by Contributed | Mar 26, 2021 | Technology
This article is contributed. See the original author and article here.
One common characteristic of recent attacks is the attempt to evade detection by using different techniques. To evade security software and analyst tools, some malware will enumerate the target system looking for certain running processes, loaded drivers, and registry keys, with the goal of disabling them. When using a Cloud Workload Protection Platform (CWPP) such as Azure Defender, you will have different levels of threat detections according to the plan that you are using. The available plans are:
There are some scenarios in which the alert that you are receiving in Azure Defender could be a false positive for your environment. If you want to avoid receiving that specific alert, you can create an alert suppression rule. Although the alert suppression is a feature that can be used to optimize your experience, it can also be used with malicious intent in case a user wants to evade detection. To create or delete alert suppression rules, you need to be Security admin or Subscription Owner. If you just need to view the rules, you need to be Security reader or Reader.
Hardening Alert Suppression Creation
If you don’t want to give full Security Admin access to an individual but you still want that individual to create suppression rules, you should create a custom Azure Role with only the necessary privilege to do that. To be able to create alert suppression rules, the user must have the following privilege:
In addition, you should also give Reader role privilege to allow the user to see the alert suppression rules that exist.
Tracking changes to suppression rules
After hardening the privilege to create suppression rules, you can start tracking changes. To do that, you will use Azure Activity Log. The operation that has the alert suppression creation is shown below:
You can open this operation and look at the JSON tab to obtain more details. You will see the name of the rule that was created or modified, as shown in the example below:
At this point you can also create a new Alert rule in Azure Activity Log using the New alert rule option in the summary tab, as shown below:
To learn more about how to create alerts using Azure Activity Log, read this article. If you are ingesting Azure Activity Log in Azure Sentinel, you can also create an incident based on this operation.
Reviewer
Tal Rosler, Program Manager
by Contributed | Mar 26, 2021 | Technology
This article is contributed. See the original author and article here.
Today, I worked on a very interesting case that our customer is facing the following error message connecting to Azure SQL DB and/or Azure Managed Instance “Connection is not available, request timed out after ..”.
Following, I would like to share with you my lessons learned about why and how this error message is fired in two different situations:
- All the connections in the Hikari pooling are in use.
- The session limit for the database has been reached.
In order to review these two things, I included the Hikari connection pooling based on this article: Improve Java application reliability with Azure SQL Database using JDBC and connection pooling. – Microsoft Tech Community, and modifying the current Java code that you could find in this GitHub
My database is a standard 1 database that we have a session limit in 900. The first thing to probe my theory about the connection pooling is to configure setmaxiumpoolsize parameter to 50 and setCloseConnection to false to open this number of connections without closing any of them. In this situation, once I reached the connection number 51 I got the error message “Connection is not available”
public static void main(String[] args) throws Exception{
System.out.println("Testing connection JAVA! (Hikari)");
ErrorClientHikari oErrorClient = new ErrorClientHikari();
oErrorClient.setCloseConnection(false);
oErrorClient.setReadingSQLData(false);
oErrorClient.setTotalIteractions(30000);
oErrorClient.setSQLReadToExecute("SELECT count(*) Id FROM PerformanceVarcharNVarchar where TextToSearch =N'Value'");
oErrorClient.setSQLCommandTimeout(30000);
oErrorClient.setServerName("servername.database.windows.net");
oErrorClient.setDatabaseName("dbname");
oErrorClient.setUserName("username");
oErrorClient.setPassword("password");
oErrorClient.setMaximumPoolSize(50);
oErrorClient.setConnectionTimeout(5000);
oErrorClient.LoadData();
In this similar situation, I’m going to modify the setmaxiumpoolsize parameter to 1000 to know what happen when I reached more connections that the session limit of my Azure SQL Database Standard 1. At this time, I got the same error message: “Connection is not available, request timed out after..” so, that means, that both situations will report the same error message.
public static void main(String[] args) throws Exception{
System.out.println("Testing connection JAVA! (Hikari)");
ErrorClientHikari oErrorClient = new ErrorClientHikari();
oErrorClient.setCloseConnection(false);
oErrorClient.setReadingSQLData(false);
oErrorClient.setTotalIteractions(30000);
oErrorClient.setSQLReadToExecute("SELECT count(*) Id FROM PerformanceVarcharNVarchar where TextToSearch =N'Value'");
oErrorClient.setSQLCommandTimeout(30000);
oErrorClient.setServerName("servername.database.windows.net");
oErrorClient.setDatabaseName("dbname");
oErrorClient.setUserName("username");
oErrorClient.setPassword("password");
oErrorClient.setMaximumPoolSize(1000);
oErrorClient.setConnectionTimeout(5000);
oErrorClient.LoadData();
}
Enjoy!
by Contributed | Mar 26, 2021 | Technology
This article is contributed. See the original author and article here.
Which community project do you maintain?
PnPjs; Microsoft 365 learning pathways
How does it help people?
PnPjs:
PnPjs is a collection of fluent libraries for consuming SharePoint, Graph, and Office 365 REST APIs in a type-safe way. You can use it within SharePoint Framework, Nodejs, or any JavaScript project.
Microsoft 365 Learning Pathways:
Provides a framework to administer and surface in any site collection learning content from
– Microsoft content curated into playlists by Microsoft’s documentation team
– Custom content you build on your own in SharePoint and surface as playlists
– Content curated by third parties that you include as content packs
What have you been working on lately?
PnPjs: Planning V3 of the library.
Microsoft 365 learning pathways: We’ve recently brought the code base for the web parts to open source and a content update for Microsoft’s playlists was updated for Q1 – 2021.
What do you do at work?
As a member of a small consulting company my role is to try and stay on top of all things development related with Microsoft 365 platform. My favorite part of that task is working on client-side solutions but I also write a lot of integrations which utilize my C# chops.
Why are you a part of the M365 community?
Because contributing to the community and being part of the community lifts all boats. I try to help people and people try to help me succeed with this platform and these tools which is rewarding in many ways.
What was you first community contribution?
In sp-dev-solutions the Multilingual Pages solution: https://github.com/pnp/sp-dev-solutions/tree/master/solutions/MultilingualPages/SPFxExt
One tip for someone who’d like to start contributing
If you’re familiar with GitHub and working on a team, just read the contribution guidelines for the repo you want to contribute to. Should be all there is to it. If you have an idea for an enhancement submit an issue to the issues list to indicate, you’d like to work on a particular enhancement and ask for feedback that way you know that your enhancement idea is in line with how the maintainers envision the project evolving. If you’re not super familiar with GitHub and intimidated by the process, check out a Sharing is Caring event to get some guidance.
by Contributed | Mar 26, 2021 | Technology
This article is contributed. See the original author and article here.
SharePoint Framework Special Interest Group (SIG) bi-weekly community call recording from March 25th is now available from the Microsoft 365 Community YouTube channel at http://aka.ms/m365pnp-videos. You can use SharePoint Framework for building solutions for Microsoft Teams and for SharePoint Online.
Call summary:
Welcome Luise Freese | @LuiseFreese to the Sharing is Caring team and Joel Rodrigues | @JoelFMRodrigues who is a new maintainer on the Reusable SPFx Controls team. Register now for April trainings on Sharing-is-caring. SharePoint Framework v1.12 has been deprecated due to unexpected regressions. Discussion later in the call on SharePoint Framework v1.12.1 capabilities to be released shortly. Latest project updates include: PnPjs Client-Side Libraries v2.3.0 released and please provide feedback on v3.0 Hub planning and discussion issues posted – issue #1636. CLI for Microsoft 365 GA v3.7 delivered. Reusable SPFx React Controls – v2.6.0 and v3.0.0 (SPFx v1.12 support) and Reusable SPFx React Property Controls – v2.5.0 and v3.0.0 (SPFx v1.12 support) delivered. Released PnP SPFx Generator v1.16.0 (Angular 11 supported), PnP Modern Search v3.18.1 released March 9th and v4.1.0 released March 20th. There were six PnP SPFx web part samples delivered last 2 weeks. Great work! The host of this call is Patrick Rodgers (Microsoft) @mediocrebowler. Q&A takes place in chat throughout the call.
Actions:
Demos:
Building extension to save documents as PDF in tenant document libraries – updated list extension first created 2 years ago for converting one or more selected documents into pdfs using internal SharePoint REST APIs. 2 methods – Export (create) and Save As (download). Saves pdfs to current library. Step through the conversion and render code – copy entire document and metadata to blob, writes data into pdf. Tenant wide extension automatically created in App Catalog.
Sending messages to Microsoft Teams using Microsoft Graph from SharePoint Framework solution – a simple web part for sending a message from a SharePoint page to a recipient’s mailbox or into a Microsoft Teams chat using Microsoft Graph. Conversation elements include send email, my profile information, target user’s principal name, get chat ID (determines if existing chat or creates new). Uses Graph APIs, PnP People Picker, React hooks and code snippets in Graph Explorer.
Update:
Latest on SharePoint Framework – SPFx v1.12.1 includes additional functionality over v1.12 for creating complex Microsoft Teams solutions including SPFx elements. In addition to corrections to SPFx v1.12, v1.12.1 includes Node v12/v14 and Gulp support, more access to page structure, embed manifest configuration option, support for Teams meeting apps and for Microsoft Teams SDK v1.8. Post v1.12.1 – integration in Microsoft Viva Connections, Teams Development, Store, Communications and Quality improvements.
- No new or updated extensions last week
SPFx web part samples: (https://aka.ms/spfx-webparts)
As is the case this week, samples are often showcased in Demos. Thank you for your great work.
Agenda items:
Demos:
Update:
Resources:
Additional resources around the covered topics and links from the slides.
General Resources:
Other mentioned topics
Upcoming calls | Recurrent invites:
PnP SharePoint Framework Special Interest Group bi-weekly calls are targeted at anyone who is interested in the JavaScript-based development towards Microsoft Teams, SharePoint Online, and also on-premises. SIG calls are used for the following objectives.
- SharePoint Framework engineering update from Microsoft
- Talk about PnP JavaScript Core libraries
- Office 365 CLI Updates
- SPFx reusable controls
- PnP SPFx Yeoman generator
- Share code samples and best practices
- Possible engineering asks for the field – input, feedback, and suggestions
- Cover any open questions on the client-side development
- Demonstrate SharePoint Framework in practice in Microsoft Teams or SharePoint context
- You can download a recurrent invite from https://aka.ms/spdev-spfx-call. Welcome and join the discussion!
“Sharing is caring”
by Contributed | Mar 26, 2021 | Technology
This article is contributed. See the original author and article here.
Continuing our coverage on all things Azure, this week the team will be reporting on Expanding Microsoft’s DR scenarios to new zonal capabilities with Azure Site Recovery, Azure Security Center Regulatory Compliance dashboard, AzCopy currently in preview to import from GCP to Azure Block Blobs, Publishing VM Images from Shared Image Gallery to Azure Marketplace and an architectural focused Microsoft Learn module of the week.
Expanding DR scenarios to new zonal capabilities with Azure Site Recovery
Azure Site Recovery replicates workloads running on virtual and physical machines from a primary site to a secondary location so when an outage occurs at the primary site, failover to a secondary location occurs, and apps are then accessed from there.
With the zonal disaster recovery capability, Microsoft is making it possible to replicate and orchestrate the failover of applications in Azure across Azure Availability Zones within a given region. Zone to Zone disaster recovery options with Azure Site Recovery is on its way to being available in all regions with Azure Availability Zones (AZs). Availability Zones, fault-isolated locations within an Azure region, provide redundant power, cooling, and networking, allowing customers to run mission-critical applications with higher availability and fault tolerance to datacenter failures. Azure Availability Zones will be available in every country Microsoft Azure publicly operates in by the end of 2021.
Further details can be found here: Set up Site Recovery Zone to Zone Disaster Recovery
Microsoft Strengthens compliance story in Azure Security Center
Microsoft has recently launched many big upgrades to the compliance management experience in Azure Security Center, including Azure Security Benchmark integration with Secure Score, a new section for downloading audit certification reports, integration of shared responsibility model details into the product, and Workflow Automation functionality.
The Azure Security Center team is encouraging organizations to try out these new compliance capabilities in Azure Security Center, and are hoping for feedback. For more information on regulatory compliance in Security Center, check out this documentation:
AzCopy v10.9.0 now in public preview: import from GCP to Azure Block Blobs
Currently in preview, AzCopy v10.9.0 now supports importing from Google Cloud Platform (GCP) Storage to Microsoft Azure Storage Block Blob. This version will also have support for scanning logs that can have low or high output based on debugging needs. Tags will be preserved when copyng blobs and the list command will include Last Modified Time information.
If you are interested in utilizing this version of AzCopy, please follow the Getting Started guide.
Publishing VM Images from Shared Image Gallery to Azure Marketplace now Generally Available
Microsoft has now enabled the ablity to publish a VM Image in Shared Image Gallery (SIG) to Azure Marketplace. This capability simplifies image preparation, testing, and submission process as it is no longer required to extract vhds, upload them, and generate SAS URIs. With this capability, organizations can now manage the full image lifecycle within Azure. Simply create an image from the VM or a vhd into Shared Image Gallery,then select the SIG Image to publish it in Partner Center.
Learn more about publishing your VM image using Shared Image Gallery here.
Community Events
- Hello World – Special guests, content challenges, upcoming events, and daily updates
- Patch and Switch – Patch and Switch are back to share thier “from the trenches” stories
MS Learn Module of the Week
Architect migration, business continuity, and disaster recovery in Azure
Learn how to migrate resources to Azure, how to provide site recovery for your applications in Azure and on-premises, and how to your applications are available through service interruptions and changes in load.
Modules include:
- Design your migration to Azure
- Protect your on-premises infrastructure from disasters with Azure Site Recovery
- Protect your Azure infrastructure with Azure Site Recovery
- Protect your virtual machines by using Azure Backup
- Back up and restore your Azure SQL database
- Build a scalable application with virtual machine scale sets
- Dynamically meet changing web app performance requirements with autoscale rules
- Scale an App Service web app to efficiently meet demand with App Service scale up and scale out
- Design a geographically distributed application
Learn more here: Architect migration, business continuity, and disaster recovery in Azure
Let us know in the comments below if there are any news items you would like to see covered in the next show. Be sure to catch the next AzUpdate episode and join us in the live chat.
Recent Comments