Build your security and compliance practice by registering for an upcoming technical webinar listed below, teaching you how to keep customers safe with the latest offerings. Participate in these live, instructor-led webinars that include interactive training focused on real-world scenarios and Q&A capabilities – all at NO COST to MPN members.

Introduction to Microsoft 365 Security Fundamentals (L200)

• Upcoming Events:
  • June 5, 2018 (English) – Register now 
  • June 19, 2018 (English) – Register now
  • June 21, 2018 (Spanish) – Register now

• Key outcomes: Explore the comprehensive collection of security offerings within Microsoft 365 to help you protect, detect and respond to security attacks. In this webinar you’ll receive an overview of Microsoft 365-provided security capabilities, equipping you to provide security services for customers. Our Microsoft 365 technical experts walk you through threat protection, identity projection, and information projection and the resources available to you as a partner.

Adopting Microsoft 365 Enterprise-Level Identity Protection (L300)

• Upcoming Events:
  • June 12, 2018; English – Registration link for partners
  • June 14, 2018; English – Registration link for partners
  • July 18, 2018; English – Registration link for partners

• Key outcomes: Identity forms the control plane for all Microsoft Cloud resources and services. It is highly-critical that identity be kept protected so that unauthorized users or hackers do not gain access to enterprise controls and information resources. Within this training, you’ll learn about identity protection using Microsoft 365 and receive solution guidance for building an identity protection practice.

Find additional dates and languages available for these technical webinars as well as the full suite of services for the Security & Compliance technical journey at aka.ms/SecurityTechJourney.

Por: Trudy Norris-Grey, Directora de Gestión de Desarrollo Global de Negocios para Microsoft Corp.

Impulsar a las ciudades en todo el mundo para que sean más sustentables, prósperas e inclusivas requiere de un esfuerzo en equipo. Por eso nuestro ecosistema de socios es integral para nuestra iniciativa CityNext. Y esa es la razón de nuestra emoción, porque en Smart Cities NY, Mastercard, anuncia nuestro esfuerzo en conjunto para ayudar a las ciudades a obtener mejor información de valor en asunto de salud económica de sus comunidades y entender los impactos potenciales para su economía.

Mastercard y Microsoft juntará nuestras respectivas tecnologías de paga, datos y nube para facilitar y acelerar el que las ciudades visualicen actividades económicas y modelen escenarios para ayudarlos a tener más información al momento de tomar decisiones. Juntos, vamos a crear un cambio global que enlace los datos a través de las entidades públicas y privadas.

Londres y Chicago comenzaron a aplicar de manera piloto esta solución para modelar el impacto de los eventos planeados y no planeados. De esa manera, ellos pueden tomar decisiones basadas en los datos acerca de los mejores lugares y momentos para celebrar eventos o anticipar si un cambio climático pudiera afectar diferentes partes de la ciudad, estos son sólo un par de ejemplos.

Es emocionante pensar en todas las posibilidades sobre la manera en la que las ciudades y sus ciudadanos se beneficiarán por parte del resultado colectivo de trabajar juntos. De instancia, las ciudades podrían entender mejor que los factores contribuyen al éxito económico o a los retos de ciertos vecindarios y, en consecuencia, planes de acciones políticas.

Greetings Partners!

The Azure Friday team released a short, but powerful video that is worth 12 minutes of your time. The presenter, an Azure MVP, does an excellent job showing us all a simple methodology to follow when helping customers choose between services on IaaS, PaaS, DaaS, etc. Check out the video below. If you don't follow Azure Friday, may I suggest you add it to your list of ongoing learning resources? Lots of great stuff every week.

https://channel9.msdn.com/Shows/Azure-Friday/How-I-choose-which-services-to-use-in-Azure

Nick Johnson

Partner Technology Strategist

I have completed a number of courses via edX, an online training platform originally founded by Harvard and MIT in 2012.

The model of learning is easy, flexible and self-paced and best of all, the courses are generally all free. That said, if you wish to certify your knowledge and training you can pay for the exam and certification to provide evidence of professional development and proven skills in a certain area.

This morning I was made aware of a course providing training in the management of Microsoft Teams:

To enroll in the free edX course click below:

Enabling Teamwork with Microsoft Teams

Course Outline:

＜概要＞
顧客の動向をもっとリアルタイムに把握したい、売上の推移をもっと正確に掴みたい。そんなリアルタイムでのデータ利活用に取り組みたい、分析基盤と可視化(BI)の実装を担当される皆さまを対象に、ビッグデータの最新活用動向とともに、最新のリアルタイムデータ分析ツールであるZoomdata、そしてその活用手法を習得いただけるセミナーを開催します。

Gartnerによると、今増えているデータの85%はこれまでと異なる新しいタイプのデータであると考えられており、モバイルアプリやセンサーをはじめとしたIoTデバイスの増加に伴い、2020年には40ゼタバイトにまでのぼると予想されています。このセミナーでは、ビジネスで生まれるデータをリアルタイムに把握し、顧客との接点を活用した売上向上などの施策を始めたい方に、クラウドで試しながら始められるデータの分析・活用事例を通じて、分析基盤と可視化への取り組み方をご紹介します。

▼ アジェンダ・お申込みはこちらから

The 2018 Microsoft Ignite Florida event is fast approaching, so now is the time to secure your spot at one of the pre-day sessions. For those wanting to go deep on Windows 10 Modern Management and Mobile Device Management through Microsoft Intune, I recommend you attend the pre-day session "Modern Management for a Modern World - a technical deep dive into modern device management made easy with Microsoft Intune" This session will be delivered by technical program managers from Microsoft's Customer Acceleration Team (CAT) who work directly with large complex customers so understand many of the scenarios that you are going through. This will be a highly interactive session so bring your devices and your questions and leave with the technical knowledge to allow you to be successful. I look forward to seeing you there!!!

Modern Management for a Modern World - A technical deep dive into modern device management made easy with Microsoft Intune

Learn how to configure an end-to-end deployment of Microsoft Intune. This session will be delivered by technical Program Managers who will share real world scenarios learnt from customer deployments. In this session you will learn how to deploy, manage and secure your Windows 10, iOS, Android and OSX devices from the cloud; how to control access to you corporate resources using Azure Active Directory Conditional Access; How to implement a Data Loss Prevention strategy on these devices and secure your corporate data, and how Microsoft Graph is simplifying IT operations. This is a deep dive session and includes demos of the latest innovations. Please bring a Windows 10 and an iOS/Android device and follow the instructors as they step you through common user scenarios. Share your learnings during our Q/A session and have Microsoft Program Managers help you be successful.

We’ll be giving away a Surface Laptop to one lucky attendee, so be sure to sign-up!

Add this Pre-Day Workshop to your registration for $500. Visit the Microsoft Ignite registration website and sign in to your registration record to select your Pre-Day Workshop!

執筆者: Mark Russinovich (CTO, Microsoft Azure)

このポストは、2018 年 5 月 9 日に投稿された Azure confidential computing の翻訳です。

昨年 9 月、Azure Confidential Computing の取り組みをご紹介しました。これにより、Microsoft Azure は、お客様の使用中のデータを保護する新しいデータ セキュリティ機能を実装した初のクラウド プラットフォームとなりました。Azure チームは、Microsoft Research、Intel、Windows、開発者用ツール グループと協力し、Intel SGX や Virtualization Based Security (VBS、旧称 Virtual Secure Mode) などの Trusted Execution Environment (TEE) をクラウドで利用できるようにしました。TEE の役割は、処理中のデータを保護し、TEE 外部からアクセスできないようにすることです。今回は、Confidential Cloud (機密性に優れたクラウド) のビジョンと前回の発表以降の取り組みについて詳しくお伝えします。

今日では多くの企業がミッション クリティカルなワークロードやデータをクラウドに移行しています。このようにクラウドの採用が促進される大きな要因として、パブリック クラウドのセキュリティ上のメリットが挙げられます。International Data Corporation (IDC) が発表した 2017 年版の CloudView (英語) 調査によると、企業がクラウドへの移行を進める主な推進要因の 1 つが「セキュリティの強化」です。一方で、特に機密性の高い知的財産やデータをクラウドに移行する場合には、現在もセキュリティに対する懸念が広く阻害要因となっています。先日、Cloud Security Alliance (CSA) によって、「Treacherous 12 Threats to Cloud Computing (クラウド コンピューティングに関して懸念される 12 の脅威、英語)」レポートの最新版が公開されました。予想どおり、主要なクラウドの脅威の 1 つとしてデータ漏えいが挙げられた以外に、システムの脆弱性による漏えい、悪意のある内部関係者、共有テクノロジの脆弱性という 3 つのデータ セキュリティ上の懸念が指摘されています。

Azure Confidential Computing は、クラウドで処理中のデータを保護することを目的としています。この機能はマイクロソフトの「Confidential Cloud」のビジョンの基盤となるもので、以下のような原則に基づいています。

• 主要なデータ漏えいの脅威を軽減すること

• インフラストラクチャは制御できないものの、保管中、転送中、使用中のデータをお客様が完全に制御できること

• クラウドで実行されるコードが保護され、お客様が検証可能であること

• クラウド プラットフォームからデータやコードにアクセスできないようにすること、つまりクラウド プラットフォームをトラステッド コンピューティング ベースの外部に配置すること

現在、このテクノロジはデータ処理シナリオの一部のみに適用されていますが、成熟度の高まりと共に、クラウドとエッジの両方において、あらゆるデータ処理の新たなスタンダードになることが予想されます。

このビジョンを実現するためには、ハードウェア、ソフトウェア、サービスのすべてでイノベーションを進め、Confidential Computing をサポートする必要があります。

1. ハードウェア: この数年間、マイクロソフトはシリコン パートナーと緊密に協力して、演算処理中にアプリケーションを分離する機能を追加し、これらの機能を複数のオペレーティング システムで利用できるように取り組んできました。この緊密なパートナーシップにより、準備が整いしだい、最新の Intel Secure Enclave が提供されます。

   Azure の米国東部リージョンで、Intel SGX テクノロジを採用した最新世代の Intel Xeon プロセッサの提供が開始されます。これにより、ハードウェア ベースの新機能をクラウドで利用できるようになります。その後、オンプレミスでの一般提供を予定しています。

2. コンピューティング: Azure のコンピューティング プラットフォームを拡張し、TEE に対応したコンピューティング インスタンスをデプロイ、管理できるようにします。

   Intel SGX テクノロジを採用した最新世代の Intel Xeon プロセッサ搭載の新しい VM ファミリ (DC シリーズ) が導入されます。今回のリリースにより、クラウドで SGX 対応アプリケーションを実行し、コードやデータの機密性と整合性を保護できるようになります。

3. 開発: マイクロソフトはパートナーと緊密に協力して、ハードウェア ベースとソフトウェア ベースの両方の TEE で一貫した Windows および Linux 用の API を開発し、機密性の高いアプリケーション コードを移植できるようにします。また、機密性の高いアプリケーションの開発やテストに利用できるツールやデバッグのサポートにも取り組んでいます。

   Intel SGX SDK と新たに追加される Enclave API により、C/C++ アプリケーションの開発が可能になります。
   

4. 構成証明: コードの信頼を確立し、コードにシークレットを開示するかどうかを判断するには、TEE で実行されるコードの ID を検証する必要があります。マイクロソフトはシリコン パートナーと協力して、検証をシンプルかつ広く利用できるようにする構成証明サービスを設計、ホストします。

5. サービス/ユース ケース: 新しい安全なビジネス シナリオやユース ケースは、仮想マシンによって提供されます。マイクロソフトは社内全体で、以下のような Confidential Computing を活用したサービスや製品の開発を積極的に進めています。

1. SQL Server Always Encrypted により、データの機密性と整合性を保護
2. スケーラブルで機密性の高いブロックチェーン ネットワークを実現する Confidential Consortium Blockchain Framework により、信頼性の低い参加者間に信頼性の高い分散ネットワークを構築
3. 機密性を確保しながら複数のデータ ソースを組み合わせ、安全なマルチパーティの機械学習シナリオをサポート

6. 研究: Microsoft Research は、Azure チームやシリコン パートナーと緊密に協力して、TEE の脆弱性の特定、防止に取り組んでいます。その一例として、TEE アプリケーションを強化し、TEE 外部への直接的または間接的な情報漏えいを防止する高度な手法の研究に積極的に取り組んでいます。その研究成果は、機密性の高いコードの開発に使用できるツールやランタイムという形で公開する予定です。

Confidential Computing のプラットフォーム、ソフトウェア、ツールの使用や、開発者コミュニティへの参加をご希望のお客様は、こちらのフォーム (英語) からプレビューへの参加申請を行うことができます。「クラウド コンピューティングに関して懸念される脅威」を軽減するクラウド アプリケーションやクラウド サービスの開発にぜひご協力ください。マイクロソフトは、皆様からのフィードバックをお待ちしております。Confidential Cloud Computing の開発にご協力をお願いいたします。

function Set-AgedBlobsToTier  {
 PARAM (
       [Parameter(Mandatory = $true)] [int] $AgeInDays,
       [Parameter(Mandatory = $true)] [Microsoft.WindowsAzure.Storage.Blob.Standardblobtier] $StorageTier,
       [Parameter(Mandatory = $true)] [string]$ResourceGroupName,
       [Parameter(Mandatory = $true)] [string]$StorageAccountName
      )
     $StorageAccountName = $StorageAccountName.ToLower()

     if  (Get-AzureRmStorageAccount -ResourceGroupName $ResourceGroupName -Name $StorageAccountName -EA SilentlyContinue)  {

       $StorageAccount        = Get-AzureRmStorageAccount    -ResourceGroupName $ResourceGroupName -Name $StorageAccountName
       $StorageAccountKeys    = Get-AzureRmStorageAccountKey -ResourceGroupName $ResourceGroupName -Name $StorageAccountName
       $StorageAccountKey     = $StorageAccountKeys[0].Value
       $StorageAccountContext = New-AzureStorageContext -StorageAccountName $StorageAccountName -StorageAccountKey $StorageAccountKey
       $StorageContainers     = Get-AzureStorageContainer -Context $StorageAccountContext

       #retrieve all blobs from containers
       $Blobs = @()
       foreach($StorageContainer in $StorageContainers) {
         $Blobs += Get-AzureStorageBlob -Context $StorageAccountContext -Container $StorageContainer.Name
       }

       $RetentionDate = (Get-Date).ToUniversalTime().AddDays(-$AgeInDays)
       $ifNotModifiedSinceTime=[Microsoft.WindowsAzure.Storage.AccessCondition]::GenerateIfNotModifiedSinceCondition( $RetentionDate )

       # now apply the tier
       Foreach($Blob in $Blobs) {
         Write-Verbose -Message ('checking {0}' -f  $Blob.ICloudBlob.Uri.AbsoluteUri)
         $Blob.ICloudBlob.SetStandardBlobTier($StorageTier,$ifNotModifiedSinceTime)
       }
    }
    else {
      Write-Error -Message ('{0} was not found' -f $StorageAccountName)
    }

}

 Set-AgedBlobsToTier -AgeInDays 30 -StorageTier Cool -ResourceGroupName 'testing' -StorageAccountName 'somenamehere'  -Verbose
 

Beschreibung
Der dritte PREMCast der Agility Serie beschäftigt sich etwas tiefergehend mit den Good Practices bei der Einführung eines agilen Prozesses. Haben Sie es bereits einmal versucht und sind gescheitert? Stehen Sie kurz davor und wissen nicht so recht, wie Sie beginnen sollen? In diesem PREMCast haben Sie Gelegenheit, konkrete Fragen zur Umsetzung eines agilen Prozesses zu stellen und bekommen wertvolle Tipps rund um agile Prozesse.

Zielgruppe
Dieser PremCast richtet sich an Software Architekten und Entwickler.

Level 200
(Level Skala: 100= Strategisch/ 200= technischer Überblick/ 300=tiefe Fachkenntnisse/ 400= technisches Expertenwissen)

Anmeldung
Zur Anmeldung wenden Sie sich bitte direkt an Ihren Microsoft Technical Account Manager oder senden Sie eine Mail an peger@microsoft.com. Besuchen Sie uns auf Microsoft Premier Education. Dort erfahren Sie, an welchem Datum der Webcast stattfindet. Zudem finden Sie eine Gesamtübersicht aller Webcast und Workshops.

Beschreibung
Der zweite PREMCast der Agility Serie erläutert weitere Vertreter der agilen Bewegung wie Lean, Kanban oder eXtreme Programming. Wir gehen näher auf die Bedeutung der verschiedenen Vorgehensweisen ein und erklären Zusammenhänge. Und falls Ihnen andere Namen wie SaFE oder Evidence-based Management begegnet sind, wissen Sie nach dem PREMCast auch, wo Sie diese einsortieren können. Natürlich bleibt auch Zeit, Fragen zu den einzelnen Modellen und Vorgehensweisen zu stellen.

Zielgruppe
Dieser PremCast richtet sich an Software Architekten und Entwickler.

Level 200
(Level Skala: 100= Strategisch/ 200= technischer Überblick/ 300=tiefe Fachkenntnisse/ 400= technisches Expertenwissen)

Anmeldung
Zur Anmeldung wenden Sie sich bitte direkt an Ihren Microsoft Technical Account Manager oder senden Sie eine Mail an peger@microsoft.com. Besuchen Sie uns auf Microsoft Premier Education. Dort erfahren Sie, an welchem Datum der Webcast stattfindet. Zudem finden Sie eine Gesamtübersicht aller Webcast und Workshops.

Hello All,

This was announced on Monday and I wanted to make sure you saw it as users may have questions…

Microsoft is enabling versioning on all Document Libraries in OneDrive for Business, and team sites in SharePoint Online, including both group-connected team sites and team sites not connected to an Office 365 Group. We'll be gradually rolling this out to Targeted Release customers in early June, and the roll out will be completed worldwide by the end of July.

See Office 365 Roadmap ID 30544

What is changing?

All SharePoint and OneDrive libraries will be set to retain a minimum of one hundred major versions. Existing libraries that have versioning enabled but are set to retain fewer than one hundred major versions will be updated to retain the new minimum. Libraries already set to retain one hundred or more major versions will not be affected, including those with the default setting of five hundred.

With these changes, the Document Library Settings page will no longer support the ability to disable versioning or configure it to retain fewer than one hundred versions.

While this update does increase the number of possible versions saved for any document, most customers will not notice a significant increase in storage requirements based on this change. Also, earlier this year we announced plans to increase the SharePoint Online per user license storage allocation, allowing greater collaboration and storage capacity for organizations using Office 365 and SharePoint Online. To read the announcement about the increase in default SharePoint Online storage allocations please click this link.

Pax

Автор статьи - Виталий Веденев.

Делаем первые шаги [1] в мобильном обучении [2,3] средствами Microsoft Office 365 учебного заведения. Первые шаги в мобильном обучении (m-learning) рассмотрены в этой статье с учетом специфики обучения с помощью мобильных устройств.

Что вы будете знать и уметь после прочтения этой статьи?

- Как организовать начало обучения в Office 365 и средствами Office 365 на мобильных устройствах?

- Как приступить к обучению в едином пространстве учебного заведения -  Office 365 с помощью мобильного устройства?

После принятия решения в учебном заведении по оптимизации совместной работы во всех сферах образовательной деятельности с помощью Office 365, тестирования решения и повышения квалификации педагогов применительно к использованию мобильных устройств в учебном процессе и прочих сферах деятельности учебного заведения можно приступить к использованию приложений и служб в учебном процессе (в примерах использован Office 365 A1) [1].

Каждая из служб Office 365 является абсолютно самостоятельной, и в то же время все они могут работать и работают в тесной связке друг с другом и с приложениями Microsoft Office. Набор мобильных приложений в сочетании с Office 365 и их тесная взаимосвязь предоставляет большие возможности по организации учебного процесса любого уровня сложности в этой интегрированной среде [4].

Вход в Office 365 осуществляется с учетной записью пользователя, предоставляемой администратором решения конкретного учебного заведения (имеется возможность получить доступ с учетной записью Office 365 другого учебного заведения в качестве гостя с определенными ограничениями доступа к внутренним ресурсам Office 365 [5]).

Рассмотрим обобщенные первые шаги мобильных пользователей в ходе учебного процесса в отдельных сценариях.

Сценарий 1. Вход в Office 365 и организация входа при обучении на мобильных устройствах

Правильная методическая организация электронного обучения в Office 365 учебного заведения с помощью мобильных устройств обязательно должна предусмотреть возможность удобного ознакомления пользователя с вводными инструкциями по ссылкам из первоначального электронного письма (по адресу электронной почты, предоставленной пользователем для налаживания первоначального контакта). Это должны быть ссылки на Sway-инструкции (например, «Инструкция пользователю учебного заведения по первоначальному входу в Office 365 и порядку начала обучения», цифровые истории [1]), текстовые файлы (инструкции PDF, Word). Живое общение (например, консультация в Microsoft Teams) с педагогом предполагает заранее установленное мобильное приложение (информация об этом должна быть в первоначальной инструкции).

Пояснения к схеме:

1. В ходе анализа информации (в примере показано мобильное приложение Power BI) с помощью Office 365 Adoption Preview были получены результаты, что достаточно значительная часть пользователей (примерно 25%) использует мобильные устройства на базе Android при обучении в конкретной образовательной среде за определенный период. Поэтому в ходе повышения квалификации педагогов и модераторов учебного заведения были отработаны разные варианты предоставления вводной информации путем предоставления ссылок на доступные источники (это может происходить в силу разных обстоятельств и предпочтений педагогов).
2. С помощью установленного мобильного приложения почта (устанавливается по умолчанию) после подключения почтового ящика с адресом, который указан в качестве контактного, пользователь может получить электронные письма со ссылками на разные источники информации.
3. Во всех случаях при нажатии на ссылку в письме потребуется браузер (предлагается системой Android из списка установленных браузеров, поэтому в письме заранее можно перечислить рекомендуемые для работы с Office 365 браузеры). Далее в браузере порядок просмотра информации зависит от первоначального источника:
   - если это Sway – инструкция [6], то вам сразу же будет доступен текст со встроенным видео и т.п.
   - если это PDF-инструкция, размещенная в OneDrive, то будет представлен текст инструкции из OneDrive, текст может включать ссылки на видеоинформацию.
   - если это Word Online – инструкция, то просмотр осуществляется в браузере средствами Word Online, значки Word предполагают установку мобильного приложения Word в случае, если вам необходимо вносить изменения в документ с мобильного устройства.
4. Т.к. все рассмотренные типы файлов (PDF, Word) можно преобразовать в Sway [6], то для удобства мобильных пользователей можно использовать только Sway-учебные материалы.

Сценарий 2. Начало обучения на мобильном устройстве: приложения

Выбранная педагогом информационно-образовательная среда [1] определяет набор мобильных приложений, который может быть предложен пользователю для установки в первоначальной инструкции или предлагается системой, установленной на мобильном устройстве, в ходе перехода по ссылкам в информационно-образовательной среде [2-4, 7,8].

Отдельного внимания требуют приложения, в которых обучаемый может выполнять практические задания.

Например, можно использовать преимущества мобильных устройств по быстрому формированию презентаций с фотографиями средствами приложения PowerPoint или внесения небольших исправлений в существующие учебные материалы, представленные в виде презентаций:

С помощью мобильных приложений можно оперативно управлять расписанием [9], планировать учебную работу [10] и многое другое.

Использование специализированных мобильных приложений в учебной работе будет рассмотрено в отдельных статьях.

Использованные источники:

1. Microsoft Office 365 в образовании. Первые шаги
2. Microsoft Office 365 в образовании. Организация мобильного обучения
3. Microsoft Office 365 в образовании. Построение информационно-образовательной среды средствами OneNote
4. Комплексное решение для учебных заведений
5. Microsoft Office 365 в образовании. Гостевой доступ в Microsoft Teams. Обучаемся в другом учебном заведении
6. Microsoft Office 365 в образовании. Организуем обучение с помощью Microsoft Sway. Примеры
7. Microsoft Office 365 в образовании. Мобильное приложение SharePoint
8. Microsoft Office 365 в образовании. Мобильная работа в группе Office 365
9. Microsoft Office 365 в образовании. Использование приложения Microsoft StaffHub в учебном процессе
10. Microsoft Office 365 в образовании.  Планируем учебную работу: Microsoft Bookings 

On Friday, May 25, the European Union’s General Data Protection Regulation — better known as GDPR — officially takes effect.

GDPR is an important step forward for privacy rights in Europe and around the world, and we’ve been enthusiastic supporters of GDPR since it was first proposed in 2012. It sets a strong standard for privacy and data protection by empowering people to control their personal information.  We appreciate the strong leadership by the European Union on these important issues and the invitation to Microsoft to be one of a small number of companies participating in the official events in Brussels on Friday.

We believe privacy is a fundamental human right. As people live more of their lives online and depend more on technology to operate their businesses, engage with friends and family, pursue opportunities, and manage their health and finances, the protection of this right is becoming more important than ever.

Privacy is also the foundation for trust. We know that people will only use technology that they trust. Ultimately, trust is created when people are confident that their personal data is safe and they have a clear understanding of how and why it is used. This means companies like ours have a huge responsibility to safeguard the privacy of the personal data we collect and the data we manage for our commercial customers.

Today Microsoft is announcing that we will extend the rights that are at the heart of GDPR to all of our consumer customers worldwide. Known as Data Subject Rights, they include the right to know what data we collect about you, to correct that data, to delete it and even to take it somewhere else. Our privacy dashboard gives users the tools they need to take control of their data.

You can read the new privacy statement here. And you can find out what’s new in the privacy statement here.

As GDPR goes into effect, one of our most important goals is to help businesses become trusted stewards of their customers’ data. This is why we offer a robust set of tools and services for GDPR compliance that are backed up by contractual commitments.

You can learn more at: Microsoft.com/GDPR

In this blog I will explain how you can monitor your SCOM Management Servers and Gateways using PowerShell. One of the most important task of a SCOM administrator, in fact the most important task, is to keep the Management Servers and Gateways highly available. There are chances that something will go wrong with them and one needs to fix them as soon as possible. This can only be possible if the SCOM administrators will be notified proactively. SCOM out-of-box gives you to create SCOM notification to alert you on "Heartbeat failure" and "Failed to Connect to Computer" alerts. However, I see have seen two issues with it.

1. SCOM administrators ignore them as they receive such alerts from agents day in and day out.

2.The emails cannot be customised like sending with High Priorities etc.

This is where PowerShell comes handy. Let us see how to make life of a SCOM administrator easier.

1. Create this PowerShell script in SQL Server hosting the Operations Manager Database. Here is the script which you can use with slight modification highlighted. You can create the script on any server as a matter of fact.
2. #############################################################

   $MS1=$null
   $MS2=$null
   $MSs=$null

   Try{
   $dataSource = "SQL2016" #Replace the databaseservername with the SQL Server name. Verify that you are able to connect to the instance using UDL test. You might need to provide the instance name along with port number
   $database = "OperationsManager" #Replace OperationsManagerDB with the name of your Operations Manager Database
   $connectionString = “Server=$dataSource;Database=$database;Integrated Security=True;”
   $connection = New-Object System.Data.SqlClient.SqlConnection
   $connection.ConnectionString = $connectionString
   $connection.Open()

   #This query gives the detail of the Management Server and the Gateway which are not healthy on the console.
   $query = "select BME.path from Availability AV
   join BaseManagedEntity BME on AV.BaseManagedEntityId=BME.BaseManagedEntityId
   join MT_healthservice HS on AV.BaseManagedEntityId=HS.BaseManagedEntityId
   where (HS.ismanagementserver=1
   or HS.isgateway=1)
   and AV.isavailable=0"

   $command = $connection.CreateCommand()
   $command.CommandText = $query
   $result = $command.ExecuteReader()
   $table = new-object “System.Data.DataTable”
   $table.Load($result)
   $connection.Close()

   $MSs=$table.path
   if($MSs -eq $null)
   {
   #Write-host "exit loop"
   exit
   }
   else
   {
   [string]$MS1=$MSs.Split(' ')
   }
   }

   Catch
   {
   #write-host "Catch Loop"
   $MS2= "Either SQL database is down or we cannot connect to the SQL instance"
   Send-MailMessage -From "opsmgr@pop1.lab" -to "udish@pop1.lab" -cc "udish@pop1.lab" -Body $MS2 -SmtpServer "exchange2010.pop1.lab" -Port 25 -Priority High -Subject "Management Servers and Gateways Unhealthy"
   break
   }

   #Send email to users if the SQL returns any output
   #The -from, -to, -smtpserver, -port, -subject parameter values should be replaced. Refer to your SMTP channel in SCOM console to get the details.
   If($MS1.count -ne 0)
   {
   [string]$mailbody=""
   foreach($MS in $MSs)
   {
   $mailbody = $mailbody + $MS + "`r`n"
   #$mailbody
   }
   Send-MailMessage -From "opsmgr@pop1.lab" -to "udish@pop1.lab" -cc "udish@pop1.lab" -Body $mailbody -SmtpServer "exchange2010.pop1.lab" -Port 25 -Priority High -Subject "Management Servers and Gateways Unhealthy"
   }

   ###############################################################

3. Once the script is ready and test with PowerShell ISE. Some sample output of the email. 3. The next steps would be to put in a task scheduler (or may be Orchestrator if you are using it)

   i. Open TaskSchedular. Right Click -> Create Task.

   ii.Enter the details under the highlighted lines. IMP: Use a service account to run the task which has permission to the Operations Manager Database. I would suggest SDK account.

    

    

   iii.  Add the schedule. IMP: Duration should be set to “Indefinitely”.

   iv. Put in the path where the script is located on the server.

   v. Run the task to verify everything is working as expected.
   

I wanted to take a few minutes and discuss current plans for upcoming changes in the security MP. I’d also like to use this space as an open forum for feature requests. While I’m not expecting tons of requests, it is worth noting that I do have a few criteria for any change I make.

• It needs to be something that should not generate a lot of noise when enabled. More than anything, that means I’ll need to have a unique way of identifying the issue in question. Several (not all) of my PtH rules are off by default for precisely that reason, they aren’t unique to PtH related events.
• For Operational Threats, I’d prefer to be tracking items that are currently in use or increasingly being used by the bad guys.
• Obviously, I need to stay within the limits of what the SCOM libraries can provide. Event log and registry key analysis are pretty easy. I’d note that anything that can be scripted in PowerShell should be relatively easy as well.

That said, feel free to drop a comment here for any ideas. You can also hit me up on linked in.

These are my current plans for updates:

• I want to rewrite the scheduled task rule to allow for overrides for specific applications. Unfortunately, this one is noisy as way too many commercial applications create their own scheduled tasks in task scheduler. This would allow users to override for specific applications in their environment.
• Similarly, I’d like to rewrite the service created on DC rule to do the same thing. In general, services should not be created on domain controllers fairly often, so this is worth monitoring for potential threats. However, it seems that some applications do occasionally create a service on a domain controller. This would allow a user to override for that specific service.
• I did find some false positives with local account creation, as those events can be generated on domain controllers. I didn’t see this in testing, but I did observe this at a customer recently. I’ve written in an override for the next release to turn this off on domain controllers.
• I would like to remove alerting for batch logons and put this in as a report. It’s worth noting that batch logons are very insecure, but this also is generating a lot of noise. The nice thing about a report is that you can see where these logons are occurring and update your applications accordingly…. at the very least, these machines could be segregated in your environment as to make it harder for an attacker to access the machine and steal credentials.
• I would like to write a collection rule/report for TLS 1.0 and 1.1 authentications. These too are insecure protocols and should be shut off in an organization. The idea behind this would be similar to the NTLM/LanMan/Wdigest/SMB1 reports. It should be able to tell a user where this authentication is happening in an environment so as to fix any applications that are using it and allow an organization to shut it off. I don’t know how easy this will be. My initial research (though to be fair I haven’t spent more than a few minutes looking into this) didn’t find an easy way to detect this. I’ll probably also need some beta-testers here as I doubt I have these protocols running in my lab.

Beyond that, I don’t have too much in the way of changes scheduled. I’d definitely like to hear more from the community as to what they would like to see. I think we’ve hit most of the low hanging fruit, which is good, but that also means it will take a lot more effort for additional features.

My customers are always asking me who do you recommend we buy Azure training from. I am a Microsoft Certified Trainer and I specialize in Office 365, Azure and exam preps. I tell them...do NOT pay for a training class or online subscription models they aren't worth it.

Microsoft provides more and better training then any training provider out there. The problem is it is not all in one location so hard to find.

Here is more free training https://www.microsoft.com/en-us/learning/azure-training.aspx

Microsoft's official certification site https://www.microsoft.com/en-us/learning/certification-overview.aspx#bcc-section  this is where they also have free online training videos and links to prepare for an exam. Yes some of the links go to articles, but that is because it is easier and faster for them (anyone) to update an article then update a training video or series of videos.

So here is a list of Microsoft's free Azure training sites.

https://www.microsoft.com/en-us/learning

https://mva.microsoft.com/

Microsoft has more free Azure online training in LinkedIn Learning, I really like these as they are good series. https://www.linkedin.com/learning/microsoft-azure-core-functionalities-2

If you want hands on lab training Microsoft even has hands on labs for free, and I have taken all companies hands on lab training and Microsoft's is best by far.   https://www.microsoft.com/handsonlabs .

There is also training and articles found in the certification exam pages.

https://www.microsoft.com/en-us/learning/mcsa-cloud-platform-certification.aspx

This is the application developer exam for Azure https://www.microsoft.com/en-us/learning/exam-70-532.aspx .

This one is a combination of both application development and infrastructure so I recommend it.
https://www.microsoft.com/en-us/learning/exam-70-533.aspx

Then after you have your two certifications above and have earned your MCSA you only need to take one more exam 70-535 for Architects to earn your MCSE.  https://www.microsoft.com/en-us/learning/exam-70-535.aspx

Always expand the Training and Resources and you will see the free resources to learn this topic.

70-538 Azure DevOps certification is coming in the next few months. https://www.microsoft.com/en-us/learning/exam-70-538.aspx

Free DevOps training is here: https://mva.microsoft.com/training-topics/devops that includes testing.

https://aka.ms/edx-dev223x-about

https://www.edx.org/course/building-your-azure-skills-toolkit

Then anyone with an MSDN Visual Studio Subscription also has more free training for them on that site.

We’ve released new updates for Surface Pro devices running Windows 10 Version 1709 and above. These updates include new drivers for Intel(R) Dynamic Platform and Thermal Framework Manager, Intel(R) Dynamic Platform and Thermal Framework Power Participant, and Intel(R) Dynamic Platform and Thermal Framework Processor Participant which improve system stability.

This update is available through Windows Update only.

Surface Pro 4:

• Intel(R) Dynamic Platform and Thermal Framework Manager v8.3.10207.5567 improves system stability.
• Intel(R) Dynamic Platform and Thermal Framework Power Participant v8.3.10207.5567 improves system stability.
• Intel(R) Dynamic Platform and Thermal Framework Processor Participant v8.3.10207.5567 improves system stability.

Applies to:

Windows 10, version 1803

Windows Server 1709

Windows 10, version 1709

Windows 10, version 1703

Windows Server 2016

Windows 10, version 1607

Windows 10, version 1511

Windows 10, version 1507

Windows Server 2012 R2

Windows 8.1

Windows Server 2012

Windows 8

Windows Server 2008 R2

Windows 7

Does not apply:

Windows Server 2008

Windows Vista

Windows Server 2003

Windows XP

Originally published Dec 2012.  Updated June 2015, Nov. 2016, May 2018.

In Windows Server’s, if you wanted to capture network packets (for those coming from a Unix background, Packet sniffer or protocol analyzer, or TCPDump), you would have to install an add-on such as Network Monitor (Netmon) or Wireshark (used to be known as Ethereal).  In order to install these products, you would have to go thru a change control process.

Starting with Windows 7 and Windows Server 2008 R2, network capture has been built-in and native to the Windows O.S.

Step 1.  WARNING:  In Windows 7 and Windows Server 2008 R2, you could run into:

2582260 "0x0000000A" Stop error when you perform ETW tracing on the Afd.sys driver in Windows 7 or in Windows Server 2008 R2    

Please make sure to install the hotfix above before you proceed.

Step 2.  Before you capture any network trace, here are questions you should have ready when you are capturing it:

Network tracing (packet sniffing) data to provide when troubleshooting.

Step 3.  Minimize the noise.

Close all the applications that are unnecessary for the issue that you are investigating.

Step 4.  Clear any caching that has been done.

Clear all name resolution cache as well as all cached Kerberos tickets.

To clear DNS name cache you type in: IPConfig /FlushDNS

To clear NetBIOS name cache you type in: NBTStat -R

     Note:  This command requires you to be a “Local Administrator” (i.e.  CMD ( Run as admin)).

To clear Kerberos tickets will need KList.exe: KList purge

Note:  Depending on what permissions the service or application has, you might have to open a Command Prompt (CMD.exe) using those permissions.  For example:  If the app or service uses the System account, you will need to use Sysinternals Psexec.

PSExec.exe -s -i cmd.exe

And then run the commands above in the new command prompt that opened to clear the cache(s).

i.e.  If you are troubleshooting Internet Explorer (IE), clear the IE cache.

Step 5.  Start, CMD (Run as admin)

Type “Netsh trace start scenario=NetConnection capture=yes report=yes persistent=no maxsize=1024 correlation=no traceFile=C:LogsNetTrace.etl” without the quotation marks and then press Enter.

     Note:  Details of all the options are available in the links to more information.

     Note 2:  You always want to take network traces from both sides (sending and receiving).

Step 6.  Reproduce the issue.

Open a second CMD (Run as admin)

When you have the repro, to make the network trace with a ‘marker’ that you are done.

Type “ping 127.0.0.1” without the quotation marks and then press Enter.

Step 7.  To stop the network capture

Type “netsh trace stop” without the quotation marks and then press Enter.

Once you have the nettrace.etl file, you could copy it off the server to your Windows client.

In your Windows client, you would use Microsoft Network Monitor 3.4 to analyze the network packets.

In your Windows machine, you could use Microsoft Message Analyzer to analyze the network packets.

More information:

Troubleshoot -related issues *Windows 10 1607 and newer only

Network Tracing in Windows 7

Network Tracing in Windows 7 (Windows)   
Netsh Commands for Trace   
Netsh Commands for Network Trace in Windows Server 2008 R2 and Windows 7   
Event Tracing for Windows and Network Monitor   
Tool: Installing the Microsoft Message Analyzer version 1.3
How to setup a local network trace using “Start Local Trace” in Message Analyzer v1.3?
How to setup a local network trace on the LAN using Message Analyzer v1.3 UI?

For those administrators that want to learn more and their company has a Premier contract. There is a workshop available called “Netmon for Enterprise Troubleshooting”. Please contact your Technical Account Manager (T.A.M.) about availability in your neck of the woods.

Microsoft Services - Premier Support Proactive Services - Proactive Education

P.S. Getting network trace during a boot.

Type “Netsh trace start scenario=AddressAcquisition, FileSharing, LAN, Layer2, NDIS, NetConnection, WLAN capture=yes report=yes persistent=yes maxsize=1024 correlation=no traceFile=C:LogsNetTrace.etl” without the quotation marks and then press Enter.

To stop the network capture

Type “netsh trace stop” without the quotation marks and then press Enter.

レガシーERPを利用し続けていくには、年間の保守料金に加えて、サポート終了にともなうアップグレードコストやカスタマイズ部分の検証・修正費用、その他さまざまな社内コストなども考慮していかなくてはいけません。
多くの企業では、いつしかレガシーERPに関わるさまざまなコストが重荷になり、戦略的なIT投資ができていないのではないでしょうか？

本ホワイトペーパーでは、企業がレガシーERPをどのように最先端クラウド型ERPであるMicrosoft Dynamics 365へ移行していくのかをご紹介します。

▼　「レガシーERPからMicrosoft Dynamics 365への移行方法 」ダウンロードはこちらから

The User Profile Synchronization service for SharePoint 2010 or 2013 can fail to start for numerous reasons. This post is for when the User Profile Service Application(UPA) is stuck on Starting. This prevents anybody from creating connections or syncing users.

This will prevent the User Profile Service Application from functioning properly. ULS shows the topology.svc tossing this "The requested application could not be found" with EventID evr4.

We can try to start the by running the Provision method to get the service application Started.

$upa = Get-SPServiceApplication <GUID of Service Application>

$upa.Provision()

This did fail and in the ULS logs we found this entry.

05/26/2018 11:13:46.90    PowerShell_ISE.exe (0x4AF4)    0x48F4    SharePoint Portal Server    User Profiles    ojxm    High    SSP administration site owner is 'i:0#.w|oldaccountdeleted'.    018afcc8-f800-0001-5e35-00e1678bd301

SSP administration is a blast from the past. The reference is back to 2007 but service applications replaced the SSP in SharePoint 2010. This entry is stating we're looking for owner of the Central Admin. This value can be exposed by using PowerShell as well.

$site = Get-SPSite http://centralAdmin:1234

$site.Owner

Or the UI with Site Settings and Site Collection Administrators

Or the Change site collection administrators in Central Admin

Find that account there and replace it with a valid account then run the Provision() PowerShell.