Shopping online? Know your retailer and your rights

Shopping online? Know your retailer and your rights

This article was originally posted by the FTC. See the original article here.

COVID opened the door for scammers to double down on their worst practices, while preying on consumers during an unprecedented global pandemic. That includes some bad actors who have been taking advantage of online shoppers in search of hard-to-find items like face masks and other personal protective equipment (PPE).

Today, the Federal Trade Commission filed a complaint against one of those bad actors. The Commission alleged that Frank Romero (doing business as Trend Deploy) failed to deliver advertised PPE on time — if at all. What’s more, Romero didn’t tell customers about shipping delays, offer order cancellations, or give refunds. And even worse, although consumers thought Romero was selling them N95 masks, in reality Romero sent them cloth masks that did not have the protective qualities he promised. This case is part of the FTC’s continuing effort to address “online shopping” fraud that seeks to exploit high demand for PPE and other COVID-related products.

When you shop online, sellers are supposed to ship your order within the time stated in their ads, or within 30 days if the ads don’t give a time. If a seller can’t ship within the promised time, it has to give you a revised shipping date, with the chance to either cancel your order for a full refund or accept the new shipping date.

So before you shop online, especially from an unfamiliar retailer, remember these three things:

1. Check out the company or product. Search online for the name plus terms like “review,” “complaint,” or “scam.” See what other people say about it. Read the seller’s description of the product carefully. If the seller has name-brand goods at steeply discounted prices, they might be fakes.

2. Look at the terms of the sale. Make note of the total price, including taxes, shipping, and handling; the expected delivery date; and policies for refunds, including who pays for return shipping and if there is a restocking fee.

3. Pay by credit card. You’ll get protections under federal law, so you don’t have to pay for things you ordered but didn’t get.

Remember, if you see a scam, or want to report a problem about online shopping, tell the FTC at ReportFraud.ftc.gov.

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.

What’s New in Microsoft Teams | June 2021

What’s New in Microsoft Teams | June 2021

This article is contributed. See the original author and article here.

Welcome to the June edition of What’s new in Teams. This was another month where we released several features to make Teams even more useful for you. We also announced several new innovations coming later this year to empower people and organizations to succeed as we transition to hybrid work. Please check out this blog post by Jared Spataro, Corporate Vice President for Microsoft 365.



Let’s get to all the features and innovations that are available this month!
Meetings and webinars
Calling
Devices
Chat and Collaboration
Management
Security, compliance, and privacy
Government


 


Meetings and webinars


Attendance Dashboard


After finishing a meeting or webinar, organizers can view an attendance report that helps you understanding how many registered vs. attended, who attended the meeting, and whether they engaged for all or part of the meeting. This is now embedded directly within the Teams UI for your reporting and analytics needs. Click on the Attendance tab in your Meeting Details to find the attendee dashboard. Learn more.


Attendance Dashboard.png


 


Follow up with webinar participants via Dynamics 365 Marketing
You are now able to follow up with webinar participants through the attendance tab after a webinar, if you as a webinar organizer have a Dynamics 365 Marketing license. From there, you can export your attendance data into Dynamics 365 Marketing, so you can create customer journeys and send personalized follow-up emails to your webinar attendees.



 


Lower all raised hands
When at least one hand is raised, meeting organizers and presenters can now lower all raised hands with a single click. Simply navigate to the participant pane and click on the Lower all hands option. This helps quickly lower all hands when associated questions have been resolved to make way for new raised questions. Learn more.


Lower All Raised Hands.png


 


Spotlighting multiple users in a meeting
Organizers and presenters can now spotlight up to 7 participants simultaneously during meetings. Previously, while an attendee can pin multiple participants for their own private view, only one participant can be spotlighted for all attendees. Once a single participant has been spotlighted, simply click on the context menu of your additional participant(s) and select Add Spotlight. For meetings that have multiple speakers or presenters, this is great to focus all attendees’ view on those specific video feeds. Feature is available in both Desktop and Mobile. Learn more.


Spotlight multiple users in a meeting.png


 


Chat bubbles
Chats sent during a Teams meeting now surface on the screens of all meeting participants, making the chat more central to the conversation. You no longer need to manually open the chat window within a meeting to see what participants are typing. This feature is on by default. To turn off this feature, select Don’t show chat bubbles under more actions.


Chat Bubbles.png



Inking and Laser Pointer in PowerPoint Live in Microsoft Teams
Virtual laser pointer and ink annotations are now available in PowerPoint Live. Presenters can engage more with their audience by drawing attention or clarifying certain sections of the PowerPoint deck. Just as you would use a physical laser point in a room, PowerPoint Live allows you to effectively point at different places in the presentation so the audience can easily follow along what’s on the slide. Only the active “in control” presenter is able to see and make annotations via the annotation toolbar. Learn more.



 


Updated Large gallery view on Teams mobile
When selecting Large gallery in meetings, we are introducing a mobile-optimized layout for Teams mobile users that allow you to swipe through all the participants in a meeting. With up to 10 participants per page on your screen, you can now see all participants clearly on your mobile device. This is available in iOS 13+ and Android OS 9+ or any version with more than 4GB RAM. All other devices continues to see the current Large gallery experience.


Large gallery view on Teams mobile.png


 


Include device audio when sharing on iOS and Android
Now you can include audio when sharing on iOS and Android devices during a Teams meeting. This is great when sharing a video with voiceover and music. It allows everyone to watch simultaneously without echoes or sync issues. You can find this setting under More actions, Share screen with audio. It is available to devices with Android 10+ or iOS 13+.


Include device audio when sharing.gif


 


Live Transcription with speaker attribution for additional licenses
Live transcription allows you to follow and review conversations (in English-US) alongside the meeting video or audio in real time. Attendees who joined late, or missed the meeting, can easily catch up by reading what was discussed and searching the transcript by speaker. This feature was initially available to users with Office 365/Microsoft 365 E3/E5, Microsoft 365 Business Standard, and Microsoft 365 Business Premium licenses. We are now expanding this feature to users with Office 365 E1, Office 365 A1, Office 365/Microsoft 365 A3/A5, Microsoft 365 F1, Office 365/Microsoft 365 F3, and Microsoft 365 Business Basic licenses. Learn more.



Large Gallery for VDI
The Large gallery feature is now available in Virtual Desktop Infrastructure (VDI). Now VDI users are able to expand their gallery, viewing up to 49 participants on the same screen during a Teams meeting.



Offer: Get Audio Conferencing for free
Join Microsoft Teams meetings on the go with a global dial-in number or dial out to help others join a meeting with Audio Conferencing. Eligible customers purchasing via partners1  and web1  can take advantage of our free Audio Conferencing offer now extended through December 31, 2021. Learn more.



Offer: Microsoft 365 Business Voice promotion
Business Voice is a cloud-based telephony solution built into Teams that combines essential telephony components into a single package. It is designed for businesses with up to 300 users and includes a phone system, audio conferencing and a domestic calling plan. Through December 31, 2021, customers can purchase Business Voice at a 25 percent discount for 12 months. Learn more.


 


Calling


1:1 PSTN Call Recording
We have changed how 1:1 Call recording is enabled. By creating its own policy, Administrators can now delineate recording configurations between meetings and calling. Previously, 1:1 Call recording has been controlled by the CsTeamsMeetingPolicy / AllowCloudRecording attribute. Now, it is controlled by the CsTeamsCallingPolicy / allowCloudRecordingForCalls attribute. This feature is only available via PowerShell.


 


Devices


Intelligent speakers for Teams Rooms
Intelligent speakers are designed for Teams Rooms and use Microsoft’s voice recognition technology to identify who is speaking and apply their name to the meeting transcript. This is great when you need to catch up on a meeting asynchronously and want to understand who said what during the meeting. The first two partners to launch intelligent speakers are EPOS and Yealink. Learn more about intelligent speakers for Teams Rooms and the speakers from our partners EPOS and Yealink.


EPOS and Yealink.jpg


 


Updates to Teams Rooms on Surface Hub
The updated Microsoft Teams Rooms on Surface Hub experience has been redesigned to bring favorite features from the desktop and Microsoft Teams Rooms into the meeting space. Purpose built for teams to meet and co-create, the new Teams Rooms on Surface Hub experience is rolling out in preview to the Windows Insider Program for Surface Hub. Learn how to enroll in the program here.


Updates to Teams Rooms on Surface Hub.png


 


Better together mode for calls on Teams phones and Teams displays
Better Together mode allows users to pair their PC with their Teams phone or display allowing for audio and video to be streamed on their Teams device and content to be viewed on their PC. This capability now extends to calls on the Teams phones and displays, enhancing a user’s experience and streamlining their communications.


 


Newly certified devices


Microsoft PC accessories certified for Teams
The first collection of hardware from Microsoft certified for Teams meetings and calling is now available for purchase. From a wired or wireless headset, speakerphone and web camera, there are more options at multiple price points for users to explore to enhance their collaboration experience. Lear more about the products in this video and get started using these devices today.


Newly certified devices.png


 


EPOS Adapt 200 headsets
The Adapt 200 series of headsets from EPOS are now certified for Teams; this series is lightweight, affordable and comfortable making it ideal for people working in any environment. Whether at home, on the go, or at an office, you are able to be heard through a noise cancelling microphone, and can connect to two devices through Bluetooth. Check out this series and more at http://aka.ms/Teamsdevices.


EPOS Adapt 200 headsets.png


 


HP Elite Slice G2 Partner Ready
The HP Elite Slice G2 Partner Ready is now available as part of a bundle solution with the Logitech Tap Controller for Microsoft Teams Rooms for small, medium and large meeting spaces with pre-installed drivers for the Logitech Tap Controller. Learn more.


HP Elite Slice G2 Partner Ready.png


 


Lenovo ThinkSmart Core Kits
ThinkSmart Core, Lenovo’s first modular room kit designed for flexibility and scalability in meeting spaces. It comes in two room kit configuration. TheThinkSmart Core + Controller is a kit for spaces with pre-existing audio-visual components certified for Teams and the ThinkSmart Core Full Room Kit that also adds the ThinkSmart Cam and ThinkSmart Bar. Learn more.


Lenovo ThinkSmart Core Kits.png


 


Logitech Rally Bar for Microsoft Teams Rooms on Android
Logitech Rally allows you to set up your medium-sized conference rooms with fewer cables and components. It delivers an all-in-one video conferencing experience, featuring an Ultra-HD 4K camera, automated pan and tilt with up to 15X HD zoom, and audio for midsize meeting rooms. Learn more about Logitech Rally Bar.


Logitech Rally Bar (1).png


 

Chat & Collaboration


Approval Templates
To streamline workflows, new out of the box templates provide a repeatable structure for common approvals like filling out expense reports or requesting overtime. Admins and team owners can use these as is, customize, or create new templates for their organization and teams to use. Use the structured form to input all the necessary information and eliminate back and forth on missing data for a faster approval. Learn more.



Access files offline on Android
The Teams mobile app on Android now allows you to access files even when you are offline or in bad network conditions. Simply select the files you need access to, and Teams will keep a downloaded version to use in your mobile app. You can find all your files that are available offline in the files section of the app. This feature was made available earlier this year for iOS.



Create tasks in Teams
Some messages result in follow-up actions. With this feature, you’ll be able to quickly create tasks right from any Microsoft Teams chat or channel conversation without having to switch apps or windows. To create a task, click the ellipses () in the pop-out menu, then select ‘More actions’ and choose ‘Create task’. Tasks created from Teams messages appears in the Tasks app for Teams. Learn more.


Create Tasks.gif


 


Rich previews for SharePoint pages and news articles
When you paste a SharePoint news article or page link in a Teams chat, it automatically converts into a rich display card highlighting page title, thumbnail image, author and publish date. Learn how to create and use SharePoint pages (and news).


The example “Microsoft Viva – learn the pitch and demos (level 200” SharePoint page URL, after pasting it to the bottom of this chat, renders a preview of the page graphic, title, author and publish date.The example “Microsoft Viva – learn the pitch and demos (level 200” SharePoint page URL, after pasting it to the bottom of this chat, renders a preview of the page graphic, title, author and publish date.


 


Customize branding for the Yammer Communities app for Microsoft Teams
Microsoft Teams admins can customize the branding for the Yammer Communities app for Microsoft Teams to suit their Yammer network with their preferred app logos, naming, accent color, and more. Learn more about the Communities app for Teams and how to customize it here.



MacOS native notifications in Teams
Users can now choose to deliver Microsoft Teams notifications, either via Teams built-in notifications or via macOS native notifications. When choosing native notifications, Teams inherits the OS notifications settings and supports quiet hours, action center triaging and more native features. This is only available on MacOS 10.15 or later. Learn more.


 


Management


App risk evaluation
Teams admins are now able to view the security, compliance, and data privacy details for apps coming from Microsoft Cloud App Security. This helps Teams admins save time on security reviews and enable a more focused selection-based security specifications, resulting in increased app quality. Learn more.



Device management automatic alerting in Teams Admin Center
The feature enable IT Admin to identify devices issues by triggering notifications on device problem and device health check status that can be turned into an immediate correction action, Learn more.


 


Security, compliance, and privacy


Security, compliance, and data protection capabilities for apps
For Microsoft 365 Certified Teams apps, admins can view security, compliance, and data protection capabilities in a new tab on the app’s detail page in the Teams Admin Center. This transparency gives Microsoft customers trust in the applications that run their organizations and ISVs an opportunity to showcase their hard work in becoming M365 Certified. Learn more about the Microsoft 365 App Compliance Program.


 


Government


These features currently available to Microsoft’s commercial customers in multi-tenant cloud environments are now rolling out to our customers in US Government Community Cloud (GCC), US Government Community Cloud High (GCC-High), and/or United States Department of Defense (DoD).



Together mode
Together mode reimagines meeting experiences to help participants feel closer together even when you are apart. We are excited to introduce Together mode scene selections to transport your team to a variety of settings. Choose a scene to set the tone and create a unique experience for your meeting, whether it be a smaller conference room meeting, or an all-hands meeting held in an outdoor amphitheater. Available in GCC and GCC-High.


TogetherMode.png


 


Updating settings for attendees’ video
There are three new ways that you can now manage your attendees’ camera. First, meeting attendees are able to turn their camera on or off to share video by default. You can also configure to have all attendees’ camera disabled by setting Enable camera for attendees to Off from the Meeting Options web page before the meeting. Next, once this new setting is turned Off, you can also reverse this setting during the meeting to allow all attendees to turn their camera on. Finally, you can also enable or disable the camera for individual attendees. Note that these settings do not automatically turn on attendees’ camera or affect presenters and meeting organizers. This feature aims to focus on attendees to prevent disruptions during a meeting and help create a safe meeting environment. Available in GCC. Learn more.



Assign the Presenter Role in Meeting
Meeting organizers can now assign one or more Presenters in their meetings with “Who can present?” meeting option. The Everyone option is selected by default; enabling everyone who joins the meeting with Presenter permissions and capabilities. During the meeting, the organizer and presenters can also change an individual participant’s role. This new setting helps ensure all meeting participants have appropriate roles. Available in GCC-High. Learn more.


Assign the Presenter Role in Meeting.png


 


Include computer sound when sharing on Mac
Mac desktop users can now include audio when sharing their desktop or window during a Teams meeting. This is great when sharing a video with voiceover and music. It allows everyone to watch simultaneously without echoes or sync issues. You can find this setting in the share content. Available in GCC. Learn more.


Include computer sound when sharing on Mac.png


 


Call Merge
Call Merge gives end users the capability to merge their active 1:1 call into another 1:1 or group call. For example, during a call with someone (or a group), you need to ask someone else a question. With this feature, you may add them directly into the first conversation seamlessly. This applies to Teams VOIP calls and PSTN calls. Available in GCC. Learn more.


Call Merge.png


 


Private channels
Enable users to create channels within existing teams that can be viewed and accessed only by select members of that team. With Private channels you can create focused spaces for collaboration, and right-size the channel participation and exposure to associated conversations and content without having to create discrete teams to limit visibility. Available in GCC-High and DoD. Learn more.



Approvals in Teams
Approvals in Microsoft Teams enables everyone, from frontline workers to corporate headquarters employees, to easily create, manage, and share approvals directly from your hub for teamwork. You can quickly start an approval flow from the same place you send a chat, in a channel conversation, or from the Approvals app itself. Just select an approval type, add details, attach files, and choose approvers. Once submitted, approvers are notified and can review and act on the request. Available in GCC. Learn more.


 


Tasks in Teams
Tasks in Teams gives you a new unified view of your personal and team tasks, powered by Planner and To Do. It consolidates your tasks across Microsoft To Do, Planner, and Outlook. Smart lists like Assigned to me, bring tasks together across different task lists, whether you’re on desktop or mobile. Available in GCC. Learn more.



Task publishing
Task publishing lets companies create tasks centrally and publish to targeted locations, specific store layouts, factory capabilities or other customizable attributes of your frontline teams.
Frontline managers can easily assign tasks to individual employees, while frontline workers can see a simple prioritized list of those tasks on their personal or company-issued mobile device. Available in GCC. Learn more.


Task Publishing.png


 


Praise
Praise helps workers show appreciation to peers and employees to improve job satisfaction and promote a positive work culture. Send a Praise badge from a selection of badge sets or create company branded badges to express a company’s unique values. Available in GCC. Learn more.


Praise.png


 


Out of Office
Set up a message to let others know you’re not working or on vacation so you’re not available to reply when they send a chat message. Your out of office status also syncs with Automatic Replies that are found in your Outlook calendar. Available in GCC-High and DoD.


Out of Office.png


 


Compliance capabilities for card content generated through apps in Teams messages
We recently extended Microsoft 365 compliance capabilities to content generated through Teams apps including support for legal hold, eDiscovery, audit, retention, and communication compliance. Available in GCC.



Teams Device Management
Our customers who have tenants in the GCCH environment can also manage their Teams devices from the Teams Admin Centre. Admins can now control the entire lifecycle of their Teams devices which include an increasing variety of supported device types – IP Phones, Collaboration bars, Teams displays, Teams Meeting Room devices. Available in GCC-High.


 








 

1 Get Audio Conferencing for free for 12 months. Available only for net new Audio Conferencing seats (defined as seats incremental to any existing seats as of August 1, 2020) for CSP or Web Direct customers with paid subscriptions that include Teams. Available now through December 31, 2021. Available worldwide with exceptions in China and India. The offer is subject to additional terms and conditions

Announcing two new Researcher Learning Paths

Announcing two new Researcher Learning Paths

This article is contributed. See the original author and article here.

We are pleased to announce two new Learning Paths available right now focused on Researchers. We have curated over 7 hours of content that will get you up and ready on Azure.


We want to hear from you. Make sure that you fill a quick survey so that we can ensure that the future learning paths we build are tailored for you.


Whether you need to get started from scratch or are only interested in more advanced topics, we’ve got everything you need to ensure you are productive as soon as possible. If you need to start from scratch let me introduce you to the first learning path.


MaximeRouiller_0-1624989575128.png


 


The Introduction to Cloud Computing for Researchers will get you introduced to the fundamentals of Azure and cloud computing. This learning path will go through how resources are grouped, storing data in Azure, and how to allocate computing resources to run workloads on.


MaximeRouiller_1-1624989575132.png


 


Then, if security and cost are more important to you, Cloud Security and Cost Management for Researchers is your next stop. You will learn how to secure your resources and your data as well as ensure that you are not exhausting all your Azure credits within the same day.


Don’t forget to fill this quick survey. Your feedback matters and future learning paths will be built based on that feedback. We want to hear from you. What can we do to empower you as a researcher?


Let us know!

The case of Azure AD Quota exhaustion

The case of Azure AD Quota exhaustion

This article is contributed. See the original author and article here.

Hello everyone, my name is Zoheb Shaikh and I’m a Solution Engineer working with Microsoft Mission Critical team (SfMC). Today I’ll share with you about an interesting issue related to Azure AD Quota limitation we came across recently. 


 


I had a customer who exhausted there AAD quota which put them at a significant health risk.


 


Before I share more details on this let’s try to understand what your organization AAD Quota could be and why does it even matter.


 


In simple words Azure AD has a defined quota of number of Directory objects/Resources that can be created and stored in AAD.


A maximum of 50,000 Azure AD resources can be created in a single tenant by users of the Free edition of Azure Active Directory by default. If you have at least one verified domain, the default Azure AD service quota for your organization is extended to 300,000 Azure AD resources. Azure AD service quota for organizations created by self-service sign-up remains 50,000 Azure AD resources even after you performed an internal admin takeover and the organization is converted to a managed tenant with at least one verified domain. This service limit is unrelated to the pricing tier limit of 500,000 resources on the Azure AD pricing page. To go beyond the default quota, you must contact Microsoft Support.


 


For information about AAD Quotas, see Service limits and restrictions – Azure Active Directory .


 


How to check your AAD Quota limit


 


Test this in Graph Explorer: https://developer.microsoft.com/en-us/graph/graph-explorer


Sign into Graph Explorer with your account that has access to the directory.


Run beta query (GET) https://graph.microsoft.com/beta/organization


ZohebShaikh_0-1624957696437.png


 


Now since you understand what AAD Quota is and how to view details let’s get back to the customer scenario and try to understand how AAD Quota affected them and what is in this for you to learn.


 


The customer was approximately a 100k Users organization using multiple Microsoft cloud related services like Teams, EXO, Azure IaaS, PaaS etc.


 


As a part of cloud modernization journey, they were doing a massive Rollout of Intune across the Organization post doing all the testing and PoC.


 


Our proactive monitoring and CXP teams did inform the customer that there Azure AD objects are increasing at an unusual speed, but the customer never estimated this could go beyond their AAD Quota.


 


One fine morning I got up with a call from our SfMC Critsit manager that my customer’s AAD Quota has exhausted and their AAD Connect is unable to Synchronize any new objects. As a part of Reactive arm of SfMC we got in a meeting with customer along with our Azure Rapid Response team to find what is the cause of the problem.


 


We decided on below approaches for the issue:



  1. Confirm AAD Quota exhaustion and what objects are consuming AAD Resources

  2. Remove stale objects from AAD.

  3. Reach out to Product Group asking for a Quota increase for this specific customer. 


 


How to check what objects are consuming AAD Quota limit


 


While I was engaged in this case, we did it the hard way (by exporting all registered objects in Excel and then using Pivot Tables to analyze) but now there is an easy way to do as described below:



  1. Login to Azure AD Admin Center (https://aad.portal.azure.com)

  2. In Azure AD Click on preview features (Presently)
    ZohebShaikh_1-1624957696449.png

     



  3. This will give you a nice overview of your Object Status of AAD
    ZohebShaikh_2-1624957696461.png


We created the below table to help us find what exactly is going on in the environment, in this we measured how many Objects are in total and how many were created in last few days.


 








































































Object



Count



New Count in last 24 hours



New Count in last 1 week



Users



                        #



#



#



Groups



#



#



#



Devices



#



#



#



Contacts



#



#



#



Applications



#



#



#



Deleted Applications



#



#



#



Service Principals



#



#



#



Roles



#



#



#



Extensionproperties



#



#



#



TOTAL



##



##



##



 


Not sharing numbers here but highlighting that we saw Devices consuming about 50 % of the AAD Object quota and increased in the last 24 hours to few thousands.


This output made us understand that thousands of devices are getting registered every day which has resulted in AAD Quota exhaustion.


 


Based on our analysis to come out of this situation we recommended the customer to delete stale devices that have not been used for more than 1 year. This itself enabled us to delete approximately 50k objects.


 


This 50k object deletion ensured that they are out of the critical situation giving them some breathing space to think and avoid this problem from reoccurring at least for the next couple of weeks till we figure out what exactly is going wrong.


 


Being part of the Microsoft Solution for Mission Critical team, we always go above and beyond to support our customers. The first step is always to quickly resolve the reactive issue, subsequently identify the Root Cause, and finally through our Proactive Delivery Methodology making sure this does not happen again.


 


We followed below approach to identify the root cause and ensure it will not happen again, below the steps:


 



  1. Configuring Alerts for validation and Quota exhaustion

    1. Daily alerts for Azure AD Object count

    2. Alerts in case AAD Object Quota limit is exhausted.




 



  1. More detailed review on the Root Cause of the issue.


  2. Creating a baseline for AAD Objects needed in the organization.

    1. Baseline to be created based on number of Objects in Organization (Users, computers etc.)

    2. What is the expected count?




  3. Increasing the Object Quota based on the baseline created if needed.


 


In the next sections we will go through each of the above actions for more explanation


 



  1. Configuring Alerts for validation and Quota exhaustion


Option#1 using Azure Automation.


We wanted to add alerts to ensure the customer is notified if they are nearing the limit. We achieved this by using Azure Automation as below with the help of my colleague Eddy Ng from Malaysia.


 


Below is the step-by-step process on how you can help achieve alerts post creating an Azure Automation account:



  • Create the credential in Credential vault. Click on the + sign, add a credential and input the information name. The credential must have the sufficient rights to connect to Azure AD and not have MFA prompt. The name used is important. It will be referenced from the script.


ZohebShaikh_3-1624957696465.png


 


 



  • Next Install Microsoft Graph Intune under the Modules Resources. Click on Browse Gallery, search for Microsoft.Graph.Intune. Click on the result and Import.


ZohebShaikh_4-1624957696470.png


 


ZohebShaikh_5-1624957696473.png


 


ZohebShaikh_6-1624957696474.png


 



We are recommending MS Graph PowerShell SDK going forward.



  • Go to Runbooks.


ZohebShaikh_7-1624957696477.png


 


 


Create a new Runbook. Give it a name.


Runbook type : Powershell


Paste the below code:


 


#get from credential vault the admin ID. Change “admin” accordingly to the credential vault name


$credObject = Get-AutomationPSCredential -Name admin


#initiate connection to Microsoft Graph


$connection = Connect-MSGraph -PSCredential $credObject


 


#setting up Graph API URL


$graphApiVersion = “beta”


$Resource = ‘organization?$select=directorysizequota’


$uri = “https://graph.microsoft.com/$graphApiVersion/$($Resource)”


#initiate query via Graph API


$data = Invoke-MSGraphRequest -url $uri


 


#get data and validate


#change the number 50000 accordingly


$maxsize = 50000


if ([int]($data.value.directorysizequota.used) -gt $maxsize)


{


    write-output “Directory Size : $($data.value.directorysizequota.used) is greater than $maxsize limit”


    Write-Error “Directory Size : $($data.value.directorysizequota.used) is greater than $maxsize limit”


    Write-Error ” ” -ErrorAction Stop   


}


else


{


    Write-Output “Directory Size : $($data.value.directorysizequota.used)”


}


     



  • Click Save and Publish

  • Click Link to Schedule


ZohebShaikh_8-1624957696479.png


 



  • Populate the schedule accordingly. For example, run daily at 12pm UTC.

  • Results from each run job can be found under Jobs.


ZohebShaikh_9-1624957696481.png


 



  • If above quota, the status will be failed as a result of the script -erroraction Stop.


ZohebShaikh_10-1624957696486.png


 


 



  • Setup Alerts to take advantage of this by creating New Alert Rule


ZohebShaikh_11-1624957696489.png


 


 



  • Click select condition. Signal name “Total Job”. Follow the below. Amend “MyRunbook” accordingly. When finished, click done


ZohebShaikh_12-1624957696495.png


 


 



  • Select Action Group. Create Action Group.

  • Populate info accordingly for Basics.

  • Populate info similar to below for Notifications.


 


ZohebShaikh_13-1624957696503.png


 


 



  • Click Review + Create

  • Once done, scroll below under Alert Rule Details, such as Name, Description and Severity.


ZohebShaikh_14-1624957696514.png


 


 



  • Create Alert Rule


Results: When the Directory Quota Size breached the limit, you will get an alert via email to the admins.


You can then proceed to click on the Runbook and select Jobs. Click on All Logs to see the error output for each individual job run.


If you wish to monitor the previous results in bulk, go to Logs and run this Kusto Query below. Scroll to the right for ResultDescription. Assumption is that the schedule is set to run daily. A limit of 50 will then be for the past 50 days.


AzureDiagnostics


| where StreamType_s == “Output”


| limit 50


 


 


ZohebShaikh_15-1624957696552.png


 


Option#2 Alternative way Configuring Alerts for validation and Quota exhaustion


While I was writing this blog, my colleague Alin Stanciu from Romania advised with probably better way to configure Alerts for Quota Exhaustion.


 


Replace the script in the Azure Automation account as below!


 


#get from credential vault the admin ID. Change “admin” accordingly to the credential vault name


$credObject = Get-AutomationPSCredential -Name ‘azalerts’


#initiate connection to Microsoft Graph


$connection = Connect-MSGraph -PSCredential $credObject


#setting up Graph API URL


$graphApiVersion = “beta”


$Resource = ‘organization?$select=directorysizequota’


$uri = “https://graph.microsoft.com/$graphApiVersion/$($Resource)”


#initiate query via Graph API


$data = Invoke-MSGraphRequest -url $uri


#get data and validate


$usedpercentage=(($data.value.directorysizequota.used/$data.value.directorysizequota.total)*100)


#if ($usedpercentage -gt $maxsize)


#{write-output “Directory Size : $($data.value.directorysizequota.used) is greater than 90 percent”}


#else


#{


Write-Output “Directory Size : $($data.value.directorysizequota.used) and percentage used is $($usedpercentage)”


#}


 


And you could use Azure Log Analytics to help Alert on Monitor as below


AzureDiagnostics


| where Category == “JobStreams”


| where ResourceId == “” // replace with resourceID of the Automation Account


| where StreamType_s == “Output”


| project TimeGenerated, ResultDescription, JobId_g


| parse ResultDescription with “Directory Size : ” [“Actual Size”] ” ” * “percentage used is ” [“Percentage used”]


| extend [‘Percentage used’] = toreal([‘Percentage used’])


| top 1 by TimeGenerated desc


| where [‘Percentage used’] > (0.1)


 


This can help you get an overview of percentage used


ZohebShaikh_16-1624957696646.png


 


Alert configuration using Log Analytics can be done as shown in below screenshots:


 


You could define the threshold when to be alerted


ZohebShaikh_17-1624957696715.png


 


2. More detailed review on the Root Cause of the issue


 


In this step we need to identify why so many devices are being registered every day.


 


We exported the list of all registered devices in AAD in excel and tried to filter based on what type of registrations they have had.


 


Thanks to Claudiu Dinisoara & Turgay Sahtiyan for helping create a nice dashboard in POWERBI based on these logs which helped us understand the Root Cause much better.


 


This dashboard helped us understand the type of Device registrations and the overall count across the years, we found that there has been a Significant increase in AAD Device registrations due to Intune Rollout across the organization.


 


ZohebShaikh_18-1624957696731.png


 


 


We checked with customer’s Intune support team, and they confirmed that this increase was expected.


 


3. Creating a baseline on number of AAD objects we can have:


 


The trickiest part on this issue was coming up with a baseline number for AAD Objects.


 


So, the customer had approximately 100k users and we came up with the below table for the baseline.


 


Please note that this number was unique to customer scenarios and discussions and it may differ for your organization.


 



















































Object



Count



Why this number



Users



105000



Total number of Production users are 100k and other 5000 users could be used for Administration, To be deleted users or Guest users.



Groups



60000



We felt 60k is a high number but they were using Groups extensively for Intune and other Policy management tasks, we recommended them to work on reducing this number in future.



Devices



200000



We assumed there will be 2 devices registered per user (Mobile & Laptop) and few stale devices.



Contacts



16000



These objects were already low, so we considered the present values as Baseline



Applications



1500



These objects were already low, so we considered the present values as Baseline



Service Principals



3000



These objects were already low, so we considered the present values as Baseline



Roles



100



These objects were already low, so we considered the present values as Baseline



TOTAL



385600



These objects were already low, so we considered the present values as Baseline



 


 


We compared the expected baseline with their Quota limit was 5,00,000 and came up with the strategy for cleanups and strategy to maintain the object counts as per baseline.


 


4. Increasing the Object Quota based on the baseline created if needed.


 


Their AAD Quota limit was 500,000 objects however our baseline indicated that they need to be around 400,000 objects.


 


 


Hope this helps,


Zoheb


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 


 

Enabling automation with Microsoft 365 Apps for enterprise

Enabling automation with Microsoft 365 Apps for enterprise

This article is contributed. See the original author and article here.

Robotic Process Automation (RPA), also known as unattended use, allows an organization to license certain account types that are designed to be used in process automation. 


 


There are two types of RPA: 



  1. Attended RPA – The collaboration between the user and the bot, which is also known as the Virtual Assistant. 

  2. Unattended RPA – The execution of tasks and interactions independent of the user. With unattended RPA, the bot can run automation on its own. 


Over the years organizations have used automation within Office apps, but the process always had to be done with volume license versions of Office due to licensing limitations and feasibility of an organization licensing RPA accounts. Microsoft 365 E3: Unattended License now enables IT admins to automate and use the same version/build of Office that their end users are running. Keep in mind that Office was developed with the end user in mind and not automation. Although this new license allows for amazing automation, we suggest you follow the considerations for RPA outlined here: https://aka.ms/unattendedofficeconsiderations


 


Requirements for using unattended RPA 


 


The following are the requirements for using unattended RPA with Microsoft 365 Apps for enterprise:



  • Microsoft 365 E3: Unattended License – Required on any account running an RPA unattended task. The account can be a user account, a system/service account, or a robot account.

  • Microsoft 365 Apps for enterprise, version 2009 or later.

  • RPA is currently only available for Office apps for Windows.


 


Enabling RPA scenarios 


 
If you want to enable RPA in Microsoft 365 Apps for enterprise, click here for step-by-step instructions. 


 


What does it look like? 


  


To validate if the Microsoft 365 E3: Unattended License is active from a Microsoft 365 App, navigate to File > Account. Here’s an example in the screen shot below: 


 


M365 Apps for enterprise Subscription Product.png


 


Another way to validate if the license is active is under, “%LocalAppData%MicrosoftOfficeLicenses5Unattended.”


 


If user is signed in, but there is no RPA entitlement (Unattended License) assigned or activated on the account, users may see the following message within their Microsoft 365 Apps: 


 


RPA license required screenshot.png


 


Assigning licenses to devices in Microsoft 365 admin center 


 


To deploy an Unattended License, you simply purchase the required number of Microsoft 365 licenses and assign the license to a user in the Microsoft 365 admin center. To enable this functionality on a device, use the group policy for currently installed devices and/or the command line.


 


For more information on unattended RPA with Microsoft 365 Apps for enterprise, check out this Microsoft Docs article.


 


Continue the conversation by joining us in the Microsoft 365 Tech Community! Whether you have product questions or just want to stay informed with the latest updates on new releases, tools, and blogs, Microsoft 365 Tech Community is your go-to resource to stay connected!