GM Dynamics & Agentic AI Consulting

Hosted machines allow you to build, test and run attended and unattended desktop flows without providing or setting up any physical machines.

To create and use hosted machines you should have –

• A valid and working Intune and Azure Active Directory tenant.
• Intune device type enrolment restrictions are set to Allow Windows (MDM) platform for corporate enrolment.

Steps to create new hosted machine – Navigate to Monitor à Machine à Hosted machine as highlighted

A page will display to create a new hosted machine as shown. select a name of Hosted machine and description and click next

If you have any VM image available you can use or else can use default

When you click on + New VM Image you will see an option to select name along with options to use with – 1. Hosted Machine 2. Hosted Machine Group 3. Both

I have selected hosted machine but I don’t have any image available.

So, I have selected default windows 11 enterprise VM and then click next

If you want to add any custom network setup you can do by clicking + New network connection as shown

When I try to add a new network for me, I don’t have any azure virtual network as shown

So, I have not selected any network and clicked next. If you notice default network and VM Image is selected as shown

Then you will see below during provisioning of VM as shown

Once it’s provisioned you can see the machine as below

Hosted Machine groups can be created clicking on Hosted machine group as highlighted below

On click of Next you can see below in which you can select the feature to Re-use session.

On click of next you can assign maximum number of bots you want to run on this machine group

Select the VM image, I have selected default VM Image as shown

Choose how you want to connect to your bots next as shown below either you can

• use work or school account.
• Create and use local account

Once hosted machine groups are created you can see the status as below

On click of share you can share hosted machine group as highlighted

On click of settings you can select max number of bots, reuse sessions and enable maintenance mode.

You can see hosted machine group listed under machine groups as shown below

You can create new machine groups by clicking +New within machine group as highlighted below

As per the research from McKinsey & Company, there is an opportunity for cybersecurity technology and service providers of $2 trillion due to the increase in digital crime because of the increase in online and mobile interactions. Please refer below report –

https://www.mckinsey.com/capabilities/risk-and-resilience/our-insights/cybersecurity/new-survey-reveals-2-trillion-dollar-market-opportunity-for-cybersecurity-technology-and-service-providers

In this context authorization and authentication plays a vital role. Here are some standard ways of authentication-

• Password-based authentication
• Two-factor/multi-factor authentication
• Biometric Authentication – Fingerprint Scanning, Facial Recognition, etc.
• Single Sign-on
• Token-based authentication
• Certificate-based authentication

Microsoft has zero trust security pls refer the article –

5 reasons to adopt a Zero Trust security strategy for your business

If still business want to implement client end security there are different protocols are there.

Authentication method Protocols are –

• Lightweight Directory Access Protocol (LDAP)
• Password Authentication Protocol (PAP)
• Challenge-Handshake Authentication Protocol (CHAP)
• Extensible Authentication Protocol (EAP) 
• Kerberos
• OpenID
• Security Assertion Markup Language (SAML)
• SSL/TLS
• Fast Identity Online (FIDO2)

Here we will discuss FIDO2 Protocol. FIDO is a standard that uses the Web Authentication API and Client to Authenticator Protocol to authenticate users via public key cryptography from a local device, such as a token or smartphone. The latest version is FIDO2.

FIDO Protocol is a product of FIDO Alliance (https://fidoalliance.org/) an open industry association that is focused on authentication standards by removing dependency on passwords.

Today we will see how we can secure our accounts by using the FIDO2 security key. Thanks to FEITIAN for shipping me ePass FIDO – NFC K9.

It’s FIDO U2F & FIDO2 Certified Security Key. A single ePass FIDO – NFCcan protect unlimited accounts across multiple websites. It supports both USB and NFC interfaces. For more information please visit – https://www.ftsafe.com/Products/FIDO/NFC

Let’s start our DIY –

Beauty of Office365 which natively support for additional authentication only need to perform certain steps.

Let’s do it.. Log in to your Microsoft Office365 account and click on Security as shown in the below snapshot

Click on Advanced Security Option -> Get started

Click on Add a new way to sign in or verify as shown in the below snapshot

Then you can see options to select the way of authentication.

When you select Use a security Key below options will display as shown in snapshots.

Using USB Device-

Using NFC Device-

Select the option as per the device configuration and click Next. You will get a prompt to create a passkey selecting External Security Key or built in sensor as shown.

Once you entered passkey system will prompt to insert the security key into the USB port and then touch on the sensor on the device.

Once setup is done please name it and click Next

Then you are all set for the FIDO key authentication as shown in below snapshot.

Now if you navigate to security you can see additional authentication.

Now you can login using Sign in with Windows Hello or a security Key .

N.B – You can try this for 2 factor authentication also to add additional layer of protection. Happy Learning!

• When user click on Environments in power platform admin center, they can see screen as per below which has options for

+ New – To create new environment

Refresh – Refresh the environment

Recover deleted environments – To recover the environment which is deleted

• When click on + New it will popup a dialog to fill for environment creation as per below snapshot

• When user click on recover deleted environment it will display list of deleted environments. When user click on … it displays option to Recover & History as per below snapshot

• On click of History it displays history of the environment as per below snapshot.

• When user click on … as highlighted in above snapshot user can see lot of options on top panel and on the selection panel as per below snapshot.

• Open – Will help to open the URL in the browser to load the environment.
• Convert to Production – If the selected environment is non-production, then it will display option to convert to Production.
• Backups- On click of Backups system will display option to Create or Restore or manage as per below snapshot

On click of Create it will ask to label and quickly it will create a backup of the environment.

On click of Restore or manage system will display below snapshot

User can create new backup using + New Backup along with that user can see system backups by entering date and time / manual backup taken by the user.

• Please Open Power Platform Admin Centre by https://aka.ms/ppac
• Navigate to Environment –> select environment –> Settings –> Products –> Privacy + Security as per below snapshot

• Enable Sharing as highlighted in below snapshot which will share read only record to the shared person.

• After enabling, when user open any record they will see Share icon as per below snapshot.

• Users need to click on email link and select the To recipient as per below snapshot.

• Then recipient will get an email with the link.
• In case user want to revoke the access then he/she can click on Share icon on the record and click on Manage Access.

• Then you will see below screen which will display whom you have shared the record and select the records from which you want to revoke the access.

• Then uncheck the privileges as per my snapshot I have unchecked Read and clicked on Share as per below snapshot and you noticed in the snapshot record is already unshared.