Reconnect Series: Thierry Frache

Reconnect Series: Thierry Frache

This article is contributed. See the original author and article here.

Ready or not, it is time once more to Reconnect!

 

This week we are joined by none other than the experienced senior field engineer and MVP Windows Client from 2003 to 2008 Thierry Frache! Hailing from Montpellier in the south of France, Thierry currently works as a technical director in an IT services company.

 

Thierry counts more than 20 years of experience with Microsoft Consulting Services and Dell Consulting Services, as well as a background in Data Center, TMG, Virtualization, Microsoft Products and Servers. Moreover, Thierry previously served as leader of the French Microsoft Exchange Server Community.

 

Whether it is online or offline, Thierry says he likes to help others and expand knowledge. For example, Thierry regularly volunteers for the French organization Secours Populaire which fights poverty in discrimination in public life. 

 

Reconnect offers another opportunity to facilitate the exchanging of know-how, Thierry shares.

 

“I really like the idea of the Reconnect program because when I was an MVP, I felt like I was part of a team of experts. When you quit the program, it’s a bit like a separation and there is no more exchange with Microsoft or the other MVPs. With this program, it is an opportunity to find old comrades and to reconnect with our old contacts at Microsoft,” he says.

 

Meanwhile, Thierry only has the best of wishes for those joining the MVP program. In his native French, Thierry says to all program newcomers: “Profitez du moment, ne vous mettez pas la pression et soyez fiers d’arborer votre titre MVP!”

 

To read Thierry’s blogs, search for him on Microsoft Newsgroups.

 

Thierry FRACHE.png

Check out the Azure Stack Hub Partner Solution Video Series

This article is contributed. See the original author and article here.

Together with the Azure Stack Hub Team we are starting a journey to explore the ways our customers and partners use, deploy, manage, and build solutions on the Azure Stack Hub platform.  Together with the Tiberi Radu (Azure Stack Hub PM @rctibi), we created a new Azure Stack Hub Partner solution video series to show how our customers and partners use Azure Stack Hub in their Hybrid Cloud environment. In this series, as we will meet customers that are deploying Azure Stack Hub for their own internal departments, partners that run managed services on behalf of their customers, and a wide range of in-between as we look at how our various partners are using Azure Stack Hub to bring the power of the cloud on-premises.

 

You can start watching the first videos here:

  • The introduction of the Azure Stack Hub Partner Solutions Series
  • Our first episode introduces Eversource Energy – that built a hybrid solution across Azure and Azure Stack Hub, creating a consistent operational model and simplifying the deployment of workloads.
  • The second episode follows the journey of knowledgepark, akquinet, and BordonaroIT – partners that have built a SaaS-like service that is consumed by over 200 healthcare clients across their region
  • Join our Australian partner Byte as we explore how they are using the Azure Stack products to simplify operations, accelerate workload deployment, and enable the teams to focus on creating value rather than “keeping the lights on”.
  • Join our partner RFC in Tunisia, as we learn about their managed offerings, their partnerships with various ISVs, and how they’ve used Azure Stack Hub to accelerate Azure adoption

We will add new videos in the upcoming days and weeks.

I hope you enjoyed the series and hope you are looking forward to the next videos. If you have any questions, feel free to leave a comment.

Microsoft 365 & SharePoint PnP Weekly – Episode 93

Microsoft 365 & SharePoint PnP Weekly – Episode 93

This article is contributed. See the original author and article here.

pnp-weekly-episode-93.jpg

 

In this weekly discussion of latest news and topics around Microsoft 365, hosts – Vesa Juvonen (Microsoft), Waldek Mastykarz (Rencore), are joined by Ayça Baş, Cloud Advocate from Microsoft concentrating on Microsoft 365 extensibility based in Dubai, United Arab Emirates. 

 

After working as a Premier Field Engineer on many cloud migrations – Microsoft Teams leveraging Microsoft Graph on Azure deployments, Ayça’s developer advocate focus now is on content development, blogging and events/speaking, in which her real-world customer/developer engagement experiences form a solid foundation for her practical communications to the Microsoft 365 developer community. 

 

In this episode, 14 recently released articles from Microsoft and the PnP Community are highlighted.

 

This episode was recorded on Monday, August 24, 2020.

 


Did we miss your article? Please use #PnPWeekly hashtag in the Twitter for letting us know the content which you have created. 

 

As always, if you need help on an issue, want to share a discovery, or just want to say: “Job well done”, please reach out to Vesa, to Waldek or to your PnP Community.

 

Sharing is caring!

Improve remote learning with speech-enabled apps powered by Azure Cognitive Services

Improve remote learning with speech-enabled apps powered by Azure Cognitive Services

This article is contributed. See the original author and article here.

Improve remote learning with speech-enabled apps powered by Azure Cognitive Services

 

This post was co-authored by Melissa Ma, Yueying Liu, Anny Dow and Sheng Zhao  

 

Online learning has grown rapidly over the last couple of months as schools and organizations adapt to new ways of connecting and methods of education. Speech technology can play a significant role in making distance learning more engaging and accessible to students of all backgrounds. With Azure Cognitive Services, developers can quickly add speech capabilities to applications, bringing online learning to life.

 

Enhancing language fluency with pronunciation assessment

 

One key element in language learning is improving pronunciation skills. For new language learners, practicing pronunciation and getting timely feedback is essential to becoming a more fluent speaker. In the current environment, online language learning and the ability to practice anytime, anywhere, has become even more important.

 

At the Build conference in May, we announced the preview of the pronunciation assessment capability, powered by Speech to Text. 

 

The pronunciation assessment capability evaluates speech pronunciation and gives speakers feedback on the accuracy and fluency of spoken audio, allowing users to benefit from:

  • Highly accurate evaluations – Provides consistent and accurate evaluation results using a machine learning-based approach that correlates highly with speech assessments conducted by native experts. The pronunciation assessment model was trained with 100,000+ hours of speech data from native English speakers and is highly robust. It assesses three dimensions of pronunciation: accuracy, fluency and completeness. Pronunciation assessment can provide evaluations at multiple levels of granularity, returning accuracy scores for specific phonemes, words, sentences, or even whole articles.
  • Ability to account for inserted and omitted words – Enables rich configuration parameters to support flexibility in using the API. Using NLP techniques and EnableMiscue setting, pronunciation assessment can detect errors such as extra, missing, or repeated words—when compared to reference text—to assist in more accurate scoring. This is particularly useful for longer paragraphs of text.
  • Real-time streaming – Supports streaming upload on audio files for immediate feedback.

 

With pronunciation assessment, language learners can practice, get instant feedback, and improve their pronunciation. Online learning solution providers or educators can use the capability to evaluate pronunciation of multiple speakers in real-time. Pronunciation assessment currently supports the English language.

 

 

Educational organizations, like the Tomorrow Advancing Life (TAL) Education Group, are already building applications using pronunciation assessment to help students practice language learning remotely.

 

“Effectively and efficiently teaching accurate pronunciation to students of different levels is a big challenge, both in class and outside of class. The Speech service’s pronunciation assessment capability provides a powerful solution to address this challenge. We’ve been highly impressed by the robustness of pronunciation assessment and its ability to deal with noisy environments, and how well it correlates with pronunciation evaluations conducted by our teachers.”

Xiangyu Hu, AI Scientist of Tomorrow Advancing Life (TAL) Education Group  

 

Learn how you can get started with the pronunciation assessment using our tutorial video and download source code from Github to try out.

 

 

Developing interactive courses with Text to Speech

 

Another way that Speech technology can support better online learning experiences is through Text to Speech, a Speech service feature that converts text to lifelike speech. Educators can create interactive materials with highly expressive and humanlike voices using Neural Text to Speech (Neural TTS), now available in 36 voices with 31 languages. (Learn about our most recent languages here.)

 

With Neural TTS, developers can add natural-sounding voice to learning materials, for scenarios like slide narration. Neural TTS can also be used for reading aloud any content, facilitating new ways for students to interact with material as well as increasing accessibility for students with learning differences. Educational organizations can also use Neural TTS to create AI-powered virtual “teachers” that interact with students to make online courses more engaging.

 

Experience the Neural Voices with the new Edge browserExperience the Neural Voices with the new Edge browser

 

With the Custom Neural Voice capability, online learning solution providers can further create interactive learning experiences for their students in a voice that represents their brand, or develop unique voices for different characters. For example, Duolingo, one of the world’s most popular language learning apps, is creating unique voices for different characters used in the lessons.    

 

Using SSML or the Audio Content Creation tool, users can further finetune audio characteristics like voice style, rate, pitch, and pronunciation to fit their scenarios—no code required. Text to Speech also supports different speaking styles—like cheerfulness and empathy—making it easier to bring audiobooks to life. Recently we have just added 10 new voice styles, available in Chinese (Xiaoxiao voice) and will be expanded to other languages.

 

To learn more about Audio Content Creation, watch the video tutorial.

 

 

To learn more and get started adding speech to your educational applications, check out our resources below:

 

Pronunciation Assessment

Text to Speech

 

How To Block Azure VHD Download?

How To Block Azure VHD Download?

This article is contributed. See the original author and article here.

Abstract

Encryption of Azure VM disk is a vast topic and an important one. Especially if you are a bank then your info security team is going to run behind it. I have been working with few leading banks in India  and encryption of Azure VM disk is one of the longest discussed topic, I experienced in recent times.

 

While you encrypt the disk of Azure VM using either “Storage [Server] side encryption” or “Azure Disk Encryption”; security teams are always in fear of one question –

“What if someone downloads my VHD from Azure portal? How do I protect my data?”

 

Well this blog is an answer to above question! So Let us start with some background on encryption and understand why customers or security teams may ask to block the VHD download.

 

Why security team need to block VHD Download?

Encryption of Azure VM disk is possible in two ways –     

  1. Server Side Encryption
  2. Azure Disk Encryption

Server side encryption [a.k.a. Storage Side Encryption – hereafter referred as SSE] should suffice the organization security needs in most of the cases.

 

The most common question I have seen is below –

Question: If my Azure VM is encrypted using SSE and I download the VHD. Then using this VHD if we create a VM will it be encrypted and data on it will be non readable?

Answer: No. As soon as the data leaves the boundary of underlying storage, it is decrypted. Hence if you provision VM vhd or data disk vhd after download, the data will be readable.

 

Reference blog post mentioning this is here – https://www.sanganakauthority.com/2020/01/azure-vm-disk-encryption-storage-side.html.

 

This triggers the requirement of “why we want to restrict Azure VM VHD download?”.

 

This way customer organization can avoid Azure Disk Encryption using Bitlocker or DMCrypt [hereafter referred as ADE] and especially avoid complexities involved in the implementation and management. Here I am not saying ADE is bad. It is still best way to encrypt. However if customer is interested in avoiding operational overheads in ADE, then SSE is really handy.

 

If SSE is used then after download of Azure VM VHD, the data theft may not be avoided. Therefore it becomes necessary for extra sensitive data VHD’s; to block download from Azure portal completely.

 

How do I block Azure VM VHD download?

It would have been really easy if we can put up an “Azure Policy” at the subscription level to block the VHD download. Unfortunately there is no such policy inbuilt. We can build custom policy and I have already tried it.

 

Important aspect for policy is about having an “Action” in policy. However “Actions” in Azure policy is a legacy syntax and as of today it supports only “write” action.

 

For VHD download we will have to use “Action” equals to “Microsoft.Compute/disks/beginGetAccess/action” which is not a write action and hence we can’t achieve this using Azure policy. I think “Actions” suits better in RBAC section as they reflect permissions for users to execute certain action. Hence we will need to implement “block VHD download” using RBAC.

 

Implementing RBAC for restricting Azure VHD download

The download permissions on the Azure VM disk is assigned through RBAC setting “Microsoft.Compute/disks/beginGetAccess/action”. So if we restrict this access in an Azure custom role we should be able to achieve “restrict Azure VM disk download” option .

 

To define an Azure custom role it is always a good start to use any existing Azure built in role. For our requirement “Contributor” roles seems to be best fit. I found out contributor role as shown below from Azure portal. To create custom role with “VHD download deny” permission; clone this role as shown below –

 

Clone Azure built Role of ContributorClone Azure built Role of Contributor

 

On the basic information of Clone windows, enter information as shown below. “Custom role name” can be of your choice. Then click on Next.

Provide Basic information for creating custom roleProvide Basic information for creating custom role

 

You will see Permissions tab with first permission with “*”. Means Contributor role has almost all operations access on Azure portal. Except that Contributor can’t assign a role to any other user.

On the permissions tab itself we will need to “deny VHD download” option. Therefore on Permissions tab click on “Exclude Permissions” as shown below –

 

Click on Exclude PermissionsClick on Exclude Permissions

 

Then search for “disk” and select Compute resource provider as shown below –

 

Select ComputeSelect Compute

 

Under Microsoft.Compute permissions screen search for option “Other : Get Disk SAS URI” under Microsoft.Compute/disks as shown below. Select the checkbox against it and click on Add.

 

Other : Get Disk SAS URIOther : Get Disk SAS URI

 

After this you will see an action “Microsoft.Compute/disks/beginGetAccess/action” is added in NotAction as shown below –

 

Verify Other : Get Disk SAS URI check is successfulVerify Other : Get Disk SAS URI check is successful

 

Then click on “Review + Create” option and then click on “Create” to have this role created under your subscription. You can find this role as below to check if role addition is successful.

 

Verify if role is createdVerify if role is created

 

Then click on “add” to assign this custom role to a user of your choice.

 

Verifying of denying Azure VM VHD download

After successful role assignment, login to Azure portal with the user who has assigned the custom role. Open any Virtual Machine from the portal and go to Disks -> Click on OS disk Name. the click on “Disk Export” option and click on Generate URL button. This button actually generates the SAS URL which can be used to download Azure VM disk from Azure portal.

 

When we click on “Generate URL” button, you will find that download vhd is no more allowed as shown below –

 

VHD Download is restricted by RBAC roleVHD Download is restricted by RBAC role

 

This is how you can restrict Azure VM disk download from the Azure portal using custom RBAC.

Conclusion

Hope this post will help you to satisfy your security requirement and help you settle with SSE disk encryption.

If you are more interested to know about Azure Disk encryption frequently asked real world questions then visit here.