Tag Archives: it’s

Techniques to troubleshoot Active Directory issues

Microsoft’s Active Directory is typically reliable once it’s up and running, but a sudden breakdown with this key infrastructure component will require a quick remedy to keep the business running smoothly.

When a problem arises, there are several simple procedures you should follow as part of the process to troubleshoot Active Directory.

Run diagnostics on domain controllers

When you install the Windows Server Active Directory Domain Services role, Windows also installs a command-line tool named dcdiag.

This utility is very helpful to troubleshoot Active Directory — specifically, its domain controllers.

To use dcdiag, open a command prompt window and enter dcdiag to kick off a series of basic tests that can help narrow the cause of the issue.

In Figure 1, dcdiag runs a series of tests and displays a Pass, Fail or Warning message for each.

Dcdiag test
Figure 1. The dcdiag tool performs various Active Directory health checks.

Test DNS for signs of trouble

The Active Directory is completely dependent on the domain name service (DNS), which makes it crucial to verify that the organization’s DNS servers are functioning properly. If you suspect DNS might be at the root of your problems, then there are two areas to check before you dive into more elaborate ways to troubleshoot Active Directory.

First, verify that the computer with the problems is pointed to the correct DNS server. All computers that participate in the Active Directory environment need to be configured at the TCP/IP level to use the DNS server that the authority for your domain rather than an external DNS server. You can verify a Windows machine’s IP address configuration by entering the following command:

IPConfig /all

Figure 2 shows the command output.

IPConfig command
Figure 2. Use the IPConfig command to verify the machine’s TCP/IP configuration.

Incidentally, Windows machines can experience DNS problems if expired entries get stuck in the machine’s DNS resolver cache. You can clear the cache by using a variation of the IPConfig command:

IPConfig /FlushDNS

If you suspect a DNS problem, then another simple check is to make sure DNS is running. Open a PowerShell session on your DNS server and enter the following command:

Get-Service DNS

You should see a message similar to the one shown in Figure 3, indicating the DNS is working. If it isn’t, you can start the service by entering this command:

Start-Service DNS
PowerShell DNS check
Figure 3. Use PowerShell to verify DNS is running.

If these basic checks haven’t revealed the cause of the problem, then your best option may be to use dcdiag and run some of its DNS specific tests. Here is one command that will check for basic DNS functionality:

dcdiag /test:dns /v /s:<Domain Controller Name> /DnsBasic

You can see a portion of the command’s output in Figure 4.

Dcdiag DNS checks
Figure 4. dcdiag can be used to diagnose DNS problems.

Run checks on Kerberos

Active Directory uses Kerberos to authenticate communication on the domain. If Kerberos stops working, then the authentication process breaks down. Kerberos troubleshooting is complex, but there are two simple checks you can perform if you think this area is the problem.

First, verify the accuracy of the clocks on your domain controllers, your DNS server and any affected client machines. The Kerberos protocol is time-dependent and clock skew can cause several problems, including Kerberos failure. If clocks are out of sync, that is likely the reason for the issue with Active Directory.

Another area worth checking is the current list of Kerberos tickets, which you can generate by entering the KList command at the domain controller’s command prompt. As you can see in Figure 5, this command returns helpful diagnostic information.

Kerberos ticket list
Figure 5. The KList command displays cached Kerberos tickets.

Examine the domain controllers

In an Active Directory environment, some domain controllers perform housekeeping chores delegated by a series of flexible single master operation (FSMO) roles to keep the identity and authentication system healthy. Some roles apply to the entire Active Directory forest, while others only apply to a single domain.

The first of these roles is the schema master role. If the schema master fails, then you cannot make changes to the Active Directory schema.

The second forest-level role is the domain naming master. This role maintains the forest’s namespace. If the domain naming master fails, then you cannot create or delete domains within the forest.

The relative identifier (RID) master is a domain-level role responsible for providing the relative identifiers used to create a security identifier (SID). A SID consists of a domain SID, which is shared by all the objects in the domain, and a RID, which is unique to that object. If the RID master fails, then new objects can continue to be created so long as the pool of RIDs is not depleted. However, once this limit is reached, further object creation will fail.

Another domain-level role is the primary domain controller (PDC) emulator, which performs functions within the domain, including time sync and account lockout processing.

The final domain level role is the infrastructure master role. The infrastructure master updates an object’s SID and distinguished name for cross-domain use.

You can use PowerShell to determine the various roles performed by each domain controller. Run the following command for forest-level roles:

Get-ADForest | Select-Object DomainNamingMaster, SchemaMaster

To get a list of domain-level role holders, use the following command:

Get-ADDomain | Select-Object InfrastructureMaster, RIDMaster, PDCEmulator

Figure 6 shows the results from each command.

FSMO roles
Figure 6. These PowerShell commands help you identify the domain controllers performing the various FSMO roles.

If it looks like a domain controller is not running its designated roles correctly, then you can transfer the role to another domain controller with the Move-ADDirectoryServerOperationMasterRole cmdlet. If the domain controller that was hosting the role has failed, then you can seize the role by appending the -Force switch to the Move-ADDirectoryServerOperationMasterRole cmdlet.

Another good option is to check the event logs in the domain controller, as they will likely contain key information about the source of the problem.

Go to Original Article
Author:

It’s Time to Recognize the Real Value of System Admins

If the coronavirus pandemic has taught the business world anything, it’s that the humble system admin should no longer be undervalued. The impact on businesses worldwide and the overnight transition of millions into remote working situations has shed light on the real value of system admins.

The Unsung Heroes of the Modern Workplace

Sysadmins are the pillars of everyday operations in any modern business. They are the silent agents that ensure everyone is actually able to carry out their work. If everything is running smoothly, it’s because they are doing their job. The value of their work often goes unnoticed because ironically that’s their goal – for technical issues to be fixed unnoticed and everyone else carry on unaffected. But apart from keeping the waters calm, they are also ready to spring into action and save your ass to reset that password you forgot for the 17th time that week (not speaking from personal experience or anything…sorry Phil)

Pandemic Response

As COVID-19 stunned the world and our front-line workers and healthcare rushed to save lives, in the business world, it was system admins who we turned to for help. Transitioning literally millions of employees into remote working is no mean feat but the system admins rose to the challenge and saved businesses on their knees. Furthermore, with this enforced shift to remote working, cyberattacks have been on the rise to try and exploit any new vulnerabilities exposed in the transition but our trusty system admins were there again to protect us.

2020 has been an extremely tough year for many people, but without system admins, it could have been far worse. So, in celebration of SysAdmin Day on 31 July, we decided to give back to our sysadmin heroes in recognition of their hard work.

Rewarding System Admins on SysAdmin Day

Sysadmin thank you gift

If you are an Office 365, Hyper-V, or VMware user, celebrate with us. All you have to do is sign up for a 30-day free trial of either Altaro VM Backup or Altaro Office 365 Backup – it’s your choice! – and you’ll get a guaranteed $/€20 Amazon voucher plus the chance to win one of our grand prizes including SONY WH-1000XM3 Wireless Noise-cancelling headphones, Tri-Band Wi-Fi 6 Router, DJI Osmo Pocket, and more!

SysAdmins claim your gift now!

Go to Original Article
Author: Altaro Software

For Sale – Huge clearout – PCs, laptops, components, RAM/GPUs

It’s time for a serious clearout! I haven’t had enough time to go through each individual set of parts yet, if there’s interest I’ll clean and test each one before sale.

I’ve been using work laptops and been too busy with work to bother much with my hardware below! I’m in the process of deciding what I want to keep and what to sell, it will take me a little while to clear off data in some instances. I do still need 2 PCs in the future but I’m taking this opportunity as a hard reset in my lineup.

This list will be updated as and when I get time / locate items.

Laptops
Lenovo E570 i3-6006u, 4gb DDR4 (I have more RAM below if needed). 500gb HDD, DVD writer, 15.6” screen. £200
Lenovo Yoga 12 i7 / 8gb / 250gb ssd £300
IBM T41 (specs TBC)

PCs
Dell XPS 8700, i7 4770, 12gb, GTX 645. £420
Dell Studio 540s SFF PC (ideal as HTPC), C2Q Q8300, 4gb, discrete half-height GPU (can’t remember which but will confirm) £100
HP Media Centre PC M7000 (includes the removable HDD in the bay at the front!) £100
Mesh Q6600 Elite, C2Q Q6600, 4gb (I think), no GPU £80
Thermaltake build – C2Q Q6600, 7600GS, RAM TBC £80

GPUs
2x Gigabyte 7970 GHz edition – boxed – barely seen any use in the past 4 years as I’ve been using a work laptop. £80ea
Palit GTX 780 £80
Palit GTX 980ti £200

SSDs
240gb Kingston KC300 £30
500gb Crucial MX500 £50
1.92tb Sandisk Ultra 900 USBC external drive brand new boxed £600

HDDs
3tb Seagate £35
Assorted 500gb-4tb 3.5” drives (5+ drives in total)
Assorted 60-500gb 2.5” drives (10+ drives in total)

Optical drives
5.25” DVD writers
Laptop DVD writers (I’ve amassed about 25 of these, please post if needed)

RAM
1x8gb DDR4 SODIMM £25
1x16gb DDR4 SODIMM £55
4x4gb Corsair Dominator 2133mhz DDR3 £100
4x8gb Patriot DDR3 £125
Assorted DDR1/DDR2 (including ECC) e.g. 4x512mb DDR2 ECC £10

Cases
NZXT Phantom £30 (boxed, some yellowing with age but it’s easy to get this back to white)

Components
Corsair AX850 PSU with black cable set £75
Corsair red cable set for AX650/AX750/AX850 £50
Corsair AX1200 PSU with cables £150
Sabertooth X79 mobo (found the manual and driver disc but no box) £80
Rampage IV Extreme X79 mobo (boxed with OC-key and manuals) £200

Corsair H100i £60
Corsair H100 £50
I7 3960x £170
I7 3930k £60

Misc
Trendnet Powerline AV500 adapter x2 boxed, £20
Netgear EX6120 Wifi AC1200 extender £30
Plantronics Calisto P610M USB speakerphone (Skype, Zoom etc.) – brand new boxed, 2 available, £60 each.

Go to Original Article
Author:

Learn to configure Office 365 alerts and other security features

It’s not a coincidence that reports of increased cyber attacks coincided with the spike of remote workers due to the COVID-19 pandemic.

Malicious actors have doubled down on their efforts to infiltrate enterprises to launch ransomware attacks or plant cryptomining malware to set up a steady revenue stream. Security experts have reported an increase in phishing attacks to lure users into clicking on links that puts systems — and the organization — at risk. These threats add more pressure on IT to implement additional security measures.

Microsoft Office 365 offers a host of cloud-based tools and services that support businesses when it comes to email, collaboration tools, cloud storage and enterprise content management. All are accessible from anywhere to support remote workers along with a distributed workforce. But it also increases the surface attack and poses a risk for companies that have just begun to let employees connect from home networks and even personal computers. This is pushing IT to rethink their security strategy to ensure company data is protected and consider some of the existing security tools integrated with the collaboration platform, such as Office 365 alerts, monitoring and identity protection tools.

Government notification issued to help Office 365 customers

The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory, at this link shortly after most states issued stay-at-home orders to slow the spread of the coronavirus. CISA shared its recommendations for organizations that use Office 365 to incorporate into their tenant to reduce their vulnerability level.

The CISA memo noted that rapid deployment of Office 365 might have left some companies with gaps in their security arrangement and advised administrators to enable multi-factor authentication as well as role-based access controls. These recommendations can help reduce the risk of hackers using stolen credentials to access company systems, especially those account credentials with elevated permissions.

Get a security rating of your Office 365 tenant

The CISA memo also recommended using the Microsoft Secure Score feature to generate the overall security scorecard of the tenant and company.

Secure Score is a separate portal for Office 365 administrators that gives a grade for your organization’s security posture along with suggestions to improve it. The portal breaks down the scoring based on five categories: identity, data, device, apps and infrastructure.

Secure Score dashboard
The Secure Score dashboard in Office 365 gives a detailed breakdown of the areas administrators should work on to reduce the threat from outside attacks.

In each category, Microsoft gauges the level of security and offers configuration advice if the number is below 100%. The portal also provides valuable details in each area by describing any problems the assessment tool identified in the tenant and how administrators can address them using an action plan.

Secure Score action plan
The Secure Score section in Office 365 highlights areas that could use some attention and offers guidance on how to tighten security in the tenant.

Checking the Secure Score regularly can help IT administrators see their progress using the trends section of the portal indicating the progress made with the various security implementation projects.

Set up Office 365 alerts for suspicious activities

The CISA memo also suggested configuring Office 365 alerts in the Security and Compliance Center to help the IT team react to security incidents quickly. Office 365 alerts can be sent via SMS or email to administrators, who can sign into the alerts dashboard in the Officer 365 security portal to review the content of the alert and address the issue.

Microsoft provides more than 21 different policies that address several issues related to threat management, permissions elevation changes, information governance and data leaks, and message delivery delays. The CISA memo suggested setting up Office 365 alerts for logins from unusual locations and for user accounts that have surpassed their email thresholds.

An example of an alert in the screenshot below warns administrators when a user or multiple users delete an abnormally high volume of documents, which could indicate an intentional destruction of digital documents or it could be a user deciding to clean off their machine of old data.

Office 365 alerts
A policy can be set to alert the administrator when an unusually large number of files gets deleted from Office 365.

Microsoft recommends administrators enable all the 21 default policies in their tenant. Many of them, such as elevation of admin privilege or suspicious outgoing email patterns, can indicate the start of an attack that, if acted on quickly, can be stopped before extensive damage occurs.

While administrators can customize Office 365 alerts for multiple unusual activities, Microsoft also offers enhanced security features in its Cloud App Security product, which features proactive remediation when an alert is triggered. When an incident is detected, the system can automatically react and either block the user or stop the action without the intervention of the IT administrator.

Some of the advanced alerts Microsoft recommends administrators enable include:

  • leaked credentials;
  • unusual file share activity;
  • ransomware activity;
  • unusual administrative activity;
  • suspicious inbox forwarding;
  • impossible travel;
  • risky sign-in;
  • activity from suspicious IP addresses;
  • activity from an infrequent country.

It’s one thing to detect unusual behavior but it’s another to respond fast enough to stop a potential breach before it enters the company’s environment. The enhanced security features in Office 365 Cloud App Security blocks suspicious users and activities, similar to how Azure AD Premium P2 stops suspicious login attempts, on behalf of the administrator, which can help a fatigued IT staff from having to be on alert at all times.

Integrate use of SIEM tool for audit log analysis

Part of the work with security administration extends beyond reviewing Office 365 security logs. IT departments generally use other security monitoring tools to manage other areas, including network traffic, end points, firewalls and servers.

Many organizations rely on security information and event management (SIEM) tools to centralize and manage all the incoming alerts and logs to uncover activity that requires a closer look. One of the final CISA recommendations is for administrators to feed Office 365 audit logs and alerts into their existing SIEM tools to find any unusual activity and see if there are signs of similar events in other parts of the organization.

Go to Original Article
Author:

Why Linux containers on Windows is a big deal

Although it’s tempting to think that a container is just a container, there are key differences between Linux and Windows containers.

Windows has more strict requirements on image compatibility, particularly regarding the operating system. Some networking features on Docker on Linux are not available for Windows, and similarly for orchestration.

With these limitations, why would you want to run Linux containers on Windows? For one, containers allow you to be agnostic on the host system. Whether you’re running Linux or Windows on the host, and whether that’s in production or not, it won’t matter to the container. You can run Windows in the development environment, stage it in Linux and deploy to production on either system. By allowing your Windows hosts to run Linux or Windows containers, you keep the developers free to do their jobs without having to factor in variables, such as the host operating system.

Linux containers on Windows offers several advantages

The biggest benefit of this expanded functionality is Linux and Windows containers can run from the same Docker engine, which is a recent development. This feature lets you standardize your tool set across your environment, provide parity between production and nonproduction systems, and can collapse infrastructure costs by using one machine to host multiple types of containers.

Deploying Linux containers on Windows encourages you to build your applications as microservices using Windows or Linux containers. It’s encouraging to see a technology give users across the spectrum a way to choose the container they prefer for development. A key difference when using Windows Server containers is having access to certain technologies on the Windows platform, such as PowerShell. There are also benefits to using the .NET Framework with Windows containers.

Limitations of Linux containers on Windows

Not all Windows versions are supported, so your developers will need to be on the correct version of Microsoft’s operating system for Linux containers to work properly on their machines. In addition, if you’re running containers on premises, you’ll need to pay careful attention to which servers have the appropriate prerequisites and operating systems installed.

You can read more on the requirements for containers here.

What’s needed to run Linux containers on Windows

Before you can proceed with the instructions below, you’ll need:

  • a machine running Windows 10 Professional or Enterprise, or Windows Server 2019 version 1809 or later;
  • Hyper-V enabled; and
  • Docker Desktop 18.02 or later installed.

How to run a test container

To run your first Linux container on Windows, you’ll need to start by getting a Linux Docker image. For our purposes, we’ll use the “Hello World” example container. You can run this by executing the following command:

docker run --rm --platform linux busybox echo hello_world

This command pulls the image with the indicated platform via the –platform flag.

To run the image, enter the following command:

docker run --rm busybox echo hello_world

To view a list of your images, you can run the next command to see the image you’ve pulled:

docker images

Where do we go from here?

That’s all it takes to run Linux containers on Windows. Of course, there’s much more to learn with this type of virtualization, such as understanding how to manage clusters of Docker nodes and getting familiar with Kubernetes to automate the deployment and management of containers.

If you’re using Windows on your development team and your team prefers to use Linux containers, then this is all excellent news for you. You can continue with your operating system of choice but also participate in all the neat things used by your developers. Additionally, if you’re an operations expert trying to wade your way through the plethora of container deployment methods, you can rest easy knowing that you can implement all these container types from a Windows machine.

Go to Original Article
Author:

Microsoft Defender ATP taps into cloud for added protection

It’s a full-time job to defend a Windows shop from security breaches.

In fact, many organizations simply use an “assume breach” mentality regarding their current defense posture, meaning they constantly monitor and check for vulnerabilities in their environment. There are many products designed to defend the host against malicious attackers. Microsoft Defender Advanced Threat Protection (ATP) is the tech giant’s expansive threat protection platform.

Microsoft Defender ATP monitors endpoints for in-memory and kernel-based attacks. It also checks for potential system issues, such as vulnerable drivers. These features complement the more commonplace vulnerability scanning and malware detection techniques to find network exploitations, keylogging attempts and malicious scripts. Microsoft Defender ATP is the embedded interface that connects to the cloud-based Microsoft Defender Security Center.

The Microsoft Defender Security Center portal gives administrators the proverbial single pane of glass for management and control across the organization for many Windows Security features, including Windows Firewall, antivirus and performance monitors. Alerts reported by Microsoft Defender ATP can be dealt with manually or automatically based on certain criteria. To dig deeper into specific incidents, an analyst can access a timeline of real and historical data from a client or from a wide range of systems.

Microsoft continues to invest heavily in this endpoint security protection product to expand beyond the Windows OS. In fact, Microsoft Defender ATP used to be called Windows Defender ATP but underwent a name change now that it supports non-Microsoft OSes, such as Linux and macOS.

Dig deeper with Microsoft Defender ATP

A key feature of Microsoft Defender ATP is its post-breach forensics functionality to determine the proper remediation on endpoints.

Microsoft Defender ATP taps into the advanced analytic capabilities that come courtesy of the machine learning technology in the Microsoft Intelligent Security Graph, an overall security fabric that collects data from endpoints worldwide that is analyzed to determine the viability of an emerging threat.

Security teams are able to drill down and get a high level of detail to understand the full scope of a breach from attacks on endpoints. They can use behavioral analytics to watch the attack progress through your environment, as well as provide guidance on response. Below is an example of a timeline of an attack on a particular machine generated by Microsoft Defender ATP.

Microsoft Defender ATP alerts
Security teams can get granular details on the suspicious activity for a particular machine after Microsoft Defender ATP detects unusual activity.

How to use Microsoft Defender ATP automation levels

For some enterprises, Microsoft Defender ATP might manage several hundred or thousands of machines resulting in a plethora of alerts. To deal with this level of activity, the ATP service has an automated investigations feature, which uses inspection algorithms and playbooks to examine and remediate incidents. Each incident appears in an automated investigations list with details such as the current status and detection source.

Microsoft Defender ATP comes with automation levels including Not Protected, Semi and Full. The default action is for semiautomatic remediation, which requires approval from the user before any action is taken when the ATP service detects malicious activity. A complete breakdown of each of the automation levels is included in the table below.

Automation level Description
Not protected
  • No automated investigations on any machine.
Semi — any remediation
  • This is the default automation level.
  • ATP requires approval for any remediation action.
Semi — non-temp folders remediation
  • ATP requires approval on files or executables outside of any temporary folders.
  • Files or executables in temporary folders, such as the user’s download folder or the user’s temp folder, will automatically be remediated if needed.
Semi — core folders remediation
  • ATP requires approval on files or executables in the operating system directories such as the Windows folder and the Program Files folder.
  • ATP remediates files or executables in all other folders if needed.
Full
  • ATP performs all remediation actions automatically.

After determining the extent of the damage, additional steps can be taken to defend the network from further attack, such as blocking the malicious URL with the Windows Firewall and shoring up defenses by updating to the latest definition files, disabling macros and enabling backups of critical data.

Microsoft Defender ATP also integrates with the Office 365 platform to protect from threats that come via email.

Integration with Exploit Guard

Microsoft Defender also works with Windows Defender Exploit Guard, an optional add-on to ATP.  Exploit Guard provides more tools to mitigate exploits at runtime by giving enterprises more control on how code runs on their machines. It is similar to the technology it replaced, Microsoft EMET, by using intrusion prevention to stop attacks.

Exploit Guard joins with other technologies in the Microsoft ecosystem, such as Windows Defender SmartScreen. It dynamically blocks malicious websites based on the filters in SmartScreen, providing an extra layer of defense that is particularly useful for organizations that rely on a remote workforce.

Microsoft Defender ATP in action

One example of Microsoft Defender ATP’s capabilities and versatility is its security integration and event management (SIEM) integration for use with detecting certain attacks, such as the WannaCry ransomware, which encrypted files on vulnerable Windows machines.

Sigma is an open source project that creates a generic signature format for SIEM systems. Microsoft Defender ATP supports this multi-tool search engine language. Users who subscribe to Microsoft Defender ATP can test how to import Sigma files by downloading the WannaCry.yml file from the project’s GitHub site at this link.

Next, convert the yml file to a Sigma rule using the Python-based Sigmac tool at its GitHub site.

python sigmac — target mdatp .win_mal_wannacry.yml

The Microsoft Defender interface provides a way to copy and paste these converted files and save them as a query with a descriptive name, such as WannaCry.

Microsoft Defender ATP query
The advanced hunting section in Microsoft Defender ATP provides a way to perform an in-depth search using queries for specific attacks, such as WannaCry.

Microsoft Defender-saved queries can be converted into detection rules. These rules will run automatically every 24 hours.

If Microsoft Defender ATP detects WannaCry in the environment, it can determine if the threat has affected other machines on the network using the Microsoft Defender ATP Search. The search function works with a file hash, filename, malicious URL or IP addresses.

Go to Original Article
Author:

SAP reimagines Sapphire Now 2020 as a virtual event

It’s safe to say that due to the ongoing COVID-19 pandemic, SAP Sapphire Now 2020 will be like none that has come before it.

SAP Sapphire Now is an annual event where SAP customers, partners and company executives can hear about SAP’s newest technology and latest strategy, learn skills and pursue certifications, and — perhaps most importantly — network and hobnob with denizens of the SAP ecosystem.

But the days of in-person hobnobbing are gone, at least for now, and, like many other enterprise conferences and trade shows, SAP Sapphire Now will be held virtually this year, with streaming keynotes, online sessions and demos from SAP and partners.

The virtual version of SAP Sapphire Now will attempt to provide the same kind of content and messaging from the top levels of SAP, but in a different way, said Alicia Tillman, global chief marketing officer at SAP.

“The objective here, over the course of a very short period of time, was to stand up something as new and as different as this,” Tillman said. “How do we get the content right? How do we make it global? And how do we create an exceptional experience, as all three of those components need to come together?”

3 virtual programs  

This year’s SAP Sapphire Now consists of three programs: Sapphire Now Unplugged, Sapphire Now Vision and Sapphire Now Converge, Tillman said.

Alicia Tillman, global chief marketing officer, SAPAlicia Tillman

Sapphire Now Unplugged is a series of videos of SAP executives speaking with external thought leaders and innovators, such as Ian Bremmer, Malcolm Gladwell and NBA commissioner Adam Silver. The last episode of the series will be made available June 11.

Christian Klein, SAP CEOChristian Klein

SAP Sapphire Now Vision begins June 15 with new SAP CEO Christian Klein’s keynote address. He is expected to set the strategy for SAP’s vision of the intelligent enterprise, which uses advanced enterprise systems to enable companies to transform old business processes or develop new business models. SAP Sapphire Now Converge begins after the keynote, Tillman said, and consists of 11 online channels that will have live content from SAP, partners and customers. The channels will cover a range of SAP technology, platform and industry areas, including ERP, finance, HR, procurement, supply chain, platforms, customer experience and experience management. Presentations will be made available for on-demand viewing.

The goal is to provide content that’s informative but in a format that keeps attendees engaged, according to Tillman. Sessions will be short or will be laced with entertainment breaks to keep things interesting. In one high-profile example, rock legend Sting will perform live at breaks in Klein’s keynote.

Tillman argues that the virtual SAP Sapphire Now could present an advantage for a global audience that may not have always been able to travel to Orlando.

“SAP Sapphire Now will use a ‘follow the sun’ model, where the sessions will air at the regionally relevant time,” she said. “All the content is going to be translated with subtitles into 14 different local languages. And the regions are also going to layer into that short segments hosted by each regional president, who will have local customers and localized content to make it relevant for their particular market.”

SAP Sapphire Now crowds will gather online this year.
SAP Sapphire Now will be conducted online this year, rather than at the Orange County Convention Center in Orlando, Fla.

Missing the human touch

The online version of SAP Sapphire Now will be a significant change from an event that annually drew thousands of attendees to the sprawling Orange County Convention Center in Orlando.

There will likely be something lost with the lack of human interaction, but it is difficult to judge what those losses will be, said Shaun Syvertsen, managing partner and CEO of ConvergentIS, an SAP business partner based in Calgary, Alta.

ConvergentIS provides services for SAP implementation and migrations, with a particular focus on UX design and building SAP Fiori apps. The company has been a part of several recent SAP Sapphire events as a sponsor and exhibitor, and this year will present the first session in the Sapphire Converge UX channel, Syvertsen said.

“The ad hoc meetings that happened during Sapphire are a little bit more difficult to schedule this year,” he said. “Although you’ll avoid getting all those steps in when you’re trying to get from one end of the floor to the other to go meet someone on time for that meeting.”

Syvertsen described SAP Sapphire Now as a valuable event to attend because of the opportunities to meet with SAP professionals he may not have otherwise connected with, including one who provided marketing expertise for ConvergentIS.

“I never really would have gotten to know him if we hadn’t attended events like Sapphire and SAP TechEd in person,” he said. “That’s probably the secret sauce for Sapphire that made it worth investing money and sponsoring, traveling, and that’s really hard to do from the virtual remote limited interaction perspective.”

Dawn of a new Sapphire era

SAP Sapphire Now veterans said that the virtual event could represent an opportunity to introduce a new look for SAP, spearheaded by its young, new CEO Klein. But there will also be something lost without the human interaction that characterized the live events.

One major question is whether the online format will be able to match the dynamism of live keynotes, demos and breakout sessions that characterizes traditional conferences.

Holger Mueller, vice president and principal analyst, Constellation ResearchHolger Mueller

“We will see the usual number of tracks and keynotes, but can SAP take advantage of the new format successfully or will it deliver a boring digital event with too much canned content, lack of interaction and little engagement,” said Holger Mueller, vice president and principal analyst at Constellation Research. “This will be an interesting one to see, as vendors are now four months into the new normal for events like this and the bar has been raised steadily. What was a ‘B’ for an event in April will be a ‘D’ in June and an ‘F’ in the fall.”

Jon Reed, co-founder, Diginomica.comJon Reed

The SAP Sapphire Now Online format, which will present content tailored to a global audience and will support some interaction, may work well, said Jon Reed, co-founder of Diginomica.com, an enterprise computing analysis and news site.

“On paper at least, it seems more interactive than most such events we’ve seen,” Reed said. “It’s ambitious in scope, and we’ll see if SAP is able to deliver on some of that live interactivity. It’s important to note that SAP sees this as a chance to bring in a global audience that couldn’t get to Orlando.”

Enough Zoom already

Most people have seen enough virtual meetings by now, so SAP must find a compelling way to present content in an online format, agrees Joshua Greenbaum, principal at Enterprise Applications Consulting.

“You can make a compelling online conference — Celonis and a few others have done a pretty good job — but there are some that have been absolutely mind-numbingly horrible,” Greenbaum said. “It looks like SAP is trying to do the right things to not make it boring and mind-numbing, so I’m cautiously optimistic. It’s harder for all of us because of the number of hours we’ve spent on Zoom, but I know there’s going be some compelling content.”

SAP Sapphire Now will also be a key moment for Klein to demonstrate that he has SAP under control, Reed said.

“Klein’s keynote will be important to watch, as people will use that to gauge whether he is ready for the daunting challenges SAP faces,” he said. “I believe he’s the right person to lead SAP right now, but you have to prove it out.”

Joshua Greenbaum, principal, Enterprise Applications ConsultingJoshua Greenbaum

It will be worth tuning into SAP Sapphire Now because there have been so many changes with the company’s leadership structure in the past year, Greenbaum said.

“This is the showcase and the moment for the ‘new SAP,’ not only with Klein as new CEO, but everybody’s job has changed,” he said.

Greenbaum pointed to several SAP executives who have recently assumed positions with major responsibilities and large portfolios, including Thomas Saueressig, president of SAP product engineering, and Adaire Fox-Martin, head of SAP customer success.

 “There have been a lot of big changes, not just with Klein,” he said.

Go to Original Article
Author:

For Sale – Mac Mini (2011) i5, 16G RAM, 120gb ssd + 500gb hd

Selling our mac mini as we no longer need it

It’s in decent nic given it’s age, has a few little marks on it as you’d expect

Has currently got Catalina on, which runs fine with 16gb ram and the ssd set as the bootdisk despite it not being ‘officially supported’. I can happly restore to whatever version the machine shipped with fi the buyer prefers.

This is one of the last easily upgradable mac mini’s, and with the TB port supporting mini display you can get a lovely 2560×1600 resolution.

Delivery is not included, I do not have the box readily available, and will be securely packaged up prior to delivery and only sent using royal mail insured

Go to Original Article
Author:

Meeting Insights: Contextual AI to help you achieve your meeting goals

It’s a big day for you. Back-to-back meetings are scheduled with critical customers and partners, and a parent-teacher conference is sandwiched in there as well. As you’re headed toward the last meeting, suddenly you cannot remember the key talking points. Who sent you the pre-read notes? Was it Taylor? No, possibly Drew. No luck. You are about two minutes from reaching the meeting room, and you want more than anything to pull out your phone and scream at it:


If only there existed an intelligent system that enabled you to find information this effortlessly. Now, there is: Meeting Insights provides AI capabilities that help you find information before, during, and after meetings as easily as if you had your own assistant to support you. Meeting Insights is now available for commercial Microsoft 365 and Office 365 customers in Outlook mobile (on both Android and iOS devices) and Outlook on the web. We would like to pull back the cover and talk about the science and technology that drives this scenario. Also, we’ll share why Meeting Insights is only the tip of the iceberg in how we at Microsoft are developing AI-powered capabilities to simplify and improve customer experience and productivity. We’re currently testing two new features that expand intelligent content recommendations to new scenarios in Outlook.

Providing usefulness in every context

Customers often say that finding content from meetings is a challenge. Therefore, we set out to build an intelligent personalized solution that provides customers with information from their mailboxes, OneDrive for Business accounts, and SharePoint sites to better help them accomplish the goals of their meetings.

The solution we developed powers the Meeting Insights feature that makes meetings more effective by helping customers:

  • Prepare for their meetings by offering them content they haven’t had a chance to read or may want to revisit;
  • Access relevant content during their meetings with ease;
  • Retrieve information about completed meetings by returning content presented during the meeting, sent meeting notes, and other relevant post-meeting material

Currently, Meeting Insights can be found on more than 40% of all Outlook mobile and Outlook on the web meetings.

Large-scale, personal, privacy-preserving AI

The most useful emails and files for a meeting may change over time (for example, those most useful before may be different than the ones most useful during or after). In order to create a relevant and useful service, we needed to find a way to reason across information shared by a customer as well as the files in their organization that they have permission to access and have opted to share. Microsoft 365 upholds a strict commitment to protecting customer data—promising to only use customer data for agreed upon services and not look at data during development or deployment of a new feature. This privacy promise, rather than being a hindrance, spurred us to think creatively and to innovate. As detailed below, we use a creative combination of weak and self-supervised machine learning (ML) algorithms in Meeting Insights to train large-scale language models without looking at any customer data.

The need to efficiently reason over millions of private corpora, themselves each potentially containing millions of items, underscores the complexity of the problem we needed to solve in Meeting Insights. To accomplish this reasoning, Meeting Insights enlists the help of Microsoft Graph, where shared data is captured in a graph representation. Microsoft Graph provides convenient APIs to reason over all of the shared email, files, and meetings for customers as well as the relationship between these items. This provides a high level of personalization to accurately meet customer needs.

Building intelligent features like Meeting Insights in the enterprise setting poses additional problems to the standard ML workflow. In enterprise settings, customers have high expectations of new products—especially the ones in their critical workflows and even more so when they are paying for the service. Because there is a need for an initial model to work out of the gate, standard ML workflows, which deploy a heuristic model with moderate performance and take time to learn from interaction data, lead to a lack of product acceptance. In Meeting Insights, we use ML algorithms that require less supervision to personalize customers’ experiences more quickly.

This challenge, which we refer to as the ‘’jump-start’’ problem, is therefore critical to product success in enterprise scenarios. This goes beyond standard “cold-start” challenges where data about a particular item or new user of a system is lacking, and instead the primary challenge is to get the entire process off the ground. Common approaches to improve model performance before deployment, such as getting annotations from crowd-sourced judges, have limited to no applicability due to the privacy-sensitive and personal nature of the recommendation and learning challenges. Finally, Microsoft 365 is used all over the world, and we wanted to make this technology available as broadly as possible and not simply to a few select languages.

Figure 1: Schematic depiction of how we train the model for recommending emails in Meeting Insights.

Solving the technical challenges

In order to make Meeting Insights possible, we needed to leverage three key components: weak supervision that is language agnostic, personalization enriched by the Microsoft Graph, and an agile, privacy-preserving ML pipeline.

Weak supervision: Large-scale supervised learning provides state-of-the-art results for many applications. However, this is impractical when building new enterprise search scenarios due to the privacy-sensitive and personal nature of the problem space. Instead of having annotators labeling data, we turned to weak supervision, an approach where heuristics can be defined to programmatically label data. To apply weak supervision to this task, we used Microsoft’s compliant experimentation platform. Emails and files attached to meetings were assigned a positive label, and all emails and files which the organizer could have attached at meeting creation time but did not were assigned a negative label. The benefit of using weak supervision for this problem went beyond preserving privacy as it allowed us to quickly and cheaply scale across languages and communication styles—all of which would be extremely challenging with a strongly supervised modeling approach involving annotators.

Personalization: Identifying the most relevant and useful information for a customer requires understanding the people and phrases that are important for that person. In order to identify the candidate set of relevant items and rank them, we leverage personalized representations of the most important key phrases and key people for a person. These personalized representations are learned in a self-supervised and privacy-preserving manner from nodes and edges in the Microsoft Graph. The context meeting is then combined with these personalized key-phrase and people representations to construct a candidate set using the same. Microsoft Search endpoint uses the same Microsoft Search technology powering search in applications such as Outlook, Teams, and SharePoint. In the final ranking stage, these personalized representations as well as more general embeddings are used to compute semantic relatedness between the context and candidate items, relationship strength via graph features, and collaboration strength based on relationship between key people.

Agile privacy preserving ML pipelines: As noted above, preserving the privacy of our customers’ data is sacrosanct for Microsoft. The weak and self-supervised algorithm techniques described above allow us algorithmically to train highly accurate and language agnostic large-scale models without having to look at the customer’s data. However, in order to put the algorithms into practice, test them, and innovate, we needed a platform that makes approaches like this possible. Innovations on the modeling front went hand-in-hand with development of ML platforms and processes that allowed our scientists to remain agile. Our in-house compliant experimentation platform provides key privacy safeguards. For example, our algorithms can operate on customer content to provide recommendations directly to customers, but our engineers cannot see that content except when it’s their own. Many tools were developed to assist in monitoring and debugging our ML pipelines, firing off alerts when data quality as well correlations between signals and labels diverged from expected values.

Self-hosting to improve for our customers

As we developed Meeting Insights, we first rolled it out to internal Microsoft customers and instrumented their interactions with the experience to identify areas for improvement. Early on, we saw from the data we had instrumented that 90% of the usage of Meeting Insights on a given day was for meetings that or the following day. Armed with this datapoint, we were able to implement a significant optimization by prefetching the insights for these meetings the moment the customer opens their calendar. This data-informed strategy resulted in a 50% reduction of customer-perceived latency.

Customer engagement with the deployed product showed other strong temporal effects worth calling out for this experience:

  • For meetings, freshness is important with about 5% of insights clicks happening within 15 minutes of the meeting being created.
  • For email insights, 30% of clicks go to emails sent/received in the 24 hours preceding the time of the user request.
  • For file insights, 35% of clicks go to files created or modified in the 24 hours preceding the time of the user request.

In less than four months after shipping our first Meeting Insights experience (for meeting invitations written in English), we were able to expand support to all enterprise customers across all languages. This was made possible by effectively leveraging the Microsoft Graph, being creative in the low-cost modeling approaches we employed, and being careful in the design of our AI solutions by using weak supervision and avoiding language specific dependencies. Over the next few months, we will be rolling Meeting Insights out to Cortana Briefing Mail recipients.

Meeting Insights is currently shown on more than 40% of opened meetings on supported Outlook clients, with customers reporting two out of three suggestions to be useful.

Providing broader contextual intelligence

Meeting Insights is not the only place where we are providing contextual intelligence that makes life easier for our customers. We are looking at how we can use Meeting Insights to accelerate our offerings in other scenarios using techniques like transfer learning, which has proven to be an effective and efficient way for us to gain reusable value from AI models learned for one scenario but reapplied to another.

For example, we are now transferring the learnings from our Meeting Insights models to power other intelligent content recommendations features such as “Suggested Attachments” and “Suggested Reply with File” on Outlook. These features take a customer and an email as input to return contextually relevant attachment suggestions that significantly reduce the time and effort required to share content via email.

“Suggested Attachments” and “Suggested Reply with File” are features currently in testing phases. We look forward to adding new offerings for Microsoft 365 users and beyond for intelligent content recommendation.

Imagine you’re heading to that last meeting again after an exceptionally busy day. You’ve suddenly forgotten the talking points, and you just can’t seem to recall who sent those pre-read notes. Was it Taylor? Drew? You feel like shouting at the sky, but then a thought flashes into your mind. You calmly pull up Outlook mobile on your phone as you approach the room, and with a simple tap on the meeting, your pre-read notes appear at the bottom of the screen thanks to Meeting Insights. Now, you’ve got this.

We look forward to continuing to improve life for our customers, and we hope the next time you walk into a meeting, you also walk in with more confidence knowing that Meeting Insights is there to assist you.

Go to Original Article
Author: Steve Clarke