Today's tip...

Reading list in Microsoft Edge gives you a place to save articles, e-books, or other content you want to read later—on the bus, over the weekend—whenever you like. You'll see your reading list on all your Windows 10 devices when you sign in with a Microsoft account.

You can also read e-books in your browser. Select any book (.epub format) on the web, and it'll automatically open in Microsoft Edge where you can save it to your reading list.

Ref: https://support.microsoft.com/en-us/help/17204/windows-10-take-your-reading-with-you

La date de l''EOL (End Of Licence) vient de tomber.

Les distributeurs ne pourront plus acheter Windows Server 2012/R2 à partir du 31 Décembre 2017.

Les intégrateurs et clients pourront acheter Windows Server 2012/R2 après cette date jusqu'à épuisement des stocks grossistes.

Après cela il sera toujours possible pour le client final d'utiliser son droit de downgrade et de passer de Windows Server 2016 à une version antérieur (cf article downgrade)

Le support classique est annoncé jusqu'au 09 Octobre 2018.

La date de fin de support étendu est le 10 Octobre 2023.

Plus d'informations ici

Want to be ready for the fourth industrial revolution? Technology alone isn't the answer.

As we've seen from our previous blog, the fourth industrial revolution is coming soon. It's going to be huge. And it's going to completely change how we work.

Want to turn this to your advantage? You'll need to think about more than just technology. If you really want to reap the rewards of this new world, how that technology is applied, and by whom, is just as important.

It's not what you do - it's the way that you do it

Many business leaders aren't rushing head-first into new and exciting digital processes. Instead, they're taking stock. They're looking at the business models they already have. And they're seeing how digital can make these models better; how they can use it to break down silos, get more insight, and make more confident decisions.

The opportunity of the cloud

At this year's Microsoft Inspire event, Microsoft CEO Satya Nadella said that if businesses want to improve their processes, they need "more contemporary, modular applications, connected data graphs, and a common data model." This will help them "break free from silos of data that hinder the accessibility needed for automation."

To see if they're ready to take on this new approach, smart enterprises and businesses will take a careful look at their internal skillsets around cloud, and find out where the gaps are. But filling those gaps could prove challenging. A recent Microsoft report showed that almost half (46%) of businesses of almost all sizes - from SMEs up to large enterprises - thought that finding internal cloud skills internally wouldn't be any easier in two years' time. It might even be harder.

It's here, in this world of connected, customisable cloud-based business applications, that you can help your clients. This is your chance to join them on their road to digital transformation and help them successfully navigate the fourth industrial revolution.

But first, you need to look inwards at your own capabilities. We know that 38% of Microsoft's traditional partners are struggling to recruit the right skills to support their own digital transformation strategies. We want to help you to bridge this skills gap so you're in the best position to help your clients. More details here.

What you can do - and how we can help

Firstly, put yourself in your client's shoes. They don't want generic benefits. They're looking for a real-world application. So, what does a single platform of multiple business applications like Dynamics 365, that can bring together people, data and processes, look like? And how do clients get the best possible value from it?

Next, you'll need to bring your own knowledge, industry insight and skills to the implementation. They know you have the cloud skills, and they'll expect you to make use of your deep insight into the strengths of Microsoft solutions to turn the vision you've developed with them into something real.

One of the UK's leading floor specialists, Carpetright is using the Dynamics 365 platform to improve the way they receive orders, process products and deliver them to homeowners. The solution also provides customers with highly accurate delivery times and installation quotes. So, people won't have to take a whole day off work to wait for their delivery and they'll know in advance how much it will cost to fit the product they've bought.

We're perfectly positioned to help you deliver solutions to your customers, and we'll give you support and advice along the way. With our "build-with" support, we can help you explore partnerships with independent software vendors to develop bespoke business solutions. We'll train you and your team to create better apps, and we'll help to make your proposition stronger. Not just now, but in your future sales and marketing efforts as well.

Next steps

In the next post, we're going to look at how you can help your business customers make best use of data and AI. In the meantime, for more information on Dynamics 365 please follow this link, or you can take a trial of Dynamics 365 Business Apps here.

By Alex Bennett, Firebrand Training

Microsoft offers a wide range of Azure Virtual Machines (VMs) to choose from – giving you the ability to quickly develop, test, run applications and extend your data centre. But which one fits your demands? Joining us for this introduction to Azure Virtual Machines is Mike Brown, Lead Azure Instructor at Firebrand Training.

Migrating to the cloud can be daunting, especially with hundreds of VM options to choose from (virtual machines on Azure are categorised into types, families and sizes). In this article, we’ll take a look at how VMs differ in terms of power, price and functionality.

Virtual Machine Types

Each VM type is built to run a different workload. For example, the GPU type VM is designed for heavy graphics rendering and video editing workloads. Alternatively, the High Performance Compute VM has the fastest, most-powerful CPU with optional high-throughput network interfaces (RDMA) – ideal for running intensive Big Data applications.

Currently, Microsoft offers six virtual machine types:

• General Purpose – Balanced CPU-to-memory ratio
• Compute Optimised – High CPU-to-memory ratio
• Memory Optimised – High memory-to-CPU ratio
• Storage Optimised – High disk throughput and IO
• GPU – Specialised virtual machines for heavy graphics rendering and video editing
• High Performance Compute – Fastest, most powerful CPU with optional high-throughput network interfaces (RDMA)

Choosing the right type of VM is as simple as matching your workload against the type of VM designed to run that workload.

• Example 1: If you’re in a testing/development phase, run low traffic web servers or host a small-to-medium database, the General Purpose VM Type would be a good choice.
• Example 2: If you are deploying a memory-intensive relational database or in-memory analytics, the Memory Optimised VM Type is your best option.

You should be able to find a VM type that suits the workload you want to run, but if you can’t, take a look at the Azure Marketplace. Here you’ll find niche virtual machine images produced by Microsoft-approved third-parties.

Items sold here go through a heavy vetting process; every VM is still running Azure, but these images have been created by a third party to fulfil a need not provided by the stock Azure VMs.

Virtual Machine Sizes & Families

Each VM type is available in a number of different families and sizes, identified respectively by a letter and number, like A0, A1, A0, A1, D2s_v3, NV24, or B1.

Each size has a different number of CPUs, amount of memory and supports differing numbers of disks. Some VM sizes will use HDD disks, others will use SSD disks.

There are dozens of VM sizes and family variations to choose from. If you’re unsure, a number of calculators and estimators are available to give you an idea of what kind of VM to go for.

If you’re moving a SQL Database to Azure the Azure SQL Database DTU Calculator can help give you an idea of the size of Azure SQL database you will need in the cloud.

To simplify the cost-estimation process, Microsoft has also created the Azure (Iaas) Cost Estimator Tool. This tool is designed to run on-premise against your existing machines, giving you an idea of what you’ll need when you migrate to Azure.

The newest and most accurate tool is the Azure Pricing calculator. Just enter your figures to find out how many VMs and in what sizes you’ll need to run your workloads in Azure.

It can become confusing comparing all the available types and sizes of VMs so Microsoft has introduced the concept of Azure Compute Units (ACU). ACUs provide you with a method for comparing compute performance across Azure SKUs.

Microsoft has also introduced VM sizes for specialised workloads. The NC and NV sizes are GPU-enabled instances using NVIDIA’s GPU cards. If your workload requires remote virtualisation, streaming, gaming, encoding and VDI scenarios, then the NC and NV sizes are a good choice for you.

The newest VM line, the B-Series Burstable is currently available to preview. The B series VM family allows you to choose a VM size that gives a base level of performance with the ability to burst CPU performance up to 100%.

The B series is ideal for workloads that do not require the full performance of the CPU all the time. This is perfect if you run a web server that is idle most of the time but is very busy for part of the day. During idle periods the VM builds up ‘credit’ in a bank – this credit can then be used during busy periods. This VM size is designed to be cost-effective, while giving performance when it is needed.

And for a closer look at every VM size, take a look at Microsoft’s comprehensive documentation.

How to choose your VM Size and family

When it comes to choosing your VM size and family, it pays to start small and grow big. It’s possible to start off with a small, inexpensive virtual machine and then, as you need more power, change the size and even type of VM to something more powerful.

By starting small and using only what you need, you’ll save money without limiting your performance in the future. Plus, upgrading or downgrading your VM can be done entirely through the Azure console.

Virtual Machine Pricing

Prices can range from £11.09-per-month for an A0 VM (used mainly to trial or experiment with Azure) to £3330.39-per-month for a NV24 VM (the most-powerful available, used for Big Data and advanced graphics rendering). Azure prices can vary across regions; the prices listed above are estimates based on the UK South region.

As VMs are priced for usage by the hour or minute, you’ll be able to save money by bringing them online only when needed and taking them offline when not in use.

Learn more about Azure VMs

Microsoft’s Azure certifications are an excellent way to build and prove your knowledge of Virtual Machines on Azure. Consider studying for the Implementing Microsoft Azure Infrastructure Solutions certification, which covers the creation, management and deployment of VMs.

Training providers, like Firebrand, also run purpose-built Azure training courses that cover the skills not included on Microsoft’s curriculum.

The Azure Academy: Infrastructure and Networking covers the latest VM types and families as well as how to choose the best VM for a workload. This is not a certification course – instead, you’ll get hands-on knowledge of the latest Azure features, before they’re integrated with the official MOC (Microsoft Official Curriculum).

Resources

• Azure Cosmos DB: An expert’s introduction
• Migrating to Azure SQL Database
• Complete Windows Server Certification Guide: MTA, MCSA and MCSE
• Upcoming UK events

This post is an update of https://blogs.technet.microsoft.com/emreguclu/2014/09/12/undiscovering-stop-monitoring-sql-200520082012-express-editions/ which adds SQL 2014 and SQL 2016 and removes SQL 2005 support to existing mp as per requests of customers.
If you have the older version please just download and import this one.

For all details about the configuration of the Management Pack, please visit Emre's Blog.

MP Download:
SQLExpress.RemoveMP.xml

Office 365 предоставляет обширный набор приложений и служб с универсальным набором средств для групповой работы, обеспечивая людям гибкость и свободу выбора при взаимодействии, обмене данными и общении. Сегодня мы с радостью объявляем о добавлении 96 новых глобальных рынков: теперь Office 365 доступен более чем на 246 рынках мира на 44 языках. В этом месяце добавились новые приложения и функции, которые помогут организациям всех размеров ускорить цифровые преобразования и предоставят каждому пользователю возможность создавать привлекательный и доступный всем контент.

Новые мощные возможности для создания контента

В этом месяце мы продолжили работу над интеллектуальными службами Office 365. Мы добавили новый набор облачных возможностей, которые сэкономят время и помогут добиться лучших результатов.

Переводчик в Word — мы полностью переработали средства перевода, доступные в Word. Теперь можно переводить части текста или документ целиком, а затем просматривать и сохранять результаты в виде обычного файла документа. Переводчик поддерживает 60 языков, включая 11, использующих машинный перевод на базе нейросети, что обеспечивает великолепное качество и скорость работы. Чтобы приступить к работе, перейдите на вкладку «Рецензирование» в Word и выберите «Перевод».

Помощник для поиска людей и документов — теперь обращаться к необходимой информации при работе в Word, Excel и PowerPoint стало еще проще. Подписчики на коммерческие версии Office 365 могут выполнять поиск во всей организации, совместно использовать текущие файлы с коллегами, предварительно просматривать и повторно использовать слайды, графы и таблицы из прошлых документов — и все это благодаря помощнику, где теперь доступен поиск людей и документов. Чтобы начать работу, просто войдите в свои приложения Office, используя коммерческую учетную запись Office 365, и приступайте к поиску в поле Что вы хотите сделать.

Средства обучения в Word на iPad — теперь Word на iPad поддерживает иммерсивное средство чтения и функцию Прочесть вслух — новые мобильные средства для просмотра содержимого с учетом особенностей восприятия при обучении, поддерживающие обратное чтение документа с одновременной подсветкой. Эти возможности упрощают обнаружение и исправление ошибок на письме, улучшая качество чтения и правки, особенно для пользователей с такими нарушениями обучения, как дислексия.

Облачные улучшения для удобства управления файлами

Сегодня, когда сотрудники создают и совместно редактируют все больше файлов на различных устройствах, особенно важно иметь доступ к нужному (личному и рабочему) содержимому в одном месте. Вы не должны беспокоиться о том, хватит ли места у вас на устройстве и будут ли доступны файлы в самолете.

OneDrive Files On-Demand — в новом обновлении Windows 10 Fall Creators Update вы можете обращаться к своим файлам в OneDrive и SharePoint как к любым файлам на компьютере, не занимая место на диске. Файлы с доступом «Только через Интернет» загружаются по требованию двойным щелчком, а потом их можно снова вернуть в онлайн-режим, чтобы освободить место и не загружать корпоративную сеть. Функция Files On-Demand работает с персональной и рабочей папками OneDrive, а также с сайтами групп SharePoint Online.

3D-файлы в OneDrive — мы продолжаем расширять типы содержимого, с которым вы можете взаимодействовать в Office 365. Новая поддержка 3D-файлов OneDrive позволяет упорядочивать, совместно использовать и повышать эффективность ваших материалов с помощью трехмерных объектов. Теперь 3D-файлы можно открывать и просматривать в приложении OneDrive и OneDrive.com без подключаемых модулей браузера, а затем импортировать в Word, Excel или PowerPoint.

Расширение набора интернет-служб

Office.com и браузерные приложения становятся все более мощными, так что вы сможете работать быстрее и продуктивнее вне зависимости от того, какое устройство у вас под рукой.

Visio Online — в начале этого месяца мы представили Visio Online — веб-версию популярного средства работы со схемами от Майкрософт с удобным и многофункциональным интерфейсом для визуальной работы в сети. Подписчики Visio смогут создавать, редактировать и совместно использовать схемы в Интернете, с легкостью визуализируя сложную информацию новыми способами.

Визуализация сети в MyAnalytics — MyAnalytics помогает вам и вашим коллегам эффективнее работать с помощью персональной аналитики и интеллектуального инструктажа. В этом месяце мы представили новые возможности в MyAnalytics для визуализации времени, проведенного с отдельными пользователями и группами, чтобы вы могли эффективнее расходовать его с учетом приоритетов.

Профили LinkedIn в Outlook.com — в сентябре на конференции Ignite Сатья Наделла продемонстрировал возможность, с помощью которой коммерческие подписчики Office 365 могут просматривать сведения в профиле LinkedIn в приложениях и службах Майкрософт. С сегодняшнего дня эта новинка станет доступной для обычных пользователей Outlook.com, предоставляя расширенные сведения, фотографии профилей, послужной список и многое другое прямо в личной папке входящих сообщений.

Прочие обновления

• Миллиард загрузок Skype для Android — на прошлой неделе Skype преодолел исторический показатель в один миллиард загрузок в Google Play Маркет.
• Галерея Office 365 — в этом месяце мы развернули новую галерею Office 365, где подписчики смогут получить персональную информацию о доступных им приложениях, средствах и службах.
• Поддержка многостраничных документов в Office Lens — теперь вы сможете сканировать большие многостраничные документы и сохранять их в один файл, а затем выполнять по ним поиск прямо в облаке.
• Обновления SharePoint — в этом месяце стало еще проще создавать красивые и корректно отображаемые на мобильных устройствах формы для SharePoint с помощью PowerApps. А еще теперь можно создавать и обрабатывать новости всей организации прямо в мобильном приложении SharePoint на Android и iOS.
• Групповая аналитика в Yammer — мы развертываем новую групповую аналитику, чтобы помочь менеджерам сообщества лучше понимать и развивать свои группы в Yammer.
• Office + Surface — сегодня на конференции Future Decoded Панос Панай рассказал участникам о том, как наши устройства и ПО преобразуют методы работы, творчества и достижения успеха на современном рабочем месте.
• Инклюзивность в действии — в преддверии Международного дня людей с ограниченными возможностями мы представляем новую серию видеороликов, посвященную людям, преобразующим свою жизнь с помощью доступных технологий.

Узнайте больше о том, что нового для подписчиков Office 365 в этом месяце в статьях: Office 2016 | Office для Mac | Office Mobile для Windows | Office для iPhone и iPad | Office на Android. Если вы пользуетесь Office 365 для дома или персональный, подпишитесь на программу Office Insider, чтобы первым использовать последние нововведения в продуктивность Office. Коммерческие пользователи программ Current Channel и Deferred Channel также могут получить ранний доступ к полностью поддерживаемым сборкам по программе First Release.

Даты выхода: 

• Переводчик в Word доступен для участников программы предварительной оценки Office на Windows; поддержка других платформ ожидается в ближайшее время.
• Пользовательские функции в версии Developer Preview развертываются для участников программы предварительной оценки Office на Windows уже сегодня и вскоре появятся для пользователей Mac, iPad и Excel Online.
• OneDrive Files On-Demand входит в обновление Windows 10 Fall Creators Update.
• Visio Online доступно в Visio Online, план 1 и более расширенном выпуске Visio Online, план 2 (ранее — Visio Pro для Office 365). Просмотр схем остается бесплатным для большинства клиентов Office 365.
• Сведения LinkedIn в Outlook.com начнут развертываться в ноябре.

Статья первоначально опубликована Кирком Кёнингсбауэром (Kirk Koenigsbauer), корпоративным вице-президентом команды Office, на английском языке здесь.

Welcome to my TechNet Blog!

Write-Host "Hello World!"

Who is writing here?

My name is Miriam Wiesner. I work at Microsoft as Premier Field Engineer, specialized on Secure Infrastructure.

This is my TechNet blog, where I will post from time to time new blog posts about Security issues and helpful advice to secure your infrastructure.

I also write blog posts for my private blog: my articles there do not always treat Microsoft or Security issues, but they do often. If you are interested in my other blog posts and writing, you are warmly welcomed to check it out: miriamxyra.com

Prior to my work as Premier Field Engineer, I worked as Systems Administrator, Programmer, System Engineer and Consultant & Penetration Tester (I also built my own pentesting department, but that's another story).

What do I do as a Premier Field Engineer?

As a Premier Field Engineer I am mostly at customer's offices, either assessing their environment or helping them solving their security issues. Sometimes I also do a presentation if they are interested for example in new security features in the latest Windows Server release.

So I travel a lot. Mostly in Germany, but also EMEA wide. Sometimes there are customers who need exactly my skillset and there is no local PFE who can help.

I discover a lot of beautiful places - I never traveled that much in my life so far.

While traveling I discovered a new hobby: every time I pass a Microsoft Office, I ask a colleague to take a photo in front of the building to collect photos of all the Microsoft Offices I have ever been to.

Microsoft Office Munich, Germany

In front of the Microsoft Office in Bucharest, Romania

At the side entrance of Microsoft Berlin, Germany

Where does my passion for IT security come from?

Honestly - I have no idea. Since I was a little girl, I was passionate about technology. I wanted to know how computers work. That's why I taught myself how to write code when I was 8.

I was always interested in IT security, but I was not sure how to use this interest, since hacking was quite a bad thing, wasn't it? So I learned all this stuff secretly in private, hoping nobody will know (of course harming no one).

Later when I already worked a few years in IT, I found out, that there actually IS a legal way to improve one's security skills. A whole IT security branch has been built during the years I worked as administrator or programmer and that there actually is a need for security experts.

So I began to learn "officially" security skills, participated in CTFs, wrote articles for my blog or the Hakin9 magazine, and created hacking tutorials on YouTube (I even won a security video contest with my first video).

Enjoy my blog

However you found this blog, I hope you'll enjoy my articles. Have fun and see you around!

When performing Security checks in customer environments I often find out that Lan Manager or NTLMv1 is still allowed. Most customers don't know that this setting leaves the environment highly vulnerable to attacks targeting their authentication methods.

Why you should not use Lan Manager and NTLMv1 anymore you will read in this article.

What's the problem with Lan Manager?

Lan Manager is the 'grandpa of authentication' in Windows Systems. It was implemented in 1987 and nowadays it is old and deprecated. And yes of course, it can be broken easily.

This protocol is still used by Windows-NT based operating systems to store Password Hashes. And due to backward compatibility issues it is still in use: If a password is stored, which is shorter than fifteen Characters, a LM-Hash is generated and used.

A LM-Hash is NOT case-sensitive: Before creating the hash, all characters are being casted to uppercase characters. So it does not matter if upper or lower characters were used when creating the password.

But there is also another vulnerability, caused by the first implementation of this protocol

In the earliest implementation, it was supposed that a password will never be longer than seven characters. Therefore the initial length of passwords could not exceed seven characters. Eight Bit were used to store it: seven Bits for the password plus one parity bit.

When computer systems became faster and stronger, Brute-Force attacks became an issue to those "secure" eight Bit passwords. They could easily be guessed, so it was decided to add more characters to the passwords.

But since everyone was using a password which was generated with the old recommendations and the old protocol, the new password authentication mechanism had to be backward compatible to avoid business disruption.

Therefore a new mechanism was built: eight more Bits (again seven Bits for the password, one parity Bit) were added to the password to enable passwords up to fourteen characters. To maintain the usability of the old passwords, the new Bits were concatenated to the old half.

Both halves were hashed and concatenated: That's how the actual LM password hash was created.

It was considered that this hash will not be broken that easily. But that was not the truth...

There is still a risk after the fix

This mechanism is still risky: if a password is shorter than fourteen characters, all unfilled bits will be filled with NULLs. So if a password is shorter than 8 characters, the second half (the new half) will remain empty and will be filled with those zero values.

Both halves - again - will be hashed and concatenated. But since the second half only contains zeroes, a hash over those zeroes is created.

So every time the second half is filled with zeroes, the same hash value will be used for the second part of the password.

If the password is split in two halves an attacker could compare the second half with the default hash for a password containing only zeroes. If it matches, the attacker can be sure that the password has less than seven characters.

Breaking the hash of the first half is easy: the attacker only needs to compare his prepared rainbow tables with the actual hash value and can easily break the password.

NTLM

To understand why you should not use NTLMv1 anymore, you have to understand how this protocol works. NTLM is a challenge/response-based authentication protocol. It is the default authentication protocol of Windows NT 4.0 and earlier Windows versions.

How NTLM basically works

1. When logging on, the client sends the plaintext user name to the server.
2. The server generates a random number ("challenge") and sends it back to the client.
3. The hash of the user name is used to encrypt the challenge, received from the server and returns the result back to the server ("response").
4. The server sends the following three items to the domain controller to verify that the requesting user is allowed to log on:
   • User name
   • Challenge (which was sent to the client)
   • Response (which was received from the client)
5. The domain controller looks up the user name and gets the corresponding password hash out of the Security Account Manager database and unses it to encrypt the challenge.
6. The domain controller compares the encrypted challenge it computed earlier with the response computed by the client. If both are identical, the authentication is successful.

How to deactivate Lan Manager and NTLMv1

Please be careful when deactivating Lan Manager and NTLMv1 - really!!!

Many old devices in your environment could still use those old authentication protocols. Some devices support NTLMv2, but only after configuring it on the device. So don't disable Lan Manager and NTLMv1 without knowing which devices still use it.

First step: Audit!

Prior to disabling those old authentication protocols: Listen to your devices - or better: Audit them!

If you don't know which devices are relying on Lan Manager or NTLMv1, you can't disable it without crashing some of your systems.

1. Collect Audit Logs in a central log collection.
2. Filter for Event Logs with the Event ID 4624 - An Account was successfully logged on.
3. In this event you will find the section "Detailed Authentication Information"
   1. If the "Authentication Package" was NTLM, NTLM was used as authentication method
   2. Now have a look at "Package Name (NTLM only)", if LM or NTLMv1 is the value of this attribute, Lan Manager or NTLMv1 was used
4. Investigate all clients/servers where Lan Manager or NTLMv1 was used: why are they using this deprecated authentication protocol?

When you have investigated and upgraded every device to use NTLMv2, you are ready to enforce NTLMv2 globally in your environment.

Enforce NTLMv2 only

So, you have audited your logon events and found out that no device is using old authentication protocols? You are ready to enforce NTLMv2? Very good! Read here how to do it.

The magical key you are looking for is called Lan Manager Authentication Level. This setting defines which authentication level is used.

You can either enforce it locally or via GPO:

• Computer ConfigurationWindows SettingsSecurity SettingsLocal PoliciesSecurity OptionsNetwork security: LAN Manager authentication level

Since there are 6 levels (from 0 to 5), that means 0 is the most insecure setting, but also the default. 5 is the most restrictive and most secure level - but hard to achieve.

If you want to set your LAN Manager authentication level as high as possible, start with Level 3: This level enables NTLMv2 as default, but still allows a fallback to Lan Manager and NTLMv1 in case the client is not able to use NTLMv2.

Then audit, audit, audit a lot to find out which devices are still using Lan Manager and eliminate them. If there is no client/server using Lan Manager anymore, you can set the level to 4.

And again: Audit, audit, audit, audit and audit once more! Is there really no device left which is using NTLMv1? Nice, you can set your lan manager authentication level to 5. Congratulations, you've just eliminated your old and vulnerable authentication protocols! Really good job!

Große Ereignisse werfen stets ihren Schatten voraus. Der heutige Tag markiert einen Meilenstein in der Gaming-Spart von Microsoft: Xbox One X erobert offiziell den deutschen Markt. Ein starker Moment für ein starkes Device.

Xbox One X ist State of the Art und fungiert künftig als Benchmark für Consumer-orientierte Neuentwicklungen im Technologiesektor. Darauf sind wir bei Microsoft und vorallem wir im Consumer & Devices Team stolz.

Starke Leistung, vielfältige Auswahl

In den vergangen Monaten haben wir häufig von der leistungsstärksten Konsole der Welt gesprochen. Wir haben unseren Fans eine Konsole versprochen, die alle aktuellen technischen Standards übertrifft und eine Gamingerfahrung bietet, die Spieler bislang nicht kannten. Ich habe während der letzten Monate nie daran gezweifelt, dass wir auf einem guten Weg sind und dieses Versprechen lösen wir heute ein.

Als einzige Konsole auf dem Markt bietet Xbox One X ein natives 4K-Erlebnis. Sie ist 40 Prozent leistungsfähiger als die bisher stärksten Konsolen auf dem Markt. Ihr Design ist zeitlos. Und wer sie mal angeschaltet hat, wird sich wundern, wie leise sie tatsächlich ist. Ich wiederhole diese Fakten noch einmal, weil sie für mich keine Selbstverständlichkeit sind. Xbox One X ist das Produkt vieler Jahre Entwicklung, in der zu jedem Zeitpunkt das Feedback der Spieler Ausgangspunkt aller strategischen Überlegungen war.

Das Interesse an Gaming ist größer als je zuvor

Dieser Ansatz ist spürbar: Auf Xbox One X sehen alle Spiele großartig aus und fühlen sich auch so an. Spiele mit dem Xbox One X Enhanced-Logo erhalten ein besonderes Update oder wurden speziell entwickelt, um die Technik der weltweit leistungsstärksten Konsole voll ausschöpfen zu können. Das Beste daran: Zum Start wählen Spieler aus 150 Enhanced-Titeln, die aufwändig aufpoliert wurden, über kürzere Ladezeiten v und dank höherer Auflösung über ein noch schärferes Bild verfügen. Mit dabei sind aktuelle Blockbuster, etwa Assassin‘s Creed: Origins, Forza Motorsport 7, FIFA 18 oder Call of Duty: WW2.

Vor allem die Euphorie der deutschen Fans hat mich beeindruckt und mit Stolz erfüllt, denn der Vorverkauf der Xbox One X Scorpio Edition mit elegantem Standfuß lief nicht mal einen Tag – und schon waren alle Exemplare vergriffen. Auch auf der gamescom 2017 sah ich in tausende glückliche Gesichter, die begeistert unseren Stand stürmten, um erste Eindrücke der Xbox One X hautnah miterleben zu können.

Nicht zuletzt hat die gamescom uns und der Industrie gezeigt, dass Videospiele einen immer größeren Stellenwert in der Gesellschaft genießen. Gerne erinnere ich mich an die offizielle Eröffnung durch Bundeskanzlerin Angela Merkel – wie sie neben ihrem digitalen Minecraft-Zwilling stehend Spielern, Entwicklern und Herstellern eine stärkere Förderung der Branche in Aussicht stellte: „Computer- und Videospiele sind als Kulturgut, als Innovationsmotor und als Wirtschaftsfaktor von allergrößter Bedeutung“, so Merkel. Mit Xbox One X haben wir ab sofort genau diesen Innovationsmotor in unserem Portfolio.

Weltrekorde für die Zukunft

Zum Start der Xbox One X haben wir die Konsole der Superlative bereits mit einer Aktion der Superlative gefeiert: dem größten Unboxing der Welt! Mit dem XXL-Unboxing haben wir einen Weltrekord aufgestellt – doch das begreifen wir bei Microsoft nur als Startschuss einer langen Serie wunderbarer Events und großartiger Überraschungen, mit denen wir unsere Fans glücklich machen möchten.

Ich bin gespannt auf 2018 und all die vielversprechenden Projekte und Spiele, an denen Entwickler aus allen Ländern bereits jetzt arbeiten. Ich bin mir ganz sicher: Mit Xbox One X haben wir die beste Highend-Plattform für Konsolenspieler und Technikbegeisterte geschaffen. Alle Spiele – völlig egal, ob Exklusivtitel oder nicht – werden erst auf Xbox One X ihr komplettes Potenzial entfalten. Die Zukunft beginnt jetzt.

Thomas Kowollik
Senior Director und Segment Lead für die Consumer and Devices Sales Group (CDS) bei Microsoft D/A/CH

こんにちは、Windows Platform サポートチームです。

この記事では、 Windows 10 で UWF (Unified Write Filter) とグループ ポリシーによるデバイスのインストール制限を併用する場合に発生する事象についてご案内します。

事象

グループ ポリシーでデバイスのインストール制限を有効にした状態で、UWF のフィルターでドライブの保護を有効にすると、以下のような事象が発生します。

・フィルター除外を設定したフォルダーを開こうとすると、「<アクセスしたフォルダー> は利用できません。」というエラー メッセージが表示される。
・UWF 関連の処理 (uwfmgr コマンドの実行など) に非常に時間がかかる。

（グループ ポリシーでデバイスのインストール制限を実施する設定例）

以下の設定と、許可または禁止するデバイスの設定を組み合わせて適用します。

項目：[コンピューターの構成] - [管理用テンプレート] - [システム] - [デバイスのインストール] - [デバイスのインストール制限]
設定：[他のポリシーで記述されていないデバイスのインストールを禁止する] を [有効]

発生理由

これは想定された動作です。
UWF によるフィルター除外設定やコミット処理などの変更を一時的に保存するため、Windows では仮想ボリュームを使用しますが、グループ ポリシーでデバイスのインストール制限を有効にしている場合、仮想ボリュームのインストールが制限されるため、上記のような動作となります。
この事象が発生する場合、システム イベント ログに以下の ID 20005 の UserPnp イベントが記録されます。

（記録されるイベントの例）
情報 xxxx/xx/xx xx:xx:xx UserPnp 20005 (7005)
デバイスのインストールの制限ポリシー設定により、ドライバー管理が、デバイス インスタンス ID STORAGEVOLUMEx&xxxxxxxx&x&-x のインストールを制限しました。

回避策

上記の通り、上記動作は想定されたものであり、現時点で回避策はございません。

参考情報: Universal Write Filter について
Unified Write Filter (UWF) feature
https://docs.microsoft.com/en-us/windows-hardware/customize/enterprise/unified-write-filter

A lot of my customers never use the reporting feature of System Center Operations Manager.  Some do not even install the reporting component, and are happy to simply drift through the river of life without knowing what’s coming around the next bend.  A lot of them have the reporting component of SCOM installed, but either never use it, or think that it is only useful for technology administrators (AD, SQL, IIS, SharePoint, etc.)  Well, I am here to tell you that SCOM reports CAN help the SCOM administrator, and are in fact very useful.
One of my favorite reports is the Data Volume by Management Pack.  Ask yourself this question:  How much do you know about exactly what is going into your Operations Manager databases?  Besides alerts, what else is going inside the databases?  Well, the Data Volume by Management Pack can show you this information, and more.

First, where do we find the Data Volume by Management Pack report?  In the Reporting workspace, it can be found under the category folder called System Center Core Monitoring Reports:

This is actually one of the easiest reports to configure and run in Operations Manager.  When you open the report, you get the following configuration fields:

First configure the time frame for the report.  Keep in mind that the larger timeframe you configure, the longer the report will take to execute.  I like to run this report on a monthly basis, so configuring a month period in the From and To fields is usually good enough for my needs.  For this example I am going to use 10 days.  The rest of the fields I generally leave unchanged, but you can adjust them as necessary.    One thing I would like to mention, and which I find few people know is in regards to the Management Pack control on the bottom right corner of the screenshot above.  In this control you can check or un-check specific management packs you wish to include or exclude from your report.  By default all management packs are checked, and in fact for this report I usually leave them all checked.  However, if you want to run this report for only a sub-set of management packs, you do not need to manually un-check each management pack.  If you right-click on the control, you will get a context menu which allows you to check or un-check all the items in the control.  This control is also available in other reports, most notably the Most Common Alerts report under the Generic Report Library, but that’s a topic for another day.

Once you have configured the report settings, and click the run button, you will get output which looks something like this (this is just the first page out of two pages of output):

You may not realize it now but this report is chuck full of useful information, so let’s take a look.  The first thing I want to point out is the table at the top showing Counts by Management Pack. Notice that the first management pack listed, the Microsoft SQL Server 2012 (Monitoring) management pack accounts for 92.7% of the total volume of data being written into my databases.  I don’t know about you, but to me that sounds like a lot.  In your environment you may see different numbers, but in my experience, the top items in this list are typically all the SQL monitoring management packs across SQL versions.  What does this tell me?  Well, it tells me that if I want to do some tuning of workflows to reduce what goes into my database the SQL 2012 Monitoring management pack is probably a good place to start.

Notice the columns on the right side of the table.  Discovery Data is low, in my case 0 because few (or in my case none) databases or SQL objects were discovered over the timeframe of the report.  Alert Count does show some alerts, as does the State Changes column.  These indicate that monitors detected problems, probably raised alerts, and hopefully my DBAs did something about them.  What is far more interesting, however, is the Perf Count column.  Over one million performance measurements were captured in a 10 day period in my environment.  If you don’t think that is a lot, let me add this:  I only have one SQL server in my lab.  So from one server, in 10 days, one million SQL related performance measurements were taken.  This does not include Operating System performance measurements like CPU, Disk, Memory, etc.

As it turns out the SQL management packs have a bunch of performance collection rules, which run on every SQL server, across all versions and collect a variety of SQL specific performance metrics.  This is not necessarily a bad thing, if the SQL Admin team is consuming these performance metrics through reports, dashboards and/or views.  However, in my experience the SQL team either does not consume any of these metrics, or consumes very few of these metrics.  If only there were a way to tell exactly which SQL performance counters are being collected the most.  If only we could tell which rules within the SQL 2012 Monitoring management pack are doing all of these one-million plus performance collections in my environment.  Oh, wait.  There is!

Notice that the contents of each column are the data items but in the form of links.  Links which can be clicked on, and trigger the opening of what are appropriately named Linked Reports.  In this case, when you click on the number (1147086) under the Perf Count column for the Microsoft SQL Server 2012 (Monitoring) row, it triggers the opening of a details report.  The report it opens is actually a pre-configured version of a report called Data Volume by Workflow and Instance (preconfigured with the same settings as your original report: From date, To date, etc.)  The Data Volume by Workflow and Instance report is available under the System Center Core Monitoring Reports as well.  In my example it looks something like this:

Notice the Counts by Discovered Type, Rule or Monitor table at the top and how it lists the rules which are collecting the most performance data in my environment.  Most of the workflows are pretty evenly distributed in how much data they collect.  Again, if these data items are needed, then there is not much to do.  However, now that we know what data the SQL management pack’s performance collection rules are inserting into the Operations Manager databases, I can have an honest discussion with my DBAs about what they need and don’t need.  If they tell me they don’t need specific items, I can go override those performance collection rules to disable them.

I went through this exercise with one of my customers recently, and their DBAs came back with:  “We don’t need any of those performance metrics from SCOM. We don’t use them, we don’t see them, we don’t need them.”  It turns out they use something else to track and chart SQL performance and wanted no SQL performance collections in SCOM.  My customer does want all other SQL monitoring, meaning the rules and monitors which raise alerts.  They just didn’t want the performance data, so they wanted to disable all the SQL performance collection rules across all versions of SQL (2005, 2008, 2012, 2014, 2016).

NOTE:  Yes, it is possible to disable just the performance rules, without disabling any monitors (even monitors which leverage the same performance metrics as rules I disable.)  Performance based monitors will either have their own data source, or a shared data source with the performance rules.  Disabling a rule does not disable the underlying data source so the monitors will be fine either way.

So the question then becomes, how do I disable all the performance based rules in ALL the SQL management packs across all versions and components?  The answer:  PowerShell, of course.  I am a big believer in not reinventing the wheel if I don’t need to.  Sridhar Vishwanatham wrote an excellent article on TechNet titled:  SCOM 2012: Bulk Override Creation for Monitors and Rules using PowerShell.  He has a script in the Rules section which almost did what I needed, so I performed a few quick modifications:

I ran the script above directly on one of my customer’s Operations Manager Management  servers, and then verified the SQL performance collection rules across all SQL management pack versions were disabled.  I do want to point out that in line number 4 I specify a management pack in which so store the overrides.  I chose to store these overrides on a separate management pack from where I keep all my other SQL customizations, in case I want to reverse these performance collection rule overrides in bulk.  If a time ever comes where the SQL team again wants to collect performance information for SQL using the SQL management packs, all I need to do is remove the management pack called “Litware.SQL.Customizations2.MP” from the SCOM management group, and performance collections will begin anew.

After having performed the override of all SQL performance collection rules across SQL versions, running the Data Volume by Management Pack, and configuring a timeframe of a few days AFTER the overrides went into effect, I now get a report like this:

Notice that far less data is going into my SCOM databases, and I can then choose whether I need to tune any of the workflows from the remaining management packs.  It is important to note that I do not look to get rid of all data going into the SCOM databases.  The objective is to have SCOM monitor the items you care about, and collect data that you care about.  Collecting data which you do not need, and will never use is a waste of time and resources, so the trick is to tune SCOM to collect only what you need, and nothing else.

There is one more useful piece of information you can glean from the Data Volume by Management Pack report.  Below the Counts by Management Pack table, there are some graphs, displaying information about things like:

• Count of Discovery Data Submitted by Day
• Count of Alerts Generated by Day
• Count of Performance Data Samples Collected by Day
• Count of Events Collected by Day, and
• Count of State Changes by Day.

These graphs can also be useful, albeit in a slightly different way.  When I look at these graphs, I look for things which are out of the ordinary.  Take a look at the following chart from the Data Volume by Management Pack report:

When I look at this graph, my immediate thought is: “what happened on 10/4/2017?  Why are there so many MORE state changes on that date than in all the other dates in the timespan of the report?”  Now, the graph by itself does not indicate a problem.  There are any number of reasons which could explain why this happened.  Maybe I had some new agents deployed that day.  Maybe I imported some new management packs and had not yet tuned them.  Maybe we had some sort of outage we are aware of, but were able to resolve.  Maybe.  But if I cannot find an answer, I may want to dig deeper and find one.  I could re-run the report, but focus just on that date, then see which management pack( s) had monitors changing state a lot that day, and then leverage the Data Volume by Workflow and Instance to narrow things down to specific monitors, and object instances.

The Data Volume by Management Pack report and the Data Volume by Workflow Instance report are two handy tools in the toolbox of every great SCOM administrator, and now you too know how to leverage them.

Hacer su experiencia de email lo más rápida posible es una meta que todos compartimos en el equipo de Outlook.com – desde los diseñadores de producto hasta los arquitectos de almacenamiento. Algo de esa labor sucede en la UI – un ejemplo de esto es la experiencia web con una velocidad mayor, que presentamos en la nueva beta de Outlook.com. Otra labor involucra la manera en qué operamos nuestras redes y centros de datos. Una parte clave de mantener veloz el desempeño es almacenar sus datos en una región que optimice el desempeño, que por lo general se encuentran ubicados en las cercanías de los centros de datos de su ubicación. Ahora, queremos compartir algunas maneras en las que hemos actualizado Outlook.com para que sea más inteligente con respecto a dónde son almacenados sus datos de buzón de correo.

Outlook.com está hospedado desde múltiples centros de datos alrededor del mundo, lo que brinda tolerancia a las fallas, balance de carga, y ventajas de desempeño. Nuestra meta es establecer su cuenta de Outlook.com en centros de datos que les brinden el mejor desempeño. En Estados Unidos y Europa, esto significa que estableceremos su cuenta en centros de datos que se encuentren en la región en la que ustedes habitan. De manera histórica, hemos determinado estas ubicaciones basados en el país que han elegido como el lugar de residencia donde crearon la cuenta.

Pero en un mundo donde la migración es cada vez más común, depender de que ustedes mantengan actualizada la información de su lugar de residencia de manera manual, no hace sentido. Nuestra capacidad de centros de datos también va en aumento, para brindar más oportunidades para hospedar sus datos más cerca de su ubicación. En consecuencia, hemos realizado actualizaciones que mejoran nuestra capacidad de mantener sus datos de Outlook.com más cerca de ustedes con una mayor precisión.

Cuando crean una nueva cuenta de Outlook.com, ahora determinamos de manera automática los centros de datos apropiados, en lugar de apoyarnos en el país de residencia almacenado en su perfil de cuenta. Así que, si se encuentran ubicados de manera física en los Estados Unidos cuando configuran su cuenta Outlook.com, su email será almacenado en los Estados Unidos. De manera similar, si se encuentran en Europa cuando configuren su cuenta, su email será almacenado en Europa.

También brindamos la inteligencia suficiente a Outlook.com para que de manera automática mueva su cuenta a centros de datos cercanos cuando el servicio determine por un período de tiempo que han cambiado la región de su residencia primaria y así poder mejorar el desempeño. Por ejemplo, si configuran una cuenta de Outlook.com en España y luego cambian su residencia a los Estados Unidos, su cuenta será migrada a los centros de datos de Estados Unidos para optimizar su acceso.

Tengan en cuenta que no vamos a mover datos de ida y vuelta de manera continua entre regiones cada vez que viajen a otra región – la intención aquí es mejorar el desempeño al mantener sus datos cerca de donde estén ubicados de manera primaria.

Trabajamos de manera continua en asegurar que ustedes tienen la mejor y más rápida experiencia cuando utilizan nuestro servicio. Compartan sus comentarios y dudas en el sitio UserVoice de Outlook.com.

Listed below are the non-security updates we released on the Download Center and Microsoft Update. See the linked KB articles for more information.

Office 2007

Update for Microsoft Office Publisher 2007 (KB4011203)

Office 2010

Update for Microsoft Office 2010 (KB4011188)

Office 2013

Update for Microsoft Office 2013 (KB3172533)

Update for Microsoft Office 2013 (KB4011228)

Update for Microsoft Office 2013 (KB4011229)

Update for Microsoft OneNote 2013 (KB4011075)

Update for Microsoft Outlook 2013 (KB4011252)

Update for Microsoft PowerPoint 2013 (KB4011168)

Update for Microsoft Project 2013 (KB4011235)

Update for Microsoft Word 2013 (KB3162081)

Update for Skype for Business 2015 (KB4011255)

Office 2016

Update for Microsoft Office 2016 (KB4011138)

Update for Microsoft Office 2016 (KB4011216)

Update for Microsoft Office 2016 (KB4011223)

Update for Microsoft Office 2016 (KB4011224)

Update for Microsoft Office 2016 (KB4011226)

Update for Microsoft Office 2016 (KB4011259)

Update for Microsoft Office 2016 Language Interface Pack (KB4011145)

Update for Microsoft OneNote 2016 (KB4011137)

Update for Microsoft Outlook 2016 (KB4011240)

Update for Microsoft PowerPoint 2016 (KB4011219)

Update for Microsoft Project 2016 (KB4011227)

Update for Skype for Business 2016 (KB4011238)

We are pleased to announce the newly updated Customer Engagement technical journey is now available online, with the addition of seven new technical training webcasts. You can now visit the Business Applications tab within the MPN page to access the new and existing technical presales and deployment services. Access the resources needed to build your technical skillet, enabling you to sell and deploy Dynamics 365 for Customer Engagement solutions faster.

Get started today by visiting aka.ms/CustomerEngageTechJourney.

New technical services for Customer Engagement:

Enhance Your Business with Dynamics 365 Data Analysis, Insights & Power BI (L200)
Learn how to the use the built-in data analysis and reporting features within Dynamics 365 as well as the options for integrating Power BI with Dynamics 365 Customer Engagement. You’ll walk away with clarity regarding the capabilities within relationship insights, customer insights, organization insights, insights (by InsideView). During this session we will present scenarios and demonstrations as well as discuss how all of these features can be combined and utilized for custom solutions. These helpful insights will allow you to articulate the value and increase adoption of Dynamics 365 when working directly with customers.

• Register for webcast https://aka.ms/DynamicsDataAnalysis

Technical Deep Dive on Dynamics 365 for Field Service (L300-400)
Understand the solutions available for your field workforce by diving deeper into the advanced functionality and capabilities within Dynamics 365 for Field Service. We’ll walk you through key features such as intelligent scheduling, native mobile support and remote asset monitoring, enabling you to better understand how to implement solutions for your customers.

• Register for webcast https://aka.ms/DeepDiveDynamicsField

Technical Deep Dive on Dynamics 365 Customer Engagement Performance (L300-400)
Ensure an optimal Dynamics 365 experience for your customers through performance optimization and troubleshooting within Dynamics 365 for Customer Engagement. This session is designed for all Dynamics partners, whether you are experienced from an on-premise perspective or new to Dynamics 365, this session can provide helpful technical insights. Our technical experts will provide you with a holistic view of the causes and effects of performance issues as well as share the latest recommendations and best practices to ensure an optimal Dynamics 365 for Customer Engagement deployment.

• Register for webcast https://aka.ms/DeepDiveDynamicsPerformance

Technical Deep Dive on Dynamics 365 Portals (L300-400)
Expand your technical knowledge of the capabilities within Dynamics 365 Portals, helping you understand the opportunities and implementations with this technology. This session will provide you with the opportunity to have a deep-dive into the advanced technical details within Portals. You’ll learn how this technology translates into real-world implementations for things such as web-based sales, services, support, and the social engagement application platform used to engage with communities, manage portal content, and empower customers.

• Register for webcast https://aka.ms/DeepDiveDynamicsPortals

Technical Deep Dive on Dynamics 365 With PowerApps (L300-400)
Understand how Microsoft PowerApps helps people and organizations create custom solutions without having to go through a lengthy software development cycle. During this session, you will learn about the advanced technical details regarding how PowerApps can be combined with Dynamics 365 for Customer Engagement.

• Register for webcast https://aka.ms/DeepDiveDynamicsPowerApps

Enhance Your Business with Dynamics 365 with Cognitive Services & Cortana Intelligence Suite (L300-400)
Discover the relationship between Cortana Intelligence and Cognitive Services with Dynamics 365 Customer Engagement. During this live, instructor-led session you will learn about capabilities of Cortana Intelligence along with Cognitive Services. Using data you have within your Dynamics 365 solution, you will see how Cortana Intelligence Suite and Cognitive Services allow you to perform data analysis to drive insights in a helpful and natural way.

• Register for webcast https://aka.ms/DynamicsCognitiveServices

Introduction to Dynamics 365 (L100-200)
In this multi-session technical training series, you will learn about the features and functionality of Dynamics 365, helping you position end-to-end solutions for customers. Each session is uniquely designed to provide guidance during each stage of building your Dynamics 365 practice. Whether you are interested in the technical onboarding aspects of Dynamics 365 or whether you have deployed and want to begin to understand some high-value basic customization topics, this training can provide helpful insights. (Event dates coming soon)

• Register for webcast https://aka.ms/IntroductionDynamics365

Please note that additional dates and languages will continuously be added throughout FY18, check back frequently for updates. Don’t forget to check out the full suite of technical trainings, consultations and learning options available for Dynamics 365 by visiting aka.ms/CustomerEngageTechJourney.

Have you ever wondered whether it is possible to add your own custom images to the list of available VMs for Quick Create?

The answer is: Yes, you can!

Since quite a few people have been asking us, this post will give you a quick example to get started and add your own custom image while we're working on the official documentation. The following two steps will be described in this blog post:

1. Create JSON document describing your image
2. Add this JSON document to the list of galleries to include

Step 1: Create JSON document describing your image

The first thing you will need is a JSON document which describes the image you want to have showing up in quick create. The following snippet is a sample JSON document which you can adapt to your own needs. We will publish more documentation on this including a JSON schema to run validation as soon as it is ready.

To calculate the SHA256 hashes for the linked files you can use different tools. Since it is already available on Windows 10 machines, I like to use a quick PowerShell call: Get-FileHash -Path .contoso_logo.png -Algorithm SHA256
The values for logo, symbol, and thumbnail are optional, so if there are no images at hand, you can just remove these values from the JSON document.

Step 2: Add this JSON document to the list of galleries to include

To have your custom gallery image show up on a Windows 10 client, you need to set the GalleryLocations registry value under HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionVirtualization.
There are multiple ways to achieve this, you can adapt the following PowerShell snippet to set the value:

If you don't want to include the official Windows 10 developer evaluation images, just remove the fwlink from the GalleryLocations value.

Have fun creating your own VM galleries and stay tuned for our official documentation. We're looking forward to see what you create!

Lars

概要：宣布 Office 365 管理方案的公開預覽版本。

有了 Office 356 方案，您可以執行以下幾種管理活動：

• 監視使用者活動：在您的 Office 365 帳號上監視使用者活動來分析使用模式並定義行為模式。例如，您可以獲取特定的使用場景，像是分享在您組織外或是最受歡迎的 SharePoint 網站的文件。
• 監視管理活動：用來追蹤配置的改變或是高權限的操作。
• 偵測和調查不需要的用戶行為：此功能可以依照您的公司需求做設定。
• 展現稽核與合規性：例如，您可以監視機密文件的文件訪問操作，使您在稽核與合規性過程得到幫助。
• 執行故障排除：藉由您組織中 Office 365 活動的數據，並使用 OMS 搜尋來執行。

概觀

Office 365 方案讓您能夠完整的看到您 Office 365 的使用者活動。

為 Office 365 收集的數據是建立在 Office 365 管理活動 API 現有功能的基礎上的。現在，此 API 包含了對 Exchange、SharePoint、Azure Active Directory 的管理活動。

在 OPERARTIONS 的部分提供您所有受監視的 Office 365 訂閱中活躍用戶的資訊。

在 EXCHANGE 的部分會顯示出 Exchange 伺服器活動的細項，像是 Add-Mailbox Permission 或是 Set-Mailbox。

在 SHAREPOINT 的部分會顯示使用者在 SharePoint 文件上執行最多的活動。當您向下拉，記錄搜尋頁面會顯示這些活動的詳細資訊，像是目標文件和此活動的所在位置。例如，有一 File Accessed 事件，您可以看到被讀取的文件、相關的帳戶名稱、和 IP 位址。

在 AZURE ACTIVE DIRECTORY 的部分包含了最多使用者的活動，像是 Reset User Password 和 Login Attempts。當您向下拉，將可以看到這些活動的詳細資訊像是結果狀態。若您想要監視 Azure AD 中的可疑活動時，這將會很有幫助。

Office 365 方案的警示與自訂

OMS 中的 Office 365 方案能夠讓您快速且有效率的搜尋 Office 365 使用者活動。雖然您可以利用 OMS 中的記錄搜尋功能來查看，在 Office 365 方案中您可以透過超過50種不同的工作負載來查看您 Office 365 活動的詳細資訊，並可以在方案中的 範例搜尋 來查看一些案例。

有了為您公司量身製作的自訂搜尋指令後，您可以為這些指令新增警示，並使其顯示在 警示管理 方案中。這能幫助您同時在 OMS 中監視 Office 365 的警示和其他警示。

您也可以將您喜歡的 Office 365 搜尋指令釘到 我的儀表板。

將 Office 365 數據與其他種類資料相關聯

您可以藉由將 Office 365 數據與其他資料相關聯來擴展您搜尋的能力。所有 Office 365 的使用者活動都包含了一個 Client IP 域，它會顯示用來執行運算的 IP 位址。當您想要調查一個事件時，您就可以利用 ClientIP 域來與其他 OMS 中包含 IP 位址的資料相關聯。

除了 IP 資訊外，一些 Office 活動像是 Exchange Mailbox 作業，在 ClientInfoString 或 ClientMachineName 域底下都有客戶端機器資料。有了這些領域，您便可以識別一個 Office 365 中的問題是何時起緣於特定的客戶端。當您可以辨識出造成問題的客戶端，您便可以更深入調查在客戶端的問題。

開始使用

1. 前往方案庫並加入 Office 365 方案。加入後會自動在概觀中加入一個 Office 365 的方塊。
   
2. 到 OMS 概觀中找到新加入的 Office 365 方案。
   
3. 為了看到傳入的 Office 365 數據，直接點選此方塊，畫面會自動跳到設定中的 Connected Sources。
4. 看到 Office 365 欄位。
   
5. 按下 [Connect Office 365] 的按鈕。接著便會跳出登入視窗。
6. 在登入視窗中，為您的訂閱輸入您的管理認證。
7. 登入視窗關閉後，您可以在設定中看到如下圖的帳戶列表即完成。
   

在您成功加入 Office 365 方案並成功將 OMS 工作區連結到您的 Office 365 帳戶後，您將會看到約三到四小時的初始數據傳入。在初始數據傳入後，經過幾分鐘您便可以在方案中看到活動資料。

搜尋指令範例：

以下是一些利用您 Office 365 方案監視功能的範例搜尋指令。

• 計算您 Office 365 中的所有操作：
  

  Type = OfficeActivity | measure count() by Operation

  這是一個對 Office 工作負載的綜觀。若您想要針對特定工作負載(像是 SharePoint) 來查看，您可以透過過濾來查詢。

• SharePoint 網站的用量：
  

  Type=OfficeActivity OfficeWorkload=sharepoint | measure count() as Count by SiteUrl | sort Count asc

  您可以辨識出空閒的 SharePoint 網站和最受歡迎的網站。

• 按用戶類型查詢文件讀取操作：
  

  Type=OfficeActivity OfficeWorkload=sharepoint Operation=FileAccessed | measure count() by UserType

  當一個敏感的文件檔案被非預期的使用者讀取時這能幫助您追蹤。

• 針對特定關鍵字做搜尋：
  

  Type=OfficeActivity OfficeWorkload=azureactivedirectory “CigdemTest
  

  您可能會想利用鍵盤來搜尋 Office 365 資料。例如：現在在 Azure AD 中建立一個名為 “CigdemTest”的群組。您便可以利用上方的指令來搜尋與此群組相關的所有活動。 
  

• 在 Exchange 監視外部動作：
  

  Type=OfficeActivity OfficeWorkload=exchange ExternalAccess = true

  此搜尋指令會回傳由您組織外部人員所執行的操作，像是資料中心人員、資料中心服務帳戶、或是委託的管理員等。

Xbox ストアから Amazon ビデオ アプリのダウンロードが可能になりました。
Amazon プライム会員の皆さんは、11 月 7 日に発売された Xbox One X を含む Microsoft の Xbox One ファミリーで、テレビ番組や映画のストリーミングを楽しむことができます。

Amazon ビデオは、昨年 12 月に、オーストラリアからカナダ、さらにはブータンからウズベキスタンまでの世界中の 200 以上の国と地域に配信されました。Amazon プライム会員は今、世界中で注目されているプライム・ビデオ・シリーズのスーパー・ヒーロー・コメディ「The Tick / ティック～運命のスーパーヒーロー～」や、ジェラルミー・クラークソン、リチャードハモンド、ジェイムス・メイらによる「グランド・ツアー」、そしてアワード受賞した Amazon オリジナル作品を含む「高い城の男」、「トランスペアレント」、「モーツァルト・イン・ザ・ジャングル」、「アメリカン･ゴッズ」、「スニーキー・ピート」などの人気のシリーズを、ハリウッドの映画やテレビ番組とともに楽しんでいます。
Amazon ビデオには 4K UHD のタイトルも用意されています。これにより、お好きな映画やドラマを今までにない明瞭な画像で楽しむことができます。細部がより滑らかで鮮明になり、クローズアップされた画像もよりリアルで明瞭に見えます。

新規のお客様は Amazon プライム会員の会員登録をして、Xbox One や他のデバイスでストリーミングをお楽しみ頂けます。
すでに Amazon プライム会員になっている方は、追加費用なしですぐにストリーミングをお楽しみ頂けます。
会員の方はすべてのムービーやテレビ番組をモバイル機器などへダウンロードでき、飛行機でも、電車でも、オフライン視聴が可能です。
Xbox で 最新のAmazon ビデオを入手したくありませんか？今すぐ Xbox ストア へ行って、Amazon ビデオ アプリをダウンロードしましょう！

＊Amazon プライムの価格については、お住まいの地域の Amazon.com を参照してください。

(この記事は 2017 年 10 月 31 日に Office Blogs に投稿された記事 Empower your team and safeguard your business with Microsoft 365 Business の翻訳です。最新情報については、翻訳元の記事をご参照ください。)

このたび、従業員数が 300 名以下の中堅中小企業に特化した新しい Microsoft 365 Business ソリューションの一般提供を、全世界同時に開始いたします。Microsoft 365 Business には、各種生産性ツールと共同作業ツールの Office 365 スイート、および Windows 10 PC、モバイル デバイス、アプリの企業情報を保護するデバイス管理およびセキュリティ ツールが含まれています。これは、IT 管理を簡素化するために設計された中堅中小企業向け統合ソリューションです。

さらに、中堅中小企業の成長と成功を支える Microsoft Bookings、Outlook Customer Manager、MileIQ に、新たに Microsoft Connections、Microsoft Listings、Microsoft Invoicing の 3 つのビジネス アプリが加わり、米国、英国、カナダの Microsoft 365 Business および Office 365 Business Premium のユーザー向けに提供されます。

このほか、最前線で働く従業員の業務管理ツールの Microsoft StaffHub を、Microsoft 365 Business および Office 365 Business Premium サブスクリプションに追加いたします。

モダン ワークスタイルを実現

職場環境がグローバルなモダン ワークスタイルへと変化するにつれ、さまざまな規模のビジネス チャンスや課題が生まれています。企業は、20 代から 60 代までのさまざまな年代の従業員の要望に応え、複雑化するサイバー攻撃に対処し、顧客ニーズの変化に適応するために、急速にイノベーションを進める必要があります。

同時に、中堅中小企業におけるソリューションは管理や保守が容易であることが求められます。多くの中堅中小企業の経営者は、複雑でコストのかかるテクノロジ オプションを避けようと、ソリューション管理への投資を先送りし、さまざまなサービスを寄せ集めて利用しています。これがビジネスにおける生産性の低下やセキュリティの脆弱性につながっており、昨年の全サイバー攻撃の 43% (英語) が従業員数 100 名以下の企業をねらったものであるという結果が出ています。

ビジネスを保護

Microsoft 365 Business は、企業が求める生産性ツールやセキュリティ サービスを提供し、1 つの製品で容易に管理できるように設計されています。ユーザー、アプリ、デバイス間の広範なセキュリティによって企業情報を保護します。さらに、PC を常に最新で安全な状態に保ち、サイバー攻撃でセキュリティの脆弱性がねらわれないように保護します。このほか、デバイスの紛失や盗難があった場合にはデバイス内の企業データを消去して、企業情報を保護することができます。

Microsoft 365 Business には、従業員がさらに生産的に業務をこなすための生産性ツールや共同作業ツールが揃っています。Word、Excel、PowerPoint、Outlook メールのほか、顧客、同僚、サプライヤーとファイルを共有する SharePoint および OneDrive、チャット ベースのチームワーク のための Microsoft Teams など、Office 365 のすべての生産性アプリと共同作業アプリを利用することができます。

Microsoft 365 Business は、企業や IT パートナーのテクノロジ管理の簡素化やコスト削減を目的に設計されています。設定や管理の負担が軽減されることで、経営者やチームはより多くの時間とエネルギーを本来の業務に充てることができます。新しい従業員の設定、デバイスのセキュリティ ポリシーの構成、ユーザー ID やアクセス許可の管理などを単一コンソールですばやく行うことができるほか、すべてのユーザーの Windows 10 と Office を最新バージョンに保つことができます。さらに、ユーザー単位の月額制サブスクリプションのため、コスト効率が高く管理も簡単です。

マイクロソフトは、世界の中堅中小企業におけるチームの活性化およびビジネスの保護の取り組みをサポートします。Microsoft 365 Business の詳細については、マイクロソフト パートナーにご連絡いただくか Microsoft ストアでご確認ください。

新しいアプリで顧客獲得とビジネス発展を実現

このたび、中堅中小企業での新規顧客の獲得、売り上げ拡大、請求や売掛金の回収の迅速化に役立つ 3 種類の新しいアプリの提供を開始いたします。

• Microsoft Connections (英語) では、プロフェッショナルなデザインのマーケティング メールを作成して、ブランドのアピールや売り上げ増加に役立てることができます。
• Microsoft Listings (英語) では、1 つのアプリから Facebook、Google、Bing、Yelp にビジネス情報を公開して、新規顧客の獲得やブランドの確立に役立てることができます。
• Microsoft Invoicing (英語) は、支払いの迅速化やキャッシュ フローの管理を支援する見積もりおよび請求ツールです。

ご紹介した 3 つのアプリは、以下の Office 365 の既存ビジネス アプリと同様に Business center (英語) で一元管理できます。

• Microsoft Bookings は、顧客の予定のスケジューリングや管理のプロセスを簡素化するアプリです。
• Outlook Customer Manager は、中堅中小企業での顧客管理をシンプルに Outlook で直接行うことができるアプリです。
• MileIQ (英語) は、走行距離を自動で記録し、社用と私用に分類し、包括的なレポートを生成できる、スマートな走行距離追跡アプリです。

経営者は、ツールキットのこれらのアプリを組み合わせて経営や事業拡大に活用することができます。上記のアプリの詳細については、Office 365 のビジネス アプリの発表記事を参照してください。

最前線で働く従業員の生産性を向上する StaffHub

世界中の労働者の大半が最前線で働く従業員であり、中堅中小企業の中核を担う存在です。StaffHub は最前線で働く従業員の業務管理に特化したアプリです。スケジュールの作成と管理、タスクの割り当てや遂行、ユーザー間のコミュニケーションなどの業務を容易に行えるようにします。

※ 本情報の内容 (添付文書、リンク先などを含む) は、作成日時点でのものであり、予告なく変更される場合があります。