SCCM Site Server ile SUP rolü olan sunucudaki WSUS sürümleri farklı olduğunda bu hata ile karşılaşabilirsiniz.

PublishApplication(A9356B04-DA80-48C3-97DE-C9C528F73A2D) failed with error System.InvalidOperationException: Publishing operation failed because the console and remote server versions~do not match.~ at Microsoft.UpdateServices.Internal.BaseApi.Publisher.LoadPackageMetadata(String sdpFile)~ at Microsoft.UpdateServices.Internal.BaseApi.UpdateServer.GetPublisher(String sdpFile)~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.PublishApplication(String sPackageId, String sSDPFile, String sCabFile)
ERROR: Failed to publish sms client to WSUS, error = 0x80131509
Failed to publish client with error = 0x80131509
HandleSMSClientPublication failed.

Sorunun sebebi SCCM ajan dağıtımını Software Update Base yöntemini kullanarak yapmak istemeniz. Bu yöntem için WSUS sürümlerinizin aynı olması gerekmekte. Aynı değilse bu ayarı kapatmanız gerekir.
Not: Bu durum Windows Update Dağıtmanızda sakınca yaratmaz.

Ayarı kapatmak için aşağıdaki kutucuğun işaretini kaldırın.

Featured sessions

Here's a sample of the sessions, as more that are device focused become available I'll call them out.

先日ご案内した 2018 MPN Partner of the Year Awards の締め切りまであと13営業日です。

応募のご準備は進めていただいておりますでしょうか？

これからご準備される方は、以下より応募についてご確認いただき、締め切りまでにAward Submission Toolよりご提出ください。

応募締切: 2018 年 4月 17 日 23:59 (太平洋標準時間、日本時間 4 月 18 日 15:59) まで

(All nominations must be in the tool by 11:59pm PST, April 17, 2018. No Exceptions.)

▼ 2018 MPN Partner of the Year Awards の詳細はこちらから

Hi, AAD community!

Apologize for being MIA these couple of months.

Please find this month’s webinars below. Two good news: we adding back B2B series and a new authentication webinar this month!

Reminder:

• These webinars are FREE of cost.
• These webinars are currently held monthly with new sessions being added.
• Each session is1 hour, it includes an anonymous Q&A session with Microsoft AAD Engineering Team.
• Each session is recorded, please register for the recording link.

April webinar schedule:

Please let me know if you are looking for a specific topic in AAD.

Cheers,
Bea

2018년 3월 29일 목요일(태평양시)에 Microsoft는 Windows 7 및 Windows Server 2008 R2용 비정기 보안 업데이트를 발표하였습니다.

발표 내용

Microsoft는 2018년 3월 29일 목요일(태평양시)에 Windows 7 SP1(x64 기반 시스템용) 및 Windows Server 2008 R2 SP1(x64 기반 시스템용)에 영향을 미치는 새로운 취약성에 대비한 보안 업데이트를 새롭게 발표했습니다.

이 보안 취약성의 개요는 다음과 같습니다.

FAQ(질문과 대답)

Q: 이 문제가 멜트다운(Meltdown)용으로 이전에 발표된 완화 기능에 영향을 미치나요?

A: 이 문제는 이 알림에 설명된 새 보안 업데이트를 설치하기 전이나 설치한 후에 멜트다운(Meltdown)용으로 이전에 발표된 완화 기능에 영향을 미치지 않습니다.

Q: 이 새 보안 업데이트를 설치하려면 컴퓨터를 재부팅해야 하나요?

A: 예. 이 새 보안 업데이트를 설치하려면 컴퓨터를 재부팅해야 합니다.

Q: 이 문제가 Microsoft 클라우드 서비스에 영향을 미치나요?

A: 아니요. Microsoft 클라우드 서비스는 이 문제의 영향을 받지 않습니다.

Q: 이 보안 업데이트 발표에 관한 추가 정보는 어디서 확인할 수 있나요?

A: 보안 업데이트 가이드의 CVE-2018-1038에 대한 정보를 살펴보세요. 추가 정보는 Microsoft 지원 문서 4100480(https://support.microsoft.com/ko-kr/help/4100480)에서 확인할 수 있습니다.

보안 업데이트 가이드

보안 업데이트 가이드는 Microsoft에서 권장하는 보안 업데이트 정보 리소스입니다. 보기를 사용자 지정하고 영향받는 소프트웨어 스프레드시트를 만들 수 있으며 RESTful API를 통해 데이터를 다운로드할 수도 있습니다.

보안 업데이트 가이드 포털:  https://aka.ms/securityupdateguide

보안 업데이트 가이드 FAQ(질문과 대답) 웹 페이지: https://technet.microsoft.com/ko-kr/security/mt791750

정보의 일관성에 대하여

Microsoft는 정적(본 전자 메일) 및 동적(웹 기반) 콘텐츠에서 정확한 정보를 제공하기 위해 최선을 다하고 있습니다. 웹에 게시되는 Microsoft의 보안 콘텐츠는 최신 정보를 반영하기 위해 자주 업데이트됩니다. 이로 인해 본 알림의 정보와 Microsoft에서 게시한 웹 기반 보안 콘텐츠의 정보 간에 불일치 사항이 발생하는 경우 Microsoft에서 게시한 웹 기반 보안 콘텐츠의 정보가 더 신뢰할 수 있는 정보입니다.

감사합니다.

こんにちは。いつも Office 365 を利用いただきまして、ありがとうございます。
今回は、Office 365 のライセンス管理について、ご紹介いたします。

Office 365 でユーザーにライセンスを付与するには、GUI（Office 365 管理センター）で操作する方法と、PowerShell で操作する方法があります。
少人数の作業であれば前者で問題ありませんが、ユーザーが多い場合や、スクリプトとして実行したいような場合は後者の方法が有効です。

よくあるお問い合わせのシナリオに沿って、ライセンス管理の PowerShell コマンドをご案内いたします。
ライセンス名やサービスプランを変更することによって応用が可能です。
 
--------------------------------------------------------------------------------------------

事前準備（必須）

--------------------------------------------------------------------------------------------
下記の作業は、どのシナリオにおいても共通です。

▼Office 365 に PowerShell 接続します。
下記の公開情報に従って Azure Active Directory の PowerShell モジュール（MSOnline）をインストールします。

Azure Active Directory の PowerShell モジュール
https://blogs.technet.microsoft.com/jpazureid/2017/12/04/aad-powershell/

Office 365 PowerShell への接続
https://docs.microsoft.com/ja-jp/office365/enterprise/powershell/connect-to-office-365-powershell

その後、Connect-MsolService コマンドを実行し、管理者権限で Office 365 に接続します。

▼Office 365 テナントに紐づくライセンスの情報を確認します。
Get-MsolAccountSku コマンドを実行し、ライセンスの AccountSkuId を確認します。

コマンド実行例：

・・・
 
▼ユーザーの UsageLocation を設定します。
ライセンスを割り当てるユーザーは、事前に UsageLocation が設定されている必要があります。設定されていない場合にはライセンス割り当てに失敗します。
そのため、はじめてライセンス割り当てを行うユーザーの場合は、事前に次のコマンドで UsageLocation を設定します。

下記のコマンドを実行し、特定のユーザーの UsageLocation を ”JP” に設定します。
Set-MsolUser -UserPrincipalName <対象ユーザーの UPN> -UsageLocation "JP"

下記のコマンドを実行し、csv ファイル（後述）に記載されたユーザーの UsageLocation を ”JP” に一括設定します。
Import-Csv <csv ファイル名> | ForEach-Object {Set-MsolUser -UserPrincipalName $_.UserPrincipalName -UsageLocation "JP"}

- 参考情報
UsageLocation は、ISO 3166-1 alpha-2 (A2) の 2 文字の国/地域コードを指定します。
https://www.iso.org/obp/ui/#search/code/
 
--------------------------------------------------------------------------------------------

事前準備（任意）

--------------------------------------------------------------------------------------------
下記の作業は必須ではありませんが、必要に応じて実施ください。

csv ファイルを使用してライセンスの一括割当・変更を行う場合は、下記を事前準備として実施ください。

▼全ユーザーの UserPrincipalName 一覧を csv ファイルに出力します。
Get-MsolUser -all | Select-Object UserPrincipalName | export-csv <出力先の csv ファイル> -Encoding UTF8 -NoTypeInformation

▼特定ライセンスが付与されているユーザーの UserPrincipalName 一覧を csv ファイルに出力します。
Get-MsolUser | where {$_.Licenses.AccountSkuID -eq <対象ライセンスの AccountSkuId>} | Select-Object UserPrincipalName | export-csv <出力先の csv ファイル> -Encoding UTF8 -NoTypeInformation

コマンド実行例：　※E1 ライセンスが付与されているユーザーの一覧を c:tempusers.csv ファイルに出力する場合
Get-MsolUser | where {$_.Licenses.AccountSkuID -eq "contoso:STANDARDPACK"} | Select-Object UserPrincipalName | Export-Csv "C:Tempusers.csv" -encoding UTF8 -NoTypeInformation

csv ファイルは、下記の形式で作成されます。
ライセンス割当・変更を行う対象ユーザーが事前に分かっている場合は、手動作成でも問題ありません。
---------------------------------------------------
UserPrincipalName
testuser01@contoso.onmicrosoft.com
testuser02@contoso.onmicrosoft.com
・・・
---------------------------------------------------

ユーザーにライセンスを付与する際、特定のサービスプランのみ有効化する場合は、下記を事前準備として実施ください。

▼作業対象ライセンスに含まれるサービスプランの情報を確認します。
(Get-MsolAccountSku | where {$_.AccountSkuId -eq <確認したいライセンスの AccountSkuId>}).ServiceStatus
 
コマンド実行例：　※Office 365 Enterprise E3 の場合（サービスプランは、2018/03/28 時点の情報です）
(Get-MsolAccountSku | where {$_.AccountSkuId -eq "contoso:ENTERPRISEPACK"}).ServiceStatus

 
▼PowerShell 上で変数 disabledplans を作成し、無効とするサービス プランの情報を変数に格納します。
下記のコマンドを実行し、割り当てるライセンスのうち、無効にするサービスを指定し、変数 disabledplans に格納します。
$disabledplans = New-Object System.Collections.Generic.List[string]
$disabledplans.Add("<無効にする ServicePlan>")
$disabledplans.Add("<無効にする ServicePlan>")
・・・
$licenses = New-MsolLicenseOptions -AccountSkuId "<割り当てるライセンスの AccountSkuId>" -DisabledPlans $disabledplans

コマンド実行例：　※contoso:ENTERPRISEPACK ライセンスを割り当てる際に、Microsoft Teams、Sway、Yammer Enterprise を無効にする場合
$disabledplans = New-Object System.Collections.Generic.List[string]
$disabledplans.Add("TEAMS1")
$disabledplans.Add("SWAY")
$disabledplans.Add("YAMMER_ENTERPRISE")
$licenses = New-MsolLicenseOptions -AccountSkuId "contoso:ENTERPRISEPACK" -DisabledPlans $disabledplans
 
--------------------------------------------------------------------------------------------

シナリオ A. 新規ユーザーにライセンスを割り当てます。

--------------------------------------------------------------------------------------------
▼特定のユーザーに対して、全てのサービスプランを有効化してライセンスを付与します。
Set-MsolUserLicense -UserPrincipalName <UPN> -AddLicenses <付与ライセンスの AccountSkuId>

▼csv ファイルで指定したユーザーに対して、一括で処理するには、下記のコマンドを実行します。
Import-Csv -Path <csv ファイルのパス名> | ForEach-Object {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses <付与ライセンスの AccountSkuId>}

▼一部のサービスのみ有効化してライセンスを付与します。
Set-MsolUserLicense -UserPrincipalName <UPN> -AddLicenses <付与ライセンスの AccountSkuId> -LicenseOptions $licenses

▼csv ファイルで指定したユーザーに対して、一括で処理するには、下記のコマンドを実行します。
Import-Csv -Path <csv ファイルのパス名> | ForEach-Object {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -AddLicenses <付与ライセンスの AccountSkuId> -LicenseOptions $licenses}
 
--------------------------------------------------------------------------------------------

シナリオ B. ユーザーからライセンスを削除します。

--------------------------------------------------------------------------------------------
▼特定のユーザーに対して、ライセンスを削除します、
Set-MsolUserLicense -UserPrincipalName <UPN> -RemoveLicenses <削除ライセンスの AccountSkuId>

▼csv ファイルで指定したユーザーに対して、一括で処理するには、下記のコマンドを実行します。
Import-Csv -Path <csv ファイルのパス名> | ForEach-Object {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses <削除ライセンスの AccountSkuId>}
 
--------------------------------------------------------------------------------------------

シナリオ C. 同一ライセンス内で、有効にするサービスプランを変更します。

--------------------------------------------------------------------------------------------
▼特定のユーザーに対して、サービスプランを変更します。　※AddLicenses オプションは使用しません。
Set-MsolUserLicense -UserPrincipalName <UPN> -LicenseOptions $licenses

▼csv ファイルで指定したユーザーに対して、一括で処理するには、下記のコマンドを実行します。
Import-Csv -Path <csv ファイルのパス名> | ForEach-Object {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -LicenseOptions $licenses}
 
--------------------------------------------------------------------------------------------

シナリオ D. ライセンス変更を行います。

--------------------------------------------------------------------------------------------
▼特定のユーザーに対して、ライセンス変更を行います（変更後は、全てのサービスプランを有効化）
et-MsolUserLicense -UserPrincipalName <UPN> -RemoveLicenses <変更前の AccountSkuId> -AddLicenses <変更後の AccountSkuId>

▼csv ファイルで指定したユーザーに対して、一括で処理するには、下記のコマンドを実行します。
Import-Csv -Path <csv ファイルのパス名> | ForEach-Object {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses <変更前の AccountSkuId> -AddLicenses <変更後の AccountSkuId>}

▼特定のユーザーに対して、ライセンス変更を行います（変更後は、一部のサービスのみ有効化）
Set-MsolUserLicense -UserPrincipalName <UPN> -RemoveLicenses <変更前の AccountSkuId> -AddLicenses <変更後の AccountSkuId > -LicenseOptions $licenses

▼csv ファイルで指定したユーザーに対して、一括で処理するには、下記のコマンドを実行します。
Import-Csv -Path <csv ファイルのパス名> | ForEach-Object {Set-MsolUserLicense -UserPrincipalName $_.UserPrincipalName -RemoveLicenses <変更前の AccountSkuId> -AddLicenses <変更後の AccountSkuId > -LicenseOptions $licenses}
 
--------------------------------------------------------------------------------------------

事後確認

--------------------------------------------------------------------------------------------
▼作業対象ユーザーのライセンス付与状況を確認します。
Get-MsolUser -UserPrincipalName <UPN> | Select-Object -ExpandProperty Licenses

▼サービスプランまで確認するには、下記のコマンドを実行します。
Get-MsolUser -UserPrincipalName <UPN> | Select-Object -ExpandProperty Licenses | Select-Object -ExpandProperty ServiceStatus

ユーザーのライセンス保持状況を確認するには、[Office 365 管理センター] - [アクティブなユーザー] にて csv ファイルをエクスポートする方法も有効です。
 
--------------------------------------------------------------------------------------------

参考情報

--------------------------------------------------------------------------------------------
Office 365 PowerShell を使用してライセンスをユーザー アカウントに割り当てる
https://technet.microsoft.com/ja-jp/library/dn771770.aspx

Office 365 PowerShell を使ったサービスへのアクセスを無効にする
https://technet.microsoft.com/ja-jp/library/dn771769.aspx

Windows PowerShell コマンドでの新規ユーザー一括作成手順 (ライセンス付与、パスワード同時設定)
https://answers.microsoft.com/ja-jp/msoffice/forum/msoffice_o365admin-mso_manage/windows-powershell/b0dbbafd-ec0d-401f-9d88-b6b4fc72f6f6

今後も Office 365 サービスに関する有益な情報を発信してまいりますので、弊社サポート ブログをよろしくお願いいたします。

This weeks great post by our US Senior PFE Susan Van Eyck talks about the wonders of filtered indexes!

Check it out!

Today’s Byte is about the advantages and annoyances of filtered indexes.  We’ll talk about

• What they are
• Where (and why) they’re useful
• How to create one
• How to convince the optimizer to use them

What is a filtered index?

“A filtered index is an optimized nonclustered index especially suited to cover queries that select from a well-defined subset of data. It uses a filter predicate to index a portion of rows in the table. A well-designed filtered index can improve query performance as well as reduce index maintenance and storage costs compared with full-table indexes.”

It achieves these wonderful feats mostly by being smaller than a non-filtered nonclustered index which must include one row for every row in its parent table – even when the indexed column(s) is NULL.  Remember – smaller is faster!

The other big benefit of filtered indexes is filtered stats which might get you better query plans.  Since the stats for a filtered index are built against only the data in the index they can be more accurate (granular) than stats built against an entire table’s data.

When might you want to use one?

• When indexing a column with a lot of NULL values.  Here’s an example from AdventureWorks:

[sql]CREATE INDEX ix_MiddleName ON Person.Person ( MiddleName );

CREATE INDEX ix_MiddleName_NotNULL ON Person.Person ( MiddleName )

WHERE MiddleName IS NOT NULL;[/sql]

The filtered index is 32% smaller than the one with all the NULLs.

• When you want to facilitate access to subsets of data:

[sql]CREATE INDEX ix_OnlineOrderFlag ON Sales.SalesOrderHeader ( OnlineOrderFlag );

CREATE INDEX ix_OnlineOrderFlag_0 ON Sales.SalesOrderHeader ( OnlineOrderFlag )

WHERE OnlineOrderFlag = 0;[/sql]

Again, the filtered index is much smaller.

• Of course, useful indexes are seldom defined against a single column.  Perhaps you need to “cover” different sets of columns depending on which Status you’re querying for:

[sql]CREATE INDEX ix_Status_A ON dbo.Products ( Col1, Co2 ) INCLUDE ( Col4, Col7, Col8 ) WHERE Status = 'A';

CREATE INDEX ix_Status_F ON dbo.Products ( Col1, Co2 ) INCLUDE ( Col7, Col9, Col13 ) WHERE Status = 'F';

CREATE INDEX ix_Status_X ON dbo.Products ( Col2 ) ( Col3, Col9, Col12 ) WHERE Status = 'X';[/sql]

• You might also want to filter on various date ranges, but know that this is a bit trickier to implement since you can’t do something like the highlighted code:

[sql]CREATE INDEX ix_PONumber_DueDate ON Sales.SalesOrderHeader (PurchaseOrderNumber)

INCLUDE ( DueDate, TotalDue )

WHERE Status = 4 AND DueDate > DATEADD(DAY, -5, SYSDATETIME());[/sql]

Instead, you’d have to create the index using a literal (deterministic) date:

[sql]CREATE INDEX ix_PONumber_DueDate ON Sales.SalesOrderHeader (PurchaseOrderNumber)

INCLUDE ( DueDate, TotalDue )

WHERE Status = 4 AND DueDate > '20180101';[/sql]

Creating an index with a somewhat larger date range can still result in an index that’s significantly smaller its parent table.  You can get more specific when you run the queries that will use the index.  Having a somewhat broader range allows you to update the index less frequently as your target date range moves.  You might also create multiple different filtered indexes having differing date ranges on a single table.

So, how do you create one?

CREATE INDEX (T-SQL)

Create Filtered Indexes

It’s pretty straightforward, you just tack a WHERE clause onto your CREATE INDEX statement as in the examples above.  The expressions can only use the simple comparison operators ( =, >, <>, etc.)  and a handful of other constructs (IN, IS NULL, IS NOT NULL).  Here are a few more examples:

[sql]WHERE StartDate > '20000101' AND EndDate <= '20000630'

WHERE ComponentID IN (533, 324, 753)

WHERE StartDate IN ('20000404', '20000905') AND EndDate IS NOT NULL[/sql]

Note that the data from the columns in the WHERE clause isn’t stored in the index.  If you need those values, use the column in the key or included column list.

Here are a few additional limitations…

• You can’t create a filtered index against a view (although a view can leverage filtered index defined on a table)
• Errors will occur if column data is implicitly or explicitly converted
• You cannot reference a computed column, a UDT column, a spatial or hierarchyID data type column
• Filtered indexes do not apply to XML indexes and full-text indexes

Why won’t the Optimizer use my filtered index?

In a word – parameterization – and it actually makes a lot of sense when you think about it in terms of query plan reuse (see this great blog post from Bart Duncan).

Queries are parameterized to allow reuse of cached plans.  This is generally good for performance – barring the occasional case of parameter sniffing.  Consider the following queries:

[sql]SELECT * FROM Person.Person WHERE LastName = N'Anderson';

SELECT * FROM Person.Person WHERE LastName = N'Baker';

SELECT * FROM Person.Person WHERE LastName = N'anderson';[/sql]

To the Optimizer they’re all different queries.  We’ve got 2 different last names and a difference in capitalization.  Plans for all 3 queries will be separately compiled and cached, and we don’t get to leverage plan reuse.

If, instead, that literal last name value was cached as a parameter, it would remove the variability and allow plan reuse - for any value of the parameter.  We can achieve this using a stored proc:

[sql]CREATE PROC getPersonData ( @LastName VARCHAR(50) )

AS

SELECT * FROM Person.Person WHERE LastName = @LastName;

GO[/sql]

Or let SQL help us out with auto-parameterization - SIMPLE or FORCED.  Simple auto-parameterizes simple T-SQL (like the queries above) and Forced parameterizes all queries.  Which is in use when set using ALTER DATABASE.  Simple is the default setting.  When auto-parameterization is in use you’ll see something like this in an Actual Query Plan:

[sql]SELECT * FROM Person.Person WHERE LastName = <b>@1</b>;[/sql]

So, now we’ve got a plan cached for reuse – good for any parameter value.  All’s well, right??  Wrong.  This is where we butt heads with the Optimizer over use of our filtered index.

If a plan were to be cached using a filtered index for, say purchase orders from 2017, that plan is useless if someone later submits a query for data from 2016 or 2018 – date ranges not covered by our filtered index.  So, the optimizer simply doesn’t use it.  The Optimizer needs to cache a plan that’s good for a wide range of parameters – not just 2017 values.

Coercing the Optimizer to do our bidding

Here are a few workarounds to you can try to encourage the Optimizer to use your filtered indexes:

• Add literal values that align with your filtered index.  These will have to updated periodically if you modify your filtered indexes – say to follow a date range.
• Query a view that’s based on literal values that align with your filtered index then query the view instead of the base table.   You can update the view periodically to cover a new date range that also aligns with a filtered index.
• Use a RECOMPILE hint – this prevents the plan from being cached, reuse isn’t an issue, so the Optimizer is OK with using the filtered index.

In the attached script we’ll create a filtered index then look where it’s used (or not) and explore the workarounds listed above.

Happy Exploring!

皆さまこんにちは。新元号への対応についてのアップデートをお伝えいたします。
新元号の発表時期等についてメディアでも取り上げられる機会が増え、皆さまから頂戴するお問い合わせも徐々に増えてまいりました。
私たちでは、政府とも連携を行いながら準備を進めており、引き続き新しい情報がございましたらこの Blog でお伝えしていく予定です。

● 新元号への対応レベルにつきまして

弊社製品の新元号への対応レベルとしては、大きく下記の 3 点があります。個々の製品やサービス、バージョンによって必要な対応レベルが異なるため、弊社ではどのような対応が必要か精査を急ピッチで実施しています。

- 日付フォーマットの変換
"日付フォーマットの変換" とは、主に西暦 ⇔ 和暦の変換処理を指します。
西暦 2019 年 5 月 1 日以降の日付は平成ではなく、新しい和暦に変換される必要があります。
Win32 や ATL / COM、.NET Framework に含まれる API、オブジェクトやメソッドによる日付フォーマットの変換が主となります。
この対応は 2019 年 4 月末までに完了できればよいというものではなく、新元号での変換が業務で必要となるまでに完了しなければならない点に注意してください。

- 合字への対応
"合字" は耳慣れない言葉ですが、「㍿」や「℡」のように 2 つ以上の文字を 1 文字で表現する記号を指します。
明治以降の元号は、Unicode 上に以下のような合字が存在しています。

㍻ (U+337B)
㍼ (U+337C)
㍽ (U+337D)
㍾ (U+337E)

弊社によるこれまでの調査では、和暦の表示等に合字を使用しているケースが相当数存在し、このようなシステムでは新元号に対しても同様に合字への対応が必要と考えられます。
新たな合字の作成には Unicode コンソーシアムでの文字の標準化作業を含み、そのスケジュールは標準化作業の進捗に大きく影響されます。また、「㍾」、「㍽」、「㍼」はシフト JIS (CP932) へのマッピングを行っておりますが、「㍻」についてはマッピングを行っていないことから、新元号についても同様に実施されない見込みです。
本 Blog で以前お伝えしております通り、新しい合字を正しく表示するには上記のような符号位置の決定とともにフォントの対応も必要不可欠です。

- 正規化

"正規化" とは、先にお話しいたしました合字と関連の深い対応になります。
例えば、"平成" と "㍻" を同様に扱う処理などがこの影響を受けます。検索キーワードとして元号が指定された際、合字を含むドキュメントを検索できる必要があり、このような処理ができるよう対応する必要があります。

● 弊社製品での今後の対応につきまして

弊社では新元号に対応する製品やそのバージョン、および更新の実施方法について検討を進めており、2018 年 6 月を目標に確定し公開できる予定です。

また、Windows 10 の次期機能アップデートにおいて、アプリケーション開発者様向けに日付フォーマット変換の開発や検証を目的とした API レベルの仮対応を実施する予定です。具体的な内容については、リリース時までの公開を予定しております。

加えて、4 月下旬にはパートナー様、開発者様向けの説明会を実施いたします。また、
Shift-JIS 対応に関するお問い合わせも複数頂戴しており、日程や詳細につきましては、別途ご案内いたします。

引き続き、新元号についての新しい情報は本 Blog にてお伝えしていきます。

Welcome to the March 25 - 31, 2018 edition of the Office 365 Weekly Digest.

Last week there were ten updates to the Office 365 Roadmap, including several for Outlook and SharePoint, as well as a new Office 365 Assistant chatbot that will be available for FastTrack customers.

A reminder that the Azure Active Directory webinars for April are now open for registration. The online customer immersion experiences continue to fill up quickly, due to limited capacity for each session.

Highlights from last week's blogs include the much-awaited rollout of retention policies in Microsoft Teams, additional details on the new SharePoint Admin Center, and a review of new Office 365 updates and features in March. Information on new SharePoint Online web parts, specifically the Yammer web part, is also provided.

Noteworthy item highlights include the Q & A summary document from the recent SharePoint hub sites AMA, March 2018 updates for Outlook for Windows and iOS, and on-demand viewing of the recent Business Applications Virtual Spring Launch event.

OFFICE 365 ROADMAP

Below are the items added to the Office 365 Roadmap last week:

UPCOMING EVENTS

Azure Active Directory Webinars for April

When: Multiple sessions currently scheduled from April 3 - 25, 2018 | Are you looking to deploy Azure Active Directory quickly and easily? We are offering free webinars on key Azure Active Directory deployment topics to help you get up and running. Sessions include Getting Ready for Azure AD, Managing Partner and Vendor Access Using Azure B2B Collaboration, Introduction to Azure AD B2C, Choosing the Right Authentication Method for Azure AD, and more. Each 1-hour webinar is designed to support IT Pros in quickly rolling out Azure Active Directory features to their organization. All webinars are free of cost and will include an anonymous Q&A session with our Engineering Team. So, come with your questions! Capacity is limited. Sign up for one or all of the sessions today!  Note: There are also some sessions available on-demand.

Productivity Hacks to Save Time & Simplify Workflows

When: Wednesday, April 4, 2018 and Wednesday, April 11, 2018 at 1pm ET | This 90-minute hands-on experience will give you the opportunity to test drive Windows 10, Office 365 and Dynamics 365. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Discover how you can keep your information more secure without inhibiting your workflow, (2) Learn how to visualize and analyze complex data, quickly zeroing in on the insights you need, (3) See how multiple team members can access, edit and review documents simultaneously, and (4) Gain skills that will save you time and simplify your workflow immediately. Each session is limited to 12 participants, reserve your seat now.

Transforming your business to meet the changing market and needs of your customers

When: Thursday, April 5, 2018 at 12pm and 3pm ET | This 2-hour hands-on experience will give you the opportunity to test drive Windows 10, Office 365 and Dynamics 365. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Use digital intelligence to build personalized experiences across all customer touchpoints, (2) Improve customer service through a single, unified experience that delivers end-to-end service across every channel, (3) Increase customer satisfaction with intelligent scheduling, native mobile support, and remote asset monitoring to help you get the job done right the first time, and (4) Run your project-based business more productively by bringing people, processes, and automation technology together through a unified experience. Each session is limited to 12 participants, reserve your seat now.

Connecting, Organizing & Collaborating with Your Team

When: Tuesday, April 24, 2018 at 12pm ET | During this session, you will have the opportunity to experience Windows 10, Office 365 and Microsoft's newest collaboration tool: Microsoft Teams. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will explore how to use Microsoft Teams and Office 365 to: (1) Create a hub for team work that works together with your other Office 365 apps, (2) Build customized options for each team, (3) Keep everyone on your team engaged, (4) Coauthor and share content quickly, and (5) Gain skills that will save you time and simplify your workflow immediately. Each session is limited to 12 participants, reserve your seat now.

Hands-on with security in a cloud-first, mobile-first world

When: Thursday, April 26, 2018 at 3pm ET | This 2-hour hands-on session will give you the opportunity to try Microsoft technology that secures your digital transformation with a comprehensive platform, unique intelligence, and partnerships. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Detect and protect against external threats by monitoring, reporting and analyzing activity to react promptly to provide organization security, (2) Protect your information and reduce the risk of data loss, (3) Provide peace of mind with controls and visibility for industry-verified conformity with global standards in compliance, (4) Protect your users and their accounts, and (5) Support your organization with enhanced privacy and compliance to meet the General Data Protection Regulation. Each session is limited to 12 participants, reserve your seat now.

BLOG ROUNDUP

Retention policies for Microsoft Teams

We're proud to announce that we are starting the roll out of retention policies for Microsoft Teams. The roll out is expected to complete within the next few weeks. With this launch, Teams admins can use the Office 365 security and compliance center to set retention policies for Teams and decide proactively whether to retain content or delete content – for the entire organization, specific locations or user or specific teams. This is a key milestone in our efforts to provide IT admins with even more security and compliance functionality in Teams and part of our roadmap to bring the Skype for Business Online capabilities into Teams. We are currently working on releasing eDiscovery for calls and meetings in Teams soon. The next big ticket item on the roadmap would be Data Loss Prevention (DLP) for conversations and files. At the same time, we are also focused on addressing customer feedback on existing key features like eDiscovery of Teams data, Teams audit logs, etc. | Related: New apps in Microsoft Teams - March 2018 Update

New in March–rich data types, intelligent search, and expanded datacenters

This month, we rolled out updates to Office 365 that include the following: (1) new data types in Excel, (2) hub sites, intelligent search and new web parts in SharePoint, (3) the expansion of the Microsoft Cloud with datacenters in new geographies, and (4) general availability of Microsoft 365 for U.S. Government.

Coming soon to the new SharePoint Admin Center

In May 2017 we unveiled our plans to simplify SharePoint administration through delivering an administrative experience that's intuitive, intelligent, and simple. Since then we've made available the new admin experience as Preview for customers who have enabled Targeted Release at the Tenant level. In the next several weeks in our preview we'll be introducing new updates on our journey to deliver an administrative console designed to help IT achieve more, so their users can achieve more. Some of these updates include improvements to site management, custom views, search improvements, and improved email layout. These updates will begin rolling out to Targeted Release in 4 – 8 weeks.

Content and communities: Showcase both in your social intranet

Whether your goal is organization wide engagement or an introduction to a community of interest, adding the power of conversation into your intranet site makes it easy to showcase questions, comments and discussions. We're delighted to announce that the new Yammer web part for SharePoint has moved from targeted release to being generally available, providing an interactive experience on your sites, pages and news. The new web part is a first step into tighter integration in communities, particularly in scenarios where you want broad engagement across your organization. For example, in the leadership connection scenario, where a leader in the organization wants to have a deeper connection with employees but needs to do that at scale. In this case, you have both an intranet site that has rich content assets, documents, news, articles, videos from Stream, highlighted content that is dynamic, even Power BI dashboards. Check out the latest web parts you can easily add to make your content really shine. In addition, you now add conversations from rich, vibrant community in Yammer. | Related: Video: Embed your Yammer conversations in SharePoint sites & pages

Schooling A Sea of Phish Part 2: Enhanced Anti-spoofing technology in Office 365

A few weeks ago, we released new enhanced Anti-impersonation capabilities for Office 365 Advanced Threat Protection (ATP). We're excited to announce Office ATP's enhanced anti-spoofing capability for protecting against spoofed emails from external domains. We believe this new capability will help lead the industry in further securing email. The new feature raises the required level of authentication checks for emails sent into Office 365, helping ensure greater protection for customers. The newest anti-spoof features help protect organizations from external domain spoof. Office 365 honors emails from external domains having proper SPF, DMARC, and DKIM authentication settings enabling them to pass authentication, and junks messages that fail this authentication. The challenge occurs when external domains do not have these settings properly configured.

NOTEWORTHY

Summary: SharePoint Hub Sites Ask Microsoft Anything - March 23, 2018

The Q & A summary document from the SharePoint Hub Sites AMA (Ask Microsoft Anything) session on March 23, 2018 is now available.

Watch the Business Applications spring launch event on-demand

Format: Video (94 mins) | Get a first-hand look at the Spring 2018 Business Applications update to see how modern, intelligent technologies can transform your operations, improve engagement with your customers, and help move your business forward. We provided a look at many of the new capabilities across Dynamics 365, Power BI, and the Business Application Platform and will showcase how these technologies can help drive your digital transformation.

Office 365 for Windows Desktop - March 2018 Release details

On March 27th, 2018, Microsoft released Office for Windows Desktop version 1803 (Build 9126.2116). Our Office International team translated this update into 44 languages. We also developed the updated Translator feature that now appears in Excel and PowerPoint. The Translator functionality has been given a complete overhaul. It now supports 61 languages. Its performance is much improved. The translation quality it produces is the best it has ever been, and it will continue to improve over time. For more information on this release please have a look at the What's New in Office 365 for Windows Desktop section.

Office for Android - March 2018 Release details

On March 15th, 2018, Microsoft released an updated version of Office for Android (Excel, PowerPoint & Word) build 16.0.9126.2069 in 68 languages. Some of the new features available for the first time to Office365 subscribers using Office for Android on their tablet or phone include quickly finding documents stored in frequently used sites and groups in the Open menu across Word, Excel and PowerPoint. For more information please have a look at the What's New for Office 365 Android section.

Your favorite email folders and groups now in Outlook for iOS

With favorite folders or Office 365 Groups, Outlook for iOS helps keep what's most important to you close at hand. Now you can add, remove and reorder favorites right from your mobile device. And whether you manage your favorites groups and folders from Outlook for iOS, Outlook for Windows on your PC -- or even tag a folder as a favorite in Outlook on the Web -- we sync your favorite items across your most used Outlook experiences. Expect to see this update was we roll it out in Outlook for iOS in the coming weeks.

Office 365 Attack Simulator and Mitigating Common Attacks (Part 1)

When it comes to security your best line of defense is one that is reactive versus one that is proactive; however, how do you know how you'll respond to a security incident if one hasn't yet to occur…that's where Attack Simulator in Office 365 shines, it's what sets the security solutions we provide apart from other cloud services. Attack Simulator is designed to put you ahead of curve and keep you in front of the proverbial 8 ball. With Attack Simulator you can run realistic attack scenarios in your organization. This can help you identify and find vulnerable users before a real attack impacts your bottom line. In brief, Attack Simulator as a component of Office 365 Security and Compliance is designed to help you identify issues before they become an issue. It allows you to determine how end users behave in the event of an attack, and update policies to ensure that appropriate security tools are in place to protect your organization from threats.

Estáis leyendo mi primer artículo en este blog ¡Bienvenidos seáis! Mi nombre es Marta y formo parte del Soporte Comunicaciones Unificadas Premier de Microsoft desde agosto del 2015. Como esto es un comienzo para mi, en esta primera entrada me gustaría hablaros de otro comienzo más: La transición de Skype for Business Online a Microsoft Teams.

Teams está en crecimiento, adquiriendo nuevas características y funcionaliddes mes a mes. Podéis consultar el estado de las actualizaciones en el Roadmap de Office 365 (EN)

¿Qué es Microsoft Teams?

Destacar la cultura de integración y la productividad entre grupos de trabajo que Teams nos ofrece. Podríamos definir Teams como el resultado de la integración de las características de varias aplicaciones de Office 365. Un espacio de trabajo donde un grupo puede iniciar reuniones de audio y/o vídeo, compartir o trabajar en documentos de Office, chatear e incluso enviar pegatinas y memes.

Mejoras respecto a Skype for Business.

Gracias a la integración de la que surge Teams, son muchas las mejoras que podemos mencionar respecto a Skype for Business (Mayor facilidad para compartir información y archivos, posibilidad de trabajar en documentos de Office de manera simultanea, consulta de información, mejor gestión de los grupos, posibilidad de integrar aplicaciones de terceros, bots, etc..)

La experiencia de reuniones también ha sido mejorada haciendo que ahora se pueda conocer, con un simple vistazo, los asistentes confirmados, organizadores, sala, hora, día y la posibilidad de cancelar la reunión.

Buenas prácticas.

La eficiencia de Microsoft Teams se verá incrementada con un buen uso de la misma. Es importante entender como queremos usar la herramienta y que queremos conseguir de ella. Esto nos ayudará a saber que canales debemos crear y que gente debemos añadir a cada uno para mejorar la eficiencia de las comunicaciones y evitar duplicidades.

Organizar los canales por un nombre claro y único. Puede sonar muy básico pero suele ser el talón de Aquiles a la larga. Una estructura desordenada generará que nuestros usuarios no sepan donde encontrar la información o que la encontremos en varios sitios distintos a la vez, creando la posibilidad de que los hilos crezcan con conversaciones y resoluciones distintas.

Es muy importante que cuando empecemos a trabajar con Teams tengamos clara la estructura interna de nuestra empresa y su forma de trabajar, sus proyectos y como puede crecer. De esta forma, cuando en un futuro tengamos que añadir más grupos – o canales dentro de los mismos – lo haremos asegurándonos de no haber duplicidades.

Uso de las @menciones pero no abuses. Las menciones son una manera muy útil de captar la atención de ese usuario, o grupo de usuarios, que necesitamos en un determinado momento. Como todo, hay que ser responsable con su uso, ya que el abuso de las menciones grupales o de usuarios podría generar el efecto contrario al deseado haciendo que aquellos a quien queremos reclamar atención empiecen a ignorar las notificaciones de Teams.

Organiza las pestañas y los documentos de una manera sencilla. Al igual que con la creación de grupos y canales, debemos tener mucho cuidado con como organizamos la documentación para evitar duplicados y elementos descatalogados. La información siempre debe estar organizada de la forma más sencilla y amigable para los usuarios finales. Usa nombres amigables y crea diferentes niveles con subcarpetas.

User Voice: Solicita y proporciona feedback. Microsoft Teams es una herramienta muy joven que le queda camino por recorrer y, por supuesto, cosas que mejorar. En la página Microsoft Teams User Voice podrás solicitar mejoras, cambios o nuevas características. Estas páginas son revisadas por ingenieros que estudian y analizan cada solicitud y, con un sistema público de votos se pueden impulsar nuevas ideas para su estudio.

Un ejemplo es la solicitud de un cliente de Teams para sistemas Linux. Como podéis ver aquí la petición ha sido votada por casi 2800 personas y Grupo de Producto la mantiene en backlog para ser desarrollada en un futuro.

Optimiza tu entorno actual de Skype for Business para funcionar con Microsoft Teams.

Antes de empezar la transición de Skype for Business a Teams es importante asegurarnos de que la calidad de la red es adecuada para el cambio. De esta manera nos evitaremos muchos problemas en el futuro. También es importante conocer las dependencias del entorno. Teams combina múltiples servicios de Office 365, por lo que depende de que estos estén instalados. Por ejemplo, si no tienes pensado implementar SharePoint Online tienes que tener en cuenta que la compartición de archivos en los grupos no funcionará.

Antes de nada, crea un piloto.

Crea un piloto de Teams para poder estudiar cual será el desarrollo cuando llegue el momento. Para ello, redacta la logística que seguirá, quienes serán sus participantes y diseña un plan de pruebas y feedback para su mejora.

Una vez esas bases estén implementadas juega con el entorno, publica publicaciones, anima a los usuarios involucrados a participar lo más posible y estudia los resultados para preparar el plan de acción para la sustitución de Skype for Business por Teams.

Arranca el proyecto: Coexistencia de Teams con Skype for Business.

Opción 1 – Coexistencia total con Skype For Business hasta su degradación. Con esta opción le daremos a los usuarios la posibilidad de que las dos herramientas convivan durante un periodo de tiempo hasta que finalmente Skype for Business se elimine y únicamente quede Teams.

Opción 2 – Evolución gradual desde Skype for Business a Teams. De las dos opciones esta es la mas recomendable. En este caso iremos introduciendo características de Teams a la par que degradamos sus homólogas en Skype for Business para que los usuarios, de una forma menos agresiva, se vayan familiarizando con la nueva herramienta.

Hasta aquí llega la pequeña introducción de como es el camino del cambio de Skype for Business a Teams. Si tenéis cualquier pregunta no dudéis en publicar un comentario.

Nuevas características añadidas en Teams durante el mes de Marzo.

Nueva pestaña para gestionar tareas y proyectos.

Ya se puede integrar MeisterTask con Teams. Para poder añadirlo como pestaña a uno de nuestros grupos podéis hacer clic aquí o ir a la Store  > Top picks.

Nuevos idiomas soportados.

Teams ahora soporta Rumano, Indonesio y Vietnamita.

Más canales por equipo.

Se puede crear hasta 200 canales por equipo (incluyendo los canales borrados)

Acceso a invitados.

El acceso a invitados se ha extendido a todo aquel que tenga una dirección electrónica válida. Desde ahora, cualquiera con correos como Outlook o GMail pueden ser añadidos a los equipos.

Esta es una de las características mas deseadas, que por fin es una realidad en Teams.

Mejora en las notificaciones de llamada.

Si ya ves el símbolo Llamadas en la parte izquierda de Teams, empezarás a ver las notificaciones de llamadas perdidas y nuevos mensajes de voz. Selecciona la notificación de llamada perdida y ve a la pestaña de “Historial de Llamadas” para poder devolverla. Haciendo clic en la pestaña de “Voicemail” podrás escuchar los mensajes.

Si todavía no ves el símbolo Llamadas y clicas en una notificación de llamada perdida te llevará directamente a un chat con el llamante, sin poder pudiendo iniciar desde allí una conversación o devolver la llamada.

Cada semana Microsoft Teams va sacando nuevas funcionalidades. Aquí os dejo en el resumen de las que han aparecido en este pasado mes de febrero.

Restaurar un canal borrado.

Esta es una posibilidad que se venía pidiendo desde hace mucho tiempo y por fin está implementada. Desde ahora ya puedes restaurar Teams Channels desde la interfaz. Eso si, no se pueden restaurar canales que hayan sido borrados en un periodo superior a 21 días.

Localización de los datos de Teams desde el Centro de Administración de Office 365.

Ya puedes conocer donde están lubicados tus datos de Teams desde el Panel de Administración.

Acceso anónimo a reuniones.

Permite enviar una invitación de reunión a cualquier persona con un correo válido (Outlook, Gmail.. ) Esta persona recibirá un correo con las instrucciones para unirse a la reunión sin la necesidad de  descargarse el cliente, A no ser que necesiten hacer uso de otras características, como compartir escritorio.

Sala de espera en reuniones donde hay participantes de nuestra empresa.

Los participantes anónimos ahora tienen una sala de espera virtual donde esperar a que la reunión empiece. De esta forma, los organizadores podrán unir a los invitados externos cuando lo deseen.

Iniciar una llamada de Teams desde un enlace.

Ya se puede inciar una llamada de Teams cuando haces click en un link (En una página web, por ejemplo)

Compartir el Historial de Conversación.

Ahora, cuando añades a alguien en un grupo chat, también puedes añadir el historial de conversación. En el momento de añadir un nuevo usuario aparecerán las opciones para poder añadir, o no, el historial.

Silenciar un chat.

Esta característica permite poner en pausa las notificaciones, de manera temporal, para un chat en particular. Seguirás recibiendo mensajes, pero no te aparecerán las alertas. Funciona tanto en conversaciones individuales, grupos y reuniones.

Respuesta rápida a las notificaciones de una conversación.

Ya se puede responder directamente a los mensajes en la misma ventana de notificación.

Novedades en Microsoft Teams en dispositivos Móviles.

Plataforma	Característica	Descripción
Android, iOS	Ocultar chat	Oculta antiguas conversaciones para ordenar la lista de chats. Puedes encontrarlos de nuevo usando la búsqueda.
Android, iOS	Desactivar chat	Silenciar temporalmente conversaciones que no estás siguiendo ahora mismo.
Android, iOS	@mention de chat	Captar la atención de alguien, o de todos los usuarios, con una @mencion en las conversaciones de grupo
Android, iOS	Wiki	Wiki está ahora disponible en teléfono móvil.
Android, iOS, WP	Solución de errores y mejoras generales de rendimiento	Nuevas correcciones  y añadiendo mejoras de rendimiento.

Here is an update to a previous post with the same name.

https://gallery.technet.microsoft.com/lync/Skype-for-Business-and-aa1c8daa

Many thanks to Luca Vitali for his update. (https://lucavitali.wordpress.com)

Listed below are some great Microsoft Teams resources. I know this one is short, but I wanted to get this information out to you - my ever faithful blogees….

http://aka.ms/skypeandteams

https://products.office.com/en-US/business/office-365-roadmap

http://aka.ms/successwithteams

Have a great day!

Scott

Yesterday I tweeted about me being able to access my Docker for Windows Kubernetes Cluster from Debian WSL without exposing the Docker Daemon with TLS and I got quite some responses.

W00t! I'm able to access my #Docker for Windows #Kubernetes Cluster from #Debian WSL without exposing the #Docker Daemon with TLS. Anyone interested to know how I did this? pic.twitter.com/Dgu3a6aWrO

— Stefan Stranger (@sstranger) April 1, 2018

It seems that there are quite some people interested in me sharing how I was able to do this.

Background information

Let me start with some background information about why I wanted to manage my Docker for Windows Client Kubernetes cluster from (Debian) WSL. Last week I visited an Azure Meetup in Amsterdam where Erik St. Martin talked about Azure Containers.

One of the tools he talked about was Helm. Helm is a package manager for Kubernetes.

Helm

Helm helps you manage Kubernetes applications — Helm Charts helps you define, install, and upgrade even the most complex Kubernetes application.
Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste madness.

I wanted to play around with Helm on my Docker for Windows Kubernetes Cluster. Please read my earlier blog post called "Running Kubernetes Cluster in Docker for Windows" to learn more on how to get this running on your Windows 10 machine.

There are different version of Helm:

• OSX
• Linux
• Linux 32-bit
• Windows

I tried to install the Windows version of Helm but was not able to get this working. Then I thought I would try to manage my Docker for Windows Kubernetes cluster from (Debian) WSL.

We just released the Debian GNU/Linux for WSL. More information can be found at the following "Debian GNU/Linux for WSL now available in the Windows Store" blog post.

While investigating how I could connect from Debian WSL to my Docker for Windows Kubernetes cluster I stumbled on the following blog post "[Cross Post] WSL Interoperability with Docker" from Craig Wilhite.

By default the Docker Client for Windows offers a configuration to expose the Docker Daemon.

If you enable this configuration you do expose your system to potential attack vectors for malicious code.

And that's where the tool npiperelay can help. This is a tool built by John Starks.

WSL Interoperability with Docker

Please following the steps to install npiperelay, socat, docker client on the blog post from Craig Wilhite.

High-Level I run the following steps:

1. Install npiperelay in Debian WSL
   • Install Aptitude on Debian WSL

     Aptitude is an Ncurses based FrontEnd to Apt, the debian package manager.

     sudo apt-get install aptitude

   • Install Go

     #Make sure we have the latest package lists
     sudo apt-get update

     #Download Go. You should change the version if there's a newer one. Check at: https://golang.org/dl/

     sudo wget https://storage.googleapis.com/golang/go1.10.1.linux-amd64.tar.gz

     #unzip Go

     sudo tar -C /usr/local -xzf go1.10.1.linux-amd64.tar.gz
     #Put it in the path

     export PATH=$PATH:/usr/local/go/bin

   • Build the relay (see the blog post from Craigh Wilhite)
2. Install socat

   sudo aptitiude install socat

3. Install Docker CE for Debian (https://docs.docker.com/install/linux/docker-ce/debian/#install-docker-ce-1)

   sudo aptitude install docker-ce

4. Stitch everything together.

   See blog post Craigh Wilhite.

5. Install kubectl (https://kubernetes.io/docs/tasks/tools/install-kubectl/)
6. Configure kubectl configuration.

   Copy Docker for Windows Kubernetes kube config files to Debian WSL kube configuration folder

   cp -R /mnt/c/Users/[username]/.kube/ ~/

   This will copy the kubernetes cluster configuration created by the Docker for Windows client to the Debian WSL user.

7. Install Helm on Debian WSL
   curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash

You should now be able to access your Docker for Windows Kubernetes cluster from Debian WSL.

#start relay
sudo ~/docker-relay &
#test docker client
docker version
#test access to the Kubernetes cluster
kubectl version
kubectl cluster-info
kubectl get nodes --all-namespaces
kubectl get pods --all-namespaces
#test Helm
helm version
helm list

Have fun!

References:

• Helm
• Running Kubernetes Cluster in Docker for Windows
• Debian GNU/Linux for WSL now available in the Windows Store
• [Cross Post] WSL Interoperability with Docker
• Github npiperelay (allows you to access Windows named pipes from WSL)
• Socat

We’re announcing a new architecture for Exchange Server and Office 365 hybrid customers that unlocks Enterprise Mobility + Security (EMS) capabilities for Outlook for iOS and Android. With Hybrid Modern Authentication, Exchange customers can combine the power of Outlook with Azure Conditional Access and Intune App Protection Policies to securely manage corporate messaging on mobile devices.

Once Exchange customers with servers on-premises establish a hybrid configuration with the Microsoft Cloud and enable Hybrid Modern Authentication with Office 365, Outlook for iOS and Android authenticates against Azure Active Directory and synchronizes the mailbox data in Exchange Online – the Outlook mobile client never connects with the on-premises Exchange environment – unlocking the power of Office 365, Outlook for iOS and Android and Enterprise Mobility + Security (EMS).

Architected in the Microsoft Cloud, Outlook for iOS and Android is fully integrated with Azure Active Directory and Microsoft Intune. This means that organizations can enforce conditional access as well as application and device management policies while experiencing the richness of Outlook for iOS and Android.

Now Exchange Server customers with hybrid modern authentication can use the cloud-backed capabilities of Outlook such as Focused Inbox, Intelligent Search and enhanced time management to achieve more on their mobile device.

A few capabilities of EMS include:

• Selective wipe—Remove corporate email data and leave personal data intact to facilitate a “bring your own device” (BYOD) approach to phones and tablets.
• App restriction policies—Restrict actions such as cut, copy, paste and “save as” between Intune-managed apps and personal apps on a device to reduce the risk of corporate data loss. App restriction policies are available for use on both mobile device management (MDM) enrolled devices and on unmanaged devices, through Intune’s App Protection policies.
• Conditional access—Ensure that your corporate email can only be accessed on phones and tablets that meet secure access policies set by IT such as device or app management policy enforcement or Multi Factor Authentication (MFA) user scenarios. And with Azure Identity Protection capabilities of EMS, you can ensure these conditional access policies grant or deny access based on risks associated with each unique identity.

For the initial roll out, Exchange Server customers can contact their Microsoft account team, customer sales and services (CSS) or technical account managers to initiate the set up and deployment process for this enterprise mobility and security solution with Outlook for iOS and Android.

For more technical information and licensing requirements, see Using Hybrid Modern Authentication with Outlook for iOS and Android.

Ross Smith IV
Principal Program Manager
Office 365 Customer Experience

Applies to:

Windows Server 2008 R2 SP1 + KB3125574

Windows 7 SP1 + KB3125574

Windows Server 2008 R2 SP1 + KB2775511

Windows 7 SP1 + KB2775511

Windows Server 2008 R2 SP1

Windows 7 SP1

If you had installed the March 2018 security updates (KB4088878 & KB4088875) and lost network settings on Windows 7 SP1 and/or Windows Server 2008 R2 SP1.  And if you looking for a fix, here it is.

4099950 Network Interface Card settings can be replaced, or static IP address settings can be lost
https://support.microsoft.com/?id=4099950

Note:  It needs to be installed before KB4088875 and/or KB4088878 are installed.

Yong

Hello Everyone, my name is Zoheb Shaikh and I'm a Premier Field Engineer with Microsoft India. I am back again with another blog and today I'll share with you something interesting that I came across recently which caused the Certificate Authority to go down, and how I was able to isolate the issue by using Process Monitor (Procmon). (https://docs.microsoft.com/en-us/sysinternals/downloads/procmon)

Before I discuss about the issue, I would like to briefly share a bit of background on CDP & AIA extensions and their use.

I could try to explain what the AIA and CDP are and the way to configure it, but here is a short article on it and how revocation works.

https://docs.microsoft.com/en-us/windows-server/networking/core-network-guide/cncg/server-certs/configure-the-cdp-and-aia-extensions-on-ca1

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee619730(v=ws.10)

AIA and CDP extensions are very important for certificate validation.  The Authority Information Access or AIA repository host CA Certificates.  This location is "stamped" in the Authority Information Access extension of issued certificates.  A client that is validating a certificate may not have every CA certificate in the chain.  The client needs to build the entire chain to verify that the chain terminates in a self-signed certificate that is trusted (Trusted Root).

CDP extensions host the CRLs that the CA publishes.  The CRL Distribution Points extension is "stamped" in certificates.  Client use this location to download CRLs that the CA Publishes.  When a client is validating a certificate, it will build the chain to a Root CA.  If the Root CA is trusted this means the certificate is acceptable for use.  However, for applications that require revocation checking, the client must also validate that every certificate in the chain (with the exception of the Root) is not revoked.

Coming back to the customer scenario, they had a 2 Tier CA Hierarchy with an Offline Root CA and an Enterprise Subordinate CA both running 2012 R2 and an IIS server hosting the CDP/AIA extensions of Root CA (As shown in the diagram below):

Problem Symptom: When the customer was trying to enroll or issue any certificates, he was getting the following error:

Unable to renew or Enroll certificates getting the error | (The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613 CRYPT_E_REVOCATION_OFFLINE)

The first thing we did was to export a certificate in .cer format and run the command "certutil -verify -urlfetch" against the certificate. As a result, we got the error:

Error retrieving URL: A connection with the server could not be established 0x80072efd (INet: 12029 ERROR_INTERNET_CANNOT_CONNECT)

http://fabricam-ca1.corp.fabrikam.com/vd/Fabricam_Group-CA.crt

We got this error for both CDP and AIA extensions.

When we tried to manually browse these extensions in Internet Explorer, we were able to access them but from the command line (I.e. certutil -verify -urlfetch) it always failed.

ROADBLOCK!!

We ran the same command (certutil -verify -urlfetch) against public certificates and observed similar behavior. And again, we could successfully browse to their CDP & AIA extensions from Internet Explorer.

Upon further checking, we found this behavior was occurring for about 20% of the users.

We checked if there were any proxy settings in IE and found none. CAPI2 logging further confirmed that there were issues with Certificate Revocation checking for both Internal and Public CA's.

Since we were in trouble we decided to collect a Procmon log with a simultaneous network trace, while again running "certutil -verify –urlfetch."

We saw the following in PROCMON:

11:48:25.9643758 PM certutil.exe 2348 TCP Reconnect Fabricam-ca1.corp.fabricam.com: 51188->210.99.197.47:8080 SUCCESS Length: 0, seqnum: 0, connid: 0

We also saw multiple reconnects

Operation > TCP Reconnect > Path > Fabricam-ca1.corp.fabricam.com:51188 -> 210.99.197.47:8080

Under Process Path > C:Windowssystem32certutil.exe >> Command Line > certutil -verify -urlfetch subcacert1.cer

In Network Monitor (Netmon), we observed the following:

676 12:31:35 AM 6/17/2015 9.7827898 0 certutil.exe 10.10.60.47 Some Public IP TCP TCP:Flags=CE....S., SrcPort=52443, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=1424697589, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:125, IPv4:3}

815 12:31:38 AM 6/17/2015 12.7970106 0 certutil.exe 10.10.60.47 Some Public IP TCP TCP:[SynReTransmit #676]Flags=CE....S., SrcPort=52443, DstPort=HTTP Alternate(8080), PayloadLen=0, Seq=1424697589, Ack=0, Win=8192 ( Negotiating scale factor 0x8 ) = 8192 {TCP:125, IPv4:3}

So the requests from the Sub CA were not getting a response from an external IP. Further analyzing the Procmon showed us the following:

11:48:22.9158915 PM certutil.exe 2348 RegQueryValue HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternetSettingsConnections WinHttpSettings SUCCESS Type: REG_BINARY, Length: 45, Data: 28 00 00 00 00 00 00 00 03 00 00 00 19 00 00 00

11:48:22.9159009 PM certutil.exe 2348 RegQueryValue HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsConnectionsWinHttpSettings SUCCESS Type: REG_BINARY, Length: 45, Data: 28 00 00 00 00 00 00 00 03 00 00 00 19 00 00 00

11:48:22.9174322 PM certutil.exe 2348 RegQueryValue HKLMSOFTWAREMicrosoftWindowsCurrentVersionInternet SettingsConnectionsWinHttpSettings SUCCESS Type: REG_BINARY, Length: 45, Data: 28 00 00 00 00 00 00 00 03 00 00 00 19 00 00 00

We got the above for the path C:Windowssystem32certutil.exe >> Command line certutil -verify -urlfetch subcacert1.cer.

We found that they had set Proxy settings before using Group Policy preferences, which got tattooed in the registry even though it was not reflected in Internet Explorer.

Thus, we deleted the registry key HKLMSOFTWAREMicrosoftWindowsCurrentVersion Internet SettingsConnectionsWinHttpSettings and then confirmed that the revocation check worked fine for external and internal websites.

Lesson learned from this post? "WHEN IN DOUBT, USE PROCMON"

Hope this helps,

Zoheb

213 Microsoft Team blogs searched, 48 blogs have new articles. 550 new articles found searching from 01-Mar-2018 to 31-Mar-2018

BlogMS-Monthly-Report-March-2018

The email security analysis capabilities in Microsoft Office 365 are unmatched in the industry, offering subscribers the best protection available from email categories such as junk, SPAM, phishing, malicious, etc. But, from time to time a message will slip through that should have been classified as SPAM. If you are a Microsoft Managed Service Provider or a network administrator, the question becomes how do you enable your users to easily report these emails to the Office 365 analysis services?

I have written this blog to describe how you can publish an Outlook add-in (no cost) to the Outlook ribbon for users to simply highlight an email, classify it as Junk or phishing email, and then click to submit. It doesn't get any easier than this! This seems to be a hidden gem that I want to create much more awareness about to our many Microsoft partners and Office 365 administrators. Below are instructions about how to install it on a user workstation to test with, how to administratively install it across all accounts in your Office 365 tenant, as well as how to then monitor for Junk and Phishing messages that have been submitted. While the intent of this article is to describe how to install and report unwanted emails, this Outlook Add-in also enables a user to report email that may have been incorrectly classified (Not Junk).

Although this blog is focused on the Outlook Add-in for reporting SPAM, other useful Add-ins should also be considered for installation such as Translator and Weather. There are hundreds of additional add-ins available for Outlook to review and choose from that may be perfect for your organization!

Additional information about how to submit SPAM, non-spam, and phishing scam messages for analysis are available in this TechNet Link.

Install the Microsoft Junk E-Mail Reporting Add-in for Microsoft Outlook (Single Use/Testing):

Option One: Download and Install

1. Download the Add-In from this site
2. Choose the correct version to download (32-bit or 64-bit)
3. Save the download and install it using a few quick steps in the wizard

Option Two: Install from Microsoft Office Store

1. With Microsoft Outlook open, look in the ribbon bar at the top for an option called Store in the Add-ins category.

2. Click on the Store icon. In the Search add-ins area, enter report message and press enter.
3. Locate the Report Message add-in and click Add.

4. This should take only a few seconds to install. When complete, you may click on the option to Get Started for a brief tutorial in how to use it, or click X to close this area.

Using the Outlook Add-in

1. The new Report Message Add-in will now be visible in the Outlook ribbon bar to begin using no matter what method of installation you chose above.

2. Locate a SPAM message in your Inbox, highlight it, then click on the Report Message drop down option to select if it is Junk or a Phishing message.

3. After the Junk or Phishing classification is chosen, you will see the message below indicating that the email is processing.

4. Within a few seconds the email will be submitted and removed automatically from your Inbox.
5. You may receive a notice with a definition of what Phishing email is and asking you if you "want to send a copy of this message to Microsoft to help the research and improvement of email protection technologies?" Click on Report to submit.
6. To prevent the notice from appearing each time the user submits a SPAM message, the user can click the Report Message Add-in drop down option and select Options.
7. Within the Options area, the user can select to Automatically send reports that will prevent a prompt for each submission.

8. Select Save to save the changes and exit.

Deploy to all Outlook users: How to administratively deploy the Report Message Add-in to all users.

1. Logon to the Office 365 Administrator portal at portal.office.com
2. Under Admin Centers, open Exchange.

3. In the Exchange Admin Center, select Organization on the left.
4. Then, choose Add-ins.
5. In the Add-ins area, you will see several pre-defined items already listed.
6. To choose a new Add-in, click the + icon.
7. Then select to Add from the Office Store

8. In the new website that was just opened, the view is focused on only Add-ins for Outlook. In the upper right, locate the Search the Office Store area. Enter Report Message and press Enter.
   
9. The Report Message app is now displayed. Click on it to view the details.
   

10. In the details of the Add-in, select Add to include it as an Administratively assigned Add-in for your tenant users.

11. Confirm that you want to Add the Add-in by clicking Yes on the notice.
12. Once you receive the message that You've added an Add-in for Outlook, open the tab with the Exchange Admin Add-ins area displayed you were just on.
13. Select the Refresh icon (highlighted below) to verify that the Report Message add-in is now displayed.

14. You will now see that Report Message add-in is listed. But wait! It is Disabled by default. Let's correct that now so users will be able to see and begin using it.
15. In the Add-in list, double click on the Report Message area to open the detailed configuration.
16. Select the option to be Optional, enabled by default. Click Save to complete this step.
17. The list of Add-ins will now show the Report Message Add-in displayed as Enabled under the User Default column.

18. Once complete, the Report Message Add-in (or any other Add-in) may take a few hours to appear. In my test, it took about two hours for my Outlook client to show the Report Message Add-in.

Review User Reported Junk and Phishing Email

As a network administrator you always want to keep your finger on the pulse of your organization to understand just how users are utilizing the services. Now that you have enabled users to report their own junk and phishing emails, you will want to make sure they are using this option. Use the option below to access this area.

1. Logon to portal.office.com
2. Open the Security and Compliance dashboard
3. Under Threat Management (left column area), choose the Dashboard option
4. In this area, look for the section called User-Reported Messages. Click on it to see the number of messages submitted per day, who is submitting, the email subject, sender, sender IP and type of message reported (junk or phishing)

Communicate To Users About Self-Reporting

With this Add-in now enabled, be sure to communicate its existence and capabilities to your Outlook users. With a few simple steps in the instructions (and screen captures), your users will be able to report any Junk and Phishing emails they receive. The more misclassified SPAM messages submitted, the better the services become for everyone!

Summary: In this TechNet blog you have learned about the Outlook Add-in called Report Message that is a hidden gem to all Office 365 organizations. We also stepped through several options to install it as a single instance as well as for all users in the organizations. Finally.