Introduction to Microsoft Defender XDR

Windows Defender was originally a basic built-in antivirus that protected endpoints (namely PCs) running the Windows operating system. As endpoint attack vectors became more sophisticated, antivirus passively protecting an endpoint no longer sufficed. A holistic protection - including identities, emails, and infrastructure - was needed. This was when Windows Defender was rebranded to  Microsoft Defender.

 

Fast forward to today, Microsoft Defender is now the overarching brand that covers a series of related products that provide integrated threat protection across the entire digital estate, including endpoints, identities, email, applications, and multi-cloud infrastructure. Here are the products under the Microsoft Defender brand:

• Microsoft Defender XDR: This is the unified dashboard/suite that includes:
• Microsoft Defender for Endpoint 
• Microsoft Defender for Office 365
• Microsoft Defender for Identity
• Microsoft Defender for Cloud Apps
• Microsoft Defender for Cloud
• Microsoft Defender Vulnerability Management
• Microsoft Defender for IoT

What Is Microsoft Defender XDR

Microsoft Defender XDR (Extended Detection and Response) is an integrated suite of four security products, each providing a unique and needed defense against sophisticated attacks. Powered by AI, Microsoft Defender XDR  provides an always learning, adapting, and automated unified defense across your digital estate. The four included products in XDR are:

• Microsoft Defender for Endpoint: Protects physical devices (Windows, macOS, Linux, Android, iOS). It provides both preventative antivirus and EDR (Endpoint Detection and Response) for hunting advanced persistent threats. 
• Microsoft Defender for Identity: Uses your on-premises Active Directory or Entra ID (formerly Azure AD) signals to identify, detect, and investigate advanced threats, compromised identities, and malicious insider actions.
• Microsoft Defender for Office 365: Safeguards your "collaboration" layer—protecting against malicious links (Safe Links) and attachments (Safe Attachments) in Outlook, Teams, SharePoint, and OneDrive.
• Microsoft Defender for Cloud Apps: A Cloud Access Security Broker (CASB) that gives you visibility into your SaaS apps, helping to identify "Shadow IT" and protect sensitive data moving in and out of the cloud.

What Makes Microsoft Defender XDR Unique?

Microsoft Defender differentiates itself by moving beyond simple signature-based detection to behavioral AI and automation.

• AI : Uses machine learning and cloud-delivered intelligence to block malware in real-time, even if the threat has never been seen before (Zero-day).
• Attack Surface Reduction (ASR): A set of controls that prevent actions typically used by malware, such as launching executable files from email or blocking Office apps from creating child processes.
• Self-Healing (AIR): Short for Automated Investigation and Response. When an alert is triggered, Defender can automatically launch an investigation, determine if a file is malicious, and remediate it (e.g., quarantine a file or stop a process) without human intervention.
• Advanced Hunting: For security pros, this provides a powerful query language (Kusto Query Language or KQL) to search through 30 days of raw telemetry data to find hidden indicators of compromise.
• The "Agentless" Advantage: Because the sensors for Defender are built directly into the Windows operating system, there is no third-party agent to install or update. This reduces "agent sprawl," lowers CPU overhead, and prevents the common "security vs. performance" conflict.

Conclusion

Microsoft Defender XDR represents a paradigm shift from traditional, siloed security to a unified, AI-native ecosystem.  Unlike third-party solutions, it requires no additional software installation, which eliminates compatibility issues and ensures peak system performance by minimizing CPU overhead  By integrating defense across endpoints, identities, email, and cloud apps, Microsoft Defender XDR seamlessly correlates telemetry across endpoints, identities, and cloud applications to eliminate the silos that attackers exploit. 

Connecting Supply Chain Networks : When One Plus One Made Three

---

 

 

Once upon a time, in a bustling digital world, there lived two companies: Fulcra and Velos.

Fulcra specialized in logistics and inventory. It could track every package in real time, optimize delivery routes with satellite precision, and move goods faster than anyone else. But Fulcra didn’t know what to move — only how to move it.

Velos, on the other hand, was an e-commerce titan. Its storefronts were beautiful, its marketing sharp, and its customer base global. But when orders poured in, chaos followed. Warehouses ran out of stock. Deliveries arrived late. Refunds stacked up.

Each company excelled at what it did. Yet both suffered in silence.

One day, a young analyst named Rina, who had worked briefly at both companies, saw the problem clearly: “These systems don’t talk to each other.”

She proposed something radical: a real-time connection between Fulcra’s logistics engine and Velos’s e-commerce platform. Orders placed in Velos would instantly inform Fulcra’s inventory and routing. Fulcra’s supply chain insights would feed back into Velos’s product availability and delivery promises.

At first, both companies resisted. “It’s too risky,” said Fulcra’s CIO. “We’ll lose control of our data,” Velos’s head of tech argued.

But Rina persisted. She ran a simulation — and it showed that with full integration, customer satisfaction would increase 30%, delivery times would drop by 40%, and operational costs would shrink.

“One plus one doesn’t just equal two,” she said. “It equals three — or more — when the systems are connected.”

With cautious optimism, the two companies launched Project Converge. APIs were built. Dashboards redesigned. Silos torn down.

The results were immediate.

Customers now saw accurate delivery times before they hit "Buy." Warehouses preemptively stocked products in areas with rising demand. Returns plummeted. Profits soared. Fulcra and Velos, once strong but isolated, became unstoppable together.

And Rina? She was promoted to lead a new initiative: connecting more systems across the ecosystem. She understood a powerful truth most businesses forget:

In isolation, systems work.
In connection, systems create.
And when 1 + 1 = 3, that’s the power of integration.

 

---

Hosting Ruby on Rails On Heroku Cloud and Coding with Cloud9 IDE

Hosting Ruby on Rails
On Heroku Cloud

Albert Chiang

 
1.    Ruby, Rail

Ruby is an Object-Oriented Programming scripting language and Rails (the Model View Controller web app framework developed using the Ruby language).  The purpose of this document is to show how to deploy a Ruby on Rails production website to Heroku cloud.  This will be demonstrated via a “Thanksgiving Potluck Signup” app running on Heroku (a Platform-As-A-Service).
 
 
2.    How I did it & source code

2.1.    Concept of the “Thanksgiving Potluck App”

Every year, my dear friend Neil invites others and I to his house for a Thanksgiving dinner potluck.   Neil usually brines and bakes a turkey, but he needs help from his guests to bring other dishes. He also wanted a way for guests to sign up for dishes, but did not want the dishes to overlap.  He used Evite to manage the email list and track who is coming, but tracking who was bringing what dishes was not easy to use. And being able to access the list via web or mobile web instantly via its own URI will make the app much easier to use.
                        
                                                  
Figure 1 Thanksgiving Potluck at Neil's
 
2.2.    Development environment

My development was on Cloud9 cloud IDE, which basically allowed me to use my browser to development and run my Rails web app.  It was easy enough to use, so I gave up using a Linux terminal and my trusty vi editor. Below is a screen shof of development on Cloud9 Cloud IDE
 

 
2.3.    Initial data model

For Neil’s Thanksgiving potluck, Neil wanted a simple guest registration system for the guests to use to register themselves. He wanted it to be accessible on both web and mobile. For each guest, Neil wanted to know these about his guests:
1.    Name of guest
2.    What food is being brought by the guest
3.    Total number of people coming
4.    Email of the guest

Further more, Neil said that it would be nice if the registration system can check for overlap in food brought.
 
 
2.4.     Initial scaffold creation using Rails

Rails is a framework that eases web app development and testing. The framework was designed to bring order to a potentially messy process of developing and testing web apps. But the framework also potentially adds extra baggage, especially for simple web apps. One way Rails eases the creation of the framework is via automated scaffold generation.  A Rails scaffold creates the necessary directory structure and pre-populated files.


2.5.    Seeding the database 

Now that we have a web app running, the framework of what to show (guest information) and how to manage it (edit, destroy, show) is built in and ready to use. But now we would like to have data in this web app. What is the fastest way to pre-populate data into it? We can populate the web app with data by using seed.
                                       

2.6.    Data migration

The data model was created using Rails and resides in the db/migrate directory as a Ruby file. But the Rails framework eventually will interact with a MySQL database. Rails has one built-in called SQLite3. In order to “migrate” the Ruby version of the data into SQLite3, the “rake db:migrate” is invoked. To double check the output of the migration into an sqlite3 file, I used  SQLite Free – Datum.
 

 
2.7.    Customize the User Interface View 

The Rails scaffold command creates a basic look on the View. Neil wanted a bit more customization in the web app – which means changes to HTML and CSS. In Rails, HTML is produced from processing Embedded Ruby files (erb) and CSS is produced from processing Sassy CSS (SCSS) files.  
                        s.
                                  

2.8.    Validating the data model

Neil preferred that guests not bring duplicate food.  He wanted the web app to warn a guest if the food to be brought was already registered. This is easily done in Rail using the “validates” concept. Neil also want to limit the number of  total guests, so a limit of 4 per guest is imposed by Neil.

2.9.    Route configuration

Ruby on Rails uses a Models View Control (MVC) design pattern. Which means that web app requests from users are sent to the Controller. But in Rails, before the user request is sent to the Controller, it is first routed through a Rails router.
            
 
2.10.    App testing
Rails was design with test in mind. With Rails, tests are easy to write, easy to run, and offers powerful abilities for test automation.
    
 
3.    Deployment to The World - Using Heroku PAAS & Git
Now that we have developed and tested our web app on my Macbook Pro, it is time to let other use it – by pushing the web app to production. Which means Neil and his guests can starting using the app from any web browser. But in order to push my Ruby on Rails environment to production, I need a way to host my Ruby on Rails application. This is where Heroku can help.

3.1.    What is Git
Git is a source code revision control system. Which allows you to store your source code into a safe place – called a repository.  Git in itself is a great software development tool to keep backups of your project , as well as keep revision control so that you can revert to previous version of your project.  But must we use Git?
The answer is yes – because we are using Heroku to push our project to production.
 

 
3.2.    Pushing to Heroku

Heroku offers Platform As A Service (PAAS) to deploy applications. In order to productize my web app, I first applied for a free Heroku account. Once established, the Linux command line can be used to control interaction with the Heroku Command Line Interface (CLI).  
 

3.3.    Differences Between Development and Production - PostgreSQL instead of SQLite
During the development of our Rails web app on my Macbook Pro, SQLite3 was the default Relational Database System (RDB) used with Ruby on Rails. SQLite3 is an embedded RDB, in contrast to MySQL – a full RDB environment. MySQL is part of Oracle, which leaves the Open Source community a bit nervous because Oracle makes money from selling  its own Oracle Database.
For those looking for pure open source RDB, PostgreSQL is the popular choice. Moreover, PostgreSQL is a Object Relational Database. Hence it is not surprising that Heroku supports PostgreSQL over SQLite.
 
 
 
3.4.    Production Web View
 

4.    Conclusion

Ruby is an object oriented scripting language targeted for web applications. Rails add a framework around Ruby so that code with specification functionality has a nature home in the framework. Rails adopt the MVC design pattern.  Ruby on Rails provides a proven and robust framework for web app development, testing, and production. Within a few short Rails command, a full web app is created.  Heroku cloud was picked as the public cloud hosting platform.

Home Storage : Direct Attached Storage, Network Attached Storage, Over Firewire, USB-SATA, Ethernet

Storage has sort of been a interest of mine. Not only did i use it for primary storage, but also for backup, and in some cases, to boot an OS.  As I dug through my boxes of drives, I became amazed at the changes of storage through the years.  I have owned several different types of hosts (Windows, Mac, Linux), connector (Firewire, USB, SATA, IDE), and media (3.5" HDD, 2.5" HDD, 2.5" SSD). Here is a quick walk through of some of my setup:

1) Firewire to iMac HDD : on the "Intel Aluminum" iMacs, the Fireware port was supposedly a cool thing to have. So I bought a Firewire enclosure to fit a 3.5" HDD. Worked great, but later on found that USB drives were ok too.

2) 3.5" SATA HDD : this might have been one of my first SATA drives that pivoted away from messy IDE.

3) USB DAS : I used this Direct Attached Storage as a desktop unit to backup my Windows laptop. Its slick shape made it look appealing on my desk.

4) NAS : this was my first Network Attached Storage, configured to RAID 0 because I really needed space (so there is no redundancy of data - bad!). This particular model also can host an Apache Web Server with a MySQL database.

5) 2.5" SATA SSD : this small for factor was idea for laptops and NUCs. I found this cheaper than to buy a "proper" flash USB drive. Had to buy a SATA to USB connector to use the SSD as plug in storage.

6) Boot macOS from 2.5" SATA SSD : I wanted to have a sandbox macOS environment, and so I installed macOS on to the external 2.5" SATA SSD and boot my Macbook from it.

Introducing Dr Data 2024

A data professional is an individual with expertise in managing and analyzing data to derive meaningful insights. They work with various data sources, databases, and tools to collect, organize, and interpret information. Data professionals may have skills in data cleaning, transformation, and visualization, as well as statistical analysis and machine learning. They play a crucial role in helping organizations make informed decisions based on data-driven evidence. (1)

Because the data profession is such a deep field, the major includes :

• enterprise storage engineer
  
• data engineer
  
• database administrator
• data analyst
• data scientist
• machine learning engineer
  

 

 

Each title in its own right is a full profession. In future blogs, I will cover in detail the responsibilites of each profession - as told by Dr Data 2024!

(1) ChatGPT "User give a summary of a data professional"

(2) DALL-E "mad scientist, name tag is "Dr Data", surrounded by data, cartoon style"

VR, AR and MR Path to Adoption (2023)

Introduction

Virtual Reality (VR)  has found moderate success in consumer applications, such as gaming. Major gaming manufacturers including Sony, Nintendo, and Microsoft, all have dabbled in VR to a limited success. For example, Nintendo hastily released its Virtual Boy back in 1995. Due to a combination of poor design and  headaches from use, it was unceremoniously pulled off the market in 1996. Note : I was one of the few who benefited from this and was able to snag one from Target's clearance shelf.  Augmented Reality (AR) early usage was in Heads Up Display (HUD) in aircraft to overlay important information in front of the pilot, in car information system, and now consumer and industrial use. Mixed Reality (MR) is now helping to drive the future of VR and AR with  product releases such as Meta Oculus Quest family of MR googles, Microsoft Hololens Mixed Reality googles adoption by the U.S. Army Integrated Visual Augmentation System (IVAS), and awaiting Apple to finally launch its Vision Pro to validate the MR market.

   

Quick Definitions

Virtual Reality (VR) : You buy special goggles (usually called VR goggles - which does not have a camera to pass outside world in), put it on, and everything you see in the goggles is not real (virtual). Augmented Reality (AR): You use an every day device (say mobile phone), aim its camera at a thing (say a building), and additional information about the building is overlaid on to screen of the mobile phone. Mixed Reality (MR):  You buy special goggles (usually called MR goggles - which have cameras to pass outside world in), put it on, and and you see both real world and virtual world visuals.  This is where all the action is, with : Meta Quest (version 3 launched October 2023), Microsoft HoloLens (version 2),  Apple Vision Pro (not yet released, but website is up).

 

Enterprise Adoption

Fast forward to 2018. I am at Mobile World Congress (MWC) in Barcelona to explore how emerging technologies, including VR and AR, is making inroads into industrial applications. Here at the show, AR seem to have gained a stronger traction over VR. VR is a bit "intrusive" in its use model - usually requires donning special glasses or goggles - and if the Nintendo Virtual Boy is of any predictor, adoption might be resisted. AR, on the other hand, is less intrusive - usually only requires holding up a tablet (such as an iPad) or mobile phone (such as iPhone) towards a "re-conditioned" environment.

Gaming Adoption

In spite of early failures, gaming manufacture continue to power through early design challenges to try to  bring VR back to dizzy gamers. SonyVR, Microsoft Hololens 2, and new challengers such as Meta Quest VR Headsets are not giving up the fight to make VR right. In fact, Meta's vision for VR is not squarely targeted at gamers. Rather, it is targeted at those who want to be transported to an alternative reality called The Metaverse.  Meta has already sunk over $20 billion in 2021-2022 and will continue to invest in it - in hardware, software, and content. As an Oculus Quest owner, I have already enjoyed transporting myself to space, looking out at a serene and calm environment - away from the polluted and contentious planet that I want to escape from. 

Daily Life Adoption

AR has now been quietly gaining traction as a utility to improve daily life. In a recent trip to The Hague, I exited the metro and had no idea where to go.  On my moderately new iPhone (Android has this feature too), I have already installed the Google Map app. Google Map gave me the option of using my iPhone to augment information on top of what my camera sees. So from the metro station, I pointed my phone at a nearby building, and Google Maps was able to identify the building, and it proceeded to guide me on where to walk to. Digging into the technology a bit - Apple has made combining maps and camera data easier via its ARKit software libraries.

E-Commerce Adoption

With the mobile phone as the primary way for consumer to discover, learn, and buy products, AR is now enabling the consumer to explore, visualize, and imagine the product more immersive. This picture was taken at MWC. But if you are a Amazon Prime subscriber, you probably have seen AR features to overlay products (such as a lamp) onto your living room.

Keys To Adoption : Content

As a semi-avid gamer for decades, I have owned almost every major gaming console from Atari, Sega, Nintendo, Sony,  Microsoft, and Meta. And from a casual observation, I can say that games sells consoles. That is why every gaming console has a must have launch title  - such as Microsoft's Halo and Nintendo's Legend of Zelda.  Looking at VR, AR, and MR, it will be games and content and a killer app that drives adoption.  In Oct 2023, wedged between the launch for Meta's Quest 3 and the 2023 holiday season, NPR writes Meta Quest 3 review: powerful augmented reality lacks the games to back it up.  And Microsoft's long and contentious $70B acquisition of Activision highlights this phenomenon - Bill Gates was right 20+ years ago when he wrote the "Content is King" essay.

 

How to Scale Contention for VR, AR, MR

Make creation of  virtual worlds easier by further leveraging tools that have already been used to do this such as Unity3D or Unreal Engine. Enable easier 3-D modeling of real world assets, perhaps open source versions of builder tools such as Blender,  Maya (Autodesk), or 3ds Max. Lower  Write code to implement the functionality of your VR experience. This includes user input handling, interaction mechanics, and any custom features.  Use the chosen game engine's scripting language (e.g., C# in Unity, C++ in Unreal

 

Conclusion

MR, AR, and VR is continuing to refine the future of human to machine engagement. It has had a rough start - early failures of Nintendo's Virtual Boy,  soldiers complaining of headaches with Microsoft Hololens,  the snail pace transition to the Metaverse.  But if the gaming industry (and its tools) has anything to teach us - it is that Content is King.

Path from VM to Containers

Business require software to run their operations. These software were written using a software pattern called Model-View-Controller (MVC), bundled into a single software package called monolith (because everything that the software needed to do was bundled into that one software package). That software run on-premise hardware as Virtual Machines. Because those virtual machines ran on on-premise hardware, the business needed to pay for an IT team, plus give them a budget to procure/install/configure/maintain/patch/upgrade/backup. If the software required more compute or storage (say during the holidays when orders are streaming in), IT was summoned to scale up and follow the aforementioned long process - which was as bottleneck. Cloud solved the IT bottleneck issue, where the need to own your own on-premise hardware and the IT team was eliminated. If that need that software to be able to scale up during the holidays, and be accessible from around the planet, while remaining resilient. Also if one of the MVC components of the software failed (which is 8/9 of the combinations), the software dies. Virtual Machines could not keep up with the requirements to scale and be resilient. Problems with monolithic software that ran on virtual machines gave rise to micro-services that ran on Kubernetes containers. Micro-services broke the single monolithic software package into micro pieces, so that when one piece fails, the others run to keep the software running just enough. And microservices did not need the overhead of virtual machines that were designed to run huge monoliths, so containers were invented. Kubernetes is just management software that track containers.