Announcing mandatory multi-factor authentication for Azure sign-in

As cyberattacks become increasingly frequent, sophisticated, and damaging, safeguarding your digital assets has never been more critical. As part of Microsoft’s $20 billion dollar investment in security over the next five years and our commitment to enhancing security in our services in 2024, we are introducing mandatory multifactor authentication (MFA) for all Azure sign-ins.

The need for enhanced security

One of the pillars of Microsoft’s Secure Future Initiative (SFI) is dedicated to protecting identities and secrets—we want to reduce the risk of unauthorized access by implementing and enforcing best-in-class standards across all identity and secrets infrastructure, and user and application authentication and authorization. As part of this important priority, we are taking the following actions:

• Protect identity infrastructure signing and platform keys with rapid and automatic rotation with hardware storage and protection (for example, hardware security module (HSM) and confidential compute).
• Strengthen identity standards and drive their adoption through use of standard SDKs across 100% of applications.
• Ensure 100% of user accounts are protected with securely managed, phishing-resistant multifactor authentication.
• Ensure 100% of applications are protected with system-managed credentials (for example, Managed Identity and Managed Certificates).
• Ensure 100% of identity tokens are protected with stateful and durable validation.
• Adopt more fine-grained partitioning of identity signing keys and platform keys.
• Ensure identity and public key infrastructure (PKI) systems are ready for a post-quantum cryptography world.

Ensuring Azure accounts are protected with securely managed, phishing-resistant multifactor authentication is a key action we are taking. As recent research by Microsoft shows that multifactor authentication (MFA) can block more than 99.2% of account compromise attacks, making it one of the most effective security measures available, today’s announcement brings us all one step closer toward a more secure future.

In May 2024, we talked about implementing automatic enforcement of multifactor authentication by default across more than one million Microsoft Entra ID tenants within Microsoft, including tenants for development, testing, demos, and production. We are extending this best practice of enforcing MFA to our customers by making it required to access Azure. In doing so, we will not only reduce the risk of account compromise and data breach for our customers, but also help organizations comply with several security standards and regulations, such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), General Data Protection Regulation (GDPR), and National Institute of Standards and Technology (NIST).

Preparing for mandatory Azure MFA

Required MFA for all Azure users will be rolled out in phases starting in the 2nd half of calendar year 2024 to provide our customers time to plan their implementation: 

• Phase 1: Starting in October, MFA will be required to sign-in to Azure portal, Microsoft Entra admin center, and Intune admin center. The enforcement will gradually roll out to all tenants worldwide. This phase will not impact other Azure clients such as Azure Command Line Interface, Azure PowerShell, Azure mobile app and Infrastructure as Code (IaC) tools. 
• Phase 2: Beginning in early 2025, gradual enforcement for MFA at sign-in for Azure CLI, Azure PowerShell, Azure mobile app, and Infrastructure as Code (IaC) tools will commence.

Beginning today, Microsoft will send a 60-day advance notice to all Entra global admins by email and through Azure Service Health Notifications to notify the start date of enforcement and actions required. Additional notifications will be sent through the Azure portal, Entra admin center, and the M365 message center.

For customers who need additional time to prepare for mandatory Azure MFA, Microsoft will review extended timeframes for customers with complex environments or technical barriers.

How to use Microsoft Entra for flexible MFA

Organizations have multiple ways to enable their users to utilize MFA through Microsoft Entra:

• Microsoft Authenticator allows users to approve sign-ins from a mobile app using push notifications, biometrics, or one-time passcodes. Augment or replace passwords with two-step verification and boost the security of your accounts from your mobile device.
• FIDO2 security keys provide access by signing in without a username or password using an external USB, near-field communication (NFC), or other external security key that supports Fast Identity Online (FIDO) standards in place of a password.
• Certificate-based authentication enforces phishing-resistant MFA using personal identity verification (PIV) and common access card (CAC). Authenticate using X.509 certificates on smart cards or devices directly against Microsoft Entra ID for browser and application sign-in.
• Passkeys allow for phishing-resistant authentication using Microsoft Authenticator.
• Finally, and this is the least secure version of MFA, you can also use a SMS or voice approval as described in this documentation.

External multifactor authentication solutions and federated identity providers will continue to be supported and will meet the MFA requirement if they are configured to send an MFA claim.

Moving forward

At Microsoft, your security is our top priority. By enforcing MFA for Azure sign-ins, we aim to provide you with the best protection against cyber threats. We appreciate your cooperation and commitment to enhancing the security of your Azure resources.

Our goal is to deliver a low-friction experience for legitimate customers while ensuring robust security measures are in place. We encourage all customers to begin planning for compliance as soon as possible to avoid any business interruptions.

Source: azure.microsoft.com

Continue reading

Announcing a new OpenAI feature for developers on Azure

We are thrilled to announce the launch of OpenAI’s latest model on Azure. This new model, officially named GPT-4o-2024-08-06, brings innovative features designed to elevate developer experiences on Azure. Specifically, the new model focuses on enhancing productivity through Structured Outputs, like JSON Schemas, for the new GPT-4o and GPT-4o mini models.

A focus on Structured Outputs

GPT-4o was first announced in May 2024, as OpenAI’s new multimodal model, followed by GPT-4o mini in July 2024. Today’s version is designed with a specific use case in mind: simplifying the process of generating well-defined, structured outputs from AI models. This feature is particularly valuable for developers who need to validate and format AI outputs into structures like JSON Schemas. Developers often face challenges validating and formatting AI outputs into well-defined structures like JSON Schemas.  

Structured Outputs addresses this by allowing developers to specify the desired output format directly from the AI model. This feature enables developers to define a JSON Schema for text outputs, simplifying the process of generating data payloads that can seamlessly integrate with other systems or enhance user experiences. 

Use cases for JSON

JSON Schema is essential for defining the structure and constraints of JSON documents, ensuring they follow specific formats with mandatory properties and value types. It enhances data understandability through semantic annotation and serves as a domain-specific language for optimized application requirements. Development teams use JSON Schema to maintain consistency across platforms, drive model-driven UI constraints, and automatically generate user interfaces. It aids in data serialization, security testing, and partial validation in technical scenarios. JSON Schema also supports automated testing, Schema inference, and machine-readable web profiles, improving data interoperability. It standardizes validation interfaces and reporting, handles external validation, and ensures data consistency within and across documents. It can also help with customer support and how to communicate in a timely manner. 

Two flavors of Structured Outputs

Structured Outputs is available in two forms: 

1. User-defined JSON Schema: This option allows developers to specify the exact JSON Schema they want the AI to follow, supported by both GPT-4o-2024-08-06 and GPT-4o-mini-2024-07-18.

2. More Accurate Tool Output (“Strict Mode”): This limited version lets developers define specific function signatures for tool use, supported by all models that support function calling, including GPT-3.5 Turbo, GPT-4, GPT-4 Turbo, and GPT-4o models from June 2023 onwards. 

Technical guidance on using Structured Outputs

To help you get started with Structured Outputs, we recommend the following approach. 

Getting started with Structured Outputs 

1. Define Your JSON Schema: Determine the structure you want your AI outputs to follow. This can include required fields, data types, and other constraints. 

2. Configure the AI model: Use the Structured Outputs feature to specify your JSON Schema within the API call. This ensures that the AI output adheres to your defined structure. 

3. Integration and testing: Integrate the output into your application or system, and test thoroughly to ensure compliance with your JSON Schema. 

Example use case: Customer support automation

Imagine you’re developing a customer support chatbot that needs to generate responses in a specific format for logging and analytics. By using Structured Outputs, you can define a JSON Schema that includes fields like responseText, intent, confidenceScore, and timestamp. This ensures that every response generated by the chatbot is formatted correctly, making it easier to log, analyze, and act upon. 

Example API call

Here’s an example API call to illustrate how to use Structured Outputs:

{

  "model": "gpt-4o-2024-08-06",

  "prompt": "Generate a customer support response",

  "structured_output": {

    "schema": {

      "type": "object",

      "properties": {

        "responseText": { "type": "string" },

        "intent": { "type": "string" },

        "confidenceScore": { "type": "number" },

        "timestamp": { "type": "string", "format": "date-time" }

      },

      "required": ["responseText", "intent", "confidenceScore", "timestamp"]

    }

  }

}

Pricing

We will make pricing for this feature available soon. Please bookmark the Azure OpenAI Service pricing page. 

Learn more about the future of AI

We’ve been rolling out several new models recently, and we understand it can be a lot to keep up with. This flurry of activity is all about empowering developer innovation. Each new model brings unique capabilities and enhancements, helping you build even more powerful and versatile applications. 

The launch of this new model feature for GPT-4o and GPT-4o mini marks a significant milestone in our ongoing efforts to push the boundaries of AI capabilities. We’re excited to see how developers will leverage these new features to create innovative and impactful applications.

Source: microsoft.com

Continue reading

MS-900 Practice Test: A Sure-Fire Tool to Get High Score in MS-900 Exam

Microsoft 365 is the cornerstone of productivity in the modern workplace, providing seamless integration of tools that empower businesses to achieve more. As the demand for professionals who are well-versed in Microsoft 365 continues to rise, certifications like the Microsoft 365 Fundamentals (MS-900) have become crucial for anyone looking to advance their career in IT. The MS-900 exam tests your foundational knowledge of cloud services and the benefits and considerations of adopting Microsoft 365 cloud services. But how do you ensure you’re fully prepared to ace this exam? The answer lies in the MS-900 Practice Test—your sure-fire tool to achieving a high score and earning that coveted certification.

Why the Microsoft 365 Fundamentals Exam (MS-900) Matters?

The MS-900 exam is designed for candidates who want to demonstrate their knowledge of cloud-based solutions, especially Microsoft 365 services. Whether you’re a business user, IT professional, or student, passing the MS-900 exam can validate your understanding of Microsoft 365’s core services, pricing models, support options, and general cloud concepts. It’s a certification that not only boosts your resume but also opens doors to further certifications and career opportunities.

Exam Details and Exam Topics

Before diving into the benefits of using an MS-900 Practice Test, it's essential to understand what the exam entails. Here’s a breakdown of the key details:

Exam Name: Microsoft 365 Fundamentals

Exam Code: MS-900

Duration: 45 minutes

Number of Questions: Approximately 40-60 questions

Question Types: Multiple-choice, multiple-select, drag-and-drop, and case studies

Passing Score: 700 out of 1000

Languages: English, Japanese, Chinese (Simplified), Korean, Spanish, German, French, Portuguese (Brazil), Italian

MS-900 Exam Topics

The MS-900 exam covers a broad range of topics, which are crucial for anyone looking to gain a solid foundation in Microsoft 365 services. These include:

Describe cloud concepts

Describe Microsoft 365 apps and services

Describe security, compliance, privacy, and trust in Microsoft 365

Describe Microsoft 365 pricing, licensing, and support

Understanding these topics is key to passing the MS-900 exam, but how do you ensure that you’re ready to tackle these areas? The answer lies in utilizing an MS-900 Practice Test.

Microsoft 365 Fundamentals Exam Resources

Preparing for the MS-900 exam requires access to high-quality resources. Here’s a list of the most effective resources you should consider:

Microsoft Learn: The official Microsoft learning platform offers free learning paths and modules designed specifically for the MS-900 exam. This is a great starting point to build your knowledge.

Instructor-Led Training: Enroll in an instructor-led course to gain a deeper understanding of the exam content. This option is particularly useful if you prefer a structured learning environment.

Official MS-900 Study Guide: Microsoft Press offers an official study guide for the MS-900 exam. This comprehensive guide provides detailed explanations of each topic, practice questions, and exam tips.

Online Forums and Study Groups: Join online communities like Reddit, TechNet, or specialized study groups to connect with others preparing for the MS-900 exam. Sharing knowledge and experiences can be invaluable.

MS-900 Practice Test: Perhaps the most critical resource in your exam prep toolkit. The MS-900 Practice Test allows you to simulate the exam environment, test your knowledge, and identify areas where you need to improve.

Quick 5 Tips for MS-900 Exam Prep

Now that you understand the importance of the MS-900 Practice Test, here are five quick tips to help you prepare effectively for the MS-900 exam:

1. Set a Study Schedule

Consistency is key when preparing for any certification exam. Set aside specific times each day to study and stick to your schedule. Breaking your study sessions into manageable chunks can prevent burnout and help retain information better.

2. Use Multiple Resources

Don’t rely on just one resource for your preparation. Use a combination of study guides, online courses, video tutorials, and practice tests to get a well-rounded understanding of the material.

3. Join a Study Group

Joining a study group can provide you with different perspectives on difficult topics and help keep you motivated. Discussing and explaining concepts to others can also reinforce your own understanding.

4. Take Multiple Practice Tests

Don’t stop at just one MS-900 Practice Test. Take multiple tests to gauge your progress over time. This will not only help you identify areas that need improvement but also build your confidence as you see your scores improve.

5. Review and Revise

After taking each practice test, spend time reviewing your incorrect answers. Understanding your mistakes is just as important as knowing the correct answers. Revising these areas will help you avoid making the same mistakes in the actual exam.

Why Use MS-900 Practice Test?

Let’s dive deeper into why the MS-900 Practice Test is your ultimate tool for exam success.

1. Familiarize Yourself with the Exam Format

The MS-900 exam includes various question types, such as multiple-choice, multiple-select, and drag-and-drop. Taking a practice test allows you to become familiar with the exam format, reducing anxiety and increasing your confidence on exam day.

2. MS-900 Practice Test Identifies Knowledge Gaps

No matter how much you study, there might be areas where your understanding isn’t as strong as it should be. The MS-900 Practice Test highlights these gaps by providing detailed feedback on your performance, allowing you to focus your study efforts where they are needed most.

3. MS-900 Practice Test Enhances Time Management Skills

The MS-900 exam must be completed within 45 minutes, which can be challenging if you’re not accustomed to working under time constraints. Regularly taking practice tests helps you improve your time management skills, ensuring you can complete the exam within the allotted time.

4. MS-900 Practice Test Boosts Your Confidence

There’s nothing like the feeling of completing a practice test with a high score. It boosts your confidence and gives you a psychological edge going into the real exam. When you’ve consistently scored well in your practice tests, you can walk into the exam room with the assurance that you’re well-prepared.

5. Simulate the Real Exam Experience

Taking a practice test simulates the pressure of the actual exam environment. This is crucial for reducing exam-day jitters and ensuring you remain calm and focused when it matters most.

Final Thoughts: Invest in the Right MS-900 Practice Test

Your journey to acing the Microsoft 365 Fundamentals (MS-900) exam can be smooth and successful if you equip yourself with the right tools. The MS-900 Practice Test stands out as one of the most effective resources in your preparation arsenal. It helps you familiarize yourself with the exam format, identify knowledge gaps, improve time management, and boost your confidence—all of which are critical factors in achieving a high score.

When choosing a practice test, opt for one that offers detailed explanations, simulates the real exam environment, and is regularly updated to reflect the latest exam changes. Investing in a reliable MS-900 Practice Test is not just about passing the exam—it’s about ensuring you walk into the exam room with the confidence and knowledge needed to excel.

Continue reading