Kurt Shintaku's Blog

I stumbled upon an article that was written by a 3rd party that was interesting enough that I decided to share it. Written by Mahmoud Hassan of Avanade and backed with information from Microsoft Digital (our IT dept), it goes over real-world concerns about Teams Meeting transcriptions & Copilot for Microsoft 365.

The topics Mahmoud goes over relative to Microsoft’s own deployment & policies include:

• Microsoft’s own policies around Teams transcription
• Employee opt-out, alerts around recording
• Legal guidance sources
• Control over what can be recorded based on meeting classification
• Meeting content expiration
• etc.

Specific areas Mahmoud goes over that are interesting:

• “Explicit Recording Consent” in Teams Meetings
• The “Transcription only” Compliance Challenge in Teams Meetings
• Copilot in Teams Meetings *without* Transcription

Read the full article here:

• Copilot for Microsoft 365 – Copilot in Teams Meetings, Transcription & Enterprise Challenges
  https://www.linkedin.com/pulse/copilot-microsoft-365-teams-meetings-transcription-mahmoud-hassan-12z8f/

Microsoft Edge for Business is enhancing its defense against data leaks and vulnerabilities with two new capabilities:

• Screenshot prevention: Data exfiltration in the browser is a major concern for organizations due to financial, reputational and operational impact. Edge for Business will support screenshot prevention policies set across Microsoft 365, Microsoft Defender for Cloud Apps, Microsoft Intune Mobile Application Management and Microsoft Purview. Screenshot prevention policies will secure against data exfiltration in the browser by blocking the ability to take screenshots on pages labeled as sensitive or protected. Screenshot prevention will be generally available in the coming months.
• Easily stay up to date: Managed browser instances that are not up to date are at risk for exploitation through vulnerabilities, including zero-day attacks. The Edge management service will enable IT admins to see which devices have Edge instances that are out of date and at risk. It will also provide mitigating controls, such as forcing a browser restart to install updates, enabling automatic browser updates or enabling enhanced security mode for added protections. This capability will be in preview in the coming weeks.

Read more below:

• Blog: Microsoft Edge for Business: Revolutionizing your business with AI, security and productivity
• On Demand: Edge for Business: secure, productive, optimized for AI

Retrieval-Augmented Generation (RAG) is a commonly used design pattern that provides a human language interface using a “Large Language Model” (i.e. ChatGPT) against a distinct & separate data source (i.e. search index, database table, etc.) to generate a response based on your specific data. The power of Azure OpenAI models in this RAG pattern gives you more control over the data used by the LLM’s response.

Many organizations have large repositories of document images (FAXs, document scans, photos) that can be reborn as rich data sources for RAG patterns and AI models and can enable conversational exchanges that respond based on that unlocked image data.

We’ve provided documentation around how to implement a RAG model that specifically leverages “Azure AI Document Intelligence”, it’s Optical Character Recognition and its unique “Document Layout Model” to understand the document context without training. The pattern can continuously take advantage of your repositories of scanned images & documents to provide more relevant responses.

Read about the pattern here:

• Retrieval-Augmented Generation with Azure AI Document Intelligence
  https://learn.microsoft.com/en-us/azure/ai-services/document-intelligence/concept-retrieval-augmented-generation?view=doc-intel-4.0.0

We’ve documented “best practices” by which creators of Generative AI solutions using Azure OpenAI Services can improve the response time of end user’s requests, along with GitHub repos for code samples

“New LLM models require massive amounts of compute to run, and unoptimized applications can run quite slowly, leading users to become frustrated. Creating a positive user experience is critical to the adoption of these tools, so minimising the response time of your LLM API calls is a must. The techniques shared in this article demonstrate how applications can be sped up by up to 100x their original speed* through clever prompt engineering and a small amount of code!”

Read the guide here:

• The LLM Latency Guidebook: Optimizing Response Times for GenAI Applications
  https://techcommunity.microsoft.com/t5/ai-azure-ai-services-blog/the-llm-latency-guidebook-optimizing-response-times-for-genai/ba-p/4131994

Do you need a “one page” guide to investigate suspicious activity in Microsoft 365 and Microsoft Entra?

This guide (and more) contains the artifacts that Microsoft Incident Response hunts for and uses daily. This includes E-mail manipulations, Data collections, Login events etc.

You can also read & download more here:

• New Microsoft Incident Response guides help security teams analyze suspicious activity
  https://www.microsoft.com/en-us/security/blog/2024/01/17/new-microsoft-incident-response-guides-help-security-teams-analyze-suspicious-activity/?msockid=0f62e881cee7693e2d81fc18cf1268e1

#microsoft #irt #security #microsof365 #msftadvocate #entra #cybersecurity

Today, we are sharing an update on the Recall (preview) feature for Copilot+ PCs, including more information on the set-up experience, privacy controls and additional details on our approach to security.

To recap our update:
✅ If Recall is not proactively turned on, it’s off by default.
✅ Windows Hello must be enrolled & proof of presence is req’d to view snapshots.
✅ Recall decryption is just-in-time & snapshots are only accessible when the user authenticates.
✅ The search index database is encrypted.

Read the full update here:

• Update on the Recall preview feature for Copilot+ PCs
  https://blogs.windows.com/windowsexperience/2024/06/07/update-on-the-recall-preview-feature-for-copilot-pcs/

Interested in securing your AI solutions?

Join Microsoft’s Mark Russinovich & his Build 2024 session, “Inside AI Security with Mark Russinovich | BRK227” to explore the landscape of AI security, focusing on threat modeling, defense tactics, our red teaming approaches & the path to confidential AI. You will learn about various kinds of attacks in AI systems & our defenses, such as backdoors, poison data, prompt injection attacks, and more.