CIAOPS Brief 20240420

If you found this valuable, the I’d appreciate a ‘like’ or perhaps a donation at https://ko-fi.com/ciaops. This helps me know that people enjoy what I have created and provides resources to allow me to create more content. If you have any feedback or suggestions around this, I’m all ears. You can also find me via email director@ciaops.com and on X (Twitter) at https://www.twitter.com/directorcia.

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

Configuring a budget for Copilot for Security

I have previously detailed how Copilot for Security is an excellent tool for SMB:

Copilot for Security – The lowdown for SMB

One of the major things that SMB need to pay very close attention to is the cost of Copilot for Security, given that it needs to be used in an ‘on-demand’ manner to be cost effective for smaller businesses. A good way to keep abreast of those costs is to use Budgets in Azure.

My recommendation is that you configure Copilot for Security in its own Azure Resource Group so that costs and permissions are easier to manage. Inside this dedicated Copilot for Security Resource Group you can attach a budget with notification. To this, navigate to the Azure Resource Group where Copilot for Security is provisioned. Locate the Budgets menu item on the left under the heading Cost Management as shown above. On the right, select +Add from the menu across the top.

Give the budget a name, a reset period (typically monthly) and date range.

If you scroll down you’ll see that you can set a budget amount. Here I’m setting the budget to $150. Select the Next button at the bottom of the page to continue.

On the next screen you can configure a threshold alert level. Here I set that to 90% of my budget. This means I’ll start getting alerts about Copilot for Security when the cost reaches around $135. You can configure multiple thresholds if you wish.

You can also have the alert take automatic action via an Action Group (say shut down the resources), but I won’t cover this here.

A little further down you can configure the email you wish to receive the notification on. You can configure multiple emails to receive notifications if you wish.

Scroll to the bottom of the page and select the Create button.

You should now see the budget you just created as shown above. You can click on the name for more details.

You can also edit and delete the configuration here if you wish.

Now, when you exceed the thresholds you set in this budget, you’ll get an email notification that your spending on Copilot for Security has reached the threshold you set.

CIAOPS Brief 20240413

A wave of AI innovation is overtaking Australia and New Zealand –

https://www.microsoft.com/en-us/microsoft-cloud/blog/2024/04/10/a-wave-of-ai-innovation-is-overtaking-australia-and-new-zealand/

Maximizing Data Protection with Copilot: Unveiling Hidden Risks and Prioritizing DLP Alerts –

https://www.youtube.com/watch?v=g9AqA3EVEvs

Microsoft Entra and Copilot for Security | Microsoft Security –

https://www.youtube.com/watch?v=yW7EAShfkRQ

Unleashing the Power of Copilot: Security Investigations from Defender XDR to Standalone Copilot –

https://www.youtube.com/watch?v=Sf_eRd45tko

Microsoft Copilot Dashboard Overview –

https://www.youtube.com/watch?v=ae6Ov_QBXaI

How to transform your workplace with AI –

https://www.youtube.com/watch?v=mk-I8xdj1qI

How Microsoft discovers and mitigates evolving attacks against AI guardrails –

https://www.microsoft.com/en-us/security/blog/2024/04/11/how-microsoft-discovers-and-mitigates-evolving-attacks-against-ai-guardrails/

Trim videos in PowerPoint for the web –

https://insider.microsoft365.com/en-us/blog/trim-videos-in-powerpoint-for-the-web

Efficient Device Troubleshooting with Microsoft Copilot | IT Solutions Simplified –

https://www.youtube.com/watch?v=pMYdjZmChx8

What are Copilot prompts and how to write them –

https://www.youtube.com/watch?v=bWAqW3aEXbc

Get Started with Microsoft Teams Premium – The smart place to work –

https://www.youtube.com/watch?v=jnkXIdNmng0

Toward greater transparency: Adopting the CWE standard for Microsoft CVEs –

https://msrc.microsoft.com/blog/2024/04/toward-greater-transparency-adopting-the-cwe-standard-for-microsoft-cves/

Strategies to monitor and prevent vulnerable driver attacks –

https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/strategies-to-monitor-and-prevent-vulnerable-driver-attacks/ba-p/4103985

How to protect your organization with AI and Microsoft Security –

https://www.youtube.com/watch?v=gdCy5ruhQKw

After hours

The Ocean Cleanup’s System 03 Captures Record Amounts of Plastic From the Pacific – https://www.youtube.com/watch?v=P8drUT_cZy8

Editorial

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

Copilot for Microsoft 365 – The low down for SMB

The biggest challenge for SMB with the AI offerings from Microsoft is to determine exactly which Copilot is being talked about. This is because there is a Copilot for just about everything now. From Copilot for Github, to Copilot for Security, Copilot for the Power Platform and so on. Job number one therefore is focusing on which Copilot will provide the most benefit for the organisation.

Before you rush in purchase any Copilot ensure you understand the financial commitment required as well. For example, currently, Copilot for Microsoft 365 is an annual up front commitment of around AU$45 per month paid in advance. So even though AU$45 per month may sound enticing, the billing is actually around AU$540 up front before you even get started! The cost of various Copilot licenses vary, so it is important to determine what you need and what the cost and cashflow of this investment will be ahead of time. With Copilot for Microsoft 365 remember that once you purchase it you’ll have it for at least 12 months. You should ask yourself the question as to whether it will be used for the full period that you have paid for? If implemented inside a business correctly I feel there is little doubt that the benefits will be forthcoming but importantly, just buying and assigning the licenses to users is no guarantee of success with any Copilot.

No matter which Copilot you do focus on, that Copilot will not be an ‘everyone’ license. What that means is that not all employees of the business will gain the benefits from the license. Thus, you need to target the Copilot you want at those who will get the most from it.

In this case I’ll focus on Copilot for Microsoft 365 which is targeted at improving the productivity of knowledge workers. The best candidates for this license are those users who ‘create’ things. Think of people who create reports, create marketing material and so on. Little benefit will be had providing Copilot for Microsoft 365 to those that merely ‘process’ information. That is those say entering accounts or stock information.

It important to appreciate that Copilot for Microsoft 365 is neither The Terminator or C3PO. This is because the actual work still needs to be done by a person. Copilot for Microsoft 365 will assist in this process and make it easier and faster but it will not do the complete job end to end just yet. This means it is important to see Copilot for Microsoft 365 as an intelligent assistant that works beside the individual who has access to it, rather than a replacement for that individual.

Copilot for Microsoft 365 surfaces itself in a variety of locations in the Microsoft 365 environment. One of those is chat like so:

Here is probably the most general place you can use Copilot for Microsoft 365. Ask it any question and it will reason over your data as well as potentially from the web

Provided you enable the plugin as shown above first.

If prompt it with something generic like ‘Test me on some japanese phrases‘ you see the response it returns with above. If I expand the References you can see that Copilot for Microsoft 365 has returned material from the web (12-rules-to-learn-languages-in-record-time as well as referring a document that is in SharePoint. It is important to note that benefit this provides over other stand alone AI chat programs like ChatGPT that only return information from the web. Thus, the biggest different with Copilot for Microsoft 365 is that is works across the web and data in Microsoft 365.

The simplest way then to think about Copilot for Microsoft 365 is that it is a search engine on steroids. It is important to remember that what you see is largely based on search, that is, what it finds. This means that if you haven’t properly secured your Microsoft 365 environment Copilot for Microsoft 365 is going to find stuff you may not realise it can. That isn’t because Copilot for Microsoft 365 is doing something wrong, it is in fact that you have left the door open on your data and you need to tighten your permissions. The reality is that same information could have been found with standard Microsoft 365 search. Copilot for Microsoft 365 simply does a better job of finding and displaying it.

The takeaway here then is that your business needs to ensure you have appropriate permissions prior to implementing Copilot for Microsoft 365 or you maybe surprised at what pops out.

If I now ask chat to create an image for me based on a prompt you’ll see from the above that it can’t. It instead gives me a handy tip as to how to achieve this. Not only do you need the right Copilot for the job you also need to use Copilot in the right location to get the result you want. As I said, currently, Copilot for Microsoft 365 is not C3PO that can solve any task you give it from anywhere.

If I ask Copilot for Microsoft 365 to summarize a document by only giving it the name of the document it does an amazing job as you can see above.

But if I ask it to convert this PDF to a Word document it again is not something that can be done here.

It is also important to remember that Copilot for Microsoft 365 responses are not immediate. They take a few moments to generate. That can be frustrating for people who are used to “immediate’ responses and are time challenged. Again, Copilot for Microsoft 365 is great research tool that you spend time with, it not a tool that you fire rapid questions at expecting an immediate response, just yet.

If I ask Copilot for Microsoft 365 to convert a PowerPoint document you’ll see I get a response that gives me a little more more information about what I should do.

However, when I do the same thing in Word I get the result that I really wanted. The take away is that a large amount of Copilot for Microsoft 365 how and where you use it. Yes, it can convert stuff into Word but you need to use Copilot for Microsoft 365 inside Word to achieve that. I’m sure that will change over time, but for now, keep that in mind when using Copilot for Microsoft 365.

Where Copilot for Microsoft 365 really shines is in creating new content from scratch. If I start with a blank document in Word and prompt it with the above, the result is:

Which saves me hours and hours when I need to generate new content. Keep in mind however, generating new content constantly is not always the job of everyone inside a business.

Another area where Copilot for Microsoft 365 really shines is summarizing information as seen above. Here, I’ve had it work on a 72 page document, which was a transcript of a webinar session, and produce the summary.

As you can see, that summary includes references and I can continue asking questions about that.

Summarization also works well in the chat interface, even with external websites like what is shown above. The same is also evident inside Teams.

If you plan to use Copilot for Microsoft 365 with Teams you’ll typically have to enable both recording and transcriptions on the meetings to get the benefits. There is the option to automatically a recording with every Teams meeting but my question is, are the really all worth recording?

Thus, a reason you may want to consider it for more people inside your organization is if they are required to wade through a lot of information as part of their role.

The same summarization capability is surfaced in Outlook as shown above.

As well as generating new content for emails. The current limitation here is that to get the most benefit from Copilot for Microsoft 365 you’ll need to be using the New Outlook, which I feel is still missing many important features that the classic desktop version has (e.g. drag and drop of attachments to Windows Explorer). I’m sure these will come to classic Outlook over time and it is easy enough to switch back and forth but, for now, New Outlook is where Copilot for Microsoft 365 really works best.

Without doubt Copilot for Microsoft 365 has big benefits with email, however it again comes down to how people use Outlook. In my experience, most people do not need to write or read long complex emails. They simply send and reply using brief responses. For these people Copilot for Microsoft 365 isn’t going to provide huge benefits but if your role does involve working with long and complex subject matter in emails (think lawyers for example) the Copilot for Microsoft 365 would be a huge productivity benefit for them.

The summary would be that you firstly need to define exactly what processes in you business you want to make more productive (email processing, document creation, etc). You then need to select the appropriate Copilot for that (typically Copilot for Microsoft 365 to work with emails, documents, etc). Then, you need to identify those users in the business who will gain the most from using Copilot, and this typically will not be every user initially. With all that identified you should then ensure you have permissioned your data appropriately and then purchase the appropriate licenses and assign them to those selected users. The last task will be to train those selected users on how to use the Copilot you have selected because you cannot and should not assume they will natively know how to get the most out of it. You need to train them to help them understand the most effective method for them to use in their day to day work and when it is appropriate use and when it is not.

The Copilot for Microsoft 365 you see today is only the beginning of how AI will become infused throughout Microsoft 365. Today, it is like you manually needing to run spell checker, soon spell checker will happen on the fly. That is what we can expect sooner rather than later when it comes to Copilot for Microsoft 365.

Copilot for Security – The low down for SMB

The bottom line is that Copilot for Security is a very beneficial tool for SMB. The approach, as always with SMB, is going to be that it needs to used in a specific manner to unlock the best ROI for smaller businesses.

I want to make it clear that I have no special inside information about Copilot for Security in any way. Everything here my own experience, summation and projection of how Copilot for Security can work for SMB customers.

Copilot for Security is going to give SMB customers access to expertise, in an on demand capacity, that most would simply not be able to afford otherwise. It is also going to be able to provide this expertise when and where is required, without the need of employing additional skilled specialised staff. Thus, the best way to think of Copilot for Security is that, it is an on demand experienced and skilled cyber security specialist consultant that can be employed when required for around $4 per hour. I however would suggest that probably a better way to budget for Copilot in Security is to allocate around $100 per month for the capabilities that Copilot for Security can provide in an ongoing basis. At $100 per month for what can be done to improve your cybersecurity environment is a worthwhile investment for an SMB serious about security.

Importantly, you need to understand that Copilot for Security is not a stand alone service. It is a service from which you only get the most from if you already have appropriate security services and signals enabled in your environment. It is this data that feeds Copilot for Security and produces the quality analysis you desire. In short, a lack of signals will mean a lacks of results with Copilot for Security. So the starting point, before you invest a penny in Copilot for Security is to ensure you have everything turned on and enabled in your environment that can help Copilot for Security do its job.

You are also going to be get more from Copilot for Security the more Microsoft security services you have. I feel that Microsoft 365 Business Premium is the minimum license SMB should have if they are serious about cybersecurity. This is because Microsoft 365 Business Premium is going to give you important tools like Intune and EntraID P1 that help Copilot for Security really shine. However, I suggest you need to go beyond just Microsoft 365 Business Premium and look at additional services like Sentinel and Defender EASM to provide even greater benefit and more signals for Copilot for Security to work with.

The next step to implementing Copilot for Security is to ensure you have an Azure subscription enabled in your environment, because this is how Copilot for Security will be billed. Another important asset needed is a familiarity and comfort using the pricing tools that Azure provides, like budgets and assigning resources. These Azure skills are going to help ensure costs are monitored and you don’t end up with bill shock. Just adding an Azure subscription without knowing how to manage an Azure environment effectively will result in spending much more money that is necessary.

Copilot for Security works best out of the box with the Microsoft Security stack. Integrating with things like Defender for Endpoint (Business), Intune, Sentinel and the like are quite straight forward assuming they have been enabled prior to on boarding Copilot for Security. Also, given the on-demand approach that should be taken with SMB, it means the integrations with Microsoft Security services will largely automatically light up when the service is re-enabled as required. Yes, you can and will be able to integrate third party security services but these will typically require some reconfiguration after re-enabling the service, while the Microsoft stuff will typically just be enabled. This means less to do after re-enabling Copilot for Security when you need it.

Unfortunately, Copilot for Security in SMB will not be a set and forget proposition. Doing so will rack up enterprise size charges that are unsustainable for SMB. This means Copilot for Security in SMB will be a service that needs to be turned on and off as required. At the moment , there is no simple way to achieve this but there will be. I have already seen solutions with Azure Logic Apps Azure Functions, PowerShell, etc that automate this on demand process already. However, none yet are a simple button press. This means that, for the time being, some manual intervention is required every time that Copilot for Security is enabled or disabled. Yes, there is a cost to this manual switching approach but it is a small price to pay when compared to the cost of leaving Copilot for Security running 24/7.

Another important point to appreciate on billing is that the fact that even though you would only configure the smallest SCU of 1 initially, this scales on the demand placed on Copilot for Security. In my testing, when I have been placing load on Copilot for Security, say for investigating an incident, I have seen the SCU in use jump up as high as 4. This means you are actually paying 4 SCUs x $4 = $16 per hour with Copilot for Security. Now, if you are in the middle of major investigation I feel that sort of investment is more than justified but it is important to remember, in all aspects, Copilot for Security is a service based on consumption. That is, you pay for what you use, per hour. This is very different from the flat fee per month billing that Microsoft 365 uses.

The way that I see Copilot for Security being used effectively will be that it is enabled and set up in the tenant and then de-provisioned. Then once a week someone will come in, re-provision Copilot for Security, run some checks, ask some questions, for an hour or so and the de-provision the service. Where Copilot for Security will really shine for SMB will be by bringing security information from all the services together in one place and generating report and ‘plain english’ emails and communications for the management of a business. If you asks for a summary, Copilot for Security will generate one for you in a matter of moments which you can copy and paste and send on. Doing that alone will save hours when it comes to effectively monitoring a Microsoft 365 security environment.

The other place that I see Copilot for Security providing the business benefit in SMB will be in device management, that is, in Intune. I have been working to understand all the new settings in the updated Windows 10 Security Baseline policy and the integration with Copilot for Security has been magic. It allows me to quickly query individual settings to understand what they do rather than having to dig through granular documentation. This is a huge time saver and really helps expose the value that Intune provides because Copilot for Security can analyse, report and summarise policies as well as provide a wealth of information at your finger tips. As with most AI, the biggest benefit will come from its use with people who know the least about the service it integrates with. Intune is a great case in point here. Most IT Professionals I know have very low experience and understanding with Intune and what it can do. They are intimidated by the interface and all the settings. Copilot for Security helps overcome this and makes even a unskilled Intune operator far more effective and efficient with it. That in a nutshell is the bottom line about how SMB should look at ANY AI. It is not yet something that removes the need to do the work, it does however mean you can complete the work required without needing high levels of skill and experience with the service much faster than without it.

Another other typical place I see Copilot for Security coming into its own is during a security incident. Unfortunately, most SMBs are not prepared or experienced in dealing with a cybersecurity incident. Luckily, Copilot for Security can be called on, as needed, to provide skilled cybersecurity services. Again, Copilot for Security will not resolve or investigate the issue automatically for you, however its capabilities are going to provide the business with the skills they need to solve the issue rather than having to deploy additional human resources. Thus, when an incident is detected, Copilot for Security is provisioned to assist with the investigation. At the end of the shift, it is de-provisoned to either be used tomorrow or the next time there is an incident. Of course, the usage costs of Copilot for Security will escalate with any type of intense usage, but again having access to the capabilities of Copilot for Security in a time or need for SMB will be priceless. Most importantly, these skills can be deployed almost immediately to help resolve the issue.

We need to remember that it is still early days for Copilot for Security. That means the service will continue to improve over time. This is great for SMB because it means even while the service is de-provisioned it is improving for the next time that it is needed. Another significant different is the shift from scripts to playbooks. Without AI you largely need to use PowerShell to achieve detailed incident investigations. However, with Copilot for Security you simply ask it a number of standard questions in English to get the same result. When these standard questions are combined together you get a playbook. Thus, there will be a playbook for ransomware attack, one for business email compromise and so on. This frees the responder from having to be a PowerShell expert and have access to the right PowerShell scripts to simply running and playbook inside Copilot for Security. Many of these playbooks already exist inside Copilot for Security now and they will just keep growing. A whole community will emerge providing playbooks for Copilot for Security. Many will be incorporated directly in the product. Best of all you’ll be able to add your own based on previous situation and interactions with Copilot for Security. SMB has the most to benefit from not re-inventing the wheel and simply providing what others provide already largely for free.

There is nothing Copilot for Security does that can’t already be achieved by a skilled operator. The challenge in SMB is having access to such skilled operators and having access pretty much immediately when required. I see Copilot for Security becoming more and more integrated with the security settings we see in the Microsoft 365 security admin console. Imagine when Copilot for Security is integrated with Exchange Online threat policies and can actually adjust these automatically to make your environment more secure. I can see a day when Copilot for Security can configure a complete environment to any security framework of your choice by simply (say Essential 8) using an inbuilt playbook. The possibilities are endless and should be very exciting for those in SMB since, rarely, are their jobs to be skilled cybersecurity anaylsis and operators. Copilot for Security brings those skills down to being applied on demand, for what I would suggest is a very small investment.

In summary then, is Copilot for Security a benefit to SMB? Yes, without doubt. Does Copilot for Security need to be implemented differently in SMB? Yes, without doubt. It is all about using the tools effectively for the job and from what I see. Copilot for Security is a highly effective tool when used correctly. However, as I have talked about before, Copilot for Security has pre-requisites to make it an effective tool. The greatest of these is ensuring that signals are already in place for Copilot for Security to use. You really shouldn’t be thinking about using Copilot for Security anywhere until all that is in place purely and simply because that is what feeds Copilot for Security. Poor input leads to poor output and this Copilot for Security should not be seen as a stand alone saviour of the lack of cybersecurity skills in SMB. It should be seen as the icing on the cake of what is already a amazing stack of services from Microsoft to protect the SMB customer.

CIAOPS Need to Know Microsoft 365 Webinar – April

laptop-eyes-technology-computer_thumb

Join me for the free monthly CIAOPS Need to Know webinar. Along with all the Microsoft Cloud news we’ll be taking a look at Microsoft Teams.

Shortly after registering you should receive an automated email from Microsoft Teams confirming your registration, including all the event details as well as a calendar invite.

You can register for the regular monthly webinar here:

April Webinar Registrations

(If you are having issues with the above link copy and paste – https://bit.ly/n2k2404

The details are:

CIAOPS Need to Know Webinar – April 2024
Friday 26th of April 2024
11.00am – 12.00am Sydney Time

All sessions are recorded and posted to the CIAOPS Academy.

The CIAOPS Need to Know Webinars are free to attend but if you want to receive the recording of the session you need to sign up as a CIAOPS patron which you can do here:

http://www.ciaopspatron.com

or purchase them individually at:

http://www.ciaopsacademy.com/

Also feel free at any stage to email me directly via director@ciaops.com with your webinar topic suggestions.

I’d also appreciate you sharing information about this webinar with anyone you feel may benefit from the session and I look forward to seeing you there.

CIAOPS Brief 20240406

Editors note *** Thought I’d try something different this week and feed all the links into Copilot for Microsoft 365 and ask for a summary. Let me know if you prefer this or the older way with just the links?

Empowering Security Policy Creation with Copilot in Microsoft Intune –

https://www.youtube.com/watch?v=X3CXUeyHdHw

China tests US voter fault lines and ramps AI content to boost its geopolitical interests –

The blog post you referred to discusses how **China** is using **fake social media accounts** to poll voters on divisive issues to potentially influence the outcome of the U.S. presidential election. It also mentions the increased use of **AI-generated content** by China to further its global influence goals. Specifically, the Taiwanese presidential election in January 2024 saw a significant use of AI-generated content by CCP-affiliated actors, marking the first instance where Microsoft Threat Intelligence observed a nation-state actor using AI content to influence a foreign election [1](https://blogs.microsoft.com/on-the-issues/2024/04/04/china-ai-influence-elections-mtac-cybersecurity/).

Unlock Your Cybersecurity Potential: Explore the Security-101 Curriculum! –

https://techcommunity.microsoft.com/t5/educator-developer-blog/unlock-your-cybersecurity-potential-explore-the-security-101/ba-p/4071368

Get end-to-end protection with Microsoft’s unified security operations platform, now in public preview –

The article you’re referring to is about Microsoft’s unified security operations platform, which is now in public preview. It highlights the embedded Copilot experience within the Microsoft Defender portal for security information and event management (SIEM) and extended detection and response (XDR). This platform is designed to assist users as they investigate and respond to threats by automatically surfacing relevant details. [1](https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/) Unfortunately, I couldn’t find more detailed information within your company’s resources, but this should give you a good overview of the article’s content.

https://www.microsoft.com/en-us/security/blog/2024/04/03/get-end-to-end-protection-with-microsofts-unified-security-operations-platform-now-in-public-preview/

Get started with phishing resistant multifactor authentication –

https://www.youtube.com/watch?v=fSIM_Zrlv70

Bringing the latest capabilities to Copilot for Microsoft 365 customers –

The latest blog post on the Microsoft 365 website announces two significant updates for Copilot for Microsoft 365 users. Firstly, priority access to the GPT-4 Turbo model is being introduced to work with both web and work data. Additionally, the limitations on the number and length of conversations are being removed, and file upload capacity is increasing. Secondly, later this month, there will be an expansion of capabilities, although the details of this expansion are not provided in the snippet. For more information, you can visit the Microsoft 365 blog. [1](https://www.microsoft.com/en-us/microsoft-365/blog/2024/04/02/bringing-the-latest-capabilities-to-copilot-for-microsoft-365-customers/)

https://www.microsoft.com/en-us/microsoft-365/blog/2024/04/02/bringing-the-latest-capabilities-to-copilot-for-microsoft-365-customers/

Further simplifying the Microsoft Defender for Endpoint onboarding experience with Microsoft Intune –

The TechCommunity post titled “Further simplifying the Microsoft Defender for Endpoint onboarding experience with Microsoft Intune” by Laura Arrizza, a Senior Product Manager at Microsoft Intune, discusses the enhancements made to simplify the deployment and configuration of Microsoft Defender for Endpoint. The improvements focus on making the onboarding process more straightforward for admins, with a streamlined experience for discoverability, deployment, and continuous monitoring across devices. This initiative is part of Microsoft’s commitment to providing increased visibility and transparency into the state and status of devices managed through Microsoft Intune. [1](https://techcommunity.microsoft.com/t5/intune-customer-success/further-simplifying-the-microsoft-defender-for-endpoint/ba-p/4097995)

https://techcommunity.microsoft.com/t5/intune-customer-success/further-simplifying-the-microsoft-defender-for-endpoint/ba-p/4097995

Comprehensive macOS management with Microsoft Intune –

https://www.youtube.com/watch?v=2BOBqJdxRnM

Microsoft Defender for Cloud Free Trial per Plan –

The TechCommunity post you’re referring to provides a comprehensive guide on the free trial offerings for Microsoft Defender for Cloud. It details the different plans available and the benefits of each, emphasizing the value of trying the service to understand its capabilities in protecting cloud environments. The post likely outlines the duration of the free trial, what features are included, and how users can sign up to experience the service firsthand.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/microsoft-defender-for-cloud-free-trial-per-plan/ba-p/4102865

Improved task list components in Loop –

The blog post on Microsoft 365 Insider discusses the improved task list components in Microsoft Loop, highlighting the integration with Outlook and the ability to embed task management via Loop components. It mentions that tasks assigned in Loop are automatically synchronized with Microsoft To-Do and Planner, allowing for efficient tracking of tasks in one place. The post also details how Microsoft Loop components are currently available in Teams and Outlook, with general availability to be announced for other applications like Word. [1](https://ciaops365e1-my.sharepoint.com/personal/admin_ciaops365_com/Documents/Supplier/Microsoft/CSP%20Masters%20-%20Sales/CSP%20Masters%20-%20S3%20-%20ModerWorkplace.pdf?web=1)

Additionally, web sources indicate that the updated task list components in Microsoft Loop offer greater flexibility and functionality, with a new look and feel that aligns with Loop pages for consistency. Users now have increased control through filters to narrow down tasks by various criteria and can adjust row height to fit content. [2](https://www.hubsite365.com/en-ww/crm-pages/improved-task-list-components-in-loop-ee3f541c-c3d7-45c2-a7da-cd6b32cdf888.htm)

https://insider.microsoft365.com/en-us/blog/improved-task-list-components-in-loop

Microsoft Priva announces new solutions to help modernize your privacy program –

The Microsoft Security blog post from April 2, 2024, announces the expansion of **Microsoft Priva**, introducing automated capabilities to help organizations adapt to evolving privacy requirements concerning personal data. Microsoft Priva aims to protect personal data, automate risk mitigation, and manage subject rights requests at scale. It’s designed to assist organizations in meeting privacy and compliance requirements, mitigating risks for privacy non-compliance, and preparing for new and emerging regulations with an end-to-end solution that oversees and establishes privacy protocols across the entire organization. [1](https://www.microsoft.com/en-us/security/blog/2024/04/02/microsoft-priva-announces-new-solutions-to-help-modernize-your-privacy-program/)

https://www.microsoft.com/en-us/security/blog/2024/04/02/microsoft-priva-announces-new-solutions-to-help-modernize-your-privacy-program/

Microsoft FAQ and guidance for XZ Utils backdoor –

The article “Microsoft FAQ and guidance for XZ Utils backdoor” addresses a critical vulnerability identified in XZ Utils, specifically versions 5.6.0 and 5.6.1. This vulnerability, labeled CVE-2024-3094, has a CVSS score of 10 and is the result of a software supply chain compromise. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recommended downgrading to a previous, non-compromised version of XZ Utils. The article provides details and Microsoft’s response to this vulnerability. [1](https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/microsoft-faq-and-guidance-for-xz-utils-backdoor/ba-p/4101961)

https://techcommunity.microsoft.com/t5/microsoft-defender-vulnerability/microsoft-faq-and-guidance-for-xz-utils-backdoor/ba-p/4101961

A Copilot for Security Customer’s Guide to MDTI –

The blog post titled “A Copilot for Security: Customer’s Guide to MDTI” discusses the strategic use of Microsoft Defender Threat Intelligence (MDTI) to enhance various security workflows. MDTI is a comprehensive threat intelligence product that supports triage, incident response, threat hunting, vulnerability management, and cyber threat intelligence analyst workflows. The post emphasizes the importance of MDTI in powering Security Copilot, which is designed to assist analysts with complex and time-consuming daily tasks. [1](https://techcommunity.microsoft.com/t5/microsoft-defender-threat/new-blog-how-mdti-helps-power-security-copilot/td-p/3984271)

https://techcommunity.microsoft.com/t5/microsoft-defender-threat/a-copilot-for-security-customer-s-guide-to-mdti/ba-p/4103238

Discover the power of Microsoft Certifications for your career –

The article titled “Discover the power of Microsoft Certifications for your career” invites readers to join the Microsoft Learn Learning Room, hosted by Tiago Costa—Your Azure Expert. It’s a space designed for expanding knowledge, engaging in discussions, and preparing for Microsoft Certification. The article highlights the value of certifications like the Microsoft Certified: Azure Administrator Associate, which requires passing a comprehensive exam (Exam AZ-104) that covers managing Azure identities and governance, implementing and managing storage, deploying and managing Azure compute resources, among other skills. The article emphasizes the career benefits of earning Microsoft Certifications and the rigorous process involved in obtaining them. [1](https://techcommunity.microsoft.com/t5/microsoft-learn-blog/discover-the-power-of-microsoft-certifications-for-your-career/ba-p/4090763)

https://techcommunity.microsoft.com/t5/microsoft-learn-blog/discover-the-power-of-microsoft-certifications-for-your-career/ba-p/4090763

Native-first cloud security approach –

The article titled “Native-first cloud security approach” on the Microsoft Tech Community discusses the importance of integrating security measures natively into cloud platforms. It highlights the challenges of integrating best-of-breed solutions, which may not seamlessly integrate with each other or with the specific cloud platform being used, leading to gaps in visibility and coordination. The article emphasizes the need for a unified view of the security landscape to effectively protect against threats. [1](https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/native-first-cloud-security-approach/ba-p/4102367) For more detailed insights, you may want to read the full article on the Tech Community website.

https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/native-first-cloud-security-approach/ba-p/4102367

Realigning global licensing for Microsoft 365 –

The page you referred to announces a realignment in the global licensing for Microsoft 365 and Office 365 suites, specifically mentioning that Teams will not be included in the new lineup of commercial suites for regions outside the EEA and Switzerland. Additionally, there is a new standalone Teams offering for Enterprise customers in those regions. This change aims to provide globally consistent licensing to streamline decision-making and negotiations for customers. The announcement was made on April 1, 2024. [1](https://www.microsoft.com/en-us/licensing/news/Microsoft365-Teams-WW)

https://www.microsoft.com/en-us/licensing/news/Microsoft365-Teams-WW

The Microsoft Power Platform community is buzzing about Microsoft Copilot, governance, and scale –

The blog post on the Microsoft Power Platform community’s excitement about Microsoft Copilot discusses the positive reception and insights shared by users, makers, developers, and business leaders at the Microsoft Power Platform Conference. They expressed how Copilot empowers them to elevate their work and business operations. The post is likely to highlight the governance and scale aspects of Microsoft Copilot within the Power Platform ecosystem. [1](https://www.microsoft.com/en-us/power-platform/blog/2024/03/28/the-microsoft-power-platform-community-is-buzzing-about-microsoft-copilot-governance-and-scale/)

For a detailed summary and insights, you can visit the blog post on the Microsoft Power Platform website. [1](https://www.microsoft.com/en-us/power-platform/blog/2024/03/28/the-microsoft-power-platform-community-is-buzzing-about-microsoft-copilot-governance-and-scale/)

Microsoft Mesh: A new way to connect –

The blog post titled “Microsoft Mesh: A New Way to Connect” introduces Microsoft Mesh as a platform that integrates with Microsoft Teams to create immersive virtual spaces for collaboration. It allows people in different physical locations to participate in shared experiences using various devices, enhancing the sense of co-presence and reducing the need for travel. The post likely covers how Mesh can be used in Teams meetings, its benefits for the modern workplace, and the potential impact on communication and collaboration. For a comprehensive understanding, it would be best to read the full article. [1](https://www.microsoft.com/en-us/microsoft-365/blog/)[2](https://en.wikipedia.org/wiki/Microsoft_Mesh)[3](https://learn.microsoft.com/en-us/mesh/)[4](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-mesh-transforming-how-people-come-together-in-the/ba-p/3824898)[5](https://www.microsoft.com/en-us/microsoft-teams/microsoft-mesh)[6](https://apps.microsoft.com/detail/9nlxzj1fdbd7?hl=en-us&gl=US)

https://insider.microsoft365.com/en-us/blog/microsoft-mesh-a-new-way-to-connect

SharePoint Roadmap Pitstop: March 2024 –

The “SharePoint Roadmap Pitstop: March 2024” blog post on the Microsoft Tech Community highlights the latest updates and offerings for SharePoint. The key features introduced in March 2024 include new section backgrounds, Answers in Viva content in Microsoft Search, and the ability to enable/disable certain features in SharePoint Premium. The post emphasizes the continuous improvement and expansion of SharePoint capabilities, ensuring users have access to the most up-to-date and efficient tools for their tasks. [1](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/sharepoint-roadmap-pitstop-march-2024/ba-p/4101910)

For a detailed overview of the new features and updates, you can read the full blog post on the Microsoft Tech Community website. [1](https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/sharepoint-roadmap-pitstop-march-2024/ba-p/4101910)

Hunting and responding to QR code-based phishing attacks with Defender for Office 365 –

The blog post titled “Hunting and Responding to QR Code-Based Phishing Attacks with Microsoft Defender for Office” discusses the increasing trend of QR code-themed phishing campaigns. The Microsoft Defender Experts team has observed attackers using deceptive QR codes to manipulate users into accessing fraudulent websites or downloading harmful content. The post emphasizes the importance of being vigilant against such phishing attempts and provides insights into how Microsoft Defender for Office can help in identifying and responding to these threats. For a detailed exploration of the topic, I recommend reading the full blog post. [1](https://techcommunity.microsoft.com/t5/microsoft-security-experts-blog/hunting-for-qr-code-aitm-phishing-and-user-compromise/ba-p/4053324)

Public Preview: High Volume Email for Microsoft 365 –

The blog post titled “Public Preview: High Volume Email for Microsoft 365” on the Microsoft Tech Community announces the public preview of High Volume Email (HVE) for Microsoft 365. This service is designed for line-of-business applications and other high-volume SMTP Auth submissions, allowing for sending internal messages beyond the current limits of Exchange Online. The public preview includes an admin experience in the Exchange admin center to manage HVE accounts, a report to track usage, and a specific SMTP endpoint using basic SMTP auth to send email. [1](https://techcommunity.microsoft.com/t5/exchange-team-blog/public-preview-high-volume-email-for-microsoft-365/ba-p/4102271)

Microsoft Copilot for Security is now generally available –

The blog post on the Microsoft Tech Community titled “Microsoft Copilot for Security is now generally available” announces the general availability of Microsoft Copilot for Security starting April 1, 2024. This generative AI solution is designed to help security and IT professionals by providing new capabilities and tools across the security portfolio to protect and govern AI use. It is available for purchase as a consumption offering with a simple pricing model that covers both the standalone Copilot experience and embedded experiences across the Microsoft Security product portfolio. [1](https://www.microsoft.com/en-us/security/blog/products/microsoft-copilot-for-security/)[2](https://techcommunity.microsoft.com/t5/microsoft-security-copilot-blog/microsoft-copilot-for-security-general-availability-details/ba-p/4079970)[3](https://www.microsoft.com/en-us/security/blog/2024/03/13/microsoft-copilot-for-security-is-generally-available-on-april-1-2024-with-new-capabilities/)

For a detailed understanding, I recommend reading the full blog post. [1](https://www.microsoft.com/en-us/security/blog/products/microsoft-copilot-for-security/)

Building a foundation for AI success: Governance –

The article titled “Building a foundation for AI success: Governance” is the last post in a six-part blog series on The Microsoft Cloud Blog. It discusses the importance of governance in AI success and is part of a broader conversation about AI readiness that includes business strategy, technology and data strategy, AI strategy and experience, among other topics. Unfortunately, I cannot provide a direct summary of the article, but I encourage you to read it for a comprehensive understanding of the governance aspect in AI development and implementation. [1](https://www.microsoft.com/en-us/microsoft-cloud/blog/2024/03/28/building-a-foundation-for-ai-success-governance/)

What’s new in Microsoft Intune March 2024 –

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-march-2024/ba-p/4098989

After hours

We think we’re good at multitasking – https://www.youtube.com/shorts/iDjkILCPZ8I

Editorial

If you want to be part of a dedicated Microsoft Cloud community with information and interactions daily, then consider becoming a CIAOPS Patron – www.ciaopspatron.com.

Watch out for the next CIA Brief next week.

New Endpoint Security Windows Baseline

Microsoft have released an updated Endpoint Security Baseline for Windows 10 and later.

I have updated my Best Practices repository to include the new template JSON file here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/Endpoint/Baselines/win.json

and the older JSON file here:

https://github.com/directorcia/bp/blob/main/Intune/Policies/Endpoint/Baselines/Archive/win.json

I have also found that the Graph endpoint to which these two policies are applied is also different.

The new Security Baseline for Windows 10 now has an enormous area under Administrative templates. It also has a LAPs setting.

You can’t upgrade the older policy to the newer one, you need to create a completely new Security Baseline using the new policy.

This is going to take some time to work through all the new options that have been added, and there are many!

Luckily, I can put Copilot for Security to work to help me!