Intune posts messages in the Message center in Office 365, accessed from portal.office.com using your admin credentials. Intune posts contain important service information with links to more details about new features, updates made to the service, and upcoming changes. We’re committed to make Intune work better for you, with messages that help you prepare for any planned change we make.
While you can read all your messages in the Message Center and even sign up to get weekly digests of your messages delivered as emails, we want to share an alternate way of accessing your messages. This process takes only a few minutes to set up and has two parts:
Creating an Azure AD application to use O365 APIs
Running a PowerShell script that we’ve provided for your convenience
Creating an Azure AD application to use O365 APIs
1. In this step, we create an application to get the following values which we will use later for authentication:
Application ID
Key or client secret
2. Open Intune on Azure portal with global admin credentials. Navigate to Azure AD >> App Registration >> New Application registration.
Choose application type Web app/API, not Native, since keys are only generated in Web app/API, not Native.
Redirect URI can be your tenant address, eg. https://contoso.onmicrosoft.com.
Image may be NSFW. Clik here to view.
3. Hit Create. Copy Application ID somewhere to use later.
4. To access your Application ID or app ID again if you need to, In the Azure portal, select App registrations >> All apps, or got to Azure AD >> App registration>> All Apps to view your apps.
Image may be NSFW. Clik here to view.
5. Open the newly created application and copy Application ID to be used later. However, the client secret or key will not be visible again, which is why we need to copy and save it.
Image may be NSFW. Clik here to view.6. Click Settings >> Required permissions >> Add >> Select an API >> O365 Management APIs. This is where you give the application permission to access the APIs for your tenant.
Image may be NSFW. Clik here to view.
7. Under Application Permissions and Delegated Permissions, select “Read service health information for your organization” to read OMC posts. Others are optional. Select Done. Then click Grant permissions. Your application is registered, and permissions are configured.
Image may be NSFW. Clik here to view.
8. Under API Access, select Keys. Enter a name for your key. You can set the expiration date per your requirement. The key value will be displayed only when you hit save. This value is important to hold on to in a secure way since it serves as a password for accessing your app and hence your messages.
Image may be NSFW. Clik here to view.
Running the PowerShell script
Download and save this ‘Get Messages’ PowerShell script, add in your application ID, tenant address and client secret or key. Running the script should now get you all your Intune related message center posts from the O365 admin portal.
Image may be NSFW. Clik here to view.
How does this help?
We know some of you are in the console all the time and some of you aren’t. If you’re a global admin or partner, you can share important messages with other Intune admins or employees by running this script and distributing the content. You, as global admin, can control who in your organization can view messages posted to the OMC.
Next steps
You now have all your messages in a PowerShell window. Stay tuned for another post where we’ll share how you can get these messages delivered to other platforms in an automated way.
Após a instalação do WSUS, chegamos ao momento de instalar a role de SUP (Software Update Point), essa role será a responsável por integrar o SCCM com o WSUS para disponibilização de updates.
Importante! Lembre-se de sempre ter todos os servidores atualizados para evitar problemas no processo de instalação.
A instalação é sempre feita do site SCCM, do topo para baixo, sendo assim em um ambiente com CAS e primários, você realiza a instalação do SUP primeiramente no CAS e depois nos primários. Isso porque o somente o WSUS no CAS vai fazer o sync com o Microsoft Catalog na internet, os primários vão realizar o sync no WSUS do CAS, isso é configurado automaticamente pelo SCCM, e não é necessária nenhuma configuração para tal.
Clientes suportados
Local - SUP e Site Server no mesmo servidor, tendo suporte a até 25 mil clientes.
Remoto - Sup em servidor diferente do Site Server, com suporte a 150 mil clientes.
Instalando o SUP
No console, vá em Administration -> Site Configuration -> Server and Site System Roles. Selecione o servidor da qual a role será instalada. Image may be NSFW. Clik here to view.
Em Software Update Point, informe as portas que o WSUS está utilizando, se o mesmo está em HTTPS e se os clients vão se conectar a partir da intranet ou internet. Image may be NSFW. Clik here to view.
Em Proxy and Account Settings, informe em quais momentos utilizar o proxy. Caso não tenha proxy, deixe como padrão. Clique em Next. Image may be NSFW. Clik here to view.
Syncronization Source, deixe como padrão, o SCCM vai reconhecer que é um Top Site e vai configurar para fazer o sync na internet, já no caso dos primários, o SCCM vai marcar a segunda opção de utilizar Upstream e adicionar o endereço do WSUS do CAS, somente valide as informções e Next. Image may be NSFW. Clik here to view.
Syncronization Schedule nessa tela informe quando o WSUS vai se conectar no Catalog, o padrão é uma vez por semana, pode ser mantida essa configuração. Image may be NSFW. Clik here to view.
Em Products, marque os produtos da qual irá disponibilizar updates, como recomendação, marque as versões de Windows Workstation, Windows Server e Office que estão em uso no ambiente. Image may be NSFW. Clik here to view.
Languages, informe os idiomas dos updates, na maioria dos casos, vai precisar somente de portugues e inglês. Clique em Next. Image may be NSFW. Clik here to view.
SMS_WSUS_SYNC_MANAGER - Wsyncmgr.log
Responsável por iniciar o sync do WSUS e monitorar o mesmo.
SMS_WSUS_CONTROL_MANAGER - WSUSCtrl.log
Monitora se o WSUS está acessível e saudável, se seus requisitos estão em ordem e se as configurações de proxy estão corretas. Esse componente está presente somente no Top Site.
SMS_WSUS_CONFIGURATION_MANAGER - WCM.log
Monitora se o WSUS está acessível e saudável, se seus requisitos estão em ordem, também faz o sincronismo das configurações do SUP, como categorias, produtos, etc, do SCCM para o WSUS.
Problemas comuns
WSUSCtrl.log e/ou WCM.log apontando erro de conexão ao WSUS.
Isso geralmente ocorre por duas razões, servidor do WSUS parado e página do WSUS no IIS indisponível, seja por motivo de falha no IIS, serviço do IIS ou até mesmo Firewall. Lembrando que no Windows Server 2012 em diante o WSUS é acessado via porta 8530 HTTP e 8531 HTTPS.
Versão não suportada
A versão mínima do WSUS para a instalação do SUP é WSUS 3.0 SP2 + KB2720211 + KB2734608.
Caso a versão seja inferior, o mesmo não será instalado apresentando erro no SUPSetup.log
Em agosto de 2017, foi identificada um problema de performance no WSUS, devido grande quantidade de metadados em alguns updates do Windows 10 1607, para corrigir essa falha, foram disponibilizados os seguintes KBs:
However, there is an issue with the recently released ADCS MP for WS 2016. A change was made in the library MP which modified some class property names. This breaks MP update, so customers using the ADCS MP’s for Windows 2012 and 2012R2 cannot “add” the ADCS for Windows Server 2016 MP’s to the management group.
Image may be NSFW. Clik here to view.
You might see these errors:
Certificate Services Common Library could not be imported.
If any management packs in the Import list are dependent on this management pack, the installation of the dependent management packs will fail.
Verification failed with 5 errors: ------------------------------------------------------- Error 1: Found error in 2|Microsoft.Windows.CertificateServices.Library|7.1.10100.0|Microsoft.Windows.CertificateServices.Library|| with message: Version 10.0.0.0 of the management pack is not upgrade compatible with older version 7.1.10100.0. Compatibility check failed with 4 errors:
------------------------------------------------------- Error 2: Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message: Publicly accessible ClassProperty (WatcheeName) has been removed in the newer version of this management pack. ------------------------------------------------------- Error 3: Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message: Publicly accessible ClassProperty (IsWatcheeOnline) has been removed in the newer version of this management pack. ------------------------------------------------------- Error 4: Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message: Publicly accessible ClassProperty (WatcheeHierarchyEntryPoint) has been removed in the newer version of this management pack. ------------------------------------------------------- Error 5: Found error in 1|Microsoft.Windows.CertificateServices.Library/31bf3856ad364e35|1.0.0.0|Microsoft.Windows.CertificateServices.CAWatcher|| with message: New Key ClassProperty item (WatcherName) has been added in the newer version of this management pack. -------------------------------------------------------
There is a workaround:
Delete all the ADCS 2012 MP’s you have, while first backing up and then deleting any unsealed MP’s which reference them.
Import only the Microsoft.Windows.CertificateServices.Library.mp version 10.0.0.0
Now you may import all the rest of the MP’s, including 2012, 2012R2, and 2016 for ADCS, and your unsealed MP’s which you have to remove.
Image may be NSFW. Clik here to view.
If you only need to monitor ADCS on Windows Server 2016, simply delete your existing ADCS MP’s first, then you can import these as normal.
設備が故障する前やメンテナンスの問題が起きる前にそのことを通知してもらえたら、どんなに良いかと思ったことはありませんか? IoT によって、そうした「予知保全」が可能になりました。予知保全とは、環境、プロセス、リソース関連のデータを収集し、設備が故障する前に AI と機械学習によってメンテナンスや交換が必要な時期を分析、予測するシステムのことです。
Welcome back for another analysis of contributions to TechNet Wiki over the last week.
Thanks as always to Pete Laker for nursing his crawler through another week's batch of Wiki changes. Web page scraping, from the revision pages of the wiki is sometimes a painful business. Especially if page DOM or layout changes, or if he has bandwidth issues. Some weekends like this one, he has to patch his crawler and rerun several times to get a clean crawl, for me to score from. Plus I believe he pays for the Azure website & database services behind all these awards himself, so thanks again Pete!
[Guru's Says]: Do you know how to Enrollment Certificate Web Services in Active Directory Certificate Services, check this important article by Kurt L Hudson MSFT.
Image may be NSFW. Clik here to view.
Longest Article Award
Biggest article updated this week
[Guru's Says]: Another great post by Ehsan, Beginners Guide to implement AJAX CRUD Operations using JQuery DataTables in ASP.NET MVC 5. I love how it is explained in detail and the screen shots. Love to read Image may be NSFW. Clik here to view.
Image may be NSFW. Clik here to view.
Most Revised Article Award
Article with the most revisions in a week
This week's most fiddled with article is Kill spid in SSAS, by Av111. It was revised 21 times last week.
[Guru's Says]: Do you know How To Trigger SharePoint Designer Workflow On A List Item By Calling REST API Using jQuery, check this article by sagar pardeshi. Nice article sagar Image may be NSFW. Clik here to view.
Image may be NSFW. Clik here to view.
Ninja Edit Award
A ninja needs lightning fast reactions!
Below is a list of this week's fastest ninja edits. That's an edit to an article after another person
Another great week from all in our community! Thank you all for so much great literature for us to read this week! Please keep reading and contributing!
Microsoft Azure continues to evolve as it adds new features and updates to the Azure Portal. Professionals need to stay abreast of changes to both Azure and cloud computing. Fortunately, there’s a way to find out what’s new in Azure.
Overview
Global Azure Bootcamp 2018 is a “free one-day global training event on Azure, from the community to the community”. According to the website, each “user group will organize their own one-day deep dive class on Azure.” Each event is driven by local Microsoft Azure community enthusiasts and experts and comprises technical content, sessions, and labs. The result is thousands of people learn about Azure and anyone in the technology community can advance their cloud knowledge.
Global Azure Bootcamp is celebrating its sixth year in 2018. While sponsors, like Microsoft, support the initiative the event is independent and community-driven. The goal is to show people the benefits of Microsoft Azure while strengthening the Azure community.
How To Get Involved?Image may be NSFW. Clik here to view.
There are several ways you can support Global Azure Bootcamp 2018.
Organize an event in your community. The deadline for event registration is Friday, April 6, 2018. To find out more information, see the Organizers FAQ Page.
Volunteer at a community event. If you know Azure, offer to help at an existing event by speaking or proctoring. On the day of the event, assist with setup, registration, or clean-up.
Sponsor a local event. Chances are any local event would welcome sponsors. Reach out to local organizers about sponsoring them.
Attend a community event. Events are happening all over the world on April 21st. Show your support by registering for an event. Use the map or search box on the Locations page to find one near you.
Promote the event. Tell your social networks Global Azure Bootcamp 2018 is happening. Include the social hashtag #GlobalAzure when talking about the event on Twitter and like their Facebook page.
Global Azure Bootcamp 2018 is set to be another great worldwide community event. Get involved and help support the Azure community in your country. And as we approach April 21, please look for opportunities to write TechNet Wiki articles and to encourage other community members to contribute too!
Llevamos una temporada sin estar demasiado activos por el blog, debido sobre todo a una elevada carga laboral, pero nos parecía una inmejorable manera de retomar esto con el siguiente post.
Nos llena de alegría escuchar el reconocimiento a uno de nuestros colaboradores más prestigiosos, el MVP Vicente Rubio, el cual, a través de su empresa AULA INFORMÁTICA COMPLUTENSE, ha recibido la Medalla Europea al Mérito en el Trabajo, que concede la Asociación Europea de Economía y Competitividad, para reconocer a aquellas empresas con una trayectoria ejemplar y con prácticas e iniciativas que apoyan el espíritu y conciencia empresarial.
Según sus propias palabras:
“Destacamos los siguientes parámetros evaluadores por los que se nos ha concedido el galardón:
Calidad en el servicio: Fundación de la Consultora en 1994 y desde entonces han ido evolucionando y adaptándose a las características del mercado, con una capacidad de emprendimiento empresarial durante estos 24 años excelente.
Marca España: Creadores y administradores de la comunidad en español “Todo sobre Microsoft Project y Visio” unificando las dos herramientas.
Compromiso con la excelencia: cuentan en su Canal de YouTube con 200 videos, con más de 1.200.0000 visualizaciones desde 175 países, y 6.896 suscriptores.
Proceso continuo de aprendizaje e innovación: Reconocimiento por parte de Microsoft por sus trabajos con gestión de proyectos en múltiples clientes.”
Felicitamos una vez más a Vicente y su excelente equipo de colaboradores por la excelente labor que están realizando; es un honor y un placer poder trabajar con vosotros.
Ya podemos descargarnos la Actualización Pública para Project 2016 y Project Server 2016, correspondiente al mes de marzo de 2018.
Recordemos, por favor, el siguiente criterio de liberación de actualizaciones: las relacionadas con productos de la familia Office que no sean consideradas de seguridad serán liberadas el primer martes de mes; mientras que las de seguridad de productos de la familia Office serán liberados el segundo martes de cada mes:
Paquetes de SharePoint Server 2016 (hay que instalar ambos, Project Server 2016 está incluído en SharePoint Server 2016):
Podemos descargarnos la Actualización Pública para Project 2013 y Project Server 2013, correspondiente al mes de marzo de 2018. Debemos tener en cuenta que, para poder instalarla, es necesario haber instalado antes el SP1. Recordemos, por favor, el siguiente criterio de liberación de actualizaciones: las relacionadas con productos de la familia Office que no sean consideradas de seguridad serán liberadas el primer martes de mes; mientras que las de seguridad de productos de la familia Office serán liberados el segundo martes de cada mes:
さらに今年は、マイクロソフト最大の社内イベント「Microsoft Ready」も同週にラスベガスで開催されるため、「Microsoft Inspire & Microsoft Ready One Celebration」と題し、合同セレブレーションを実施する予定です。パートナーの皆様も、世界各国のマイクロソフト社員と共に One Celebration に参加して、グラミー賞を受賞した世界的アーティストのパフォーマンスをお楽しみいただけます。
Azure Security Center は複数の脅威侵入防止メカニズムを備えており、これを利用することで、攻撃を受ける可能性のある領域を狭めることができます。そのメカニズムの 1 つが、Just-in-Time (JIT) VM Access です。このたびマイクロソフトは、Just-in-Time VM Access の一般提供を開始しました。この機能では、VM への永続的なアクセスを拒否し、必要なときにのみ許可することで、ネットワーク帯域幅消費型攻撃のリスクを低減できます。
VM で JIT アクセスを有効化すると、保護対象のポート、ポートを開放する制限時間、ポートへのアクセスを許可する IP アドレスをポリシーで定義できます。このポリシーでは、ユーザーからのアクセス要求があった場合にどれを許可するかを制御できます。要求は Azure のアクティビティ ログに記録されるため、アクセスの監視や監査も簡単にできます。また、このポリシーで、既存の仮想マシンのうち JIT が有効化されているものや JIT の適用が推奨されるものをすばやく特定できます。
『Dead Rising 3』は 2013 年 (国内では 2014 年) に Xbox One と同時に発売されました。最先端のハードウェアは、広大なオープンワールドのゾンビ パラダイス アクション ゲームの新たな創造性を解き放ちます。マイクロソフトが開発した Xbox One X により再びゲームの可能性が広がったので、『Dead Rising 4』をステップアップさせ、戻ってきたヒーロー、フランク・ウェストにゴージャスな贈り物をしなければなりませんでした!
チームは『Dead Rising 4』に「カプコンヒーローズ」ゲーム モードを実装するためにすでに動いていました。ゲームの発表のあと、熱烈なファンの皆さんと打ち合わせをしてアイディアをリスト化しました。その取り組みをしているうちに、Xbox One X の特別な機能に対応するアップデートをしたくなりました。単に描き出されるゾンビの数が増えるだけではありませんよ。『Dead Rising 4』の映像品質とパフォーマンスを、これまで以上のものにしたいと思いました。
Xbox One X へ対応させる過程でチームは、鮮明な見た目の高解像度のテクスチャと、フレームレートを維持したまま LOD 値を伸ばすことに力を注ぎました。オープン ワールド ゲーム (多くの場合は日中に設定されています) を製作する際の大きな課題の一つは、プレイヤーが見渡せる距離の長さです。私たちはできる限り遠くまでオブジェの品質を保てるように努力しました。
Xbox One X に向けた『Dead Rising 4』のアップデートの大きな向上点は、アンチエイリアシングの向上です。今までどんなことをしても取り除けなかった画面の微妙なざらつきが、Xbox One X のレンダリング機能によって即座に取り除かれました。映像全体にエフェクトがかかり、品質が向上しました。
こちらカプコン バンクーバーではスタッフ一同、既に発売された名作や、近日公開の作品をより良くするため、Xbox One X と共に働いています。すばらしい新兵器に向けて『Dead Rising 4』がアップデートされ、「カプコンヒーローズ」が公開され、ファンの皆さんがゲームを再びプレイして Xbox One X の凄さを体験していただくのが楽しみでなりません。
In my previous post on the new Classify Data function in SQL Server Management Studio (SSMS) 17.5 - I focused on using it, but in this post I thought I'd peak behind the curtain to see what it is going on.
There are two steps, the Classifier function; how we automaticially classify the sensitiviy and information (type) for fields, the second step, how we save/store the classification.
Step 1:Classifer Function.
When you click on Classify Data, whats actually going on. Just open SQL Profiler or create an Extended Events trace and you will see the following SQL code. You can execute this on a machine that doesn't have SSMS 17.5.
DECLARE @ClassifcationResults TABLE
(
schema_name NVARCHAR(128),
table_name NVARCHAR(128),
column_name NVARCHAR(128),
info_type NVARCHAR(128),
sensitivity_label NVARCHAR(128),
ranking INT,
can_be_numeric BIT
)
INSERT INTO @ClassifcationResults
SELECT DISTINCT S.NAME AS schema_name,
T.NAME AS table_name,
C.NAME AS column_name,
D.info_type,
D.sensitivity_label,
R.ranking,
D.can_be_numeric
FROM sys.schemas S
INNER JOIN sys.tables T
ON S.schema_id = T.schema_id
INNER JOIN sys.columns C
ON T.object_id = C.object_id
INNER JOIN sys.types TP
ON C.system_type_id = TP.system_type_id
LEFT OUTER JOIN @Dictionary D
ON (D.pattern NOT LIKE '%[%]%' AND LOWER(C.name) = LOWER(D.pattern) COLLATE DATABASE_DEFAULT) OR
(D.pattern LIKE '%[%]%' AND LOWER(C.name) LIKE LOWER(D.pattern) COLLATE DATABASE_DEFAULT)
LEFT OUTER JOIN @infoTypeRanking R
ON (R.info_type = D.info_type)
WHERE (D.info_type IS NOT NULL ) AND
NOT (D.can_be_numeric = 0 AND TP.name IN ('bigint','bit','decimal','float','int','money','numeric','smallint','smallmoney','tinyint'))
SELECT DISTINCT
CR.schema_name AS schema_name,
CR.table_name AS table_name,
CR.column_name AS column_name,
CR.info_type AS information_type_name,
CR.sensitivity_label AS sensitivity_label_name
FROM @ClassifcationResults CR
INNER JOIN
(
SELECT
schema_name,
table_name,
column_name,
MIN(ranking) AS min_ranking
FROM
@ClassifcationResults
GROUP BY
schema_name,
table_name,
column_name
) MR
ON CR.schema_name = MR.schema_name
AND CR.table_name = MR.table_name
AND CR.column_name = MR.column_name
AND CR.Ranking = MR.min_ranking
ORDER BY schema_name, table_name, column_name
--select distinct sensitivity_label from @Dictionary;
--select distinct info_type from @Dictionary;
[/css]
The results of the classification are saved to extended properites of the the column.
Image may be NSFW. Clik here to view.
GDPR extended properties
The actions above create a script like this:
Although right now, we can not customise the drop downs at the moment for Information Type and Sensitivty labels, but we can tweek them ( but this is very very unsupported!)
The script below, assigns a new Sensitivity Label, called 'Custom Confidential'.
Below is the new updated Sensitivity Label in the tool.
Image may be NSFW. Clik here to view.
GDPR custom values
This is the first release of the SQL Data Discovery & Classification and I'm looking forward to updates.
6. Click Settings >> Required permissions >> Add >> Select an API >> O365 Management APIs. This is where you give the application permission to access the APIs for your tenant.
