rss.livelink.threads-in-node

Microsoft Sentinel - Alert suppression

Thu, 19 Jun 2025 08:54:19 GMT

Hello Tech Community,

Working with Microsoft Sentinel, sometimes, we have to suppress alerts based on information about UPN, IP, hostname, and other.

Let's imagine we need to suppress 20 combinations of UPN, IP hostname. Sometimes, sometimes, the suppressions fields should be empty or should be wildcarded (meaning it can be any value in the log that should be suppressed).

What is the best way to suppress alerts?

- Automation rules - seems not flexible and works only with entities.

- Watchlist with "join" or "where" operator - good option, but doesn't support * (wildcard)

- Hardcoded in KQL - not flexible, especially when you have SDLC processes

Please, your ideas and advice.

Is there any free program to convert mp4 to wav?

Thu, 19 Jun 2025 08:42:41 GMT

Hi,

I'm relatively new to audio editing and file conversion, and I’m currently working on a project that requires me to extract high-quality audio from an MP4 video file. Specifically, I need the audio in WAV format because of its uncompressed quality, which is important for the next steps in my workflow.

I did some searching online, but there are so many mp4 to wav converter tools and methods available, and not sure which one is the most reliable and easiest for a beginner like me to use. Could anyone recommend a straightforward way to convert an MP4 file to WAV?

Learning Azure

Thu, 19 Jun 2025 08:15:20 GMT

I'd like to learn Azure. Just for fun. But I don't know if I should go with the Microsoft online course or with something else. Any suggestions?

How to know about gradually rolling new features on my W11 computer?

Thu, 19 Jun 2025 08:14:39 GMT

There are dozens of new W11 features that are communicated to be gradually rolling out. BUT... How can I get *notified* (and how?) when a new feature (say A, B or C) has happily landed (been enabled) on MY computer and is available for use? Don't wanna spend time on checking is there something new or not...

And no, I'm not talking about following the release / roll-out status from the Microsoft Windows Roadmap web pages.

How to Convert exFAT to NTFS on Windows 11 Without Losing Data

Thu, 19 Jun 2025 07:32:33 GMT

I have an external hard drive currently formatted as exFAT, but I need to switch it to NTFS for better Windows compatibility (file permissions, compression, etc.). I know Windows doesn't have a direct convert command for exFAT like it does for FAT32 to NTFS, so I'm looking for the safest method.

Here's what I’ve considered:

Backup & Reformat – Copy all data elsewhere, reformat the drive as NTFS, then move files back.
Third-party tools – Are there any reliable tools that can convert exfat to ntfs without data loss?
Command-line method – Does diskpart or format have a hidden way to do this?

Has anyone successfully done this before? What's the best approach to avoid data loss?

Thanks in advance!

OpenTelemetry in Azure Logic Apps (Standard and Hybrid)

Thu, 19 Jun 2025 07:30:52 GMT

Why OpenTelemetry?

As modern applications become more distributed and complex, robust observability is no longer optional—it is essential. Organizations need a consistent way to understand how workflows are performing, trace failures, and optimize end-to-end execution.

OpenTelemetry provides a unified, vendor-agnostic framework for collecting telemetry data—logs, metrics, and traces—across different services and infrastructure layers. It simplifies monitoring and makes it easier to integrate with a variety of observability backends such as Azure Monitor, Grafana Tempo, Jaeger, and others.

For Logic Apps—especially when deployed in hybrid or on-premises scenarios—OpenTelemetry is a powerful addition that elevates diagnostic capabilities beyond the default Application Insights telemetry.

What is OpenTelemetry?

OpenTelemetry (OTel) is an open-source observability framework under the Cloud Native Computing Foundation (CNCF) that provides a unified standard for generating, collecting, and exporting telemetry data such as logs, metrics, and traces.

By abstracting away vendor-specific instrumentation and enabling interoperability across various tools and platforms, OpenTelemetry empowers developers and operators to gain deep visibility into distributed systems—regardless of the underlying infrastructure or language stack.

In the context of Azure Logic Apps, OpenTelemetry support enables standardized, traceable telemetry that can integrate seamlessly with a wide range of observability solutions. This helps teams monitor, troubleshoot, and optimize workflows with more precision and flexibility.

How to Configure from Visual Studio Code?

To configure OpenTelemetry for a Logic App (Standard) project from Visual Studio Code:

Locate the host.json file in the root of your Logic App project.
Enable OpenTelemetry by adding "telemetryMode": "OpenTelemetry" at the root level of the file.{ "version": "2.0", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle.Workflows", "version": "[1.*, 2.0.0)" }, "telemetryMode": "OpenTelemetry" }
Define the following application settings in local.settings.json or within your CI/CD deployment pipeline:
- OTEL_EXPORTER_OTLP_ENDPOINT: The OTLP exporter endpoint URL where the telemetry data should be sent.
- OTEL_EXPORTER_OTLP_HEADERS (optional): A list of headers to apply to all outgoing data. This is commonly used to pass authentication keys or tokens to your observability backend.
If your endpoint requires additional OpenTelemetry-related settings, include those in the application settings as well. Refer to the official OTLP Exporter Configuration documentation for details.

How to Configure OpenTelemetry from Azure Portal? – Standard Logic Apps

To enable OpenTelemetry support for a Standard Logic App hosted using either a Workflow Standard Plan or App Service Environment v3, follow the steps below:

1. Update the host.json File

In the Azure portal, navigate to your Standard Logic App resource.
In the left-hand menu, under Development Tools, select Advanced Tools > Go. This opens the Kudu console.
In Kudu, from the Debug Console menu, select CMD, and navigate to:
site > wwwroot
Locate and open the host.json file in a text editor.
Add the following configuration at the root level of the file to enable OpenTelemetry, then save and close the editor.{ "version": "2.0", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle.Workflows", "version": "[1.*, 2.0.0)" }, "telemetryMode": "OpenTelemetry" }

2. Configure App Settings for Telemetry Export

Still within your Logic App resource, go to Settings > Environment Variables and select App settings.

Add the following key-value pairs:

App Setting	Description
OTEL_EXPORTER_OTLP_ENDPOINT	The OTLP (OpenTelemetry Protocol) endpoint URL where telemetry data will be exported. For example: https://otel.your-observability-platform.com
OTEL_EXPORTER_OTLP_HEADERS (Optional)	Any custom headers required by your telemetry backend, such as an Authorization token (e.g., Authorization=Bearer <key>).

Select Apply to save the configuration.

How to Configure OpenTelemetry from Azure Portal? – Hybrid Logic Apps

To enable OpenTelemetry support for a Standard Logic App using the Hybrid hosting option, follow the steps below. This configuration enables telemetry collection and export from an on-premises deployment, using environment variables and local file system access.

1. Modify host.json on the SMB Share

On your on-premises file share (SMB), navigate to the root directory of your Logic App project.
Locate the host.json file.
Add the following configuration to enable OpenTelemetry and save the file.{ "version": "2.0", "extensionBundle": { "id": "Microsoft.Azure.Functions.ExtensionBundle.Workflows", "version": "[1.*, 2.0.0)" }, "telemetryMode": "OpenTelemetry" }

2. Configure Environment Variables in Azure Portal

Go to the Azure Portal and navigate to your Standard Logic App (Hybrid) resource.
From the left-hand menu, select Settings > Containers, then click on Edit and deploy.

In the Edit a container pane, select Environment variables, and then click Add to define the following:

Name	Source	Value	Description
OTEL_EXPORTER_OTLP_ENDPOINT	Manual	<OTLP-endpoint-URL>	The OTLP exporter endpoint URL where telemetry should be sent. Example: https://otel.yourbackend.com
OTEL_EXPORTER_OTLP_HEADERS (Optional)	Manual	<OTLP-headers>	Custom headers (e.g., Authorization=Bearer <token>) required by your observability backend.

Once you've added all necessary settings, click Save.

Example of Endpoint Configuration & How to Check Logs

To export telemetry data using OpenTelemetry, configure the following environment variables in your Logic App’s application settings or container environment:

Name	Source	Value	Description
OTEL_EXPORTER_OTLP_ENDPOINT	Manual Entry	https://otel.kloudmate.com:4318	The OTLP receiver endpoint for your observability backend.
OTEL_EXPORTER_OTLP_HEADERS	Manual Entry	Authorization=<your-api-key>	Used to authenticate requests to the telemetry backend.
OTEL_EXPORTER_OTLP_PROTOCOL	Manual Entry	http/protobuf	Protocol used for exporting telemetry (KloudMate supports gRPC/HTTP).

In this example, we are using KloudMate as the destination for telemetry data. Once correctly configured, your Logic App will begin exporting telemetry data to KloudMate as shown below:

Limitations and Troubleshooting Steps

Current Limitations

Supported trigger types for OpenTelemetry in Logic Apps are:
- HTTP
- Service Bus
- Event Hub
Exporting metrics is not currently supported.

Troubleshooting Steps

No traces received:
- Validate OTEL_EXPORTER_OTLP_ENDPOINT URL and port availability.
- Ensure outbound traffic to observability backend is permitted.
Authentication issues:
- Review and correct header values in OTEL_EXPORTER_OTLP_HEADERS.

References

Set up and view enhanced telemetry for Standard workflows - Azure Logic Apps | Microsoft Learn

Possible bug in WIN 24H2

Thu, 19 Jun 2025 07:23:34 GMT

If I have 3 File Explorer windows open and If I have a program maximized and I want to select a File Explorer window. I hover the mouse over This PC icon shortcut on my Taskbar it it shows the 3 File Explorer windows. If I move the mouse over to a file explorer window and click on it. it selects the window and now it's on top of the maximized program. So I can view the File Explorer and drag a file into the maximized program.

Win 11 24H2 can not reboot... but can boot?

Thu, 19 Jun 2025 07:22:28 GMT

If I use Windows Button -> Power -> Reboot, Windows 11 reboots and afterwards (not at the "Restarting" screen, but the boot logo) hangs on the rotating loading circle indefinitely.

If I shut down and start up again, it works perfectly fine. If I hold the power button during the infinite loading circle, it shuts down and then boots up perfectly fine, too.

Event manager has an entry about not shutting down cleanly after force-shutdown by power button, but no error messages about what caused it to hang.

Any ideas where to look? This used to work normally until about 2 weeks ago, then suddenly showed this behavior.

Both sfc /scannow and dism /online /cleanup-image /restorehealth (and /scanhealth) show no issues at all. Neither does scanning the system drive.

Quest 5 - I want to add conversation memory to my app

Thu, 19 Jun 2025 07:00:00 GMT

In this quest, you’ll explore how to build GenAI apps using a modern JavaScript AI framework, LangChain.js. LangChain.js helps you orchestrate prompts, manage memory, and build multi-step AI workflows all while staying in your favorite language.

Using LangChain.js you will make your GenAI chat app feel truly personal by teaching it to remember. In this quest, you’ll upgrade your AI prototype with conversation memory, allowing it to recall previous interactions making the conversation flow more naturally and human-like.

👉 Want to catch up on the full program or grab more quests? https://aka.ms/JSAIBuildathon

💬 Got questions or want to hang with other builders? Join us on Discord — head to the #js-ai-build-a-thon channel.

🔧 What You’ll Build

A smarter, context-aware chat backend that:

Remembers user conversations across multiple exchanges (e.g., knowing "Terry" after you introduced yourself as Terry)
Maintains session-specific memory so each chat thread feels consistent and coherent
Uses LangChain.js abstractions to streamline state management.

🚀 What You’ll Need

✅ A GitHub account
✅ Visual Studio Code
✅ Node.js
✅ A working chat app from previous quests (UI + Azure-based chat endpoint)

🛠️ Concepts You’ll Explore

Integrating LangChain.js

Learn how LangChain.js simplifies building AI-powered web applications by providing a standard interface to connect your backend with Azure’s language models. You’ll see how using this framework decouples your code and unlocks advanced features.

Adding Conversation Memory

Understand why memory matters in chatbots. Explore how conversation memory lets your app remember previous user messages within each session enabling more context-aware and coherent conversations.

Session-based Message History

Implement session-specific chat histories using LangChain’s memory modules (ChatMessageHistory and BufferMemory). Each user or session gets its own history, so previous questions and answers inform future responses without manual log management.

Seamless State Management

Experience how LangChain handles chat logs and memory behind the scenes, freeing you from manually stitching together chat history or juggling context with every prompt.

📖 Bonus Resources to Go Deeper

Exploring Generative AI in App Development: LangChain.js and Azure: a video introduction to LangChain.js and how you can build a project with LangChain.js and Azure
🦜️🔗 Langchain: the official LangChain.js documentation.
GitHub - Azure-Samples/serverless-chat-langchainjs: Build your own serverless AI Chat with Retrieval-Augmented-Generation using LangChain.js, TypeScript and Azure: A GitHub sample that helps you build your own serverless AI Chat with Retrieval-Augmented-Generation using LangChain.js, TypeScript and Azure
GitHub - Azure-Samples/langchainjs-quickstart-demo: Build a generative AI application using LangChain.js, from local to Azure: A GitHub sample that helps you build a generative AI application using LangChain.js, from local to Azure.
Microsoft | 🦜️🔗 Langchain Official LangChain documentation on all functionalities related to Microsoft and Microsoft Azure.
Quest 4 - I want to connect my AI prototype to external data using RAG | Microsoft Community Hub a link to the previous quest instructions.

Engaging Employees: A Journey Through Data Analytics

Thu, 19 Jun 2025 07:00:00 GMT

Our Team (Sorted Alphabetically):

Ashkan Allahyari	\|	[email protected]" target="_blank" rel="noopener">[email protected]
Ole Bekker	\|	[email protected]" target="_blank" rel="noopener">[email protected]
Robin Elster	\|	[email protected]" target="_blank" rel="noopener">[email protected]
Waad Hegazy	\|	[email protected]" target="_blank" rel="noopener">[email protected]
Lea Hierl	\|	[email protected]" target="_blank" rel="noopener">[email protected]
Linda Pham	\|	[email protected]" target="_blank" rel="noopener">[email protected]

Master Business Analysis & Modelling, Radboud University

Master Strategic Human Resources Leadership, Radboud University

Student Exchange at Radboud University

Project Overview

At Radboud University, our team in the course Data-Driven Analytics for Responsible Business Solutions, embraced a unique opportunity to apply our passion for data analytics to a real-world challenge. Tasked with analyzing employee turnover at VenturaGear—a company committed to fostering a thriving workplace—we conducted an in-depth study to uncover the root causes of attrition. By leveraging rigorous data analytics, machine learning techniques, and Power BI visualizations, we identified key drivers of employee satisfaction and retention. This blog outlines our approach, findings, and actionable strategies to address similar challenges.

Understanding the Turnover Challenge

VenturaGear, a company with diverse operational units, faced rising employee turnover, prompting our data analytics team to identify its root causes. Initial concerns highlighted external competition and internal workplace factors, but the broad question of “why are employees leaving?” required refinement for actionable insights. To tackle this, we first reviewed the dataset and its accompanying data manual to gain a comprehensive understanding of the available data. We then conducted exploratory data analysis on current employee records, focusing on key variables: organizational hierarchy (e.g., employee level), tenure, business units (e.g., inventory, manufacturing), pay frequency, pay rate, and performance metrics.

This approach led us to refine our research question: How do organizational hierarchy, tenure, business unit, pay structure, and performance metrics influence employee satisfaction and turnover at VenturaGear? By narrowing the scope, we could systematically explore these factors, uncovering patterns and drivers of attrition to set the stage for targeted recommendations.

Data Preparation

To answer our refined research question effectively, we needed to examine VenturaGear’s turnover challenge from multiple perspectives. Using Power BI, we created a comprehensive data model to avoid tunnel vision and ensure a holistic analysis. This began with a thorough review of the dataset to assess data quality, checking for inconsistencies, data type accuracy, and missing values (Hair et al., 2018). For instance, we converted the "EndDate" field in the HR_EmployeeDepartmentHistory table from text to date format and corrected errors, such as one employee’s "EndDate" preceding their "StartDate," which was removed to maintain data integrity. We streamlined the analysis by importing only relevant tables from the Human Resources dataset, establishing relationships using the data dictionary and verifying cardinality to prevent errors (Arnold, 2022).

To enhance our analysis, we developed several new columns and measures, including WorkingLifeTime, calculated with DATEDIFF to assess employee tenure, and ActiveCountTrue and ActiveRatioTrue to evaluate active employee statuses. We also categorized organizational levels with OrgLevelLabel to reflect VenturaGear’s hierarchy. To ensure accurate pay analysis, we implemented the Interquartile Range (IQR) method for rate outlier detection. While we flagged missing data in fields like BirthDate and HireDate, we left these unchanged to avoid making assumptions. This data preparation allowed us to conduct a thorough analysis of turnover drivers across various levels, departments, and pay structures.

Our Journey in Analysis

With a robust data model in place, our journey in analysis focused on translating VenturaGear’s employee data into actionable insights. We began by analyzing turnover within different units to understand the issue, then segmented employees by tenure, units, and levels using the MECE framework for a deeper understanding (Rasiel, 1999). Next, we measured well-being through job satisfaction, pay frequency, and rate, identifying markers hinting toward extrinsic motivation. To quantify these influences, we developed a machine learning model using Microsoft Fabric AutoML, treating satisfaction as a continuous variable (Müller & Guido, 2016). The model’s feature importance analysis revealed that pay frequency (0.55) and organizational level (0.26) were the strongest predictors, while pay rate and shift ID had minimal impact.

However, the trained regression machine-learning model’s prediction performance (R² of 20%, MAE of 3.63, MAPE of 5.75%) posed a challenge, indicating that job satisfaction was influenced by complex factors not fully captured by our variables. This led us to pivot toward descriptive analytics, leveraging Power BI to visualize trends and patterns. We designed two key dashboards: the “Turnover Overview” dashboard, and the “Job Satisfaction and Pay Rate” dashboard, to guide management through key insights.

A critical lesson emerged during visualization design: aspect ratios can distort perceptions of trends. Wider graphs presented balanced trends, while narrower ones exaggerated steepness, risking misinterpretation (Peltier et al., 2021). We carefully adjusted our dashboards to balance clarity and accuracy, ensuring axes were scaled appropriately for each salary group to avoid misleading comparisons (Fisher et al., 2021). This analytical journey—from modeling to visualization—enabled us to uncover nuanced insights into turnover and satisfaction, setting the foundation for actionable recommendations.

Key Findings and Insights

Our analytical journey revealed critical insights into VenturaGear’s turnover challenges, combining descriptive analytics with Power BI visualizations. The regression model, despite its limitations, guided our exploration, while carefully designed dashboards provided clear, actionable trends.

Turnover Patterns: Only 11% of employees with recorded “EndDates” left VenturaGear; many changed departments, suggesting lower true turnover than initially assumed. The inventory department exhibited the highest relative turnover, while manufacturing showed the lowest. Departures often peaked in the second year, pointing to a mismatch between onboarding expectations and job reality (Lievens et al., 2001).
Motivation Dynamics: Lower-level employees rely heavily on extrinsic motivators, such as bi-weekly pay, which boosts short-term satisfaction but fails to foster long-term commitment (Ryan & Deci, 2000; Bénabou & Tirole, 2003).
Performance Metrics: Keyboard presses per hour, the only universal performance metric, varies by role and shows no clear link to satisfaction. This metric may create a sense of monitoring, undermining employee autonomy and trust (Ryan & Deci, 2000).
Departmental Challenges: The inventory department’s high turnover and low satisfaction highlight unit-specific issues requiring targeted interventions.

These findings emphasize the need for VenturaGear to balance extrinsic and intrinsic motivators to enhance employee engagement and reduce turnover. For a deeper dive into our visualizations, explore our Power BI Workspace.

Actionable Recommendations

Our findings highlight the need for VenturaGear to address both extrinsic and intrinsic motivators to reduce turnover and enhance engagement. Based on our analysis, we propose the following strategies:

Short-Term Actions

Competitive Wages: Conduct a market analysis to ensure pay rates align with industry standards, as pay frequency and rate are key extrinsic motivators (Ryan & Deci, 2000).
Increase Pay Frequency: Shift to bi-weekly pay for all employees, if financially feasible, to strengthen the link between work and rewards.

Long-Term Strategies

Foster Intrinsic Motivation: Provide clear career growth pathways to enhance competence, implement

Conclusion

Our analysis of VenturaGear’s employee turnover highlights the value of data-driven insights for complex workplace issues. By utilizing systematic data preparation and impactful Power BI visualizations, we identified key attrition drivers, including pay frequency and challenges within the inventory department. While our regression model pinpointed important factors, we found that intrinsic motivation plays a crucial role in long-term employee commitment. This process provided VenturaGear with actionable insights and demonstrated the importance of blending academic rigor with practical solutions, paving the way for targeted strategies to foster a more engaged workforce.

References

Arnold, J. (2022). Learning Microsoft Power BI. " O'Reilly Media, Inc.".

Bénabou, R., & Tirole, J. (2003). Intrinsic and extrinsic motivation. The Review of Economic Studies, 70(3), 489-520.

Fisher, J., Chang, R., & Wu, E. (2021). Automatic Y-axis Rescaling in Dynamic

Hair, Black, Babin and Anderson (2018), Multivariate Data Analysis (8th edition), Cengage Learning. Print ISBN: 9781473756540

Lievens, F., Decaesteker, C., Coetsier, P., & Geirnaert, J. (2001). Organizational attractiveness for prospective applicants: A person–organisation fit perspective. Applied Psychology, 50(1), 30-51.

Müller, A. C., & Guido, S. (2016). Introduction to machine learning with Python: a guide for data scientists. " O'Reilly Media, Inc.".

Peltier, C., McKenna, J., Sinclair, T., Garwood, J., & Vannest, K. (2021). Brief Report: Ordinate Scaling and Axis Proportions of Single-Case Graphs in Two Prominent EBD Journals From 2010 to 2019. Behavioral Disorders, 47, 134 - 148. https://doi.org/10.1177/0198742920982587

Rasiel, E. M. (1999). The McKinsey Way. McGraw-Hill.

Ryan, R. M., & Deci, E. L. (2000). Intrinsic and extrinsic motivations: Classic definitions and new directions. Contemporary Educational Psychology, 25(1), 54-67.

What is the best disk partition software for Windows 11/10 now?

Thu, 19 Jun 2025 06:48:52 GMT

Hi everyone,

I'm currently managing a Windows PC (Windows 11 PC and Windows 10 laptop) and I need to make some changes to my disk partitions. I want to resize existing partitions, possibly create new ones, and ensure that everything is done safely without data loss.

As far as I know, the built-in tool Disk Management is very limited functions when it comes to advanced tasks like resizing system partitions or merging partitions without data loss. That's why I'm looking for third-party disk partition software that is reliable, user-friendly, and preferably free or reasonably priced.

If you've used any of these tools, could you share your experience? Which one do you think is the best for home users like me?

Released the full version of M365 connectivity test tool (MCT) in GCC environment

Thu, 19 Jun 2025 02:23:01 GMT

I am pleased to announce that we have successfully released the full version of the M365 connectivity test tool (MCT) in the GCC environment today. This investment will ensure excellent network connectivity and user experience across all clouds, including around 5 millions users in GCC.

You can find the updated public documentation at [here] and the table below shows the feature comparison across all clouds.

Please let us know if you have questions, thanks

Purview Destruction of Records Not Working

Thu, 19 Jun 2025 00:08:59 GMT

Hi everyone,

I work for a Microsoft Partner Organization, we are experiencing issues with our Purview Implementations as the records are not being destroyed from SharePoint as expected event though the audit log registered all successful approvals for destructions including details on the stages, the comments and the label. We have waited 15 days as per the Purview's documentation and the content is still in the source library. Is anyone else experiencing a similar issue? The instability of the platform is forcing us to stop offering Purview as a solution to our customers and we are leaning more toward developing our own records management solution.

We have created a ticket, but Microsoft has not responded, there is no priority to resolve this issue and unfortunately our customers can't wait.

If anyone has a solution, please share it with the community. If there are any Purview experts from Microsoft that can offer any ideas, I would appreciate it.

Note: Auditing is on for the organization and the email enabled security group and the Disposition Reviewers are in the correct roles: Disposition Reviewer, Records Management, Compliance Admin, List View Explorer and Content Explorer. Also, my configuration is set correctly, I have proof as the audit log indicates content has been approved for destruction weeks ago.

Thank you!

How to chart this?

Wed, 18 Jun 2025 23:11:08 GMT

Need help on how to calculate then chart this. I have a number of pairs, which I’m imagining as a flow, but with some loops back, and branches:
From To
A G
G C
C D
C A
G F
B E
E F
F E
F D

I’d like it to figure out a table/chart (but with arrows) like the attached image. It may have optional paths. Doesn't have to be like a flow chart, if there's another way for excel to analyze it. I don't *think* this is a complex b-tree sort of problem...

TY in advance.

On-device AI and security: What really matters for the enterprise

Wed, 18 Jun 2025 21:21:16 GMT

AI is evolving, and so is the way businesses run it. Traditionally, most AI workloads have been processed in the cloud. When a user gives an AI tool a prompt, that input is sent over the internet to remote servers, where the model processes it and sends back a result. This model supports large-scale services like Microsoft 365 Copilot, which integrates AI into apps like Word, Excel, and Teams.

Now, a new capability is emerging alongside cloud-based AI. AI can also run directly on a PC—no internet connection or remote server required. This is known as on-device processing. It means the data and the model stay on the device itself, and the work is done locally.

Modern CPUs and GPUs are beginning to support this kind of processing. But neural processing units (NPUs), now included in enterprise-grade PCs such as Microsoft Surface Copilot+ PCs, are specifically designed to run AI workloads efficiently. NPUs are designed to perform the types of operations AI needs at high speed while using less power. That makes them ideal for features that need to work instantly, in a sustained fashion in the background, or without an internet connection.

A flexible approach to AI deployment

NPUs can enable power-efficient on-device processing, fast response times with small models, consistent functionality in offline scenarios, and more control over how data is processed and stored. For organizations, it adds flexibility in choosing how and where to run AI—whether to support real-time interactions at the edge or meet specific data governance requirements.

At the same time, cloud-based AI remains essential to how organizations deliver intelligent services across teams and workflows. Microsoft 365 Copilot, for example, is powered by cloud infrastructure and integrates deeply across productivity applications using enterprise-grade identity, access, and content protections.

Both models serve different but complementary needs. On-device AI adds new options for responsiveness and control. Cloud-based AI enables broad integration and centralized scale. Together, they give businesses flexibility to align AI processing with the demands of the use case, whether for fast local inference or connected collaboration.

For business and IT leaders, the question is not which model is better but how to use each effectively within a secure architecture. That starts with understanding where data flows, how it is protected, and what matters most at the endpoint.

Understanding AI data flow and its security impact

AI systems rely on several types of input such as user prompts, system context, and business content. When AI runs in the cloud, data is transmitted to remote servers for processing. When it runs on the device, processing happens locally. Both approaches have implications for security.

With cloud AI, protection depends on the strength of the vendor’s infrastructure, encryption standards, and access controls. Security follows a shared responsibility model where the cloud provider secures the platform while the enterprise defines its policies for data access, classification, and compliance.

Microsoft’s approach to data security and privacy in cloud AI services

Although the purpose of this blog post is to talk about on-device AI and security, it’s worth a detour to briefly touch on how Microsoft approaches data governance across its cloud-based AI services. Ultimately, the goal is for employees to be able to use whatever tools work best for what they want to get done, and they may not differentiate between local and cloud AI services. That means having a trusted provider for both is important for long-term AI value and security in the organization.

Microsoft’s generative AI solutions, including Azure OpenAI Service and Copilot services and capabilities, do not use your organization’s data to train foundation models without your permission. The Azure OpenAI Service is operated by Microsoft as an Azure service; Microsoft hosts the OpenAI models in Microsoft's Azure environment and the Service does not interact with any services operated by OpenAI (e.g. ChatGPT, or the OpenAI API). Microsoft 365 Copilot and other AI tools operate within a secured boundary, pulling from organization-specific content sources like OneDrive and Microsoft Graph while respecting existing access permissions. For more resources on data privacy and security in Microsoft cloud AI services, check out Microsoft Learn.

Local AI security depends on a trusted endpoint

When AI runs on the device, the data stays closer to its source. This reduces reliance on network connectivity and can help limit exposure in scenarios where data residency or confidentiality is a concern. But it also means the device must be secured at every level.

Running AI on the device does not inherently make it more or less secure. It shifts the security perimeter. Now the integrity of the endpoint matters even more. Surface Copilot+ PCs are built with this in mind. As secured-core PCs, they integrate hardware-based protections that help guard against firmware, OS-level, and identity-based threats.

TPM 2.0 and Microsoft Pluton security processors provide hardware-based protection for sensitive data
Hardware-based root of trust verifies system integrity from boot-up
Microsoft-developed firmware can reduce exposure to third-party supply chain risks and helps address emerging threats rapidly via Windows Update
Windows Hello and Enhanced Sign-in Security (ESS) offer strong authentication at the hardware level

These protections and others work together to create a dependable foundation for local AI workloads. When AI runs on a device like this, the same enterprise-grade security stack that protects the OS and applications also applies to AI processing.

Why application design is part of the security equation

Protecting the device is foundational—but it’s not the whole story. As organizations begin to adopt generative AI tools that run locally, the security conversation must also expand to include how those tools are designed, governed, and managed.

The value of AI increases dramatically when it can work with rich, contextual data. But that same access introduces new risks if not handled properly. Local AI tools must be built with clear boundaries around what data they can access, how that access is granted, and how users and IT teams can control it. This includes opt-in mechanisms, permission models, and visibility into what’s being stored and why.

Microsoft Recall (preview) on Copilot+ PCs is a case study in how thoughtful application design can make local AI both powerful and privacy conscious. It captures snapshots of the desktop embedded with contextual information, enabling employees to find almost anything that has appeared on their screen by describing it in their own words. This functionality is only possible because Recall has access to a wide range of on-device data—but that access is carefully managed.

Recall runs entirely on the device. It is turned off by default—even when enabled by IT—and requires biometric sign-in with Windows Hello Enhanced Sign-in Security to activate. Snapshots are encrypted and stored locally, protected by Secured-core PC features and the Microsoft Pluton security processor. These safeguards ensure that sensitive data stays protected, even as AI becomes more deeply embedded in everyday workflows.

IT admins can manage Recall through Microsoft Intune, with policies to enable or disable the feature, control snapshot retention, and apply content filters. Even when Recall is enabled, it remains optional for employees, who can pause snapshot saving, filter specific apps or websites, and delete snapshots at any time.

This layered approach—secure hardware, secure OS, and secure app design—reflects Microsoft’s broader strategy for responsible local AI and aligns to the overall Surface security approach. It helps organizations maintain governance and compliance while giving users confidence that they are in control of their data and that the tools are designed to support them, not surveil them. This balance is essential to building trust in AI-powered workflows and ensuring that innovation doesn’t come at the expense of privacy or transparency. For more information, check out the related blog post.

Choosing the right AI model for the use case

Local AI processing complements cloud AI, offering additional options for how and where workloads run. Each approach supports different needs and use cases. What matters is selecting the right model for the task while maintaining consistent security and governance across the entire environment.

On-device AI is especially useful in scenarios where organizations need to reduce data movement or ensure AI works reliably in disconnected environments

In regulated industries such as finance, legal, or government, local processing can help support compliance with strict data-handling requirements
In the field, mobile workers can use AI features such as document analysis or image recognition without relying on a stable connection
For custom enterprise models, on-device execution through the Windows AI Foundry Local lets developers embed AI in apps while maintaining control over how data is used and stored

These use cases reflect a broader trend. Businesses want more flexibility in how they deploy and manage AI. On-device processing makes that possible without requiring a tradeoff in security or integration.

Security fundamentals matter most

Microsoft takes a holistic view of AI security across cloud services, on-device platforms, and everything in between. Whether your AI runs in Azure or on a Surface device, the same principles apply. Protect identity, encrypt data, enforce access controls, and ensure transparency.

This approach builds on the enterprise-grade protections already established across Microsoft’s technology stack. From the Secure Development Lifecycle to Zero Trust access policies, Microsoft applies rigorous standards to every layer of AI deployment.

For business leaders, AI security extends familiar principles—identity, access, data protection—into new AI-powered workflows, with clear visibility and control over how data is handled across cloud and device environments.

Securing AI starts with the right foundations

AI is expanding from cloud-only services to include new capable endpoints. This shift gives businesses more ways to match the processing model to the use case without compromising security.

Surface Copilot+ PCs support this flexibility by delivering local AI performance on a security-forward enterprise-ready platform. When paired with Microsoft 365 and Azure services, they offer a cohesive ecosystem that respects data boundaries and aligns with organizational policies.

AI security is not about choosing between cloud or device. It is about enabling a flexible, secure ecosystem where AI can run where it delivers the most value—on the endpoint, in the cloud, or across both. This adaptability unlocks new ways to work, automate, and innovate, without increasing risk. Surface Copilot+ PCs are part of that broader strategy, helping organizations deploy AI with confidence and control—at scale, at speed, and at the edge of what’s next.

Count U slots

Wed, 18 Jun 2025 21:08:48 GMT

Dear Experts,

I have a case like below:-

So, there's a Worksheet "Calc" below where we have Slots from 0~19 two times from Col (C~V) and (X~AQ);

In ,Sheet2 we have the Logic on how to count the U slots:-

1D --> 1 symbol DL
2DD --> 2 symbols DL
2DU/2UD --> 1 symbol for UL, 1 symbol for DL
1U --> 1 symbol UL
2UU --> 2 symbols UL
1S (for split) --> Half symbol for UL, Half symbol for DL

Can you please provide a formula for Column AS and AT to count the U slots, using above Logic,

Attached is the Worksheet.

Exploring the Extensibility of ADMS Portal Customizations

Wed, 18 Jun 2025 20:16:38 GMT

A Comprehensive Overview

The ADMS Portal is more than just a migration interface—it's a customizable, intelligent platform designed to streamline and enhance the migration experience for both users and IT administrators.

ADMS, ADSS, and ADGMS are all cloud-based services that come within the ADxS services portfolio offered by Microsoft and designed to facilitate efficient and cost-effective migrations. For additional information around migration use cases, refer to this blog: Exploring the Use Cases of ADxS Services | Microsoft Community Hub

ADMS or Active Directory Migration Service – is a service designed to facilitate the migration of users and workstations across domains and forests by offering diverse number of migration methods such as Self-Service Migration which is unique to the ADMS service and it comes with two types, Self-Service for corporate connect users, and Self-Service for remote or VPN users,  Admin automated Migrations, user only migration and Migration for workstations shared by more than one user. 

Prerequisites for a User Migration

Users must be in scope for the ADMS sync engine, meet all identity logic, and be in the migration database prior to coming to the ADMS Portal. One of the first items we perform is pre-provision or join source identities to target identities also working with your team to determine attributes to flow as part of the sync engine.

ADMS Portal will submit each user to a set of preflight checks prior to allowing user migration. Before any migration begins, the ADMS Portal runs a standardized set of preflight validations designed to catch common issues that could disrupt the process. These checks are essential safeguards that ensure a smooth and secure migration from the source to the target environment.

Refer to this blog for more details: Ensuring Smooth Migrations with ADMS Portal’s Preflight Checks | Microsoft Community Hub

User Migration journey

Assuming the user meets the preflight checks for migration, the user is submitted to the activation phase. This phase includes the user object being enabled if necessary as well as being submitted to the ADMS AR Pipeline.

The default delivery includes the objectSID of the source user being copied to the target user SIDHistory at user migration run-time in the ADMS AR pipeline. We also submit the user for any additional application/service remediation agreed upon during workshops.

Refer to this blog for more details: Exploring the Use Cases of ADMS User Migration | Microsoft Community Hub

Here’s a look at what the ADMS Portal can customize for a user migration:

Preflight checks: ADMS team enables a standardized set of preflight validations designed to catch common issues that could disrupt the process. These checks are not just technical formalities—they are essential safeguards that ensure each migration proceeds smoothly and securely from old source environment to new target environment.
Portal Landing Page: The ADMS Portal landing page can be configured to let the user choose from one or more connection options. This includes but not limited to at a remote location over VPN.
Multi-language support: The ADMS Portal can be configured to allow the user's local language to be displayed in their browser providing a richer user experience for the various use cases brought to the migration portal.
Customer Support Contact: ADMS team will configure the ADMS Portal to display the customer support contact information to help the user experience a better escalation path if any issues do occur during their migration journey.
Identity Enablement: ADMS team has the ability to enable target user identities during the staging queue process during user migration.
Identity Sync Engine: Conventional tools synchronize Active Directory objects as-is to the target domain and refresh them as changes are made in the source. ADMS implements a rich and robust identity management system so that just the right identities, groups, group memberships and workstations are synchronized and provisioned and will continuously run until the migration has been completed to accommodate changes in the source.
ADMS AR Pipeline: The ADMS delivery team can handle at run-time remediation in the ADMS AR pipeline. This is done per user at user migration run-time to allow coexistence, maintaining access for those pending migration, and updating access for those that have performed migration through the ADMS Portal. Refer to this blog for more details: Exploring the Use Cases of ADMS Application Pipeline | Microsoft Community Hub
Feature Enablement: ADMS delivery includes the ability to enable SIDHistory feature at user migration run-time. ADMS delivery can include the ability to enable our password sync feature one way from source to target.
Post User Migration: ADMS team has the ability to disable the source user identities post user migration after an agreed upon grace period.
Custom Preflight Check: ADMS team has the ability to add custom preflight checks for some migration use cases.

Device Migration journey

Conventional tools require mapping of users to workstations so that the migration sequence can be structured and run by the migration team. ADMS offers a simple to use portal service so that self-service migrations can be offered with users now able to migrate when it's convenient for them.

Refer to this blog for more details: Exploring the Extensibility of Active Directory Migration Service (ADMS) Device Migration | Microsoft Community Hub

Here’s a look at what the ADMS Portal can customize for a device migration:

Preflight checks: ADMS WMT service is a requirement for a device to be eligible for migration. This is enabled by default.
Identity Sync Engine: Conventional tools synchronize Active Directory objects as-is to the target domain and refresh them as changes are made in the source. ADMS implements a rich and robust identity management system so that just the right identities, groups, group memberships and workstations are synchronized and provisioned and will continuously run until the migration has been completed to accommodate changes in the source.
WMT Service: ADMS WMT service is used for conducting workstation migration operations. ADMS WMT service performs at device migration runtime when invoked by ADMS Portal or our auto migration app to perform our default migration operations as well as any additional features we agreed upon during our design discussions for your ADMS delivery.
WMT Service Custom External Scripts: ADMS WMT service has the option to run custom PowerShell external scripts. ADMS WMT service allows the extensibility to run custom external scripts at various execution points during the device migration sub-steps, which has been a game changer for our ADMS customers. There will be more on this in a future blog post.
Approved to Migrate Computer Check: This is an optional check that can be enabled to look for a registry key on the device.
Remote/VPN IP Range Check: ADMS Portal has the ability to use an IP range provided by the customer to determine if a client is attempting migration from a corporate network or remote connection.
AutoMigApp - Device Only: ADMS team has the ability to generate a package of auto migration app designed to perform a device only migration.
Custom Preflight Check: ADMS team has the ability to add custom preflight checks for some migration use cases.

ADMS Portal Benefits

The ADMS Portal offers a robust and flexible platform that enhances the migration experience for both users and administrators. Here are the key benefits:

Streamlined User Experience: With customizable landing pages, multilingual support, and integrated customer support contact information, the portal ensures a smooth and intuitive experience for end users.
Comprehensive Preflight Checks: Built-in and customizable preflight validations help identify and resolve potential issues before migration begins, reducing downtime and ensuring a higher success rate.
Flexible Identity Management: The Identity Sync Engine and Identity Enablement features allow for precise control over which users, groups, and devices are migrated, ensuring alignment with organizational policies.
Real-Time Remediation: The ADMS AR Pipeline supports runtime remediation, enabling coexistence and seamless access transitions during the migration process.
Advanced Device Migration Support: The WMT service and AutoMigApp provide powerful tools for device-only migrations, including support for custom scripts and remote/VPN IP range checks.
Post-Migration Controls: The service supports post-migration actions such as disabling source identities after a grace period, helping maintain security and compliance.
Extensibility and Customization: From custom preflight checks to external script execution, the portal is designed to adapt to unique migration scenarios and enterprise needs.

Conclusion

ADMS is a service designed to facilitate the migration of users and workstations across domains and forests by offering diverse number of migration methods. ADxS services not only simplifies the migration process but also ensures that organizations can achieve their migration goals more efficiently and cost-effectively.

Learn more about IMS and explore its powerful migration capabilities today!

Read our latest insights on the IMS blog
Learn more about IMS and start hassle-free migrations and its capabilities today! On our YouTube Channel
Want to speak with an expert? Reach out to us at [email protected]" target="_blank" rel="noopener">[email protected] to connect with a sales representative. Let’s power the future of digital collaboration — together.

Join us for our Community Call TOMORROW!

Wed, 18 Jun 2025 19:34:38 GMT

Don't miss tomorrow's community call!

We will walk-thru our new MSLE community and demonstrate how to use the new Learning Download Center.

Date: Thursday, June 19, 2025

Time: 10:00 - 11:00 AM PDT (Pacific Daylight Time)

Agenda: The new MSLE Community

From the MSLE Community overview page select "Events" and then select "Microsoft Learn for Educator Events". Select "June MSLE Community Call" and from there you can add the event to your calendar. Select "Attending" or "Interested" to receive notifications and updates regarding the event.

What are MSLE Community Calls?

Each MSLE Community Call provides a unique experience to learn about topics that impact you or your students and highlights the amazing work of the MSLE Community. You'll hear from rotating presenters including members of the MSLE Program Team, other groups at Microsoft, and fellow MSLE educators. All Community Calls are delivered in English with live captions available. All sessions are recorded.

Logs not available for PDF applied with sensitivity label

Wed, 18 Jun 2025 19:28:16 GMT

We created sensitivity labels for files and can apply them to files (docx, xlsx, pdf). However, we found that there were no activity logs for PDF in activity explorer nor in audit search. Activity logs were available for MS office documents (docx, xlsx). Is there any way we can enable logging for PDF documents with labelled content?

Thanks

Lockheed Martin & Librestream boost mission readiness with secure video collaboration platform

Wed, 18 Jun 2025 19:27:06 GMT

The following is a public press release from Lockheed Martin & Librestream announcing the launch of their secure video collaboration platform.

In an effort to continue ensuring armed forces are ready for any mission, Lockheed Martin and Librestream have partnered with Microsoft to revolutionize defense sustainment with the introduction of Onsight NOW, an advanced remote collaboration platform.

Onsight NOW enables seamless communication, enhances teamwork and boosts productivity through its advanced features, including chat, annotations and multi-user calling capabilities. The tool operates on Microsoft's Azure Government Cloud, which provides a secure and reliable method for defense operations teams to collaborate in real-time, enabling them to share live video feeds, annotate critical information, and capture vital information – all while maintaining the highest levels of security and compliance.

Azure Government services provide a strong and secure foundation for cloud computing that meets the high standards of defense agencies. This includes being certified for FedRAMP, which is a strict set of federal security guidelines.

“Lockheed Martin’s implementation of Onsight NOW on Azure Government is a testament to its unwavering commitment to pioneering secure, cutting-edge solutions in defense sustainment. By leveraging Onsight NOW, Lockheed Martin is not only advancing operational efficiency but also setting a new benchmark for secure, interoperable video collaboration across the defense sector,” said Dan Flynn, Managing Director, Global Defense at Librestream.

Onsight NOW on Azure Government is installed securely within Lockheed Martin’s own cloud environment, which ensures sensitive information is protected and handled correctly. This permits both Lockheed Martin and external partners to securely collaborate in real time.

“Aligned with 1LMX – our mission-driven business and digital transformation program – Onsight NOW will ultimately deliver the speed, agility and insights our customers need to be ready to address growing security threats across the world,” says Drew Robbins, Vice President of Sustainment Operations at Lockheed Martin. “By facilitating timely maintenance, enhancing collaboration, reducing costs and ensuring compliance, Onsight NOW will ultimately improve readiness for critical missions, ensuring air dominance for America and its allies.”

“We are thrilled to partner with Lockheed Martin and Librestream to launch Onsight NOW for Azure GOV,” said Bob Serr, VP of Engineering at Azure Communication Services.

“This collaboration exemplifies our commitment to providing secure and innovative solutions that empower defense agencies to maintain mission-critical assets with the highest standards of security and compliance.”