Quantcast
Channel: TechNet Blogs
Viewing all 34890 articles
Browse latest View live

Top Contributors Awards! Building a bot using Azure Bot Service and many more!

May 11, 2019, 3:12 pm
$
0
0

Welcome back for another analysis of contributions to TechNet Wiki over the last week.

First up, the weekly leader board snapshot...

 

As always, here are the results of another weekly crawl over the updated articles feed.

 

Ninja Award Most Revisions Award
Who has made the most individual revisions

 

#1 Peter Geelen with 182 revisions.

 

#2 George Chrysovaladis Grammatikos with 24 revisions.

 

#3 Emre Ozan Memis with 24 revisions.

 

Just behind the winners but also worth a mention are:

 

#4 Hamid Sadeghpour Saleh with 20 revisions.

 

#5 Hadshana.K [MCT] with 19 revisions.

 

#6 Dave Rendón with 14 revisions.

 

#7 Stoyan Chalakov with 13 revisions.

 

#8 Nonki Takahashi with 12 revisions.

 

#9 Stephan Bren with 11 revisions.

 

#10 Edward van Biljon with 8 revisions.

 

 

Ninja Award Most Articles Updated Award
Who has updated the most articles

 

#1 Peter Geelen with 88 articles.

 

#2 Emre Ozan Memis with 18 articles.

 

#3 Hamid Sadeghpour Saleh with 17 articles.

 

Just behind the winners but also worth a mention are:

 

#4 Dave Rendón with 9 articles.

 

#5 George Chrysovaladis Grammatikos with 8 articles.

 

#6 Fernando Lugão Veltem with 3 articles.

 

#7 Denis Dyagilev with 3 articles.

 

#8 Richard Mueller with 3 articles.

 

#9 RajeeshMenoth with 2 articles.

 

#10 SYEDSHANU - MVP with 2 articles.

 

 

Ninja Award Most Updated Article Award
Largest amount of updated content in a single article

 

The article to have the most change this week was TechNet Guru Competitions: April 2019, by [Kamlesh Kumar]

This week's reviser was [Kamlesh Kumar]

 

Ninja Award Longest Article Award
Biggest article updated this week

 

This week's largest document to get some attention is Outlook and Outlook for Mac: Update File Versions, by Tasita Ebacher [MSFT]

This week's reviser was Tasita Ebacher [MSFT]

 

Ninja Award Most Revised Article Award
Article with the most revisions in a week

 

This week's most fiddled with article is Building a bot using Azure Bot Service, by Hadshana.K [MCT]. It was revised 18 times last week.

This week's reviser was Hadshana.K [MCT]

 

Ninja Award Most Popular Article Award
Collaboration is the name of the game!

 

The article to be updated by the most people this week is PowerApps: Criando Canvas App, by Fernando Lugão Veltem

This week's revisers were Fernando Lugão Veltem, Edward van Biljon, Peter Geelen & Dave Rendón

 

Ninja Award Ninja Edit Award
A ninja needs lightning fast reactions!

 

Below is a list of this week's fastest ninja edits. That's an edit to an article after another person

 

Ninja Award Winner Summary
Let's celebrate our winners!

 

Below are a few statistics on this week's award winners.

Most Revisions Award Winner
The reviser is the winner of this category.

Peter Geelen

Peter Geelen has been interviewed on TechNet Wiki!

Peter Geelen has featured articles on TechNet Wiki!

Peter Geelen has won 303 previous Top Contributor Awards. Most recent five shown below:

Peter Geelen has TechNet Guru medals, for the following articles:

Peter Geelen's profile page

Most Articles Award Winner
The reviser is the winner of this category.

Peter Geelen

Peter Geelen is mentioned above.

Most Updated Article Award Winner
The author is the winner, as it is their article that has had the changes.

[Kamlesh Kumar]

[Kamlesh Kumar] has been interviewed on TechNet Wiki!

[Kamlesh Kumar] has won 44 previous Top Contributor Awards. Most recent five shown below:

[Kamlesh Kumar] has TechNet Guru medals, for the following articles:

[Kamlesh Kumar] has not yet had any featured articles (see below)

[Kamlesh Kumar]'s profile page

Longest Article Award Winner
The author is the winner, as it is their article that is so long!

Tasita Ebacher [MSFT]

Tasita Ebacher [MSFT] has won 7 previous Top Contributor Awards. Most recent five shown below:

Tasita Ebacher [MSFT] has not yet had any interviews, featured articles or TechNet Guru medals (see below)

Tasita Ebacher [MSFT]'s profile page

Most Revised Article Winner
The author is the winner, as it is their article that has ben changed the most

Hadshana.K [MCT]

This is the first Top Contributors award for Hadshana.K [MCT] on TechNet Wiki! Congratulations Hadshana.K [MCT]!

Hadshana.K [MCT] has not yet had any interviews, featured articles or TechNet Guru medals (see below)

Hadshana.K [MCT]'s profile page

Most Popular Article Winner
The author is the winner, as it is their article that has had the most attention.

Fernando Lugão Veltem

Fernando Lugão Veltem has won 55 previous Top Contributor Awards. Most recent five shown below:

Fernando Lugão Veltem has not yet had any interviews, featured articles or TechNet Guru medals (see below)

Fernando Lugão Veltem's profile page

Ninja Edit Award Winner
The author is the reviser, for it is their hand that is quickest!

Dave Rendón

Dave Rendón has been interviewed on TechNet Wiki!

Dave Rendón has won 108 previous Top Contributor Awards. Most recent five shown below:

Dave Rendón has TechNet Guru medals, for the following articles:

Dave Rendón has not yet had any featured articles (see below)

Dave Rendón's profile page

 

 Says: Another great week from all in our community! Thank you all for so much great literature for us to read this week!

Please keep reading and contributing, because Sharing is caring..!!

 

Best regards,

 

Search

Demystifying the Native SQL Replication co-existence issues with Resident ConfigMgr DRS

May 11, 2019, 4:33 pm
$
0
0

I think it is very common resident knowledge with experts who work on the cases involving Native SQL replication with ConfigMgr DRS (Be it MP Replica DB, or just plain out of box SQL Replication usage in ConfigMgr infra)

The Configuration works well until it breaks in way so bad that DRS is non-functional with poison messages all over

While we have tried fixing these issue on a case to case basis, there needs to be more analysis on why these things happen and what can do to identify, prevent or Remediate things.

And an inherent question – What can we do from ConfigMgr end so we don’t allow customer to shoot on the foot? And well, that’s the whole purpose of this post. To try putting an end to this debate and this uncertain discussion with customer to install DB Replica –

“We know we can go with MP DB Replica, but things can break the replication sometimes

 

So lets start, How does the issue surface or comes to us –

 

Issue Description

We are(were) using MP DB Replica Or out of box SQL replication on ConfigMgr DB successfully until after some changes were made and this broke out ConfigMgr replication.

We see exceptions in RCMCtrl.log for every message it tries to process  -

 

The asynchronous command finished with return message: 
[A .NET Framework error occurred during execution of user-defined routine or aggregate "spDRSActivation": 
~~Microsoft.ConfigurationManager.DataReplicationService.ServiceException:
 Exception has been thrown by the target of an invocation.
---> System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation.
---> System.Data.SqlClient.SqlException: Explicit value must be specified for identity column in table 'Logs' either when IDENTITY_INSERT is set to ON 
or when a replication user is inserting into a NOT FOR REPLICATION identity column
~~System.Data.SqlClient.SqlException:
~~ at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)  
~~ at System.Data.SqlClient.SqlCommand.RunExecuteNonQuerySmi(Boolean sendToPipe)
~~   at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe,
 Int32 timeout, Boolean asyncWrite)
~~   at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
~~   at Microsoft.ConfigurationManager.DataReplicationService.DrsLogging.ExecuteLogEntryProcedure(LogType logType, String logText, String messageText,
 String procedureName)
~~   at Microsoft.ConfigurationManager.DataReplicationService.MessageHandlerService.ProcessSyncEnd(Message msgReceived, SqlConnection connection,
 SqlTransaction transaction, Int32 logLevel, SqlCommand command)
~~System.Reflection.TargetInvocationException: ~~   at Microsoft.ConfigurationManager.DataReplicationService.Service.Run(SqlConnection connection,
 SqlTransaction transaction, Int32 logLevel, SqlCommand command, Int64 poisonMessageSequenceNumber)

 

And this happens Pretty much for most of the tables throwing Poison messages.

Lets try to analyze the exception

Explicit value must be specified for identity column in table 'Logs' either when IDENTITY_INSERT is set to ON or when a replication user is 
inserting into a NOT FOR REPLICATION identity column

Basically a lot of things to understand before we even know what is that trying to entail. So lets start tearing piece by piece.

 

Piece 1 : Identity column

These are the columns in the table which generate the value automatically for a row and we don’t explicitly provide any value.

For example, Take a look at Logs tables LogLine column.

 

So Logline is an Identity column starting with value 1 and will automatically increment by 1.

When we Insert into LOGS table we don’t provide any explicit value to this as SQL Server automatically handles this for us. See below we did not pass any value to the Logline column.

insert into Logs(SPID,ComponentName,MachineName,ProcedureName,LogText,NestLevel,MessageText)
values(@@SPID,APP_NAME(),HOST_NAME(),@ProcedureName,@LogText,@@NESTLEVEL,@MessageText)

These would definitely create unique rows and we generally keep Identity columns on tables which seemingly don’t have a Good Primary Key to keep.

 

Piece 2: Thanks! I know Identity Column, But what if I manually want to specify a value for Identity column

You can try your luck but SQL server doesn’t like it and will raise an error if you try to specify a VALUE manually –

Cannot insert explicit value for identity column in table 'MyTable' when IDENTITY_INSERT is set to OFF

 

Ok! So is there a workaround?

Yeah Something like below where you explicitly ALLOW INSERT for IDENTITY column and then turn it OFF.

SET IDENTITY_INSERT MyTable ON

INSERT MyTable(TheIdentity, TheValue)
VALUES (3, 'First Row')

SET IDENTITY_INSERT MyTable OFF

 

Piece 3: Thinking of Practical scenario now of Identity Table (Table with an Identity column) in SQL replication.

 

Now if we have SQL Replicas, If a Table to be replicated happens to be a IdentityTable, we don’t want the Identity column (Say suppose DistributionID) to be different in Replica.

So we want to explicitly specify the same value what we have in the Main Publishing DB and want to make sure that we are able to explicitly ENTER a VALUE to the Identity column.

 

If we think of the above workaround, that’s not acceptable to me as I cannot modify each Stored Procedures etc. as that will break my production infra where I don’t specify any value to Identity column and let it takes it course.

So the SQL provided us with a way to achieve the same for Replication scenarios. And the answer is 'NOT FOR REPLICATION' bit in the identity column.

 

So once we have 'NOT FOR REPLICATION bit set for the column in the Subscriber DB (Replica DB), It is the same as saying IDENTITY_INSERT is SET to ON for the table permanently and you need to specify the value for the IDENTITY Column explicitly For Insert coming from Replication Endpoints.

This would mean Any insert on the Subscriber DB coming from Replication process will be able to insert the same manual value that got automatically inserted in the publisher DB in the Identity Column without any Ifs or Buts.

Back to Square one on the track of troubleshooting the issue.

 

Now lets try to analyze the exception again that we are getting on the Production Publisher DB.

Explicit value must be specified for identity column in table 'Logs' either when IDENTITY_INSERT is set to ON or when a replication user is 
inserting into a NOT FOR REPLICATION identity column

 

So looks like we are trying to update the Logs table without specifying the Identity column (which is perfectly fine) as we looked above as by default the Logs table is not marked for 'NOT FOR REPLICATION'   = YES

So what happened which changed this to setting to 1 on the Publisher DB.

It was mentioned that there were only some changes to the default publication on the Publisher.

When I looked at the Publication I could see Logs table was made to be a part of the subscription. Pretty much all tables were selected for replication.

Whereas when you look the at default configuration we have only 76 tables selected with Identity columns. Logs and all most other tables are not included by default.

 

For ConfigMgr , We store the objects we replicate to REPLICA here:

SELECT * from ReplicatedObjects

 

From my Labs snapshot, I could see and confirm Logs is not included by default.

 

So now I think we are sure someone did modify the subscription to include other tables that are not included by default. Well a fair thing you expect from admins needing more tables and data as per their convenience.

But the question is-

Why did we change the NFR bit to ON in the Publication DB (Production Site DB)given our SPs are not coded that way?

All in all, NFR bit for Identity column makes sense for Subscriber DB which needs to get the value explicitly from the publisher and we still want the Automatic seeding to happen in Production DB.

So I went ahead and selected the LOGS table in my subscription manually. And to my horror the Not for Replication bit for the Identity Column in Logs table changed to TRUE in the Publisher DB.

 

And in no time I started seeing the exception in my environment as well.

So this explains why we used to say don’t touch the setup once configured 😊

But at CSS, customers come for fixing the issue and what we have been doing is setting NFR bit to OFF for such tables.

Also, Can we do anything to help identify this issue from an HMAN monitoring rule, and correct it if possible ?

Yes! In my opinion 😊

 

Here is the detection script to find any additional articles added to the publication.

 

SELECT T.Name
FROM sys.tables T
INNER JOIN sys.columns C on T.object_id = C.object_id
LEFT JOIN ReplicatedObjects R ON R.objectName = T.name
WHERE C.is_identity =1 AND C.is_replicated =1 AND R.ObjectName is NULL
AND COLUMNPROPERTY( OBJECT_ID(T.Name),C.Name,'IsIdNotForRepl') = 1

 

And here is the Remediation Script to correct these for the tables setting the NFR bit to 0.

IF OBJECT_ID('tempdb..#NFRTEMP') IS NOT NULL
DROP TABLE #NFRTEMP


SELECT T.Name
INTO #NFRTEMP
FROM sys.tables T
INNER JOIN sys.columns C on T.object_id = C.object_id
LEFT JOIN ReplicatedObjects R ON R.objectName = T.name
WHERE C.is_identity =1 AND C.is_replicated =1 AND R.ObjectName is NULL
AND COLUMNPROPERTY( OBJECT_ID(T.Name),C.Name,'IsIdNotForRepl') = 1


IF EXISTS (SELECT 1 from #NFRTEMP)
BEGIN
PRINT 'Affected by Custom modification of Publication [ConfigMgr_MPReplica] to include Tables with Identity Columns not included by Default in ConfigMgr...'
DECLARE @TableName NVARCHAR(255);
DECLARE @ConfigMgrDB NVARCHAR(255);DECLARE @DistDB NVARCHAR(255);DECLARE @SQLCMD NVARCHAR(MAX);
Select @ConfigMgrDB = ConfigMgrDatabase from ServerData where Sitecode = (select ThisSiteCode from SMSData)
select @DistDB=Name from sys.databases where is_distributor = 1 and Name like 'CM%'
DECLARE @ObjectID int

DECLARE RemoveNonDefaultArticlesFromPublicationAndResetNFR CURSOR FOR
SELECT A.Name FROM #NFRTEMP AS A
OPEN RemoveNonDefaultArticlesFromPublicationAndResetNFR;
FETCH NEXT FROM RemoveNonDefaultArticlesFromPublicationAndResetNFR INTO @TableName;
WHILE @@FETCH_STATUS = 0
BEGIN

-- Setting the NFR BIT to OFF on the additional tables should be enuf to fix the issue if we still want to keep those tables in Publication.
-- Uncomment the below section only if you also want to remove the added Articles from ConfigMgr Publication
/*
PRINT 'Dropping the Table '+ @TableName + ' From Publication [ConfigMgr_MPReplica] as it is not included by default'
SET @SQLCMD = 'USE ' + @DistDB +';
delete from  mssubscriptions where article_id =(select article_id from msarticles with (nolock) where article ='+ ''''+ @TableName+ ''''+')';
EXECUTE(@SQLCMD);
EXEC sp_droparticle @publication = 'ConfigMgr_MPReplica',  @article = @TableName,  @force_invalidate_snapshot = 1
*/

PRINT 'Setting the NFR bit for Identity Column on Table '+ @TableName + ' to OFF'
SET @ObjectID =object_id(@TableName)
EXEC sys.sp_identitycolumnforreplication @ObjectID, 0

FETCH NEXT FROM RemoveNonDefaultArticlesFromPublicationAndResetNFR INTO @TableName;
END;
CLOSE RemoveNonDefaultArticlesFromPublicationAndResetNFR;
DEALLOCATE RemoveNonDefaultArticlesFromPublicationAndResetNFR;
END

ELSE
PRINT 'Publication [ConfigMgr_MPReplica] is Fine with no Custom Modifications. Exiting...'

 

Output

Things are not as simple as you wish they were

This all looks great if you had kept the publications without touching it further. But one customer did realize his mistake that he selected all tables accidentally. And then went ahead and unchecked the tables from publication.

 

Now a bad thing to know is un-checking does not RESET the NFR bit to 0 in the Publication DB. So we are stuck with the same issue now but a challenge more difficult to identify the tables who have this Problem.

 

To Solve this problem, there is a logical approach.

 

1. Disable NFR bit on identity columns for all tables in the Site Database (Publication DB)

EXEC sp_msforeachtable @command1 = 'declare @int int set @int =object_id("?") EXEC sys.sp_identitycolumnforreplication @int, 0'

 

2. Run the below query on a healthy ConfigMgr infra (same version) to create a set of statements which will tell us the tables that have NFR bit set to 1

SELECT 'set @int =object_id('''+ o.name +''') EXEC sys.sp_identitycolumnforreplication @int, 1' as sqlcmd
from sys.objects o
inner join sys.columns c on o.object_id = c.object_id
WHERE COLUMNPROPERTY(c.object_id, c.name, 'IsIdNotForRepl') = 1

3. Copy the output from the healthy Database and run these statements on the Site Database which is broken.

 

So hopefully this will help you with fix the issue where SQL Replication is involved.

Umair Khan

Support Escalation Engineer |Microsoft System Center Configuration Manager 
Disclaimer: This posting is provided "AS IS" with no warranties and confers no rights.

Office 365 Weekly Digest | May 5 – 11, 2019

May 13, 2019, 4:00 am
$
0
0

Welcome to the May 5 - 11, 2019 edition of the Office 365 Weekly Digest.

Fourteen features were added to the Office 365 Roadmap last week, with most related to Microsoft Teams and SharePoint. One feature of note is the updates to password reset in the Microsoft 365 admin center, which now supports a 256 character maximum length and password writeback for hybrid customers.

There are three new events - the May 2019 virtual meetup for Women IT Pros, a Microsoft Security Intelligence Report webinar, and a Planner Ask Microsoft Anything (AMA). The spotlight event this week is the Microsoft Compliance and Security Virtual Conference on Tuesday, May 14, 2019 from 9am - 2pm Pacific. 

Microsoft Build 2019 was last week, which means that most of the blog content was related to announcements from the conference. In addition, there is an April 2019 "What's new" in Microsoft 365 user management post, and information on Planer and To-Do integration rolling out now.

Noteworthy items from last week include the new "My Library" and notifications features in the Service Trust Portal, a new home and updates for Microsoft Secure Score, general availability of Microsoft Search, and more.

 

OFFICE 365 ROADMAP

 

Below are the items added to the Office 365 Roadmap last week…

 

Feature ID

App / Service

 Title Description

Status

Added

Estimated Release

 More Info
33603

SharePoint

 SharePoint: lists from lists / lists from Excel Build new lists from Excel, templates, or other lists

In development

05/10/2019

May CY2019

 n / a
46184

Flow

 Export Visio diagrams to Flow Open an existing BPMN/Flowchart diagram or create a new one in Visio and export it to Microsoft Flow to automate.

In development

05/10/2019

Q4 CY2019

 Export workflows designed in Visio to Flow to quickly automate business processes
50692

Teams

 Microsoft Teams - Share system audio in a Teams meeting Do you need to share a video or audio clip as part of a presentation? Sharing your system audio lets you stream your computer audio to meeting participants through Teams.

In development

05/10/2019

May CY2019

 n / a
50796

Teams

 Microsoft Teams: Music on Hold Music for users on hold.

In development

05/10/2019

June CY2019

 n / a
51089

Teams

 Microsoft Teams: Secondary Ringer Provides the capability to configure a second ringer for calling. This allows for headsets to be plugged in but still be able to hear a incoming call ring your device.

In development

05/10/2019

June CY2019

 n / a
51186

Teams

 Microsoft Teams: Single toolbar for controls in Meetings and Calling Microsoft Teams is improving discoverability and reducing clutter for users in meetings and calls. The session controls will be unified to one toolbar at the bottom of the screen. This will affect Windows, Mac, and web clients. There is no impact for mobile or Microsoft Teams Rooms (MTR) devices.

In development

05/10/2019

June CY2019

 n / a
51230

Teams

 Microsoft Teams - Shared links Streamline sharing with Microsoft Teams. You can now create a shareable link for any file stored in Teams and directly set the appropriate permissions. Additionally, you can also set permissions for files stored in SharePoint or OneDrive while composing a private chat or starting a channel conversation.

In development

05/10/2019

May CY2019

 n / a
51235

Teams

 Microsoft Teams - Add up to 100 people to a group chat Do you need to have an ad-hoc discussion with a large number of people? Group chats can now accommodate up to 100 users.

In development

05/10/2019

June CY2019

 n / a
51259

SharePoint

 Move SharePoint sites to a new location Beginning in June 2019 SharePoint Online administrators will be able to leverage the new invoke-spositeswap Windows PowerShell cmdlet to move SharePoint sites between locations within an Office 365 tenant. This feature will allow administrations to move a site to the location of an existing site. For example, move a modern site to become the root site at [tenant].sharepoint.com.

In development

05/10/2019

June CY2019

 n / a
51262

SharePoint

 SharePoint Migration Tool Site Migration Support The SharePoint Migration Tool lets you migrate content from SharePoint Server 2013 or from on-premises file shares and easily move them to either Microsoft Teams, SharePoint, or OneDrive in Office 365. This update to the SharePoint Migration Tool provides support for complete site migrations with SharePoint Server 2013 in addition to support for migrations from SharePoint Server 2010 (preview).

In development

05/10/2019

May CY2019

 SharePoint Migration Tool
51326

Teams

 Microsoft Teams - Announcements Do you have an announcement that needs to stand out from all other posts in a channel?  The new "Announcement" post type allows you to add a headline with a background to your message. You can choose from our available backgrounds or upload your own custom image.

In development

05/10/2019

June CY2019

 n / a
51332

Microsoft 365

 Updated feature: reset password in the Microsoft 365 admin center We're updating reset password so that it supports a 256 character maximum password length. For our hybrid customers, we have also implemented support for password writeback. This Azure Active Directory Premium
feature allows admins to reset passwords for users synced via AAD connect. This means that you can now reset passwords in the online portal for these users.

Rolling out

05/10/2019

May CY2019

 What's new in Microsoft 365 user management for April 2019
51358

Exchange

Outlook

 Outlook Calendar - new APIs New capabilities will be available so you can better manage your organization's resources. SetPlace cmdlet - This feature will let you update information about rooms and add metadata like what devices are in the room. This functionality is only available for admins and will be performed through an Exchange Online PowerShell cmdlet. The changes made to the rooms will sync into Azure Active Directory as well. Places - Get all the information about rooms and roomlist
like devices, floor and capacity. Room Naming schema- Room names will now be auto generated based on attributes admins can set.

In development

05/10/2019

Q4 CY2019

 n / a
51372

SharePoint

 Improvements to Default Retention Label inheritance for SPO Move/Copy actions Now when moving or copying a file in SPO, if the file does not have a retention label, the default retention label at the library, folder or docset level will be inherited whether the target location is within the same site collection or is a different site collection.

In development

05/10/2019

June CY2019

 n / a

 

 

UPCOMING EVENTS

 

Upgrade 101: Managing your upgrade from Skype for Business to Microsoft Teams (Part 1)

As an existing Skype for Business customer, we understand that upgrading to a new technology can be confusing and are committed to supporting you on your journey to Microsoft Teams. Through our two upgrade classes, you will find everything you need to plan and implement your upgrade. Part 1 is focused on upgrade planning and user readiness. Targeting project stakeholders with accountability for Skype for Business to Teams upgrade success and user readiness/change managers, this session serves as the foundation for your upgrade planning, including: (1) An overview of our proven, upgrade success framework, (2) Real-world customer examples, (3) Insights into facilitating user readiness and upgrade acceptance, and (4) Orientation to key upgrade guidance resources.

 

Upgrade 101: Managing your upgrade from Skype for Business to Microsoft Teams (Part 2)

As an existing Skype for Business customer, we understand that upgrading to a new technology can be confusing and are committed to supporting you on your journey to Microsoft Teams. Through our two upgrade classes, you will find everything you need to plan and implement your upgrade. Part 2 is understanding coexistence and interoperability. Designed for the IT Pro/technical experts implementing the migration from Skype for Business to Teams, this session will arm you with the information you need to know before migrating your users, including: (1) End user experiences during the upgrade, (2) Available journey options an organization can take from online or on-premises as the starting point, and (3) Routing and federation experiences.

 

Make the switch from Skype for Business to Microsoft Teams: End User Guidance

Designed specifically for Skype for Business end users, this course offers everything you need to help make the transition to Microsoft Teams. We'll focus on the core communication capabilities you use today, chat and meetings, as well as provide an orientation to additional collaboration functionality Teams has to offer. The session is also available on demand at https://aka.ms/fromskypetoteamsondemand.

 

Getting Started with Microsoft Teams

This 60-minute session introduces you to the key activities needed to get started with Microsoft Teams today. From setting your profile, to running a meeting, users will leave this session with the foundation needed to use Teams with confidence. The session is also available on demand at https://aka.ms/teamsgettingstartedondemand.

 

Microsoft Teams Tips and Tricks (Part 1)

Designed for those who are already familiar with Microsoft Teams, our Tips and Tricks sessions offer insights, best practices and advanced functionality to help optimize how Teams can work for you. Each session will also include a few real-world examples of how customers are using Microsoft Teams today. Part 1 is focused on tips for conversations and meetings. Many of our interactions start as a simple chat. Learn how you can take those conversations to the next level, including: (1) Formatting messages to help increase response rates, (2) Managing conversations to easily track and follow-up, (3) Organizing conversations, keeping important and active chats front-and-center, (4) Expanding conversations into a full meeting experience, and more. Prefer to watch this session on your own time or simply want a refresher after attending the live training? Access the consolidated on-demand version of Tips and Tricks here: https://aka.ms/teamstipsandtricksondemand.

 

Microsoft Teams Tips and Tricks (Part 2)

Designed for those who are already familiar with Microsoft Teams, our Tips and Tricks sessions offer insights, best practices and advanced functionality to help optimize how Teams can work for you. Each session will also include a few real-world examples of how customers are using Microsoft Teams today. Organizing your workflow and projects in Teams can really help simplify productivity. Join us for Part 2 of this series, where you'll learn tips including: (1) Implementing effective strategies creating and managing teams and channels, (2) Leveraging best practices for channel-based conversations, (3) Utilizing a personal team to manage your own productivity, (4) Designing your workspace to quickly find relevant content in Teams, and more. Prefer to watch this session on your own time or simply want a refresher after attending the live training? Access the consolidated on-demand version of Tips and Tricks here: https://aka.ms/teamstipsandtricksondemand.

 

Maximizing Teams Meetings

The average employee spends approximately 30% of their working life in meetings. But meetings in Microsoft Teams are designed to be flexible and enable different types of connections for all the ways that work needs to get done. For users who are familiar with Microsoft Teams but want to better understand and optimize the Teams meeting experience, this session provides guidance into how to create spontaneous and scheduled meetings, leverage the pre, during and post-meeting features, identifying supported devices, and more.

 

Customer Immersion Experience: Simplifying your data privacy & compliance journey

Join us for a hands-on introduction to Microsoft 365 Compliance features and an opportunity to experience powerful solutions across the data lifecycle of assess, protect and respond. During this 2-hour interactive session, you will explore how to: (1) Understand your compliance from a single pane of glass, (2) Make identity the new perimeter, (3) Discover and govern sensitive data across clouds, devices and apps, (4) Recognize attacks, detect breaches, and recover quickly using automation, and (5) Streamline your operational processes and understand your security posture. Each session is limited to 12 participants, reserve your seat now.

 

Azure Active Directory Webinars for May

When: Multiple sessions currently scheduled from May 14 - 22, 2019 | Are you looking to deploy Azure Active Directory quickly and easily? We are offering free webinars on key Azure Active Directory deployment topics to help you get up and running. Sessions include Getting Ready for Azure AD, Azure AD Connect Health, Streamlining Password Management Using Azure AD, and more. Each 1-hour webinar is designed to support IT Pros in quickly rolling out Azure Active Directory features to their organization. All webinars are free of cost and will include an anonymous Q&A session with our Engineering Team. So, come with your questions! Capacity is limited. Sign up for one or all of the sessions today!  Note: There are also some sessions available on-demand.

 

Microsoft Compliance and Security Virtual Conference

When: Tuesday, May 14, 2019 from 9am – 2pm PT | In the present, ever-evolving threat landscape, many organizations find their biggest challenges in digital transformation to be ensuring security, privacy, and compliance. With the number of cybersecurity attacks on the rise, tighter local and global data privacy regulations, and the constant demand to ensure employees productivity, the need for an effective solution has never been greater. The Virtual Conference on Compliance and Security is coming on May 14. We invite you to register for a live event where you'll learn how to transform your business while remaining secure and compliant in a rapidly evolving world. Visit the registration page to learn more details about the event, including a preview of the agenda and session overviews. Invite your colleagues and register today to reserve your spot. We hope to see you at the Compliance & Security Virtual Conference!

 

Microsoft IT Expert Roundtable: SharePoint at Microsoft - portals and publication

When: Tuesday, May 14, 2019 at 10am PT | Join us for this live webinar where experts from both the business, and IT side of Microsoft will share candid insights and best practices around Enterprise Search, and how we manage our internal portals. They will also answer your questions about our strategy for modernizing employee experiences, delivering targeted communications, and enabling employees to find the authoritative content they need.

 

Microsoft Teams Spring Adoption Series: Awareness Campaign - Broad

When: Friday, May 17, 2019 at 11am PT | We'll review the responses and feedback we got from the pilot Awareness Campaign and discuss any needed adjustments. Depending on your organizations size, this may take time and be approached in phases by region, user profile or organization. We'll also discuss where outside communications and adoption partners can help the project team scale. Join live, or add the event to your calendar. Note: The top-level link has information and links to the recording for previous sessions in this Spring Adoption Series.

 

Microsoft Security Intelligence Report (SIR) Webinar

Want us to walk you through the most important insights from our Security Intelligence Report (SIR)? In the 24th edition of the SIR, we have shared key findings on threats based on our research and observations during the past year, covering topics such as cloud-based attacks, endpoint threats, phishing, and supply chain compromises. In addition to actionable insights, you'll learn about the brand new interactive web site that allows you to easily filter the data for threat trends by country and time period to share with your peers and customers. We will be posting recordings of the webinar on our community at https://aka.ms/SIRRecordings.

 

Microsoft Teams Spring Adoption Series: End User Training

When: Friday, May 24, 2019 at 11am PT | We have to help users adopt a self-service mindset to learning and discovery in order to keep up with changes in Cloud services. Guided learning sessions delivered by the project team or an appropriate champion can reinforce by sharing tips on getting started and best practices. In this session, we'll review a typical one-hour orientation session and how to deliver it. We'll then review the end-user training resources available to your organization and discuss how to promote them, including in-app prompts and guidance, learning from peers, and published learning resources. Join live, or add the event to your calendar. Note: The top-level link has information and links to the recording for previous sessions in this Spring Adoption Series.

 

May 2019 v-meet up for Women IT Pros - Building your personal brand with storytelling with Miri Rodriguez

When: Friday, May 24, 2019 at 12pm PT | Have you been thinking about building your personal brand but don't know exactly how or where to get started? Miri Rodriguez, Storyteller for CSEO and Brand Coach, will help you craft your "why" and brand prototype using the design thinking method to help you get started on your personal brand journey. A distinctive story helps define and successfully communicate unique personal and business attributes. Storytelling has become a powerful business tool in today's digital age because it drives an immersive and emotional experience for stakeholders and audiences, inspiring them to action. In this dynamic and interactive session, Miri will share practical tools to help you become a skilled storyteller and tell your story in a compelling way.

 

Microsoft Teams Spring Adoption Series: Measuring and Communicating Success

When: Thursday, May 30, 2019 at 11am PT | This week we'll discuss how to collect and communicate success stories, qualitatively and quantitatively. Qualitative success stories are anecdotal points of feedback from stakeholders, champions, and users. These may be examples of improved collaboration, reduced internal email, faster team member onboarding, and similar stories. Quantitative success examples come from the Office 365 Microsoft Teams usage reports built into the Office 365 Admin portal. This information can show the usage of Microsoft Teams in your company. Communicating real-world examples and quantitative data is critical to reinforcing project success and getting buy-in and additional resources from leadership. In this session we'll walk through several examples of one-page or one-slide summaries you can create, and how to secure the data and examples you'll use to reinforce the message. Join live, or add the event to your calendar. Note: The top-level link has information and links to the recording for previous sessions in this Spring Adoption Series.

 

10 time saving tips and tricks with Outlook mobile

When: Thursday, June 6, 2019 at 9am PT | Outlook mobile brings together your email, calendar, contacts, documents and more in one fast, fluid experience so you can accomplish the most important tasks in just a few seconds. All backed by enterprise-grade security you can trust. Join the Outlook mobile team for a webinar that will highlight cool tips and tricks that save you time and spark joy. You also get to ask any questions and share feedback with the team directly. In this webinar, you will learn: (1) Why Outlook mobile is the right choice for you, (2) Best practices for getting started, (3) Cool tips and tricks that spark joy and let you accomplish the most important tasks in just a few seconds, and (4) Ask questions or share your feedback directly with the Outlook team. There are also sessions from previous months that can be viewed on demand.

 

Ask Microsoft Anything (AMA): Microsoft Planner

When: Thursday, June 6, 2019 at 9am PT | We are very excited to announce a Microsoft Planner 'Ask Microsoft Anything' (AMA). An AMA is a live online event similar to a "YamJam" on Yammer or an "Ask Me Anything" on Reddit. This AMA gives you the opportunity to connect with members of the product teams who will be on hand to answer your questions and listen to feedback. Join in the Planner AMA space, or add the event to your calendar. We look forward to seeing you there!

 

Microsoft Teams Spring Adoption Series: Ongoing Adoption - Tips and Best Practices

When: Friday, June 7, 2019 at 11am PT | As your user base becomes more comfortable with teams, they'll start to explore functionality beyond basic Chat and Collaboration. "Where should I put my files in Office 365" will become a recurring question as they use Teams, SharePoint and OneDrive. When more Teams come online, best practices like Favoriting a Team, Following a Channel, and using the Activity Feed will help users get the most out of Teams. Your core Project Team should begin to transition from initial enablement to service management and monitoring for service changes and usage issues. Being able to rely/leverage your Champions community for ongoing "best practices" sessions, tips, and communications. Join live, or add the event to your calendar. Note: The top-level link has information and links to the recording for previous sessions in this Spring Adoption Series.

 

Customer Immersion Experience: Hands-on with security in a cloud-first, mobile-first world

This 2-hour hands-on session will give you the opportunity to try Microsoft technology that secures your digital transformation with a comprehensive platform, unique intelligence, and partnerships. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Detect and protect against external threats by monitoring, reporting and analyzing activity to react promptly to provide organization security, (2) Protect your information and reduce the risk of data loss, (3) Provide peace of mind with controls and visibility for industry-verified conformity with global standards in compliance, (4) Protect your users and their accounts, and (5) Support your organization with enhanced privacy and compliance to meet the General Data Protection Regulation. Each session is limited to 12 participants, reserve your seat now.

 

Microsoft IT: Speaking of Security - Privacy Compliance

When: Thursday, June 20, 2019 at 10am PT | During this webinar, the speakers will discuss the Microsoft security teams approach to privacy compliance. We'll address how we approached the topic and new requirements from GDPR. We'll answer your questions and talk about governance, compliance, and transparency, including all of the elements necessary to build a privacy program. Finally, we'll share some of the key things we learned on our journey. There are other sessions now available on demand at the Speaking of Security webinar series site.

 

BLOG ROUNDUP

 

New people-centered experiences in Microsoft 365, the world's productivity cloud

At Microsoft Build 2019, we announced the latest innovations in Microsoft 365. With Microsoft 365, we're building the world's productivity cloud—a solution to help people work smarter together on any device. The updates announced at Microsoft Build 2019 are our next step in creating a new way to work by breaking down barriers between people and across apps and devices. Underpinning all of this innovation is the Microsoft Graph, our customers' secure and compliant record of their productivity activity in the Microsoft Cloud. It helps developers create people-centered, cross-platform experiences by providing context about an organization's work that flows across documents, apps, and devices. The Microsoft Graph powers the most important components of Microsoft 365, from "born in the cloud" experiences like Microsoft Teams, Microsoft Search, and MyAnalytics, to modern, cloud-connected collaboration in existing apps like Word, Excel, and PowerPoint. Read on for the latest updates to these experiences and the underlying developer technologies that make them possible.

Related:

 

Minimize distractions and stay focused with AI-powered updates in Microsoft 365

It's no secret that work and life are speeding up. It's not uncommon to spend all day in meetings, writing emails, or on the phone, leaving little time to focus on what is most important to you. Many of us have never-ending to-do lists and spend time working after hours to complete pressing tasks. MyAnalytics, your source of personal productivity insights in Microsoft 365, was built to help with these very challenges—and today it's getting a refresh. Via a dashboard, Insights in Outlook, and weekly email digests, MyAnalytics provides insights and AI-powered suggestions to help you work smarter. A new MyAnalytics experience—generally available starting today—makes the insights more outcome-oriented in four key areas: focus, wellbeing, network, and collaboration. For example, insights that previously showed you the hours you spent on email, chats, calls, and meetings outside your working hours over the past week now show you the number of days you successfully disconnected after work over the past month. That way, you can set goals and build habits that help you achieve more quiet days.

 

What's new in Microsoft 365 user management for April 2019

We've updated quite a few features in user management in the Microsoft 365 admin center in April. These updates will help make completing your day to day tasks more efficient, and we're continuing to improve these core experiences over the next few months. You may have noticed that the way passwords work has changed a bit. We now support a maximum password length of 256 characters, which can help you improve the security of your organization by making your passwords harder to hack. For our hybrid customers, we have implemented support for password writeback. This Azure Active Directory Premium feature allows admins to reset passwords for users synced via AAD connect. This means that you can now reset passwords in the online portal for these users. We've also been busy ensuring that the efficiency improvements you've seen us apply to the Active users list will span across all our user management features. Updated experiences include: (1) Add user, (2) Delete user, (3) Block user, and more. The changes are rolling out now, and you should see them soon.

 

Planner and To-Do integration: bringing you a more cohesive task management experience in Office 365

Starting in early May 2019, Planner tasks assigned to you will appear in To-Do under a new Assigned to Me list. This integration, which is available to anyone with an Office 365 Enterprise or Office 365 in Education plan, addresses your most popular request: integration with Outlook tasks. It also continues our efforts to build a seamless task management experience between Planner and other Microsoft 365 tools, like we've already done with Microsoft Teams, Microsoft Flow, Microsoft SharePoint, and others. To get started, you need to enable Planner connectivity within To-Do; it cannot be enabled within Planner. Once enabled, the Planner-integrated Assigned to Me list will appear across all major To-Do platforms: web, Windows, Android, and iOS mobile apps. To-Do integration with Planner bridges the gap between individual and team tasks. We are integrating with To-Do because Outlook tasks is being replaced with the To-Do app. This experience has already shipped for Outlook Web users, and the To-Do team is working on bringing this to Outlook Desktop apps as well. To-Do is your hub for organizing and focusing on all of your tasks. Planner is a collaborative space for you and your team to see how everyone's tasks fit into a plan. Together, To-Do and Planner simplify work management by allowing you to focus on your tasks at hand and easily jump back into Planner to collaborate with your team.

 

NOTEWORTHY

 

Introducing My Library on the Service Trust Portal —a new service for Microsoft users

We are excited to announce some great new functionality to the Service Trust Portal (STP)! To support our effort to be transparent in how we manage customer data, we make available several resources. One of those resources is the Service Trust Portal, where we host tools such as Compliance Manager and a robust set of documents. These documents are updated frequently, and before now customers had to manually search within STP to find the most current versions of documents. After signing in, our customers are now able to save documents that are of particular relevance to them in one single place called My Library, and receive notifications when these documents are updated.

 

A new home and an all-new look for Microsoft Secure Score

In April 2019, we announced that Microsoft 365 Security Center had reached general availability and we provided our readers with a quick end to end tour of the top experiences. Since then it's been exciting to see the number of new customers using Microsoft Secure Score for the very first time almost tripling while the blog became one of the top viewed items for the month of March. In this month's blog we'd like to provide additional details on Microsoft Secure Scores' redesign and new capabilities. For this release your feedback on suggested we should focus on following four priorities and that's exactly what we decided to do: (1) Integrating it within Microsoft 365 security center instead of having it be a stand-alone console, (2) Organizing the experience around the Microsoft Threat Protection pillars, (3) Improving usability and decreasing decision-making time, and (4) Enriched the API so it has complete access to all Microsoft Secure Score data.

 

Create SharePoint lists from Excel or other lists

Changing the way business gets done – digital transformation – begins with great data. Microsoft 365 offers powerful tools for building workflows, automation and reporting – PowerApps, Flow, and Power BI. But you need a great place to store all that data. Every month, millions of users turn to SharePoint lists to store critical business data. Lists are secure, easy to use, and high capacity, with up to 30 million items in a single list. Today, across Microsoft 365, SharePoint lists store billions of rows of data to house information for scenarios like customers, audits or emergency room availability and more across Microsoft 365. Now, we're making it easier than ever to get started with a list – using Excel or other lists as a starting point. We'll start rolling out the new list creation experience to Targeted Release in mid May 2019.

 

Welcome to Microsoft Search, intelligent search for the modern workplace

We're announcing general availability of Microsoft Search, an intelligent, enterprise search experience from Microsoft that applies the artificial intelligence technology (AI) from Bing and deep personalized insights surfaced by the Microsoft Graph, to make search more effective for you – so whether you're looking to complete a task, pick up where you left off, or discover answers or insights, it's just a click away, across all of your applications, your desktop, and your browser. Microsoft Search is everywhere you are, in the header of the apps you're already using including Office, Outlook, SharePoint, OneDrive, Bing and Windows to name a few. It's a single, unified and consistent search experience that evolves the definition of search in the enterprise. We believe search is more than just a list of links, search needs to work both for and with you, anticipating your needs where you are working, with answers and insights in the flow of your work. Microsoft Search brings you natural language understanding, instant query predictions, contextual results, and more.

 

Actionable Messages in Outlook mobile help you act fast on the go

We are announcing the support of Actionable Messages in Outlook for iOS and Android to further help customers get things done quickly on the go. When you receive an email that has an option to take action, such as approving a timesheet, granting system access or quickly answering a survey, you can act on it right inside the email without leaving your inbox and switching apps. Microsoft is working with the developer community to integrate the tools, tasks and experiences of leading applications in a way that brings the work you would normally do in other apps right to your email. Using Actionable Messages with Adaptive Cards, developers can deliver messages in Outlook so customers can stay in context of what they doing and quickly take action. Outlook for Windows and Outlook on the web already support Actionable Messages and rolling out over the next few months, customers will be able to take action with Outlook for iOS and Android on a mobile device.

 

(Azure Storage) Tip of the Day: Larger, more powerful Managed Disks for Azure Virtual Machines

May 13, 2019, 7:05 am
$
0
0

Thanks to Tad Brockway for today’s tip!

We are excited to announce the general availability of larger and more powerful Azure Managed Disk sizes of up to 32 TiB on Premium SSD, Standard SSD, and Standard HDD disk offerings. In addition, we support disk sizes up to 64 TiB on Ultra Disks in preview.

We are also increasing the performance scale targets for Premium SSD to 20,000 IOPS and 900 MB/sec. With the general availability (GA) of larger disk sizes, Azure now offers a broad range of disk sizes for your production workload needs, with unmatched scale and performance.

Premium SSD disks

  • Premium SSDs are ideal for enterprise applications like Dynamics AX, Dynamics CRM, and database workloads like SQL Server, Cassandra, and MongoDB that require consistent high performance and low latency.

Standard SSD disks

  • Standard SSDs are suitable for web servers, low IOPS application servers, big data, and enterprise applications that need consistent performance at lower IOPS levels.

Standard HDD disks

  • Standard HDDs based on magnetic drives offer the most cost-effective solution for Dev/Test and backup scenarios.

Note:

Getting Started

  • You can create new Managed Disks or extend your existing disks to larger sizes using the Azure portal, PowerShell, or CLI today! The newly introduced sizes are generally available in all regions in Azure Public Cloud, and support for national clouds including Azure US Government and China 21Vianet will be available in the coming weeks

References:

P@ssw0rd. Ano či ne?

May 13, 2019, 7:28 am
$
0
0

2. května jsme oslavili světový den hesel. Den, bez kterého bychom se klidně v našich kalendářích obešli. Bylo by totiž v digitálním světě o dost bezpečněji. Ne bez druhého května, ale bez hesel.

A právě snahy o tuto větší bezpečnost některé IT profesionály (a auditory) paradoxně dost děsí.

Výborným příkladem bylo prohlášení společnosti Microsoft, že vynucené vypršení platnosti hesel bude odstraněno z doporučených nastavení pro lokální Active Directory od verze Windows klienta 1903. Je to zcela správné a plně to následuje aktuální doporučení NIST. Protože paradoxně častá změna hesla snižuje jeho bezpečnost. Ostatně v Office 365 se toto doporučení nabízí již přes půl roku.

Ale protože lidé bohužel nečtou, mnoho (bohužel i novinářů) to bohužel pochopilo ve smyslu, že toto nastavení zmizí z AD a Windows. To není pravda. Jedná se pouze o doporučení. Technologicky budou GPO, dialog pro změnu hesla i počítání délky jeho platnosti fungovat stále stejně. Takže se opět trochu uklidníme. A začněme raději myslet ve trochu větším pohledu, než je jen délka platnosti hesla.

Má to ale určitě svá ale. Heslo, které nikdy nevyprší má své opodstatnění jen tehdy, je-li podpořena například druhým faktorem, procesy, které detekují, že bude dostatečně unikátní a komplexní. Že při jeho kompromitaci vynutím jeho změnu, a především dokážu tento fakt rozpoznat.

Buďme ovšem upřímní. Vy máte snad rádi svoje hesla? Heslo do počítače, do systému, k administraci, k bankovnictví, do telefonu, ke speciálnímu počítači pro správu AD, heslo lokálního správce. Všude samá hesla. Každé jiné, s jinou vynucenou složitostí a různou dobou platnosti. Zapomínají uživatelé svoje hesla, vyžadují jejich reset přes telefonický kontakt technické podpory, značí si je ve žlutých lístečcích na monitory?

Proč se hesel zbavit?

Protože většinou kreativita uživatelů při jejich tvorbě a používání není příliš velká, naopak místy i škodlivá. Dle průzkumů více než polovina uživatelů používá stejné heslo pro přístup k více účtům, až pětina používá jméno svého příbuzného či domácího mazlíčka. Stejně tak dnes firemně oblíbené politiky komplexity hesel je většinou naučí používat čísla roků či data narození v jejich heslech.

A přesně taková hesla je jednoduché zkusit získat analýzou sociálních sítí. Nebo z jiného veřejného úniku přihlašovacích údajů, protože ne všichni vývojáři webových stránek, elektronických obchodů umí hesla ukládat do databází správně a šifrovaně.

Heslo01, 123456, Password, Qwerty, iloveyou, Abcd1234, Toneuhodnes či PIN 1234 nebo 1111 na mobilním telefonu a teoreticky máme šanci 21 % proniknout ke každé identitě na světě. Ostatně i mnohem silnější hesla lze pomocí slovníkových útoků či prostým brute-force útokem dešifrovat za pár minut.

Důkazem o tomto faktu může být jiný průzkum, který říká, že až 81 % průniků do firemních IT systémů bylo způsobeno ukradením přihlašovacích údajů, nebo slabými a snadno odhadnutelnými hesly.

Oproti tomu až 99 % z těchto napadení by šlo zabránit, byť i zcela jednoduchým, zavedením druhého faktoru ověření identity při přihlášení.

Nechci hesla. Jak na to?

Strategie je jednoduchá. Zlepšit bezpečnost prostředí a identit uživatelů. Identit, kterými přistupujeme k firemním systémům a citlivým informacím. A to tak, aby koncový uživatel měl ideálně lepší zážitek z celého procesu než při používání obyčejného hesla.

Cesta přes dlouho známé řešení Smart Card je sice možná, ale dnes nepříliš vhodná. Uživatelé je nechávají v počítačích, pokud je nemusí použít při přístupu do kuchyňky či na toaletu.

Někdy stačí vyrazit na onu cestu pomalými krůčky, například uživatele naučit vytvářet správně bezpečná hesla či rozpoznat běžné phishingové útoky, které mohou potkat. Zajistit kontrolu a procesy, co se bude dít, když bude identita kompromitována. A jak takový stav vůbec zjistím. Bude to SIEM, který mi ohlídá aktivity přihlášení? Bude to databáze ukradených hesel a identit? Bude to nějaký jiný sofistikovanější nástroj?

Výhodou těchto malých kroků je získání času pro kroky větší. Kroky, které zároveň mnohé standardní vektory útoků zcela eliminují.

Jak chcete po uživatel pomocí falešného e-mailu získat jeho heslo, pokud uživatel heslo nikdy nezískal a žádné nemá?

Výběrem správné technologie můžeme zároveň zajistit, že dokud se uživatel a jeho identita chovají standardně a bezpečně, nebude ho ona přidaná bezpečnost rušit při práci. Dokážeme například druhý faktor vynutit podmíněně jen mimo prostory společnosti, protože dole sedí nerudný vrátný a kontroluje občanské průkazy? Dokážeme rozpoznat míru rizika při přihlášení podle země, času, chování v systému a například přihlášení omezit z této lokality, ale ne z firemního ústředí?

Nasazení správné technologie nám v mnohem ulehčí to nejdůležitější, určí jasné chování a funkce, které pomohou při adopci u uživatelů, důležitou poslední částí. Musíte uživatele naučit, jak v tomto novém prostředí žít. A možná nejen uživatele, i technickou podporu, ale i samotné IT.

Jaké technologie nám s tímto procesem pomohou?

Windows Hello iconWindows Hello for Business na koncové stanici může pomocí biometrických údajů nahradit užití hesla při přihlašování do počítače i autentizace v samotném systému. Bezpečnou metodou s pomocí TPM pak uložit i samotné pověřovací údaje. Při pokročilé konfiguraci pak umožňuje použít i další faktory, jako je viditelnost určité sítě či autentizačního serveru. Mojí osobní zkušeností je, že použití je více než velmi návykové.

Microsoft Authenticator iconMicrosoft Authenticator aplikace na mobilní platformy iOS a Android umožňuje jednoduché zavedení druhého faktoru v podobě nejen běžné SMS či jednorázového generátoru autentizačních kódů. Ale především jednoduchou notifikací. Notifikací, na kterou jsou uživatelé již zvyklí z jiných aplikací. A pokud nejde jinak, na opsání kódu jsou již zvyklí ze své bankovní aplikace. A právě aplikace Authenticator může fungovat nejen jako další faktor, ale jako přímá náhrada hesla již při přihlášení.

Graphic icon of two keys on a key ringBezpečnostní klíče jako hardware zařízení, které například pomocí FIDO2 umožňují uložit a používat autentizační tokeny. Přihlášení pak vyžaduje přítomnost tohoto zařízení či dokonce potvrzení akce přihlášení dalším biometrickým údajem. Bezpečnostním klíčem dnes může být například i právě počítač s Windows či telefon s novějším systémem Android.

Microsoft Edge iconMicrosoft Edge jako prohlížeč, který dokáže využít přihlášení pomocí Windows Hello for Business i přenesení pověření z FIDO2 certifikovaných zařízení. I vývojáři webových stránek mohou využít například dostupných SDK a nabídnout tuto metodu autentizace a ověřování k jejich službám.

Azure AD icon

Azure Active Directory či Active Directory jako úložiště nejen identit, ale také jako správce autentizačních metod, které jsou uživatelům k dispozici. Ono totiž i v lokálním prostředí se lze do velké míry hesel zbavit, pokud s tím dokáží aplikace žít. Volby v AD na to již několik let máme. Stejně tak zde máme metody, jak uživatel může svoje heslo či autentizační metody změnit a to bezpečně při ověření jeho identity jiným způsobem.

Samozřejmě, nasazení těchto technologií by mělo být podpořeno i na nižší úrovni celé pyramidy bezpečnosti. Protože potřebuji v tomto případě více věřit samotné stanici, kde jsou uloženy přihlašovací tokeny uživatele. Tedy šifrováním pevného disku pomocí BitLocker či aspoň Device Encryption, zapnutím Secure Boot, aktualizací a správnou konfigurací UEFI, instalací či upgrade na aktuální verzi Windows 10 1809 a novější.

Zbývá jen začít…

Více se můžete dočíst v oficiální příručce Passwordless, která vás nasměruje i ke správné dokumentaci či na správného technického partnera. Mnoho štěstí na vaší cestě k budoucnosti bez hesel, to přeji závěrem.

- Petr Vlk (KPCS CZ, MVP, WUG)

SharePoint Management framework Private Preview

May 13, 2019, 1:22 pm
$
0
0

 

Do you have an Enterprise SharePoint farms that you manage health and performance via custom scripts?

Have you used SETH to manage SharePoint 2010 problems with the farm(s)?

 

Would you want a scalable tool you can add your own scripts and enable/check, and then alert on what you want?

 

 

Background

SharePoint Engineer Troubleshooting Helper (SETH) was a Microsoft tool for SharePoint 2010

Using SETH

Troubleshooting SETH

 

 

For SharePoint 2016 and 2019, the Customer Support team brought up the need for bringing back a utility to help with common SharePoint scenarios

On Premise Diagnostic (OPD) is the second generation of project (for SharePoint 2016 and 2019).

 

My goal was to help the Escalation Engineers have a full platform that can be implemented and is scalable for the technical community to maintain and use.

 

BTW, the only thing preventing 2013 SharePoint support is the dependency on WMF v5.0 or better on SharePoint servers.

 

 

SCOM management pack can be found here

 

Tip of the Day: Get an official service issue root cause analysis with Azure Service Health

May 13, 2019, 3:00 pm
$
0
0

Thanks to Stephen Baron for today’s tip!

Azure Service Health helps you stay informed and take action when Azure service issues like incidents and planned maintenance affect you by providing a personalized health dashboard, customizable alerts, and expert guidance.

You can use Azure Service Health’s health history to review past health issues and get official root cause analyses (RCAs).

If you experience downtime your internal or external stakeholders might expect an official report or RCA.  As soon as they become available, RCAs can be found under any incident. Meanwhile, you can download and share Microsoft’s issue summary as a PDF.

 

References:

イベント開催のご案内 | 2019/5/14 号

May 13, 2019, 5:53 pm
$
0
0

マイクロソフトでは、様々な支援ができるよう多数のセミナー(ウェビナーおよび各地でスクール形式行われるセミナー)を開催しております。

遠方で参加が難しい方や当日都合が悪くなった方には、オンラインでご参加いただける形式のセミナーも多数実施しておりますので、お気軽にご参加いただき、お役立て下さい。(参加には事前のお申込みが必要になります)

なお、過去のウェビナーは Azure サイトの歩き方ページより、
[学習する] ― [過去の Web / 動画セミナー (2018 年 1 月以降)] から参照いただけます。

※このエントリーは、期間内のイベントに限り、登録サイトが公開され次第順次アップデートされます。

セミナー

2019 年 6 月 11 日(火) 13:00-17:30(12:45 開場)

[東京開催] SQL Server の達人になる!
丸わかり 1 日セミナー SQL Server 2019 とデータベースマイグレーションの最新情報を Build / de:code の発表内容を交えてお届け!

今回は、5 月に開催された Build / de:code で発表のあった内容を交えながら、SQL Server の最新情報をお届けいたします。

前半は、新しいバージョンの SQL Server となる SQL Server 2019 のプレビュー版の最新情報 / SQL Server と高い互換性を持つ PaaS 型の マネージド データベースである SQL Database Managed Instance の解説 / SQL Server への移行、SQL Server のバージョンアップ、クラウドの SQL Server へのマイグレーションを効率的に実施するために活用できるツールなどの最新情報をご紹介いたします。

後半は、既存データ資産を生かしたデータベースの最新化についてご説明いたします。

参加のご登録はこちら >

ウェビナー

2019 年 6 月 14 日(金) 16:30-17:30

オープンソースデータベースの活用

独立系 SI ベンダーとしての経験をもとに、各オープンソースのデータベースの紹介として、PostgreSQL / MySQL / mariaSQL の概要と機能の比較をご紹介します。

また、その中でマイグレーション先として昨今ニーズが高まっている PostgreSQL について、注意点や弊社の移行サービス・実績をご紹介します。

参加のご登録はこちら >

Azure のイベント からもイベントの一覧をご覧いただけます。

Search

Azure Cognitive Services の新機能をご紹介

May 13, 2019, 9:43 pm
$
0
0

執筆者: Anand Raman (Group Product Manager, Azure AI)

このポストは、2019 5 3 日に投稿された A deep dive into what’s new with Azure Cognitive Services の翻訳です。

 

今回の記事は、Azure Cognitive Services 担当シニア プロダクト マーケティング マネージャーを務める Tina Coll と共同で執筆しました。

Microsoft Build 2019 では、開発者向けの新たなサービスや機能が発表され、Azure Cognitive Services の進展にとって重要な一歩となりました。Personalizer のリリースにより、開発者の皆様は、Azure のパワーを活かして実際のビジネスで強化学習を利用できるようになります。Personalizer は、Anomaly DetectorContent Moderator と併せて、Cognitive Services に新たに追加された「Decision (決定)」カテゴリに属し、情報に基づいて効率的に意思決定を行うための推奨事項を提示します。

プレビューおよび一般提供を開始する機能は次のとおりです。

プレビュー

Cognitive Servicesの API

データに近いエッジでビジネス AI モデルを利用するためのコンテナー サポート

一般提供

Cognitive Services は「Vision (視覚)」「Speech (音声)」「Language (言語)」「Search (検索)」「Decision (決定)」というカテゴリから成り、見る・聞く・理解する・判断するなどの機能をアプリに組み込みたい開発者に向けた包括的なポートフォリオを提供しています。では詳しく見ていきましょう。

Decision: 企業での強化学習の利用を支援する Personalizer を新規追加

小売業、メディア、eコマースなどの各種業界では、エクスペリエンスをパーソナライズするという究極の理想を長年追い続けてきました。しかし、ユーザーが求めている以上のものを提供するには、CRMDMP などのさまざまなプラットフォームを連携させ、さらに A/B テストを何度も繰り返す必要があります。強化学習とは、現実世界で起きていることをリアルタイムで学習し AI が目標を達成できるようにするための手法です。この強力な強化学習を基盤とする機能を Personalizer の使いやすい API から利用できます。これは他社製品にはない Azure だけのサービスです。

マイクロソフトの社内チームは、Personalizer をユーザー エクスペリエンスの改善に活用しています。たとえば Xbox では、Personalizer を使用してユーザーそれぞれに関心のありそうなコンテンツを表示し、利用時間を 40% 向上させました。

A diagram that illustrates how Personalizer works to optimize towards business goals.

Speech: 会話の文字起こし機能で対面会議を効率化

Speech to Text (英語) の高度な機能の 1 つである Conversation Transcription (英語) は、会話をリアルタイムに文字に起こすことで会議の円滑な進行を促進します。いつだれが何を発言したかを把握でき、すべての参加者が会議に集中して次のステップに迅速に移ることができます。この Conversation Transcription を、一般提供が開始された Speech Devices SDK と連携するデバイスと組み合わせれば、高品質の文字起こしが実現できます。また、Microsoft Teams やその他のサードパーティ製会議ソフトウェアなど、さまざまな会議ソリューションとも連携が可能です。詳細については、Speech カテゴリのページをご覧ください。

Example of conversation transcription device and results.

Vision: フォームからデジタル インクのメモまで、コンテンツの価値を引き出す

Form Recognizer (英語) は、高度な機械学習テクノロジを使用して、ビジネス関連のフォームやドキュメントから迅速かつ正確にテキストやデータを抽出します。コンテナー サポートもあるため、オンプレミスとクラウドのどちらでもサービスを実行できます。特定のコンテンツに合わせて情報抽出を迅速に自動化できます。用意するサンプルは 5 つだけでよく、手動でのラベル付けも必要ありません。

An image showing a document with a chart on the left and the extracted key-value pairs from the document on the right.

Ink Recognizer (英語) では、デジタル手書き文字、一般的な図形、インク機能で書かれたドキュメントのレイアウトを認識する機能を提供します。Ink Recognizer API を通じて、物理的なペンと紙の利点とデジタルの利点を組み合わせたエクスペリエンスを作成できます。

A diagram showing the ink stroke input on the left and the recognition tree on the right.

Ink Recognizer は Microsoft Office 365 Windows に統合されており、自然な形でのコンテンツ作成を可能にしています。たとえば、PowerPoint の Ink Recognizer によって、アイデアが即座にプロ レベルのスライドに変換されます。

An animated GIF showing how Ink Recognizer is used in PowerPoint.

AI をエッジに組み込む

2018 年 11 月に、オンプレミス、クラウド、エッジで実行できる Cognitive Services コンテナーのプレビューを発表しました。これは、業界としては初のサービスです。

A diagram showing the a representation of Cognitive Services on the left, and a representation of the ability to deploy Cognitive Services with containers on the right.

以下のコンテナー サポートのプレビューを開始しました。

Cognitive Services をコンテナーで利用すると、ISV や企業の皆様は、エッジ コンピューティングを活用してビジネスを刷新できます。コネクテッド パブリック セーフティ テクノロジの世界的大手企業として世界 100 か国を超える 17,000 以上の法執行機関と提携している Axon では、1 秒の対応の遅れが重大な事態につながりかねないパブリック セーフティの現場で Cognitive Services コンテナーを利用しています。

「マイクロソフトの Cognitive Services コンテナーのおかげで、法執行機関のお客様に向けて最高レベルのデータ整合性とコンプライアンスを確保しながら、ネットワーク接続が制限される場所でも AI 製品を稼働させられるようになりました」

Moji Solgi (AI & 機械学習担当バイス プレジデント、Axon)

既存の Cognitive Services ポートフォリオを拡充

新たに追加されたサービス以外にも、以下の機能の一般提供が開始されました。

Neural Text to Speech のサポートが 5 種類の音声、9 つのリージョンに拡大し、より多くの言語や地域のお客様にご利用いただけるようになりました。音声合成マークアップ言語音声チューニング ポータルを使用して話し方のスタイルを変更すれば、用途に応じて音声を調整し、さまざまな感情を表現したり口調を変えたりできます。新たに追加された音声は、Text to Speech のページで聞いてみることができます。

Computer Vision の読み取り機能で、複数ページのドキュメントを読み込めるようになりました。また、PDF TIFF などの一般的な種類のファイルからテキストを抽出する機能が強化されました。

An image showing the a sample PDF on the left, and the extracted JSON output from using Computer Vision on the right.

Computer Vision画像タグ付けモデルが強化され、1 万種類以上の概念、場面、オブジェクトを理解できるようになり、認識可能な著名人が 20 万人から 100 万人に増えました。Video Indexer も強化され、その 1 つである AI Editor は、NAB Show 2019 AI/ML 部門で Product of the Year Award を獲得しました。

Text Analytics名前付きエンティティの認識機能は、自由形式のテキストを読み込んで、人物、場所、企業などのエンティティが含まれているかどうかを識別します。API を呼び出すと、機械学習モデルに基づいてあらゆるテキスト ドキュメントから 20 種類以上の名前付きエンティティが発見、分類されます。名前付きエンティティの認識機能は、19 の言語モデルをプレビューとしてサポートしており、英語とスペイン語のサポートが一般提供となりました。

QnA Maker でマルチターン ダイアログがサポートされました。また、中核機能である PDF Web サイトからダイアログを抽出する機能が強化されました。

今すぐご利用ください

今回の大きな進展は、マイクロソフトが AI の最新イノベーションをインテリジェント クラウドやインテリジェント エッジに組み込むために注力してきた成果です。

Azure Cognitive Services のページをご覧いただき、インテリジェントなアプリの構築を始めてください。

 

Hyperscale を使用して Azure データベース ワークロードでハイパフォーマンス スケーリングを実現する

May 14, 2019, 12:03 am
$
0
0

今日のデータ主導の世界では、デジタル トランスフォーメーションの促進は、大量データの管理およびその潜在能力を活用する能力にますます依存しています。インテリジェントなアプリケーションや没入型のアプリケーションを構築する開発者は、リソースの制限に束縛されてはなりません。なぜなら、最終的にカスタマー エクスペリエンスに影響を与えることになるためです。

日本語版のポストは、下記の URL よりご覧いただけます。

https://azure.microsoft.com/ja-jp/blog/get-high-performance-scaling-for-your-azure-database-workloads-with-hyperscale/

※このポストは、2019 年 5 月 6 日に投稿された Get high-performance scaling for your Azure database workloads with Hyperscale

Azure の Announcements 一覧は https://azure.microsoft.com/ja-jp/blog/topics/announcements/ よりご覧いただけます。

GitHub と Azure による DevOps 期間の短縮

May 14, 2019, 12:04 am
$
0
0

Microsoft では、GitHub と Azure DevOps を使用して、大規模エンタープライズ ソリューションからオープンソース プロジェクトに至る、あらゆるアプリを開発者が計画、構築、提供するのをサポートしています。

日本語版のポストは、下記の URL よりご覧いただけます。

https://azure.microsoft.com/ja-jp/blog/accelerating-devops-with-github-and-azure/

※このポストは、2019 年 5 月 6 日に投稿された Accelerating DevOps with GitHub and Azure

Azure の Announcements 一覧は https://azure.microsoft.com/ja-jp/blog/topics/announcements/ よりご覧いただけます。

Azure での分析では常に他に類を見ない新たなイノベーションを取り入れています

May 14, 2019, 12:06 am
$
0
0

デジタル ディスラプションは、ビジネスで競争優位に立つためにデータを利用する企業に、無限の可能性を与えてきました。結果として、分析は、企業の最優先事項の 1 つであり続けています。分析に関しては、最適な価格、パフォーマンス、セキュリティ、プライバシーや、組織全体にわたる強力な分析情報を簡単に提供できるシステムを提供するソリューションが必要であるというお客様の声をいただいています。Azure はこれらを対象にしてきました。

日本語版のポストは、下記の URL よりご覧いただけます。

https://azure.microsoft.com/ja-jp/blog/analytics-in-azure-remains-unmatched-with-new-innovations/

※このポストは、2019 年 5 月 6 日に投稿された Analytics in Azure remains unmatched with new innovations

Azure の Announcements 一覧は https://azure.microsoft.com/ja-jp/blog/topics/announcements/ よりご覧いただけます。

コミュニティと提携して Kubernetes を使いやすくする

May 14, 2019, 12:07 am
$
0
0

サーバーレス Kubernetes の提供は、Kubernetes をすべての人にとってシンプルなものにするという Microsoft のビジョンの主要な部分です。強化されたセキュリティと分離レイヤーを備えたエンタープライズ級のプラットフォームで、開発者の生産性を高めるように最適化されたエンド ツー エンドのエクスペリエンスを提供することでこのビジョンは実現されました。どこで実行しても Kubernetes をすべての人にとって簡単なものにするオというープンソース プロジェクトで、コミュニティと緊密に連携しています。

日本語版のポストは、下記の URL よりご覧いただけます。

https://azure.microsoft.com/ja-jp/blog/partnering-with-the-community-to-make-kubernetes-easier/

※このポストは、2019 年 5 月 6 日に投稿された Partnering with the community to make Kubernetes easier

Azure の Announcements 一覧は https://azure.microsoft.com/ja-jp/blog/topics/announcements/ よりご覧いただけます。

Azure App Service の更新: Linux の Free レベル、Python と Java のサポートなど

May 14, 2019, 1:18 am
$
0
0

執筆者: Stefan Schackow (Principal Program Manager, App Platform, Microsoft Azure)

このポストは、2019 5 7 日に投稿された Azure App Service update: Free Linux Tier, Python and Java support, and more の翻訳です。

 

多くの Azure App Service ユーザーにとって、Web アプリケーションは依然としてビジネス クリティカルなアプリケーションの中核です。既存アプリケーションをクラウドへ移行する場合でも、新機能による刷新でエンド ユーザーの満足度向上を図る場合でも、主柱となる要素です。最近では、Azure App Service でホストされているアプリケーションや Web サイトが 200 万件を超え、月間アクティブ ユーザーが 55 万人に達するという 2 つの大きなマイルストーンを達成しました。お客様の成功事例として紹介しているスペインのメディア・エンターテイメント企業である LaLiga (英語) では、Azure App Service Cognitive Services AI を組み合わせて活用し、実に興味深いエクスペリエンスを構築しています。

そしてこのたび、Azure App Service (英語) に新機能を追加しました。今回は特に、マイクロソフト製品やオープン ソースを問わず、幅広いアプリケーションをマイクロソフトの PaaS サービスで使用できるようにすることに注力しました。

  • 無期限の無料 Free レベルの App Service on Linux で、jsPythonPHP のアプリを構築、デプロイ、実行できるようになりました。
  • Linux での Python (バージョン7/3.6/2.7) サポートの一般提供を開始しました。
  • Windows と Linux Java 11 をサポートしました。
  • Linux ネイティブの新しいビルド システムで、js Python のパッケージの依存関係が解決されるようになり、カスタム ビルド スクリプトを実行できるようになりました。
  • 仮想ネットワークに接続されたリソースに安全にアクセスする必要がある Linux ワークロードのために、App Service on Linux でバックエンド仮想ネットワークの統合をサポートしました (プレビュー)
  • Azure Portal に新たに全画面作成エクスペリエンスを追加しました。

Free レベル

クラウド ベースの開発には、テストや調査による試行錯誤がつきものです。新たに追加された Free レベルを使用すれば、料金のことは気にせずに App Service on Linux を使ってテストができます。Web アプリケーションを新規作成するときに Free SKU を選択するだけで、簡単に使用できます。

Using the Free Tier is as easy as selecting the Free SKU when initially creating a new web application.

Details on the compute resources and options available when running on the Free Tier can be found on the Azure subscription and service limits page.

Free レベルで利用できるコンピューティング リソースとオプションの詳細については、Azure サブスクリプションとサービスの制限に関するページをご覧ください。

Python サポートの一般提供と新しいビルド システム

数か月前に App Service on Linux Python のサポートを拡張しましたが、このたび Python バージョン 3.7/3.6/2.7 のサポートが一般提供となりました。App Service on Linux の新しいビルド システムと組み合わせることで、PythonNode.js の開発者は、アプリを Azure にデプロイして実行する作業がさらに容易になります。新しいビルド システムでは、Node.js アプリについては yarn npmPython アプリについては pip によってパッケージの依存関係が自動的に解決されます。また、Python アプリの静的ファイルを自動収集したり、Node.js アプリと Python アプリの両方に対してビルド前およびビルド後にスクリプトを実行したりできるなど、カスタマイズにも対応しています。App Service on Linux では、Node.js アプリは npm start で実行し、Python アプリは gunicorn で実行します。Django Flask などの WSGI フレームワークもサポートされています。詳細については、新しいビルド システムの構成オプションと可能なカスタマイズ (英語) をご確認ください。

Linux と Windows 双方での Java 11 サポートの一般提供

Linux と Windows のどちらの App Service でも Java 11 を使用できるようになりました。JAR ファイルを Java 11 で、WAR ファイルを Tomcat 8.5/9.0 (Java 11 を使用) で実行できます。Java 11 のサポートに伴い、App Service on Linux では最新の LTS バージョンの Java ランタイムがサポートされ、App Service on Windows では 3 種類の新しい LTS バージョンがサポートされます。サポート期間は、Java 7 2023 7 月まで、Java 8 2025 3 月まで、Java 11 2026 9 月までの予定です。この期間のうちに、Azure ユーザーは自分のペースで API 変更についての調査や新バージョンの Java の導入を進めることができます。ぜひ今すぐ App Service で Java をお試しください。詳細については Java 開発者ガイドをご覧ください。

アプリケーション作成用の新しいユーザー エクスペリエンス

開発者は、簡単な操作で App Service をセットアップしたいと考えていますが。ただし、機能が拡張し続けるままに画面が乱雑になることは望んでいません。Azure Portal の新しい App Service 全画面作成エクスペリエンスは、画面領域が広がり、既定の項目が適切に提示されると同時に、追加のカスタマイズ オプションや作成の進捗状況についてのリアルタイムのフィードバックがわかりやすく表示されます。

新しいエクスペリエンスでは、コード ベースのデプロイとコンテナー ベースのデプロイの場合に利用可能なオプションがすべて表示され、選択した発行方式や OS に応じてランタイム スタックの選択肢が動的に提示されます。

Azure App Service presents all the available options for both code and container-based deployments available.

カスタマイズを設定する UX では、オプションで Application Insights をアプリケーションに追加したり、ARM タグを構成したりできます。これらの構成内容は UX 内のサマリー セクションに表示されます。

At the end of the application creation experience, the developer is presented with a summary of their choices.

アプリケーションの作成中は、プロビジョニング処理の進捗状況がリアルタイムに表示されます。プロビジョニング完了後は、中間処理を確認したり、新しくプロビジョニングされたアプリケーションにリンクから簡単に移動したりできます。

Azure App Service shows a real-time view of the provisioning process, including a convenient link to jump to the newly provisioned application.

Azure Portal にログインして、App Service でアプリの新規作成をお試しください。

App Service on Linux の仮想ネットワーク統合のプレビュー

パブリックな環境の App Service on Linux をバックエンド仮想ネットワークに統合できるようになりました (プレビュー)。この新しい仮想ネットワーク統合機能を使用すると、Standard レベルや Premium v2 レベルで実行しているアプリケーションを仮想ネットワークに接続できます。仮想ネットワークに接続すると、Linux アプリケーションと同一仮想ネットワークに接続されている他のリソースとの間で通信が可能になります。そのリソースには、Express Route やサイト間 VPN、その他のサービス エンドポイントで保護されている Azure プラットフォーム サービス (Azure Database for MySQL サーバー、Azure Database for PostgreSQL サーバーなど) が含まれます。

Applications running in the Standard or Premium v2 tiers can now connect to virtual networks using the new preview virtual network integration feature.

詳細は、新しい仮想ネットワーク統合機能のページ (英語) をご覧ください。

次のステップ

ぜひ Azure App Service (英語) をお試しください。

 

Rapidly enhance your Apps & Infrastructure technical knowledge

May 14, 2019, 7:04 am
$
0
0

Stay up to date on the latest developments in Apps & Infrastructure by connecting with Microsoft Partner Technical Consultants through these technical webinar events. These events are available to you as an MPN member at no cost and will cover topics such as Azure Containers, Windows Server and IUR benefits.

Technical Deep Dive on Migrating Applications to Azure – Learn how to streamline your app hosting and deployment processes using Microsoft Azure web workloads and understand the migration paths that apply to your application. Our Microsoft technical experts will teach you how to migrate existing business applications as well as test the Azure environment by activating your internal-use rights (IUR) benefits. You’ll discover how to leverage Azure Virtual Machines, Azure App Service, Containers in Azure, Azure Active Directory, Cosmos DB and Azure SQL database to streamline deployment processes and quickly respond to your customers' needs. ​

This course is organized in 4 different 2-3 hour sessions, each consumable individually or together, depending on your needs. By attending the sessions within this technical training webcast, you will learn:​

  • How to plan and migrate an application to Azure​
  • How to streamline the application deployment processes​
  • About IUR benefits and how they can impact your planning and deployment

Technical Deep Dive on Hybrid Cloud InfrastructureDiscover how Windows Server 2016 delivers new layers of security to help protect your customer’s datacenters from new and emerging threats. Receive expert-driven guidance on how the software defined datacenter components found in Azure can help customers achieve cost reduction, while still achieving high standards for performance. Understand the new capabilities available on Windows Server to support traditional and born-in-the cloud applications with Containers and Nano Server.

Introduction to Microsoft Azure ContainersDiscover how to utilize Azure Container Services to easily meet expectations of availability, hyper-scale and agility on your applications. This technical webinar will cover the options for running containers in Windows Server and Azure, how they work and how to better address the needs of customers with them. Application development and infrastructure architecture is undergoing a transformation that occurs only once every ten to fifteen years. Containers are revolutionary in the field of hosting web applications – Joining the power of containers and the cloud will result in incredible services. 

Check out the full Apps & Infrastructure technical journey of technical webinars and technical consultations at aka.ms/AzureAppInnovation and aka.ms/O365AppInnovation.

Search

(RDS) Tip of the Day: Getting started with Windows Virtual Desktop

May 14, 2019, 7:28 am
$
0
0

Thanks to Pieter Wigleven for today’s tip!

[Pieter does a phenomenal job in this article by providing detailed walkthroughs and explaining every configuration option to setup Windows Virtual Desktop.  I encourage everyone to read the full article HERE]

With the public preview for Windows Virtual Desktop now available, we wanted to provide a quick overview of the steps required to get your environment up and running.

Before I begin; however, I’d like to take a few moments to explain what Windows Virtual Desktop is and how it can help you deploy and scale Windows and Office on Azure in minutes, with built-in security and compliance.

Windows Virtual Desktop is a comprehensive desktop and app virtualization service that runs in the cloud. Here is a quick list of some of the key features and functionality:

  • Infrastructure services like gateway, brokering, licensing, diagnostics are provided as a service in Azure. There’s no need to deploy and maintain any on-premises infrastructure.
  • Windows Virtual Desktop can leverage Azure Active Directory (Azure AD) as the identity provider, allowing you to leverage additional security controls like multifactor authentication (MFA) or conditional access.
  • Once a user is connected to Windows Virtual Desktop service, access to Active Directory joined virtual machines (VMs) will be provided using Azure AD identities. In environments where Active Directory Federation Services (AD FS) is implemented for single sign-on (SSO), the user won’t be prompted for credentials when connecting to the VM, providing a seamless sign-on experience.
  • Reverse connect technology means your destination VM doesn’t need any inbound ports to be opened. Even the default RDP port, TCP/3389, doesn’t have to be open. Instead, an agent creates an outbound connection using TCP/443 into the Windows Virtual Desktop management plane. Azure is your reverse proxy for RDP traffic.
  • Virtual machines in Windows Virtual Desktop are not exposed to the Internet directly. They can run using a private IP address and run isolated from other workloads or even the Internet. (The reverse connect technology allows the VMs to be accessed.)
  • Windows Virtual Desktop introduces Windows 10 multi-session, allowing you to offer a Windows 10 Enterprise experience where multiple users can log into the same Windows client VM simultaneously via RDP. (Multi-session was historically only possible on Windows Server operating systems.)
  • Access to FSLogix technology, making your Office experience in a non-persistent environment feel like you are using a traditional PC.
  • Windows Virtual Desktop supports full desktop, RemoteApp, and persistent or non-persistent, dedicated or multi-session experiences.
  • Organizations with “Windows 10 Enterprise E3 Per User” licenses or better (e.g. Windows 10 Enterprise E5 or Microsoft 365 E3, E5, F1, or Business) or RDS CALs can use Windows Virtual Desktop for no additional charge apart from Azure compute/storage and network usage billing. Reserved instances can be used to reduce Azure costs up to 80%.

Now let’s move on to the steps you need to take to get started.

Windows Virtual Desktop prerequisites

To set up Windows Virtual Desktop, you will need a few resources and to complete a few initial setup steps:

  • An Azure subscription with sufficient credit (needed to host resources).
  • Download and install the Windows Virtual Desktop cmdlets for Windows PowerShell on a device.
  • Make sure your virtual network in Azure is configured in such a way that new VMs have your Domain Controller or Azure AD Domain Services (Azure AD DS) set as the DNS (otherwise the domain join step will likely fail). For guidance on how to configure DNS when using Azure AD DS, see Enable Azure Active Director Domain Services. For guidance for using a Domain Controller, see Name resolution for resources in Azure virtual networks.
  • Make sure all Azure resources are in the same region.
  • If you require seamless SSO (HTML5 client excluded), you will need AD FS or users will have to authenticate when gaining access to the VM. (Steps on how to enable this with AD FS will follow at a later stage.)
  • An Active Directory to which you can join your VMs. For this, you have three options:

  • Finally, you’ll also need to make sure you have the right credentials. Here’s an overview of the accounts being used throughout the deployment process:

 

Once the prerequisites have been met, you can move on to the initial setup of Windows Virtual Desktop. Once these steps have been completed, you will be ready to deploy your initial VMs:

  1. Allow the Windows Virtual Desktop service to access Azure AD.
  2. Assign the “TenantCreator” role to a user account.
  3. Create a Windows Virtual Desktop tenant.
  4. Deploy your first Windows Virtual Desktop host pool.
  5. Test if a user can access a full desktop session.

 

References:

Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)

May 14, 2019, 10:05 am
$
0
0

Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. 

Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows. 

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected.  

Out-of-support systems include Windows 2003 and Windows XP. If you are on an out-of-support version, the best way to address this vulnerability is to upgrade to the latest version of Windows. Even so, we are making fixes available for these out-of-support versions of Windows in KB4500705

Customers running Windows 8 and Windows 10 are not affected by this vulnerability, and it is no coincidence that later versions of Windows are unaffected. Microsoft invests heavily in strengthening the security of its products, often through major architectural improvements that are not possible to backport to earlier versions of Windows.  

There is partial mitigation on affected systems that have Network Level Authentication (NLA) enabled. The affected systems are mitigated against ‘wormable’ malware or advanced malware threats that could exploit the vulnerability, as NLA requires authentication before the vulnerability can be triggered. However, affected systems are still vulnerable to Remote Code Execution (RCE) exploitation if the attacker has valid credentials that can be used to successfully authenticate. 

It is for these reasons that we strongly advise that all affected systems – irrespective of whether NLA is enabled or not – should be updated as soon as possible.  

Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
Links to downloads for Windows 2003 and Windows XP  

Simon PopeDirector of Incident ResponseMicrosoft Security Response Center (MSRC)

The case of (Un)Explained :ConfigMgr SQL Always ON – Upgrade to 1902 with Certificate backup Error using Listener Name

May 14, 2019, 9:14 am
$
0
0

Hi there!

Here is an interesting one (in case you encounter one), Where the upgrade to 1902 for a SQL AO infra was failing with the below error -

CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    Create_BackupSQLCert : SQL server failed to backup cert.
CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    CSiteControlSetup::SetupCertificateForSSB : Failed to create/backup SQL SSB certificate.
CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    ERROR: Failed to set up SQL Server certificate for service broker on "SCCMListener.abc.xyz" .
CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    ERROR: Failed to initialize the site control data.
CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    InstallSystem failed.

The interesting part it is it was showing the ListenerName there as we expect a NodeName there and not the ListenerName.

There is no FCI (Failover Cluster Instance) involved and the fact that the thing was already setup from 1802 and upgraded to 1810 means there was no such configuration issue or else the past update would have failed as well.

We can confirm from the ProcMon below that it is trying to use the ListenerName instead of the individual Node name while accessing the cert.

The interesting part is that the Cert is actually created on the Node.

The thing is we check the File attributes of the CERT after the creation and that’s where we see it is using the ListenerName in the UNC path.

Note that there could be a misconception that \ListenerName$ share should point to the ACTIVE node. But this is not true and ListenerName are just dummy Windows Machine records like Cluster, and it has a DNS record and an IP and Windows doesn’t inherently know it how to resolve that name to any ACTIVE Node (This is a SQL feature to be precise)

So hence when you use ListenerName to run a command it still connects to the ACTIVE Node and runs the SP and creates the cert, but when accessing the Windows share via Listener it won't work.

OK enuf said,

Why are we using the Listener Name altogether ? Time for source code check :)

The first hint that was obtained was very significant

So, Here it is – If we actually fail for a SQL Always On Configuration the error in the logs should be below

ERROR: Failed to set up SQL Server certificate for service broker on replica node  XYZ

Note the extra “on replica node”

The error we are failing with is in the ELSE part, if we don’t have SQL Always ON. Something Like

 

IF (SQLAlwaysONConfigDetected)
{
Result = CreateAndBackupSQLCert();
IF RESULT = FAILED THEN
LogMessage ERROR: Failed to set up SQL Server certificate for service broker on replica node XYZ
}

ELSE
{
Result = CreateAndBackupSQLCert();
IF RESULT = FAILED THEN
LogMessage ERROR: Failed to set up SQL Server certificate for service broker on XYZ  <-- And we fail like this entry
}

 

Now this hint was enuf to back track this issue. We can then go straight to the setup log and find the entries where we detect the SQL Always ON configuration and its nodes.
And fair enuf we see the below errors on the top where we check the config.

05-08-2019 17:27:02.822    CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    ERROR: All availability replicas must have the same DB seeding mode.
05-08-2019 17:27:02.822    CONFIGURATION_MANAGER_UPDATE    28292 (0x6e84)    ERROR: Failed to retrieve SQL always on nodes

Now things are more clear that we were not able to retrieve SQL AO nodes and instead of failing here we continued the SETUP thinking it   as a normal SQL instance with ListenerName as SQL server name 😊

The error is also pretty clear that the seeding mode is not the same between nodes. We can run the below query which ConfigMgr uses -

SELECT R.replica_server_name, S.role, CAST(R.seeding_mode as int) AS seeding_mode FROM sys.availability_replicas R
INNER JOIN sys.dm_hadr_availability_replica_states S ON R.replica_id = S.replica_id
INNER JOIN sys.availability_group_listeners AGL on AGL.group_id = R.group_id
INNER JOIN sys.availability_group_listener_ip_addresses AGLIA ON AGL.listener_id = AGLIA.listener_id
WHERE  (R.availability_mode = 1 OR S.role = 1)

In my lab this shows as below

In our case one node was zero and the other was one. So what are these 1 and 0.

1 = AUTOMATIC
0= MANUAL

Read more on seeding here: https://docs.microsoft.com/en-us/sql/database-engine/availability-groups/windows/automatic-seeding-secondary-replicas?view=sql-server-2017

 

So how do you change it to match the seeding?

 

Simply from the UI by clicking on Availability group properties

OR  thru a TSQL way -

ALTER AVAILABILITY GROUP [AGName]
MODIFY REPLICA ON 'Replica_Name'
WITH (SEEDING_MODE = AUTOMATIC)

So once that was done we were good.

So what are we doing about the fix ?

The good part is we have already fixed this now as part of 1906 in two folds:

  1. We will have the check for the incorrect seeding in the PreReq check itself.
  2. When the seeding is inconsistent then FAIL it there itself instead of continuing the setup and fail much later with a confusing error.


Hope it helps!

Umair Khan

Support Escalation Engineer |Microsoft System Center Configuration Manager 

Disclaimer: This posting is provided "AS IS" with no warranties and confers no rights.

 

Tip of the Day: What was revealed at HP Reinvent?

May 14, 2019, 1:00 pm
$
0
0

What was revealed at HP Reinvent?

New offerings galore!

  • HP DaaS Proactive Securtiy Service - Ground-breaking security service
  • HP Reverb - Cutting-edge commercial virtual reality (VR) headset
  • New consumer and commercial PCs
    • HP ProBook 445R G6
    • HP ProBook 455R G6
      • Both with:
        • Ultra slim chassis
        • 180-degree hinge
        • HP Noise Cancellation
      • HP ProDesk 405 G4 Desktop Mini
        • 2nd AMD Ryzen PRO processor
        • Radeon Vega graphics
        • Up to three displays support
      • HP ENVY 13 – With a battery life up to 19 hours
      • HP ENVY x360 13 – With the 2nd AMD Ryzen processor and up to 14.5 hours of battery life in a convertible form factor
      • HP ENVY x360 15 – AMD or Intel procs, up to 13 hours of battery life, 28% bezel reduction, optional AMOLED display
      • HP ENVY 17 – 8th Intel Core proc. And NVIDIA GeForce MX250 graphics with 45% top bezel reduction

Reference: “Unveiled at HP Reinvent: Latest innovations in PC experiences for work and life” - https://blogs.windows.com/windowsexperience/2019/03/19/unveiled-at-hp-reinvent-latest-innovations-in-pc-experiences-for-work-and-life/#46xoCBDwpM7VcrwQ.97

2019 年 5 月のセキュリティ更新プログラム (月例)

May 14, 2019, 4:59 pm
$
0
0

2019 5 15 (日本時間)マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

  • Adobe Flash Player
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • Microsoft OfficeMicrosoft Office Servers および Web Apps
  • Team Foundation Server
  • Visual Studio
  • Azure DevOps Server
  • SQL Server
  • .NET Framework
  • .NET Core
  • ASP.NET Core
  • ChakraCore
  • Online Services
  • Azure
  • NuGet
  • Skype for Android

新規セキュリティ更新プログラムを公開すると共に、新規のセキュリティ アドバイザリ 2 件の公開、既存のセキュリティ アドバイザリ 2 件の更新、既存の脆弱性情報 1 件の更新を行いました。なお、今月の「悪意のあるソフトウェアの削除ツール」では、新たに Win32/ShadowHammer に対する定義ファイルが追加されています。

 

お客様はできるだけ早期に、今月公開のセキュリティ更新プログラムを適用するようお願いします。

 

■ セキュリティ更新プログラム・セキュリティ アドバイザリに関する主な注意点

  • アドバイザリ ADV190009 を更新し、Windows Server 2008 SP2 に対する SHA-2 コード署名をサポートするセキュリティ更新プログラムをリリースしました。
  • アドバイザリ ADV190013 を公開し、Microarchitectural Data Sampling として知られている投機的実行のサイド チャネルの脆弱性に関する新たなガイダンスを公開しました。詳細はアドバイザリをご参照ください。

 

■ 既存の脆弱性情報の更新 (1 )

下記の脆弱性情報が再リリースされています。

CVE-2019-0683 に対する安全な既定構成を追加するための新規の信頼フラグを提供するため、CVE-2019-0683 ならびに アドバイザリ ADV190006 を更新し、すべての Windows OS 向けにセキュリティ更新プログラムをリリースしました。詳細はサポート技術情報 4490425 をご参照ください。

 

2019 5 月のセキュリティ更新プログラム

セキュリティの脆弱性および更新プログラムの情報を、CVEKB 番号、製品、またはリリース日別に並べ替えたりフィルターをかけたりすることができます。

セキュリティ更新プログラム ガイド

各月のセキュリティ更新プログラムを絞り込むには、日付範囲に絞り込む月の第 2 火曜日を指定して検索してください。

なお、セキュリティ更新プログラム ガイド API を活用して、自社に特化したカスタム レポートを作成することができます。API の活用方法を紹介する 6 つのビデオ (API の情報 (GitHub)API へのアクセスHTML ファイルの出力Excel へのエクスポートCVE リストの取得KB リストの取得) を公開していますので、是非ご活用ください。

 

マイクロソフトは新たに確認した脆弱性について、下記の新しいセキュリティ更新プログラムを公開しました。

製品ファミリ 最大深刻度 最も大きな影響 関連するサポート技術情報またはサポートの Web ページ
Windows 10 v1903v1809v1803v1709v1703 緊急 リモートでコードが実行される Windows 10 v1903: 4497936Windows 10 v1809: 4494441Windows 10 v1803: 4499167Windows 10 v1709: 4499179Windows 10 v1703: 4499181
Windows Server 2019Windows Server 2016Server Core インストール s v2019v2016v1903v1803 緊急 リモートでコードが実行される Windows Server 2019: 4494441Windows Server 2016: 4494440Windows Server v1903: 4497936Windows Server v1803: 4499167
Windows 8.1Windows Server 2012 R2Windows Server 2012Windows 7Windows Server 2008 R2Windows Server 2008 緊急 リモートでコードが実行される Windows 8.1 および Windows Server 2012 R2 マンスリー ロールアップ: 4499151Windows 8.1 および Windows Server 2012 R2 セキュリティのみ: 4499165Windows Server 2012 マンスリー ロールアップ: 4499171Windows Server 2012 セキュリティのみ: 4499158Windows 7 および Windows Server 2008 R2 マンスリー ロールアップ: 4499164Windows 7 および Windows Server 2008 R2 セキュリティのみ: 4499175Windows Server 2008 マンスリー ロールアップ: 4499149Windows Server 2008 セキュリティのみ: 4499180
Internet Explorer 緊急 リモートでコードが実行される Internet Explorer の累積的な更新プログラム: 4498206Internet Explorer の更新プログラムは、上記の Windows の更新プログラム パッケージにも含まれています。
Microsoft Office 関連のソフトウェア 緊急 リモートでコードが実行される Microsoft Office 関連のサポート技術情報: 44621694464536446455144645614464567
Microsoft SharePoint 関連のソフトウェア 重要 リモートでコードが実行される Microsoft SharePoint Server 2019: 4464556SharePoint Enterprise Server 2016: 4464549SharePoint Foundation 2013: 4464564SharePoint Foundation 2010: 4464573
Microsoft SQL Server 重要 情報漏えい Microsoft SQL Server 2017 for x64-based Systems (GDR): 4494351

Microsoft SQL Server 2017 for x64-based Systems (CU+GDR): 4494352
Microsoft Dynamics 365 重要 セキュリティ機能のバイパス Microsoft Dynamics 365 (オンプレミス) Version 9.0: 4498363
Microsoft Dynamics 365 (オンプレミス) Version 8.2: 4494412Microsoft Dynamics CRM 2015 (オンプレミス) Version 7.0 4499386
Microsoft .NET Framework 重要 サービス拒否 .NET Framework に関連するサポート技術情報: 4499167449444044956104495611449561344956164495620449896144989624498963449896444994054499406449940744994084499409449915444991794499181
.NET Core ASP.NET Core 重要 サービス拒否 .NET Core ASP.NET Core: https://dotnet.microsoft.com/download/dotnet-core
Microsoft Visual Studio 重要 特権の昇格 Visual Studio 用更新プログラムのコンテンツ: http://aka.ms/vs/16/release/latest および https://aka.ms/vs/14/release/4489639
Azure DevOps ServerTeam Foundation ServerNuget 重要 情報漏えい Azure DevOps ServerTeam Foundation ServerNuget: リンクと詳細については、セキュリティ更新プログラム ガイドを参照してください。https://aka.ms/securityupdates
ChakraCore 緊急 リモートでコードが実行される ChakraCore Chakra のコア部分であり、HTML/CSS/JS で記述された Microsoft Edge Windows アプリケーションを強化する高パフォーマンスの JavaScript エンジンです。詳細については、https://github.com/Microsoft/ChakraCore/wiki を参照してください。詳細については、セキュリティ更新プログラム ガイドを参照してください: https://aka.ms/securityupdates
Adobe Flash Player 緊急 リモートでコードが実行される 影響を受けるバージョンの Windows 上の Adobe Flash Player に関するサポート技術情報: 4497932
Adobe Flash Player に関するセキュリティ アドバイザリ: ADV190012

 

最新のサービス スタック更新プログラム (SSU) は、アドバイザリ ADV990001 にてご確認ください。

 

次回のセキュリティ更新プログラムのリリースは、6 12 (日本時間) を予定しています。詳しくは、年間スケジュールを参照してください。

 

Viewing all 34890 articles
Browse latest View live
Search