User Profile
JonKilner
Brass Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Enable Sensitivity Labels for Containers - Learn Article Query
We have a QA and Production 365 tenant and are looking to enable sensitivity labels for containers. Checking the both tenants using: $Setting = Get-MgBetaDirectorySetting | where { $_.DisplayName -eq "Group.Unified"} $Setting.Values I can see that these labels have been enabled in QA and that Production shows that the labels are not yet enabled. Unfortunately, QA was enabled some time in the past. Rather than jumping straight into Production, I'd like to disable labels in QA and then reenable them. This will allow me to check the validity of the MSFT learn commands shown on : https://learn.microsoft.com/en-us/entra/identity/users/groups-assign-sensitivity-labels#enable-sensitivity-label-support-in-powershell The following article https://learn.microsoft.com/en-us/purview/sensitivity-labels-teams-groups-sites#how-to-disable-sensitivity-labels-for-containers has a section on how to disable labels for containers. However, it doesn't make sense to me. It states 'to disable the feature, in step 5, specify $setting["EnableMIPLabels"] = "False"'. I can't see how applying this command to step 5 does anything. Step 5 is about checking whether a change has been made, not making the change. Step 4 is where the setting change is made (set EnableMIPLabels to True). To me, the command to run would be: $params = @{ Values = @( @{ Name = "EnableMIPLabels" Value = "False" } ) } Update-MgBetaDirectorySetting -DirectorySettingId $Setting.Id -BodyParameter $params What are people thoughts. I'm calling the process into questions as Step 3 also doesn't work as the article suggests. If I run $grpUnifiedSetting = Get-MgBetaDirectorySetting -Search DisplayName:"Group.Unified" in QA, where I know the setting is enabled, nothing happens. The article says if nothing happens, then labels haven't been enabled, which I know is incorrect. (for me the above command doesn't do anything, only set a variable to contain a value.Re: Microsoft Forms and Sensitivity Labels
Thanks for replying DingkunXie Could you explain how MS Forms integrates with sensitivity labels for containers and sites (as per https://learn.microsoft.com/en-us/purview/sensitivity-labels-teams-groups-sites#support-for-sensitivity-labels:~:text=iOS%2C%20and%20Android-,Forms,-Stream)1.4KViews0likes1CommentMicrosoft Forms and Sensitivity Labels
We're looking to implement Sensitivity Labels in files, emails, groups and containers. We have setup some new labels and targeted them to test users. As part of this testing we're looking to understand the impact labels have on the various 365 applications. I've found the following article the says Microsoft Forms supports sensitivity labels for sites and groups: https://learn.microsoft.com/en-us/purview/sensitivity-labels-teams-groups-sites#support-for-sensitivity-labels. However, I can't find out how you use labels in Forms. I've done a few internet searches and the only relevant result is this page from 2021 that states labels aren't supported: classification: General : highly confidential option in Forms - Microsoft Community Hub Can anyone point me in the direction of articles or learn pages that shows how to use sensitivity labels in Forms.1.6KViews0likes3CommentsCopilot with Safe Search through DNS CNAME
Good afternoon, We're looking at implementing Copilot and was looking over the MSFT Learn page. The Manage section references 'Prevent use of Copilot without commercial data protection: Update your DNS configuration by setting the DNS entry for http://www.bing.com to be a CNAME for nochat.bing.com' However, within the FAQ section it talks about Copilot working with safe search if you've implemented proxy redirection https://learn.microsoft.com/en-us/copilot/faq#:~:text=If%20my%20company%20blocked%20access%20to%20adult%20content%20by%20implementing%20SafeSearch%20with%20a%20proxy%20redirect%2C%20will%20Copilot%20still%20be%20accessible%20to%20users%20in%20my%20organization%3F . With the subsequent link to https://support.microsoft.com/en-au/topic/blocking-adult-content-with-safesearch-or-blocking-chat-946059ed-992b-46a0-944a-28e8fb8f1814 saying ' If you want to guarantee Chat is turned off for all users on your network plus all users are set to strict SafeSearch, in our router or proxy server map http://www.bing.com to nochatstrict.bing.com.' We want to block access to Copilot for all unlicensed users and force all licensed users to use Copilot with commerical data protection. We also want to ensure all users have Bing SafeSearch enabled. If we use DNS to redirect http://www.bing.com to nochatstrict.bing.com, will we achieve our goals? The articles I've referenced don't seem to directly answer the question and the way I'm reading the them, they seem to conflict each other.KQL to report on user login duration
We are seeing an issue with login delays for users, whereby it sometimes takes many minutes for a user to be presented with a desktop. As part of troubleshooting this issue, I'd like to create a KQL query that will generate data showing the amount of time that passes from a user clicking the relevant hostpool icon to getting to a desktop. Reading the following MS article https://learn.microsoft.com/en-us/azure/virtual-desktop/insights-glossary I've gained some understanding on the logon stages and how information is logged. Amending scripts I've found on the web, I'm able to generate a report which shows login times : WVDConnections | where Type =~"WVDConnections" and State =~ "Started" | project SessionHostName , UserName ,CorrelationId, TimeLogonStarted=TimeGenerated | join kind = leftsemi ( // Only include connections that actually reached the host to prevent short (failed) attempts from skewing the data WVDCheckpoints | where Source == "RDStack" and Name == "RdpStackConnectionEstablished" ) on CorrelationId | join kind= leftouter ( WVDCheckpoints ) on CorrelationId | extend DurationFromLogon=datetime_diff("Second",TimeGenerated, TimeLogonStarted) | where Name=~"ShellReady" // exclude diviations where ShellReady occurs at start of WVDCheckPoints and TimeGenerated > TimeLogonStarted | project UserName, SessionHost=SessionHostName, TimeLogonStarted, TimeLogonEnded=TimeGenerated, DurationFromLogon | order by SessionHost, TimeLogonEnded desc Within AVD Monitoring, under the Connection Performance section of Insights, there is a section for the Top 20 instances of highest time to connect. I've amended the KQL of this to show all connection times within a time period: let newSessions = {NewSessions}; WVDConnections | where _ResourceId =~ "{HostPool}" | as ConnectionData | where State == "Started" | where TimeGenerated {timedrilldown} | join kind = leftsemi ( // Only include connections that actually reached the host to prevent short (failed) attempts from skewing the data WVDCheckpoints | where Source == "RDStack" and Name == "RdpStackConnectionEstablished" and _ResourceId =~ "{HostPool}" ) on CorrelationId | join kind=leftsemi // remove connections that do not have LogonDelay as we cannot show details ( WVDCheckpoints | where _ResourceId =~ "{HostPool}" and Name == "LogonDelay" | extend LogonType = tostring(Parameters.LogonType) | where (newSessions and LogonType == "DirectSession") or (not(newSessions) and LogonType =="TemporarySession") | project LogonDelay= TimeGenerated, CorrelationId ) on CorrelationId | join kind = leftsemi ( WVDCheckpoints | where _ResourceId =~ "{HostPool}" | where Name == "LoadBalancedNewConnection" | extend LoadBalanceOutcome=Parameters.LoadBalanceOutcome | where (newSessions and LoadBalanceOutcome == "NewSession") or (not(newSessions) and LoadBalanceOutcome in ('Disconnected', 'Active')) ) on CorrelationId | join kind = inner ( WVDCheckpoints // new session | where newSessions | where _ResourceId =~ "{HostPool}" | where Name =~ "ShellReady" or ( Name =~ "LaunchExecutable" and Parameters.connectionStage == "RdpShellAppExecuted" or Name=~"RdpShellAppExecuted") | project ProductiveTime=TimeGenerated, CorrelationId | summarize ProductiveTime=min(ProductiveTime) by CorrelationId | union ( ConnectionData // existent Sessions | where not(newSessions) | where State == "Connected" | project ProductiveTime=TimeGenerated, CorrelationId ) ) on CorrelationId | join kind = leftouter ( WVDCheckpoints | where _ResourceId =~ "{HostPool}" | where Name =~ "OnCredentialsAcquisitionCompleted" | project CorrelationId, credaquire = Parameters.DurationMS //OnCredentialsAcquisitionCompleted 2021-09-13T16:48:50.4440000Z Client {"CredentialType":"SavedPassword","DurationMS":"9","Success":"True"} ) on CorrelationId | join kind = leftouter ( WVDCheckpoints | where _ResourceId =~ "{HostPool}" | where Name =~ "SSOTokenRetrieval" | project CorrelationId, ssotokeretrieval = Parameters.DurationMS ) on CorrelationId | extend ProductiveTime = (ProductiveTime - TimeGenerated) / 1s - (coalesce(credaquire,0)/1000) - (coalesce(ssotokeretrieval,0)/1000) | where ProductiveTime > 0 | project UserName, TimeGenerated, Hostname = trim_end("[.].*", SessionHostName), ProductiveTime, CorrelationId | order by TimeGenerated However, reviewing the data generated by the above queries, there are inconsistencies between the data that is returned. For example, the first KQL query will return user logins that are not shown in the AVD Insights KQL. Could anyone advise on why this may be, or perhaps someone has some KQL that achieves my aim?3.6KViews0likes2Comments
Recent Blog Articles
No content to show