Investigating identity threats in hybrid cloud environments

As the modern workplace transforms, the identity attack surface area is growing exponentially, across on-premises and cloud, spanning a multitude of endpoints and applications. Security Operations (SecOps) teams are challenged to monitor user activities, suspicious or otherwise, across all dimensions of the identity attack surface, using multiple security solutions that often are not connected. Because identity protection is paramount for the modern workplace, investigating identity threats requires a single experience to monitor all user activities and hunt for suspicious behaviors in order to triage users quickly.

Today, Microsoft is announcing the new identity threat investigation experience, which correlates identity alerts and activities from Azure Advanced Threat Protection (Azure ATP), Azure Active Directory (Azure AD) Identity Protection, and Microsoft Cloud App Security into a single investigation experience for security analysts and hunters alike.

Modern identity attacks leverage hybrid cloud environments as a single attack surface

The identity threat investigation experience combines user identity signals from your on-premises and cloud services to close the gap between disparate signals in your environment and leverages state-of-the-art User and Entity Behavior Analytics (UEBA) capabilities to provide a risk score and rich contextual information for each user. It empowers security analysts to prioritize their investigations and reduce investigation times, ending the need to toggle between identity security solutions. This gives your SecOps teams more time and the right information to make better decisions and actively remediate identity threats and risks.

Azure ATP provides on-premises detections and activities with abnormal behavior analytics to assist in investigating the most at-risk users. Microsoft Cloud App Security detects and alerts security analysts to the potential of sensitive data exfiltration for first- and third-party cloud apps. And Azure AD Identity Protection detects unusual sign-in information, implementing conditional access on the compromised user until the issue is resolved. Combined, these services analyze the activities and alerts, using UEBA, to determine risky behaviors and provide you with an investigation priority score to streamline incident response for compromised identities.

To further simplify your SecOps workflows, we embedded the new experience into the Cloud App Security portal, regardless of whether you’re using Microsoft Cloud App Security today. While it enriches each alert with additional information, it also allows you to easily pivot from the correlated alert timeline directly into a deeper dive investigation and hunting experience.

User investigation priority

We’re adding a new dimension to the current investigation model that is based on the number of total alerts with a new user investigation priority, which is determined by all user activities and alerts that could indicate an active advanced attack or insider threat.

To calculate the user investigation priority, each abnormal event is scored based on the user’s profile history, their peers, and the organization. Additionally, the potential business and asset impact of any given user is analyzed to determine the investigation priority score.

The new concept is included on the updated user page, which provides relevant information about who the user is, the investigation priority score, how it compares across all users within the organization, and abnormal alerts and activities of the user.

In the image below, the user’s investigation priority score of 155 puts them in the top percentile within the organization, making them a top user for a security analyst to investigate.

Identity threat investigation user page.

The score is surfaced on the main dashboard to help you get an immediate idea of which users currently represent the highest risk within your organization and should be prioritized for further investigation.

Top users by investigation priority on the main dashboard.

Improved investigation and hunting experience

Beyond signal correlation and a redesigned user page, the new identity threat investigation experience also adds new and advanced investigation capabilities specifically for Azure ATP customers, regardless of whether you choose to use Azure AD Identity Protection and or Microsoft Cloud App Security.

These capabilities include the:

  • Ability for security analysts to perform threat hunting with greater context over both cloud and on-premises resources by leveraging advanced filtering capabilities and enriched alert information.
  • Visibility and management of Azure AD user risk levels with the ability to confirm compromised user status, which changes the Azure AD user risk level to High.
  • Creation of activity policies to determine governance actions and leverage built-in automation capabilities via the native integration with Microsoft Flow to more easily triage alerts.

New threat hunting experience to analyze alerts and activities.

Get started with the public preview today

If you’re one of the many enterprise customers already using Azure ATP, Microsoft Cloud App Security, and/or Azure AD Identity Protection and want to test the new identity threat investigation experience, get started by checking out our comprehensive technical documentation.

If you’re just starting your journey, begin a trial of Microsoft Threat Protection to experience the benefits of the most comprehensive, integrated, and secure threat protection solution for the modern workplace.

We would love your feedback! Find us on the Azure ATP Tech Community and send us your questions or feedback on the new experience.

Go to Original Article
Author: Microsoft News Center

AI help desk software frees IT ops to take on SRE skills

Software-based automation of menial tasks will pave the way for more meaningful work among IT ops pros at a financial services company.

Until 2018, IT ops teams at Freedom Financial Network, a 17-year-old financial services company focused on consumer debt reduction, were largely focused on help desk tasks for the company’s 2,200 call center employees. The company had also made some progress in cloud migration and the adoption of Agile and DevOps practices, but wanted to take a more automated approach to its everyday IT tasks and rethink how it assigned its employees.

“Having people do application support and begin SRE training changes the game versus paying people $22 an hour to answer the phone and open ServiceNow tickets,” said Mark Tonnesen, CIO at Freedom Financial, headquartered in San Mateo, Calif.

Tonnesen said he briefly considered AI help desk features from ServiceNow and AIOps software from Moogsoft, but heard word-of-mouth recommendations from other CIOs about a stealth startup called Moveworks. The company, officially launched in April 2019, was founded by former Google employees that specialized in natural language processing at the web giant.

The SaaS-based Moveworks AI help desk software integrates with Slack, Microsoft Teams and other ChatOps services, along with email. It interacts with Freedom Financial’s call center employees through chatbots and email conversations, and processes their help desk requests through an AI-driven probabilistic decision engine.

“There are a lot of help desk automation tools on the market that do things like password resets,” Tonnesen said. “But they usually still require people on the back end.”

Since it implemented Moveworks in 2018, Freedom Financial has automated between 15% and 20% of its help desk tasks, and hopes to automate 25% to 30% by the end of 2019. At the same time, it will rework its IT ops teams and retrain them.

AI help desk only the first step in complex SRE transition

IT pros at Freedom Financial have already begun to dig into SRE work. A small team of three former software engineers and one ops-focused systems engineer are building an automated application deployment platform in Google Cloud Platform with tools such as Chef and Ansible, along with Docker containers. These SREs support application development for the company’s customer-facing apps, which added SMS and chat support for call center employees and SMS-based payment support for consumers.

Mark Tonnesen, CIO at Freedom FinancialMark Tonnesen

Over the next six months, Freedom Financial will retrain 14 more IT service desk staff — some as SREs, others to support corporate apps such as Salesforce, and the rest as application developers, Tonnesen said. He also plans to use Moveworks data analysis to identify the most common reasons for help desk requests so that SREs can address their causes long-term.

Having people do application support and begin SRE training changes the game versus paying people $22 an hour to answer the phone and open ServiceNow tickets.
Mark TonnesenCIO, Freedom Financial Network

But while AI help desk software frees up IT employees who would otherwise spend all their time putting out fires, it can’t help Freedom Financial with its toughest task — retraining employees.

“I wish there was a better mechanism for training,” Tonnesen said. Freedom Financial puts engineers two at a time through a three-week training program, then embeds them with product teams to learn on the job. Unlike larger companies with thousands of engineers, Freedom can’t justify a formalized year-round training program.

SREs are particularly difficult to train from the ground up, Tonnesen said.

“It’s hard to find people that really understand what it means,” he said. “And we can’t afford to have an IBM-style three-year internship rotation.”

Meanwhile, Freedom Financial also plans to roll out Moveworks software in its call center environment for call center employees to use to service customers. Eventually, Tonnesen wants to use AI software to automate back-end business functions such as HR and facility services.

“We’d like Moveworks to evolve to support more channels of communications, such as reports and payments systems,” he said.

In the wider market, IT pros have many choices for AI help desk tools, and that number is only growing. Aside from ServiceNow’s native help desk automation and AIOps products from Moogsoft, BigPanda, ManageEngine and others, vendors such as Spoke, IPsoft, Zendesk and Freshdesk also offer Moveworks alternatives.

Go to Original Article

Windows 10 SDK Preview Build 18922 available now! – Windows Developer Blog

Today, we released a new Windows 10 Preview Build of the SDK to be used in conjunction with Windows 10 Insider Preview (Build 18922 or greater). The Preview SDK Build 18922 contains bug fixes and under development changes to the API surface area.
The Preview SDK can be downloaded from developer section on Windows Insider.
For feedback and updates to the known issues, please see the developer forum. For new developer feature requests, head over to our Windows Platform UserVoice.

This build works in conjunction with previously released SDKs and Visual Studio 2017 and 2019. You can install this SDK and still also continue to submit your apps that target Windows 10 build 1903 or earlier to the Microsoft Store.
The Windows SDK will now formally only be supported by Visual Studio 2017 and greater. You can download the Visual Studio 2019 here.
This build of the Windows SDK will install on Windows 10 Insider Preview builds and previously released builds of Windows.
In order to assist with script access to the SDK, the ISO will also be able to be accessed through the following static URL:

Message Compiler (mc.exe)

Now detects the Unicode byte order mark (BOM) in .mc files. If the If the .mc file starts with a UTF-8 BOM, it will be read as a UTF-8 file. Otherwise, if it starts with a UTF-16LE BOM, it will be read as a UTF-16LE file. If the -u parameter was specified, it will be read as a UTF-16LE file. Otherwise, it will be read using the current code page (CP_ACP).
Now avoids one-definition-rule (ODR) problems in MC-generated C/C++ ETW helpers caused by conflicting configuration macros (e.g. when two .cpp files with conflicting definitions of MCGEN_EVENTWRITETRANSFER are linked into the same binary, the MC-generated ETW helpers will now respect the definition of MCGEN_EVENTWRITETRANSFER in each .cpp file instead of arbitrarily picking one or the other).

Windows Trace Preprocessor (tracewpp.exe)

Now supports Unicode input (.ini, .tpl, and source code) files. Input files starting with a UTF-8 or UTF-16 byte order mark (BOM) will be read as Unicode. Input files that do not start with a BOM will be read using the current code page (CP_ACP). For backwards-compatibility, if the -UnicodeIgnore command-line parameter is specified, files starting with a UTF-16 BOM will be treated as empty.
Now supports Unicode output (.tmh) files. By default, output files will be encoded using the current code page (CP_ACP). Use command-line parameters -cp:UTF-8 or -cp:UTF-16 to generate Unicode output files.
Behavior change: tracewpp now converts all input text to Unicode, performs processing in Unicode, and converts output text to the specified output encoding. Earlier versions of tracewpp avoided Unicode conversions and performed text processing assuming a single-byte character set. This may lead to behavior changes in cases where the input files do not conform to the current code page. In cases where this is a problem, consider converting the input files to UTF-8 (with BOM) and/or using the -cp:UTF-8 command-line parameter to avoid encoding ambiguity.


Now avoids one-definition-rule (ODR) problems caused by conflicting configuration macros (e.g. when two .cpp files with conflicting definitions of TLG_EVENT_WRITE_TRANSFER are linked into the same binary, the TraceLoggingProvider.h helpers will now respect the definition of TLG_EVENT_WRITE_TRANSFER in each .cpp file instead of arbitrarily picking one or the other).
In C++ code, the TraceLoggingWrite macro has been updated to enable better code sharing between similar events using variadic templates.

Removal of IRPROPS.LIB
In this release irprops.lib has been removed from the Windows SDK. Apps that were linking against irprops.lib can switch to bthprops.lib as a drop-in replacement.

The following APIs have been added to the platform since the release of Windows 10 SDK, version 1903, build 18362.

namespace Windows.Devices.Input {
public sealed class PenButtonListener
public sealed class PenDockedEventArgs
public sealed class PenDockListener
public sealed class PenTailButtonClickedEventArgs
public sealed class PenTailButtonDoubleClickedEventArgs
public sealed class PenTailButtonLongPressedEventArgs
public sealed class PenUndockedEventArgs
namespace Windows.Foundation.Metadata {
public sealed class AttributeNameAttribute : Attribute
public sealed class FastAbiAttribute : Attribute
public sealed class NoExceptionAttribute : Attribute
namespace Windows.Graphics.Capture {
public sealed class GraphicsCaptureSession : IClosable {
bool IsCursorCaptureEnabled { get; set; }
namespace Windows.Management.Deployment {
public enum DeploymentOptions : uint {
AttachPackage = (uint)4194304,
public sealed class PackageManager {
IIterable FindProvisionedPackages();
IAsyncOperationWithProgress RegisterPackagesByFullNameAsync(IIterable packageFullNames, DeploymentOptions deploymentOptions);
namespace Windows.Networking.BackgroundTransfer {
public sealed class DownloadOperation : IBackgroundTransferOperation, IBackgroundTransferOperationPriority {
void RemoveRequestHeader(string headerName);
void SetRequestHeader(string headerName, string headerValue);
public sealed class UploadOperation : IBackgroundTransferOperation, IBackgroundTransferOperationPriority {
void RemoveRequestHeader(string headerName);
void SetRequestHeader(string headerName, string headerValue);
namespace Windows.Security.Authentication.Web.Core {
public sealed class WebAccountMonitor {
event TypedEventHandler AccountPictureUpdated;
namespace Windows.Storage {
public sealed class StorageFile : IInputStreamReference, IRandomAccessStreamReference, IStorageFile, IStorageFile2, IStorageFilePropertiesWithAvailability, IStorageItem, IStorageItem2, IStorageItemProperties, IStorageItemProperties2, IStorageItemPropertiesWithProvider {
public static IAsyncOperation GetFileFromPathForUserAsync(User user, string path);
public sealed class StorageFolder : IStorageFolder, IStorageFolder2, IStorageFolderQueryOperations, IStorageItem, IStorageItem2, IStorageItemProperties, IStorageItemProperties2, IStorageItemPropertiesWithProvider {
public static IAsyncOperation GetFolderFromPathForUserAsync(User user, string path);
namespace Windows.UI.Composition.Particles {
public sealed class ParticleAttractor : CompositionObject
public sealed class ParticleAttractorCollection : CompositionObject, IIterable, IVector
public class ParticleBaseBehavior : CompositionObject
public sealed class ParticleBehaviors : CompositionObject
public sealed class ParticleColorBehavior : ParticleBaseBehavior
public struct ParticleColorBinding
public sealed class ParticleColorBindingCollection : CompositionObject, IIterable, IMap
public enum ParticleEmitFrom
public sealed class ParticleEmitterVisual : ContainerVisual
public sealed class ParticleGenerator : CompositionObject
public enum ParticleInputSource
public enum ParticleReferenceFrame
public sealed class ParticleScalarBehavior : ParticleBaseBehavior
public struct ParticleScalarBinding
public sealed class ParticleScalarBindingCollection : CompositionObject, IIterable, IMap
public enum ParticleSortMode
public sealed class ParticleVector2Behavior : ParticleBaseBehavior
public struct ParticleVector2Binding
public sealed class ParticleVector2BindingCollection : CompositionObject, IIterable, IMap
public sealed class ParticleVector3Behavior : ParticleBaseBehavior
public struct ParticleVector3Binding
public sealed class ParticleVector3BindingCollection : CompositionObject, IIterable, IMap
public sealed class ParticleVector4Behavior : ParticleBaseBehavior
public struct ParticleVector4Binding
public sealed class ParticleVector4BindingCollection : CompositionObject, IIterable, IMap
namespace Windows.UI.ViewManagement {
public enum ApplicationViewMode {
Spanning = 2,
namespace Windows.UI.WindowManagement {
public sealed class AppWindow {
void SetPreferredTopMost();
void SetRelativeZOrderBeneath(AppWindow appWindow);
public sealed class AppWindowChangedEventArgs {
bool DidOffsetChange { get; }
public enum AppWindowPresentationKind {
Spanning = 4,
public sealed class SpanningPresentationConfiguration : AppWindowPresentationConfiguration

For Sale – HP Elitedesk 800 G3 Mini


I had this posted in just the Computer Classifieds but I think it’s better off here. Originally priced @ £360, might have overpriced it….

I have for a sale a HP Elitedesk 800 G3 Mini PC, specs are;

I5-7500 Processor
500GB Hard Drive

It has 14 months HP warranty and Windows 10 Pro (64bit)

Original power HP supply. I don’t have the original box but it will be suitably packaged and includes Royal Mail Special Delivery.

Case is in very good condition. Includes PC and power supply only. Will upload a picture tomorrow, thanks.

Price and currency: £300
Delivery: Delivery cost is included within my country
Payment method: Paypal
Location: Newmarket
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I have no preference

This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article

How to Provide IaaS Images with Azure Stack

What is Azure Stack IaaS?

Infrastructure as a Service (IaaS) is a common definition for running virtual machines in Azure or other public cloud services.

what is Azure stack IaaS

As you can see in the second pillar of the picture above, IaaS means that you start from the guest operating system level and above. So, you are not responsible for managing the underlying hypervisor technology as this is the responsibility of the cloud provider.

In general, moving from on-prem to the cloud might be a huge project for a company, but looking at an easy and quick solution for this, the “lift and shift” scenario is quite easy. This means “just” moving the virtual machines from A to Z (on-prem to the cloud). The most important key values in such a project are:

  • Connectivity
  • (Right-) Sizing
  • Migrating to a new Hyper-V based virtual machine environment (e.g. using Azure Site Recovery), if you’re using something else
  • Understanding the new administrative Model

When we’re talking about IaaS for Azure Stack specifically, the connectivity and new administrative model are pushed – more or less – to the end of the list. Azure Stack is being run in your datacenter, you’ve made sure all the needed components are present, and you are responsible to run it.

Connectivity aside (it’s self-explanatory), looking at the two other points, the technical migration (maybe) to Hyper-V based technology (e.g. if you are on VMware) and the right-sizing of the machines are to be solved during the migration. Azure Stack itself is running on Window Server technology, and with that in mind, it supports the following VM Types:

  • A Series
  • Av2 Series
  • D Series
  • DS Series
  • DSv2 Series
  • F Series
  • Fs Series
  • Fsv2 Series

This means, there are two options when it comes to conforming to these sizes during a migration:

  1. Start from scratch
  2. Squeeze the VM to the “nearest fitting” size

Best-practice would be to deploy from scratch and migrate the data if possible, but that’s not always feasible. A lift and shift may inadvertently have issues at a later date due to not having run on Azure Stack infrastructure for its life span. This isn’t to say a full migration doesn’t work, just keep in mind the pros and cons of each scenario when making your decision.

ARM Templates in Azure Stack

Each Azure technology-based VM is based on the json file declarative approach using Azure Resource Manager (ARM) definition files. The following picture describes this a little be more in depth:

Azure Resource Manager templates

At this point, the question often becomes: “where the hell do I get these magic templates from?” With Azure Stack, the answer is quite easy, as there are three ways of doing that:

  1. Create the template in a DevOps Tool
  2. Upload an existing VM image
  3. Download an existing image from Azure to Azure Stack

As the easiest way is to download an already existing image from Azure and deploy it to Azure Stack, we will have a look at that option first. If you have deployed Azure Stack ASDK as described in this series of articles, the configuration script from Matt McSpirit has already accomplished this for you. If you are on a multi-node environment, it is part of the deployment process of the hardware OEM. So, it is almost there.

As the steps are somewhat different regarding the second scenario, we will have to look into this in two parts.

Azure Stack IaaS in Connected Scenarios

In a connected scenario, there is a way directly from the Azure Stack Admin Portal to add images from your linked Azure subscription and download them to Azure Stack.

Azure Stack Admin Portal 1

After clicking on “Add from Azure”, you will be directed to the Azure Marketplace and will see a list of marketplace items that are tagged to be supported on Azure Stack.

Azure Stack Admin Portal 2

After having chosen your appropriate new item, the download will start directly.

Azure Stack Admin Portal 3

If an image already exists, you will be able to remove or update it to a more recent version. For example, you have Windows Server already available on the Azure Stack Marketplace, but you want to provide a release with the most recent updates, it will be available here.

Depending on your internet connection speed, it may take some time to have the download finished. Once finished, you will notice that the new image is already available in the marketplace for all your Azure Stack customers. As of today, there is no way to customize the marketplace per user account.

As you may see too, other compute solutions like containers or service fabric are available via the marketplace syndication, too. Azure Stack Admin Portal 4

This means, that if you would like to deploy these solutions to your Azure Stack environment, the technical basics are similar to virtual machines

Azure Stack IaaS in Disconnected Scenarios

When Azure Stack is deployed in disconnect mode (Without Internet connectivity) you cannot use the built-in portal feature to syndicate Azure Market place items and make them available to your users.

Powershell commands are your friend to download Azure Marketplace Items with a machine that has internet connectivity and load them. The downloaded items need to be transferred to a machine with has connectivity to the Azure Stack deployment before importing them.

The tool will allow you to download an Azure Marketplace item(s) along with its dependencies.

Import the module and start the export process for an Azure Marketplace item

You will be prompted to select an Azure Marketplace item to download locally.

Azure Marketplace

Now let us validate the download before uploading them to Azure Stack:

The downloaded items folder should look similar to this on complete:

Now let us upload the image to Azure Stack:

After having this done properly, you will be able to see the new images in your Azure Stack Marketplace.

Custom IaaS Images

If you do not want to start using fresh deployments and need to create customized images, then the following tasks need to be completed.

  1. Make sure that the image is VHD format and NOT VHDX
  2. Upload the image to a Blob storage that has the following format: //.vhd
  3. To make the blob anonymously accessible, go to the storage account blob container where the VM image VHD was uploaded. Select Blob, and then select Access policy. Optionally, you can generate a shared access signature for the container and include it as part of the blob URI. This step makes sure the blob is available to be used for adding this as an image. If the blob is not anonymously accessible, the VM image will be created to in a failed state.

Custom IaaS Images

  1. Add the new VM to Azure Stack as described in the section above using PowerShell
  2. Create a new Gallery item as described here
  3. If there are VM extensions that need to be added, this PowerShell wizardry will help

Now, the new VM is available in the Azure Stack Marketplace with your custom image, icon and optionally the VM extension.


As you have seen in this article, adding virtual machines to Azure Stack as templates are relatively straightforward using a step by step approach. This is one of the most important project steps after having deployed Azure Stack in your environment as this setup provides your customers the ability to deploy virtual machines in an IaaS scenario using your environment. It even provides the technical basis to provide some higher level cloud solutions eventually as well, like Platform as a Service (PaaS) as they all ultimately rely on virtual machines. The only goal of PaaS is that you do not have to manage the PaaS solution, you just could consume it. But nevertheless, it is a set of virtual machines when used on Azure Stack. We’ll be getting more into PaaS in a future segment.

Again, if you just want to migrate virtual machines from your on-premises environment to Azure Stack, there are different options available:

  1. Using the downtime approach and uploading the VHD to Azure Stack (Like shown above), re-configuring the VM and powering it on
  2. Using Azure Site Recovery to migrate the VM to Azure compatible format and then upload and reconfigure it. – Can be time-consuming
  3. Using 3rd party software solutions to synchronize them to Azure Stack

By the end, nevertheless, which technology you start with for your Azure Stack migration process, it will all result in the “lift and shift” scenario and will move your VMs to Azure Stack. Once complete your old production environment can be demoted, and you’re now officially a tenant of Azure Stack.

Thanks for reading! Do let us know if you have questions in the comments section below!

More Great Content on Azure Stack For You

An Introduction to the Microsoft Hybrid Cloud Concept and Azure Stack

How to Install the Azure Stack Development Toolkit (ASDK)

The Ultimate Azure Stack Post-Installation Checklist

Go to Original Article
Author: Markus Klein

What’s New in EDU – ISTE Edition: Announcing new technology to empower inclusive, student-centered learning |

In today’s classrooms, diversity is the new norm. By creating student-centered, inclusive learning environments, educators have the flexibility and opportunity to meet the needs of the diverse group of learners in every classroom. Technology has the power to help teachers not only navigate, but also benefit from, their students’ unique learning styles.

In this month’s What’s New in EDU, we’re excited to announce tools and resources to help teachers empower all students to find their voice, grow their confidence and build 21st century skills. Also, join us from ISTE next week on our Microsoft Education Facebook Channel for more live updates from Philadelphia on Monday, Wednesday and Hack the Classroom on Tuesday.

Reach every student with new accessibility features from Windows and Office 365

We are excited to share new features that enable educators to tailor learning to ensure every student has a voice in today’s classrooms, 72% of which have students with special requirements. Whether a permanent or temporary disability, personal preference, or a unique learning style, the robust set of built-in and third-party accessibility features in Windows 10 and Office 365 let students choose how to use technology and express their ideas.​ Today, we’re unveiling new resources to help every student unlock his or her potential.

  • Improve reading comprehension with Immersive Reader, now available in Minecraft: Education Edition and other popular education apps. Today, we’re thrilled to announce that Immersive Reader, a proven resource to improve reading and writing for students regardless of their age or ability, will now be integrated into Minecraft: Education Edition to read in-game text, character dialogue, chalkboards and more. Immersive Reader will also be available as an Azure Cognitive Service, allowing third-party apps and partners to add the tool into their products to help both students and parents read text within the apps. In our pilot program, Skooler integrated Immersive Reader into its parent portal, enabling better communication with parents and guardians who are non-native English speakers. These partners will be the first to integrate Immersive Reader:

Immersive Reader Cognitive Services gf

Immersive Reader Cognitive Services gf

  • Help students speak with confidence using Presenter Coach in PowerPoint. To give teachers and students an easy way to practice their presentations and improve their public-speaking abilities, we’re launching Presenter Coach in PowerPoint online this summer, which uses best practices and academic research to provide tips and tricks for more effective presentations. Presenter Coach allows teachers and students to enter rehearsal mode and receive on-screen guidance about pacing, inclusive language, conciseness of language, profanity, filler words like “um” or “uh,” culturally inclusive words, and originality as they speak into a microphone. At the end of each rehearsal session, the presenter receives a detailed report with metrics for additional practice. Check out this post and video for more details.

Motivate students ​to share their voice with Flipgrid and Teams

This month, we’re also rolling out some big updates coming to Teams for Education that will make it simpler and more comprehensive than ever before, saving teachers time when creating new Teams, communicating with parents and students, and grading assignments. These updates include:

  • Big, easy-to-find visual icons for each of your teams and classes
  • A new way to create and track all of your assignments
  • A new gradebook so teachers can view and grade all of their assignments for a class directly from the channel’s Grades tab and view a single student’s progress across assignments
  • A new “Share To Teams” button that allows teachers to share resources with their classes directly from a learning source like Brittanica, Kahoot, Buncee, ThingLink, and Wakelet
  • The ability to import existing OneNote content into your Class or Staff Teams, allowing you to access all your information from a single location

On Monday during FlipgridLIVE at ISTE, we shared some exciting new Flipgrid tools that empower students to share their voice, practice their storytelling skills and engage in meaningful discussions inside and outside of the classroom. Details below or watch the livestream archive here.

  • Redesigned with a focus on inclusion, accessibility and performance. Now, every Flipgrid response video is automatically transcribed by Microsoft Azure and delivered through an updated closed-captioning experience. The updated Flipgrid video player leverages Microsoft’s Immersive Reader to make full transcripts available in all response videos.
  • Enhanced storytelling capabilities with the Shorts Camera. Students can now:
    • Stitch together and rearrange unlimited segments into one simple video.
    • Pause and flip the camera, add live inking over videos, select from thousands of text and emoji stickers, and apply unique video styles to add creative flare to videos.
    • Turn on whiteboard mode in videos to add context to stories.
    • Easily record and embed Shorts videos in platforms including Teams, OneNote, Remind and Wakelet with even more partners coming soon.
  • Unlock a new world of possibilities with FlipgridAR. Teachers and students can now:
    • Easily create and print new FlipgridAR stickers for any response to place Flipgrid videos in augmented reality on everything.
    • Transform homework, family nights and school events by “sticking” student voice everywhere with FlipgridAR stickers.
    • Take advantage of the hundreds of millions of existing Flipgrid QR codes that currently decorate classrooms and schools around the world as they now work automatically with FlipgridAR.
  • Ignite engagement with Topics from, HackingSTEM, Find Your Grind, Wonderopolis and more.
    • Find launch-ready discussion prompts (“Topics”) inside your Flipgrid Educator Admin in the Disco Library.
    • Search thousands of educator-created Topics by audience, subject and goal.
    • Explore enriching, activity-packed Topics from, Microsoft Education and NASA, Find Your Grind, and Wonderoplis with additional partner content in the works.

Tools & Resources for Student-Centered Learning

Here are some useful resources to help you plan for the upcoming school year and connect with other educators who are also working to build a student-centered approach:

More Microsoft Education news from ISTE

Learn about additional updates from Microsoft Education in the blogs below, or if you are attending ISTE next week, stop by and see them for yourself in the Microsoft booth.

Click here for free STEM resourcesExplore tools for student-centered learning

Go to Original Article
Author: Microsoft News Center

Using PowerShell for Azure service principal authentication

As more organizations tap in to cloud services, it helps to have an automated way to gain access to Azure resources.

You can authenticate to Microsoft Azure with a few different methods. One way to provide credentials is through a service principal and a client secret. Common uses for service principals are to run automation tasks, such as an Azure Automation runbook that handles VM deployments. Once you have an Azure service principal authentication script, you can work it into your automated workflow.

Creating and authenticating to Azure via a service principal and client secret requires four steps:

  1. Build an Azure AD application.
  2. Create a service principal.
  3. Assign a role to the service principal.
  4. Authenticate as the service principal.

To authenticate with a service principal with Azure, you’ll first need to get the Az PowerShell module by downloading it from the PowerShell Gallery with the following command:

Install-Module Az

Be sure you have a user account with rights by referring to the Required Permissions section from the Microsoft documentation site.

Azure authentication window
This Azure authentication window will open to generate the subscription ID and tenant ID for the PowerShell authentication script.

Get started with the authentication process

First, we have to authenticate the interactive way by providing our username and password using the Connect-AzAccount cmdlet. When run, the cmdlet opens an Azure login window.

After entering your Azure username and password, the window should close, and the command line should show output similar to below:


Environment : AzureCloud
Account :
TenantId :
SubscriptionId :
SubscriptionName :
CurrentStorageAccount :

Note both the subscription ID and tenant ID for later use. If you closed the window, use the Get-AzSubscription cmdlet to display the information again.

Build the service principal

Next, create a service principal with PowerShell, which consists of a three-step process. We need to create a new Azure AD application, create the service principal and then create a role assignment for that service principal.

First, we can create the Azure AD application using the name and Uniform Resource Identifier of our choice.

$secPassword = ConvertTo-SecureString -AsPlainText -Force -String ''
$myApp = New-AzADApplication -DisplayName AppForServicePrincipal -IdentifierUris 'http://appforserviceprincipal' -Password $secPassword

Next, create the service principal that references the application we just created.

$sp = New-AzADServicePrincipal -ApplicationId $myApp.ApplicationId

ServicePrincipalNames : {, http://appforserviceprincipal}
ApplicationId :
DisplayName : AppForServicePrincipal
Id :
Type : ServicePrincipal

Set up the role for the service principal

Next, assign a role to the service principal. The code below attaches it to a contributor role, which gives the appropriate access in the subscription.

New-AzRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $sp.ServicePrincipalNames[0]

RoleAssignmentId : /subscriptions//providers/Microsoft.Authorization/roleAssignments/
Scope : /subscriptions/
DisplayName : AppForServicePrincipal
SignInName :
RoleDefinitionName : Contributor
RoleDefinitionId :
ObjectId :
ObjectType : ServicePrincipal
CanDelegate : False

Lastly, save the password for the Azure app with PowerShell. Use the following code to save the secure string password to a file:

$secPassword | ConvertFrom-SecureString | Out-File -FilePath C:AzureAppPassword.txt

Next, set up the Azure authentication portion.

Authenticating with the Connect-AzAccount cmdlet

The Az module features a command called Connect-AzAccount that, by default, prompts for a username and password. In a script designed for automation, this doesn’t work. But you can avoid this interaction by creating a PSCredential object with the Azure app ID and password and pass it over.

$azureAppId = $myApp.ApplicationId
$azureAppIdPasswordFilePath = 'C:AzureAppPassword.txt'
$azureAppCred = (New-Object System.Management.Automation.PSCredential $azureAppId, (Get-Content -Path $azureAppIdPasswordFilePath | ConvertTo-SecureString))

Now that we have a credential for the application, we can use this along with the subscription ID and tenant ID as parameters to the Connect-AzAccount command to authenticate to Azure.

$subscriptionId = ''
$tenantId = ''
Connect-AzAccount -ServicePrincipal -SubscriptionId $subscriptionId -TenantId $tenantId -Credential $azureAppCred

Account :
SubscriptionName :
SubscriptionId :
TenantId :
Environment : AzureCloud

Completing the Azure service principal authentication script

You should now have an Azure service principal and the PowerShell code required to authenticate with it and your client secret. To connect to Azure in the future with this service principal in PowerShell, you will now need the following code and plug in the appropriate variable values.

$azureAppId = (Get-AzADApplication -DisplayName 'AppForServicePrincipal').ApplicationId.ToString()
$azureAppIdPasswordFilePath = 'C:AzureAppPassword.txt'
$azureAppCred = (New-Object System.Management.Automation.PSCredential $azureAppId, (Get-Content -Path $azureAppIdPasswordFilePath | ConvertTo-SecureString))
$subscriptionId = ''
$tenantId = ''
Connect-AzAccount -ServicePrincipal -SubscriptionId $subscriptionId -TenantId $tenantId -Credential $azureAppCred

Go to Original Article

As cloud complexities increase, cybersecurity skills gap worsens

The rapid rate of advancement in cloud computing technology places new pressure on security professionals’ skills and resources. The results of a recent study from the Cloud Security Alliance revealed a need in the industry to prioritize professional security expertise when using cloud services.

When asked to rank their concerns when switching or adopting cloud structure, 81% of respondents identified security as No. 1. Growing cloud complexities will not make security challenges easier.

The study, conducted by the Cloud Security Alliance along with network security provider AlgoSec, found common security challenges with regard to native, hybrid and multi-cloud architectures. The Cloud Security Complexity survey of 700 IT and security professionals identified areas of improvement and the state of adoption of private, public and combination cloud environments.

Cloud complexities exacerbate the cybersecurity skills gap

Yitzy Tannenbaum, product marketing manager at AlgoSec, based in Ridgefield Park, N.J., said the cybersecurity skills gap correlates with growing complexities in infrastructure. In the past, one on-premises security team oversaw security end to end. Today, the conditions are a lot different.

“We have the public cloud and the private cloud, and inside the public cloud you’ll have many different security controls — cloud-native security controls or third-party and firewalls in the cloud,” Tannenbaum said.

Cybersecurity skills and resources are stretched, which leaves room for human error. More than 200 respondents had experienced an outage within the past year, and the most common cause was identified as human error. Because of the breadth of options and because large organizations use multiple platforms — not to mention the cloud complexities of each — it is difficult for security professionals to specialize in everything. This has led to security teams comprised of individual security staff trained in different infrastructures.

Many organizations have dedicated personnel for each platform. Cloud developers, cloud security teams, traditional security teams, CISOs, information security and security operations can all potentially make changes to the environment without communication with the others. Failure to notify others about changes made can lead to preventable security consequences and more labor in damage control.

Concerns when adopting public cloud platforms

Security should be the driver at every level

As much as business objectives determine priorities across the company, security should be in the driver’s seat. Too often security is considered an afterthought in business and in development. Compromised businesses held to account in the news have placed new emphasis on the importance of a cloud security strategy. Researchers hope businesses will be practical about building in security measures at every level before an incident happens.

“As we migrate to that new complex environment, let’s make sure security is an enabler and not behind the capabilities and other functionality we have in the cloud,” said John Yeoh, global vice president of research at Cloud Security Alliance.

As cloud computing technologies become more popular and complex, neglecting security becomes a business risk, Yeoh said, noting companies that had landed in headlines and worse when breaches happen.

“If a human makes a mistake and a business’s records or sensitive information are exposed, it doesn’t just reflect on the business, but also on the cloud services in that supply chain,” Yeoh said.

He added that awareness should be emphasized and incorporated into company culture, but this isn’t necessarily standard practice today. Researchers encouraged organizations to raise the education level of employees — internally and the cloud supply chain — about cybersecurity, and the potential for harm is a smart preventative measure.

“Security shouldn’t be limited to the security team. It should be a business thing,” Yeoh said.

Concerns when adopting public cloud platforms

Cloud security teams will face complex problems in near future

As cloud environments become more complex, the problems security teams face today will do the same, according to the study. Complex problems of the future require preventative actions today, the researchers suggested.

As we migrate to that new complex environment, let’s make sure security is an enabler and not behind the capabilities and other functionality we have in the cloud.
John YeohGlobal vice president of research, Cloud Security Alliance

“If we think about the scalability of cloud that we love to embrace, as that’s one of the advantages of cloud, your vulnerabilities can also scale. That’s why it’s so important to have a hand on security early,” Yeoh said.

Most survey respondents (66%) use multiple cloud platforms, also known as a multi-cloud environment. The survey also found 35% of respondents use more than three cloud platform vendors. On top of that, 55% organizations may use both public and private clouds, known as a hybrid cloud environment.

This is where the survey gets its “cloud complexity” title. It reflects the reality of cloud use today, which the researchers predict will only get more complex. It is estimated the percentage of organizations using hybrid and multi-cloud combinations — 36% of respondents today — will increase rapidly in the next three years.

How to handle cloud security complexity

As complexities evolve, researchers found visibility into the environment is critical, as is expertise of internal staff and cloud providers. Automation is going to help with accessibility into the cloud and with the cybersecurity skills gap.

“You’re not only eliminating mistakes, but in many cases you eliminate the need for specific expertise on different platforms,” Tannenbaum said.

This also addresses the survey’s finding that human error was the most common cause of outages. One-third of respondents experienced outages for over three hours, and 10% answered more than one day. For Tannenbaum, this put a Gartner report on the subject into perspective. The report estimated the average outage cost the organization $5,600 per minute.

“Imagine a bank, imagine a hospital, imagine a credit card company whose services are down for that long of a time,” Tannenbaum said. “Out of this whole report, that’s what shook me the most. In the cases of hospitals and healthcare, it’s not even an issue of time or money alone; it’s lives.”

Overall, the AlgoSec and Cloud Security Alliance survey outlines industry shifts and challenges as a result of cloud complexities and changing technology. Not only is it a peek into the experiences businesses have with cloud infrastructure, but a roadmap to the intricate challenges security teams must inevitably face in the future. In the midst of the current cybersecurity skills shortage, the survey is a timely reminder that evolving enterprise IT environments call for evolving cloud security strategies.

Go to Original Article

For Sale – Low range gaming PC (self Built) and 24” Monitor

i am selling my gaming PC which i have used for nearly 3 years with great care. it still gives great performance with no issues.

specs –

Motherboard: Gigabyte GA-78LMT-USB3
GPU: GeForce GTX 750ti
CPU: AMD FX 6300 6core
Internal Storage: 240GB Kingston SSD
OS: Windows 10 Pro

Asking price £220

also have a HP Pavilion 24 inch full HD IPS monitor for sale at just £80.

collection is preferred but delivery by post can be also done if buyers arrange it (delivery cost has to be added by buyer).

20190513_090042.jpg 20190513_090102.jpg 20190513_090122.jpg 20190513_085436.jpg 20190513_085831.jpg 20190513_085849.jpg 20190513_085643.jpg


Price and currency: £80-£220
Delivery: Delivery cost is not included
Payment method: Paypal/BT
Location: london
Advertised elsewhere?: Not advertised elsewhere
Prefer goods collected?: I prefer the goods to be collected

This message is automatically inserted in all classifieds forum threads.
By replying to this thread you agree to abide by the trading rules detailed here.
Please be advised, all buyers and sellers should satisfy themselves that the other party is genuine by providing the following via private conversation to each other after negotiations are complete and prior to dispatching goods and making payment:

  • Landline telephone number. Make a call to check out the area code and number are correct, too
  • Name and address including postcode
  • Valid e-mail address

DO NOT proceed with a deal until you are completely satisfied with all details being correct. It’s in your best interest to check out these details yourself.

Go to Original Article