System Center Operations Manager 1801 has enhanced log file monitoring capabilities for Linux Servers.

• Operations Manager now supports Fluentd, an Open source Data collector.
• Customers can also leverage Fluentd capabilities and plugins published by the Fluentd community to get enhanced customizable log file monitoring.
• The existing OMI based monitoring for currently supported Linux workloads will continue to work as it is today. 

With this release we have added support for the following log file monitoring capabilities

• Support for wildcard characters in log file name and path.
• Support for new match patterns for customizable log search like simple match, exclusive match, correlated match, repeated correlation and exclusive correlation. We have released 6 new filter plugins for customizable log search.
• Support for generic Fluentd plugins published by the fluentd community. System Center Operations Manager 1801 would include a convertor plugin which would convert the fluentd data from generic plugins to the format specific for SCOM log file monitoring.

Architecture

Below are few architectural changes in the SCOM Management server and the SCOM Linux agent to support Fluentd.

The new Linux SCOM agent would include a Fluentd agent (as shown in the above picture (1)).

Users would define the log file names, match pattern and the event to be generated on pattern match along with the event description in the Fluentd Configuration file.

On match of a log record, Fluentd would send the event to the System Center Operations Manager External Datasource service on the SCOM Management Server / Gateway (2).This is a Windows REST based service which would receive the event and send it to a dedicated custom Event log channel Microsoft.Linux.OMED.EventDataSource (3).

User would need to import a management pack (4) which would look for events in this custom event channel and generate alerts accordingly

User Workflow:

On Linux Server:

On SCOM Management Server:

User needs to follow the below steps on the Management Server 

Step 1:

User would need to import the latest Linux Management pack (shipped with the SCOM 1801 binaries) and install the new SCOM agent on the Linux Servers.

Users can install the agent either manually or through discovery wizard (recommended). For detailed steps, refer here.

Step 2:

Author Fluentd configuration file and place it on the Linux Servers

Customers need to author a Fluentd configuration file and can use any of the existing enterprise tools like Chef/Puppet to place the configuration file to the Linux server.

Recommended practice is to copy the configuration into /etc/opt/microsoft/omsagent/scom/conf/omsagent.d directory on all Linux servers and include the configuration file directory as @include directive in the master configuration file /etc/opt/microsoft/omsagent/scom/conf/omsagent.conf

The Fluentd configuration file is where the user should define the input, output and the behavior (match processing) of Fluentd. This is done by defining the following in the configuration file:

Source directive:

Fluentd’s input sources are defined in the source directive using desired input plugins. Users would need to define the log file names along with the file path here in this directive. Wild card characters are support both in file name and path.

Filter directive:

Filter directive is the chained processing pipeline. Users would need to define the match pattern and the events that are to be generated on a match here in this section. We have released the following filter plugins with this release

• filter_scom_simple_match,
• filter_scom_excl_match
• filter_scom_cor_match
• filter_scom_repeated_cor
• filter_scom_excl_correlation
• filter_scom_converter

Match directive:

Users define the output processing in Match directive. We have released “out_scom” match plugin which would send the events generated by Fluentd to the System Center Operations Manager External Datasource service on the SCOM Management Server/Gateway.

For more detailed instructions on how to author a Fluentd configuration file, refer here.

Step 3:

On SCOM Management server: Import Management pack and enable OMED Service

On Management Server User needs to do the following:

1)      Start OMED service (refer here).

2)      Import Management pack for log file monitoring.

User can import the sample Management pack (reference here ), save this as an xml file and import it in SCOM console. This Management pack has a rule that looks for all events from the new data source Microsoft.Linux.OMED.EventDataSource and generates alerts accordingly. The Alert severity and priority are set in the management pack. The Alert description is obtained from the event description which would be defined by the user in the Fluentd configuration file.

If users are interested to generate alerts only for specific events generated, they could author their own custom management pack using VSAE.

Example Scenario:

User would like to monitor the following scenarios

1)      Apache http server URL monitoring

Scenario: Monitor a web URL hosted on Apache http server and generate alerts on SCOM Management server if the URL has any issues.

Log to be monitored: User monitors Apache http server access.log for error code. If the log receives any code other than 200 (success code) an event will be sent to SCOM Management Server.

2)      Authentication failure

Scenario: If a user tries to access a server more than 5 times with an incorrect password, an alert would be sent to the SCOM server alerting an unauthorized user trying to intrude.

Log to be monitored: User monitors Linux Server auth.log for authentication failure error messages. If the messages exceeds 5 times in 10 seconds and event will be sent to SCOM Management server.

Sample Configuration File:

The OMEDService on SCOM Management server would receive an event on match of a log record along with the log record context. User would need to import a management pack on SCOM server which would generate alert when there is an event received from Linux Server.

Events on the SCOM Management Server:

 Generated Alert on the Management Server:

The Alert context will contain the log record which will have more details on the error code received while trying to access the URL.

Other Sample User Scenarios:

For more detailed steps look at the online documentation.

Feedback:

We’d love to hear your feedback on this new feature. Feel free to send your feedback to scxtech@microsoft.com.

In the latest version of SQL Server Management Studio (SSMS) 17.5, the new SQL Data Discovery & Classification feature was added with very little fanfair. I urge any one having to deal with General Data Protection Regulation (GDPR) or any data claffication issues to look at.

So lets get started: (There is a video below)

1. Download the latest verison of SSMS (17.5 or later) from here and install in.
2. Connect to your instance:  SQL Server 2008 and higher,  for Azure SQL Database, see Azure SQL Database Data Discovery & Classification
3. Right click on your database, select tasks and pick, Classify Data.
4. Select all/some or none the recommendations (you can also change the Information Type and Sensitivty labels) at this time.
5. Click Save.  Its that simple!

You can change the Information Type and Sensitivty labels to the values form the drop down lists.  There is only a limited range of options, but there is a plan to allow users to customise the Information Types and Sensitivity Labels and well as the classification function in the future.

You can also classify data that the Classify Data function has missed.

Now finally, we need a report.

Just click on the 'View Report' button and we get a view of the classified fields in the database.

This looks like a really promising start to some really useful functionality coming in future releases of SSMS and SQL Server.

Microsoft have more information on GDPR here.

Má vaše IT katalog služeb, které nabízíte obchodním jednotkám či jiným týmům? Spravujete pro ně nějakou aplikaci či prostředí? Současně jim ale chcete dát možnost automatického nasazení, aniž by se vás museli ptát? A také zajistit, že náklady na infrastrukturní zdroje půjdou za nimi? Použijte servisní katalog v Azure – vámi navržená a spravovaná řešení, která vaši kolegové najdou jednoduše v portálu k vytvoření.

Proč servisní katalog a proč je jiný, než marketplace

Jako ideální příklad použití pro servisní katalog vidím právě situaci popsanou v úvodu. IT chce nabídnout nějaké standardizované řešení ostatním částem organizace privátním způsobem. Současně se můžete rozhodnout, zda toto řešení bude na straně příjemce startovací šablona a ve vytvořených zdrojích se mohou libovolně hrabat nebo zda preferujete variantu, kdy na vytvořené zdroje mají pouze čtecí práva a vy se jim o ně staráte přestože běží v jejich subscription, do které třeba normálně přístup nemáte.

Druhá situace může být totéž ale s tím, že místo centrálního IT tuto službu nabízí váš dodavatel či partner. Vytvoří pro vás šablonu častěji opakovaného spravovaného řešení a vy sami si ji můžete nasadit a zrušit kolikrát chcete. Stále ovšem jde o privátní situaci, tedy položka katalogu je jen pro vás.

Stejný mechanismus lze použít i v Marketplace. Servisní katalog je privátní záležitost, Marketplace je naopak určen „široké veřejnosti“. Není tedy vhodný pro interní záležitosti, spíše pro aplikační firmy, které chtějí svůj software nabídnout na kliknutí všem zákazníkům Azure (je nutné splnit určité podmínky a být v Microsoft Developer programu).

Co v tom může být a jak to funguje

Samotné zdroje se řeší formou ARM šablony, takže cokoli co lze šablonou definovat, může být součástí této položky v katalogu. Infrastrukturní věci, platformní služby a tak podobně. Může to být jedno VM, celý kompexní cluster VM nebo PaaS infrastruktura s Web App a Azure SQL DB například. Tato ARM šablona je to, co se příjemci vytvoří v jeho subscription, když si to objedná.

Druhou součástkou je definice GUI. Při startu z portálu víte, že všechna řešení mají nějakého průvodce, který se ptá na důležité parametry. Toto GUI máte pod svou kontrolou a můžete se zeptat na co chcete. Posbírané výsledky můžete předat ARM šabloně a tímto jí parametrizovat. V ukázce vám popíšu jak to udělat, aby to měl uživatel co nejjednodušší. Tedy aby si nevybíral složité věci, kterým nemusí rozumět, ale spíše nějaké zjednodušené varianty. Nejčastěji „velikost“ aplikace – Small, Medium, Large. Za touto jednoduchu volbou schováte technické detaily vašeho doporučeného sizingu, třeba velikosti VM, velikosti a typy disků, SKU Azure SQL DB atd. Stejně tak můžete využít kondicionály v ARM a dát možnost jednoduše zvolit, zda chci vysokou dostupnost nebo ne (a podle toho udělám jednu instanci nebo nějaký balancovaný cluster).

Třetí komponentou je nastavení práv. Prvním je nastavení zámečku, tedy zda má mít operátor k vytvořeným zdrojům přístup nebo ne. Pokud to chcete koncipovat jako startovací šablonu (a ať si to pak rozvrtá jak chce), zámeček nedávejte. Pokud to má být vámi spravovaná služba, zámeček dejte a uživateli neříkejte ani administrátorský login do VM či DB. S tím souvisí druhá věc – jste schopni u těchto zdrojů přiřadit práva (RBAC) pro vámi definovaný účet či AAD skupinu. Jinak řečeno centrálnímu IT týmu se automaticky vytvoří práva v roli, kterou definujete, takže může se zdroji patřičně zacházet a starat se o prostředí.

Vyzkoušejme si to

Celou ukázku mám zde: https://github.com/tkubica12/azure-managed-app

Nejprve mrkněte na ARM šablonu s názvem mainTemplate.json. Je to jednoduchá šablonka, která vygeneruje infrastrukturu s jednou VM a veřejným endpointem (výslednou URL mimochodem vrací jako output, který pak uživatel uvidí v portálu). Vaší pozornosti doporučuji jak se implementuje ono zjednodušení sizingu na varianty Small, Medium a Large.

Dále se podívejte na createUiDefinition.json. To je definice GUI, ve které chci odsouhlasení s tím, že to budu spravovat já a následně se ptám na některé parametry, konkrétně velikost řešení a doménové jméno.

Oba soubory zabalíme do zipu a na ten se odkážeme při definici této položky v katalogu.

Pokračovat ve čtení

微軟每年的全球教育交流會提供一個平台，聚集全世界的教師，探索產業趨勢 - 內容涵蓋如何支援教學、能力發展、現代教學法、安全的學校環境和預測分析新興技術，並識別需要協助的學生。這是一個超棒的活動，為教育領導者説明如何轉型今天的教學系統於學校中。

跟隨我們的旅程到今年的教育交流盛會，我們在 Facebook 上將舉辦持續兩天的直播活動，您可密切關注 Twitter 或 Facebook 上的 @MicrosoftEDU 和 #Road2E2 。

Facebook 直播連結 》

星期三，3 月 14 日

開幕演講   9:00 - 上午 11:00 (新加坡時間，等同台灣時間)：

• 歡迎 Chan Lee Mun，前新加坡南洋理工學院校長
• "社會情緒學習與科技" Molly Zielezinski
• micro:bit 中的 Makecode 與混合實境 Adrian Lim Monfort 初中的教師和學生以及斯坦福美國國際學校主任。
• 融合教育 (Inclusive Learning) 與 "Hack 閱讀障礙" Aggeliki Pappa
• 結語 - Anthony Salcito 微軟全球教育總經理

星期四，3 月 15 日

教育新潮流！   早上8 點，新加坡時間

所有微軟全球教育交流會的新亮點、第一手消息都會這一場直播中與全世界分享。我們還會強調更多微軟教育家社群 (Microsoft Educator Community) 資源、以及微軟創新教育家計畫。

閉幕   早上 8:45 - 10:00 新加坡時間

• 歡迎 Eva Psalti
• "Azure 機器學習" Liam Ellul
• "微軟教育家社群 - 教師的免費專業發展社群 Sarah Morgan
• 認證協助學生成功 Heather Daniel
• "MakeCode 程式學習課程" Douglas Kiang
• "聽聽 Skype 在課堂上如何能改變你的學生的生活" Emma Nääs

微軟創新教師在頒獎典禮在加拿大多倫多 (2017 年 3 月)。

加入我們，成為微軟創新教師

我們邀請所有教育工作者加入 Microsoft 教育家社群 - 在那裡您將發現所有專業發展的課程，引導您成為認證的 Microsoft 創新教育家 (MIE)。在成為經過認證的 microsoft 創新教育家 (MIE) 之後，您可以繼續向邁進，成為微軟創新菁英教師 (MIEE)。提名將于 3 月開放。

了解更多 》

Hello All,

Wanted to bring to your attention the release of further support for the SharePoint Framework within SPO and O365.

More support for using Graph API and 3^rd Party API’s in the SharePoint via the permission feature as outlined here.

As well you can read about the new Graph API here.

Pax

I’ve stated this publicly a few times, but many people don’t realize the distinction so I’ll repeat it again here.  There are provisioned apps included in Windows 10 (that you can remove, see https://blogs.technet.microsoft.com/mniehaus/2015/11/11/removing-windows-10-in-box-apps-during-a-task-sequence/) and there are apps that are installed from the Microsoft Store when you first sign in (that you can prevent from installing on some SKUs, see https://blogs.technet.microsoft.com/mniehaus/2015/11/23/seeing-extra-apps-turn-them-off/).  For example, Weather is a provisioned app that you can remove; Network Speed Test is an app that comes from the store when the user signs in.

The documentation team has an article at https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10 that has the current list of provisioned (in-box) and installed (from the store on first logon) for various Windows 10 releases.  But one thing that isn’t reflected in that documentation:  the list of apps installed from the store can be different depending on the type of account you sign in with, by the SKU that you are using, and even by the region of the world the device is in.

This is what the default start menu layout looks like in all Windows 10 1709 SKUs:

Each of those down-arrow icons will be replaced by an app from the store (some of which are actually installed from the store, some of which are just “shortcuts” that will trigger the installation if you launch them), after the user signs in for the first time.

So let’s do a little comparison.  First, let’s look at a local account being used on Windows 10 Pro 1709:

OK, very consumer-y, with lots of games.  Now, let’s look at a local account signing into Windows 10 Enterprise 1709:

Much better – no games, with most of the apps focused more on productivity.  And signing into Windows 10 Enterprise 1709 with a Microsoft Account, an Active Directory account, or an Azure Active Directory account yields the same result.

But on Windows 10 Pro 1709, you will see a different result when you sign in with an Active Directory account or an Azure Active Directory account.  They will look the same as Windows 10 Enterprise 1709:

So a quick summary: You’ll get games on Windows 10 Pro 1709 only when using local or MSA accounts; you’ll lever get games for AD or AAD users, or for anyone on Windows 10 Enterprise. 

Also note that Windows 10 Pro for Workstations will soon have the same behavior as Windows 10 Enterprise, as described in the Windows Insider blog:

Productivity focused out of box applications: In the Windows 10 Fall Creators Update, the out of box experience for Windows 10 Pro for Workstations draws from the Pro edition of Windows 10. One area where this is noticeable is the suite of applications installed out of the box visible as tiles in the start menu. In the next release for Windows, you will see for Windows 10 Pro for Workstations productivity and enterprise focused applications in place of consumer applications and games. This was one of the top feedback shared with us by our partners and users and we’re delivering this in our next update.

Also note that on Windows 10 Enterprise, you can turn off the installation of apps from the store altogether by configuring the “Turn off Microsoft consumer features” GPO or the equivalent MDM policy.

Microsoft 365滿足中小企IT需求

近年，雲端運算增長迅速，主因是使用雲端可充分利用資源，降低業務營運成本，故非常受中小企青睞。Microsoft最新推出的一站式雲端商業方案「Microsoft 365」，當中多種全新功能，可滿足各大小企業對IT的要求，節省員工的時間，令工作效率顯著提升。

Microsoft 365的優點

透過專為您的企業需求打造的單一解決方案，提升小組的工作效率、保護您的公司，以及簡化 IT 管理程序。

共同達成更多目標

使用 Word、Excel、PowerPoint，與客戶、同事和供應商溝通，利用雲端於單一位置集中管理小組和資源。             

隨時確保安全

保護電腦、手機和平板電腦上的公司資料，協助防範網路釣魚和安全性威脅。只須透過最新版的 Office 365 和 Windows 10 ，即可確保公司的資料免受破壞。

 
簡化商務程序

輕鬆為員工設定及部署。透過單一儀表板管理使用者與裝置，只要登入一次即可使用所有服務與裝置。

--------------------------------------------------------------------------------------------------------------

Superhub X Microsoft「雲端體驗工作坊」

為解決中小企客戶對雲端的疑問，Superhub現與Microsoft合作舉辦Microsoft 365「雲端體驗工作坊」，分享雲端及Microsoft 365所帶來的好處，並協助中小企投入雲端服務。

Superhub 誠意邀請  貴公司參與 Microsoft 365「雲端體驗工作坊」，詳情如下：

日期 : 2018年3月16日 及3月23日

時間 : 下午2時45分至5時正

地點 : Microsoft雲端體驗館 - 香港九龍觀塘巧明街6號德士活中心13樓1301-1304室 Superhub Limited

語言 : 廣東話

--------------------------------------------------------------------------------------------------------------

為作出妥善安排，敬請預先於網上登記。

即場訂閱 Microsoft 365 可獲優惠及贈品

工作坊將提供茶點招待並準備精美禮品予參與者。此外，即場於工作坊訂閱Microsoft 365，均可獲得Microsoft 365贈閱及訂閱優惠*。

*受條款及細則約束

如有任何查詢，請致電2207 9941或電郵至Info@superhub.com.hk與余小姐聯絡。

Microsoft Azure のアクティビティ ログ アラートの構成では、お客様が行ったアクティビティ（作業）に従って、アラートを上げることが可能です。しかし、ネットワークセキュリティグループ (NSG) のルール変更アラートについては、現状ポータル側で構成ができないものとなっているため、本トピックでは、ルール変更アラートの設定方法についてお知らせします。

NSG のアクテビティティ ログ アラートの構成では、NSG内部のルールの変更については、アラートが飛びません。問題としては以下の通りです。

問題

ポータルのアクティビティ ログ アラートの構成で NSG (リソースタイプ名：Microsoft.Network/networkSecurityGroups) の構成をしても、ルール (送信規則や受信規則) の変更をしても、アラートが設定した通知先に通知されない。

原因

ルールについては、別のリソースタイプの定義 (リソースタイプ名：Microsoft.Network/networkSecurityGroups/securityRules) であり、これが完全に一致しない場合は、アラートの機能としてアラートとして挙がらないため。もし、ルールではなく、NSG 自体の構成をした場合には、リソースタイプ名：Microsoft.Network/networkSecurityGroups のイベントが発生するため、アラートは発生します。

対応

現状ポータルからは、リソースタイプ名：Microsoft.Network/networkSecurityGroups/securityRules のアラート設定が対応していないため、ご利用いただく際には、PowerShellをご利用いただく必要があります。以下は簡単なサンプルです。

サンプル（新規にアクショングループを作成する場合）：

$subscriptionId = "<サブスクリプションID>"
$scope = "/subscriptions/<サブスクリプションID>"
$emailReceiverName = "<メール受信の名前>"
$emailAddress = "<メールアドレス>"
$actionGroupName = "<アクショングループ名>"
$actionGroupNameShort = "<アクショングループ名（短い名前）>"
$activityAlertName = "<Activity Alert 名>"

Login-AzureRmAccount -Subscription $subscriptionId

$email_receiver = New-AzureRmActionGroupReceiver -Name $emailReceiverName -EmailReceiver -EmailAddress $emailAddress
$action = Set-AzureRmActionGroup -ResourceGroupName Default-ActivityLogAlerts -Name $actionGroupName -ShortName $actionGroupNameShort -Receiver $email_receiver 
$AGAlertObject = New-Object Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup
$AGAlertObject.ActionGroupId = $action.Id

$condition1 = New-AzureRmActivityLogAlertCondition -Field "category" -Equal "Administrative"
$condition2 = New-AzureRmActivityLogAlertCondition -Field "resourceType" -Equal "Microsoft.Network/networkSecurityGroups/securityRules"
$condition3 = New-AzureRmActivityLogAlertCondition -Field "status" -Equal "Accepted"
Set-AzureRmActivityLogAlert -ResourceGroupName Default-ActivityLogAlerts -Name $activityAlertName -Scope $scope -Location Global -Action $AGAlertObject -Condition $condition1,$condition2,$condition3

もし、上記は新規にアクショングループを作る方法ですが、もし既存のものを使いたい場合には、$email_receiver ... 以下の3行を以下に切り替えることで、既存のアクショングループを使うことが可能です。

$action = Get-AzureRmActionGroup -ResourceGroupName Default-ActivityLogAlerts -Name "<アクショングループ名>"
$AGAlertObject = New-Object Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup
$AGAlertObject.ActionGroupId = $action.Id

以上ご参考になれば幸いです。

--
Microsoft Azure テクニカルサポートチーム

This post is authored by Rosane Maffei Vallim, Program Manager, and Wilson Lee, Senior Software Engineer at Microsoft.

Artificial Intelligence (AI) with deep learning and machine learning algorithms are changing the way we solve variety of problems from manufacturing to biomedical industries. The applications that can benefit from the power of AI are endless.

With the Windows Machine Learning (Windows ML) API, as .NET developers, we can now leverage the ONNX models that have been trained by data scientists and use them to develop intelligent applications that run AI locally. In this blog post, we will give an overview of what Windows ML can do for you; show you how to use ONNX in your UWP application; and introduce you to the Windows Machine Learning Explorer sample application that generically bootstraps ML models to allow users to dynamically select different models within the same application.

Channel 9's AI Show for this blog post can be found here.

Windows Machine Learning Explorer sample application code for this blog post can be found here.

Why is Windows ML + ONNX Great News for .NET Developers?

Earlier this month, we announced the AI Platform for Windows Developers.

Windows ML is an API for on-device evaluation of trained deep learning and machine learning models. It is built to help developers with scenarios where evaluation of machine learning models locally might be more advantageous, due to the lack of a reliable internet connection, latency before getting prediction results (particularly important for real-time applications) or data privacy considerations where your customers wouldn't be willing to have their data leave the device.

But more than that, Windows ML makes it easy for you to leverage the infinite possibilities of AI by establishing a simple process to integrate models with your application. By supporting Open Neural Network Exchange (ONNX), which is an open source format to represent machine learning models, you can easily leverage models created in different training frameworks to be evaluated inside your application. In addition, Windows ML's automatic interface code generation takes care of processing your ONNX file and creating wrapper classes, allowing you to easily interact with your model within your application.

Windows ML can hardware accelerate your model evaluation on DirectX 12 GPU. Developers can select their preferred evaluation device, whether CPU or GPU, and Windows ML handles communication with the hardware on their behalf.

How Can Developers Use Windows ML + ONNX in a UWP Application?

Adding the capability to run AI locally with your new or existing UWP application is now easier than ever before. You need to add an ONNX file to your UWP project to get started. Then you can decide to use the automatic generated wrapper classes directly or write a few lines of code to call the Windows ML APIs directly to evaluate your model.

Adding an ONNX File to Your UWP Project to Get Started

Windows ML's automatic interface code generation, natively integrated with VS UWP workloads, does most of the heavy lifting for you. Simply add an ONNX model file to your project, and Visual Studio will automatically extract the input and output features from the model and generate wrapper classes for your application to consume.

Figure 1 - Auto generate wrapper classes file with ONNX model in Visual Studio

This functionality is fully available for the UWP workload with Windows 10 (version 1803), Windows SDK (Build 17110), and Visual Studio (version 15.7 - Preview 1) installed.

Using Auto Generated Wrapper Classes

The wrapper classes generated by the automatic code generator provide you with an interface to easily interact with your machine learning model through Windows ML APIs. There are three basic wrapper classes:

• Input class – This class is to represent the input data which will be bound to the model.
  
• Output class – This class is to represent the output data which will be bound to the model.
  
• Model class – This class is to represent the model object to load and evaluate.
  

Figure 2 - This shows the skeleton of the generated wrapper classes that represent Input, Output, and Model.

To use the automatic generated wrapper classes, you simply need the following three lines of code:

• Create the model – This will create the model with the ONNX model file.
  
• Initialize the input – Initialize the input object with application data to be bound to the model for evaluation.
  
• Evaluate the model – Evaluate the model with the input data to obtain the resulting output data.
  

Figure 3 - This shows the three lines of code to Create the model, Initialize the input, and evaluate the model to obtain output data.

Using Windows ML APIs Directly

To truly appreciate how simple and easy it is to use the Windows ML APIs, we should look inside the Model wrapper class, to understand the three lines of code that are required to evaluate your machine learning model locally. If the architecture of your application has a requirement to dynamically load different models, this will help you understand how to build your own abstraction layer.

The first line of code is Load. This loads the ONNX model file from file system and store it as a LearningModelPreview object.

The second line of code is Bind. This creates a model binding object to allow you to bind your input and output objects to the model to be evaluated. The data type within the input and output objects depend on the requirements of your model.

The final line of code is Evaluate. This is where Windows ML brings everything together and uses the input binding to evaluate the model locally and returns its results in the output object.

And voila! You can either choose to directly use the generated wrapper classes or call into Windows ML APIs. Either way, the above three lines of code will enable you to run AI locally within your application. In the next section, we will explore a sample generic UWP application that showcases a way to build an abstraction on top of Windows ML APIs where it takes a picture or a video frame, evaluate through any model that accepts such input type, and display results.

End-to-End Sample Application: Windows Machine Learning Explorer

Windows Machine Learning Explorer (Windows ML Explorer) is a data driven and generic sample application that serves as a launch pad to bootstrap ML models to be evaluated by Windows ML. It currently includes the scenario of a circuit board defect detection model. This model can detect defects on static pictures, such as in figure 4 where the circuit board traces are broken between paths. It can also detect from real-time web camera feed of a perfectly normal printed circuit board shown in figure 5.

You can find the code of the Windows Machine Learning Explorer sample application here.

Figure 4 - A defective printed circuit board static picture was selected in Windows Machine Learning Explorer.

Figure 5 – A normal printed circuit board was shown in front of a web camera in the Windows Machine Learning Explorer.

The Printed Circuit Board (PCB) model was trained using Microsoft Custom Vision Service, with PCB data generated by the Circuit Board Generator. Once the CoreML model has been trained and generated, it was converted to ONNX format using WinMLTools. To accomplish the conversion steps, you can work with your data scientist or follow these steps with the Convert existing ML models to ONNX guide. The converted ONNX model and sample PCB pictures are then added to the application's project.

Figure 6 – The converted ONNX model file and the generated circuit board pictures are added within the Assets/PCB folder of the project.

In Windows ML Explorer, there is an abstraction layer that is built on top of Windows ML APIs. This enables us to generically add a new ONNX model to the application that takes a picture or a video frame as input, evaluate, and display results. This also allows the application to dynamically switch between models from the UI. This abstraction is represented by the WinMLModel abstract class.

Figure 7 - WinMLModel.cs file and abstract class can be found inside the MLModels folder.

The WinMLModel abstract class already loads the model file with its initialization steps. It expects any new model that inherits this class to override the following properties and methods:

• DisplayInputName – This allows the UI to display the type of input images for the model.
  
• DisplayMinProbability – This restricts the UI to only show evaluation results with probability higher than this number.
  
• DisplayName – Friendly display name of the model.
  
• DisplayResultSettings – These settings direct how the UI will show probability percentages.
  
• Filename – The location of the ONNX model filename.
  
• Foldername – The folder within the Assets folder where the ONNX model and the input pictures will be located.
  
• EvaluateAsync(MLModelResult result, VideoFrame inputFrame) – This provides the inherited model classes to determine how to bind input and output, evaluate the model, and populate the MLModelResult object to be consumed by the UI to display results.
  

The provided example of the PCB model is represented as a class that inherits WinMLModel.

Figure 8 - The full skeleton of the PCBModel class which represents the PCB model that inherits the WinMLModel abstract class.

The EvaluateAsync(PcbModelInput input, string correlationId) method uses same code as to how the generated wrapper class binds inputs / outputs and evaluates the model.

Figure 9 - This shows how the PcbModel binds inputs / outputs and evaluates the model.

Adding a New Model to Windows Machine Learning Explorer

Once you have synced, built, and ran the Windows ML Explorer sample application, it is very easy for you to add a new model that expects a picture or a video frame as input. The application also allows the users to dynamically switch between multiple models, from one to another, as shown in figure 7 in the user interface.

To add a new model to the Windows ML Explorer, you simply follow with these five simple steps:

1. Create a new model folder under Assets to represent this new model.
   
2. Add the ONNX model file to the model folder and set the file's build property as content.
   
3. Create a new Images folder under the model folder and add your input images.
   
4. With the automatic generated wrapper classes file, modify the Model class to inherit the WinMLModel abstract class.
   
5. Add an instance of the new model class within the Models list in the constructor of MainViewModel. This will enable the new model to be shown in the Select Machine Learning Model combobox dropdown in the main UI.
   

Figure 10 - Skeleton of the new model class to be added to the Windows Machine Learning Explorer.

Figure 11 - This shows how to add a new model to the constructor of the MainViewModel.

Figure 12 – This shows the result of adding a second model in Windows Machine Learning Explorer and allows the user to dynamically switch between one model to another.

So, What Are You Waiting For?

In this blog, we introduced how .NET developers can use Windows ML to create intelligent applications that runs AI locally on Windows 10 devices. These intelligent applications leverage ONNX models which can be easily used via the automatic generated wrapper classes or directly invoking the Windows ML APIs. We have also presented the Windows Machine Learning explorer, an end-to-end sample application that showcases how to create an abstraction layer on top of Windows ML APIs to allow users to dynamically switch between ONNX models within the application. Thus, with just a few lines of Windows ML code, every developer can now develop powerful UWP applications that run on the intelligent edge.

There is no reason to wait - go ahead and give it a try!

Rosane & Wilson

Resources

• Channel 9's AI Show for this blog post can be found here.
  
• Windows Machine Learning Explorer sample application code for this blog post can be found here.
  
• Official guide for Windows Machine Learning can be found here.
  

Acknowledgement

• The authors wish to thank Carlos Pessoa, Chris Barker, Lucas Brodzinski, Seth Juarez, and Wee Hyong Tok from Microsoft for reviewing this post; and Louis-Philippe Bourret from Microsoft for reviewing the sample application code.

The below was an exercise in paying attention to detail for one of my customers.  They were in the middle of an Exchange 2010 to 2016 migration and were attempting to install the first Exchange 2016 server into the organisation. Windows Server 2016 was being used as the OS for these new servers.

However it was not going swimmingly.

As part of the pre-work they were installing the OS, applying Windows updates and finally installing the Exchange 2016 prerequisites.  The required prerequisites for Exchange 2016 are documented on TechNet.

They copied over the list of OS prequistes, and then executed the command in an elevated PowerShell session.  The command used was:

Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

This did not end well.  Red text in PowerShell can be easily classified as “bad”.

For make most glorious benefit search engines:

Install-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid: 'AS-HTTP-Activation'.
The name was not found.
At line:1 char:1
+ Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (AS-HTTP-Activation:String) [Install-WindowsFeature], Exception
+ FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Did they make a typo in that first OS component?  Let’s check to see what it is called in Windows using the Get-WindowsFeature cmdlet.  The result of which is shown below:

Hmm.  Nowhere to be found.  That’s a bit weird.

Why is TechNet telling them to install something that does not exist?

The Command Awakens

Well, actually it did not tell them to install a non-existent component.

The underlying issue was that they did not scroll enough to get to the prerequisites section for Windows Server 2016 and were trying to install the Windows 2012 R2 prerequisites onto Windows Server 2016.

Yes – that is what the paying attention to detail comment above refers to.  The prerequisite list of components which they should have used for Windows Server 2016 is:

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Note that there is no AS-HTTP-ACTIVATION in that list.

As you may expect, using the correct list of features on the corresponding version of Windows completed successfully:

Bootnote

I like to add the –Restart parameter so that the system restarts automatically.

Launching setup for it to them say there is a pending restart is frustrating, so I always restart after installing the relevant components.

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS  -Restart

Cheers,

Rhoderick

One common question I see is what should be the first thing I do after I set up Azure AD?  Luckily for you the Product Group has provided a nice article that covers that topic.  Please do this first and get your peers on board.  Most customers set up Azure AD, set up syncing and start using it, before ever thinking about security.  It is never to late to start following this guidance!!!

Securing privileged access for hybrid and cloud deployments in Azure AD

Enjoy

- Chad

Other Useful AAD Link:

Azure Active Directory Proof of Concept Playbook: Introduction

Author: Tushar Pathak, with assistance from Shea Caperoon

Log collection

When opening a support issue it’s critical that we have the right information to fully investigate the issue.  Support engineers often get asked by customers what data would be most useful to provide in order to have the case move forward as efficiently as possible. Having this data in first instance speeds up the resolution and avoids going back in circles.

Please refer to following chart for log collection based on the issue. When possible please submit these logs to the support engineer who is assigned to the case.

Procedures:

Collecting Client Logs

• From SfB/Lync Client, sign out or Cancel sign in

• From the client sign in screen, select Delete My Sign In Information
• From Tools > Options > enable client-side logging Options > Tools > General tab.
  • Turn on logging = Full (This is default in 2013/2016 client)
  • Select "Also collect troubleshooting info using Windows Event Logging"

• Exit the SfB/Lync client entirely (Alt + File > Exit)
• Exit Outlook entirely
• Go to Start > Run > type
  • For SfB 2016
    • %localappdata%MicrosoftOffice16.0Lync
  • For SfB/Lync 2013
    • %localappdata%MicrosoftOffice15.0Lync

• Delete folders starting with sip_
• Rename the Tracing folder to Tracing_bak
• Restart SfB/Lync client, and then reproduce the error condition – please capture a screen shot of error condition and the system time so error logs can be correlated.
• Exit client completely again and gather logging
  
• Zip entire Tracing folder from location above

SFB Configuration Information

1. 1. Navigate down to the taskbar and do a CTRL+RightClick on the Skype for Business icon. 
   2. On the menu shown, select the Configuration Information option.
   3. A pop-up window will open. Click on the button named Copy and paste the clipboard into a text file or reply email

Network

Network Capture on windows (GUI)

1. Download full netmon client from above website per the operating system bitness
2. Install full netmon on the affected machine
3. Run netmon as an Administrator (see here if you need instructions)
4. Start capture, reproduce the issue and stop capture. For best results, close all other windows or applications that are not needed to reproduce the issue
5. Save the netmon trace

Network Capture on windows

1. Open a Command Prompt as Administrator
2. Create a folder on the local disk by running the followingcommand:
   • c:>mkdir c:css-temp
3. Run the command:
   • c:>netsh trace start scenario=netconnection capture=yes packettruncatebytes=512 tracefile=c: css-temp%computername%_nettrace.etl maxsize=2000 filemode=circular overwrite=yes report=yes
4. Wait for the command to finish
5. Reproduce the problem
6. Run the command:
   • c:>netsh trace stop and wait for the command to finish
7. Prepare to upload the two files in c:css-temp to the case (ask for instructions from your support professional)

Network Capture Mac

1. Open a Terminal session
2. Run the follwing commands:
   • sudo tcpdump -w ~/Desktop/CaptureMSFT.pcap
3. Enter the admin credential to elevate
4. Reproduce the problem
5. Press CTRL+C to stop the capture
6. Ask customer to upload the file CaptureMSFT.pcap from the Desktop

This is a quick tip I recently discovered and wanted to share.  The Active Directory PowerShell Module also displays constructed attributes in results.  One useful attribute I use for Organizational Units (OU) is msDS-Approx-Immed-Subordinates, this attribute returns the number of direct descendants under any OU or container in Active Directory. Its doesn’t seem to be something that you can use in a filter but you can use it in your where-object clause.

#get all ou's and the number of direct descendants 

get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `

    name, "msDS-Approx-Immed-Subordinates", distinguishedname

#get ou's with no direct descendant

get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `

    name, "msDS-Approx-Immed-Subordinates", distinguishedname | `

        where {$_."msDS-Approx-Immed-Subordinates" -eq 0}

#get ou's with direct descendants

get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `

    name, "msDS-Approx-Immed-Subordinates", distinguishedname | `

        where {$_."msDS-Approx-Immed-Subordinates" -ne 0}

I put together a sample script to find and delete unused Organizational Units.

GitHub: FindandDeleteUnusedOUs.ps1

Hope you find this useful.

-Chad

El martes, 13 de marzo de 2018, Microsoft publicará nuevas actualizaciones de seguridad que afectan a los siguientes productos de Microsoft:

Descripción de las vulnerabilidades de seguridad

A continuación se proporciona un resumen en el que se muestra el número de vulnerabilidades tratadas en esta versión, desglosado por producto o componente y por impacto.

(1) Es posible que las vulnerabilidades que aparecen en varios componentes se representen más de una vez en la tabla.

(2) En el momento de la publicación, las puntuaciones CVE solo estaban disponibles para Windows, Internet Explorer y Microsoft Edge.

Guía de actualizaciones de seguridad

La Guía de actualizaciones de seguridad es nuestro recurso recomendado para obtener información sobre actualizaciones de seguridad. Puede personalizar sus vistas y crear hojas de cálculo del software afectado, así como descargar datos a través de una API de RESTful. Le recordamos que la Guía de actualizaciones de seguridad ya ha sustituido a las páginas web de los boletines de seguridad habituales.

Portal de la Guía de actualizaciones de seguridad:  https://aka.ms/securityupdateguide

Página web de preguntas más frecuentes (P+F) sobre la Guía de actualizaciones de seguridad: https://technet.microsoft.com/es-es/security/mt791750

Página web de tutoriales sobre la API de actualización de seguridad

En el canal de YouTube de Soporte técnico de Microsoft se publicaron una serie de vídeos de demostración sobre la API de actualización de seguridad. La serie lo guiará por la forma de acceder a la API y cómo recuperar datos de la actualización de seguridad mediante la API. ¡Disfrútela!

Página web de tutoriales sobre la API de actualización de seguridad: https://sugapitutorial.azurewebsites.net/.

Detalles de la vulnerabilidad

A continuación, encontrará los resúmenes de algunas de las vulnerabilidades de seguridad de esta versión. Estas vulnerabilidades se han seleccionado entre el conjunto global de vulnerabilidades existentes en la versión por alguno de los motivos siguientes: 1) Hemos recibido consultas relacionadas con la vulnerabilidad; 2) la vulnerabilidad se ha puesto de relieve en la prensa especializada; o 3) la vulnerabilidad puede resultar más perjudicial que otras de la misma versión. Dado que no proporcionamos resúmenes para todas las vulnerabilidades de la versión, debería consultar el contenido de la Guía de actualizaciones de seguridad
para buscar la información que no esté contenida en estos resúmenes.

Respecto a la coherencia de la información

Procuramos proporcionarle información precisa a través de contenido estático (este correo) y dinámico (basado en web). El contenido de seguridad de Microsoft publicado en la Web se actualiza con frecuencia para incluir la información más reciente. Si esto provoca incoherencias entre la información de aquí y la información del contenido de seguridad basado en web de Microsoft, la información autorizada es esta última.

Si tiene alguna pregunta respecto a esta alerta, póngase en contacto con su administrador técnico de cuentas (TAM) o director de prestación de servicios (SDM).

Saludos!

Microsoft CSS Security Team

Em terça-feira, 13 de março de 2018, a Microsoft lançou novas atualizações de segurança que afetam os seguintes produtos da Microsoft:

Visão geral da vulnerabilidade de segurança

Veja abaixo um resumo mostrando o número de vulnerabilidades solucionadas neste lançamento, discriminadas por produto/componente e por impacto.

(1) Vulnerabilidades que sobrepõem componentes podem ser representadas mais de uma vez na tabela.

(2) No momento do lançamento, as pontuações de CVE só estavam disponíveis para o Windows, o Internet Explorer e o Microsoft Edge.

Guia de Atualizações de Segurança

O Guia de Atualizações de Segurança é nosso recurso recomendado para informações sobre atualizações de segurança. Você pode personalizar suas exibições e criar planilhas de softwares afetados, além de baixar dados por meio de uma API RESTful. Como lembrete, o Guia de Atualizações de Segurança agora substituiu formalmente as páginas de boletins de segurança tradicionais.

Portal do Guia de Atualizações de Segurança:  https://aka.ms/securityupdateguide

Página da Web de perguntas frequentes sobre o Guia de Atualizações de Segurança: https://technet.microsoft.com/pt-br/security/mt791750

Página da Web de Tutorial de API para Atualizações de Segurança

Uma série de vídeos de demonstração de API de Atualizações de Segurança foi publicada no canal do Suporte da Microsoft no YouTube. A série irá orientá-lo sobre como acessar a API e como recuperar dados de atualizações de segurança usando a API. Divirta-se!

Página da Web de Tutorial de API para Atualizações de Segurança: https://sugapitutorial.azurewebsites.net/.

Detalhes de vulnerabilidade

Veja a seguir resumos de algumas das vulnerabilidades de segurança neste lançamento. Essas vulnerabilidades específicas foram selecionadas de um conjunto maior de vulnerabilidades no lançamento por um ou mais dos seguintes motivos: 1) Recebemos consultas sobre a vulnerabilidade; 2) a vulnerabilidade pode ter recebido atenção na imprensa especializada; ou 3) a vulnerabilidade tem impacto potencialmente maior do que outras no lançamento. Como não fornecemos resumos de todas as vulnerabilidades presentes do lançamento, você deve examinar o conteúdo no Guia de Atualizações de Segurança
para obter informações não fornecidas nesses resumos.

Sobre a consistência das informações

Nós nos empenhamos para fornecer a você informações precisas usando conteúdos estáticos (esta mensagem) e dinâmicos (baseados na Web). O conteúdo de segurança da Microsoft postado na Web é atualizado frequentemente para informar sobre novidades. Se isso resultar em uma inconsistência entre as informações descritas aqui e as informações no conteúdo de segurança baseado na Web publicado pela Microsoft, as informações nesse conteúdo publicado prevalecerão.

Em caso de dúvidas sobre este aviso, entre em contato com seu Gerente Técnico de Conta (TAM)/Gerente de Prestação de Serviços (SDM).

Agradecemos sua atenção.

Atenciosamente,

Equipe de Segurança Microsoft CSS

Nominations for the Microsoft 2018 Partner of the Year awards are now open, and the nomination tool can be accessed here. This will close on 17^th April 2018 and there will be no exceptions or extensions.

What are the Microsoft Partner of the Year Awards?

The Partner of the Year Awards are presented each year at the Microsoft Inspire Conference – this year Inspire is co-habited with Microsoft Ready, meaning that there will be thousands more Microsoft staff onsite than ever before. The awards are based on a self-nominating process by partners, and this year, winners will be celebrated at Microsoft Inspire in Las Vegas, Nevada from July 15^th-19^th, 2018.

The awards recognise the excellence our partners have demonstrated over the past year by showcasing them across the globe. We were very impressed with the extremely high quality of all the nominations received last year, and proud to have so many UK partners recognised – this year we expect it to be even bigger.

Resources Available to You

Explore our awards area of the Inspire site – here you can find awards guidelines, advice from the judges and tips on how to create a great entry.

How a Partner of the Year Award Can Benefit you as a Partner

As a Microsoft partner, receiving a Partner of the Year Award positions your company for new business opportunities, generates positive press coverage and can lead to even greater market recognition. As a winner, you are also invited to exclusive celebrations during the Microsoft Inspire Conference.

Don’t just take our word for it – here are our 2017 winners…

CGI UK – UK Country Partner of the Year

CGI UK are a leading Microsoft Partner who've put growth and transformation at the heart of their business, making a big investment in building Azure skills and training over 100 of their senior architects. CGI are early adopters of the Microsoft strategy and are currently in the process of migrating customers from their datacentre to Azure. They've really leveraged the Microsoft Partner ecosystem, building strategic partnerships that enable them to deliver the best solutions for client innovation. Building IP is key to their transformation and they've set a target of generating 30% of their revenue from IP by 2019. They have implemented a full end-to-end data analytics solution built on Microsoft Azure, Advanced Analytics, PowerBI and SQL Server to help their customers drive efficiencies and cost savings. Their long-term commitment to customer obsession has been a key driver of their transformation.

The Consortium - Cloud Productivity

The Consortium comprises of five specialist Microsoft partners, each with enterprise level experience and their own unique IP. The partnership, based in the UK, includes Content and Code, Modality Systems, Inframon, Coeo, and Program Framework. Together, these partners offer end-to-end digital transformation services for Microsoft's Cloud customers, helping them unlock the potential of their technology investments. By working together, the Consortium combines the expertise, flexibility and agility found in specialist partners, while offering clients the breadth of capability more typically found in global SI's. The Consortium meets diverse customer needs by bringing in the right partner(s) to offer follow on services over the lifecycle of the customer. In the 12 months the Consortium has been working together, they've helped countless customers by delivering customized solutions based on specific client needs. Projects range from digital workspaces, Skype for Business and communications, cloud and infrastructure platform, to Power BI & analytics, and project and portfolio management.

For more information on the 2018 Microsoft Partner of the Year Awards, check out our website.

The product group released the March 2018 Cumulative Update for the SharePoint 2010 product family.

For March 2018 CU we have full server packages (also known as Uber packages) for SharePoint server and Project server. For SharePoint Foundation there was no CU released in March. For the latest updates for SharePoint Foundation look for the January 2018 CU.

As this is a common question: Yes, March 2018 CU includes all SharePoint security fixes released with March 2018 PU.

Be aware that CU is a Post-SP2 hotfix. It is required to have SP2 installed before installing the CU.
It is required to have SP2 installed for the base product and all installed language packs to install March 2018 CU for SharePoint 2010.

This CU includes all SharePoint 2010 fixes (including all SharePoint 2010 security fixes) released since SP2. The CU does not include SP2.

The KB articles for March 2018 CU should be available at the following locations in a couple of hours:

• No fixes released for SharePoint Foundation 2010
• KB 4011710 - SharePoint Server 2010
• KB 4011708 - Project Server 2010

The Full Server Packages for March 2018 CU are already available through the following links:

• No fixes released for SharePoint Foundation 2010
• Download SharePoint Server 2010 March 2018 CU
• Download Project Server 2010 March 2018 CU

After installing the fixes you need to run the SharePoint 2010 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

Be aware that the SharePoint Server 2010 CU contains the SharePoint Foundation CU.
That means only one package has to be installed for the SharePoint 2010 product family.

Related Links:

• Blog: SP2 for SharePoint 2010
• Blog: Common Question: What is the difference between a PU, a CU and a COD?
• Blog: SharePoint Patching demystified
• Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
• Blog: March 2018 Office Update Release
• Technet: Update Center for Microsoft Office, Office Servers, and Related Products
• Technet: Updates for SharePoint Server 2010 and SharePoint Foundation 2010
• Technet: Updates for Project Server 2010
• Technet: Updates for Enterprise Search Products

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

• KB 4011705 - Word Automation Services for SharePoint 2010
• KB 4011709 - Office Web Apps 2010

SharePoint 2013 Suite:

• KB 4018304 - SharePoint Foundation 2013
• KB 4018298 - SharePoint Server 2013 (core components)
• KB 4011688 - Word Automation Services for SharePoint 2013
• KB 4018305 - Project Server 2013
• KB 4011692 - Office Web Apps 2013

SharePoint 2016 Suite:

• KB 4018293 - SharePoint Server 2016 (language independent)
• KB 4011023 - Office Online 2016

See the Security Update Guide below for more details about the relevant fixes:

• Security Update Guide

More information:

• KB 4090988 - March 2018, update for Microsoft Office

According to Mitre Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), Persistence is "any access, action, or configuration change to a system that gives an adversary a persistent presence on that system", which is a common technique used by adversaries to keep a communication channel open with the attacked resource. The use of Run and RunOnce registry keys to survive a boot is one of those persistence techniques that is widely used for adversaries. For example, Bronze Butler used both keys to estabilish malware persistance. The good news is that Azure Security Center can detect this type of registry change and trigger an alert as shown in the example below:

Read Azure Security Center detection capabilities for more information about how Security Center is able to detect new threats.

The product group released the March 2018 Cumulative Update for SharePoint Server 2016 product family. Be aware that only a language independent fix was released with March 2018 CU. The latest language dependent fix was released with January 2018 CU.

This CU also includes Feature Pack 1 which was released with December 2016 CU and Feature Pack 2 which was released with September 2017 CU.

The KB articles for March 2018 CU are available at the following location:

• KB 4018293 - March 2018 Update for SharePoint Server 2016 (language independent) - This is also a security update!
• KB 4011687 - March 2018 Update for SharePoint Server 2016 (language dependent fixes)
• KB 4011023 - March 2018 Update for Office Online Server 2016 - This is also a security update!

The download for March 2018 CU is available through the following link:

• Download March 2018 Update for SharePoint Server 2016 (language independent) - This is also a security update!
• Download March 2018 Update for SharePoint Server 2016 (language dependent fixes)
• Download March 2018 Update for Office Online Server 2016 - This is also a security update!

Important: It is required to install both fixes (language dependent and independent) to fully patch a SharePoint server as each SharePoint installation comes with a language independent component and a language dependent component. If additional language packs are added later (only) the language dependent fix has to be applied again.

It is irrelevant which language you pick on the drop down in download center. Even the language dependent fixes are all in the same package for all languages.

After installing the fixes you need to run the SharePoint 2016 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

SharePoint 2016 March 2018 CU Build Numbers:

Language independent fix: 16.0.4666.1002
Language dependent fix: 16.0.4666.1000

To understand the different version numbers please have a look at my article which explains the different SharePoint build numbers.

You can use the SharePoint Server 2016 Patch Build Numbers Powershell Module to identify the patch level of all SharePoint components.

Related Links:

• Technet: Updated Product Servicing Policy for SharePoint Server 2016
• Blog: Common Question: What is the difference between a PU, a CU and a COD?
• Blog: SharePoint Patching demystified
• Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
• Blog: March 2018 Office Update Release
• Technet: Update Center for Microsoft Office, Office Servers, and Related Products
• Blog: SharePoint Server 2016 Patch Build Numbers Powershell Module
• Blog: SharePoint Server 2016 Zero-Downtime Patching Demystified
• Blog: SharePoint does not have a build version. Full Stop.