by Contributed | Sep 17, 2022 | Technology
This article is contributed. See the original author and article here.
Erin Rifkin – Vice President, Skilling
At Microsoft, our mission is to empower every person and organization on the planet to achieve more. In a world driven by technology, access to technical skills is a vital part of that mission. For this reason, we’ve brought together all the technical content, learning tools, and resources that Microsoft has to offer in the new Microsoft Learn product family.
The new Microsoft Learn product family: Connected, comprehensive technical resources
Technology’s purpose is to empower you. That’s why Microsoft Learn is designed to help you get the most value from Microsoft products and services, so you can make the most impact through the work you want to do. Whether you’re innovating or troubleshooting a problem, technology and the skills you need to use it are now within reach.
Microsoft Learn enables you to gain new skills at your own pace. Learning begins at your skill level and progresses quickly with practice in Microsoft products—because for today’s problem solvers and tomorrow’s innovators to make real progress, there’s no substitute for learning by doing. Microsoft Learn also offers you access to a community of passionate builders and learners, which serves as a source of inspiration and a catalyst for growth.
From the fundamentals to the most advanced, role-specific technical know-how, with a multitude of products to serve all kinds of learning styles, Microsoft Learn meets you wherever you are in your learning journey.
Microsoft Learn can help you to:
- See new possibilities in technology to help you achieve your goals and reach your potential no matter where you are in your career or learning journey.
- Learn by doing through interactive learning experiences and technical resources that help you build skills and solve problems.
- Showcase your skills with certifications and achievements that demonstrate your expertise.
- Connect and engage with a community of other learners for inspiration, resources, and networking.
A high-level view of Microsoft Learn resources and offerings.
Unified learning resources
Learn.microsoft.com is the place for you to find consolidated Microsoft technical training, documentation, and resources that work for you, regardless of your learning needs, skill level, style, or goals. In a word, the redesigned Microsoft Learn experience is streamlined. Whether you’re advancing your own technical skills or skilling up to address emerging needs for your organization, you’ll find a connected, engaging learning experience where you can explore the resources you need, including:
- Documentation. Easily access all Microsoft technical documentation, including quick starts, how-to guides, and architectural guidance and frameworks created by our engineering teams. If you’re a longtime Docs user, you’ll find the features you know and love, and your old bookmarks will work, too!
- Training. Take instructor-led training, with virtual or in-person courses, taught by Microsoft Certified Trainers from Microsoft Learning Partners worldwide. Access hundreds of free, interactive, self-paced learning paths—covering cloud computing, AI, business applications, and other topics—localized into several languages. And discover other training opportunities, such as Microsoft Virtual Training Days and Cloud Games.
- Certification. Demonstrate you have the expertise, experience, and ability to innovate and excel. Whether you are finishing school and preparing to start your career—or someone that has career experience and looking to take that next step, Microsoft Certifications help you show that you have what it takes to achieve your goals and reach your potential. Access a variety of engaging practice opportunities to accelerate your success.
- Q&A. Check out questions about Microsoft technologies—and get timely answers—in this global, community-driven platform.
- Code samples. Find scripts and code that you can download, modify, and make your own.
- Shows and Events. Learn TV is now Shows, where you can watch original video content from Microsoft technical experts and members of the community, and you can tune into technical Events live or on demand.
Personalized experience
With so many resources and opportunities in one place, you have more ways to showcase your skills and connect with colleagues, peers, and experts.
- The improved Microsoft Learn profile consolidates all the details of your personal learning experiences into one view. Here, you can access your training activity (including learning paths and modules), select instructor-led training and challenges, and keep track of your certifications and your engagements with Q&A.
- All your learning and certification activity is now included in a shareable transcript that showcases everything you’ve learned and achieved. Now you can highlight and share your achievements on social media and see those of your peers and colleagues in the learning community.
Visit learn.microsoft.com today to create your profile and start exploring!
More to come
You’ll see most of these changes live on Microsoft Learn already, and we will continue to make updates (including localization) in the days and weeks to come. But we’ve only begun to uncover all the amazing opportunities waiting for you on the new and improved Microsoft Learn. Bringing all these experiences together unlocks new possibilities for us to enhance and expand the learning experience—in fact, some of those new features are right around the corner. Join us at Microsoft Ignite, October 12–14, 2022, to hear exciting announcements about what’s next for Microsoft Learn—and more!
by Contributed | Sep 16, 2022 | Technology
This article is contributed. See the original author and article here.
For the past month, our Cloud Advocacy team has shared projects with you all that could be created with the Mixed Reality Toolkit. For this month, we’re taking a bit of a detour to showcase a Mixed Reality project that can be created with Microsoft Power Apps!
Power Apps are organizational-specific applications or tools that allow you to create custom applications using many features, including a data platform that provides a flexible development environment to build custom apps for your business. Applications built with Power Apps offer great business logic to transform your manual business functions into automated processes. Also, these applications can be accessed via mobile devices or the browser, enabling users to create custom apps without writing code.
Power Apps provides an extensible platform for users with minimal coding experience to develop applications with rich business logic. In addition, creators find it easy to interact with data and metadata while using Power Apps.
Through Power Apps, you can create canvas applications. Microsoft Power Apps allows you to build business apps from a canvas with minimal coding. Creating a canvas app in Power Apps is as easy as dragging and dropping components onto the canvas, just as designing a PowerPoint presentation. You can also integrate business logic through various data sources.
For this week, we put Power Apps to the test to create an app that displays 3D models both directly on screen as well as in Mixed Reality! The result? An awesome learning experience that leverages the Smithsonian 3D API and open-source models! Joining me this week is Daniel Laskewitz, Sr. Cloud Advocate within our Power/Fusion Cloud Advocacy team. We partnered together to create this project and we’re excited to tell you more about it!
The Idea
In my last post, I shared with you all a VR museum experience that leveraged the Apollo 11 mission models provided by the Smithsonian 3D Digitization project. I wanted to explore other collections and thus landed on the Coral Collection. As I thought about how I could turn this collection into a learning opportunity, I thought it’d be cool to bring the models into my own space and learn more about coral both in-app and in Mixed Reality! What I envisioned would be an app that provides a selection of coral to both learn facts and view the models in ‘real life’ without the need to visit the museum. The added convenience of bringing the museum experience to me was the icing on the cake.
One of the cool parts about the Power Platform is that there are many data sources to connect to. There are already more than 800 available out of the box! But, even when your data source is not one of those 800 connectors, you can create your own connector. The Smithsonian 3D Digitization project also has an API available which offers the possibility to search for 3D objects. If you could combine that with the idea of the app with the collection of corals, it would be a real killer app.
Finding Inspiration
I’m a huge fan of using Dribbble and Pinterest to find inspiration for creating projects. For this project, I went down the rabbit hole of searching for AR Museum Apps. Once I exhausted that option, I began to search for AR Learning Apps. Having this variety in form and function provided insight into the various ways creators are designing UI for AR learning experiences.
After browsing the work of many creative designers, I settled on the following design for the app:
A mockup of the app.
Creating the Main Screen
If this app were to ever be created as a full-fledged experience, I’d image that there’d be an introduction for each collection available in the app. Keeping that in mind, I decided to create an introduction screen for the Corals and Coral Reefs collection. I leveraged a very beautiful image on Unsplash by Scott Web for the background and configured some basic Power Apps components. I wanted to maintain the vibrancy of the sea urchins while also ensuring that the text on the screen would be legible. With that said, I added a black rectangle component behind the collection description and lowered the opacity so that the white text would stand out more without taking away from the beauty of the sea urchins. Another thing I made sure to do was try to incorporate roundness as best as possible. The default Power Apps button is round, however, I desired more curvature. Therefore, I increased the border radius to 50 and got exactly what I wanted!
Introduction screen for Corals and Coral Reefs collection.
Storing Models on OneDrive
With the Introduction screen complete, I needed to find a place to store the models. We ran into a bit of a hiccup while trying to render the models in Mixed Reality using the API, therefore, we needed an alternative solution. Fortunately, the models could be saved to OneDrive and in return a data connector could be made in Power Apps to OneDrive to reference the models. I’ll admit, this part of the project took quite a bit of setup because I had to both download the models and properly structure everything within the OneDrive folder. When you’re referencing models from OneDrive, you do so from an Excel spreadsheet that contains relative links to models within the overall project folder.
I’ll break it down for you:
The folder structure for the project assets.
Essentially, I had to first create a folder for the models and a folder for the photos of the coral. I made sure to follow a simple naming convention that could be repurposed for naming models and photos – this proved to be beneficial for my memory! Then in the Excel spreadsheet, I created a row for each coral which included its species, a description, a photo, and a model. The photo and model columns contain a relative link to the location of the coral’s model and photo.
Excel spreadsheet table for the coral.
After all the corals were added to the spreadsheet, I had to create a table of the data – this part (like all parts) is crucial because Power Apps pulls data from the table.
Creating the Galleries
After making the data connection in Power Apps to OneDrive, I was ready to create the galleries. After assigning the table as the data source, I configured the formula for the gallery components to display the image for the coral. I didn’t want to take up too much space on the screen with words – especially since species names are relatively long. Instead, I opted to just show the image. I also added more roundness to the UI by increasing the border radius of the images so that its corners were rounded. It really gave a different look and feel to the gallery as opposed to the default straight edges/corners.
Gallery screen for the app.
Creating the Information Screens
The final step for this portion of the project was to add in the 3D and Mixed Reality components. Power Apps provides a variety of Mixed Reality controls. For this project, I chose to integrate View in 3D and View in Mixed Reality:
View in 3D - The View in 3D control enables you to view 3D content in the app. You can rotate and zoom into the model with simple gestures.
View in Mixed Reality - The View in MR control enables you to see how a particular item might fit within a specified space. The control creates a button in your app. When the button is pressed, an overlay of the selected 3D model (in .glb, .stl, or .obj file formats) displays onto the live camera feed of the device.
After adding the necessary components to the screen, I dragged and dropped in the Mixed Reality components to add in the wow-factor to the app. And honestly, it was like magic! I at most needed to reference the model selected in the gallery in the Power Apps formula bar – but I promise it was very easy! Specifically: galCoral.Selected.’3DModel’
Information screen for the app.
I’ll hand things over to Daniel now to share more about the work he did for the custom connector – Daniel, take it away!
Creating a Custom Connector
I have been working on the Independent Publisher Connectors program for over a year now. This program enables you to create connectors for the Power Platform and make them available for every user of the Power Platform, without having to be the owner of the API. If you would like to build a connector for a service that you use, you’re welcome to submit a connector for that in the Power Platform Connectors GitHub repository.
I love building connectors for the Power Platform. So, when I heard about the API that’s available from the Smithsonian 3D Digitization project, I wanted to build a connector for that API immediately. The Smithsonian 3D API has only one operation – the File Search operation – so that makes it easy to develop a connector for it!
When you build the connector, always make sure you think about the person who will use your connector later. In the Power Platform, it could very well be that other app makers also want to include your connector in their apps, so why not make it user friendly?
On top of building the connector – I also created a search screen to search for 3D objects and a screen where you can look at and interact with the 3D object.
Smithsonian 3D Search UI
Workshop
Oh – before we go, we have to tell you something exciting! We turned this entire project into a self-led workshop! To share the ability to create and host your own Power Apps workshop, we collaborated together to create an entire workshop equipped with a slide deck and complete instructions from start to finish. You can find the workshop by visiting: https://aka.ms/mr-power-platform
The workshop consists of 5 labs and all the assets you’ll need to create your own version of the app we created. We’ve even provided the full Power Apps solutions as well. You’re welcome to swap out the models for your own! If you have any questions, feel free to submit a GitHub Issue and we’ll follow up with you in the repository.
by Scott Muniz | Sep 16, 2022 | Security
This article was originally posted by the FTC. See the original article here.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
by Scott Muniz | Sep 15, 2022 | Security, Technology
This article is contributed. See the original author and article here.
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A
lock (
) or
https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
by Contributed | Sep 15, 2022 | Technology
This article is contributed. See the original author and article here.
The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest post of our Community Voices blog series, Microsoft Senior Product Marketing Manager Brooke Lynn Weenig talks with Chris Wysopal, Co-Founder and Chief Technology Officer of Veracode. The thoughts below reflect Chris’s views, not the views of Chris’s employer, and are not legal advice. In this blog post, Chris talks about app security.
Brooke: How did you get into app security?
Chris: I started playing with computers around 10 or 12 and in high school in the pre-Internet days. I would dial-up bulletin board systems and find forbidden information that you could not find in the library. I wanted to learn how to program computers. What really got me thinking about cybersecurity was finding these underground bulletin boards and seeing people talk about breaking into systems. It was in the back of my mind as I went to college and learned to be a programmer. It drove me to take my programming skills and use them for building cybersecurity tools and helping people build secure applications.
Before Veracode, I was doing security consulting, whether a company needed someone to help design a secure network or authentication system or do forensics work or incident response work. This new field of app security was emerging with the Internet. Banks, for instance, were building web applications and saying, “We do not have anyone who can help us make sure this is secure.” Emerging attacks, like SQL injection and cross-site scripting, were coming out. We were coming up with techniques to help them find those attacks. I had a development background and knew how to write and inspect code. Combining the development background with cybersecurity seemed like a great way to do something unique.
Brooke: What are microservices and why are they on the rise?
Chris: Microservices are a new way of doing more agile development. Instead of building big, monolithic applications, where 10 scrum teams are all working together on one big application, why not have those 10 scrum teams each work on a small piece of an application that has an API and does one function, like authentication or report generation?
It allows a small scrum team of seven or eight people to write, test, and deploy their own code. It is a much more reliable and efficient way to put small pieces of code into production and allows you to reuse those services across many different applications. Customers will have a couple dozen microservices and they will build dozens of applications out of those microservices. Also, API is now the way you interact with microservices, so API security becomes the main thing you’re trying to secure.
It is important to make sure each microservice takes care of its own security by using encryption and strong authentication. Each microservice has to be logging its activity and each one needs to be tested for security because they have attack surface that an attacker can interact with. Ultimately, it is more secure because you are securing a more well-defined service rather than a big, monolithic application.
Brooke: What are the biggest security threats and how can companies protect themselves?
Chris: One of the emerging big ones are vulnerabilities in open source components like the Apache Log4J exploit, which was a series of critical vulnerabilities discovered in December 2021. The way that organizations use open source is kind of a set it and forget it. Two, three, or four years later, a critical vulnerability comes out and they scramble. “Where am I using Log4J?” and everyone stops doing everything to respond. There should be a process where you stay up to date so when new vulnerabilities come out, you have a process for updating your open-source usage efficiently.
I recommend that people use software composition analysis as part of the development pipeline, so every time they build the code, they are looking at the open source and seeing if there have been any new vulnerabilities since they built their code. They can update those before they push it into production and keep their open source fresh and secure instead of letting it age and it becomes a crisis. There is the acronym SOAR – security, orchestration, automation, and remediation. You can bring that to code and do things in as automated a way as possible. Check every time you build to deploy the code. If you are a deploying daily, you are checking that daily. If it is monthly, you are checking it monthly.
Brooke: Will there be more automation and teaching machines to secure our code?
Chris: There was a presentation at Black Hat on GitHub’s Copilot, an AI pair programmer for developers, and it does a good job of writing code for developers. Of course, it learns how to do that from other code, and we know other code has vulnerabilities. These researchers found cases where Copilot was suggesting code that had vulnerabilities.
Even if you are using something like Copilot, you have to do security testing. It is not guaranteed that it gives you secure code, but on the other hand, if we have this other process of auto-remediation, maybe Copilot and auto-remediation can work together. Before it suggests the code, it can check it and make sure it is suggesting clean code. That just means that the two machines have to talk to each other first.
I do not want to make you think that we can fix every single vulnerability in an automated way, but if we can fix even half of them, that saves a huge amount of time.
Brooke: How do you help clients define their security control goals?
Chris: Different organizations are at different maturity levels. Some organizations don’t know how many applications they have, how many they’ve built, or where they are because they’re just starting out. A lot of it is what we call attack surface discovery, where you are discovering those web apps and APIs that you have exposed, or you’re going through your code repos and looking at all the different applications you’ve built.
The next step is prioritizing your applications because you don’t want to spend a lot of time on old legacy application that are going away in a few months or in a year versus the brand-new line-of-business application you just started using that you know will last for 10 years. Then, look at your open-source vulnerabilities because those are in the National Vulnerability Database that everyone can read. Take a big prioritization approach and cut out things that you are not going to fix, whittling it down to just the most important applications and vulnerabilities. Automate that vulnerability finding process as much as possible.
Brooke: How can IT and security teams work together to solve vulnerabilities faster?
Chris: That’s a big question I get all the time because people struggle to get these two teams to work together. Traditionally, they have done their thing off on their own. The development team develops stuff. The security team looks at all kinds of assets, like what the organization has purchased versus built, and tries to secure those things themselves.
With ongoing development of a new application or an application that you’re constantly updating, those teams have to build a working relationship. The best way to do that is for people on each team to meet on a regular basis so each team understands the challenges, struggles, and priorities of the other team. You have to break out of the silos and meet on a regular basis – weekly is good – and then, you can do some cross-pollination.
At Veracode, we have the concept of security champions, where developers work alongside the application security experts and learn things like threat modeling or manual penetration testing. Find people who think this is fun and cool, and it may be a new career for them. Get people to volunteer, if possible, but also get people from the security team working alongside the developers and saying,” I will help configure your build pipeline and integrate security testing into your pipeline for you.” Those types of things go a long way in getting the teams to really work together.
Brooke: What is needed to close the app security talent gap?
Chris: A lot of security can be picked up either on the job or in a boot camp-type environment. I’ve been talking to community colleges in Massachusetts, where Veracode is headquartered, about having certificate programs where people can learn how to run a vulnerability scan and how to work in a SOC, like where to look at a malware alert that’s coming from someone’s laptop or at a suspicious phishing test.
We should have more boot camps and more certificate programs at community colleges, so that people don’t have to go to school for four years to do this or to switch careers. They can do this on the side and see if they like it. On the demand side, companies have to be willing to take on interns and people doing this as their first job. We have intern programs at Veracode, and they’ve been very successful. We’ve hired a lot of people that way.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.
Recent Comments