After installation of a new Windows 7 machine with the newest version of the Windows Update Agent installed, the Software Updates scan initiated from Configuration Manager would fail with the error 80072ee2 (which translates to Connection Timeout).

Check the Basics

C:Windowswindowsupdate.log:

[code]
WARNING: SendRequest failed with hr = 80072ee2. Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <>
WARNING: Send failed with hr = 80072ee2.
[/code]

First, ensure all your settings are correctly applied to the computer:

• Confirm that your Software Update Point (SUP) is correctly registered in the registry:

HKLMSOFTWAREPoliciesMicrosoftWindowsWindowsUpdate

Values WUServer and WUStatusServer should both match the correct URL and port of the WSUS web site (eg. http://server.fqdn:port).

• Verify that the client can connect to the WSUS web site by opening a browser and navigating to http://server.fqdn:port/SimpleAuthWebService/SimpleAuth.asmx (replacing server.fqdn with your server fully qualified domain name and replacing port with the port you have WSUS configured to operate on).

In my case, the client configuration was correct and it was successfully able to communicate with the WSUS server web site. The issue was the Application pool for WSUS running out of memory and recycling while the client was waiting for response from the server.

Additional Troubleshooting

Check the event log of the server hosting the Software Update Point (and Windows Server Update Services).

Event 1:

[code]
Log Name: Application
Source: ASP.NET 2.0.50727.0
Event ID: 1309
Task Category: Web Event
Event code: 3001
Event message: The request has been aborted.
Exception type: HttpException
Exception message: Request timed out.
[/code]

Event 2:

[code] Log Name: System
Source: Microsoft-Windows-WAS
Event ID: 5117
Description includes: WsusPool [/code]

Solution

If you are encountering Event ID 1309 in the Application log at around the same time as event ID 5117 in the System log, you most likely need to increase the memory allocated to the WSUS Application Pool in IIS. To do that, follow the steps in http://blogs.technet.com/b/configurationmgr/archive/2015/03/23/configmgr-2012-support-tip-wsus-sync-fails-with-http-503-errors.aspx.

After increasing the memory, the new clients were successfully able to scan for and apply updates!

I can only assume that the existing client I tested was working because it required less information from the WSUS server web application, while the new client required an entire catalog.

The take away of this post: monitor your servers event logs!

Also make sure your clients have up to date Windows Update clients. See Windows 7 Stuck on Checking for Updates for more troubleshooting and solutions.

Hi Folks,

I happen to document this enough working on an issue and hence posting this out to revive my unexplained series that was dormant for quite a while.

Issue:

We introduced this new class in ConfigMgr 1606, I believe Office365PROPlusConfigurations as shown below.

Now the issue is we have the data being collected in the respective table Office365ProPlusConfigurations_DATA on the primaries but the data doesn’t go to CAS.

Assessment:

The very first thing that comes to mind in such cases was to check if the table is being replicated at all first. Just to clear, any table that is replicated has to be a part of the ArticleData table. So ran,

select * from ArticleData where articlename like ‘Office365ProPlusConfigurations_DATA’

DANG! No rows returned. Thought of checking if this was by design, In the lab, I do get the data and the table is a part of replication group.

So there is something happening here where the Table is not even considered to be part of the replication group.

Frankly, I was at loss as to how to drill this down, The groups definitely need to be created by dataldr for sure that’s what I knew.

Checked the Dataldr.log on the CAS and saw these lines repeating.

//

There are 4 pending remote adds, 0 pending remote drops.      SMS_INVENTORY_DATA_LOADER     10/26/2016 11:15:35 PM  5784 (0x1698)

Looking for inventory schema changes…   SMS_INVENTORY_DATA_LOADER      10/26/2016 11:15:35 PM  5784 (0x1698)

…no inventory schema changes found.     SMS_INVENTORY_DATA_LOADER      10/26/2016 11:15:35 PM  5784 (0x1698)

//

Frankly, I couldn’t make much out of this, so digged thru the source as to what this entails.

Upon digging, it became clear that before setting up the replication group for an inventory table the CAS waits for the primaries to extend the schema.

So until the primaries have extended the schema the CAS wont setup the replication for the coming groups.

Now, CAS tracks the same from a table called RemoteInvSchema. This is a site data table so when the schema is extended on the primaries, they reach the CAS and that’s how CAS knows the schema is extended at primary.

So ran this at CAS:

select sitenumber, count(*) from RemoteInvSchema

group by(sitenumber)

Output:

SiteNumber Count
1                        2309
2                       2311
3                       2309

Dang! So site number 1 and 3 are off by two records each. That makes it 4 for what the CAS is shouting for.

I ran the queries on the primary itself and it was 2311. So it was just that the data somehow never replicated up for these two sites.

The data records that was OFF was

MICROSOFT|MBAM_POLICY|1.0  UserExemptionDate

MICROSOFT|MDM_RemoteFind|1.0           Latitude

The table RemoteInvSchema is a part of Operational_Data so reiniting them from the CAS should have helped. But for two records reiniting a big group was something Cx was not willing.

Anyways even updating the records on Primary should do the trick via DRS. We ran the below on all primaries

//

UPDATE remoteinvschema SET AttributeName=AttributeName WHERE GroupClass IN (‘MICROSOFT|MBAM_POLICY|1.0′,’MICROSOFT|MDM_RemoteFind|1.0’)

//

* Make sure we have a backup of the DB before we run any delete query. Also, do not delete anything without the recommendation from the Microsoft Premier support. 

Sure enuf now the records from the query was 2311 for all sites and the dataldr kicked for creating the replication groups for the inventory tables.

Summary:

The table RemoteInvSchema is used in CAS to coordinate/wait for all primary sites to finish extending schema before the CAS extends schema.

The extension data for Office365 does not show up because CAS is ‘waiting’ for the primaries to finish schema extension.

While the primaries already finished schema extension, due to replication on this table not correct, the CAS still assumes the primaries are not finished yet.

So the fix is actually to fix replication for this table – after which inventory will work.

For fixing replication we used a dummy query that updates the missing records on the Primaries. The update forces resending missing data from Primaries to the CAS and therefore hopefully fixes replication.

Hope this helps !!

コンピテンシー取得、エンジニアのスキルアップに不可欠な「MCP試験」、最近は英語でしか受験できない科目も登場し、受験を躊躇している方もいらっしゃるのではないでしょうか。

そんな方に朗報です。

クラウド関連コンピテンシーの要件にもなっている、Microsoft Azure、Skype for Business 関連の試験が日本語で受験できるようになりました。また、試験の内容も、最新の製品・サービスに沿った内容に更新された試験もあります。

ぜひこのリストをチェックして、MCP取得プランを進めてください。

新たに日本語で提供開始されたMCP 試験
・70-534 Architecting Microsoft Azure Solutions
・70-334 Core Solutions of Skype for Business 2015
・70-333 Enterprise Voice Skype for Business 2015

日本語の試験内容が最新の製品・サービスに沿った内容に更新されたMCP試験
・70-532 Developing Microsoft Azure Solutions
・70-533 Implementing Microsoft Azure Infrastructure Solutions
・70-346 Managing Office 365 Identities and Requirements
・70-347 Enabling Office 365 Services

また、MPNパートナー専用トレーニングコース「mstep（エムステップ）」では、以下のMCP対策コースについても、以下の開催より内容の更新に対応いたします。

• mstep　「MCP 70-346/70-347 受験対策セミナー ～MCSA Office 365 対応2試験～」 ：2016年12月13日（火）
• mstep 「MCP 70-533 受験対策セミナー」　：2016年 12月 19日（月）

受講登録の準備が整い次第、mstepクラスルーム最新情報ページでご案内していきますので、お見逃しなく！！

• mstep クラスルーム

Microsoft Learning 日本のお客様向けご案内ページ

What is end of support?

The Current Branch (CB) of System Center Configuration Manager is governed by the Microsoft Modern Lifecycle Policy. Under the Modern Lifecycle Policy, support will be provided continuously if customers stay current by following the servicing guidelines. For Configuration Manager (CB), each update release is supported for twelve (12) months from its general availability (GA) release date. The first release of the Current Branch, version 1511, was made generally available on Dec 8^th, 2015 and will reach its end-of-support date on Dec 8^th, 2016. After this date, there will be no more security updates or technical support for Configuration Manager (CB – version 1511).

What does this mean?

It means that you should take action, if you are currently on Configuration Manager (CB – 1511). Microsoft will no longer provide security fixes for this version of Configuration Manager. It is important that you update your hierarchy or standalone primary site to the latest version.

If you are planning to upgrade from System Center 2012 Configuration Manager SP2 or System Center 2012 R2 Configuration Manager SP1 to the Current Branch of System Center Configuration Manager, use the latest baseline release, version 1606. This can be downloaded from Volume Licensing Service Center (search for “System Center Config”). It can also be downloaded from Microsoft Evaluation Center and MSDN.

Frequently Asked Questions

I am running System Center 2012 Configuration Manager Service Pack 1 or System Center 2012 R2 Configuration Manager. Can I upgrade to the Current Branch of System Center Configuration Manager after Dec 8^th, 2016?

The 1606 baseline does not support upgrading from either of these two versions of Configuration Manager. You will first need to upgrade to either System Center 2012 Configuration Manager Service Pack 2 or System Center 2012 R2 Configuration Manager Service Pack 1 and then upgrade to Configuration Manager (CB – version 1606).

As you try out the new features in System Center 2016 that were made generally available earlier last month, here is a summary of things you can do with System Center 2016 Service Management Automation:

1. Create a Script type runbook and see how it compares with a Workflow type runbook
2. Control where your runbook is run
3. Develop and test SMA runbooks right from PowerShell ISE
4. Take advantage of the latest PowerShell features in your SMA runbooks
   Let’s dig deeper into each of the new features:

Support for Script type runbooks

In System Center 2012 R2 Service Management Automation, runbooks were based on PowerShell Workflows only. We have now added support for native PowerShell Script type runbooks.

Advantages of using PowerShell Script type runbooks, in comparison to Workflow type runbooks:

• No compilation time when executing runbooks – runbooks start at the scheduled time and not any later
• Understanding PowerShell Workflows is not necessary to get started with Service Management Automation

However, there are some trade-offs to be made as well:

• Parallelizing execution is a little difficult than when using PowerShell Workflows
• Ability to suspend and resume is lost

You can learn more about how to use Script type runbooks through these blog posts. Overall, with the support for native PowerShell Script type runbooks, you now have the choice to use the type that best suits your needs – PowerShell Workflow or PowerShell Scripts.

Control where your runbook is run

In System Center 2012 R2 Service Management Automation, runbooks where run on all available runbook workers at random. The idea behind this was that this helped balance the load between the runbook workers. However, sometimes you might want to target a runbook worker for running a particular runbook. We have addressed this issue in System Center 2016 Service Management Automation by giving you the ability to choose which runbook worker, a runbook will run on.

You can learn more about how to use this feature through this blog post.

Develop and test SMA runbooks right from PowerShell ISE

In System Center 2012 R2, only ways to interact with Service Management Automation were through Windows Azure Pack portal or SMA PowerShell module. A lot of customers used PowerShell ISE to develop their SMA runbooks and then copied the runbook over into Windows Azure Pack portal which was cumbersome. To improve the authoring experience, we have released an add-on PowerShell ISE for Service Management Automation.

With the new add-on, you can now develop and test your runbooks right from PowerShell ISE. You can learn more about the add-on through this blog post.

As of today, you still need to use Windows Azure Pack portal to manage/monitor your runbook jobs and work with connection, schedule and module assets. In future updates, we will continue adding functionality to ISE Add-on to completely remove the dependency on Windows Azure Pack portal.

Take advantage of the latest PowerShell features in your SMA runbooks

Service Management Automation continues the support for the latest PowerShell features to meet your automation needs. For System Center 2016, this means the support for the new PowerShell 5.1 features. PowerShell 5.1 comes installed with the Windows Server 2016 and packs a lot of important new features.

Thank You!

All the new features in System Center 2016 Service Management Automation have been developed from customer and community feedback. We would like to thank all our customers who have taken part in Technical Preview program or provided feedback through other channels. Thank you and we look forward to improving the product further.

You can download and try System Center 2016 from here.

微軟推出Microsoft Teams  打造全新Office 365即時通訊工作型態

(2016年11月03日，台北)  微軟今(3) 日宣布推出Microsoft Teams，一個彙整Office 365協同合作工具的全新即時通訊工作型態。Microsoft Teams 能夠將需要進行協作的人員、對話、文件以及工具連繫在一起，賦予每月超過八千五百萬的活躍Office 365商業用戶更大的協同合作能力。

微軟執行長薩提亞·納德拉(Satya Nadella) 表示：「微軟一直致力透過科技為每個人及每個組織提升個人和團隊生產力。微軟 Office 365是目前最被廣泛用來進行創作、溝通和協作的平台。作為一個全新的即時通訊工作型態，Microsoft Teams將可為Office 365使用者在團隊工作中帶來全新的體驗。」

由微軟四大核心承諾打造：Microsoft Teams

Microsoft Teams 是基於微軟為所有使用者所許下的「四大核心承諾」而打造出來的，包括如下：

• 完全切合現今團隊需求的即時通訊工作型態：

Microsoft Teams提供持續、無間斷的即時通訊功能，讓所有人都能夠參與並可接收最新的消息。系統預設除了讓所有小組成員都可以看到團隊對話，同時也提供私人的聊天對話功能，使用者經常使用的emoji表情符號、GIF動態圖像、自訂貼圖以及KUSO貼圖等等也都應有盡有，讓使用者可以以更豐富的方式在數位化職場上表達自己的個性。

• 團隊協作樞紐：

Microsoft Teams 將Office 365既深且廣的大大小小功能完全匯聚在一起。使用者可以直接在Microsoft Teams內，隨時使用語音和視訊會議，或分享、編輯 Office文件。Microsoft Graph能夠運用智慧技術，協助使用者處理、搜集和分享相關資訊。同時，由於Microsoft Teams是建立在Office 365 Groups之上，此跨應用的會員服務能夠讓使用者更自然地切換不同的協作工具，保留合適的內容，並能輕鬆與其他人分享。

• 每一個團隊皆享有客製化服務：

因為每一個團隊都是獨特的，Microsoft Teams讓團隊能夠依據自己的需求，客製出最符合自身需求的Teams環境。 團隊成員可以建立頻道，以主題的方式來組織管理其對話交流。使用者可以用Tabs功能來自訂頻道，此功能可以讓團隊成員快速存取經常使用的文件和應用程式。Tabs的建立是為了有更好的 Office 365 使用經驗，包括像是 OneNote 、 SharePoint 和Planner或是合作夥伴的解決方案，例如即將推出的 Zendesk 和 Asana。Microsoft Teams和Exchange一樣，支援相同Connector模式，從合作夥伴的服務中提供提醒通知和更新的服務，如同Twitter或GitHub都即將可以取得此服務，並轉化為更美好的體驗。此外，它同時支援Microsoft Bot Framework，將智慧應用、夥伴合作的服務皆導入至團隊環境中。Microsoft Teams 開發者預覽也於今(3) 日同步推出，讓開發人員能夠立即開始建構與Microsoft Teams整合的各種可能。

• 擁有團隊所信賴的安全性：

身為Office 365的成員之一，Microsoft Teams藉由Microsoft 雲端運算平台能夠提供全球性規模、進階安全性與符合法規遵循的功能和體驗。資料皆會經過加密，也會以透明化的運作模式來維護客戶資料。同時，多重因子驗證可強化身分辨識保護，協助確保團隊的資料安全無虞。此外，Microsoft Teams會支援主要法規和資料保護標準，遵循主要驗證機構認證的資料處理條款，包括European Union Model Clauses、Health Insurance Portability and Accountability Act business associate agreement ( HIPAA BAA )、ISO 27001、ISO 27018 及 SSAE 16 SOC 1 和 2 報告。

微軟Office副總Kirk Koenigsbauer表示：「我們所設計的Office 365，是為了滿足每一個團隊的獨特需求，透過依據使用目的而設計建立的應用程式，像是Outlook、SharePoint和Yammer等，這些都很自然地將工作結合在一起。現在，我們有了Microsoft Teams，Office 365就可以容納所有的工作型態。」

即日起搶先體驗 Microsoft Teams

針對Office 365企業版和商務版的用戶，即日起即可開始體驗Microsoft Teams，此預覽版本已提供18種語言、於181個國家開放體驗。使用Office 365的企業IT系統管理者，可以從Office 365管理中心開啟Microsoft Teams。欲瞭解更多，請至微軟Office官方部落格查詢。

Discover the industry trends that will chart the course for cloud and hosting providers in 2017 and beyond. On November 9^th, 451 Research will present critical insights from a newly-published survey of more than 1,700 hosting and cloud customers across 10 countries. Register today if you’re new to the webcast series, or set a calendar reminder by following the link below.

2016 451 Research Study: Digital Revolution, Powered by Cloud
Wednesday, November 9th, 8:00 AM – 9:00 AM PST
Register (first-time attendees) | Add to Calendar | Live Broadcast

“Cloud is not the revolution, even though it has had an immense impact on nearly all organizations. Rather, the revolution is the digital transformation that cloud is powering… And cloud services, in particular, represent the underpinning of this revolution.” – 451 Research, 2016 Industry Trends Study

Join the experts from 451 Research to review this year’s Industry Trends study results: “Digital Transformation Powered by the Cloud”. In 2016, customers are making their cloud efforts more strategic, with a focus on growing the top line, risk reduction, and improved quality of products and services. Hear directly from your customers: What big bets are they making? What are their core business priorities? Which budget line items are shrinking? Use this critical information to build your customer-centric business.

About the Study
451 Research is a preeminent information technology research and advisory company. With a core focus on technology innovation and market disruption, they provide essential insight for leaders of the digital economy.

The 2016 Industry Trends study surveyed 1,734 hosting and cloud customers across 10 countries from February through April 2016. Research interviewed customers across small, medium-sized and large enterprises, including IT operations professionals, application developers and marketing professionals. Countries covered in the study span mature and emerging markets, including Australia, Brazil, Germany, India, Japan, Netherlands, Singapore, Turkey, the UK and the US.

Featured Presenters

Michelle Bailey SVP, Digital Infrastructure and Data Strategy

Michelle Bailey has led the industry in quantifying the impact of emerging and disruptive technologies for datacenter and IT professionals. She was ahead of the market in articulating the short-and long-term impacts of server virtualization, cloud computing and service-provider infrastructure while recommending credible strategies to IT organizations on future-proofing the datacenter. Prior to joining 451 Research, Ms. Bailey was a data scientist at a big-data startup specializing in social-media analytics and community building. She also spent more than 10 years at IDC, where she conceptualized and led its Datacenter Trends program, producing research that spanned multiple disciplines in IT and datacenter infrastructure to provide a holistic view of the evolving datacenter. Much of this research focused on datacenter transformation, with specialties in datacenter consolidation, energy efficiency, datacenter modularity, taxonomies and market sizing. In addition to being named Analyst of the Year at IDC, Ms. Bailey was the 2010 recipient of the prestigious Peacock Award for excellence in market research. With over 20 years’ experience in the fields of market research, data analytics and IT consulting, Ms. Bailey is frequently quoted in the business press and technology magazines and is a highly sought-after speaker at leading industry events. Ms. Bailey holds an Honors Degree in Mathematical Statistics from Monash University, Australia.

Hello all,

first of all: SORRY!

Aside of changing my role on July 2016 within Microsoft, I was heavy loaded the last few month with loads of stuff,

became father again with a cute tiny daughter just recently and hence weren’t able to maintain my blog properly the passed weeks.

So please apologize for my silence and for the missing updates!  I’ll promise to get back more closely with keeping my Blog on a recent state!

As said, it’s been a while ago I’ve posted something new so let me start this with a new notice:

Change:

After 8 years it was time for me to move on into new opportunities and with commitment to our companies strategy while tranforming to new horizons,

I changed my role at Microsoft from Support Engineering to Fast track Center in July 2016.

Therefore I had to clean up and hand off loads of stuff from old role and got ramped up in the new team with other new challenges

which kept me blocked to post anything new during the last few weeks.

So for my still existing “SharePoint Versions Build Number sheets”  I’ll keep them updated further!

I’d appreciate if you stay subscribed to my posts and even if its not hot updated with CUs just fresh backed, I’ll keep it going

For quick reference, pls. find them here:

• Builds and Updates for MOSS/WSS – (applies to: Microsoft Office SharePoint Server 2007 and Windows SharePoint Services 3.0)
• SharePoint 2010 Build Numbers (Cube Sheet) –  (applies to: SharePoint 2010 Server and SharePoint Foundation ; aka WSSv4)
• SharePoint 2013 Build Numbers Archive, up to SP1
• SharePoint 2013 Build Numbers since SP1 and current
• SharePoint 2016 Cube Sheet

Once in a while I will also publish some other “fresh” posts that I still have in mind from my Support Engineering experiences, so it may be worth to stay tuned
as I have some cool stuff to come which was on my plate long time but in lack of time not posted yet

Cya soon and hope you stay faithfully with my blog

cheers, Steve

Discover the key changes as Microsoft streamlines the technical certification pathways. From new launches to a big shift in how you certify, understand the critical changes that will affect you.

On 21 September, Microsoft announced it was streamlining its technical certification pathways

Alongside the launch of eight certifications and the retirement of thirteen, there were big shifts which will affect how you earn and recertify Microsoft certifications. Not to mention the fact you may have already earned a new certification.

Make sure you understand the key changes, read on to discover all the changes and how they could affect you.

Discover the new Microsoft certifications

Whilst the launch focussed on the release of five new Microsoft Certified Solutions Expert (MCSE) and Developer (MCSD) specialties, three new Associate (MCSA) specialities were also launched at the same time. These include:

MCSE: Cloud Platform and Infrastructure – prove your expertise in bringing the benefits of cloud technologies to your business – including Azure and Windows Server 2016

MCSE: Mobility – demonstrate your skills across the Windows Client and Enterprise Mobility Suite

MCSE: Data Management and Analysis – show your specialist SQL Server skills across administration, business intelligence or building data solutions

MCSE: Productivity – demonstrate the skills to boost business productivity through Office 365, SharePoint, Exchange or Skype for Business

MCSD: App Builder – prove the skills to build modern mobile and web applications

MCSA: Cloud Platform – demonstrate your expertise with Microsoft cloud-related technologies

MCSA: Web Applications – prove you have the expertise to build and implement modern applications that scale

MCSA: Universal Windows Platform – show you can build Universal Windows Platform apps that scale across the range of Windows devices

You can begin earning these certifications now. In fact, Firebrand already offer an accelerated route to the new and MCSD and MCSE certifications.

Understand how earning a new MCSD or MCSE has changed

Alongside the new MCSE and MCSD certifications comes a fundamental change in how you earn them. The first stage of needing a prerequisite MCSA remains the same. It’s the next stage where the big change has happened.

Before, you were required to pass a set pathway of two or three exams to earn your MCSE or MCSD. Now, you only need to pass one exam, which you choose from 5 to 10 options, known as electives. Those with long memories will recognise this change as a throwback to the old days of earning Microsoft certifications prior to 2008.

Check out the new Microsoft certification pathways on a recent post I created to get an in depth look at the pathways and elective exams.

Understand the fundamental change to recertification

Recertification is dead. You are no longer required to pass a recertification exam every two to three years to keep you credential in the Active section of your transcript.

You do not need to recertify the new MCSE/MCSD certifications, they will remain on the Active section of your transcript. You can however re-earn your certification every year by passing an additional elective exam aligned to your chosen credential. This demonstrates your growth in Microsoft product knowledge, alongside the rapid evolution of some Microsoft technologies – where new features are launched weekly.

As a result, all recertification exams are retiring. Microsoft will also continue launching multiple new electives on a yearly cycle – aligned to the new certifications. This means you can re-earn your certification and prove new knowledge on the latest technologies or upgrades to rapidly changing platforms like Azure.

Certifications are retiring, curriculum and exams are not

Whilst Microsoft announced the retirement of thirteen MCSE and MCSD certifications, the Microsoft Official Curriculum (MOC) and exams aligned to earning these have not. These corresponding MOCs and exams have been redistributed as elective options for the new streamlined technical certifications.

The thirteen certifications retiring 31 March 2017 are as follows:

• MCSE: Server Infrastructure
• MCSE: Private Cloud
• MCSE: Data Platform
• MCSE: Business Intelligence
• MCSE: Enterprise Devices and Apps
• MCSE: SharePoint
• MCSE: Communication
• MCSE: Messaging
• MCSD: Application Lifecycle Management
• MCSD: Universal Windows Platform
• MCSD: Azure Solutions Architect
• MCSD: Web Applications
• MCSD: SharePoint Applications

You may have a new MCSE or MCSD certification already

If you currently hold an active MCSE or MCSD certification, your MCP transcript is being re-evaluated in line with the new MCSE and MCSD certification requirements. As such, you will earn one of the new corresponding MCSE of MCSD certifications for 2016, without having to take an additional exam.

The list of eligible certifications and corresponding certifications are below:

If you currently hold an inactive MCSE or MCSD from the list above, you have until 31 December 2016 to earn a new MCSE or MCSD. You can do this by taking a recertification exam or choosing from the list of electives associated with the new MCSE or MCSD certifications.

So there you have it, a straight forward look at all the major changes resulting from the new streamlined technical certifications.

It’s also worth checking out Larry Kaye’s post on the Born to Learn blog, where he answers the top 12 questions on the new certification paths. This is especially relevant if you have questions about how the new certifications affect your MPN Partner status.

EMET – Then and Now

Microsoft’s Trustworthy Computing initiative was 7 years old in 2009 when we first released the Enhanced Mitigation Experience Toolkit (EMET). Despite substantial improvements in Windows OS security during that same period, it was clear that the way we shipped Windows at the time (3-4 years between major releases) was simply too slow to respond quickly to emerging threats. Our commercial customers were particularly exposed since it often took years to deploy new OS versions in large scale environments. And thus, EMET was born as a stop-gap solution to deliver tactical mitigations against certain zero-day software vulnerabilities.

For Microsoft, EMET proved useful for a couple of reasons. First, it allowed us to interrupt and disrupt many of the common exploit kits employed by attackers at the time without waiting for the next Windows release, thus helping to protect our customers. Second, we were able to use EMET as a place to assess new features, which directly led to many security innovations in Windows 7, 8, 8.1, and 10.

But EMET has serious limits as well – precisely because it is not an integrated part of the operating system. First, many of EMET’s features were not developed as robust security solutions. As such, while they blocked techniques that exploits used in the past, they were not designed to offer real durable protection against exploits over time. Not surprisingly, one can find well-publicized, often trivial bypasses, readily available online to circumvent EMET.

Second, to accomplish its tasks, EMET hooks into low-level areas of the operating system in ways they weren’t originally designed. This has caused serious side-effects in both performance and reliability of the system and the applications running on it. And this presents an ongoing problem for customers since every OS or application update can trigger performance and reliability issues due to incompatibility with EMET.

Finally, while the OS has evolved beneath it, EMET hasn’t kept pace. While EMET 5.5x was verified to run on Windows 10, its effectiveness against modern exploit kits has not been demonstrated, especially in comparison to the many security innovations built-in to Windows 10. 

Windows 10 – A New OS for a Dangerous World

Not surprisingly, the top customer feedback on EMET has consistently been to build such protections directly into the operating system. But to do that, Microsoft first had to change how we shipped Windows so that customers won’t have to wait years for new protections to come online.

Beginning with Windows 10, that’s exactly what we did with the move to Windows as a Service. Since its initial launch in July 2015, there have already been two major updates released and that pace is expected to continue. More importantly, each major update of Windows 10 has brought with it substantial new innovations in security. For example, the Microsoft Edge browser was built from the start with security as a top feature. Revolutionary new Windows 10 features like Device Guard, Credential Guard, and Windows Defender Application Guard (coming soon) use hardware virtualization to protect against vulnerability exploits and malware. Windows Defender Advanced Threat Protection (ATP) provides post-breach detection and response for Windows 10 enterprise users. And, of course, Windows 10 includes all of the mitigation features that EMET administrators have come to rely on such as DEP, ASLR, and Control Flow Guard (CFG) along with many new mitigations to prevent bypasses in UAC and exploits targeting the browser.

With the types of threats enterprises face today, we are constantly reminded of this simple truth: modern defense against software vulnerabilities requires a modern platform. That platform is Windows 10 – an always up-to-date version of Windows that is continually improved to help protect against the latest threats. To help make the transition to Windows 10, we will publish a detailed guide for administrators currently using EMET.

Updated Support End Date for EMET 5.5x

Finally, we have listened to customers’ feedback regarding the January 27, 2017 end of life date for EMET and we are pleased to announce that the end of life date is being extended 18 months. The new end of life date is July 31, 2018. There are no plans to offer support or security patching for EMET after July 31, 2018. For improved security, our recommendation is for customers to migrate to Windows 10.

– Jeffrey Sutherland

Do you think you are just an ordinary person browsing the Internet and nobody really cares about hacking your account? You are probably wrong about that! Good news is that if you are using Microsoft Account (Hotmail, Outlook, etc), you can see if someone is trying to logon to your account and the geo location from where that person (or bot) tried to logon. Go to https://account.live.com/Activity and logon with your Microsoft account. When you get there, you will see the logging activity, in my case I noticed that on Halloween day someone tried to logon in my account Hong Kong, as you can see below:

To learn more about activity page read What is the recent activity page? article.

Whoo hoo, we have released Microsoft Teams yesterday which is very exciting. There is plenty of kewl information available for you to use to start playing around with it.

To enable it in your Office 365 tenant what you need to do is (in Home > Settings & add-ins):

Then you can turn on Microsoft Teams by clicking the On/Off bar. We’ll hopefully see Microsoft Teams on by default in the future J.

If you want to watch a video on using Microsoft teams check out this Video.

https://www.youtube.com/watch?v=tAqAtI6K7NY&feature=youtu.be

If you want some more information go here

https://blogs.office.com/2016/11/02/introducing-microsoft-teams-the-chat-based-workspace-in-office-365/

https://products.office.com/en-AU/microsoft-teams/group-chat-software

Happy Skype’ing

Steve

（この記事は 2016 年 8 月 31 日にMicrosoft Partner Network blog に掲載された記事 Partners join forces to develop robust IoT solutions for smart buildings の翻訳です。最新情報についてはリンク元のページをご参照ください。)

IDC の推定 (英語) では、モノのインターネット (IoT) の市場規模は 2014 年の 5,917 億ドルから、年平均 17% の成長率で拡大し、2019 年には 1.3 兆ドルに達すると見ています。また、Business Insider の予測 (英語) によると、インターネットに接続されたデバイスは 2015 年の 100 億台から 2020 年には 340 億台にまで増加する見込みです。こうした数字からも明らかなように、IoT は大いなる可能性を秘めた一大ビジネスであると言えます。

この画期的なトレンドに着目したとき、たとえばパートナー様が、データ分析のスペシャリストで構成される世界トップ クラスのチームに、業界をリードする IoT デバイスのエンジニアを迎え入れたら、どのような変化が現れるのだろうと興味が湧きました。そして結論として、力を集結すれば、実際に IoT のさまざまな機能のレベルを引き上げられることがわかりました。

これは、マイクロソフトのパートナー様である Candi Controls (英語) と WinWire (英語) の 2 社が、カリフォルニアのスマート ビルディングに関する興味深いプロジェクトを共同で進めた際に起こったことです。両社のパートナーシップを通じて、スマート ビルディングの運営と資産についてリアルタイムのインサイトを提供するエンドツーエンドの IoT ソリューションが完成しました。今回の記事では、彼らのパートナーシップが成功を収めた背景をご紹介します。

協業に至ったきっかけ

「お客様がすべての始まりでした」

– Candi Controls、Steve Raschke 氏

Candi Controls は、最新のエンドポイントや旧式のエンドポイントからデータを収集して使用可能な形式の情報に変換するという、最先端のソリューションの設計に注力している IoT パートナー企業です。一方 WinWire は、マイクロソフトと古くから強固な関係を築いてきた、データ分析を専門とするパートナー企業です。IoT ソリューションから収集されたデータを取り込んで、実用的なインサイトとしてダッシュボードからお客様に提示しています。あるとき、Candi Controls のお客様が、デバイスから収集されたデータをもっと便利に視覚化できる方法を探していました。しかしそれは、Candi Controls の専門とする分野ではありません。

そこで、Candi Controls のチームは 2015 年の Ignite カンファレンスに参加した際、Microsoft Azure IoT チームに相談し、データ視覚化の優れたパートナー企業として WinWire を紹介してもらうことになりました。WinWire が推挙されたのは、ダッシュボードや分析情報を提供できる有能なパートナー企業であり、Candi Controls のお客様が IoT ソリューションから得たインサイトをすばやく簡単に活用できるようにサポートできると見込まれたからでした。

パートナーシップを組むことで、そして Azure や Cortana Analytics のようなマイクロソフト製品を活用することで、2 社はそれぞれの得意分野に効果的に専念できると同時に、マイクロソフト製品全般の最新のテクノロジを継続して活用することができました。

協業がお客様にもたらすメリット

このパートナーシップが功を奏し、スマート ビルディングやスマート シティ向け IoT ソリューションの提供を目指した取り組みが続いています。Candi Controls と WinWire がタッグを組んだことで、Candi Controls のクライアントである Synnex は、テクノロジ業界の IoT 機能の活用をサポートするエンドツーエンドのソリューションを手に入れました。Synnex のねらいは、IoT デバイスやモニターを利用して、もっとインテリジェントな方法で同社のビルを運営することです。スマート ビルディングのコンセプトは、電力、空調、環境照明の設定、さらにはオフィスの導線など、資源利用やコストに影響する可能性のあるさまざまな要因をユーザーがモニタリングし、すぐさま対応できるようにするというものです。これらを最適化する機能を利用すれば、一般的には光熱費を 10 ～ 30% 節約しながら、入居者の満足度を高めるにはどうしたらよいのかをリアルタイムに判断することが可能です。

「大幅なコスト削減と生産性の向上が達成され、しかもその成果をデータから簡単に確認できるのです」

– Candi Controls、Steve Raschke 氏

スマート ビルディング分野の IoT アプリケーションの中でも大規模なものになると、その機能は最終的に運営コストの削減に行き着きます。入居者が電力の使用を望まなくても、ビルの冷暖房や照明のためにエネルギーは常に消費されています。また、生産性の低さや顧客の不満が、ビジネスの収益に重大な影響を及ぼす場合もあります。

協業がパートナー様にもたらすメリット

Candi Controls の CEO である Steve Raschke 氏は、「当社は、ビルから収集した IoT データを抽出して提供するプロセスに精通しています。そこが当社の得意とするところです。技術的な課題としては、複雑なプロトコル、サービスの競合、異なる物理トランスポート層といったものが挙げられます」と語っています。しかし、実際に情報をうまく収集できても、膨大な量の情報を処理して視覚化するプロセスについての専門スキルを身に付けられるわけではありません。そこで、WinWire と協力することで、サービスを拡張し、視覚化機能や分析機能、データをクラウドに移行するときに必要なコンサルティング サービスも提供できるようになったのです。このパートナーシップを通じて、Candi Controls はデータに多くの価値を持たせて提示できるようになり、お客様のために IoT サービスを完成させることができました。

WinWire は、IoT が次に来る大きな市場トレンドであり、収益性の高いビジネスになることを認識していました。同社が得意とするデータ分析機能はすばらしいものでしたが、IoT 分野への進出を考えたときに、ハードウェアという主な障害を克服するには、Candi Controls が提供する補完的なサービスとデバイスが必要でした。

WinWire のソリューションおよびプロダクト担当 SVP である Hemant Srivastava 氏は、「データが Azure に格納されれば、そこからは当社の知識と経験の出番です。分析を実行してビジネス インテリジェンスを使用し、お客様にとって実用的な情報へとデータを変換します」と語っています。ただし、クライアントの拠点に点在する 400 の地点からデータを取得する手段が必要でした。そこで、情報を利用できる形式で入手するために、Candi Controls の助けを借りたのです。

マイクロソフトを通じた協業によってパートナー様のビジネスはどのように拡大したか

「マイクロソフトのすばらしい点は、Microsoft Partner Network を提供している以外に、当社のようなクラウドのエンドポイントに接続している企業と、WinWire のようなクラウドのデータを取り込んで活用している企業との間を、ビジネス レベルだけでなくデータやツールのレベルでも結び付けていることです。こうした結び付きは単なる企業どうしの関係にとどまらず、テクノロジを通じた真のつながりによって両社のビジネスにメリットを生み、互いのお客様に共同でサービスを提供することを可能にしています」

– Candi Controls、Steve Raschke 氏

このパートナーシップを通じて、両社ともそれぞれのクライアントに効果的にサービスを提供できるようになりました。IoT ソリューションのすばらしい実例ではないでしょうか。

今回ご紹介したパートナーシップの詳細については、先日公開された顧客事例 (英語) をご覧ください。お客様に付加価値を提供するために他のパートナー様との協業を検討されている場合は、まずオンライン ポータル (英語) をご確認ください。

Freschissima è la notizia dell’annuncio di Microsoft Team.

Si tratta di un vero e proprio spazio virtuale dove poter creare differenti progetti (Channel) e condividere all’interno di ciascuno di essi documenti, informazioni e aggiornamenti relativi al progetto stesso. Inoltre è possibile impostare delle discussioni tramite delle chat con tutti i membri del tuo team o con uno di essi oppure organizzare delle call online di allineamento sul progetto.

Il modo di comunicare ha subìto una rivoluzione negli ultimi anni: pensiamo alle chat, ai messaggi di testo, ai social network che ci hanno imposto di essere sintetici e a effetto. Tutto questo, calato nel mondo enterprise, si traduce in collaborazione, velocità e agilità di comunicazione. Microsoft Teams permette di ottenere brillanti risultati anche su dispositivi mobili, e la piattaforma che usi non è un limite: l’App infatti è prevista per Windows (3264 bit), Windows Phone, Mac, iPadiPhone e Android.

Microsoft Teams si basa sulla piattaforma della collaborazione per definizione, ovvero Office 365: scopri come attivarlo sin da subito nel tuo Portale grazie a questo video. Se non hai ancora Office 365 attiva immediatamente una Trial per scoprirne le mille opportunità.

If you work for a Cloud Service Provider or Enterprise, you might be interested in learning about all of the Software Defined Networking technologies that are available in Windows Server 2016, which was released in October, 2016 and is now available.

Following is a brief rundown of these technologies, as well as Windows Server 2016 Technical Library links to overview information for each technology.

Network Controller

Network Controller provides a centralized, programmable point of automation to manage, configure, monitor, and troubleshoot virtual and physical network infrastructure in your datacenter.

Network Function Virtualization

Network functions that are being performed by hardware appliances (such as load balancers, firewalls, routers, switches, and so on) are increasingly being virtualized as virtual appliances.

Microsoft has virtualized networks, switches, gateways, NATs, load balancers, and firewalls, including the following:

• RAS Gateway for SDN. RAS Gateway is a software-based, multitenant, Border Gateway Protocol (BGP) capable router in Windows Server 2016 that is designed for Cloud Service Providers (CSPs) and Enterprises that host multiple tenant virtual networks using Hyper-V Network Virtualization.
• Border Gateway Protocol (BGP). When configured on a Windows Server 2016 Remote Access Service (RAS) Gateway, Border Gateway Protocol (BGP) provides you with the ability to manage the routing of network traffic between your tenants’ VM networks and their remote sites. BGP reduces the need for manual route configuration on routers because it is a dynamic routing protocol, and automatically learns routes between sites that are connected by using site-to-site VPN connections.
• Software Load Balancing (SLB) for SDN. Cloud Service Providers (CSPs) and Enterprises that are deploying Software Defined Networking (SDN) in Windows Server 2016 can use Software Load Balancing (SLB) to evenly distribute tenant and tenant customer network traffic among virtual network resources. The Windows Server SLB enables multiple servers to host the same workload, providing high availability and scalability.
• Datacenter Firewall.  Datacenter Firewall is a new service included with Windows Server 2016. It is a network layer, 5-tuple (protocol, source and destination port numbers, source and destination IP addresses), stateful, multitenant firewall. When deployed and offered as a service by the service provider, tenant administrators can install and configure firewall policies to help protect their virtual networks from unwanted traffic originating from Internet and intranet networks.

Hyper-V Network Virtualization

Hyper-V Network Virtualization (HNV) enables virtualization and isolation of customer networks on top of a shared physical network infrastructure.

Internal DNS Service (iDNS) for SDN

Hosted virtual machines (VMs) and applications require DNS to communicate within their own networks and with external resources on the Internet. With iDNS, you can provide tenants with DNS name resolution services for their isolated, local name space and for Internet resources.

Remote Direct Memory Access (RDMA) and Switch Embedded Teaming (SET)

You can use a converged NIC to combine both RDMA and Ethernet traffic using a single network adapter. The converged NIC allows you to use a single network adapter for management, Remote Direct Memory Access (RDMA)-enabled storage, and tenant traffic. This reduces the capital expenditures that are associated with each server in your datacenter, because you need fewer network adapters to manage different types of traffic per server.

SET is a NIC Teaming solution that is integrated in the Hyper-V Virtual Switch. SET allows the teaming of up to eight physical NICS into a single SET team, which improves availability and provides failover. In Windows Server 2016, you can create SET teams that are restricted to the use of Server Message Block (SMB) and RDMA.

Windows Server Containers

Windows Server Containers are a lightweight operating system virtualization method used to separate applications or services from other services that are running on the same container host. To enable this, each container has its own view of the operating system, processes, file system, registry, and IP addresses. With Windows Server 2016, you can now connect Windows Server containers to virtual networks.

(この記事は 2016 年 11 月 2 日に Office Blogs に投稿された記事 Introducing Microsoft Teams—the chat-based workspace in Office 365 の翻訳です。最新情報については、翻訳元の記事をご参照ください。)

今回は、Office チームのコーポレート バイス プレジデントを務める Kirk Koenigsbauer の記事をご紹介します。

本日、ニューヨークで開催されたイベントにおいて、マイクロソフトは Office 365 の新しいチャット中心ワークスペース、Microsoft Teams を発表しました。Microsoft Teams は、チームが簡単に共同作業を行い、より多くの成果を達成できるように、他のユーザー、会話、コンテンツ、必要なツールにまとめてアクセスできるようにする、まったく新しいエクスペリエンスです。Microsoft Teams は、使い慣れた Office アプリケーションとシームレスに統合されており、Office 365 のグローバルで安全なクラウドにゼロから構築されています。本日より、Office 365 Enterprise または Business プランをご利用の法人のお客様を対象として、日本および日本語を含む、181 か国、18 の言語で Microsoft Teams のプレビュー版の提供が開始されます。一般提供開始は 2017 年第 1 四半期を予定しています。

マイクロソフトは、ユーザーや企業がより多くの成果を達成できるように支援するというミッションに全力で取り組んでいます。そして、この目的の中核を成すのは、クラウドとモバイルの世界に対応するように生産性に変革をもたらすことです。Microsoft Teams が開発された背景には、従業員やチームが業務を遂行する方法が大幅に変化し、それに伴って多大なビジネス チャンスが生じたことが挙げられます。コミュニケーションや情報が絶えず流れてくるように、チームの敏捷性は向上し、組織構造は平面化しました。マイクロソフトは、Microsoft Teams を通じて、よりオープンなデジタル環境を実現することを目指しており、チーム メンバー全員が常に最新情報を把握できるように、チーム全体で作業を視覚化、統合、アクセス可能にします。

Microsoft Teams が優れた業績を挙げるチーム向けのデジタル ワークスペースとなるように、マイクロソフトは以下の 4 つの重要なメリットを実現します。

今日のチーム向けのチャット

1 つ目に、Microsoft Teams は、今日のチーム向けの最新の会話エクスペリエンスを実現します。Microsoft Teams では、チーム メンバー全員が常に会話に参加できるように、スレッド構造の常設チャットをサポートしています。既定では、チームの会話はチーム全体に表示されますが、もちろん会話を非公開にすることも可能です。また、Skype との緊密な統合により、チームは音声会議やビデオ会議に参加できます。さらに、各ユーザーがデジタル ワークスペースで絵文字、スタンプ、GIF、カスタム ミームを使用して個性を発揮することもできます。

チームワークを実現するためのハブ

2 つ目に、Microsoft Teams はチームワークを実現するためのハブの役割を果たし、Office 365 のフル機能を活用することできます。Microsoft Teams には、Word、Excel、PowerPoint、SharePoint、OneNote、Planner、Power BI、Delve がすべて組み込まれており、ユーザーはすべての必要な情報やツールにすぐにアクセスできます。また、Microsoft Graph を利用したインテリジェント サービスは、ワークスペースのあらゆる場所に表示され、関連性の高い情報の表示、発見、共有を支援します。さらに、Microsoft Teams の基盤となっている Office 365 グループは、クロスアプリケーションのメンバーシップ サービスで、共同作業支援ツールを簡単かつスムーズに切り替えられるように、それまでの会話を維持して、他のユーザーとの共有を可能にします。

それぞれのチームに合わせてカスタマイズ可能

3 つ目に、すべてのチームは異なるため、マイクロソフトはユーザーがさまざまな方法でワークスペースをカスタマイズできるように重点的に取り組んでおり、一般提供の開始時にリッチな拡張 API やオープン API を公開します。たとえば、タブを使用すると、よく使用するドキュメントやクラウド サービスにすばやくアクセスすることができます。また、Microsoft Teams は Exchange と同じコネクタ モデルを採用しており、Twitter や GitHub などのサードパーティ サービスの通知やアップデートを受信することができます。さらに、チーム環境でファーストパーティおよびサードパーティのインテリジェント サービスを利用できるように、Microsoft Bot Framework の完全なサポートを追加しています。

また今回、開発者が Microsoft Teams を拡張できる Microsoft Teams Developer Preview プログラムを発表 (英語) しました。一般提供開始時には初期パートナーの Zendesk、Asana、HootSuite、Intercom をはじめ、150 社を超えるパートナー製品との統合が予定されています。このプログラムは、ユーザーが求めているカスタマイズや、開発者コミュニティが Microsoft Teams と統合するために必要とするツールやサポートを提供する取り組みへの第一歩です。

チームが信頼できるセキュリティ

4 つ目に、Microsoft Teams は、Office 365 のお客様が期待する高度なセキュリティおよびコンプライアンス機能を提供します。データは、通信時にも保存時にも暗号化されます。マイクロソフトの他の商用サービスと同様に、顧客データへの常時アクセスを禁止する透明性の高い運用モデルが採用されています。Microsoft Teams は、EU モデル条項、ISO 27001、SOC 2、HIPAA などの主要なコンプライアンス基準に準拠しています。また、お客様が期待されるとおり、Microsoft Teams は他の Office 365 サービスと同様に、ハイパースケールのグローバルなデータセンター ネットワークから提供されており、Office 365 に自動的にプロビジョニングされて一元管理されます。

Office 365 ユニバーサル ツールキットに Microsoft Teams を追加

今回、世界中のユーザーや企業の多様なニーズに対応する共同作業支援アプリケーションおよびサービスの広範なポートフォリオに Microsoft Teams が追加されます。8,500 万人の月間アクティブ ユーザーの皆様にご利用いただいて明らかになったことは、共同作業に関するニーズはグループごとにすべて異なるということです。Office 365 は、あらゆるグループの独自のワークスタイルに対応するように設計されており、互いに緊密に統合された多数の目的別のアプリケーションが含まれています。

• Exchange は、企業向けメールの分野で不動のリーダーの地位を確立しており、Gartner の調査 (英語) によると、「クラウド メールを使用し収益が 100 億ドルを超える企業の 80% のシェアを占めている」という結果が出ています。
• SharePoint は、20 万社を超える企業と 1.9 億人を超えるユーザーが利用しているイントラネットおよびコンテンツ管理ソリューションです。
• Yammer は、Fortune 500 企業の 85% が企業間での対話に利用している仕事用のソーシャル ネットワークです。
• Skype for Business は、リアルタイムの音声通話、ビデオ通話、会議を実現し、1 か月に 1 億件を超える会議をホストしています。
• Office 365 グループは、クロスアプリケーションのメンバーシップ サービスで、共同作業支援ツールを簡単かつスムーズに切り替えられるようにします。

今すぐ Microsoft Teams をご利用ください

初期プライベート プレビューにご参加いただいたお客様には、Microsoft Teams のメリットを実感いただいています。「Office 365 の Microsoft Teams の早期利用を行った結果、これは当社が求めていたデジタル コックピットだと考えるようになりました」と、Accenture の CIO を務める Andrew Wilson 氏は述べています。本日よりパブリック プレビューの提供が開始され、管理者は Office 365 管理センターで Microsoft Teams を有効にすることができます。Microsoft Mechanics の動画 (英語) で Microsoft Teams の実際の動作をご覧になり、ぜひご利用を開始してください。

—Kirk Koenigsbauer

よく寄せられる質問

Q. Microsoft Teams はどの Office 365 プランで利用できますか。

A. Microsoft Teams は、Business Essentials、Business Premium、Enterprise E1、E3、E5 のいずれかのプランをご利用の Office 365 の法人のお客様がご利用になれます。また、提供終了までに E4 を購入されたお客様もご利用になれます。

Q. Office 365 管理者が Microsoft Teams のプレビュー版にアクセスするにはどうすればよいですか。

A. Microsoft Teams を有効にするには、Office 365 管理センターにアクセスし、[Settings] > [Services & Add Ins] > [Microsoft Teams] の順にクリックします。

Q. Microsoft Teams が対象となるすべての Office 365 のお客様に提供される時期を教えてください。

A. 2016 年 11 月 2 日より、対象の Office 365 の法人のお客様に向けて Microsoft Teams のプレビュー版の提供が開始されます。このサービスの一般提供開始は、2017 年の第 1 四半期を予定しています。

Q. Microsoft Teams でサポートされているプラットフォームを教えてください。

A. Microsoft Teams は Windows、Mac、Android、iOS と Web プラットフォームで動作します。

Q. Microsoft Teams でサポートされているセキュリティおよびコンプライアンス レベルを教えてください。

A. リリース時には、Microsoft Teams は Office 365 Tier C に準拠する見込みです。この広範なグローバル コンプライアンスおよびデータ保護要件には、ISO 27001、ISO 27018、EUMC、SOC 1 (Type I & II)、SOC 2 (Type I & II)、HIPAA、FERPA が含まれています。また、Microsoft Teams では、2 要素認証、Active Directory を利用したシングル サインオン、通信中および保存中のデータの暗号化が行われます。

Q. Office 365 管理者が Microsoft Teams について学習するうえで役立つトレーニングはありますか。

A. マイクロソフトは、IT 管理者向けに現在 2 種類のトレーニングをご用意しています。トレーニングをご覧いただくには、Microsoft Virtual Academy (英語) の Web サイトにアクセスしてください。Microsoft Teams の詳細については、Microsoft Mechanics (英語) の動画および Microsoft Teams Tech Community (英語) をご覧ください。

※ 本情報の内容 (添付文書、リンク先などを含む) は、作成日時点でのものであり、予告なく変更される場合があります。

As you are probably aware, Microsoft previously announced Windows servicing changes on down level operating systems aiming to have a more consistent and simplified servicing experience to down level operating systems. As part of this simplified servicing model, the 2^nd Tuesday of each month will see the release a new Security Monthly Quality Rollup and a new Security Only Quality Update. As the Security Monthly Quality Rollup contains the same security fixes as the Security Only Quality Update, as well as all fixes from previous monthly rollups and Security Only Quality Updates, there is a supersedence relationship between these updates. This supersedence allows installers of the Security Monthly Quality Rollup to see that fixes in earlier Rollups and Security Only updates are included, and allows for machine disk space to be managed appropriately when updates are superseded. See More on Windows 7 and Windows 8.1 servicing changes for more information about the servicing changes and supersedence rules.

Cross-Month and Intra-Month Supersedence Relationships

In Configuration Manager 2007 (ConfigMgr 2007), superseded updates are automatically expired and can no longer be deployed using the built-in software updates management (SUM) feature. As noted above, there is a cross-month supersedence relationship as well as an intra-month supersedence relationship between Security Only Quality Updates and Security Monthly Quality Rollups. For example, the Security Monthly Quality Rollup released in November will supersede the Security Only Quality Update also released in November as well as the updates (Security Monthly Quality Rollup and Security Only Quality Update) released in October.

Operational Impact (Security Monthly Quality Rollup Deployments)

Configuration Manager 2007 customers have roughly a month (from the 2^nd Tuesday of each month to the following 2^nd Tuesday) to test and fully deploy a new Security Monthly Quality Rollup for a given month using the SUM feature. If this deployment does not complete before the next superseding rollup is released, there are two primary options to continue:

1. Choose to switch to testing and deploying the latest superseding Security Monthly Quality Rollup using the SUM feature.

OR

2. Choose to deploy the superseded Security Monthly Quality Rollup using an alternate deployment method (outside of SUM), such as general software distribution.

Operational Impact (Security Only Quality Update Deployments)

Given that new Security Only Quality Updates are superseded by the new Security Monthly Quality Rollup for the same month, they will be marked as expired and unavailable for deployment each month via the SUM feature. Customers that desire to install Security Only Quality Updates will need to do so using an alternate deployment method (outside of SUM), such as general software distribution.

Alternate Deployment Methods (Software Distribution)

Using the software distribution feature to deploy superseded updates, which you may have done previously in the past, will entail manually downloading the desired update content from the online Microsoft Update Catalog site. The update content will be .MSU based. Wusa.exe is the command line installer that can be used to install the updates. See Description of the Windows Update Standalone Installer in Windows for more information about using Wusa.exe.

Important Notes:

1. There will be update content packages per down level OS and per platform. Multiple packages and programs may be needed, as applicable.

2. You may need to create specific collections for targeting. It could be as simple as ‘All Windows 8.1 Computers’ or as complex as ‘All Windows 8.1 Computers that Require October’s Security-only Quality Update’.

3. You may need to test and define recurring advertisements designed to reinstall updates that are removed by end users.

4. Configuration Manager (current branch) and Configuration Manager 2012 have a Supersedence Rules feature that allows customers to define the expiration behavior for superseded updates. For example, instead of superseded updates being expired immediately, you can define that there is a three (3) month wait, allowing additional deployment time.

Microsoft System Center Configuration Manager 2007 System Center 2012 Configuration Manager ConfigMgr 2012 R2

Here is a little known trick that you can do if you have AD permissions to manage your own account: when you are prompted to change your password when its age has expired, do this:

• Start AD Users & Computers, and find your account.
• Open the Accounts tab, check the box next to “User must change password at next logon”, and click Apply.
• Clear the box next to “User must change password at next logon”, and click Apply.

Done. You no longer have to reset your password, and in the meantime, you did not have to change your password. Good idea? Of course not. If your account is set to expire, this was done for security reasons. Bypassing it and keeping the same password forever compromises security, and worse, you did it on purpose.

The way this trick works is simple. Each account has an attribute called pwdLastchanged. This records the timestamp of the most recent password change. If you set “User must change password at next logon” the value of pwdLastchanged gets set to the specific value of 0 (zero). This value tells AD to prompt the user at next logon to change his password. If you clear the flag again, the attribute must get another value than zero, of course. But which value? The choice the AD designers made was to assign the current time… so the overall effect is that it seems as if the user changed his password just now.

Many companies monitor their admin accounts for the flag “password never expires”, making sure it is not set on these accounts. If an admin changes this flag, it is visible. The trick above is not visible for inspection, at least not easily. But I would not be posting this if I did not have a solution. The trick is to look at replication metadata. There is a famous TechNet article called How the Active Directory Replication Model Works that explains all this, but for now let me give you the really short summary.

Each attribute on an AD object has replication information, the metadata. This data contains useful information such as update version numbers, timestamp of the last change, and the DC that made the last change to the attribute. Taking for example the attribute unicodePwd, its metadata would show when the password was last written. You can see the troubleshooting potential here. In one shot you can see where an attribute was last changed, and when. You can immediately go to that DC to investigate further.

With sufficient permissions you can read this data using tools like repadmin or PowerShell. Typically, a Domain Admin is needed. Interestingly, Full Control on an object is not sufficient, you really need high-level domain permissions. The following working sample script does the job of reading the required information to determine if an admin cheated at setting his/her password:

[powershell]
[CmdletBinding()]
param (
[Parameter(Mandatory=$True,ValueFromPipeline=$True,ValueFromPipelinebyPropertyName=$True)]
[string] $DistinguishedName,
[Parameter(Mandatory=$false)]
[string]$dc=(Get-ADDomainController -service PrimaryDC -Discover).hostname
)

PROCESS
{
Get-ADReplicationAttributeMetadata -server $dc -Object $DistinguishedName -Properties unicodepwd,pwdlastset,samaccountname | ForEach-Object {
$attribute = $_
switch ($attribute.attributename)
{
"unicodepwd" {
$unicodepwdtime = $attribute.LastOriginatingChangeTime
}
"pwdlastset" {
$pwdlastsettime = $attribute.LastOriginatingChangeTime
$pwdlastsetvalue = [datetime]::fromFileTime($attribute.attributevalue)
$pwdneverset = $attribute.attributevalue -eq 0
}
"samaccountname" {
$samaccountname = $attribute.attributeValue
}
}
}
$delta = New-TimeSpan -Start $unicodepwdtime -End $pwdlastsetvalue
$fakedSettingPWD = -not $pwdneverset -and ($delta.Seconds -gt 2)
[PSCustomObject] @{
samAccountname = $samaccountname
pwTimeStamp = $unicodepwdtime
pwdLastSetValue = $pwdlastsetvalue
fakedSettingPWD = $fakedSettingPWD
}
}
[/powershell]

This code sample is enabled for pipeline input, allowing you to verify large numbers of users in one shot. The central function here is Get-ADReplicationAttributeMetadata (only available on 2012 R2 and higher) which extracts the metadata for a given object — a user in this case. We need to point it to a specific DC and tell it which attributes we need to inspect. One of the attributes we need is unicodePwd, which is a write-only attribute representing your password. It returns an object representing the metadata. Next, we analyze this object and compare the value of pwdLastSet to the metadata of unicodePwd. If these differ, and especially if pwdLastSet is more recent, the user had his flag toggled.

This is a typical application of the script. Save it as Get-UserLastChangedPassword.ps1 and analyze the Domain Admins group as follows:

[powershell]
Get-ADGroupMember -Identity "domain admins" -Recursive | .Get-UserLastChangedPassword.ps1 | Out-GridView
[/powershell]

I tried this at various customers, and the results were interesting. At two customers there was nothing suspect going on, but at a third we spotted a group of admins where about 30% of the people were apparently cheating and showing each other how to do it!

This is a sample from my lab, illustrating what it might look like with three users that are problematic:

Get the full script including comments and documentation here.

無料アカウント作成後の最初の悩み・疑問に答える対面窓口をオープンします

Microsoft Azure には 1 か月 20,500 円分まで無料でご利用いただける「無料アカウント」(無料トライアル) があります。枠内の金額に達するまで、十分に検証にご利用いただきたいというものです。毎月たくさんの方にご利用いただいていますが、実は具体的に検証を開始するにあたって疑問が出てきて立ち止まっている方もいらっしゃるのではないでしょうか。または、Azure Portal の使い方に不安があるとか、利用のコツのようなものを誰かに教えてもらいたいと思いながら、無料期限の 1 か月が近付いてきて少し焦っている…という方もいらっしゃるのではないでしょうか。

そういう方のために、新しいサービスがオープンします。「Azure 初めて相談窓口」というサービスです。

毎週水曜日か木曜日の午前9時からお昼の 12 時まで、予約なしでご利用いただけます。日本マイクロソフト品川本社にお越しください。Azure の様々な疑問にお答えできるメンバーが皆様をお待ちしています。

必要なのは登録済みのご自身の無料アカウント（従量課金サブスクリプションに切替済みでも構いません）。自社のプロジェクトにご利用予定であればご相談を承ります（他のお客様へのご提案の相談は対象外となりますのでご了承ください）。

第一回のみイレギュラーで11月4日（金）の開催です。また、水曜日は11月16日からのスタートです。詳しい開催日時や条件などはこちらのページをご参照ください。予約制ではないのでお待たせする可能性もありますが、どうぞお気軽にお越しください。

A common question we receive is whether SharePoint 2013 is supported with SQL Server 2016.

The answer here is clear: SharePoint 2013 is NOT supported with SQL Server 2016.

Only the following SQL Server versions are supported with SharePoint 2013:

• The 64-bit edition of SQL Server 2008 R2 Service Pack 1
• The 64-bit edition of SQL Server 2012
• The 64-bit edition of SQL Server 2014

There are currently no plans to add support for SQL Server 2016.

See here for more details on this topic:

• Hardware and software requirements for SharePoint 2013