Exchange 2013/2016 を、Exchange 2010 など以前のバージョンとの混在環境で運用する場合の注意点をご案内します。

以下の TechNet の情報のとおり、セーフティ ネットの既定の保存期間は 2 日です。
https://technet.microsoft.com/ja-jp/library/jj657495(v=exchg.150).aspx

この期間は、Exchange 管理シェルで

Get-TransportConfig | fl SafeteyNetHoldTime

を実行することで確認することができます。
しかし、この値を既定値から変更している環境で、累積的な更新プログラムをインストールする際に既定の 2 日にリセットされてしまう問題が報告されたため、Exchange 2013 CU9 および Exchange 2016 では、Exchange 組織への新規インストール時は 2 日という値を設定し、既存のサーバーを更新する場合は、既に設定されている値を書き換えないようにインストーラーの動作が変更されています。
ここで注意していただきたいのは、「既存のサーバーの更新」の解釈です。
既に Exchange 2010 や 2007 といった下位バージョンの Exchange Server を運用している環境に最初の Exchange 2013/2016 を追加インストールする場合も、スキーマ拡張や Exchange 組織の設定値の更新といった、Exchange 組織全体に関わる設定の更新においては、新規インストールではなく既存サーバーの更新として処理されます。
ご存知のように、Exchange 2013/2016 は 3 ヶ月ごとに累積的な更新プログラム (CU) という形で修正プログラムが提供されており、従来の更新プログラムのロールアップ (RU) のようにベースとなる RTM や SP 版をインストールしてから最新バージョンに更新しなくても最新の CU だけでインストールすることができます。ですが、前述のインストーラーの変更によって、Exchange 2013 CU9/Exchange 2016 RTM 以降のバージョンを Exchange 2007/2010 と共存させるためにインストールすると、SafetyNetHoldTime の値の初期化を防ぐ動作により、トランスポート設定の SafetyNetHoldTime の値 (AD の Transport Settings コンテナの msExchDumpsterHoldTime 属性に対応しています) が更新されずに のままとなり、この結果、トランスポート サービスは Exchange Server のコードに内部的にハードコードされた既定値の 7 日を使用します。
この期間を変更せずに使用しますと、トランスポートのキュー データベースがセーフティ ネットのための複製メッセージのコピーを 7 日分貯め続けることになり、データベースがディスクを圧迫する場合があります。
そのため、Exchange 2013 CU9/Exchange 2016 RTM 以降を使用してインストールした環境をお使いのお客様は、一度トランスポート設定の SafetyNetHoldTime を確認し、7 日に設定されているようでしたら、

Set-TransportConfig -SafetyNetHoldTime 2.00:00:00

を実行し、セーフティネットの保持期間を既定の 2 日に設定してください。

 
※本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。

Windows 10 introduces a new way to build, deploy, and service Windows. Microsoft has reimagined each part of the process, to simplify the lives of IT pros and maintain a consistent Windows 10 experience for its customers. These improvements focus on maximizing customer involvement in Windows development, simplifying the deployment and servicing of Windows client computers, and leveling out the resources needed to deploy and maintain Windows over time.

The content in this post is excerpted from the Overview of Windows as a service article published on the Windows IT Center.

Building

Prior to Windows 10, Microsoft released new versions of Windows every few years. This traditional deployment schedule imposed a training burden on users because the feature revisions were often significant. That schedule also meant waiting long periods without new features, a scenario that doesn’t work in today’s rapidly changing world where new security, management, and deployment capabilities are necessary to address challenges.

Windows as a Service will deliver smaller feature updates two to three times per year to help address these issues. With Windows 10, new features will be delivered to the Windows Insider community promptly during the development cycle, through a process called flighting, so that organizations can see exactly what Microsoft is developing and start their testing as soon as possible.

Throughout the development process, Microsoft uses feedback so that adjustments can be made quickly, rather than waiting until after release. Individuals and organizations can join the Windows Insider Program to help shape Windows.

Sign up for the Windows Insider Program

Deploying

We believe deploying Windows 10 is simpler than with previous versions of Windows. When migrating from earlier versions of Windows, an easy in-place upgrade process can be used to automatically preserve all apps, settings, and data. And once running Windows 10, deployment of Windows 10 feature updates will be equally simple.

One of the biggest challenges for organizations when it comes to deploying a new version of Windows is compatibility testing. Compatibility was previously a concern for organizations upgrading to a new version of Windows. Windows 10 is compatible with most hardware and software capable of running on Windows 7 or later. Because of this high level of compatibility, the app compatibility testing process can be greatly simplified. We discussed application compatibility on a recent Windows and Devices Partner call.

Watch the partner call about application compatibility

Application compatibility

Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. With Windows 10, application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP), has improved. Microsoft understands the challenges organizations experienced when they migrated from the Windows XP operating system to Windows 7. It was important to us that Windows 10 upgrades offered a better experience.

Most Windows 7 compatible desktop applications will be compatible with Windows 10 straight out of the box. Windows 10 achieved such high compatibility because the changes in the existing Win32 application programming interfaces were minimal. Combined with valuable feedback via the Windows Insider Program and telemetry data, this level of compatibility can be maintained through each feature update. As for websites, Windows 10 includes Internet Explorer 11 and its backward-compatibility modes for legacy websites. Finally, UWP apps follow a compatibility story like desktop applications, so most of them will be compatible with Windows 10.

For the most important business critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing.

Device compatibility

Device compatibility in Windows 10 is also very comprehensive. New hardware is not needed for Windows 10 as any device capable of running Windows 7 or later can run Windows 10. In fact, the minimum hardware requirements to run Windows 10 are the same as those required for Windows 7. Most hardware drivers that functioned in Windows 8.1, Windows 8, or Windows 7 will continue to function in Windows 10. However, we recommend our new OEM and first party devices as a representative of “modern devices” to support all the new hardware capabilities.

Servicing

Traditional Windows servicing has included several release types. These are major revisions, service packs, and monthly updates. With Windows 10, there are two release types. These are feature updates that add new functionality two to three times per year, and quality updates that provide security and reliability fixes at least once a month.

With Windows 10, organizations will need to change the way they approach deploying updates. Servicing branches are the first way to separate users into deployment groups for feature and quality updates. With the introduction of servicing branches comes the concept of a deployment ring, which is simply a way to categorize the combination of a deployment group and a servicing branch to group devices for successive waves of deployment. Look for a Windows and Devices Partner enablement blog post about deployment rings in the coming weeks.

To align with this new update delivery model, Windows 10 has three servicing branches, each of which provides different levels of flexibility over when these updates are delivered to client computers: Current Branch, Current Branch for Business, and Long Term Servicing Branch.

Feature updates

With Windows 10, Microsoft will package new features into feature updates that can be deployed using existing management tools. Because feature updates are delivered two to three times per year rather than every three to five years as with previous Windows releases, changes will be rolled out in smaller segments rather than all at once and end user readiness time will be reduced.

In response to customer feedback about the size of the two-to-three times per year Windows 10 feature updates, we announced a new differential upgrade capability that will reduce the download size for feature updates by approximately 35%. This capability is delivered via the Unified Update Platform (UUP). This reduction will take effect with the feature update released after the Creators Update, so the benefits will be seen later in 2017.

Quality updates

Monthly updates in previous Windows versions were often overwhelming because of the sheer number of updates available each month. Many organizations selectively chose which updates they wanted to install and which they didn’t, and this created countless scenarios in which organizations deployed essential security updates but picked only a subset of non-security fixes.

In Windows 10, rather than receiving several updates each month and trying to figure out which updates the organization needs, which ultimately causes platform fragmentation, administrators will see one cumulative monthly update that includes both security and other fixes and supersedes the previous month’s update. This approach makes patching simpler and ensures that customers’ devices are more closely aligned with the testing done at Microsoft, reducing unexpected issues resulting from patching.

Comparison of patch environment in enterprise compared to test

The image below is an example of Windows 7 devices in an enterprise and what their current patch level might look like. On the right is what the Microsoft test environment PCs contain. This drastic difference is the basis for many compatibility issues and system anomalies related to Windows updates.

Servicing branches

Introduced to align with how feature updates and quality updates are delivered for Windows 10, servicing branches allow customers to designate how aggressively individual devices are updated. For example, an organization may have test devices that the IT department can update with new features as soon as possible, and specialized devices that require a longer feature update cycle to ensure continuity.

Microsoft offers three servicing branches for Windows 10:

• Current Branch (CB)
• Current Branch for Business (CBB)
• Long-Term Servicing Branch (LTSB)

If you’re a Windows Insider, you also have access to prerelease builds to test and provide feedback about.

While the concept of servicing branches is new, there is an existing benefit. Organizations can use the same management tools they used to manage updates and upgrades in previous versions of Windows.

Current Branch (CB)

In the Current Branch servicing model, feature updates are available as soon as Microsoft releases them. The CB servicing model is ideal for pilot deployments and testing of Windows 10 feature updates and for users such as developers who need to work with the latest features immediately.

For example, when Microsoft officially releases a feature update for Windows 10, that update is marked for Current Branch, making it available to any PC not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), System Center Configuration Manager, or Windows Update for Business, however, can defer CB feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for CB will be available but not necessarily immediately mandatory, depending on the policy of the management system. Only one CB build of Windows is supported at a time, so those clients not on the most current build will not receive quality updates (after a 60-day grace period) until the most current feature update has been installed.

Current Branch for Business (CBB)

Organizations typically prefer a testing cycle before broadly deploying new features to business users. For Windows 10, most pilot testing will be done using the CB servicing branch. In contrast, the Current Branch for Business servicing branch is typically used for broad deployment. Windows 10 clients in the CBB servicing branch receive the same build of Windows 10 as those in the CB servicing branch, just later. CB releases are transitioned to CBB after approximately 4 months, indicating that Microsoft, independent software vendors (ISVs), partners, and customers believe that the release is ready for broad deployment. Therefore, CB and CBB have an inherent “staging” effect. Both branches have a purpose in the overall deployment process for an enterprise, providing another layer of testing capabilities in addition to the traditional phased deployment methods to specific groups of machines. Microsoft will support two CBB builds at a time, plus a 60-day grace period. Each feature update release will be supported and updated for a minimum of 18 months.

CBB is a configuration state, meaning that if a computer has the Defer Updates and Upgrades flag enabled, either through Group Policy, a mobile device management product like Microsoft Intune, or manually on the client, it’s considered to be in the CBB servicing branch. The benefit of tying this servicing model and CB to a configuration state rather than a SKU is that they are easily interchangeable. If an organization accidentally selects CBB on a machine that doesn’t need delayed updates, it’s simple to change it back.

Long-Term Servicing Branch (LTSB)

Specialized systems, such as PCs that control medical equipment, point-of-sale systems, and ATMs, often require a longer servicing option because of their purpose. These devices typically perform a single important task and don’t need feature updates as frequently as other devices in the organization. It’s more important that these devices be kept as stable and secure as possible than up to date with user interface changes. The Long-Term Servicing Branch servicing model prevents Windows 10 Enterprise LTSB devices from receiving the usual feature updates and provides only quality updates to ensure that device security stays up to date. Quality updates are still immediately available to Windows 10 Enterprise LTSB clients, but customers can choose to defer them by using one of the servicing tools mentioned in the section Servicing tools.

Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSB. Instead, it typically offers new LTSB releases every 2-3 years, and organizations can choose to install them as in-place upgrades, or even skip releases, over a 10-year life cycle.

LTSB is available only in the Windows 10 Enterprise LTSB edition. This build of Windows doesn’t contain many in-box applications, such as Microsoft Edge, Windows Store client, Cortana, Microsoft Mail, Calendar, OneNote, Weather, News, Sports, Money, Photos, Camera, Music, and Clock. It’s important to remember that Microsoft has positioned the LTSB model primarily for specialized devices.

Windows Insider Program

For many IT pros, gaining visibility into feature updates early, before they’re available to the CB servicing branch, can be both intriguing and valuable for future end user communications as well as provide additional prestaging for CB machines. With Windows 10, feature flighting enables Windows Insiders to consume and deploy preproduction code to their test machines, gaining early visibility into the next build. Testing the early builds of Windows 10 helps both Microsoft and its customers because they may discover possible issues before the update is ever publicly available and can report it to Microsoft. Also, as flighted builds get closer to their release to CB, organizations can test their deployment on test devices for compatibility validation.

Microsoft recommends that all organizations have at least a few PCs enrolled in the Windows Insider Program and provide feedback on any issues they encounter.

Servicing tools

There are many tools with which IT pros can service WaaS. Each option has its pros and cons, ranging from capabilities and control to simplicity and low administrative requirements. The following are examples of the servicing tools available to manage WaaS updates.

Windows Update (standalone)

Provides limited control over feature updates, with IT pros manually configuring the device to be in the CBB servicing branch. Organizations can control which devices defer updates and stay in the CBB servicing branch or remain in CB by selecting the Defer upgrades check box in StartSettingsUpdate and SecurityAdvanced Options on a Windows 10 client.

Windows Update for Business

This is the second option for servicing Windows as a service. This servicing tool includes a little more control over update deferment and provides centralized management using Group Policy. In Windows 10 version 1511, Windows Update for Business can be used to defer feature updates for up to 8 months and quality updates for up to four weeks. Also, these deferment options were available only to clients in the CBB servicing branch. In Windows 10 version 1607 and later, Windows Update for Business can be used to defer feature updates for up to 180 days and quality updates for up to 30 days. These deployment options are available to clients in either the CB or CBB servicing branch. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Intune. In addition to Intune, organizations can use Group Policy to manage Windows Update for Business.

Windows Server Update Services (WSUS)

Windows Service Update Services provides extensive control over Windows 10 updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready.

System Center Configuration Manager

System Center Configuration Manager provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times.

Resources

• Overview of Windows as a service (full article)
• Windows IT Center
• Windows Blogs
• Windows 10 partner content
• Partner technical presales and deployment services
• Sign up for the Windows Insider Program

Windows and Devices Partner Community

• Community call schedule
• Windows and Devices Partners Yammer group
• Community blog series
• Training and enablement

We look forward to continuing the conversation with you about the Windows 10 opportunity. We use our Windows and Devices Partner Community calls, blog posts, and Yammer group to share information and connect with you. If you’re serious about building and sustaining a profitable Windows practice, and want in-depth assistance, email WinRecruit@microsoft.com or post your question in the Yammer group.

This is test text.

More text.

DevOps enables companies to achieve faster and higher quality software delivery and helps increase customer satisfaction. It focuses on building quality into the supply chain of customer value, and applies the lean/agile methodology into that supply chain, which includes developing, building, testing, deploying, and monitoring of software. DevOps is no longer just a trend – it’s a well-defined set of practices and organizational patterns that for many enterprises is providing a return on investment.

In a post for the Application Development Partner Community earlier this year, I provided an introduction to how Microsoft approaches DevOps and open source DevOps solutions. In this post, and in the January 31 partner call, I’ll take a deeper look at the topic of DevOps and clarify your opportunity and the skills needed.

Introduction to DevOps and open source solutions

Sign up for the January 31 Open Source Solutions Partner call about DevOps

DevOps and digital transformation

Digital transformation focuses on a business’s systems of intelligence, which represent the digital feedback loops that help customers draw better insight out of data and convert it to intelligent action. Businesses no longer just design, build, produce and ship a product. Now, organizations are building in continuous feedback loops – sensors in product, after-market services, customer feedback from a variety of channels, and so on.

Transformation requires these rich systems of intelligence. Systems of intelligence represent the combination of technology, people, and process that enable these feedback loops, and define an organization’s competitiveness and ability to change the entire landscape of the industries in which it participates. DevOps is a fundamental requirement for businesses to achieve continuous digital transformation.

The partner opportunity with DevOps

The forecasted spend on digital transformation for 2016-2019 is $151 billion, the opportunity for partners to help mentor customers through their digital transformation is massive. Customers need partners that have a comprehensive DevOps and digital transformation offering.

The DevOps pipeline

A true digital transformation solution through DevOps requires an understanding of the DevOps pipeline. There are over one hundred tools in the DevOps pipeline, and each one requires a specific skill set. Successful DevOps partners are creating consolidated, prepackaged DevOps offerings that simplify this complexity for their customers.

For a comprehensive look at DevOps tools, I recommend the XebiaLabs Periodic Table of DevOps Tools. I use this tool to inventory a partner’s or customer’s solution and skill set. For partners, using this table can help you understand the various types of DevOps tools and the skills required for using them.

DevOps tool types

Source control management

Source Control Management is any kind of practice that tracks and provides control over changes to source code. In DevOps this includes source code, configuration files, database artifacts, documentation, automation scripts, etc.

Database management

Database management tools allow the automation of building, testing, and deploying database changes with the integration of source control management.

Build

Build systems automate the creation of executable applications from source code. Building incorporates compiling, linking and packaging the code into a usable or executable form.

Repository management

In the new DevOps world developing includes assembling packages of code/binaries to create a solution. These Repository managers aim to standardize the way enterprises treat all package types used in the software development process. They give users the ability to apply security and compliance metrics across all artifact types. Universal package managers have been referred to as being at the center of a DevOps toolchain.

Continuous integration

In continuous integration, each member of a development team integrates their code continuously with the rest of the team. A “check in” results in an integrated code base which automatically builds, conducts unit tests, and validates code. Continuous integration software automates this process and does this by integrating with various other build, Repository management and test tools.

Configuration and provisioning

These tools focus on configuring and managing computers, virtual machines, and cloud-based platforms. Defining infrastructure as code allows applying the DevOps process to infrastructure operations.

Deployment

Deployment tools focus on deploying applications to provisioned and configured environments

Environments – containerization and orchestration

These environments provide the ability to deploy complex multi-container apps on multiple machines including configuring storage and networking. They provide OS virtualization and cluster management, and many continuous integration and configuration and provisioning tools integrate with these environments.

Higher level tooling

There are tools that cut across the many stages of DevOps. They are utilized by different teams and personnel, including operations, development, security, and database administrators.

• Testing or unit testing frameworks that help simplify and automate the process of unit testing, performance testing and integration testing
• Release management – the process of managing, planning, scheduling, and controlling a software build through different stages and environments; includes testing and deploying software releases
• Collaboration tools that enable agile project management, collaboration, and communication with in the DevOps supply chain/pipeline
• Operational insights – tools that allow the consolidation of logging, monitoring, and analytics of application-generated data. These tools allow you to automate specific application states through alerting
• Security tools, like data integrity tools that monitor and alert based on file or network changes. The goal is to secure the DevOps pipeline and environment from accidental or malicious changes

Customers need DevOps and digital transformation partners, specifically partners with the skills and expertise that can cover the growing set of Open Source DevOps tools. Partners with an adaptable, efficient digital transformation offering will allow our customers to achieve more. Microsoft’s partner team looks forward to working with you on your DevOps and Digital transformation offerings.

Resources

• Microsoft DevOps
• DevOps on Channel 9
• Microsoft Ignite DevOps sessions
• Microsoft Build DevOps sessions
• DevOps sessions at WPC 2016
• DevOps in the Enterprise blog

Open Source Solutions (OSS) Partner Community

• Sign up for the January 31 partner call about DevOps
• Community call schedule
• Blog series
• Yammer group
• Training and enablement

256.     Jak změnit grafický návrh prezentace?

 

257.     Jak nastavit přechod snímku?

258.     Jak nastavit zvuk u přechodu snímku?

259.     Jak nastavit dobu pro přechod na další snímek?

260.     Jak nastavit animaci objektu na snímku?

In previous posts we created Virtual machine and installed AD DS on it now we are ready to Sync.

But what would you sync? We need AD objects to Sync. Ok let’s creat100 users manually well we don’t have time for that, do we?

I will help you easily create any number of users.

Create a CSV file like shown below and save it as 1.csv. Import this CSV to your virtual machine and have it under the PowerShell default directory

Open Powershell and run the below command to import the ActiveDirectory Module

import-module ActiveDirectory

Run the below script to display the entries, I usually do this to very if the script is working fine and is able to read the items just fine. (Change the domain name from praveen.local to your domain in the below script)
Import-Csv .1.csv | foreach-object {
$SamAccountName = $_.FirstName + “.” + $_.LastName
$SamAccountName = $SamAccountName.ToLower()
$userprinicpalname = $SamAccountName + “@praveen.local“
$displayName = $_.LastName + “, ” + $_.FirstName
Write-host “SAM is” $SamAccountName
Write-host “UserPrincipalName is” $userprinicpalname
Write-host “DisplayName is” $displayName
}

Once you get proper Output for the above script we are ready to create users. Use the below script to Create all users in one go. Note: You can modify the CSV if you want to give custom names to users

Import-Csv .1.csv | foreach-object {
$SamAccountName = $_.FirstName + “.” + $_.LastName
$SamAccountName = $SamAccountName.ToLower()
$userprinicpalname = $SamAccountName + “@praveen.local“
$displayName = $_.LastName + “, ” + $_.FirstName
New-ADUser -SamAccountName $SamAccountName -UserPrincipalName $userprinicpalname -Name $displayName -DisplayName $displayName -GivenName $_.FirstName -SurName $_.LastName -Department “Test” -Path “CN=Users,DC=praveen,DC=local” -AccountPassword (ConvertTo-SecureString “YourPass!” -AsPlainText -force) -Enabled $True -PasswordNeverExpires $True -PassThru
}

Ok, we are done with the basics and we are all set to install and configure AAD Connect. Oh, Ya !

Praveen Kumar E

Dear All,

Welcome to TechNet Wiki Life:

First, I would like to thank Kamlesh Kumar for creating this TechNet Wiki Banner image. Good to see the Wiki Ninja as an angel as this shows what TechNet Wiki is for. Yes, TechNet Wiki is the combination of Wikis for article sharing, Blogs for blog post sharing, and Learning as all members can learn from both our TechNet Wiki Blogs and Wiki articles. The final area, Forums, is where members can ask questions related to TechNet Wiki, share Feedback related to the TechNet Wiki, submit suggestions or new ideas to improve the TechNet Wiki. All the members are welcome to post in our TechNet Wiki Forum.

In this blog post, we will see how to use TechNet Wiki Forums. Few members have asked me questions about TechNet Wiki and also a few members are not aware where they should ask questions related to TechNet Wiki. For all the answers, the TechNet Wiki has a Forum to ask all your questions related to TechNet Wiki.

Here is the link for our TechNet Wiki Forum

As a TechNet Wiki member, here is what you can do with our TechNet Wiki Forum:

• If you have any Questions related to TechNet Wiki, feel free to ask in TechNet Wiki Forum.
• If you have any Feedback related to our TechNet Wiki, feel free to ask in our TechNet Wiki Forum.
• If you have any Suggestions or Ideas for TechNet Wiki, feel free to share in our TechNet Wiki Forum.
• If you have any topics need to be discussed related to TechNet Wiki, feel free to start discussions in our TechNet Wiki Forum.

 Peter Geelen has clearly explained what the TechNet Wiki Forum is for:

This forum is solely focused on TechNet Wiki and is used to provide feedback, ask questions, request new features, discuss Wiki processes, governance, evolution and the future.
IMPORTANT: This forum is not the right place for questions for other than TECHNET WIKI.
Visit the other forums for posting questions for Microsoft platforms like Windows Server, Windows 10, development, general MS questions,.. as they will be removed from the Wiki forum.
As this focus is neglected too many times, off-topic posts will be handled accordingly.

If you are new to TechNet Wiki, Read before you post on TechNet Wiki Forum 

TechNet Wiki is a great community where all our members are like a family. If you have any questions, feel free to ask in our Forum. As a member, if you have any Suggestions, Ideas or Feature requests for our TechNet Wiki feel free to ask in our Forum. Let’s all make our community better and stronger.

See you all soon in another blog post.

Thank you all.

Yours,

Syed Shanu

MSDN Profile | MVP Profile | Facebook | Twitter |

TechNet Wiki the community where we all join hands to share Microsoft-related information.

Coding is for everyone, and anyone—regardless of gender, age, nationality or occupation. Embodying this very spirit for herself was Taiwanese President Tsai Ing-wen, who wrote her first lines of code at the Taiwan Hour of Code kick-off on November 30.

The event marked a great start to the 2016 Hour of Code campaign in Asia, with more than 190,000 youth from 15 different countries participating in various coding activities.

2016 was Microsoft’s fourth year driving the Hour of Code campaign together with Code.org. Spanning 15 countries across the region, this year’s events aimed at inspiring youth to code, making computer science education accessible to more, and creating a more inclusive future with technology.

Here’s a quick snapshot of what took place at 2016 #HourofCode in Asia:

Making computer science education accessible to more

Taiwan

Besides designing her very first computer game at the event, President Tsai also pledged more resources toward computer science education for youth, and the creation of greater opportunities for women in the technology sector in the country. Almost 16,000 students took part in the activities held across Taiwan.

Japan

To support the Japanese government’s move toward making programming a compulsory subject for all students by 2020, Microsoft collaborated with teachers and government officials this Hour of Code to promote computer science education across 18 different cities in the country.

Korea

100 schools and universities in South Korea held a series of events that inspired over 3,500 students to kick-start their computer science education through the latest Minecraft tutorial.

As part of their commitment to improving computer science education accessibility, Busan city signed a Memorandum of Understanding (MoU) to develop a computer science education platform based on Microsoft technology and tools for K12 students in Busan.

Creating a more inclusive world with technology

Australia

Nonprofit Fighting Chance held an Hour of Code session for nine students with Asperger’s syndrome or autism. The students not only got to try their hands at coding, but also explored career opportunities at a panel discussion and immersed themselves in fun at an Xbox session.

 India

85 students with developmental disabilities and autism got their first taste of coding with the new Minecraft tutorial at an Hour of Code event. At the event, nonprofit Tamana also launched HOPE, a Kinect-based application designed to enhance cognition and motor skills in children with special needs.

Indonesia

Microsoft teamed up with the US Embassy, Special Olympics for Indonesia and Clevio Coder Camp to help 20 children with Down Syndrome and special needs complete the Minecraft tutorial. While it was challenging at times, the children never once gave up.

60 young female Indonesian students and mothers also participated in a Skype-a-Thon, learning for themselves that the doors to careers in Science, Technology, Engineering and Mathematics (STEM) are open for women too.

 Singapore

Over 450 participants got a glimpse of how coding innovations and assistive technologies can empower people with disabilities at the We Tech Care event, which was held in conjunction with Hour of Code. Microsoft Singapore also helped raise more than S$158,000 to support SPD, one of many beneficiaries of the President’s Challenge campaign.

Thailand

To hone their problem-solving, critical-thinking and coding skills, the Ministry of Digital Economy and Society and nonprofits conducted numerous IT workshops, including Hour of Code tutorials for youth with disabilities.

Inspiring youth to code their future

China

Over 3,000 computer science-related events were held in China during the Hour of Code week, and more than 91,000 students got to experience coding. This includes many children living in rural areas, who were guided by Microsoft employees via Skype lessons.

Hong Kong

Minecraft took center stage at the Learning and Teaching Expo 2016, with different schools competing for coding supremacy at the Minecraft Arena. A myriad of other activities were also held during the Hour of Code week, including the Microsoft-Empowered Interactive Studio and Skype in the Classroom sessions. Over 7,600 youth were trained this year.

Malaysia

To show that coding is possible for anyone and everyone, an array of computer science-related activities and events was organized for 300 youth from diverse backgrounds, including students with special needs, youth seeking asylum, children in hospitals and young people in marginalized communities.

New Zealand

With less than 1% of Māori people in tertiary education studying for a computer science-related qualification, and only 2.5% of working Māoris employed in the ICT sector, one of Microsoft New Zealand’s focus was to promote coding within the community. Using tutorials that were specially translated into Te Reo Maori, Minecraft Hour of Code sessions were conducted for some 220 children.

Philippines

More than 8,000 youth got the opportunity to pick up coding and basic computational skills through a series of events held across 15 provinces. 250 teachers were also trained in a session aimed at equipping trainers with skills needed to help students in their computer education.

 Sri Lanka

Around 250 participants gathered for a YouthSpark Live event held in Colombo, hosted by Microsoft and Sarvodaya Fusion. The highlight of the event was a team-based coding marathon based on popular themes such as Minecraft, Frozen and Star Wars, which got the participants abuzz with excitement.

Vietnam

More than 50,000 students from 1,100 schools took part in the Hour of Code sessions, workshops and other coding activities. A “Moments in Hour of Code” competition was also held for students and teachers to submit memorable pictures and stories they have about the 2016 Hour of Code.

These are just some of the many highlights of the 2016 Hour of Code in Asia! Missed out on the festivities? Try the Minecraft Hour of Code tutorial for yourself at Code.org!

2016 was the best year in SQL PowerShell history! I guess I should have mentioned that here sooner.

Wired® Magazine recently said that Microsoft SQL Server was the surprise hit of the year. The primary cited reason is the SQL Server port to Linux, but there are several other reasons to be really excited about SQL Server and SQL Server PowerShell is one of them.

Independent, frequent releases of SSMS

Thanks to the new release cycle of SQL Server Management Studio (SSMS), which comes out nearly every month, the SQL Tools team could deliver even more without making us wait until the next major release of SQL Server.

You can download the latest version of SSMS 2016.

A new SQL PowerShell module

When the first update-release of SSMS after SQL Server 2016 was ready, the SQL Tools team also announced that they would be putting the new cmdlets that they had been building into a new PowerShell module named SqlServer.

This let them give us code fixes and new cmdlets, without affecting the version that SQL Agent uses.

Import-Module SqlServer

New cmdlets!

As of this writing, we have received more than 30 new cmdlets since SQL Server 2016 became generally available.

Sign ins

Add-SqlLogin

Get-SqlLogin

Remove-SqlLogin

Data

Read-SqlTableData

Read-SqlViewData

Write-SqlTableData

Error log

Get-SqlErrorLog

Set-SqlErrorLog

SQL Server Agent

Get-SqlAgent

Get-SqlAgentJob

Get-SqlAgentJobHistory

Get-SqlAgentJobSchedule

Get-SqlAgentJobStep

Get-SqlAgentSchedule

Always encrypted

Add-SqlAzureAuthenticationContext

Add-SqlColumnEncryptionKeyValue

Complete-SqlColumnMasterKeyRotation

Get-SqlColumnEncryptionKey

Get-SqlColumnMasterKey

Invoke-SqlColumnMasterKeyRotation

New-SqlAzureKeyVaultColumnMasterKeySettings

New-SqlCngColumnMasterKeySettings

New-SqlColumnEncryptionKey

New-SqlColumnEncryptionKeyEncryptedValue

New-SqlColumnEncryptionSettings

New-SqlColumnMasterKey

New-SqlCspColumnMasterKeySettings

Remove-SqlColumnEncryptionKey

Remove-SqlColumnEncryptionKeyValue

Remove-SqlColumnMasterKey

Set-SqlColumnEncryption

Code fixes

WhatIf and Confirm are now fully supported in the SQL PowerShell provider. Before, if you tried to use -WhatIf or -Confirm in your script, it would just go ahead and run without prompting you.

Improvements to existing cmdlets

Most notably, improvements to Invoke-SqlCmd to allow a connection string or to output results as a DataTable.

Invoke-Sqlcmd

-ConnectionString Parameter

-OutputAs (As) Parameter

Three big fixes

Much of this new SQL PowerShell movement was started by the Can We Get These 3 SQLPS Issues Fixed before SQL Server 2016 RTMs?” blog post, which asked Microsoft to fix three big issues that were hindering the adoption of PowerShell within the SQL Server community.

The SQL Server team then recruited Matteo Taveggia ( twitter ) from another team to become the SQL PowerShell engineer and help address the following three issues (as linked to their related Connect Items)

• SQLPS module is slow to load
• Loading SQLPS module changes current directory to PS SQLSERVER:>
• SQLPS module uses unapproved PowerShell verbs

If you’ve worked with SQLPS and have been frustrated by these issues, they’re now resolved, along with several other fixes!

The community becomes empowered

of these changes and fixes really excited the SQL PowerShell community in SQL Server 2016, and Ken Van Hyning, Engineering Manager for SQL Server Client Tools ( twitter ), is partly to thank for that. Ken paved a path for the SQL Server team to interact directly with the community and spoke about their new “community focused engineering” at a number of SQL Server conferences.

If you haven’t been part of this movement already, you are encouraged to join in! Links for community involvement are at the bottom of this article.

SSRS joins the fun

Seeing the excitement of customers over improvements to the primary SqlServer module energized the SSRS team, who tapped Microsoft’s new push for openness and began to develop their own module.

Around Spring of 2016, the SSRS team started working on PowerShell commands for working with your SSRS instance. This group decided to go straight to GitHub to share their cmdlets, so they could benefit from quick feedback and a rapid development cycle.

In November of 2016, the SSRS team announced the availability of these commands on GitHub.

Analysis Services (SSAS) gets in gear

This is an area where we definitely need lots more community involvement. I have filed a couple Connect items for a better PowerShell experience for SQL Server Analysis Services (SSAS). One item has already been approved and will hopefully be in the next build of SSMS 16. I have filed another item for pipeline support that will hopefully get enough votes to be worked on.

But we need more ideas! Getting this far took a TON of input from the community, and especially when it comes to SSAS, we need more help, more voices!

Master Data Services (MDS)

Master Data Services is another feature of SQL Server and, from what I’ve heard, it’s slowly and steadily growing its user base. You can use the MDSModelDeploy tool to create a package to deploy your data and changes from one environment to another. Unfortunately, this tool is completely DOS-based and is a huge example of how an entire software package would be easier to develop if only it had a PowerShell command in place of this MDSModelDeploy.exe utility.

Specifically, Parameter Validation Sets would be very helpful, but auto-completion of object choices on the instance of MDS that you’re trying to work with would really help customers develop and promote MDS packages to their production environments much more quickly.

If you would like to see this capability, vote for this Connect Item.

Power BI

And finally, we’d really like to see PowerShell for Power BI. The community recently came together and gave over 660 upvotes to the request for PowerShell for PowerBI. And community member, Rob Sewell ( t ), came up with a few ideas for what those commands should be.

Join us!

This was a team community effort and we need people like you to join in and tell us which commands are important.

sqlps.io/vote – SQL PowerShell cmdlet design and voting

sqlps.io/ssms – SQL Management Studio improvements

sqlps.io/slack – SQL Community Slack

#trello-powershell

#trello-ssms

#sqlpsx

#dbatools

#dbareports

#closedasfixed

@closedasfixed – Twitter Open source Twitter bot powered by PowerShell

sqlps.io – PowerShell Virtual Chapter of PASS

Aaron Nelson & Chrissy LeMaire

Ačkoliv by IT oddělení mělo změny ve službách Office 365 pozorně sledovat, naprostá většina změn a novinek v prostředí online služeb příliš pozornosti ze strany IT oddělení nevyžaduje. Ovšem v roce 2017 nás správce i koncové uživatele čeká hned několik zásadních změn, které mohou mít nepříjemný dopad, pokud se na tyto změny nepřipravíme včas. Proto jejich seznam najdete v tomto shrnujícím článku.

Všechny tyto změny jsou samozřejmě komunikovány správcům i přes standardní kanály jakým je Centrum zpráv v administrační konzoli Office 365, či e-mailová servisní oznámení pro správce. Některé změny jsou notifikovány s pravidelností a větší prioritou, pokud se dotýkají konkrétní organizace. Pokud tedy nevyužíváte například Project Online, notifikaci o níže uvedené změně neobdržíte.

Konec podpory Office 2013 v sadě Office 365 ProPlus

Datum: 28. února 2017

Předplatné Office 365 ProPlus obsažené v populárních Enterprise plánech E3 a E5 nabízí svým uživatelům možnost instalace nejnovější sady Office až na pět počítačů a mobilních zařízení, ať firemní, či soukromé. Nejnovější, aktuální a všechny nové funkce Office 365 plně podporující je verze Office 2016.

Doposud měli uživatelé a správci možnost instalovat z předplatného jak verzi 2013, tak verzi 2016. Tato možnost byla nyní odstraněna a po tomto termínu již nebudou pro starší sestavení vydávány běžné aktualizace a nebude dále poskytována technická podpora. Kritické bezpečnostní aktualizace budou vydávány do dubna 2018.

Doporučením je samozřejmě upgrade na novější sestavení Office 2016. Uživatelé mohou využít automatických aktualizací, kdy po schválení a stažení aktualizace se upgrade na Office 2016 provede automaticky. Správci mají možnost využít nástroje Office Deployment Tool (ODT) pro centrální a plánované nasazení novější verze. Nově je možno využít i System Center Configuration Manager (SCCM), pokud vlastníte jeho aktuální vydání 1610 či novější.

Toto oznámení se samozřejmě netýká krabicových verzí Office 2013, pro které platí jiný cyklus podpory. Oznámení také neupravuje podporované verze Office, které jsou podporovány vůči Office 365. Tím stále zůstávají primárně Office 2010, Office 2013 a Office 2016, přičemž doporučením je využití nejnovější verze pro plnou dostupnost všech vylepšení a integračních scénářů například s Office 365 Groups.

Více informací najdete v KB3199744 či servisním oznámení MC81842.

Konec podpory starších synchronizačních klientů pro Azure AD

Datum: 4. duben 2017

Pokud svoji lokální Active Directory synchronizujete do prostředí Office 365, tedy do Azure Active Directory, a stále k tomuto účelu používáte starší synchronizační nástroje jako DirSync, jejich podpora bude brzy ukončena.

Doporučen je upgrade na nejnovější verzi nástroje Azure AD Connect. Tento nástroj obsahuje možnosti pro automatické aktualizace, kontrolu zdraví vaší AD a samotné synchronizace a v neposlední řadě také možnost zprovoznit nyní v Preview režimu SSO pro Office 365 služby i bez nasazení serverů AD FS.

Více informací najdete v dokumentaci Azure AD Connect či servisním oznámení MC45036.

Konec podpory RPC over HTTP a tedy i Outlook 2007

Datum: 31. října 2017

Počínaje tímto datem budou schránky umístěné v Exchange Online vyžadovat připojení z aplikace Outlook na platformě Windows novější protokol MAPI over HTTP. Ten je nástupcem staršího RPC over HTTP již od roku 2014.

Prakticky tak nebude podporováno nativní připojení z aplikace Outlook 2007. Řešením je upgrade na novější verzi Office, například právě z předplatného Office 365 ProPlus, nebo minimálně plně aktualizované verze Outlook 2010. Pokud upgrade není možný, alternativou je připojení pomocí IMAP nebo využití webového přístupu.

Více informací najde v KB3201590 či servisním oznámení MC85988.

Project Online a konec podpory starších klientů

Datum: 28. února 2017

Pokud využíváte Project Online, od tohoto data bude pro práci s ním zapotřebí využít nejnovějšího klienta aplikace Project. Jedná se tedy minimálně o RTM verzi Project Professional 2016 (16.0.4266.1000) nebo o Project Pro for Office 365 (16.0.6741.2088 pokud využíváte Deffered Channel), pokud využíváte předplatné i pro Project klienta. Plně aktualizované sestavení aplikace Project bude podporovat infrastrukturní změny, které jsou nyní implementovány.

Starší verze jako 2013 a 2010 se mohou při připojení k Project Online setkat s problémy a není doporučeno je dále používat. Toto oznámení se vás samozřejmě nedotkne, pokud využíváte pouze váš lokální Project Server. Doporučeným řešením je aktualizace na novější verzi.

Více informací najdete na blogu Project týmu či servisní notifikaci MC89200.

SharePoint Online a ukončení provozu veřejných webů

Datum: 31. března 2017

Starší Office 365 organizace obsahovaly možnost publikovat veřejnou webovou stránku založenou nad SharePoint Online. Tento Veřejný Web byl volně přístupný z Internetu, ale jeho obsah bylo možné spravovat plně z administrace SharePoint Online v rámci vestavěného editoru. Již v roce 2015 bylo oznámeno, že tato možnost nebude dále podporována a pro nové organizace nebude dostupná.

Nyní po dvou letech budou postupně jednotlivé organizace, které stále tuto funkcionalitu používají, notifikovány a mohou naplánovat migraci této funkce k partnerským službám, které nabízejí tvorbu a správu internetových stránek. Organizace budou moci naplánovat datum, kdy bude tato funkcionalita plně odebrána z jejich prostředí.

Více informací najdete v nápovědě Office 365 či servisní notifikaci MC88504.

Nechcete se starat o čtení servisních notifikací v Office 365? Chcete svěřit správu Office 365 služeb odborníkům nebo využít podporu při migraci a využívání online služeb společnosti Microsoft? Kontaktujte certifikované partnery společnosti Microsoft.

– Petr Vlk (KPCS CZ, WUG)

(この記事は 2017 年 1 月 17 日に Office Blogs に投稿された記事 Breaking down silos—tools for better communication and collaboration の翻訳です。最新情報については、翻訳元の記事をご参照ください。)

現代では、かつてないほど働き方や働く場所が多様化しています。2015 年の調査では、労働者の 37% (英語) が何かしらの在宅勤務を経験しており、多くの企業は世界の複数拠点で多国間の提携関係を結んでいます。地理的に離れているだけでなく、同じ企業内でもプロジェクトや部門によってチームが分かれています。こうした壁がコミュニケーションのサイロ化を促し、分断を深め、チームワークや共同作業を阻む要因となっています。

サイロ化は、ビジネスに重大な (かつ有害な) 影響をもたらします。チーム間に壁ができると、組織全体のコミュニケーションが損なわれることも多く、企業全体にも次のような影響があります。

• コミュニケーションを妨げ、企業文化を阻害する: チームがサイロ化すると、結果的に企業文化の形成が阻まれます。社員が求めるものは、コミュニケーション、共同作業、そして活気ある職場環境です。だれもが、自分らしく楽しく働きたい、チームの一員として働きたいと考えています。事実、労働者の 47% (英語) が、職場環境について同僚と意見を交わすことで、やる気が高まっています。
• 重複作業が生じる: 自分が行った作業を別のだれか (別のチームや他部署のメンバーなど) が行っていたり、複数の人間が同じ情報を探したりするのはとても非効率です。他チームのプロジェクトについて何も知らないと、ビジネスの生産性に深刻な影響を及ぼしかねません。
• 必要とする人に情報が届かない: マネージャーなどの管理職は、平均約 20% (英語) を社内情報の検索や特定業務に詳しい人を探すのに費やしています。

サイロ化を解消しアイデアを共有できるようにする手段として、コミュニケーション ツールが効果的です。その活用方法をご紹介します。

ファイル管理やストレージを効率化する

チームや部署、ツールやデバイスにかかわらず、ファイルをシームレスに共有することが重要です。緊密に統合されたツール スイートやプラットフォームを利用することで、組織全体で人、コンテンツ、業務アプリをしっかりと連携させることができます。ツールの 1 つとしてチーム サイトを活用すると、ドキュメントの作成、情報の保管、プロジェクトの管理などを共同で実施できます。これにより、チーム間のドキュメントの共有や編集がリアルタイムで行えるようになり、さまざまなレベルで共同作業を進められるほか、あらゆるドキュメントをすぐに見つけられる保管場所として利用することができます。

生産性を向上させるには、あらゆる場所からチーム サイトにアクセスし、情報を安全に利用し、遠隔地やモバイル デバイスでも共同作業ができるようにすることが必要です。

今日の 社員の 5 つのタイプ

多様なチーム メンバーの連携をさらに強めることができます。メンバーが遠隔地にいる場合、それぞれ使用するデバイスが異なる場合、共同作業の進め方に関する意見が異なる場合などでは、適切なツールを熟慮する必要があります。すべてのメンバーを支援できる方法をご紹介します。

無料の電子ブックを入手 (英語)

定期的に連絡を取らないチームでは、お互いの業務を把握できていないケースも少なくありません。組織間のコミュニケーションを支援するエンタープライズ ソーシャル ネットワークを利用すれば、情報の分断や部署の壁などの問題を解決できます。企業や部署の垣根を越えて、共通の関心事や業務上の成果、スキルアップなどを目的にグループを作成し、問題を解決したりクラウドソーシングでアイデアを集めたりすることができます。

また組織では、社内ヒエラルキー、コミュニケーションのしくみ、企業文化などが原因で、管理部門や経営陣が孤立しがちです。しかし、チーム ベースのコミュニケーション ツールを用いてグループを作成し、社員と経営陣の双方向の対話を促すことで、こうした階層的な壁を取り払うことができます。

メンバーどうしのつながりを強める

簡単に使える IM や音声通話、ビデオ会議などを利用して、同僚とのやり取りの幅を広げることができます。複数のコミュニケーション手段で、どこにいても同僚とつながるようにすれば、メンバーどうしが頻繁にやり取りして、つながりを強めることができます。

最適な共同作業ツールにより、コミュニケーションの壁を解消し、リソースを自由に活用することで、チームの生産性向上につなげることができます。多様なチーム メンバーによる共同作業を円滑に進めるには、無料の電子ブック「今日の社員の 5 つのタイプ (5 Faces of Today’s Employees、英語)」で詳細をご覧ください。

テクノロジで出張をサポートする方法 続きを読む (英語)

より簡単に契約社員と共同作業を行うための 4 つのヒント 続きを読む (英語)

クラウドでの共同作業を成功させる 3 つのテクニック 続きを読む

Jan.

25

Script Download:
The script is available for download from https://gallery.technet.microsoft.com/scriptcenter/Determining-which-version-af0f16f6.

The sample code demonstrates how to determine the version and edition of SQL Server Database Engine that is running by SQL Script.

You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery

Buenas,

En este post os queríamos hacer llegar información sobre el sitio donde ir a localizar información que se nos pregunta de manera recurrente, y creemos os pueda resultar interesante, de tal manera que os sirva de repositorio para confirmar determinadas cuestiones relativas a Project, Project Online, Project Server, etc.

El sitio en concreto se llama Project: Preguntas más frecuentes.

Y tiene varias secciones claramente diferenciadas:

• Administración de proyectos (escritorio)
• Administración de la cartera de proyectos (PPM)
• Recursos

Esperamos os resulte de interés, un saludo

Jorge Puig

Azure bietet eine Vielzahl von unterschiedlichen VM Konfigurationen als Teil von Infrastructure as a Service (IaaS). Diese lassen sich für unterschiedliche Einsatzzwecke verwenden, darunter Webserver, Applikationsserver aber auch zum Betrieb von SAP Lösungen. Die Azure Rechenzentren sind für den Betrieb von verschiedenen SAP Workloads zertifiziert.

Mit der Produktivsetzung von Azure Germany können SAP Lösungen auch in Rechenzentren in Deutschland (Frankfurt und Magedeburg) provisioniert werden.

Die für die Bereitstellung von SAP auf Azure benötigten Betriebssysteme stehen bereit. Sowohl Abbilder von SuSE (SuSE Enterprise Linux) und Red Hat (Red Hat Enterprise Linux) können zu diesem Zweck eingesetzt werden.

SAP HANA in Azure Germany

SAP NetWeaver in Azure Germany

Nachfolgend noch einige weiterführenden Links:

• https://azure.microsoft.com/en-us/services/virtual-machines/sap-hana/
• https://docs.microsoft.com/en-us/azure/virtual-machines/linux/sap-hana-overview-architecture
• https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-windows-sap-get-started
• https://docs.microsoft.com/en-us/azure/virtual-machines/virtual-machines-linux-sap-get-started
• https://blogs.msdn.microsoft.com/saponsqlserver/2016/12/16/sap-support-for-azure-resource-manager/
• https://wiki.scn.sap.com/wiki/display/VIRTUALIZATION/SAP+on+Microsoft+Azure

I’m a little late catching up on a great development in the Power BI/SSRS story, but this month a new Tech Preview was released which allows you to display your Power BI files in the browser:

Getting started with the Technical Preview of Power BI reports in SQL Server Reporting Services

As you’ll see from the text and the comments, this version restricts the data sources you can use for your Power BI reports and doesn’t play well with the Mobile client, but it’s a great step forward to being able to better share your Power BI creations without using the PowerBI.com service.

Now if I could just fast forward and have the ability to embed the reports in a SharePoint web part or a PowerPoint presentation….

Using Windows Event Forwarding (aka Windows Event Collection) events can be forwarded from various nodes to a central collector server. Having logs centrally makes it simpler to analyze the logs, additionally any uninteresting entries can be filtered out by configuring the appropriate event filters. To prevent tampering on the collected logs the events can be forwarded to a dedicated, non-domain joined machine. This guide is about how to setup such a configuration.

This guide documents a step by step approach to achieve the above configuration and is intended as an initial lab or learning exercise.  The document may be used as a template to configure Event Forwarding inside your organization, in which case changes to the template to reflect those differences are required.  I recommend you test these steps prior to implementing in a production environment.

To enable Windows Event Forwarding to forward events to a centralized non-domain joined collector server the following steps must be completed.

• Configure an Enterprise PKI configuration.
• Create specific certificate templates.
• Issue a certificate for the collector server.
• Configure the collector server.
• Finally, configure the policy to enable event forwarding.

Prerequisites

The article assumes the following components and services are present and operating without issue before starting the Windows Event Forwarding configuration.

–          A Microsoft Active Directory Server running Windows 2012 or later.

–          A Domain Joined Server for hosting the Enterprise PKI CA Server running Windows 2012 R2 or later.

–          A standalone Windows 2012 R2 or later server for the Event collector.

–          Network connectivity between all the systems.

–          DNS name resolution is working and all systems have valid records in the DNS domain zone.

Please Note: If the systems are not running Windows 2012Windows 8 or later the private key permissions can’t be configured to give access to ‘Network Service’ which is required for the setup to complete successfully. In this case, you’ll need to adjust the client compatibility setting to match the OS level in the certificate template and manually assign the Private Key rights to the Network Service Account after issuance of the Certificate in this configuration.

The Lab

This lab uses the following systems:

Windows Server with Directory Services installed

IP:                           10.0.0.190

Name:                   vm3.contoso.local

Domain:               contoso.local

Domain Joined Windows Server

IP:                           10.0.0.191

Name:                   vm4.contoso.local

Domain:               contoso.local

Domain Joined Windows Server

IP:                           10.0.0.192

Name:                   vm5.contoso.local

Workgroup:        Workgroup

Enterprise PKI Configuration

The Enterprise CA installation and configuration listed is a bare minimum and is not intended as a reference guide for implementing a secure PKI implementation. Items such as Backup, Recovery, Hardening the CA, Hardware Key Protection (HSM) and PKI hierarchy are therefore not included in this document. After configuration validate that the PKI environment and CRL publication is working properly.

Installation of Active Directory Certificate Services (ADCS) (VM4)

–          Log in onto VM4 as an Enterprise Administrator

–          Launch PowerShell as Elevated user.

–          Install the ADCS and IIS binaries using PowerShell:

Add-WindowsFeature Adcs-Cert-Authority,Web-Server,Web-Mgmt-Console,RSAT-ADCS

–          Configure the ADCS role using PowerShell:

Install-AdcsCertificationAuthority -CACommonName "Contoso-Enterprise-CA" -CADistinguishedNameSuffix "O=Contoso" -CAType EnterpriseRootCA -CryptoProviderName "RSA#Microsoft Software Key Storage Provider" -HashAlgorithmName SHA256 -KeyLength 4096 -ValidityPeriod years -ValidityPeriodUnits 20

–          The configuration should complete without error:

–          Configure the CRL (Certificate Revocation Information) for the CA from the PowerShell console:

certutil -setreg CACRLPublicationURLs "1:c:inetpubwwwrootpki%3%8%9.crln65:C:Windowssystem32CertSrvCertEnroll%3%8%9.crln2:http://%1/PKI/%3%8%9.crl"

–          Create the folder on the webserver where the CRLs are published from the PowerShell console:

New-Item -ItemType Directory C:inetpubwwwrootPKI

–          Restart the Certificate Services to complete the configuration from the PowerShell console:

Restart-Service CertSvc

–          Wait a few seconds for the CA service to be started, next generate a CRL by running from the PowerShell console:

Certutil -crl

–          Validate the configuration of the CA by running pkiview.msc

–          Make sure all items have an ‘OK’ status. Close all open PowerShell and PKIview Windows.

Certificate Templates

To enable certificate based authentication between the clients in the Domain and the Collector server certificates need to be issued to all relevant endpoints. This chapter creates and publishes the templates that are used to request and issue these certificates.

Creation of the templates (VM4)

–          Log in onto VM4 as an Enterprise Administrator

–          Start certtmpl.msc

Computer Template

This template and related settings are used for configuration of event forwarding for servers and workstations.

–          In the Certificate Template Console, select ‘Computer’, right click and select Duplicate.

–          On the compatibility tab, select for Certification Authority – ‘Windows Server 2012 R2’ and for Certificate recipient – ‘Windows 8 / Server 2012’

–          On the Request Handling of the Template enable additional service account access to the private key.

–          Click the ‘Key Permissions’ button and add ‘Network Service’ with Read Permissions.

–          On the General tab, provide the name ‘Contoso Computer’

–          On the Security Tab, select ‘Autoenroll’ for ‘Domain Computers’

–          Leave all other tabs unchanged.

–          Click OK to Close.

Domain Controller Authentication Template

                This template and related settings are required for Domain Controller event forwarding.

–          In the Certificate Template Console, select ‘Domain Controller Authentication’, right click and select Duplicate.

–          On the compatibility tab, select for Certification Authority – ‘Windows Server 2012 R2’ and for Certificate recipient – ‘Windows 8 / Server 2012’

–          On the Request Handling of the Template enable additional service account access to the private key.

–          Click the ‘Key Permissions’ button and add ‘Network Service’ with Read Permissions.

–          On the General tab, provide the name ‘Contoso Domain Controller Authentication’

–          Leave all other tabs unchanged.

–          Click OK to Close.

WebServer Template

–          In the Certificate Template Console, select ‘Web Server’, right click and select Duplicate.

–          On the compatibility tab, select for Certification Authority – ‘Windows Server 2012 R2’ and for Certificate recipient – ‘Windows 7 / Server 2008 R2’

–          On the General tab, provide the name ‘Contoso Web Server’

–          On the Request Handling tab, select ‘Allow private key to be exported’

–          On the security tab, add the CA server’s computer account. And enable the ‘Enroll’ permission.

When adding the Computer account make sure to select ‘Computers’ for the ‘Object Types’, otherwise the computer will not be found.

–          Leave all other tabs unchanged.

–          Click OK to Close.

–          Close the ‘Certificate Templates Console’

Template Publication

–          Launch PowerShell as Elevated user.

–          Add the Templates created in the previous step to the CA by running:

Add-CATemplate -Name "ContosoWebServer"

Add-CATemplate -Name "ContosoComputer"

Add-CATemplate -Name "ContosoDomainControllerAuthentication"

Adjust the template names when different names have been selected by the previous steps

–          Remove unused templates:

Remove-CATemplate -Name "DomainController" -force

Remove-CATemplate -Name "DomainControllerAuthentication" -force

Remove-CATemplate -Name "KerberosAuthentication" -force

Remove-CATemplate -Name "DirectoryEmailReplication" -force

–          Close the PowerShell Console.

Certificate Preparation

To secure the communication on the Windows Event Forwarding Collector, a certificate is needed. Because the machine is not member of the Domain requesting a certificate is, in this occasion, done on the CA itself.

Creation of the Collector Certificate (VM4)

–          Log in onto VM4 as an Enterprise Administrator

–          Start certlm.msc

–          Right click on the ‘Personal’ node and select ‘All tasks’, ‘Request new Certificate’

–          Click next until the list with available Certificates is shown.

–          Tick the checkbox in front of ‘Contoso Web Server’ and Click the blue hyperlink.

–          Set the subject name type to be ‘Common name’, and the value is the FQDN of the Windows Event Forwarding Collector server. In this case vm5.contoso.local. Click Add and close the dialog by clicking OK.

–          On The Certificate Enrollment dialog, click Enroll and Finish.

–          Browse to the node: PersonalCertificates

–          Right Click on the entry ‘vm5.contoso.local’ and select ‘All tasks’, ‘Export…’

–          Click Next

–          On the Export Private Key dialog, select ‘Yes, export the private key’ and click Next

–          On the Export File Format dialog, also select the option ‘Delete the private key if the export is successful’ and click Next

–          On the security page, provide (and remember) a password to protect the file. Click Next.

–          Provide the filename ‘vm5.contoso.local.pfx’ and save the certificate and key to removable media, it will be needed on VM5 later on.

–          After successful completion of the export, delete the ‘vm5.contoso.local‘-entry from the certlm console. – Do not delete other certificates!

Configuration of the Collector Server

The collector server needs to be configured to allow remote clients to push event logs. The certificate is added, PKI trust is established and firewall ports are opened.

Importing the certificates (VM5)

–          Log in onto VM5 as an Administrator.

–          Copy the ‘vm5.contoso.local.pfx’ file from the removable media to the administrator’s desktop on VM5.

–          Launch PowerShell as Elevated user.

–          Run the following script from the PowerShell console:

function import(){

#Import the Certificate and Private Key

$CC = Import-PfxCertificate -FilePath "C:UsersAdministratorDesktopvm5.contoso.local.pfx" -CertStoreLocation cert:LocalMachineMy -Password (Read-Host "Enter PFX password" -AsSecureString )




#Get CA Certificate and move to Trusted Root Authorities

$CA = (Get-ChildItem -Path Cert:LocalMachineCa | Where-Object {$_.Subject -match "Contoso"}).Thumbprint

move-item -Path Cert:LocalMachineCa$CA Cert:LocalMachineRoot




#Grant the Network Service Access to the private Key

$KP = "$($env:ProgramData)MicrosoftCryptoRSAMachineKeys$($CC.PrivateKey.CspKeyContainerInfo.UniqueKeyContainerName)"

$acl = Get-ACL $KP

$acl.AddAccessRule((New-Object -TypeName System.Security.AccessControl.FileSystemAccessRule -ArgumentList "NetworkService","Read,FullControl","Allow"))

Set-Acl -Path $KP -AclObject $acl

}




$ErrorActionPreference = "Stop"

import

–          Keep the PowerShell Console open.

Configuring the subscription listener (VM5)

-          Run the following command from the PowerShell console to enable and Configure WinRM:

winrm qc –q

–          Run the following commands from the PowerShell console to enable and Configure Windows Event Collection:

#Configure WEC

wecutil qc /q

#Enable Certificate based authentication

cmd /c 'winrm set winrm/config/service/auth @{Certificate="true"}'

#Configure HTTPS transport binding

cmd /c 'winrm create winrm/config/Listener?Address=*+Transport=HTTPS @{Hostname="vm5.contoso.local"}'

#Delete HTTP binding

cmd /c 'winrm delete winrm/config/Listener?Address=*+Transport=HTTP'

–          Run the following command from the PowerShell console to allow inbound HTTPS traffic on port 5986:

netsh advfirewall firewall add rule name="Windows Event Forwarding and HTTPS Remote Management" protocol=TCP dir=in localport=5986 action=allow

–          Close the PowerShell Console.

Creating a source based subscription listener (VM5)

–          Launch the Event Viewer.

–          Right Click ‘Subscriptions’ and click ‘Create Subscription…’.

–          Type the subscript name and set the Subscription type to be ‘Source computer initiated’.

–          Click the ‘Select Computer Groups’ button. Click the ‘Add Non-domain Computers’ button and provide the DNS name of the Forest with a wildcard. In this case *.contoso.local.

–          Click the ‘Add Certificates button’ and select the CA Certificate ‘Contoso-Enterprise-CA’. Click OK to close the dialog.

–          Click the ‘Select Events’ button. Provided the Filter for the Events needed to be forwarded to the Collector server.

In this case we have selected a number of Security Event log records. Click OK to close the dialog.

–          Click the Advanced button and set the protocol to HTTPS. Click OK to close the dialog.

–          Close the Subscription Properties dialog by clicking OK.

Configuring the Clients

To enable submission of the Events to the collector a GPO will be created to enable the computer to Enroll for a certificate, update group membership and configure the Event Forwarding.

Getting the Thumbprint for the issuing CA certificate (VM3)

The Thumbprint of the CA certificate is needed throughout the configuration of the Event Forwarding. This a property of the CA Certificate.

This field can be copied from the CA certificate or retrieved from Active Directory using a simple script.

–          Log in onto VM3

–          Launch PowerShell

–          Run the following script from the PowerShell console:

$DC = ([adsi]"LDAP://rootDSE").InvokeGet('rootDomainNamingContext')

$ES = [adsi]"LDAP://CN=Enrollment Services,CN=Public Key Services,cn=Services,cn=Configuration,$DC"

foreach($ca in $ES.Children) { $c = [System.Security.Cryptography.X509Certificates.X509Certificate2]($ca).cACertificate[0] "$($c.Subject): $($c.Thumbprint)" }

–          Save the Thumbprint for later use, in this case the Thumbprint is: 5D0F57BB715E337BF7C8D3A429081D27BEF1B3CF. When creating the Group Policy, this value is needed.

–          Close the PowerShell Console.

Preparing Domain Controller for Event Forwarding

–          To enable Domain Controllers to forward events the ‘Network Service’ account must be member of the Active Directory Build-in group ‘Event Log Readers’.

In Active Directory add the ‘Network Service’ account to the ‘Event Log Readers’ Group. Each DC must be rebooted to apply this new membership.

Creating the Group Policy

–          On VM3 open GPMC.MSC.

–          Create a new Group Policy Object and name it ‘Windows Event Collection (VM5)’.

–          After the creation right click on the policy and click ‘Edit’.

–          Browse to Computer Configuration, Policies, Windows Settings, Security Settings, System Services.

–          Open the ‘Windows Remote Management’ entry. Select ‘Define this policy setting’ and set the service mode to ‘Automatic’. Click OK.

–          Browse to Computer Configuration, Policies, Windows Settings, Security Settings, Public Key Policies/Certificate Services Client – Auto-Enrollment Settings.

–          Open the ‘Certificate Services Client – Auto-Enrollment’. Set the Configuration model to: ‘Enabled’ and tick the ‘Renew’ and ‘Update’ checkbox. Click OK.

–          Browse to Computer Configuration, Policies, Windows Settings, Administrative Templates, Windows Components, Event Forwarding.

–          Open the item ‘Configure target Subscription Manager’ and set the Policy to ‘Enabled’.

–          Click the ‘Show…’ button. Add the line ‘Server=HTTPS://<SERVERFQDN>:5986/wsman/SubscriptionManager/WEC,Refresh=<RefreshSeconds>,IssuerCA=<CA-Cert-Thumbprint>’, in this Lab the setting is ‘Server=HTTPS://vm5.contoso.local:5986/wsman/SubscriptionManager/WEC,Refresh=600,IssuerCA=5D0F57BB715E337BF7C8D3A429081D27BEF1B3CF’ – The thumbprint was retrieved in the first step of the paragraph.

Click OK to close the dialog.

–          Browse to Computer Configuration, Preferences, Control Panel Settings, Local Users and Groups.

–          Right click, and click ‘New, Local Group’

–          For the group name, select ‘Event Log Reader (built-in)’ form the list.

–          Click ‘Add…’ to add the user ‘Network Service’ by typing the name in the ‘Name’ field.

–          Close all dialogs by clicking OK.

Apply the Policy

–          After completion of the steps link the policy to the OUs where the Computer Objects in AD reside.

–          For group memberships to be updated correctly the systems must be rebooted.  A gpupdate /force will not suffice.

Troubleshooting

The Windows Event Forwarding Plugin writes log information to ‘Applications and Services logs, Microsoft, Windows, Eventlog-ForwardingPlugin’ on each client.

To apply configuration changes, restart the ‘Windows Remote Management’ Service.

These are the most common errors that might occur:

–          Error: The WinRM client cannot process the request. The Enhanced Key Usage (EKU) field of the certificate is not set to ‘Client Authentication’. Retry the request with a certificate that has the correct EKU.

Solution: WinRM cannot find a usable certificate. Make sure a certificate is issued from the CA that was specified in the IssuerCA= setting and is using the correct template.

–          Error: The forwarder is having a problem communicating with subscription manager at address <server>.  Error code is 2150858882 and Error Message is .

Solution: There are no certificates available on the client machine. Ensure auto enrollment configuration is correct. Force an enrollment by running ‘certutil –pulse’ from a admin console.

–          Error: WS-Management cannot process the request. The operation failed because of an HTTP error. The HTTP error (12186) is: The client certificate credentials were not recognized.

Solution: Make sure ‘Network Service’ has permissions to read the private key. Assign permissions using Certlm.msc, by selecting the certificate and selecting ‘All tasks, Manage private keys…’ from the context menu.

–          Error: The subscription Example Source Based Subscription cannot be created. The error code is 5004.

Solution: ‘Network Service’ is not member of the ‘Event Log Reader’ group on the local PC. Update the membership and reboot the system.

–          Error: The WinRM client cannot process the request. The destination computer (<server>) returned an ‘access denied’ error. Specify one of the authentication mechanisms supported by the server. If Kerberos mechanism is used, verify that the client computer and the destination computer are joined to a domain. Possible authentication mechanisms reported by server:     Negotiate   ClientCerts

Solution: Make sure the CA certificate trust is configured properly on the Collector server. Ensure that the CRL revocation data is reachable from the Collector Server.

Die ersten Neugierigen trafen schon vor Beginn der Veranstaltung ein, als es am Freitagabend “Herzlich Willkommen im #OfficemitWindows!” hieß. Dorthin, in unsere neue Unternehmenszentrale in München-Schwabing, haben wir im Rahmen der Langen Nacht der Architektur Münchnerinnen und Münchner eingeladen, um ihnen unsere Vision einer neuen Arbeitswelt zu zeigen. Und so viel sei vorweggenommen: Zahlreiche Interessierte sind der Einladung gefolgt – rund 3.700 Besucher waren es insgesamt im Laufe des Abends!

Atrium, Digital Eatery, Smart Workspace und viele, viele Besucher

Wer könnte unseren Gästen einen authentischeren Einblick in unser Office und unsere Art zu arbeiten geben als wir selbst als Microsoft Mitarbeiter?! So standen 15 Kolleginnen und Kollegen aus verschiedensten Unternehmensbereichen den Besuchern als Ansprechpartner zur Verfügung. Von 19:00 bis 24:00 Uhr zeigten wir ihnen nicht nur unser Atrium, in dem riesige von der Decke hängende LED-Panels (unser “Digital Chandelier” aka “Chantal” wie die Bauarbeiter ihn einst tauften – der Name hat sich intern klar durchgesetzt :-)) unsere Gäste mit leuchtenden Farben begrüßten, sondern auch die Digital Eatery, die Kantine und einen Smart Workspace Bereich im ersten Stock. Darüber hinaus fanden im Erdgeschoss durchgehend Vorträge über unsere Arbeitswelt statt. Um 20:45 Uhr waren bereits 1.300 Gäste gezählt und wir mussten den Bereich im ersten Stock zeitweise wegen Überfüllung schließen lassen und der Einlass konnte nur noch schubweise erfolgen. Dieses Prozedere zog sich durch den ganzen Abend. Doch unsere Besucher störte das keineswegs, da sie schon während der Wartezeit mit Kolleg(inn)en ins Gespräch kamen und ihre Fragen stellen konnten. Andere vergnügten sich an der Bar der Digital Eatery oder verschnauften bei einem Stück Pizza in der Kantine, bevor es mit den Besichtigungen weiterging. Bis kurz vor Mitternacht kamen immer wieder neue Gäste in unser Office.

“Geht das wirklich ohne Papier?” und “Wo sind eigentlich die Telefone?”

Einige Gäste schienen schon eine Menge über unser Konzept des “Smart Workspace” gehört und gelesen zu haben und stellten spezifische Fragen zu den unterschiedlichen Arbeitsbereichen, unserer vollvernetzten Organisationsstruktur, agilen Prozessen und Social Enterprise-Lösungen. Für andere wiederum war das alles Neuland. So entstanden spannende Gespräche und ein reger Austausch zwischen den Besuchern und uns, während sich die Gänge immer weiter füllten.

Ob wir wirklich weitestgehend papierlos arbeiten könnten und wo eigentlich die Telefone seien – diese zwei Fragen gehörten zu den am häufigsten gestellten. Auch wenn die Digitalisierung am Arbeitsplatz für viele noch in weiter Ferne zu sein schien, war das Interesse an unseren Erfahrungen sehr groß. Nicht zuletzt hat uns der Abend gezeigt: Die Frage nach der Zukunft der Arbeit ist ein gesellschaftlich hoch relevantes Thema, das neben Neugier und Begeisterung durchaus auch kritische Reflexionen hervorruft – in jedem Fall die Menschen aber sehr beschäftigt. Wir freuen uns, dass wir an diesem Abend die digitalisierte Arbeitswelt durch unsere persönlichen Erfahrungsberichte zum #worklifeflow mit #Vertrauensarbeitsort und -zeit für unsere Besucher greifbarer machen und mit Leben füllen konnten.

Allen, die jetzt auch neugierig sind, sei der folgende Drohnenflug durch unser Gebäude ans Herz gelegt – oder kommt doch einfach mal vorbei: Das Atrium und unsere Digital Eatery sind unter der Woche öffentlich zugänglich und freuen sich auf Besucher! Außerdem findet Ihr weitere #worklifeflow Geschichten einiger Kolleg(inn)en ab sofort und im Laufe der kommenden Wochen als Podcasts in unserem Soundcloud Kanal.

Ein Beitrag von Maren Michaelis (@MarenM__)

Communications Manager Employer Branding & Relocation

Today’s Tip…

You can deploy the DNS server role in Windows Server 2016 on a Nano Server image. Because the Domain Controller role is not supported on Nano Server, the DNS server cannot host AD-integrated DNS zones; the DNS server will therefore use file-based DNS zones only.

Administration of DNS, like all other Nano features, must be performed remotely through management consoles, PowerShell scripting, or utilities. See the following resource for more information on installing and managing the DNS Server role service on Nano Server:

How to Deploy Windows DNS Server on Nano Server

Gareth Jones takes a look at the Azure Stack, including what it is, what it does and how your business can best take advantage of it.

By Gareth Jones

It’s been over a year since Microsoft accounted and released a public preview of Azure Stack. After scrambling around for some fairly beefy hardware, I excitedly downloaded it to see what this thing is all about. In this article I will go through the benefits of the Azure Stack and how it is a game changer for all types of sectors.

[Figure 1: Azure Stack Portal]

What actually is Azure Stack?

The Azure Stack is effectively Microsoft’s Azure cloud brought into your on-premise datacenter. It’s the way in which Microsoft deploy their Software Defined Datacenter, utilizing the amazing new features of Server 2016. Under the hood it’s running Hyper-V, Software Defined Networking and Software Defined Storage, but the exciting piece is that you don’t need worry about any of that because it’s done for you.

If we back track slightly, for years Microsoft have given us recommendations on how to architect and deploy software and infrastructure and yet seldom has this been followed to the letter. In some cases this is justified however in others it is purely a preference. Imagine now Microsoft give you a script and it deploys the perfect IaaS platform in your datacenter running optimally across 30 physical hosts. Well that is Azure Stack in a nutshell.

You must remember this is not something that is functionally the same as Azure, it is Azure in your datacenter.

Why do I need Azure On-Prem?

A common question is “why do I need Azure in my own on-premise datacenter? Isn’t that the whole idea of cloud?” Well, as we all know, not every customer can or will move to cloud services straight away. They want control and guarantee where their data and infrastructure is. Let’s say the customer wants to eventually move to Azure but at present want complete control and have reservations in regards to security and compliance. Azure Stack to the rescue. The customer can leverage the cool features currently available in Azure but retain complete control of the environment. A great staging process to enable the movement to the public Azure when ready and takes a lot of the hard work out of the migration.

[Figure 2: Azure Stack Comparison]

Essentially Azure Stack enables organisations to run an even richer set of Azure services within their own data centers. It provides a consistent development model, as well as management model and overall ecosystem, across both the public and the private cloud environments, so that you can build applications that leverage the richness of Azure, both from an infrastructure as well as a platform-as-a-service capability, and deploy them wherever it makes the most sense for your business.

Azure Stack for Development and Test Scenarios

Let’s think Azure Resource Manager Templates for a moment. You can create these templates which are interchangeable between Azure Stack and Azure Cloud and deploy exactly the same set of resources regardless of platform. Ideal for labs, customer demos, testing and development. This, coupled with the ability to use these templates over and over again could make deployments to customers hours not weeks or months!

Azure Stack Scalability

Another early adopter scenario that we’re building out with Azure Stack is for an organization that wants and needs the scalability that Azure currently provides, but in a private highly secured environment. Not everyone is moving to the public cloud, or at least right now, for those organisations that have applications they want to scale and manage the same way as they would in Azure, but within the constraints of their own datacenters, Azure Stack will give them that capability.

Azure Stack for Hosting Providers

Given the Azure Pack for System Center is out of mainstream support this year, both Hosting and Managed Service Providers really have a unique opportunity by differentiating their services leveraging the Azure Stack. Enabling customers to leverage the same set of services and infrastructure in a Private Cloud / Hosted environment as Public Azure yet having more control is a great opportunity.

Hands-on with Azure Stack

It’s time to start getting to grips with Azure Stack. We are currently on Technical Preview 2 (TP2) which can be downloaded here. We should see TP3 soon before GA which is scheduled for Mid CY2017 so time is of the essence.

The hardware required to run Azure Stack is fairly significant. See the useful links section for installation details.

Understandably you may not have this level of hardware readily available so there are ways around the hardware requirements for testing. It is possible to run it inside a Nested VM but with the caveat you will not achieve the performance required for a true POC. There are several blogs to assist with this include my own here.

How will it work when it goes GA?

Azure Stack will be delivered via turnkey integrated systems in the initial general availability release, combining software, hardware, support and services in one solution. Microsoft have been working with systems vendors on integrated systems for a while now and see this as the best approach to bring Azure innovation to customer datacenters reliably and predictably. Microsoft are co-engineering these integrated systems with Dell, HPE, and Lenovo to start, however these will be industry-standard servers just configured in a pre-determined and tested manner.

Microsoft Principal Group Program manager Vijay Tewari made the case for shipping the GA release on a small set of hardware stating that it leads to a better product that’s more useful out of the gate. Having a defined set of systems will allow the Azure Stack team to more rapidly deploy updates to Azure Stack consumers.

Useful Links

• Azure Stack Download
• Installation Documentation
• Do more with Azure

Today’s Tip…

Ever since Microsoft and Citrix announced a significant reinvigoration to our long-standing partnership at Citrix Synergy in May, things have been very busy. At today’s Citrix Summit event, Scott Guthrie (the EVP of Microsoft’s Cloud + Enterprise organization and my boss) and Kirill Tatarinov (Citrix CEO and President) shared an update on the status of this partnership and the integrated scenarios we are building together.

In this post we’re going to provide some additional details on the work Microsoft is doing, as well as share some insight into the feedback we have personally heard from customers.

Customer Reaction

• Active Directory, System Center Configuration Manager (ConfigMgr), Windows, and Citrix XenApp/Desktop are staples in many enterprise organizations. As more and more work is done on mobile devices, enterprises have sought out the best solutions for empowering this mobile productivity.  What I have seen change dramatically over the last year is the high priority organizations place on finding comprehensive and integrated solutions which empower users across mobile devices in a way that is integrated with what they’ve been doing on PCs for years.  This is – obviously – no small task.
• Since the announcements in May, and the increased collaboration between Microsoft and Citrix, we have met with hundreds of customers who want to know more about what’s coming next in this partnership. Enterprises from all over the world have repeatedly emphasized that interoperable Microsoft and Citrix solutions will deliver the comprehensive and integrated capabilities they need. The interoperation between Citrix solutions like NetScaler and Intune & Azure AD, as well as Citrix’s core offerings in XenApp and XenDesktop running on Azure, deliver incredible customer benefits.

Here is a list of benefits that customers regularly tell us they expect to see:

• Your users will be more productive. While some organizations may have already deployed an EMM solution, that solution has often acted as an island that does not integrate with the tools already in use.  The integrated capabilities coming from Microsoft and Citrix will deliver consistent experience for users no matter what kind of device is being used (PC, tablet, phone, etc.) and independent of how the apps are being delivered (native or remote). Users simply authenticate and are then presented with everything they need to be productive.  I have seen this “Ah-ha” moment occur in countless conversations.

• Corporate data will be more secure. Securing company data is one of the primary reasons why customers deploy Microsoft and Citrix solutions today. Whether it is verifying the user identity, setting security policies on PCs/mobile devices, hosting apps and desktops in the datacenter, or separating corporate things from personal things on all devices – securing corporate data is one of the primary objectives for every enterprise.  The integrated scenarios from Microsoft and Citrix will deliver a consistent set of management and security settings (that IT loves) that have been engineered into the solutions to help guide the user in very natural and unobtrusive ways (which end users love).

• IT will be more efficient. This depth of scenario-integration simplifies what IT must do to deliver a secure and user-friendly working experience.  We have engineered these solutions to be used together – this means IT does not have to cobble together disconnected solutions on their own or juggle multiple vendors (which adds time and reduces the number of things to purchase, deploy and maintain).

Update on Integration

• In May, we shared details around four key areas where we are focusing our efforts.  Below is a status update for each focus area with links to announcements made today by Citrix.

Accelerating the Move to the Cloud. In most customer conversations we are told that deploying new solutions on-premises (rather than in the cloud) is becoming very rare.  Organizations clearly see the value and agility that comes from moving to the public cloud – and that move is accelerating. Kirill has also told me that in his customer conversations one of the top requests he gets is for Citrix to deliver hosted cloud services. Organizations want to move to a model where they do not have to deploy, manage, secure, and upgrade Citrix farms any longer – instead, they want Citrix to do that for them. These customers want Citrix-as-a-Service.  Today, Citrix provided further updates on their, Azure-hosted, XenApp Essentials and Xen Desktop Essentials offerings.  I love this news!  Citrix is delivering a solution that provides a common control plane (also hosted on Azure) that enables management of the Citrix solutions on-premises and in the cloud.  You can move your hosted desktops/apps to Azure at your own pace with a single place and method to manage them.

Accelerating the Move to Office 365. Office 365 is one of the most-used Enterprise Cloud services in the world with more than 85M monthly active commercial users of Office 365.  Organizations are moving their e-mail and collaboration to the cloud, and, increasingly, they’re also moving their voice and video conferencing with Skype for Business.  Skype for Business has been optimized to be used in a Citrix XenApp/Desktop environment – both on-premises and with the new Azure hosted Citrix services.  This is available today and Citrix is the only desktop/app remoting solution for which Skype for Business optimization is available.

Accelerating the Move to Windows 10. Windows 10 is the most secure version of Windows we have ever released, and it is the most secure platform for business. Users and organizations are moving rapidly to Windows 10; there are more than 400M Windows 10 devices in use today. This movement to Windows 10 represents the fastest upgrade to a new version of Windows ever!  AppDNA from Citrix is available today and provides a way to quickly and easily identify any applications that would have compatibility issues with Windows 10.  This enables organizations to decrease their internal validation efforts and planning and start the upgrade process much sooner.  A key part of that upgrade is Configuration Manager which is, by far, the preferred tool for managing Windows 10 – it currently manages more than 99% of the Windows 10 devices in production in the Enterprise.

Further Empowering Users on Mobile Devices. Microsoft Enterprise Mobility + Security (EMS) has become the largest EMM offering in the market with more than 37,000 enterprise customers. As we expand capabilities for our joint customers, Citrix announced today that the work to have Citrix NetScaler seamlessly interoperate with Microsoft Intune is complete and generally available. NetScaler now validates that any device attempting to access on-premises resources is known and meets the enrollment/compliance requirements provided by Intune before allowing a VPN session to be established.  You can learn more about this here.

• In addition Citrix announced the availability of a tech preview for XenMobile Essentials, which was engineered to interoperate with and bring additional value to Microsoft EMS customers. To get all the benefits of XenApp and XenDesktop with XenMobile Essentials together in one package, Citrix also announced that the upcoming Workspace Essentials includes all of this.

References:

• “Partnership Update:  Microsoft & Citrix” – https://blogs.technet.microsoft.com/enterprisemobility/2017/01/09/partnership-update-microsoft-citrix/
• “Microsoft and Citrix Partner to Help Customers Move to the Cloud” – https://blogs.technet.microsoft.com/enterprisemobility/2016/05/24/microsoft-and-citrix-partner-to-help-customers-move-to-the-cloud/
• “The Citrix and Microsoft Partnership Hits the Accelerator” – https://www.citrix.com/blogs/2017/01/09/the-citrix-and-microsoft-partnership-hits-the-accelerator/
• “Better Together: NetScaler Unified Gateway & Microsoft EMS” – https://www.citrix.com/blogs/2017/01/09/better-together-netscaler-unified-gateway-microsoft-ems-2/