This article is contributed. See the original author and article here.
Overview
This is a step-by-step guided walkthrough of how to use a custom KQL Copilot for Security plugin for Identity SOC and forensics use cases and how it helps in implementing a consistent security policy for every user, employee, frontline worker, customer, and partner as well as apps, devices, and workloads across multi-cloud and hybrid.
Use case summary
Monitoring and governing Identities using Copilot for Security custom Identity Analyst Plugin:
User Risk Assessment: Monitor user risk levels based on their activities. This could include sign-in attempts from unfamiliar locations, repeated failed sign-in attempts, or other suspicious behavior.
Sign-in Monitoring: Track user sign-in activities. This includes successful sign-ins, failed attempts, and the location and device used for sign-in. Unusual sign-in activity could be a sign of a potential security threat.
Admin Activity Monitoring: Admin accounts have high-level access and can be a prime target for attackers. Monitor admin activities, especially those involving changes to security settings, user privileges, or access controls.
Application Usage Monitoring: Keep an eye on the usage of applications within your organization. Unusual application activity, such as a high number of downloads or an increase in usage outside of normal business hours, could indicate a potential security issue.
Privileged Identity Management: Monitor the lifecycle of privileged identities within your organization. This includes the creation, modification, and deletion of privileged accounts.
Access Review: Regularly review user access to various resources within your organization. This can help ensure that users only have access to the resources they need for their job functions, reducing the risk of insider threats.
In this guide, we will provide high-level steps to get started using the new tooling. We will start by adding the custom plugin and it’s recommended for organizations to test this in their dev environment first.
Installation
Use the following steps to obtain and install the custom Identity Analyst Plugin for Copilot for Security: Go to securitycopilot.microsoft.com
Download the IdentitySecurityAnalyst.yml file from here.
Select the plugins icon down in the left corner.
4. Under Custom upload, select upload plugin
5. Select the Copilot for Security plugin and upload the IdentitySecurityAnalyst.yml file
6. Click Add
7. Under Custom you will now see the plug-in. Ensure it is enabled.
The custom package contains the following prompts:
Let us get started with more use cases leveraging Copilot for Security capabilities:
User Risk Assessment
Fetches the user risk levels based on their activities. This could include sign-in attempts from unfamiliar locations, repeated failed sign-in attempts, or other suspicious behavior.
In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetUserRiskAssesment’ as shown below:
A sample result will be:
User Sign-In Activities
Fetches user sign-in activities. This includes successful sign-ins, failed attempts, and the location and device used for sign-in. Unusual sign-in activity could be a sign of a potential security threat.
In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetSignInMonitoring’ or prompt with ‘Get users signin activities using Identity analyst plugin’.
Admin Activities Monitoring
Fetches Admin Activity Monitoring logs. Admin accounts have high-level access and can be a prime target for attackers. Monitor all admin activities, especially those involving changes to security settings, user privileges, or access controls.
In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetAdminActivityMonitoring’ or prompt with ‘Get admin activities monitoring using Identity analyst plugin’.
Applications Usage Monitoring
Fetches Application Usage Monitoring logs to keep an eye on the usage of applications within your organization. Unusual application activity, such as a high number of downloads or an increase in usage outside of normal business hours, could indicate a potential security issue.
In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityGetApplicationUsageMonitoring’ or prompt with ‘Get application usage monitoring using Identity analyst plugin’.
Privileged Identity Management (PIM) Monitoring
Fetches Privileged Identity Management logs to monitor the lifecycle of privileged identities within your organization. This includes the creation, modification, and deletion of privileged accounts.
In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityPIMMonitoring or prompt with ‘Get Privileged Identity Management monitoring using Identity analyst plugin’.
Access Review Monitoring
Fetches Access Review logs to regularly review user access to various resources within your organization. This can help ensure that users only have access to the resources they need for their job functions, reducing the risk of insider threats.
In Copilot for Security, you can either directly invoke the plugin via selling the concerned skill under prompt–system capabilities or type ‘/IdentityAccessReviewMonitoring or prompt with ‘Get Access Review monitoring using Identity analyst plugin’.
Conclusion
This plugin is based on KQL that presents a relatively simple and scalable way to leverage the existing repositories of proven KQL queries within the Microsoft security ecosystem, One of the suggestions is you can customize the Custom KQL plugin YML file and make the time range to be as input parameter from Copilot for Security instead of specific hard-coded input. These can then be used as a basis to bring AI enrichment onto security data already present within Microsoft Identity for more details on Microsoft Copilot for Security custom plugins via KQL please visit https://learn.microsoft.com/en-us/copilot/security/plugin-kql. Give it a go and give us your feedback so we can continuously improve the product for your benefit.
This article is contributed. See the original author and article here.
Delivery Optimization and Microsoft Connected Cache are comprehensive solutions from Microsoft for minimizing internet bandwidth consumption. Delivery Optimization acts as the distributed content source and Connected Cache acts as the dedicated content source. Organizations have benefited from these solutions, realizing significant bandwidth savings of up to 98 percent with Windows 11 upgrades, Windows Autopilot device provisioning, Microsoft Intune application installations, and monthly update deployments.
Until now, Connected Cache could only be deployed to Configuration Manager with distribution points. With the release of Connected Cache for Enterprise and Education to public preview on October 30, organizations will have more flexibility in deploying Connected Cache directly to host machines running Windows Server, Windows client, and Linux [Ubuntu and Red Hat Enterprise Linux (RHEL)].
Supporting scenarios that are important to enterprises
While Delivery Optimization is mostly known for being a peer-to-peer delivery solution, it’s also the downloader that pulls update content in Windows from the cloud and provides enterprise and education users with tools to manage bandwidth traffic, throttling capabilities, and more.
Connected Cache technology complements Delivery Optimization as a dedicated software caching solution that can be deployed within enterprise and education organizations’ networks. Once deployed to host machines within a network, Connected Cache nodes will transparently and dynamically cache the Microsoft-published content that downstream Windows devices need to download. Using this solution, content requests from Delivery Optimization can be served by the locally deployed Connected Cache node instead of the cloud. This results in fast, bandwidth-efficient delivery across connected devices. Microsoft worked closely with numerous enterprise and education organizations to gather information about their bandwidth management needs. We used the great feedback we received to develop Connected Cache as a solution that supports the scenarios most important to you.
Moving from on premises to hybrid or fully cloud-managed scenario
Enterprises and educational institutions have used solutions like Configuration Manager for device management and content distribution. Many of these organizations:
Manage all or part of their device tenant with Intune or other mobile device management (MDM).
Are tasked with decommissioning their Configuration Manager distribution points.
Are still faced with the challenge of managing content delivery bandwidth.
To support the on-prem to hybrid or fully cloud managed scenario, Connected Cache can be deployed directly to hardware or a virtual machine (VM) running either Windows Server 2022 using Windows Subsystem for Linux (WSL) 2, which is an enterprise-ready, lightweight, first-party solution, or certain Linux distros (Ubuntu 22.04 and RHEL 8 and 9).
Branch office
Many enterprises and educational institutions have a global presence with remote locations where:
Hundreds of Windows workstations are present.
No dedicated server hardware or administrator is present on-site.
Internet bandwidth may be limited and/or internet connectivity may be intermittent.
Reserving bandwidth for office operations may be more important than download performance of Microsoft content.
To support the branch office scenario, Connected Cache can be deployed directly to Windows 11 workstations using WSL 2.
Enterprise or educational sites
The traditional enterprise or educational site occupies one or more buildings, and may have multiple locations where:
Hundreds to thousands of Windows workstations, Windows servers, or virtual machines are present.
Reuse of existing hardware is important (decommissioned Configuration Manager distribution point, file server, cloud print server) or dedicated server hardware is available on-site.
Internet bandwidth may range from great to limited (T1), and/or internet connectivity may be intermittent.
Reserving bandwidth for office or educational operations, especially during peak times, is a top priority.
Performant downloads are necessary to support mass update, upgrade, or Autopilot provisioning operations.
To support the enterprise or educational site scenarios, Connected Cache can be deployed directly to hardware or VMs running Windows Server 2022. Deployments can be made using WSL 2. or certain Linux distros (Ubuntu 22.04 and RHEL 8 and 9).
Bulk management and deployment
Connected Cache Azure resources are typically managed using the Microsoft Azure portal web interface, but they can also be managed using Command-Line Interface (CLI). Connected Cache nodes can be remotely deployed via PowerShell or Linux shell scripts that require no direct user input, enabling deployment of cache nodes without on-site presence.
Create a Connected Cache in the Azure portal.
PowerShell snippet demonstrating use of Connected Cache CLI.
PowerShell script demonstrating use of bulk creations of cache nodes using CLI.
Telemetry by content type
Organizations want to have insights into the health of cache nodes and what content is being delivered to their devices. The Connected Cache Azure portal displays a near real-time and historical view of the outbound traffic in Mbps and volume by content type. These insights help ensure the cache is deployed correctly and devices are successfully pulling content from it. Further details such as cache efficiency (expressed as the percentage of content coming from Connected Cache), per site data, and per country data, will be available in Windows Update for Business reports.
Connected Cache management in Azure portal shows Office, Windows Update, and Intune downloads.
Deploy Microsoft Connected Cache for Enterprise and Education
Starting October 30, 2024, Windows Enterprise (E3, E5, and F3) and Windows Education (A3 and A5) users will be able to use the Azure Marketplace to create “Microsoft Connected Cache for Enterprise and Education” Azure resources that will be used to manage Connected Cache deployments. Once the Connected Cache Azure resource has been created, users can create as many cache nodes as required to support their network topologies or content deployment. Please see the Microsoft Connected Cache for Enterprise and Education documentation overview page for more details.
This article is contributed. See the original author and article here.
Welcome to the Viva Glint newsletter. These recurring communications coincide with platform releases and enhancements to help you get the most out of the Viva Glint product. You can access the current newsletter and past editions on the Viva Glint blog.
The Glint Customer Experience Survey is live!
We’re excited to announce that Glint’s Customer Experience Survey is now available. Your input is essential to our ability to provide a world-class experience for our customers and helps us to improve our product, customer support, and our Viva Glint resources.
If you participated in this survey previously, you may notice this cycle has been streamlined and feels a bit different. We appreciate you taking a few minutes to share your thoughts. The survey will take five minutes to complete and closes on Friday, November 8.
Viva Glint Admins can modify predefined Glint product roles. This new capability within the User Roles feature reduces the time required to assign roles and reduces the necessity to create new roles. Learn more in Viva Glint User Roles.
Hide the Comments report export feature for any program cycle. Disabling this feature improves confidentiality measures by decreasing the risk of matching survey data to a specific survey respondent. Learn more in Reporting Setup.
More enhancements for PDF exports. With this release, the enhanced technology for exporting PDF feedback reports, released for recurring and ad hoc survey programs last month, is now in place for 360 feedback reports and Focus Area reports. Read more.
View and manage users’ custom data access. Glint administrators can use a new export feature on the User Roles page to export and view users’ customized data access for survey results and Focus Areas. Use the exported file as a guide to upload new custom access in bulk in Advanced Configuration. Learn more
Upcoming events
Ask the Experts | November 12,
Our next session in this popular series focuses on choosing the right benchmark comparison for your survey results. Good comparison choices for feedback reporting are crucial for understanding strengths and opportunities on your team. Bring your questions!
Building Psychological Safety | November 18 Join us on for a conversation with Dr. Julie Morris to learn how to identify signs of psychological safety and what actions you can take to improve it on your team. Please invite your managers to this session!
Viva Community Call: Microsoft HR is Using Viva and M365 Copilot to Empower Employees
This webinar explored how Microsoft HR leverages the power of Microsoft Viva to communicate, provide opportunities for skilling and development, and measure success around M365 Copilot adoption and impact at Microsoft. Watch the video here.
Exciting new resource for all stakeholders
Are you looking to build a holistic employee listening ecosystem? Review this guide from the Viva People Science team to foster employee engagement and better performance. Check out the eBook here.
This article is contributed. See the original author and article here.
Enhancing User Experience with Timely Responses
Building a conversational bot using Azure Bot Composer offers a myriad of possibilities to create a seamless and engaging user experience. One such feature that can significantly enhance user interaction is introducing a custom delay between two messages. This small yet impactful addition can mimic human-like pauses, making conversations feel more natural and thoughtful.
This blog will guide you through the steps to introduce custom delays between messages in Azure Bot Composer.
Why Introduce a Delay?
Introducing delays between messages can serve several purposes:
Natural Flow: Mimics human conversation, making interactions feel less robotic.
Attention Management: Gives users time to read and process information before moving on to the next message.
Contextual Relevance: Helps in maintaining the context, especially in scenarios where the bot provides detailed explanations or instructions.
Expected wait time : It often happens that we might want to make an outbound call from Azure bot composer to outside and fetch a response back, it might also need some time to get the desired response, for example when we would like to fetch a token in return, in such scenarios we would like to introduce intentional delay
Setting Up Azure Bot Composer
Before we dive into introducing custom delays, ensure you have Azure Bot Composer installed and set up. You can download it from the official GitHub repository and follow the installation instructions provided.
Launch Azure Bot Composer and open your existing bot project or create a new one. Navigate to the dialog where you want to introduce the delay.
Step 2: Add a New Action
Within your dialog, click on the ‘+ Add’ button to insert a new action. From the list of available actions, select ‘Send a response’. This is the message you want to introduce the delay.
[Activity
Type = delay
Value = "5000"
]
Make sure to add this code as JSON, by clicking on view source code and then add above, it should look like :
Enter the message text you want to send after the delay. This could be any text, such as a follow-up question or additional information.
By default, the typing activity lasts for a short duration. To customize the delay, you can adjust the duration of the typing activity. Click on the typing activity and set the desired duration (in milliseconds) in the properties pane. For example, setting it to 3000 milliseconds will introduce a 3-second delay. Make sure to keep this value below 15 secs.
Step 3: Test Your Bot
Once you have configured the delay and follow-up message, it’s time to test your bot. Click on the ‘Test in Emulator’ button to launch the Bot Framework Emulator. Interact with your bot to ensure that the delay is working as expected, and the messages are being sent in the correct sequence.
Conclusion
Introducing custom delays between messages in Azure Bot Composer is a simple yet powerful way to enhance user experience. By following the steps outlined in this guide, you can create more natural and engaging conversations that keep users interested and informed.
This article is contributed. See the original author and article here.
We’re expanding our ambition to bring AI-first business process to organizations. First, we’re announcing that the ability to create autonomous agents with Microsoft Copilot Studio will be available in public preview in November 2024. Learn more on the Copilot Studio blog.
Second, we’re introducing 10 new autonomous agents in Microsoft Dynamics 365 to build capacity for sales, service, finance, and supply chain teams. These agents are designed to help you accelerate your time to value and are configured to scale operational efficiency and elevate customer experiences across roles and functions.
Scale your team with new autonomous agents
Discover more ways to drive impact with autonomous agents and Copilot Studio.
Microsoft Copilot is your AI assistant—it works for you—and Copilot Studio enables you to easily create, manage, and connect agents to Copilot. Think of agents as the new apps for an AI-powered world. We envision organizations will have a constellation of agents—ranging from simple prompt-and-response to fully autonomous. They will work on behalf of an individual, team, or function to execute and orchestrate business process ranging from lead generation, to sales order processing, to confirming order deliveries. Copilot is how you’ll interact with these agents.
Introducing autonomous agents for Dynamics 365
New autonomous agents enable customers to move from legacy line of business applications to AI-first business process. AI is today’s return on investment (ROI) and tomorrow’s competitive edge. These new agents are designed to help sales, service, finance, and supply chain teams drive business value—and are just the start. We will create many more agents in the coming year that give customers the competitive advantage they need to help future-proof their organization. Today, we’re introducing ten of these autonomous agents which will start to become available in public preview later in 2024 and continue into early 2025.
Sales: Help sellers focus time on building customer relationships to close deals faster
Agents will help sellers focus time on engaging customers to move through the sales cycle faster. The Sales Qualification Agent for Microsoft Dynamics 365 Sales can free up time for the seller to spend on higher value activities by researching and prioritizing inbound leads in the pipe and developing personalized sales emails to initiate a sales conversation.
For small to medium-sized businesses, the Sales Order Agent for Microsoft Dynamics 365 Business Central will automate the order intake process from entry to confirmation by interacting with customers, capturing their preferences. See Sales Order Agent in action.
Operations: Empower teams to grow the business, optimize process, and meet customer demand
To maintain smooth business operations, it’s crucial that process in key areas such as finance, procurement, and supply chain are optimized to minimize cost, mitigate risks, and accelerate decisions. Autonomous agents operate around the clock to execute a range of process, helping professionals spend less time on manual work and more time on strategic tasks like planning and decision making.
The Supplier Communications Agent for Microsoft Dynamics 365 Supply Chain Management autonomously manages collaboration with suppliers to confirm order delivery, while helping to preempt potential delays. With agents performing all the tasks related to confirming purchase orders, procurement specialists can focus on managing supplier relationships and improving overall supply chain resiliency.
Additional agents:
FinancialReconciliation Agent for Microsoft 365 Copilot for Finance helps teams prepare and cleanse data sets to simplify and reduce time spent on the most labor-intensive part of the financial period close process that leads to financial reporting. Learn more in this brief video.
Account Reconciliation Agent for Microsoft Dynamics 365 Finance, designed for accountants and controllers, automates the matching and clearing of transactions between subledgers and the general ledger, helping them speed up the financial close process. This enhances cash flow visibility and can result in faster decisions to drive business performance. Watch this video to learn more.
Time and Expense Agent for Microsoft Dynamics 365 Project Operations autonomously manages time entry, expense tracking, and approval workflows. It helps get invoices to customers promptly, preventing revenue leakage and helps ensure projects stay on track and within budget. See Time and Expense Agent in action.
Service: Transform customer experiences across self- and human-assisted service
Contact centers face interconnected, compounding challenges to successfully and efficiently serve customers. For example, keeping vital knowledge base articles current relies on manual process. Valuable insights from seasoned customer service representatives are often locked away in chat logs, call recordings, case notes, and other data silos. And self-service tools rely on inflexible, hard-coded dialog with embedded knowledge that must be predefined for potential customer issues.
The CustomerIntent and Customer Knowledge ManagementAgents, available for Microsoft Dynamics 365 Customer Service and Microsoft Dynamics 365 Contact Center, help contact centers transform customer experiences across self-service and human-assisted service. The CustomerIntent Agent enables evergreen self-service by continuously discovering new intents from past and current customer conversations across all channels, mapping issues and corresponding resolutions maintained by the agent in a library. The CustomerKnowledge ManagementAgent helps ensure knowledge articles are kept perpetually up to date by analyzing case notes, transcripts, summaries, and other artifacts from human-assisted cases to uncover insights.
Additional agents:
Case Management Agent for Customer Service automates key tasks throughout the case lifecycle—creation, resolution, follow up, closure—to reduce handle time and alleviate the burden on service representatives. See Case Management Agent in action.
Scheduling Operations Agent for Microsoft Dynamics 365 Field Service enables dispatchers to provide optimized schedules for technicians, even as conditions change throughout the workday—for example, accounting for issues such as traffic delays, double bookings, or last-minute cancellations that often result in conflicts or gaps.
Collectively, these agents are trained to autonomously learn to address new and emerging issues via self-service, improve the quality of issue resolution across channels and help drive time and cost savings.
As agents become more prevalent in the enterprise, customers want to be confident that they have robust data governance and security. The agents coming to Dynamics 365 follow our core security, privacy, and responsible AI commitments. Agents built in Copilot Studio include guardrails and controls established by maker-defined instructions, knowledge, and actions. The data sources linked to the agent adhere to stringent security measures and controls—all managed in Copilot Studio. This includes data loss prevention, robust authentication protocols, and more. Once these agents are created, IT administrators can apply a comprehensive set of features to govern their use.
Recent Comments