by Contributed | Oct 6, 2020 | Uncategorized
This article is contributed. See the original author and article here.
How often do you end work thinking ‘this was a great, productive and effective day’? Hopefully you have many of those, but perhaps you also recognize the feeling where you end your day thinking, ‘I was busy, but I didn’t do the things I wanted to do’. We feel disappointed, perhaps anxious and yet as tomorrow comes, we remain busy.
This social norm of busyness doesn’t necessarily equal valuable work. And while technology should facilitate our work, often it can feel like a burden, as we grapple to keep on top of our inbox, messages, and calendar. When we are bounce from message to meeting and back again, zipping through those to-dos, managing mails, and switching between documents and devices, we are constantly chipping away at our attention. Keeping on top of all this noise can feel like an end in itself; but it´s exhausting, ineffective and unlikely to feel meaningful.
Technology, in itself, does not lead to productivity. Our digital tools are amazing, but they are not enough. Unless they are harnessed to the power of human attention, digital technology can lead as much to distraction as it can enablement. Or, as Tony Crabbe, business psychologist specialized in attention summarizes it, “Technology x Attention = Productivity”.
So, what makes the difference between a great day and a distracted, draining day? What does it mean to enable attention through technology, and how can we support our people, and ourselves, to move from busyness to digital productivity? These should be central questions for all of us to grapple with if we want to truly unlock the enabling power of technology.
What are we missing in our approach to productivity and the digital workplace? We’ve certainly got the tools, but have we got the right attention and the right habits? Great days, when we feel productive and make an impact on the problems that matter, have three consistent elements: Purpose, People and Progress (the 3Ps).
Purpose: Recent research showed that employees spend only 44% of their day working on their primary job activities and 40% of their working time is responding to internal emails that they admit add no value to their business1. Yet, when we have a sense of purpose, we can see the clear value of our work, we lean in. We engage. In fact, 25% of performance can be attributed to our sense of meaning in our work.
People: According to one study, there has been a 50% increase in collaboration over the last decade, with people spending 85% of their day in collaborative activities2. Consistent studies find one of the greatest drivers of impact, but also motivation, is the quality of collaboration.
Progress: Teresa Amabile’s research3 shows that one of the greatest motivators is a sense of progress on the projects and tasks that really matter to us on a daily basis. Yet, on our busy days, how many of us leave work exhausted but underwhelmed by our progress on what matters.
Our goal is to help you build holistic strategies for your digital workplaces. Strategies that encompass the scenarios that will add value to your organization, its employees, and encourage new ways of working that facilitate the 3Ps. So how can you plan a your workplace strategy and a technology adoption approach for the continuously evolving digital workplace in a way that harnesses employee attention and leverages the digital workplace as a change agent to catalyze the forming of new digital cultural norms, adapted to today’s work environment?
The Modern Collaboration Architecture (MOCA) came about to try to solve for this challenge. It offers best practices and guidance to help you develop your digital workplace strategy, understand scenarios that will add value, and provide best practices to support individuals in your organization to harness their attention.
Starting with the purpose we looked at what the specific needs of individuals in the workplace are. What are the common things employees are trying to achieve with technology and what kind of work is the technology designed to facilitate?
When it comes to the people aspect we thought through the different contexts of productivity and attention. We looked from individual work to more collaborative and community-based work. In the MOCA model, the organization plays a facilitation role to enable all individuals, teams, and communities.
Progress is incorporated when we think about the digital cultural norms that we can encourage to facilitate getting work done and the conditions to harness attention. How can we leverage technology and science to learn to facilitate Flow for example, a key factor in employee engagement4 and general well-being5 because it builds this feeling of progress?
Talking about progress, our most collaborative employees are often also the most disengaged3. As teams we rarely discuss our “rules of engagement” that will make the most of people’s time, talents, passions, and attention as we embark on a task. It is time to start.
The intent of the MOCA framework is not to predict ‘THE BEST way to organize your work’, but to act as a guide. As you look at the MOCA, think about the different needs, scenarios, and contexts your employees work in. Does it fit or do you need to adapt based on your organization’s goals? What other tools are end-users using that need to fit in?
Leverage the “MOCA on a page” as a starting point to spark discussions as you consider priority needs and scenarios that will add value to your organization and employees. How you will enable those scenarios based on the evolving technology landscape? And what digital culture norms you want to encourage as you continue the digital workplace journey? If you are that individual who is overloaded or needs to re-take control of your time, do it and think about how you can leverage technology to facilitate that.
You might find yourself asking why ‘how work gets done,’ and ‘how we facilitate employees to harness their attention are so important to business’? Tune in next week for the next blog in the series, “The business case for attention management” from guest blogger Tony Crabbe.
References:
1. Nick Atkin (2012) 40% of staff time is wasted on reading internal emails. The Guardian, Dec 17th
2. Rob Cross, Reb Rebele and Adam Grant (2016) Collaborative overload. Harvard Business Review Jan – Feb
3. Teresa Amabile (2011) The power of small wins. HBR Article
4. Microsoft and London Business School (2019), Work Reworked
5. M. Csikszentmihalyi, Creativity: Flow and the Psychology of Discovery and Invention. New York: Harper Perennials, 1997
Contributing authors
Emma Stephen
Emma a Customer Success Manager at Microsoft and is passionate about bringing the human element into the workplace. She believes technology both enables change and can catalyze wider change efforts if introduced in the right way. Emma is based in Zurich and currently studying for her Masters in Applied Positive Psychology and Coaching Psychology with a hope to leverage this in the organizational context.
@Emma_Stephen
Claudia van der Velden
Claudia a Customer Success Manager at Microsoft and enjoys exploring organizational cultures from an eco-system perspective. In a complex puzzle where all is interconnected, small changes can have a large impact. She believes in the importance of considering all elements for the eco-system to thrive, stay well balanced, and perhaps most importantly, letting go of control and trusting the natural course to find its way. Claudia is based in the Netherlands and studies for her Masters in Applied Psychology, Leadership Development.
@Claudia van der Velden
Tony Crabbe
Tony Crabbe is a Business Psychologist who supports Microsoft on global projects as well as a number of other multinationals. As a psychologist he focuses on how people think, feel and behave at work. Whether working with leaders, teams or organizations, at its core his work is all about harnessing attention to create behavioral change.
His first book, the international best-seller ’Busy’ was published around the world and translated to thirteen languages. In 2016 it was listed as being in the top 3 leadership books, globally. His new book, ‘Busy@Home’ explores how to thrive through the uncertainties and challenges of Covid; and move positively into the hybrid world.
Tony is a regular media commentator around the world, as well as appearances on RTL, the BBC and the Oprah Winfrey Network.
by Contributed | Oct 6, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Secure Score by Groups Workbook
Scenario
The Azure Resource Graph security baseline for Azure Security and the power of Azure Monitor bring you infinite possibilities to custom Azure Security Center information. Consider a scenario where you want to have visibility of the Secure Score for different subscriptions that are in different regions in a single dashboard. This article explains how to leverage Azure Monitor workbooks to create that. The workbook is available in our GitHub community page and the result looks like this:
Figure 1: workbook visualization
The queries
This workbook has two queries created using Azure Resource Graph:
- One for obtaining the Overall Secure Score of the selected subscriptions
- The other obtains the individual Secure Score
To obtain the individual score, use the sample query below:
securityresources
| where type == "microsoft.security/securescores"
| extend subscriptionSecureScore = round(100 * ((todouble(properties.score.current))/ todouble(properties.score.max)))
| project subscriptionSecureScore, subscriptionId
| order by subscriptionSecureScore asc
When you run the query in ARG, you will get a similar result to this:
Figure 2: individual secure score query result
Behind the scenes, each security control Current Score and Maximum Score is found here:
Figure 3: current score and maximum score in ASC
Query: overall secure score – multiple subscriptions
To get the overall secure score of more than one subscription, you can use the next query:
securityresources
| where type == "microsoft.security/securescores"
| extend subscriptionScore = todouble(properties.score.current)/todouble(properties.score.max)
| extend subScoreXsubWeight = todouble(subscriptionScore)*todouble(properties.weight)
| summarize upperValue = sum(subScoreXsubWeight), underValue = sum(todouble(properties.weight))
| extend overallScore = round(100*((upperValue)/(underValue)))
The result would be similar to this:
Figure 4: overall secure score query result
Follow this blog post to see the formulas used for Azure Security Center Secure Score.
The Workbook Visualization
The workbook will show by default four groups. Each group has five variables: group, title, subscription picker, overall secure score, secure score per subscription.
Figure 5: workbook single group
To modify the workbook, start by clicking the Edit button:
Figure 6: edit workbook
Modify Group Name
- Select the group you want to modify and click the Edit button.Figure 7: edit group
- At the top, click on Advanced Settings, change the Group title, and click the button Done Editing.Figure 8: change group title
Modify Title
- Go to the title and click Edit:Figure 9: modify title
- Type the title you want in a Markdown syntax, and click the button Done Editing.Figure 10: type the title
Create More Groups
- Go to any group
- Click on the three dots and select CloneFigure 11: clone the group
Pin It to Your Azure Dashboard
- Your workbook must be in Edit mode, then click the Pin button.Figure 12: pin it
- Click on Pin All to send each component of your groups to the dashboard.Figure 13: pin all
- Click either on Existing or Create New and choose your Dashboard Name. Then click Create And Pin.Figure 14: pin to dashboard
- You will see a message saying it was successfully pinned. Click on that and start customizing your dashboard.Figure 15: successful message
- Customize your dashboard by clicking the Edit button and moving the information squares.Figure 16: edit dashboard
Figure 17: done customizing dashboard
Next Steps
Try it out and share your experience. The workbook is published here in the Azure Security Center GitHub repository.
References
Reviewers
Miri Landau, Senior PM, ASC Engineering
Yuri Diogenes, Principal PM, CxE Security ASC
by Contributed | Oct 6, 2020 | Uncategorized
This article is contributed. See the original author and article here.
The X-Content-Type-Options header is an HTTP header that allows developers to specify that their content should not be MIME-sniffed. This header is designed to mitigate MIME-Sniffing attacks. For each page that could contain user controllable content, you must use the HTTP Header X-Content-Type-Options:nosniff.
Add the below header in the web.config file if the application is hosted by Internet Information Services (IIS) 7 onwards.
<system.webServer>
<httpProtocol>
<customHeaders>
<add name=”X-Content-Type-Options” value=”nosniff”/>
</customHeaders>
</httpProtocol>
</system.webServer>
Please refer to the Link to know more about this particular response header.
The script and styleSheet elements will reject responses with incorrect MIME types if the server sends the response header “X-Content-Type-Options: nosniff”. This is a security feature that helps prevent attacks based on MIME-type confusion. This is been explained in this article.
Recently, I was working on an issue where I was getting below error while calling AJAX functions.
Refused to execute script from ‘http://localhost:8081/ajax/common.ashx’ because its MIME type (‘text/plain’) is not executable, and strict MIME type checking is enabled.
Sample.aspx:1 Refused to execute script from ‘http://localhost:8081/ajax/Ajax_Sample_.Sample,Ajax(Sample).ashx’ because its MIME type (‘text/plain’) is not executable, and strict MIME type checking is enabled.
I see the below code in my application.
<script type="text/javascript" src="/ajax/common.ashx"></script>/ajax/Ajax_Sample_.Sample,Ajax(Sample).ashx
It means that my application is expecting a javascript response from.ashx file but unfortunately, IIS sends the content-type “text/plain” response as it’s a default HTTP handler.
As it would take some time to change the application code and deploy the code to IIS, I added an outbound URL rewrite rule in IIS as a workaround to fix the issue. Below are the steps followed.
<rewrite>
<outboundRules>
<remove name=”Test” />
<rule name=”Test”>
<match serverVariable=”RESPONSE_CONTENT_TYPE” pattern=”text/plain” />
<conditions>
<add input=”{REQUEST_URI}” pattern=”.ashx” />
</conditions>
<action type=”Rewrite” value=”text/javascript” />
</rule>
</outboundRules>
</rewrite>
Refer: https://docs.microsoft.com/en-us/iis/extensions/url-rewrite-module/creating-outbound-rules-for-url-rewrite-module
Note: This is just a workaround to resolve the issue but the permanent solution would be to to change the MIME type in your application code as per the requirement.
Hope this helps :smiling_face_with_smiling_eyes:
by Contributed | Oct 6, 2020 | Azure, Technology, Uncategorized
This article is contributed. See the original author and article here.
Although the capability to query the Secure Score using API was already available and we already published some automations to leverage this capability, now you can also query your Secure Score using Azure Resource Graph (ARG). In addition, you will be able to calculate the score for the security controls and accurately calculate the aggregated score across multiple subscriptions. The following tables were added to allow you to query not only the secure score, but also the security controls:
Here an example of how to query your current secure score (percentage):
SecurityResources
| where type == ‘microsoft.security/securescores’
| extend current = properties.score.current, max = todouble(properties.score.max)
| project subscriptionId, current, max, percentage = ((current / max)*100)
This query will return an output that looks like this one:
This corresponds to what you see in the UI for your subscription. In this case, ASC dashboard show the following Secure Score:
This other example below will list all security controls, the amount of unhealthy resources, their current score and their max score:
SecurityResources
| where type == ‘microsoft.security/securescores/securescorecontrols’
| extend SecureControl = properties.displayName, unhealthy = properties.unhealthyResourceCount, currentscore = properties.score.current, maxscore = properties.score.max
| project SecureControl , unhealthy, currentscore, maxscore
The output should look like the example below:
Calculating the Secure Score
For a single subscription the type of resource we are calling is the microsoft.security/securescores where we get the maximum score (∑ maximum scores of each security control) and the current score (∑ current scores of each security control). To obtain the secure score of a single subscription, the following formula is used:
To obtain the aggregated secure score for multiple subscriptions you should use the formula below:
As you can see in the formula, the aggregated score for multiple subscriptions is not the average, it uses the weight field that is provided in the query (ARG or API). The weight takes in account the size of the subscription (# of resources ) and hence allows to calculate a weighted score which is more accurate than a regular average between different subscriptions with different sizes. For more information refer to the secure score documentation page.
To see how this looks like, let’s use the query below as an example:
securityresources
| where type == “microsoft.security/securescores”
| extend subscriptionScore = todouble(properties.score.current)/todouble(properties.score.max)
| extend subScoreXsubWeight = todouble(subscriptionScore)*todouble(properties.weight)
| summarize upperValue = sum(subScoreXsubWeight), underValue = sum(todouble(properties.weight))
| extend overallScore = round(100*((upperValue)/(underValue)))
| project overallScore
The subscriptionScore is obtained dividing its current score by its maximum score. Then, the value subScoreXsubWeight holds the subscription secure score times the subscription weight. Finally, the overall score is the sum of subScoreXsubWeight divided by the sum of the subscriptions’ weights. The result is shown below:
One of the advantages of querying the secure score via ARG is that you can quickly use these queries to create custom dashboard with Azure Workbooks. If you are querying the secure score using API, you can send a GET Request as shown below:
GET https://management.azure.com/subscriptions/20ff7fc3-e762-44dd-bd96-b71116dcdc23/providers/Microsoft.Security/secureScores/ascScore?api-version=2020-01-01-preview
In the JSON result you will see the weight field, which is used to calculate the secure score is also available as shown the sample below:
For more information about the Secure Score API, read the following articles:
Make sure to utilize this feature and provide your feedback in the comments below, or if you want to formally suggest improvements, provide your feedback at https://aka.ms/ascuservoice
Thanks to all Reviewers
Miri Landau, Senior PM – Azure Security Center Engineering Team
Meital Taran- Gutman, Principal PM – Azure Security Center Engineering Team
Fernanda Vela Huerta, PM – CxE Azure Security Center Team
by Contributed | Oct 6, 2020 | Uncategorized
This article is contributed. See the original author and article here.
Ever since WPF had been released, we have been written code like below many times to implement INofityPropertyChanged interface:
class Person : INotifyPropertyChanged
{
public event PropertyChangedEventHandler PropertyChanged;
private string _name;
public string Name
{
get { return _name; }
set
{
if (_name == value)
{
return;
}
_name = value;
if (PropertyChanged != null)
{
PropertyChanged(this, new PropertyChangedEventArgs("Name"));
}
}
}
}
To labor saving, we have been created base classes such as BindableBase, NotificationObject, etc… like following:
public class BindableBase : INotifyPropertyChanged
{
public event PropertyChangedEventHandler PropertyChanged;
protected bool SetProperty<T>(ref T field, T value, [CallerMangerName]string propertyName = null)
{
if (EqualityComparer<T>.Default.Equals(field, value))
{
return false;
}
field = value;
PropertyChanged?.Invoke(this, new PropertyChangedEventArgs(propertyName));
}
}
Using this class, the Person class is become to simple:
public class Person : BindableBase
{
private string _name;
public string Name
{
get => _name;
set => SetProperty(ref _name, value);
}
}
That is less code enough. And if using with code snippets, then we can just type the code snippet name to generate the definition of properties. There are many useful C# features such as CallerMemberNameAttribute, expression-bodied members, ref, Null-conditional operators, etc.
Source generator
In a part of C# 9 compiler features, there is source generator feature. The detail is explaining in the following blog post.
Introducing C# Source Generators
I think that it is one of the best solutions to INotifyPropertyChanged interface implementation. In fact, INotifyPropertyChanged implementation is introduced as a use case of Source generator.
The sample source generator to that is here.
The sample source generator is simple and that has minimum features to focus on learning. So, I added a feature to support computed properties to get closer real use cases. The repo is here.
The source generator I created is able to generate codes from below definition:
using MvvmGenerator;
namespace MvvmGeneratorTestApp.VIewModels
{
public partial class MainWindowViewModel
{
[AutoNotify]
private string _firstName;
[AutoNotify]
private string _lastName;
[AutoNotify]
public string FullName => $"{FirstName} {LastName}"; // computed property!
}
}
The generated code is as below(I formatted it for easy to read):
namespace MvvmGeneratorTestApp.VIewModels
{
public partial class MainWindowViewModel : System.ComponentModel.INotifyPropertyChanged
{
public event System.ComponentModel.PropertyChangedEventHandler PropertyChanged;
private static readonly System.ComponentModel.PropertyChangedEventArgs FirstNamePropertyChangedEventArgs =
new System.ComponentModel.PropertyChangedEventArgs(nameof(FirstName));
public string FirstName
{
get => this._firstName;
set
{
if (System.Collections.Generic.EqualityComparer<string>.Default.Equals(this._firstName, value))
{
return;
}
this._firstName = value;
PropertyChanged?.Invoke(this, FirstNamePropertyChangedEventArgs);
PropertyChanged?.Invoke(this, FullNamePropertyChangedEventArgs);
FirstNameChanged();
}
}
partial void FirstNameChanged();
private static readonly System.ComponentModel.PropertyChangedEventArgs LastNamePropertyChangedEventArgs =
new System.ComponentModel.PropertyChangedEventArgs(nameof(LastName));
public string LastName
{
get => this._lastName;
set
{
if (System.Collections.Generic.EqualityComparer<string>.Default.Equals(this._lastName, value))
{
return;
}
this._lastName = value;
PropertyChanged?.Invoke(this, LastNamePropertyChangedEventArgs);
PropertyChanged?.Invoke(this, FullNamePropertyChangedEventArgs);
LastNameChanged();
}
}
partial void LastNameChanged();
private static readonly System.ComponentModel.PropertyChangedEventArgs FullNamePropertyChangedEventArgs =
new System.ComponentModel.PropertyChangedEventArgs(nameof(FullName));
}
}
The generated code is works on WPF, UWP, Xamarin.Forms and other platforms that need INotifyPropertyChanged implementation. The repository has a small WPF app to test the generated code.
If you would like to try it, then please open MvvmGenerator.sln on Visual Studio 2019 preview. And please set MvvmGeneratorTestApp project as a startup project, then start debugging. You will see following window:
Conclusion
C# 9.0 and .NET 5 will be released in November 2020. There are a lot of useful features such as source generator I introduced in this article.
For windows developers too, all features will be available on WPF on .NET 5 and WinForms on .NET 5. After Windows UI Library 3.0 was released, I believe you also get the benefits on Win UI 3.0 on .NET 5 too.
I think that the source generator is the one of great features for all developers. If you make similar codes many times, then please remind this article.
Happy coding!
by Contributed | Oct 6, 2020 | Azure, Technology, Uncategorized
This article is contributed. See the original author and article here.
Initial Update: Tuesday, 06 October 2020 06:03 UTC
We are aware of issues within Application Insights and are actively investigating. Some customers may experience failures while accessing metrics from the Azure portal.
-
Work Around: None
-
Next Update: Before 10/06 08:30 UTC
We are working hard to resolve this issue and apologize for any inconvenience.
-Vyom
Recent Comments