. Resource lock Adding Azure Locks to your Blob Storage account provides an additional layer of protection by preventing accidental deletion or modification of critical resources 7. Educate and Train Your Team Operational resilience often hinges on user awareness: Conduct regular training sessions on Blob Storage best practices. Document and share a clear data recovery and management protocol with all stakeholders. 8. "Critical Tip: Do Not Create New Containers with Deleted Names During Recovery" If a container or blob storage is deleted for any reason and recovery is being attempted, it’s crucial not to create a new container with the same name immediately. Doing so can significantly hinder the recovery process by overwriting backend pointers, which are essential for restoring the deleted data. Always ensure that no new containers are created using the same name during the recovery attempt to maximize the chances of successful restoration. Wrapping It Up Azure Blob Storage offers an exceptional platform for scalable and secure storage, but its resiliency depends on following best practices. By enabling features like soft delete, implementing redundancy, securing data, and proactively monitoring your storage environment, you can ensure that your data is resilient to failures and recoverable in any scenario. Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn Data redundancy - Azure Storage | Microsoft Learn Overview of Azure Blobs backup - Azure Backup | Microsoft Learn Protect your Azure resources with a lock - Azure Resource Manager | Microsoft Learn
