Notifications from Yammer communities are now available in Microsoft Teams

by Contributed | Jan 21, 2021 | Technology

This article is contributed. See the original author and article here.

Today we’re announcing the rollout of notifications from Yammer communities in Microsoft Teams. With millions of employees working remotely or in hybrid environments, it’s more important than ever for employees to feel connected. Teams makes it easier to collaborate with others, create workspaces, chat, meet virtually with others, and integrate your business solutions all from a single platform. But many conversations extend beyond your workgroups and departments, linking employees who may have never met or have never worked together. These types of engagements are happening in communities. Last year, we released the Communities app for Microsoft Teams, brings all of your Yammer communities and conversations into Teams. Today, we are excited to take that integration to the next level.

Get Yammer Communities notifications in Teams
Stay up to date with notifications coming from your Yammer communities while in Teams. Once installed, you will receive Yammer notifications in the Teams Activity feed on web, desktop, and mobile.

This means that you can be notified in Teams for high-value scenarios—when announcements are made in communities that you are a member of, and when you are @mentioned in a conversation. You can then like read, respond to the post and react with our new inclusive reactions without leaving Teams.

Take corporate communications to the next level
The Communities app in Teams brings a platform for your communities and employees to thrive. Communicators and leaders can now use these notifications and other scenarios in Yammer to keep everyone connected and informed of news and updates by sending push notifications that reach all the way to the lock screen on mobile devices, and new insights offer deep insights and feedback into engagement happening on those communications. Perfect for:

• Large scale announcements such as policy updates, safety information, and organizational change


• Frontline workers and mobile employees who need to access important information and conversations with headquarters from mobile devices


• Employee communities that span departments such as new employee onboarding, and diversity & inclusion communities


• Functional communities that connect people to crowdsource solutions, ideate, and share with coworkers (example: hackathons, events, kickoffs)

Notifications from Yammer communities are now available in the Teams mobile app

If you’re new to Communities, here’s how you can use Yammer with Microsoft Teams to keep everyone connected.

https://cdn.techcommunity.microsoft.com/assets/MicrosoftTeams/Yammer%20in%20Teams.pdf

Install the Communities app in Teams
Any user can install the Communities app using the options in the Teams app bar (see below) and pin it in just a few clicks. IT Admins can also choose to deploy and pin the app for all users or particular departments through custom policies.

Install the Communities app, powered by Yammer, from the app store in Microsoft Teams.

Better together
We’re continuing to deepen the integration of communities and teams to help organizations achieve more. Recently, we’ve added Search to the web, desktop, and mobile apps so you can find and discover community conversations without leaving Teams. We’ve also updated the Yammer channel tab to inherit the styling and functionality of the new Yammer. Users will automatically see this change with no action required from them.

Stay tuned as we’ll have more news to share soon!

Murali Sitaram
Murali is the Vice President of Yammer and Office 365 Groups.

Focus on what matters with AI in To Do

by Contributed | Jan 21, 2021 | Technology

This article is contributed. See the original author and article here.

Plan your day better with intelligent task suggestions.

A well-formed daily plan can do wonders to boost your productivity and help you end each day on a high note. The My Day list in To Do gives you a blank slate to plan your day.
 

We’re committed to making your daily planning experience better and have introduced intelligent task suggestions in My Day on To Do’s web application so you can focus on tasks that matter to you. We use AI to identify tasks that seem important, suggesting them based on keywords. These suggestions also include tasks that have deadlines and tasks you starred :star:.

Try the feature now!

Head to To Do web application and select the My Day list. We’ve added a new section, Tasks that seem important, in the suggestions pane :light_bulb:. It can help you identify tasks to add to your My Day list so you can focus on getting things done. If a suggestion isn’t relevant to you, just select more options > This isn’t relevant to me.

We’ll show up to seven tasks we identify as most relevant to you in this section. It’ll update as you add new tasks or edit existing ones. Your urgent tasks, like ones due today or tomorrow or the ones that are overdue, will show up here. All other tasks with due dates will continue to show up in the Later and Earlier sections of the suggestions pane.

The feature is currently available on the To Do web application and only for To Do in English.

Note: Tasks assigned to you in Microsoft Planner show up in To Do’s Assigned to you list, but these tasks currently aren’t suggested in the Tasks that seem important section.

We hope that AI-powered task suggestions help you stay focused on your key tasks. We’d love to hear your feedback. Let us know in the comments below or over on Twitter and Facebook. You can also write to us at todofeedback@microsoft.com.

Microsoft Defender for Endpoint, Adding Tags for multiple devices from CSV list

by Contributed | Jan 21, 2021 | Technology

This article is contributed. See the original author and article here.

                                                                                                         Bruno Gabrielli and Tan Tran 

Related to Microsoft Defender for Endpoint, recently we got a request from a customer to create the Defender group of tool devices running Windows 10 Operating Systems. This device group later will be assigned with no-remediation policy. Customer has wanted all the devices which are members of this group, will be audited and alerted about threats by Defender Service only, there should be no action such as quarantine or removal of files on the critical devices which were used to control tool in operation rooms.

The task is easy, just need to create a device group based on the device tags, for example, I use the tag name “OP-Tool” and make a dynamic group based on tag name of OP-Tool:

There is a good techblog article about scoping devices based on tags by Steve Newby (Microsoft).

The question is, how could we tag each of the Defender Endpoint Device with the “OP-tool” label?

We need to do the task on tens of thousands of devices programmatically.

As you already knew it, there are a few ways to tag a device, you could tag it manually by Defender Portal under device and manage tag or by Windows Regedit.exe and modifying the device ‘s registry key. Another method is using the Endpoint MDM Configuration Profile with a custom OMA-URI, or by using Defender portal with the API Explorer feature. We could also make device tags easily by using Microsoft Flow. One of Customer preferred way  is tagging device by running PowerShell script with API access to Defender Service data source.

Let us go through the options mentioned above.

1. Using Registry key to tag devices:

For device tagging purpose, you could create the registry key named “DeviceTagging” based on Microsoft document. The key path and value is as follows:

HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftWindows Advanced Threat ProtectionDeviceTagging

Key name: Group     Value: YourTagName

• You could make a script to generate registry key and deploy it by SCCM or GPO  as usual.


• To do advanced hunting query for all the devices with the same tag names:

DeviceInfo

|where DeviceName contains “fc-cl01”

|where Timestamp > ago(1h)

|where RegistryDeviceTag contains “NewOP-Tool”

|project Timestamp, DeviceName, RegistryDeviceTag, OSPlatform, LoggedOnUsers, MachineGroup

Query Result:

• There are a few limitations:


• Only one Tag name is allowed due to the REG_SZ string type. This limitation could be overcome by the API PowerShell Scripting method on which we will discuss later as an alternative option.


• Tag name should be less than 200 characters.


• Device Tag Name is only synchronized once per day, to apply change and synchronization to Defender for Endpoint Portal, you will need to restart the device and wait for 15-30 minutes for device to appear in Defender portalDevice Inventory as shown here:

2. Using Endpoint Manager Configuration Profile to tag devices.

• Create the Custom OMA-URI:                  ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/DeviceTagging/Group

• Assign the profile to Endpoint Manager Group.

3.Using Microsoft Defender for Endpoint API Explorer to tag devices.

Let us start with a simple command in API explorer:

• Go to securitycenter.windows.com, the defender for Endpoint Portal,


• From the left navigation menu, select Partners & APIs > API Explorer.

To add/remove tag by API explorer:

You just need to run the post command as shown here and replace the device ID with your device ID.

• To remove a tag

• To add a tag

Run Post command: 

 Result shown in the Device blade:

• To get the list of device ID with Tag:

Run Get command:

https://api-us.securitycenter.windows.com/api/machines?$select=id, computerDnsName,Machinetags

4. Using  Script to tag devices:

Antonio Vasconcelos from Git Hub has provided us a script to connect to MD for Endpoint API and tag multiple devices in one shot:

# PLEASE NOTE THAT I TAKE NO RESPONSIBILITY ON THE RESULTS THIS SCRIPT MIGHT YIELD
# YOU SHOULD TEST IT AND MAKE SURE IT FITS YOUR NEEDS
# Author: Antonio Vasconcelos
# Twitter: anthonws
# Date/Version/Changelog:
# 2020-01-25 - 1.0 - First release
# Objective:
# Script that adds a specified Tag to machines in MDATP
# Input is expected to be a CSV file with 2 columns, one with "Name" and the other with "Tag". The first line are the headers. Break line for each new entry.
# MachineId is obtained via the ComputerDnsName, which should equate to the Host name or FQDN, depending on the type of machine join (WORKGROUP, Domain, etc.)

$tenantId = '000000000000000000000' ### Paste your own tenant ID here
$appId = '000000000000000000000' ### Paste your own app ID here
$appSecret = '000000000000000000000' ### Paste your own app keys here
$resourceAppIdUri = 'https://api.securitycenter.windows.com'
$oAuthUri = "https://login.windows.net/$TenantId/oauth2/token"
$authBody = [Ordered] @{
    resource = "$resourceAppIdUri"
    client_id = "$appId"
    client_secret = "$appSecret"
    grant_type = 'client_credentials'
}
$authResponse = Invoke-RestMethod -Method Post -Uri $oAuthUri -Body $authBody -ErrorAction Stop
$token = $authResponse.access_token
# Store auth token into header for future use
$headers = @{
        'Content-Type' = 'application/json'
        Accept = 'application/json'
        Authorization = "Bearer $token"
    }
# Clean variables
$Data = @();
$MachineName = $null;
$MachineTag = $null;
$MachineId = $null;
# CSV input file serialization 
$Data = Import-Csv -Path c:TempMDATPMachineList.csv
# Add Tag Block 
# Added timer to respect API call limits (100 per minute and 1500 per hour)
# Defaulting to the shortest limit, which is 1500 per hour, which equates to 25 calls per minute
# Introduced a 3 sleep at the beginning of every while iteration
# Iterate over the full array
$Data | foreach {
    Start-Sleep -Seconds 3
    $MachineName = $($_.Name);
    $MachineTag = $($_.Tag);
    # Obtain the MachineId from MDATP, based on the ComputerDnsName present in the CSV file
    $url = "https://api.securitycenter.windows.com/api/machines/$MachineName"  
    $webResponse = Invoke-RestMethod -Method Get -Uri $url -Headers $headers -ErrorAction Stop
    $MachineId = $webResponse.id;
    # Body content will carry the tag specified in the CSV file for the given machine
    $body = @{
      "Value"=$MachineTag;
      "Action"="Add";
    }
    # Add specified tag in CSV to the particular MachineId in MDATP
    $url = "https://api.securitycenter.windows.com/api/machines/$MachineId/tags" 
    $webResponse = Invoke-WebRequest -Method Post -Uri $url -Headers $headers -Body ($body|ConvertTo-Json) -ContentType "application/json" -ErrorAction Stop
    # Clean variables (sanity check)
    $MachineName = $null;
    $MachineTag = $null;
    $MachineId = $null;
}

Notes:

• Prerequisite: Before you can run the API script, you need to setup the App API and permissions in Azure AD for your “Microsoft Defender for Endpoint” App


• Register an API for your MD for Endpoint ( named Windows Defender ATP in Azure AD)

• Assign API permission for Microsoft Threat Protection


• Choose “API my organization uses”


• In the search box type WindowsDefenderATP as shown:

• Assign Application permission, Read and Write Machine Information:

• Grant Admin Consent  :

• Click Yes to confirm:

• In the script, you will need to replace the App ID number with your MDfE App ID, replace Tenant ID and App Secret Key accordingly. You could get them from Azure AD API Registration as shown here:

• Double click to open the related App.


• Copy the App ID and Tenant ID:

• Go to Certificates & secret, copy the secret key:

• You need to create machinelist.csv with all the devices needed to tag and their tag names, Multiple tags for the same device will need multiple rows.

       Sample of machinelist.csv:

Results after running PowerShell tagging script, multiple tags are added to the existing device tags as shown here:

5. Using Microsoft Flow to tag devices:

Tomer Brand from Microsoft show us how to easily tag multiple devices by Microsoft flow in the following techblog article:

• Automated machine tagging in just a few simple steps… – Microsoft Tech Community

I hope the information is helpful and save you some precious time when tagging Defender Devices.

Reference

• Add or Remove Machine Tags API – Windows security | Microsoft Docs


• Use Microsoft Defender for Endpoint APIs – Windows security | Microsoft Docs


• Support Tip: Getting Started with Microsoft Graph API – Microsoft Tech Community


• WDATP API “Hello World” (or using a simple PowerShell script to pull alerts via WDATP APIs) – Microsoft Tech Community


• Logic App Service | Microsoft Azure


• Create an app to access Microsoft Defender for Endpoint without a user – Windows security | Microsoft Docs


• Supported Microsoft Defender for Endpoint APIs – Windows security | Microsoft Docs


• Microsoft Defender ATP detections API fields – Windows security | Microsoft Docs


• Threat & Vulnerability Management APIs are now generally available – Microsoft Tech Community


• Raw data export: Announcing Microsoft Defender ATP Streaming API GA – Microsoft Tech Community


• Ticketing system integration – Alert update API – Microsoft Tech Community


• Support Tip: Getting Started with Microsoft Graph API – Microsoft Tech Community


• Access the Microsoft Defender Advanced Threat Protection APIs – Windows security | Microsoft Docs How to use tagging effectively (Part 1) – Microsoft Tech Community


• https://virtuallysober.com/2018/01/04/introduction-to-powershell-rest-api-authentication/

Disclaimer

The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.