Multiple high-profile incidents have demonstrated that ransomware can have catastrophic effects on all of us. From personally losing access to your own digital property, to being impacted because critical infrastructure or health care services are unexpectedly unavailable for extended periods of time, destructive attacks have grown in severity and scale on all platforms – including Mac, Linux, and Windows.

Microsoft recognizes the threat to productivity that brazen modern cybercrime represents and invests significantly in a thoughtful and simple strategy that is proving to be effective as new attacks emerge:

• We protect by hardening our software and devices; leveraging hardware-based security and exploit mitigations to significantly raise the cost of attack on Windows 10.
• We recognize that history has demonstrated that highly skilled and well-funded attackers can find unanticipated paths to their objectives. We detect and help prevent against these threats with advanced protection services like Windows Defender Antivirus and Windows Defender Advanced Threat Protection.
• We enable customers and security experts to respond to threats that may have impacted them with tools like Windows Defender ATP. Enterprise security operations personnel must act quickly and confidently with completeness of information to remediate an attack that may have impacted them.

This strategy works. No known ransomware works against Windows 10 S – our latest and most hardened operating system. What’s more, no Windows 10 customers were known to be compromised by the recent WannaCry (WannaCrypt) global cyberattack.

Despite the success of Windows 10 in resisting WannaCry, we recognize that not every customer is running Windows 10 yet and that social engineering, deceptive software, and out of date systems can fall victim to devastating ransomware attacks. This is why we provide regular software updates and security fixes, even for unsupported versions of Windows in extreme cases, and more importantly, why the Windows 10 Creators Update benefits from new, innovative hardening investments to stop malicious code via features like Kernel Control Flow Guard (kCFG) and Arbitrary Code Guard (ACG) for Edge. These kinds of investments allow us to mitigate specific attacks that have not yet been seen because we are targeting the techniques exploit developers use instead of reacting to specific threats after they emerge.

Windows Defender AV on Windows 10 leverages the power of the cloud and artificial intelligence built on top of the Microsoft Intelligent Security Graph (ISG) to rapidly identify new threats, including ransomware, as they are first seen anywhere around the globe. In Windows 10 Creators Update we significantly enhanced the capability of Windows Defender AV to identify and stop ransomware more accurately and rapidly than ever before – reducing the impact to our customers. Finally, Windows Defender ATP has been updated to include ransomware specific detection capabilities as well as useful remediation actions for security experts who must respond to a ransomware attack on their business.

We provide a deeper level of the technical details on the ransomware specific investments in Windows 10 Creators Update in our new whitepaper Next-gen ransomware protection with Windows 10 Creators Update.

The paper outlines how Windows 10 Creators Update, combined with the latest version of Windows Defender AV, extensive cloud built with human intelligence, rich machine learning, and next-gen endpoint protection provides the best in-depth protection against ransomware.

We are proud of how well Windows 10 has protected our customers from destructive attacks like ransomware. Our strategy of protect, detect, and respond – combined with Windows as a Service – enables us to dramatically increase the cost of attacking Windows 10 with each successive feature update. And our recommended approach is simple:

• Implement robust software update deployment technologies. If you don’t have Windows Defender ATP already, we encourage you to sign up for a free trial. Details can be found at the Windows Defender ATP trial sign-up page.
• Educate users on email, browser and social-engineering-based attacks.
• Ensure antimalware software is up to date.
• Backup all critical data to the cloud.

We are hard at work this summer developing our next wave of hardening and mitigations, detection, and response capabilities for release this fall.

Robert Lefferts
Director of Program Management, Windows Enterprise and Security

Anfang Mai fand in Berlin wieder die republica, Europas größte Digitalkonferenz statt und wir durften dort unter dem Hashtag #Schichtwechsel zeigen, wie digitale Technologien unser Leben verändern. Aber auch auf ganz persönlicher Ebene gibt es #Schichtwechsel – einige inspirierende Beispiele möchten wir in dieser Blog-Serie porträtieren.

Bekannt wurde Christine durch ihr Buch “90 Nächte, 90 Betten” – drei Monate lang machte sie Heavy-Couchsurfing, übernachtete jeden Tag bei anderen Menschen und fasste ihre Erlebnisse so unterhaltend zusammen, dass man beim Lesen oft das Gefühl hat, selbst dabei zu sein. Schon für den Mut zu diesem spannenden Projekt, hat sie meinen größten Respekt! Was ich aber noch mehr bewundere ist Christines persönlicher #Schichtwechsel von dem sie uns selbst erzählt:

Was ist deine persönliche #Schichtwechsel-Story?

Mein Weg ging von der Modedesignstudentin zur Reisebloggerin. Wenn ich mir meinen Lebenslauf so anschaue ist das ein absolutes durcheinander, doch alles hat Sinn gemacht. Schon während des Studiums habe ich gemerkt, dass ich völlig talentfrei bin, was das Nähen betrifft und dass ich mir eigentlich nach all den Praktika, welche ich gemacht habe, mein Leben nicht in diesem Beruf vorstellen kann. Also habe ich mich weiter rangetastet, was denn der richtige Weg für mich sein könnte. Ich habe ein Jahrespraktikum bei der deutschen Vogue gemacht, um mir den Job als Stylistin anzuschauen, habe ein weiteres Praktikum bei der Redaktion der ELLE und dem Zeitmagazin gemacht, bis ich mir endlich sicher war – das Schreiben ist meine Leidenschaft. Dazu kam dann über die Jahre hinweg auch die Leidenschaft für die Fotografie und das Filmen. Angefangen habe ich meinen Blog in New York, neben dem Praktikum. Er war damals schon ein Bestandteil meiner Diplomarbeit und seitdem mein ständiger Begleiter, mein Tagebuch, meine Spielwiese. Auf meinem Blog habe ich mein Projekt „90 Nächte, 90 Betten“ begleitet, in dem ich 90 Nächte lang jeden Tag in Berlin bei jemand anderes übernachtet habe. Und auch mein zweites Projekt „40 Festivals in 40 Wochen.“

Trotz des #Schichtwechsels war das Modedesignstudium der Grundstein für alles. Dort habe ich die Begeisterung für die Fotografie entdeckt und meine Kreativität schadet auch heute nicht. Zwar bringe ich sie nicht mehr an den Körper dafür aber aufs Papier.

Was war aus deiner Sicht der bedeutendste #Schichtwechsel der letzten 10 Jahre?

Social Media und alles was damit zusammenhängt. Welche wunderbaren Menschen ist schon durch das Netz kennenlernen durfte. Und wie leicht es mir fällt auf all den Reisen dank Social Media mit meinen Liebsten zu Hause verbunden zu sein.

Auf welchen #Schichtwechsel in der Zukunft bist du besonders gespannt?

Ich beschäftige mich gerade am Rande mit Gamern. Einige Fußballvereine haben mittlerweile ihre eigenen Profi FIFA-Gamer. Die wiederum suchen sich Trainer um ihr virtuelles Spiel zu verbessern. Ich bin gespannt, wo das hinführen wird und ob sich der eSport neben dem klassischen Sport etablieren kann.

Welchen Tipp würdest du jemandem geben, der einen #Schichtwechsel vor sich hat?

Sich immer Fragen: „Was wäre das Schlimmste, was mir dabei passieren könnte?“ Wenn man sich diese Frage einmal ganz ehrlich beantwortet merkt man schnell, dass man meistens am Leben bleibt und auch wenn man scheitert, das Leben weiter geht. Ich sag immer: Lieber probieren als sich sein Leben lang denken: Was wäre gewesen wenn…

Was ist deine persönliche „Love out Loud“-Botschaft?

„Be as much person as you can be“.

 

Weitere Schichtwechsel-Stories:

Magdalena Rogl – von der Kinderpflegerin zum Head of Digital Channels

Sascha Pallenberg – vom Techblogger zum Head of Digital Content

Franziska Ferber – von der Unternehmensberaterin zum Kinderwunsch-Coach

Torsten Schiefen – vom Security-Mann zum Kommunikationsmanager

Tanja Cappell – von der Produktmanagerin zur Lettering Influencerin

Christiane Germann – von der Beamtin zur Social Media Expertin

Rob Vegas – vom Politikwissenschaftler zum Social Media Onkel

---

Ein Beitrag von Magdalena Rogl
Head of Digital Channels Microsoft Deutschland

Influencer Relations ist für @lenarogl kein Buzzword, sondern ihre Leidenschaft. Die richtigen Menschen miteinander zu verbinden und Kontakte zu knüpfen, hält sie privat wie beruflich für eine große Bereicherung – vor allem, weil es dabei immer spannende Geschichten zu erfahren gibt.
 

 

APPLIES TO/TEST WITH:

• Azure AD Connect v1.1.380.0

CONNECTORS

• Non-AD Connectors
  • Generic LDAP
  • Generic SQL

PROBLEM SCENARIO AND/OR GOAL

• If you build an Azure AD Connect solution, but you do not want to utilize the Active Directory Connector for your provisioning, you need to ensure that you follow a few simple guidelines to get your objects to Azure.

REVIEW ITEMS

1. Identify the Outbound Provisioning Sync Rules for the AAD Connector.  The following are the default Outbound Provisioning Sync Rules listed in the Sync Rule Editor.
   1. Out to AAD – User Join
   2. Out to AAD – Contact Join
   3. Out to AAD – Group Join
   4. Out to AAD – Device Join SOAInAD
2. Determine which object type that you will be provisioning to Azure and then review the Sync Rule to understand the Scoping Filter, Join Rules  and Transformations that are needed for the object to successfully make it to O365.

USER OBJECT REQUIRED ATTRIBUTES ACCORDING TO THE SCOPING FILTER

You need to ensure that these attributes are flowed from your non-AD Connector Space Object to the Metaverse Object.  The Scoping Filters are there to ensure that this data is flowed because it is required to create the object in Azure (O365).

If you remove the flow for one of these attributes, you may receive an Export error when exporting to Azure (O365).

CONTACT OBJECT REQUIRED ATTRIBUTES ACCORDING TO THE SCOPING FILTER

You need to ensure that these attributes are flowed from your non-AD Connector Space Object to the Metaverse Object.  The Scoping Filters are there to ensure that this data is flowed because it is required to create the object in Azure (O365).

If you remove the flow for one of these attributes, you may receive an Export error when exporting to Azure (O365).

GROUP OBJECT REQUIRED ATTRIBUTES ACCORDING TO THE SCOPING FILTER

You need to ensure that these attributes are flowed from your non-AD Connector Space Object to the Metaverse Object.  The Scoping Filters are there to ensure that this data is flowed because it is required to create the object in Azure (O365).

If you remove the flow for one of these attributes, you may receive an Export error when exporting to Azure (O365).

New Update Rollups:

· System Center 2016 UR3:

o https://support.microsoft.com/en-us/help/4020906/update-rollup-3-for-system-center-2016

• Operations Manager
• https://support.microsoft.com/en-in/help/4016126

§ Issues that are fixed

§ When you run the Agents module version 1.6.2-337, you may receive the following alert: Module was unable to convert parameter to a double value

§ When you run System Center 2016 Operations Manager in an all-French locale (FRA) environment, the Date column in the Custom Event report appears blank.

§ The Enable deep monitoring using HTTP task in the System Center Operations Manager console doesn’t enable WebSphere deep monitoring on Linux systems.

§ When overriding multiple properties on rules that are created by the Azure Management Pack, duplicate override names are created. This causes overrides to be lost.

§ When the heartbeat failure monitor is triggered, a “Computer Not Reachable” message is displayed even when the computer is not down.

§ The Get-SCOMOverrideResult PowerShell cmdlet doesn’t return the correct list of effective overrides.

§ When creating a management pack (MP) on a client that contains a Service Level (SLA) dashboard and Service Level Objects (SLO), the localized names of objects aren’t displayed properly if the client’s CurrentCulture settings don’t match the CurrentUICulture settings. In cases where the localized settings are English English, ENG, or Australian English, ENA, there’s an issue when the objects are renamed.

§ The Event ID: 26373 error, which may cause high memory consumption and affect server performance, has been changed from a “Critical” message to an “Informational” message.

§ The Application Performance Monitoring (APM) feature in System Center 2016 Operations Manager Agent causes a crash for the IIS Application Pool that’s running under the .NET Framework 2.0 runtime. Microsoft Monitoring Agent should be updated on all servers that use .NET 2.0 application pools for APM binaries update to take effect. Restart of the server might be required if APM libraries were being used at the time of the update.

§ The UseMIAPI registry subkey prevents collection of processor performance data for RedHat Linux system. Also, custom performance collection rules are also impacted by the UseMIAPI setting.

§ Organizational Unit (OU) properties for Active Directory systems are not being discovered or populated.

§ The Microsoft.SystemCenter.Agent.RestartHealthService.HealthServicePerfCounterThreshold recovery task fails to restart the agent, and you receive the following error message: LaunchRestartHealthService.ps1 cannot be loaded because the execution of scripts is disabled on this system. This issue has been resolved to make the recovery task work whenever the agent is consuming too much resources.

§ The DiscoverAgentPatches.ps1 script in Microsoft.SystemCenter.Internal.xml fails and you experience the following exception:

§ Exception:
Method invocation failed because [System.Object[]] does not contain a method named ‘op_Subtraction’.
At C:binscriptspatch.ps1:37 char:35
+                   for($count = 0; ($productList.Count-1); $count++)
+                                   ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (op_Subtraction:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound

§ An execution policy has been added as unrestricted to PowerShell scripts in Inbox management packs.

§ SQL Agent jobs for maintenance schedule use the default database. If the database name is not the default, the job fails.

§ This update adds support for OpenSSL1.0.x on AIX computers. With this change, System Center Operations Manager uses OpenSSL 1.0.x as the default minimum version supported on AIX, and OpenSSL 0.9.x is no longer supported.

§

§ Orchestrator

§ There are no updates to this component in this rollup.

§ Service Manager

§ https://support.microsoft.com/en-us/help/4019979

§ Service Provider Foundation

§ There are no updates to this component in this rollup.

§ Virtual Machine Manager

§ https://support.microsoft.com/en-in/help/4014528

· System Center 201 R2 UR13:

o https://support.microsoft.com/en-us/help/4020917/update-rollup-13-for-system-center-2012-r2

§ Data Protection Manager

§ https://support.microsoft.com/help/4021873

§ Operations Manager

§ https://support.microsoft.com/en-us/help/4016125

§ Issues that are fixed

§ When there are thousands of groups in a System Center Operations Manager environment, the cmdlet Get-SCOMGroup -DisplayName “group_name” fails, and you receive the following message: The query processor ran out of internal resources and could not produce a query plan. This is a rare event and only expected for extremely complex queries or queries that reference a very large number of tables or partitions. Please simplify the query. If you believe you have received this message in error, contact Customer Support Services for more information.

§ When you run System Center 2012 R2 Operations Manager in an all-French locale (FRA) environment, the Date column in the Custom Event report appears blank.

§ The Enable deep monitoring using HTTP task in the System Center Operations Manager console does not enable WebSphere deep monitoring on Linux systems.

§ When overriding multiple properties on rules that are created by the Azure Management Pack, duplicate override names are created. This issue causes overrides to be lost.

§ After you install Update Rollup 11 for System Center 2012 R2 Operations Manager, you cannot access the views and dashboards that are created on the My Workspace tab.

§ When the heartbeat failure monitor is triggered, a “Computer Not Reachable” message is displayed even when the computer is not down.

§ The Get-SCOMOverrideResult PowerShell cmdlet does not return the correct list of effective overrides.

§ When creating a management pack (MP) on a client that contains a Service Level (SLA) dashboard and Service Level Objects (SLO), the localized names of objects are not displayed properly if the client’s CurrentCulture settings do not match the CurrentUICulture settings. In the case where the localized settings are English English, ENG, or Australian English, ENA, there is an issue when the objects are renamed.

§ This update adds support for OpenSSL1.0.x on AIX computers. With this change, System Center Operations Manager uses OpenSSL 1.0.x as the default minimum version supported on AIX,  and OpenSSL 0.9.x is no longer supported.

§ Orchestrator

§ There are no updates to this component in this rollup.

§ Service Manager

§ There are no updates to this component in this rollup.

§ Service Management Automation

§ There are no updates to this component in this rollup.

§ Service Provider Foundation

§ There are no updates to this component in this rollup.

§ Virtual Machine Manager

§ https://support.microsoft.com/en-us/help/4014525

Current Updates:

• UR03 4020906 – SCOM 2016
• UR13 4020917 – SCOM 2012 R2
• UR10 KB3071088 – SCOM 2012 SP1

Newest KB Articles:

• 4016126 Update Rollup 3 for System Center 2016 Operations Manager
• 4016125 Update Rollup 13 for System Center 2012 R2 Operations Manager
• 4014528 Update Rollup 3 for System Center 2016 Virtual Machine Manager

· 948098 SCOM 2007: Gateway server is not working properly after installation

· 3192391 October 2016 Security Only Quality Update for Windows 7 SP1 and Windows Server 2008 R2 SP1

Management Packs:

· Microsoft Azure SQL Database                                                             6.7.28.0 5-8-2017

· Microsoft Azure Stack                                                                            1.0.1.0             5-22-2017

· Windows Server Active Directory (AD) (new)                                    10.0.2.1           5-19-2017

· Windows Server Cluster 2003.2008 2008 R2 2012 2012 R2           10.0.6.0           5-23-2017

· UNIX and Linux Operating Systems                                                     7.6.1076.0      5-24-2017

· Windows Server DNS 2003 2008 2008 R2 2012 2012 R2 (New)    10.0.6.4           6-5-2017

· Windows Server DNS 2016                                                                   10.0.6.4           6-5-2017

· Microsoft Advanced Threat Analytics 1.7 Management Pack            1.7.1.1            6/8/2017

Microsoft TechNet & MSDN Blog Articles:

• SCOM Connected Management Groups–2016 and 2012
• APM fix for agent crashing issue shipped in UR3 is not completely resolved
• How to be heard (provide feedback on Microsoft products)
• Getting Started with OMS – Operations Manager Suite
• Azure Application Insights
• Using SCOM to Capture Registering Remotely Located DLL Files
• Optimize SQL for SCOM
• SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions
• Setting up OMS Capacity and Performance
• Security Monitoring MP: PowerShell Exploit Toolkit Rules
• SQL Engineering Blog
• Operations Manager 2007/2012: High I/O peaks when writing on disk
• Security Monitoring MP AppLocker Rules
• Security Monitoring Management Pack Summary
• Post Configuration Tasks for the Security Monitoring Management Pack
• How does CPU monitoring work in the Windows Server 2016 management pack?
• Creating helpful HTML reports from SCOM Management Packs
• Setting up OMS Service Map solution
• Potential Areas for Noise in the Security Monitoring Management Pack
• Event Forwarding and How to Configure it For the Security Monitoring Management Pack
• Mass delete management packs
• SQL Query for getting SCOM Recovery Tasks Results
• Registry tweaks for SCOM measure twice cut once
• Reporting on SCOM Data: Piecing the data together (Part 1)
• Reporting on SCOM Data: Piecing the data together (Part 2)
• APS Monitoring solutions
• The OMS Agent for Azure Government – A Cheat Sheet
• SCOM Operations Manager Shell PowerShell Error When Launched as Administrator
• SCOM Printer Monitoring Management Pack Supplement (Updated: Windows Server 2003, 2008, 2012, 2016)
• Using OMS to Alert on Azure Service Outages
• How Fileless malware challenges classic security solutions
• Stop Healthservice restarts in SCOM 2016
• Installing SQL 2016 Always On with Windows Server 2016 Core
• UR3 for SCOM 2016 – Step by Step
• UR13 for SCOM 2012 R2 – Step by Step

Community Blog Articles:

· Sick of explaining to end users why they didn’t get a SCOM disk monitor alert?

· Monitoring Windows Server 2003 with SCOM 2016

· SCOM / OMS – MP University 2017 Recording

One of the most common questions that I get asked my students and teachers is “How do I keep my Class OneNote Notebooks when the school year finishes?” It’s a legitimate query given this was pretty easy in a non-digital age: you simply walked off with your ring binder folder or exercise book.

In a new blog from the OneNote Team, they have explained a new way to effectively save a copy to your personal Microsoft account so you always have a copy of your class notes. Here’s how to do it:

1. Sign in to OneNote Online, our web version of OneNote.
2. From the Notebook list, click Class Notebooks to display all your Class Notebooks.
3. Right-click to select a Class Notebook and then select Save a copy.

Right-click a Class Notebook and select Save a copy.

4. Click Next. You are prompted to sign in to a consumer Microsoft account. If you don’t have one, go here http://www.live.com to sign up.

That’s it! Your OneNote Class Notebook is copied to the consumer OneDrive and is available for you to use elsewhere.

On the blog, future developments are hinted at as well:

This is just the initial rollout of the Save a copy feature. In the near future, we will add the ability to choose any notebook type, not just Class Notebooks. We will also roll out the Save a copy feature to your own OneDrive for Business, which will allow students to save a copy of their Class Notebook from a teacher’s OneDrive for Business to their own OneDrive for Business.

If you’re a school leader please make sure you share this feature with your students so they can ensure they’ve kept a copy of their work.

先日本ブログでご案内させていただいた「Microsoft Japan Partner Conference 2017 Tokyo～Inspire Japan!」に加えて、福岡、大阪、名古屋、札幌の4都市で開催する 「Microsoft Inspire Japan 2017」 の申込みを開始いたしました。

4都市では、今年度よりパートナー企業およびパートナーご検討中企業に加えて、ユーザー企業の経営者様、セールス＆マーケティングご担当者様を対象とし、日本のパートナー＆ユーザーのデジタル トランスフォーメーションをご支援するイベントにいたします。

ぜひご参加ください！

組織内外のコラボレーションを活性化させ、チームワークによる働き方改革を推進する、Office 365のMicrosoft Teams。昨年11月2日にプレビュー版が提供され、全世界で5万社以上の企業のお客様が利用を開始しました。そして本年3月15日に提供開始となり、利用企業のお客様が続々と増えています。日本マイクロソフトの社内でも、働き方改革における社員の主体的な「共同作業の改革」として活用しています。

本日は、チームコラボレーションの改革を推進いただいている、Microsoft Teamsの活用事例を３つご紹介させていただきます。昨年の11月のプレビュー版の提供開始から、ご活用いただいている株式会社ミマキエンジニアリング様、株式会社Phone Appli様、日本ビジネスシステムズ株式会社様です。

◆株式会社ミマキエンジニアリング様 　~ メーカーにおけるシステムインフラ管理 ~

株式会社ミマキエンジニアリング様 (http://japan.mimaki.com/) は、様々な業務ニーズに併せ、業務用インクジェットプリンタ、カッティングプロッタ、インク等の開発・製造・販売・保守サービスを一貫して行う開発型企業です。製品メーカーである同社では、難易度の高い一つのプロジェクトを遂行するために、国内外の関係者と共にチームで共同作業を進める必要があります。その中でこの「Microsoft Teams」を、業務連絡や重要事項のリアルタイムな連携など、重要なコミュニケーションツールとして活用していただいています。

◆株式会社Phone Appli様  ~ 新規事業開発における活用 ~

株式会社Phone Appli様 (http://phoneappli.net/)は、クラウド電話帳サービスなど、特色のあるアプリケーション企画から開発、販売まで行う、アプリケーション開発企業です。お客様である企業の多様なニーズに対応するため、各メンバーは日々フットワークを高め、スピード感を持って業務に対応する必要があります。その様な状況において、同じプロジェクトを遂行するメンバーが常に物理的に同じ場所に居る事はありません。「Microsoft Teams」は、物理的に離れたメンバーの間でも、バーチャルに会議を開く事ができるという点が非常に優れているとご評価いただいています。

◆日本ビジネスシステムズ株式会社様  ~ 部門横断プロジェクトにおける活用 ~

日本ビジネスシステムズ株式会社様 (https://www.jbs.co.jp/) は、企業の経営課題を解決するITソリューションを提案・実現する、独立系システムインテグレーターです。様々なITベンダーと取引のある同社では、社内で利用する業務システムを実装する上で、あらゆるステークホルダーと連携しながら、プロジェクトを遂行する必要があります。プロジェクトを進めていく上での一つの課題は“ファイル共有”ですが、“成果物を共有し、メンバー間で共同作業を行う際も、更新したファイルがどこにあるのか分からない、などの問題が頻繁に発生して、同じような資料を何度も作る様な事が課題でした。「Microsoft Teams」を導入後は、その様な悩みが解決されたとご評価いただいています。

「Microsoft Teams」活用事例動画

3つの活用事例は、お客様のメッセージとして動画でご紹介しています。

※動画では3つの活用事例に加えて、日本マイクロソフト社内での活用事例もメッセージとして紹介しています。

http://aka.ms/teamscasejp

Microsoft Teams は、Office 365 の法人向け全てのプランが対象で、Enterpriseプラン（E1、E3、E5）及び Businessプラン（Essentials, Premium）をご利用中のお客様に無償で提供されています。

より一層活用しやすく、またチームの働き方改革を推進すべく進化を遂げるMicrosoft Teamsの今後にご期待ください。

「Microsoft Teams」とは？

Microsoft Teamsは、現代の様々なチームが最大限に力を発揮できるように開発された、Office 365の新しいチャットベースのアプリケーションです。WordやExcelはもちろん、SharePointやOneDrive for Businessのファイル共有スペースや、PowerBIの様な分析ツール、プロジェクト管理に用いるPlannerなど、Office 365の様々なアプリケーションと密接に連携し、その行間をチャットが埋めていきます。チームに属する新旧のメンバーは、いつでもそのMicrosoft Teamsの中の”チーム”にアクセスしてやり取りを確認する事で、チームの最新状況を把握したり、共同作業を行ったりする事ができ、まさにチームワークを実現するハブとして機能します。Microsoft Teams内の”チーム”は、様々なチームが仕事を進めやすいように、アプリケーションの追加や、外部アプリケーションとの接続などカスタマイズを簡単に行う事ができます。また、組織が安心して使う事ができる様セキュリティにも優れ、IT管理者の悩みの種であるフリーツールの業務利用、シャドウITの問題も解決します。

参考情報：

Microsoft Teamsをご利用頂けるOffice 365

https://products.office.com/ja-jp/business/office

Microsoft Teams製品サイト

https://products.office.com/ja-jp/microsoft-teams/group-chat-software

※ 本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。

Installing Operational Management Suite (OMS) on top of Advanced Threat Analytics (ATA) is dead simple. It is even more simple if your ATA Center is installed in Azure as deploying the OMS agent on Azure VMs is one click.

The OMS continues to gain momentum as it provides a single-pane-of-glass. It’s integration into things like Azure Automation allow for very interesting use-cases. And the fusion with the Microsoft Security Graph (provided by source from Microsoft and its third parties where we spend over $10M USD/year) makes it all that much powerful.

This blog will build on the previous blogpost on this topic, located here. In this referenced blog, The Scripting Guys discuss in detail on why Syslog is better then both SMTP and the Windows Event Log route. Note that we aren’t saying turn off Windows Event Log/Windows Event Forwarding into ATA Center, this is specific to getting events out of the ATA Center.

Let’s get started.

Configure ATA

Once you get ATA installed (whether on-prem or in Azure, as long as it’s up and running and has Gateways), we need to configure it’s syslog. From the ATA Console, on the top right, select the options button, then “Configuration” button.

In the Syslog navigation pane, use the following settings:

The “Syslog server endpoint” should be 127.0.0.7 with the port 5114. Note that 127.0.0.7 is not a typo, this is another dedicated IP for localhost. Once we insert these values, press the blue button at the bottom, “Send test syslog message”.

That is literally all that is needed to be configured with ATA. The OMS installation is just as easy…

Create OMS Workspace (if needed)

From the Azure Portal, if you already have an existing OMS/Log Analytics Portal, great, use that one. If not, select the Log Analytics Button:

Then, let’s go ahead and select “Add” and fill out the respective data.

Great, we are almost done.

Connect ATA Center to OMS Workspace

If you decided to install the ATA Center in Azure, you are a few clicks away from connecting the VM to your workspace.

Under the “Workspace data sources” section, select “Virtual Machines” and find your ATA Center VM in the list. Then press the “Connect” button. That’s it!

If you decided to install ATA Center on-prem, no worries, your install is almost just as easy. Follow this guide here: https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-windows-agents#download-the-agent-setup-file-from-oms

Test the connection

Once you see the connection successful, let’s get bits on the wire and see them show up. The quickest way is to run the very first attack we introduce in the ATA Playbook. Attempting to do a Zone Transfer from a machine against the Domain/DNS-server will trigger an alert.

From any computer, perform the following nslookup command to attempt to dump the contents of the DNS server:

As you see the “Query refused”, go back to OMS and wait for it to show up. You won’t wait too long. Back in the OMS Portal, in the “Security And Audit” view, we should see the new “SecurityDetection” alert. Clicking on the alert, our Log Search view opens up where we can start doing all sorts of great queries against this and all other OMS data sources!

We now OMS integration on our ATA—tested and approved

Andrew

こんにちは 。 SharePoint サポートの 藤野 です。

今回の投稿では、SharePoint 2016 オンプレミス環境におけるユーザー プロファイルの変更に対する制限事項について記載いたします。

【対象製品】

SharePoint 2016 オンプレミス

【概要】

現在 (2017/6/8 時点) の SharePoint 2016 オンプレミス環境では、PeopleManager クラスの SetSingleValueProfileProperty メソッドを使用したクライアント側からのユーザー プロファイルの変更には対応しておりません。

SharePoint Online では PeopleManager クラスの SetSingleValueProfileProperty メソッドを使用することで、クライアント側からユーザー プロファイルを変更する機能を提供しています。

タイトル : PeopleManager.SetSingleValueProfileProperty method

アドレス : https://msdn.microsoft.com/en-us/library/microsoft.sharepoint.client.userprofiles.peoplemanager.setsinglevalueprofileproperty.aspx

現在の SharePoint 2016 オンプレミス環境においても上記メソッドが定義上提供されておりますが、SharePoint Online での使用を想定されたものであり、SharePoint 2016 オンプレミス環境では上記メソッドを使用した書き込みには対応しておりません。

SharePoint 2016 オンプレミス環境では SharePoint Online で実装されたコードをもとに実装されておりますが、SharePoint Online 向けの実装に依存する個所があり、SharePoint 2016 オンプレミス環境で対応させることが現実的に困難と判断されたため、上記メソッドを使用した書き込みが実行されない動作となっております。

この動作は、SharePoint 2016 オンプレミス環境で使用可能な Client Object Model や JavaScript Object Model の他、REST サービスにおいても共通の制限事項となります。

なお、SharePoint 2016 オンプレミス環境で上記メソッドを使用した場合、SharePoint 診断ログに以下のエラー内容が記載されます。

<診断ログに記載される内容>

w3wp.exe (0x0574)          0x0EA4  SharePoint Portal Server User Profiles      aw2z4   Medium              ProfilePropertiesCSOM flight is enabled : False

w3wp.exe (0x0574)          0x0EA4  SharePoint Portal Server User Profiles      aw2zm  Medium PeopleManager.SetSingleValueProfileProperty(accountName=i:0#.w|spsadmin,propertyName=department) – Profile Write CSOM Flight is not enabled.

本来 SharePoint Online 向けに提供されたメソッドが、現在のSharePoint 2016 オンプレミス環境でもお客様の環境で使用可能な状況であるため、本記事にて製品の制限事項としてご案内させていただきました。

【代替案】

SharePoint オンプレミスの環境でクライアント側からのユーザー プロファイルを変更するご要件がある場合は、User Profile Web Service を利用することができますので、以下の記事をご参考ください。

タイトル : [方法] Web サービスを使用してユーザー プロファイル データを変更する

アドレス : https://msdn.microsoft.com/ja-jp/library/office/ms544240(v=office.14).aspx

今回の投稿は以上となります。

請參閱此連結 this support article，以幫助您解決使用 Office 365 工作帳戶和 this support article 的任何問題，以便為您的用戶啟用 To Do。

此篇文章由 Microsoft To-Do 總經理 Ori Artman 撰寫

今天，我們很高興推出一個新的、智慧化的任務管理 app，使您能夠輕鬆計劃和管理您的一天。 即刻提供 Microsoft To-Do 預覽版。

To-Do 來自 Wunderlist app 背後的團隊，並提供更智慧、更客製化且直觀的方式來幫助人們管理組織，並充分利用每一天。 由 Office 365 整合和智慧化管理，這是我們簡化任務管理和幫助您實現更多的第一步。

在單一平台紀錄所有您的待辦事項

To-Do 可幫助您為任何工作，家庭項目或您的雜貨建立列表。 您可以透過新增提醒、到期日期和筆記來追蹤截止日期，並通過豐富多彩的主題客製化每個列表。 您可以隨時隨地使用 iPhone，Android 手機，Windows 10 設備和網頁的 To-Do app 使用您的列表。

智慧化建議您的一天

管理你的待辦事項和列表有時可能花費非常多時間來完成它們。 在打開app的同時，To-Do 可以幫助您集中精力並計畫你的一天。 每天早上，您的 “ My Day” 清單以乾淨的版面開始，讓您更動力完成任務。

您還可以點擊智慧建議，找到重要的任務。 只需點擊燈泡圖示，您將看到前一天的任何待辦事項，到期日或即將到來，及 To-Do 智慧演算後的其他實用建議。 只需新增於您想要在  My Day 完成的事項。

與 Microsoft Office 整合

To-Do 建立在 Office 365 之上，在未來幾個月內，此產品將在更多地方廣泛使用。 我們與Outlook的首次整合，使您可以輕鬆地從任何地方連結 Outlook 置頂任務。 它將自動將您的任務與 To-Do 同步，並允許您跨裝置使用和管理。

作為唯一建立在企業用雲端的任務管理 app，To-Do 提供了 Office 365 客戶期望的資訊安全性。To-Do 由我們的超大規模全球數據中心網絡提供，不論數據在運輸和靜止時隨時進行加密。 對於商業用戶，IT 專業人員現在可以透過 Office 365 管理中心啟用“ To-Do Preview  ”。

下一步?

如果沒有 Wunderlist 粉絲在過去六年的支持和投入，就沒有今天的 To-Do Preview 。 在接下來的幾個月中，我們會將更多的 Wunderlist 元素帶入 To-Do 體驗，增加功能，如列表共享、Mac、iPad 和 Android 平板電腦的 app，以及其他 Microsoft 的服務。 一旦我們確認將所有Wunderlist的優點 納入 To-Do後，我們將淘汰 Wunderlist 。 雖然名稱和圖示可能會改變，但 Wunderlist 團隊帶給您的仍會繼續。 我們期待使 To-Do 更加有用、直覺和客製化。

今天就取得iPhone, Android, Windows 和 web 上的 Microsoft To-Do Preview。

我們很樂意聽到您的建議與想法，讓 To-Do 能夠變的更好。 可以透過app內的聯繫表單，UserVoice, Twitter 或 Facebook 上與我們交談。

—Ori Artman

こんにちは、SharePoint サポートチームの佐々木です。
今回の投稿では、先日 5/29 から 6/1 にかけて発生した Firefox を使用した SharePoint Online (及び他のサービス) への接続障害について説明します。

【発生した現象について】

日本時間の 5/29 日から 6/1 にかけて、ブラウザに Firefox を使用しているユーザーが SharePoint Online および他の複数のサービスに接続時、下記のようなエラーが発生してページが開けない現象が発生しました。

エラー内容 ———————-
Secure Connection Failed
An error occurred during a connection to xxxx.sharepoint.com. Invalid OCSP signing certificate in OCSP response. Error code: SEC_ERROR_OCSP_INVALID_SIGNING_CERT
The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
Please contact the website owners to inform them of this problem.
———————————-

一方、ブラウザに Firefox 以外のブラウザ (例 : IE や Edge 等) を使用しているユーザーはこの問題は発生しませんでした。
この問題は、インシデント番号 SP103393 として調査されて、対処が行われました。

【現象の原因と対処について】

この問題はオンライン証明書状態プロトコル (OCSP) で使用されるセキュリティ証明書の更新処理に問題があったため、発生しました。古い証明書のデータがデータセンター側にキャッシュされていたため、Firefox はブラウザー固有の機能でこの不整合を検知してエラーを表示していました。
このキャッシュは SharePoint Online サービスだけではなく、他の複数のサービスで使用される場所に存在したため、複数の O365 サービスに接続時、同様の現象が発生しました。
このキャッシュをクリアするために、サービスを再起動する事により現象が回避しました。

【本現象に関連するインシデントについて】

この現象と同一の原因で発生したインシデント番号は下記になります。
SP103393 / EX103413 / FO103410 / TM103430 / YA103394 / PB103423

<補足>

OCSP とは、証明書の失効状態を取得するための通信プロトコルになります。
タイトル : オンライン レスポンダーのしくみ
アドレス : https://technet.microsoft.com/ja-jp/library/cc731001.aspx

今回の投稿は以上です。
※ 本情報の内容は、作成日時点でのものであり、予告なく変更される場合があります。

こんにちは、日本マイクロソフトの Windows サポートチームです。
今回は、Windows 10 の Creators Update (バージョン 1703) でタッチ ディスプレイを複数ご利用いただいている場合に発生する、描画のずれの問題について、その現象と回避方法についてご紹介させていただきます。

– 現象 –
タッチ ディスプレイ（タッチ モニター）を左右または上下に配置し、Windows 10 Creators Update (バージョン 1703) で表示画面を拡張してご利用頂いている場合に、ペイント (mspaint.exe) などのアプリケーション上で指やペンでタッチした位置とは離れた異なる場所に描画されてしまう問題が報告されています。(この問題とは別に、タッチした入力が別のディスプレイ側に送られてしまう現象がありますが、これについては文末の「参考」をご覧ください。)

この現象は、Ink 機能で描画する際に、メインでは無い側のディスプレイでタッチされた座標情報が誤って 2 倍の値に計算されてしまい、アプリケーション上の本来とは異なる位置に描画されてしまうという問題です。（ディスプレイを左右に配置する場合は x 座標が 2 倍に、上下に配置する場合は y 座標が 2 倍になります。）
なお、この現象はマウスを利用する場合は発生せず、ペンやタッチでメニューやその他のデスクトップ上を操作する場合には問題なく、正常に操作できます。

– 発生条件 –
この現象は以下の状況で発生します。
・タッチ ディスプレイを左右に配置して表示画面を拡張し、右側のディスプレイをメインにしている場合
・タッチ ディスプレイを上下に配置して表示画面を拡張し、下側のディスプレイをメインにしている場合

左側（上側）がタッチ対応のディスプレイで、右側（下側）はタッチ非対応のディスプレイでも同様に発生します。

ただし、この現象が発生するのは Windows Inking Service Platform (WISP) と呼ばれる機能を利用するアプリケーションのみです。Windows 10 から導入された DirectInk と呼ばれる機能を利用する比較的新しいアプリケーションでは、この問題は発生しません。

・現象が発生する（WISP を利用する）アプリケーションの例
ペイント(mspaint.exe)、PowerPoint 2013, Excel 2013 など

・現象が発生しない（DirectInk を利用する）アプリケーションの例
Paint 3D、Edge、PowerPoint 2016、Excel 2016 など

– 回避方法 –
タッチ ディスプレイのメインを左側（または上側）に配置することで回避することができます。
1. タスクバーの検索ボックスに “設定” と入力し、[Windows の設定] を開きます。
2. [システム]-[ディスプレイ] を選択します。
3. [ディスプレイ] の設定画面で、以下の図のように左側（上下に配置している場合は上側）を選択します。

4．[ディスプレイ] の設定画面の [複数のディスプレイ] で “これをメイン ディスプレイにする” にチェックを付けます。

– 状況 –
今後リリースを予定している新しい Windows 10 のバージョンで修正を検討しています。

– 参考 –
今回ご紹介したタッチした描画位置がずれるという現象ではなく、（Creators Update に限らず）タッチした入力そのものが別のモニターに送られる場合があります。この場合はコントロールパネルから設定を行うことで解消できます。

1. タスクバーの検索ボックスに control panel と入力し、コントロール パネルを開きます。
2. [ハードウェアとサウンド] – [タブレット PC 設定] をクリックします。
3. [画面] タブの “ペンとタッチ ディスプレイを構成します。” の [セットアップ(S)…] ボタンをクリックします。
4. タッチ ディスプレイに “タッチ スクリーンであることを指定するには、この画面をタッチしてください。” と表示されますので、その画面をタッチし、キーボードの Enter キーを押します。
5. もう一方のタッチ ディスプレイも “タッチ スクリーンであることを指定するには、この画面をタッチしてください。” と表示されますので、その画面をタッチします。

I’ve decided to do a few posts on the contents of my PowerShell profile.

A profile is a script that runs when your PowerShell console starts. There is a profile for the ISE and the standard console. You can find the script location by looking at the $profile variable of the current host.

What’s in a profile?

I have loads of functions and code snippets and customisations in my profile. Some of them change the console look and feel, some set default parameter values, some load useful functions and others perform housekeeping.

Here’s a housekeeping snippet. It deletes old or archived certificates from my personal certificate store.

$store = New-Object  System.Security.Cryptography.X509Certificates.X509Store "My","CurrentUser"

$MaxAllowedIncludeArchive = ([System.Security.Cryptography.X509Certificates.openflags]::MaxAllowed –bor [System.Security.Cryptography.X509Certificates.openflags]::IncludeArchived)

$store.Open($MaxAllowedIncludeArchive)

[System.Security.Cryptography.X509Certificates.X509Certificate2Collection]$certificates = $store.certificates


foreach ($cert in $certificates) {

    if (($cert.notAfter -lt (Get-Date)) -or ($cert.Archived)) {

        Write-Output "Name: $($cert.IssuerName.Name)"
        Write-Output "NotAfter: $($cert.NotAfter)"
        Write-Output "Archived: $($cert.Archived)"
        Write-Output "Removed: True"

        $store.Remove($cert)

        Write-Output " "

     }

 }

$store.Close()

What’s going on?

Create an object for the current user’s personal certificate store. Set a couple of opening flags. Open the store. Obtain the certificates from the store.

Loop through each certificate and  if it is archived or no longer valid (notAfter) remove it.

Автор статьи – Виталий Веденев.

Расширение практики применения независимого контроля знаний обучающихся и обеспечение прозрачности содержания обучения связано с организацией контроля знаний в Office 365. Как сделать контроль за ходом обучения прозрачным? Рассматриваю в этой статье.

Что вы будете знать и уметь после прочтения этой статьи?

– Как организовать независимый контроль знаний с помощью сервисов и приложений Office 365?

Рассматриваю примеры организации системы оценки качества, которая должна опираться на открытость, прозрачность всей системы образования и отдельных организаций. Сегодня система не преодолела информационную закрытость, непрозрачность для потребителя. Введение различных инструментов и процедур оценки качества на всех уровнях образования должно сопровождаться повышением информационной прозрачности деятельности системы образования, развитием механизмов обратной связи.

Чтобы адекватно использовать информацию об оценке качества не только сотрудниками системы образования, но и родителями, и самими обучающимися, необходимо преодолеть «усредненность» существующих подходов, обеспечить индивидуализацию оценки, учет многообразия образовательных результатов [1].

Рассмотрим примеры организации такой системы в Office 365 в конкретных сценариях.

Сценарий 1. Контроль знаний в Microsoft Forms с использованием возможностей Microsoft Excel и Power BI

Сделать «прозрачными» итоги контроля знаний в Office 365 для всех сторон учебного процесса можно по схеме с использованием сервисов Microsoft Forms, OneDrive для бизнеса, Excel Online и Power BI:

На схеме отображены следующие шаги:

• С помощью Microsoft Forms Office 365 создаем тест [2] и открываем доступ обучающимся любым удобным способом. Для проверяющих, возможно, будет достаточно аналитической обобщенной информации по итогам тестирования в Forms с общим доступом по ссылке для совместной работы. Если необходимы результаты по каждому обучающемуся, то надо перейти к следующим шагам:
• Из Forms результаты тестирования можно выгрузить в файл Excel [2,3] и проанализировать его средствами Excel Online (на схеме представлена диаграмма, показывающая итоги с фильтром по зачетному интервалу баллов) с предоставлением общего доступа. В этом случае можно принять участие (при необходимости) в анализе данных путем изменения фильтров и т.п. Файл лучше сохранить в OneDrive для бизнеса для универсального использования в разных сервисах Office
• Если необходим доступ к результатам тестирования для более широкой аудитории со сбором информации в виде опроса, то необходимо воспользоваться встраиванием данных Excel на информационную панель Power BI [4] с добавлением плитки – опроса Forms.
• При необходимости организации обсуждения итогов тестирования в группе заинтересованных сторон учебного процесса можно осуществить средствами Microsoft Teams [5-7] или путем добавления в канал группы (команды) файла Excel с итоговой диаграммой, или путем добавления вкладки Power BI в канал группы – информационной панели Power BI.

Сценарий 2. Дистанционная идентификация пользователей в Microsoft Teams и Skype для бизнеса

Учебное заведение, реализующее онлайн-курс как часть основной образовательной программы, обязано обеспечить проведение в составе онлайн-курса мероприятий по оценке результатов обучения с идентификацией личности обучающегося. Идентификация личности обучающегося проводится в соответствии с локальными нормативными актами учебного заведения. При этом могут использоваться следующие подходы: автоматическое или полуавтоматическое наблюдение за обучающимися в ходе мероприятий оценки результатов обучения с использованием камер, средств трансляции экрана, захвата звука, биометрических технологий.

Помимо обязательной идентификации личности любая из сторон учебного процесса может принять участие в совместном видео-сеансе.

В Office 365 с помощью Skype для бизнеса [8] достаточно легко организовать коллективное видео-событие, например, в ходе контрольного устного опроса можно идентифицировать пользователя и провести одновременно прозрачный контроль внешними проверяющими.

Видео-сеанс можно организовать также с помощью видеозвонка Microsoft Teams [6].

Сценарий 3. Родительский контроль в OneNote Online за ходом обучения. Организация обратной связи

Теперь с помощью Class Notebook педагоги при организации записной книжки для занятий в OneNote Online могут сформировать ссылки для доступа родителей к рабочему пространству конкретного обучающегося, а внешним проверяющим ссылку-доступ к рабочим пространствам группы обучающихся.

Для организации сбора вопросов и замечаний необходимо предусмотреть создание и встраивание опроса Forms [9].

Это будет возможно при реализации администратором системной политики учебного заведения по обеспечению анонимного доступа по ссылке:

Приведенные примеры не отображают всего многообразия возможных вариантов обеспечения прозрачности содержания обучения в Office 365.

Использованные источники:

1. Независимая оценка качества работы образовательных организаций
2. Microsoft Office 365 в образовании. Новое в организации обучения в Office 365 с помощью Microsoft Forms: тесты
3. Microsoft Office 365 в образовании. Организация контроля знаний в Office 365 с помощью Microsoft Forms. Нововведения
4. Microsoft Office 365 в образовании. Организация анализа данных с использованием Power BI
5. Microsoft Office 365 в образовании. Варианты организации обучения в чате Microsoft Teams. Начало
6. Microsoft Office 365 в образовании. Технология проведения учебных занятий в чате Microsoft Teams. Примеры
7. Microsoft Office 365 в образовании. Варианты организации обучения в чате Microsoft Teams. Продолжение
8. Microsoft Office 365 в образовании. «Skype для бизнеса» – единая коммуникационная платформа
9. Microsoft Office 365 в образовании. Новое в организации обучения в Office 365 с помощью Microsoft Forms: формы опросов
   

E3 2017の開催が近づいてきました。期間中に実施される Xbox の配信プログラム情報をお知らせいたします。

Xbox E3 2017 ブリーフィング

日本時間 6 月 12 日 午前 6 時スタート
今年の Xbox E3 2017 ブリーフィングの模様は、4kの高画質配信でお届けします。4k 映像をご覧いただける環境があれば、Xbox の Mixer チャンネルや、Xbox の Mixer アプリで非常に高画質な映像で Xbox E3 2017 ブリーフィングを視聴可能です。
また、Mixer だけでなく、さまざまなサービスで視聴することができます。

公式放送

• Mixer（PC、スマートフォン アプリ、Xbox の Mixer アプリ）
• Twitch
• Youtube（Youtube でも 4k 配信予定）
• Twitter
• Facebook Live

パートナー様の中継放送

• ニコニコ生放送

Xbox The Daily Returns

日本時間 6 月 13 日 午前 7 時～ 8 時
日本時間 6 月 14 日 午前 5 時～ 6 時
日本時間 6 月 15 日 午前 5 時～ 6 時
日本時間 6 月 16 日 午前 2 時～ 3 時
Xbox Daily: Live @ E3 配信も Xbox E3 2017 ブリーフィング同様に以下のチャンネルでご覧いただけます。

• Mixer（PC、スマートフォン アプリ、Xbox の Mixer アプリ）
• Twitch
• Youtube
• Twitter
• Facebook Live

みなさんこんにちは、Azure テクニカルサポートチームの平原です。本日はポータル上で ExpressRoute の構成確認をする際に発生する表示の問題の件について、ご案内をいたします。少しでもお役に立てば幸いです。

問題

ExpressRoute の各種ピアリング構成(ルート情報など)を確認すると、うまくデータが取得できない。

原因

ExpressRoute のデータはポータル (https://portal.azure.com) で表示する場合、リソースマネージャモードで表示を行いますが、作成時の状況によっては、リソースマネージャのデータストアに、ExpressRoute の構成情報の最新情報がアップデートされていない場合があります。

対策

対策としては、以下の方法にて対応可能です。

1. ポータル (https://portal.azure.com) 上から ExpressRoute の構成を開き、ExpressRouteの構成情報の画面にある [最新の情報に更新] をクリックします。
2. 再度、ポータルから各ピアリングの情報を取得できるかどうかをご確認ください。

PowerShell からデータを更新する方法もございます。

1. Azure PowerShell コマンドで、以下のコマンドを実施して、ExpressRoute の情報を取得し更新します。

$exr = Get-AzureRmExpressRouteCircuit -ResourceGroup <リソースグループ名> -Name <ExpressRoute 名>
Set-AzureRmExpressRouteCircuit -ExpressRouteCircuit $exr

以上ご参考になれば幸いです。

Written by John Stasick, Jeff Beckham & Todd Meadows –

Introduction:

During the second half of 2016, Microsoft introduced a new solution set: the Secure Productive Enterprise, or SPE for short. A combination of Windows 10, Office 365, and the Enterprise Mobility + Security platform, SPE represents a clear, simplified path for an enterprise to evaluate, purchase and deploy their foundational digital infrastructure. At face value, one might primarily interpret SPE as simply a bundle or a licensing vehicle. In fact, simplified licensing is part of the story, but it is not the story. The Secure Productive Enterprise represents much more. SPE is Microsoft’s prescriptive set of specifications and technologies for running any modern enterprise in a “cloud first, mobile first” world.

Specifications for Running a Modern Enterprise:

If you remember the days of packaged PC software, you might remember picking up a copy of Photoshop, Office, or a game like Halo. After perusing the back of the package, you may have glanced to the side of the box where you would have found two sets of specifications: Minimum System Requirements and Recommended System Requirements.

Each of these spec sets included the OS versions, memory configurations, processor speeds and GPU types that would be needed to either 1) get the software to run or 2) get the software to run with the raw power needed to achieve maximum performance. The tradition of publishing system requirements for consumer and enterprise software is very much alive and well today:

Those system requirements are an effective analogy to what the Secure Productive Enterprise really is. With 2 configurations — SPE E3 and SPE E5 — the Secure Productive Enterprise represents Microsoft’s “must do” (i.e. minimum) and “should do” (i.e. “recommended”) specifications for running and securing a modern workplace.

Secure Productive Enterprise was designed from the ground-up to enable uncompromising productivity, collaboration, mobility, business insights and a secure experience, giving your company the foundation to compete, excel, and grow. Let’s take a look at the two sets of SPE specifications side-by-side:

Minimum and recommended specifications across 3 foundational enterprise platforms: Office 365, Enterprise Mobility + Security and Windows 10

A common question here is: why is there both a “minimum” and “recommended” set of specs? It’s a great question, with a relatively simple answer. Given that every customer and company is at a different point in their unique digital transformation journey, the two spec sets give companies choices. One size does not fit all. Some customers require a level of flexibility in answering critical questions such as:

• What can we prioritize given our current budget?
• What is the timing around our other vendor/system investments?
• Have we invested in the right skillsets internally to maximize the solutions?

A fitting example of this flexibility within the Secure Productive Enterprise framework is around the security components of the solution – let’s pick on data protection for just a moment. In a mobile first, cloud first world, without exception security should be the #1 concern of the executive, IT and Infosec teams of a modern enterprise. However, there is a difference in the level-of-effort required for Infosec teams between these two related data protection scenarios:

1. Identify sensitive data stores (e.g. finance or HR file shares) and then apply encryption policies to the data coming onto or off of the share
2. Implement an enterprise wide auto-classification system that labels and encrypts all sensitive data at the-point-of-creation without IT or employee interaction.

Scenario #1 requires a simple agreement that the finance and HR users do indeed create and access sensitive information and require the application of a blanket encryption policy for data. Scenario #2 requires extensive consideration regarding enterprise wide classification labels and the numerous, specific policies that must be built out to cover a number of unique situations ranging from code-named projects to M&A to unique PII and beyond.

The project for Scenario #1 can be accomplished in a week and is easily executed in SPE E3. Scenario #2 may take 6 – 12 months and is easily executed in SPE E5. In either case, however, it is not the technology within the Secure Productive Enterprise that is influencing those timelines; it is the enterprise’s readiness around the policy and nomenclature of, in this case, advanced security features like data classification. In this example, this company could immediately accomplish the minimum spec (“encrypt all sensitive data stores”) while then purchasing the recommended spec month’s later when the ground work for an enterprise data classification system has been vetted and approved.

Technology Platforms for Running a Modern Enterprise:

We’re not quiet done with that previous specifications chart just yet. If you look to the first column of the matrix, you’ll see the capabilities that Microsoft believes are required of the Modern Workplace, from authoring to compliance and everything in between.

The dilemma companies face is advancing productivity while maintaining security and adhering to compliance and regulatory policies. This is a significant obstacle for companies struggling to stay competitive. For example, enabling a more mobile workforce can expose your corporate network(s) to increased risk of data leakage and historically requires the need to dictate security practices into the user’s daily activities. The purpose of addressing security in a productivity environment is to ensure the continued effective protection of sensitive information and processes. The difficulty comes in balancing how much security can be implemented without affecting an enterprise’s productivity. With a centrally managed and unified set of security and productivity offerings, an enterprise can focus their time on managing business and not the enabling solutions.

In a nutshell, every modern enterprise needs to get work done, collaborate on it, and protect the work and the people doing it.

Pretty obvious, right? To accomplish that herculean goal (and the specifications that make it possible), there are 3 key technology platforms that come together to form the Secure Productive Enterprise:

• Office 365: Enables, manages, and protects how work gets done and shared
• Enterprise Mobility + Security: Enables, manages, and protects who gets work done and where it gets done.
• Windows 10: Enables, manages, and protects the work environment itself, including providing for diverse workstyles across voice, ink, touch, and new classes of devices.

Those platforms probably aren’t new to you. Office 365 is the world’s largest SaaS application. Enterprise Mobility + Security is among Microsoft’s fastest adopted enterprise solution in history. Similarly, Windows continues to be the primary computing client of choice for the vast majority of the world’s commercial entities.

But what might not be so familiar is how those platforms now come together in surprising new ways. While valuable on their own and quite capable of operating in a silo, that’s no longer how these platforms are designed. Office, EM+S, and Windows are now built from the ground-up to bring critical new capabilities. Together they form the building blocks of digital transformation in the modern workplace in 4 key areas:

Trust: Protect your organization, data, and people

• Integrated intelligent security
• Transparency and control
• Privacy by design
• Compliance leadership

Collaboration: Create a productive workplace to embrace diverse workstyles

• Email and schedule
• Create, share, and find
• Call and meet
• Connect and engage

Mobility: Enable your people to get things done anywhere

• Work from anywhere
• Access from any device
• Manage and secure identity
• Always up to date

Intelligence: Provide insights to drive faster, better business decisions

• Analytics for everyone
• Discover relevant content and people
• Improve personal effectiveness
• Works for you

In the new world, if you are lacking in any one of these areas, you have an incomplete puzzle — you are likely not competing at your full potential. The whole picture of a modern enterprise only really comes together when each of these areas are addressed in concert to serve the specific needs and goals of the business. There is a lot more to say on each of these “building blocks” of an enterprise digital transformation and we will be posting in-depth articles on each as part of our ongoing Secure Productive Enterprise series.

Summary:

At the end of the day, the Secure Productive Enterprise is not about the 2 “spec sets” or 3 “technology platforms” or even the 4 “building blocks of digital transformation.” SPE is about each company’s unique needs, customers and journey.  SPE is simply a framework to help get from Point A (how do I enable greater productivity while protecting my users, data, and devices in a cloud first, mobile first world?) to Point B (how can I take these experiences to the next level to transform my business in a mobile first, cloud first world?).

Our team looks forward to helping you understand and execute your own journey and digital transformation.

If you have been following the multiple threads  on issues and changes to the PowerPivot for SharePoint 2016 Gallery Snapshots, you may be aware of an issue where gallery snapshots do not function properly (infinite “hourglass”) for SSL sites when there are multiple sites bound to the same port. While not limited to port 443 we will use a generic port 443 site as an example here as it is the most common usage.

I found this issue back in December 2016 during testing and again in a really well researched blog post by Brian Laws (http://info.summit7systems.com/blog/bug-report-powerpivot-for-sharepoint-2016-thumbnails-not-generating) in February of this year. After that, we started to see some cases roll in and I had a basis to start engaging our product team on the issue.

I will not go into extensive detail on the snapshot process or the log entries (you can see Brian’s blog above for most of it or follow along in the ULS logs), but here is the 10,000 foot view:

1. A user uploads a new PowerPivot workbook to the Gallery.
2. Event receiver detects the file and triggers detects that it is a file valid for a snapshot.
3. SharePoint calls the ExcelRest.aspx for each relevant item in the workbook via a URL similar to the following:
   •  https://localhost/_vti_bin/ExcelRest.aspx/PowerPivot%20Gallery/GenericWorkbook.xlsx/Model/Sheets(‘Sheet1’)
4. As part of the above call the full URL of the document is sent with the request to OOS on behalf of the user that uploaded the document. (Obviously “localhost” is not a valid URL for OOS, so we also send the full URL as part of the request so OOS knows where to go to retrieve the snapshots)
5. Office Online Server loads the workbook, retrieves the snapshots, and returns them to the SharePoint WFE server.
6. The snapshots are applied to the document.

The Issue:

The new snapshot process causes an issue for SSL sites that share a port and use unique certificates. When you combine multiple unique URLs each with their own unique SSL certificates and localhost calls, you wind up with IIS getting very confused on what certificate to pin to the request (since it is localhost, it takes the first one in line generally). In an effort to avoid an authentication double hop in a scenario where more than one SharePoint web front end (WFE) is involved, the product team opted to utilize localhost. If this was not in place, Kerberos Constrained Delegation (KCD) would need to be configured between the SharePoint WFE servers to avoid an overcomplicated configuration just for gallery snapshots to function properly.

In the SharePoint ULS logs, you will see a set of entries similar to the following detailing the failure:

00/00/2017 00:00:00:00 w3wp.exe (0xXXXX) 0x18A8 PowerPivot Service Unknown 46 Medium Capturing Report Gallery snapshot information from the following URL: https://localhost/_vti_bin/ExcelRest.aspx/PowerPivot Gallery/GenericWorkbook.xlsx/model/Sheets 37abef9d-92a8-20b9-17bb-d369b513965b

00/00/2017 00:00:00:00 w3wp.exe (0xXXXX) 0x18A8 PowerPivot Service Unknown 46 High Snapshot Exception: Unable to take snapshots or get details of the file: https://ssl.contoso.com/PowerPivot Gallery/GenericWorkbook.xlsx from the uri: https://localhost/_vti_bin/ExcelRest.aspx/PowerPivot Gallery/GenericWorkbook.xlsx/model/Sheets. 37abef9d-92a8-20b9-17bb-d369b513965b

00/00/2017 00:00:00:00 w3wp.exe (0xXXXX) 0x18A8 PowerPivot Service Unknown 46 High Snapshot Exception: Ensure localhost uris are allowed. 37abef9d-92a8-20b9-17bb-d369b513965b

00/00/2017 00:00:00:00 w3wp.exe (0xXXXX) 0x18A8 PowerPivot Service Report Gallery 99 High EXCEPTION: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. <<Truncated stack>> 37abef9d-92a8-20b9-17bb-d369b513965b

During my multiple attempts to narrow this down, I could see the snapshot process attempting to load the first site bound certificate in my list (for my “secondary” SSL site) instead of the certificate for ssl.contoso.com. Because of the localhost call, IIS is confused (obviously) about what certificate to hand out for the request. This issue is specific to farms where everything else is configured properly and functional, but it is not limited to just this scenario. This just happens to be the most common (and basic) configuration.

The product team has determined this is by design and will not be changed due to product limitations with SharePoint and Office Online Server.

“The Workaround”

• You can use a wildcard certificate. This is the only possible workaround we have found so far. With a wildcard certificate for your sites, you can utilize multiple SSL host header sites and your gallery snapshots will function (this has been tested and confirmed working). Again, this is assuming that everything else is configured properly for snapshots to function. We realize this is not viable for everyone, but at this point it is only option to keep sites SSL and have functional snapshots.

Other Options

• You can restrict your usage to one SSL site  with host header and certificate and no IP specific bindings (site specific SSL certs and IP specific bindings usually go hand-in-hand).
• Stop using the PowerPivot Gallery all together. You can schedule data refreshes for PowerPivot workbooks in any document library as long as the PowerPivot solution is deployed to the web app and the features are activated on the site.
• Convert your SSL sites to HTTP. (Maybe even just the sites that host workbooks?)
• Set “All Documents” to the default view in the PowerPivot Gallery.
  1. Navigate to the list a site owner.
  2. Click “Library” > “Library Settings” from the ribbon menu.
     
  3. Scroll down to the “Views” section and click “All Documents”
     
  4. Check the “Make this the default view” box and click “OK”
     
• You can take the above a step further by deleting the Silverlight views in the PowerPivot Gallery.
  • (Do the “Set “All Documents” to the default view” section above first)
    1. Navigate to the list a site owner.
    2. Click “Library” > “Library Settings” from the ribbon menu.
       
    3. Scroll down to the “Views” section and click on any of the 3 PowerPivot Silverlight views “Gallery”, “Theatre” and “Carousel”.
       
    4. Click “Delete”.
       
• You can also Delete/Hide the extra views with PowerShell (sample scripts attached below):
  • Hide Script
  • Delete Script
    NOTE: For your current PowerPivot Galleries, they will continue to attempt to take snapshots even if you disable/delete the views. The only way to stop them from attempting to create snapshots is to replace the gallery with a normal document library. As long as you keep the PowerPivot features deployed to the site, you will still be able to schedule data refreshes as usual. We STRONGLY recommend that you test these scripts extensively in a development environment before using them on a farm that matters.

Something else to consider here is that PowerBI Report Server is being released soonish (Q2 this year is the current timeline). You can check out more info and try out the preview version already here: https://powerbi.microsoft.com/en-us/report-server/

For more information about changes to Gallery Snapshots in SharePoint 2016, see our post here: https://blogs.technet.microsoft.com/excel_services__powerpivot_for_sharepoint_support_blog/2017/01/20/changes-to-powerpivot-gallery-and-snapshots-in-sharepoint-2016/

This article covers an issue specific to PowerPivot Gallery Snapshots in SharePoint 2016 and does not refer to or reference any other products. If you see similar errors in other versions of SharePoint, the solutions/recommendations list here will not help you and are not relevant to your issue. The PowerShell scripts provided in this article are provided as samples for testing with no guarantee or warrantee by Microsoft.

I meant to post this earlier, but I want to let everyone know that I’ve had the great honor of being able to write a book with some of the titans of Microsoft Consulting Services.  The book has all new content for Office 365 based on our experience in the field,  and even features current service release updates, so as the features and service evolve, we will continue to update  updates, so as the features and service involved, we will continue to update and present new content.

You can pre-order the book on Amazon now at http://aka.ms/o365adminio.

The tenant you save might be your own.