(この記事は2017年11月7日にMicrosoft Partner Network blog に掲載された記事 The secret to building IP: It’s easier than you think の翻訳です。最新情報についてはリンク元のページをご参照ください。)

クラウド コンピューティングの人気が高まっていることから、パートナー様の競争は激化しています。このような状況にあってさらなる差別化を図るには、特定の業界内で独自の専門サービスを提供する必要があります。そして、ビジネスを差別化するにあたって最も収益性の高い方法は、知的財産 (IP) を構築することです。

パートナー様の大半はパッケージド IP の有望な点を理解してはいるものの (2017 年 6 月に MDC Research が実施したクラウド プラクティス開発スタディによると、経常収益ベースの粗利率は平均 70%)、一部のパートナー様はまだ投資する準備ができていないと感じています。しかし、そのビジネス チャンスは非常に大きいため、本格的にご検討されることをお勧めします。またこれとは別に、自覚のないまま IP を提供していて、有償サービスとしてビジネスを展開する準備が整っていないパートナー様もいらっしゃいます。

IP を構築することで、より包括的なサービスを提供すると共に、顧客維持率を高めて真の顧客生涯価値を生み出して、クライアントにとって唯一の存在になることができます。経営者にとっては、企業価値が劇的に高まるというメリットもあります。最近の調査によると、所有する IP の大部分を収益化しているパートナー様は、そうでない企業と比較して企業価値が 5 ～ 10 倍になることが判明しています。

では、どのように始めれば良いのでしょうか。

自社の IP を発見する

まずは、既に所有している隠れた IP を探し出して、それに対するイノベーションを継続します。顧客からの要望を精査し、特に要望の多いソリューションを見極め、その機能をパッケージ化することを検討します。専門的な製品に変換できる、再現可能な要素を特定しましょう。

そのためには、ソリューションを製品化する機会を積極的に模索する必要があります。重点的に取り組む分野を 1 つか 2 つに絞り込んでトライアル プロジェクトを立ち上げ、その分野のターゲット顧客のプロファイルを作成することで、独自のソリューションを構築できるようにします。

視野を狭めやしないかと不安に思う必要はありません。ある機能を自動化する数行のコードであっても、ターゲットとなる市場にとって特別な価値を生み出すなら、りっぱな IP です。

ソリューションを完全に差別化するために、サービスを特定業種に特化させる方法や市場投入のアプローチを検討してください。

パートナー様のコア コンピテンシーの範囲外であるからというだけで、ビジネス チャンスを無視しては損です。リソースが限られている場合は、IP 開発の提携やアウトソーシングを検討してみましょう。そうすることで、顧客に対しても自社にとっても大きな効果が期待できます。

RedPixie のアプローチ

ロンドンに拠点を置くマイクロソフト パートナー RedPixie (英語) は、2 つの IP ソリューションの構築に成功しました。このうち新しい方のソリューションは、IoT デバイスから心拍数や体温のデータを追跡する、医療用のウェアラブル テクノロジです。これは Project WellWatch というスケーラブルな Azure IoT 医療サービスであり、リアルタイムの分析結果をデータ ウェアハウスに抽出して、計算、機械学習、インサイトの取得を行います。収集される情報は、問題発生の前兆を見極めるためにも使用されます。生死にかかわる状況では、デバイスから病院に直接情報を送信することもあります。

もう 1 つのソリューションは、一部の顧客が Microsoft Excel を使用して、監視されていない危険性の高いデスクトップ環境でミッションクリティカルな基幹業務プロセスを実行していることに気付いたことから生まれました。そのような顧客の状況から、Excel 自体を使用せずにコードから Excel ワークブックの計算を行うバックグラウンド処理エンジンを開発するというビジネス チャンスを見いだしたのです。同社はワークブックを処理するために Azure Calculation Engine (英語) というスケーラブルな Azure ベースのアーキテクチャを構築し、顧客が事業運営に専念できるようにしました。

RedPixie は、顧客の基幹業務部門の経営幹部と協力して、カスタムのパッケージ ソリューションを実装しました。RedPixie の顧客にとってこのソリューションは、PC ベースの Excel コンピューティング グリッドを実行するよりも低コストで管理しやすく、Azure のスケーラビリティによって主要なビジネス プロセスの実行時間は最大で 88% も短縮されました。

独自の価値を提供する

自社の IP を定義したら、再現可能なメソッドやプロセスに変換する必要があります。ただし、イノベーションを中断してはいけません。新しいクラウド コンピューティングの世界では、独自のソリューションも短期間のうちにコモディティ化したり、新しいソリューションに取って代わられたりすることがあります。

RedPixie の最高デジタル責任者を務める Mitchell Feldman 氏は、この状況を「デジタル戦争」と表現します。「飛行機の操縦に似ています。正しく操縦すれば飛び続けますが、何もしなければ墜落します。」ここで重要なのは、顧客生涯価値に着目すること、成功事例を公開すること、そして顧客サポートやビジネス展開について顧客が考えもしないようなアイデアを絶えず提示し続けることです。

そして引き続き、自社の IP 中心のソリューションを他の業種の同様のユース ケースに拡張する道を模索して、リーチを拡大します。IDC 電子ブック『モダン マイクロソフト パートナー シリーズ』 のパート 2 では、ある垂直市場におけるコンピテンシーを発展させることで、別の垂直市場のビジネス チャンスを発見する方法について説明しています。場合によっては、戦略、組織構造、開発プロセス、販売プロセス、基盤となるコードを別の垂直市場向けに簡単に変換できることもあります。

また、自社の IP を構築することで、チャネル パートナーを通じて自社ソリューションを販売するというビジネス チャンスが開かれる可能性もあります。パートナー ネットワークに目を向け、バンドルできる補完的なソリューションを探して、独自のソリューションを完成させてはいかがでしょうか。

皆様は、ビジネスを差別化し、収益性を高めるために IP をどのように活用していますか。マイクロソフト パートナー コミュニティ (英語) で皆様の事例をご紹介ください。

This tool provides and easy to use and GUI for making OS deployments. It is written in powershell and easily customizable according to your needs.
You can use this tool when you want to distribute an OS using SCCM and you need to customize the deployment process. Some features are:

• Setting Computer Name & Description
• Formatting Disk or OS Partition
• Setting Organizational Unit
• Setting OS Language
• Adding Local Admin Account

Download : https://gallery.technet.microsoft.com/SCCM-OS-Deployment-0e001ee3

NTLM authentication is not great.

It’s not the fastest. In most cases, that honor would go to Kerberos.
It’s not the most secure. Again, Kerberos.
It’s not all that flexible. For example, it doesn’t work well for extranets or anything cross-firewall. In those scenarios, Trusted Provider auth (SAML / WS-Fed) works well.  See: AD FS.

So why do so many still use it?

It’s the old stand-by. It works good enough, and there’s typically nothing extra you need to configure to get it to work. You just turn it on and it works. Unless it doesn’t, which is what this post is about.

Problems with NTLM usually manifest themselves in one of two ways:

1. Users cannot log in at all. They receive authentication prompts and then a 401 – Access Denied.
2. Users receive (seemingly) random authentication prompts when browsing SharePoint sites.

One thing to keep in mind when troubleshooting NLTM issues with SharePoint is that the problem is almost always external to SharePoint. Aside from turning it on or off, there’s not really anything you can configure inside of Sharepoint to make NTLM work better or worse.

To enable NTLM, this is all you do within Central Administration | Manage Web Applications | <Your web app> | Authentication Providers:

And this is the resulting configuration in IIS Manager | <Your Site> | Authentication | Windows Authentication | Providers:

Here are some known issues with NTLM in no particular order:

Issue #1:

The network load balancer (NLB) is bouncing the client between web-front-ends (WFEs) in the middle of the "NTLM Handshake".

Note: See "other troubleshooting tips" section below for details on the "NTLM Handshake".

I know there’s some documentation out there that suggests that session persistence / affinity / "sticky sessions", is no longer required with the advent of Distributed Cache in SharePoint 2013 and above. However, that is not the case, at least not as long as you’re using NTLM.

Staying on the same WFE is vital to any challenge / response authentication process (like NTLM).
Clearly, if the NTLM challenge comes from one WFE, but we send the response to another, that’s not going to work.

See this: https://en.wikipedia.org/wiki/Challenge–response_authentication

“A more interesting challenge–response technique works as follows. Say, Bob is controlling access to some resource. Alice comes along seeking entry. Bob issues a challenge, perhaps "52w72y". Alice must respond with the one string of characters which "fits" the challenge Bob issued. The "fit" is determined by an algorithm "known" to Bob and Alice. (The correct response might be as simple as "63x83z" (each character of response one more than that of challenge), but in the real world, the "rules" would be much more complex.) Bob issues a different challenge each time, and thus knowing a previous correct response (even if it isn't "hidden" by the means of communication used between Alice and Bob) is of no use. A part of Alice's response might convey that it is Alice who is seeking authentication.”

Now consider the above "Bob and Alice" scenario without session persistence (sticky sessions).
Bob issues the challenge. Alice sends the response to Fred, who has no idea what she’s talking about. Authentications fails.

To verify whether or not this is happening, I would suggest using HTTP Response Headers with Fiddler as I detailed in a previous post.

Solution #1:

Configure your NLB for "sticky sessions" so that a given client stays on a given WFE, at least throughout the authentication process.

Issue #2:

Users are denied access due to settings in the local security policy on the WFEs.

Reproduce the problem and take a look at the Security Event Log on the WFE. You may see a logon failure event like this:

Log Name: Security
Source: Microsoft-Windows-Security-Auditing
Event ID: 4625
Task Category: Logon
Level: Information
Keywords: Audit Failure
Computer: WFE1.contoso.com
Description:
An account failed to log on.

Subject:
 Security ID: S-1-0-0
 Account Name: -
 Account Domain: -
 Logon ID: 0x0

Logon Type: 3

Account For Which Logon Failed:
 Security ID: S-1-0-0
 Account Name: user1
 Account Domain: contoso

Failure Information:
 Failure Reason: The user has not been granted the requested logon type at this machine.
 Status: 0xc000015b
 Sub Status: 0x0

Detailed Authentication Information:
 Logon Process: NtLmSsp
 Authentication Package: NTLM

A logon type of “3” is a network logon. The failure reason tells us that there is something in the local security policy (possibly set by Group Policy) that is not allowing the user to logon.

Solution #2:

Run SecPol.msc from the Run prompt or command line.
Check Local Policies | User Rights Assignment.
These two policies should be your focus:

• Access this computer from the network
• Deny access to this computer from the network

Check all group memberships for your problem user(s) to make sure they are allowed access from the network and not explicitly denied via those two policies.

Issue #3:

No one agrees on which version of NTLM to use.

There are different versions to NTLM and additional security options within them. If the client, WFE, and Domain Controller (DC) can’t find common ground, the authentication will fail.

Reference: https://technet.microsoft.com/en-us/library/2006.08.securitywatch.aspx

Solution #3:

Check the LmCompatibilityLevel Registry key for client, WFE, and DCs.
Make sure the value is compatible between the three:
Reference: http://technet.microsoft.com/en-us/library/cc960646.aspx
LmCompatibilityLevel is located here:
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlLsa

Issue #4:

DNS problems.

This is most likely to occur for users that are in a remote domain or trusted forest. If DNS is not configured properly, the SharePoint WFE will not be able to get the proper IP address for a remote domain controller.

This one is a little harder to nail down. It can take a network trace with Netmon or Wireshark to fully diagnose. However, a good indication of the problem may lie in your IIS logs.

Check the IIS log for the problem SharePoint site. You may see that the final request that includes the whole NTLM token receives a 401.1 with a particular sc-win32-status of 2148074257.

For example:

10.87.68.93 GET /sites/Pages/allitems.aspx 443 – 192.168.56.21 Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+6.1;+WOW64;+Trident/7.0;+SLCC2;+.NET+CLR+2.0.50727;+.NET+CLR+3.5.30729;+.NET+CLR+3.0.30729;+Media+Center+PC+6.0;+.NET4.0C;+.NET4.0E;+InfoPath.3) https://teams.contoso.com/sites/team1/pages/default.aspx 401 1 2148074257 470 2787 31 

A “sc-win32-status” of “2148074257” means "SEC_E_NO_AUTHENTICATING_AUTHORITY", ie: we can't find a domain controller that is authoritative for that domain.

Reference: https://msdn.microsoft.com/en-us/library/windows/desktop/aa375512(v=vs.85).aspx

Solution #4:

Fix your DNS so that the SharePoint servers get the proper IPs for remote domain controllers.

You should also verify your domain and forest trusts.

Issue #5:

MaxConcurrentApi

This is a bit of a complicated topic, but you can sum it up like this:
There is a finite number of Netlogon process threads available for NTLM authentication on both the SharePoint WFEs and the domain controllers. When that number is exceeded, authentication requests can fail.

This typically happens in large environments with heavy NTLM traffic, and especially when that authentication occurs across domain trusts.

Reference:
https://support.microsoft.com/en-us/help/975363/you-are-intermittently-prompted-for-credentials-or-experience-time-out

Solution #5:

Switch SharePoint (and other applications) to use Kerberos authentication.
This cuts down significantly on Netlogon service traffic, in most cases relieving the bottleneck.
However, keep in mind that Kerberos authentication can still be impacted by MaxConcurrentAPI if there is a significant amount of it requiring PAC verification, or if NTLM authentication for other applications is saturating available threads.

Reference: https://support.microsoft.com/en-us/help/2688798/how-to-do-performance-tuning-for-ntlm-authentication-by-using-the-maxc

Another option is cutting down authentication traffic by making more resources available anonymously.
For example, within an out-of-box SharePoint site, all supporting files (CSS, JS, images, etc) are stored on the file system and are available anonymously (most are in the _layouts folder). However, some customizations and branding may store supporting files within a document library where an authentication request must occur for each file request.  The result can be a dozen or more NTLM authentication requests for each page load. Moving those supporting files their own folder in _layouts, or otherwise making them anonymously accessible will drastically reduce total authentication traffic when browsing the site.

Other troubleshooting tips:

As we saw in the above sections, IIS logs, the Security Event Log, and Network traces can assist in diagnosing these problems. In this section, I’d like to walk you through using Fiddler to view the authentication traffic.  The purpose is to show what a successful NTLM authentication looks like.

NTLM authentication is done in a three-step process known as the "NTLM Handshake".

The first request is always made anonymously. This is true of Kerberos as well.
The site requires authentication, so the WFE responds with a 401 – Unauthorized and a “WWW-Authenticate: NTLM” header.  That header is how the server tells the client which authentication methods to try.

The client makes a second request for the same page. This time it includes half of the NTLM token. The server issues a challenge.

The client makes a third request with the whole NTLM token, is successfully authenticated, and receives a 200-ok for home.aspx.

Note:
The NLTM Handshake is not really a half-token / full-token situation, but for the purposes of simplifying the NTLM Handshake process, I find that explanation works well enough.

The PowerShell ISE was first shipped with PowerShell 2.0 (November 2006), and greatly improved in PowerShell 3.0 (August 2012), with the PowerShell Tabs, the Show-Command Add-on and the snippets (CTRL+J). But since then, it pretty much stayed the same.

Fast forward to May 2017, David Wilson from the PowerShell team announced (amongst other things) that:

"The PowerShell ISE has been the official editor for PowerShell throughout most of the history of Windows PowerShell. Now with the advent of the cross-platform PowerShell Core, we need a new official editor that’s available across all supported OS platforms and versions. Visual Studio Code is now that editor and the majority of our effort will be focused there."

This means that if haven't already, it's time to get acquainted with Visual Studio Code (aka VSCode).

There are lots of blogs and tutorials out there, describing the VSCode installation process and usage, with or without the PowerShell extension, but none are discussing the installation of both in an "offline" environment.
This post is an attempt to bridge that gap, and explain the steps required to prepare your PowerShell development environment in case your machine is disconnected from the internet and you can't directly install everything.

Step 1 - Download VSCode:

The installation package can be downloaded from: https://code.visualstudio.com/Download

Direct link for Windows x64: https://go.microsoft.com/fwlink/?Linkid=852157

Step 2 - Download the PowerShell extension:

The PowerShell extension can be downloaded from the extensions repository:
https://marketplace.visualstudio.com

Direct link for version 1.5.1:
https://marketplace.visualstudio.com/_apis/public/gallery/publishers/ms-vscode/vsextensions/PowerShell/1.5.1/vspackage

Step 3 - Copy the files to the "offline" machine

Step 4 - Install:

The VSCode installation is pretty much straight forward. "Next, Next, Next... Install".
The PowerShell extension (vsix) installation is done manually, from the VSCode itself:

1. Open the extensions sidebar by clicking the last icon on the bottom left
2. Click on the ellipsis (…) in the right upper corner
3. Choose Install from vsix
4. Browse to the vsix you previously downloaded, and that's it. Maybe*

* There's currently a problem installing the PowerShell extension version 1.5.1 on VSCode 1.19.x.
But don't worry, there's a workaround:
Since the vsix is actually a zip file, you just need to extract and copy the contents of the extension folder to $env:userprofile.vscodeextensions{Name_And_Version_Of_The_Extension}

To automate it:

$vsixFile = 'C:Tempms-vscode.PowerShell.1.5.1.vsix'
$tmp = Join-Path -Path ([System.IO.Path]::GetTempPath()) -ChildPath ([guid]::NewGuid().GUID)
$zipFile = Rename-Item -Path $vsixFile -NewName ($vsixFile -replace '.vsix', '.zip') -PassThru | Select-Object -Expand FullName
Expand-Archive -Path $zipFile -DestinationPath $tmp
Copy-Item -Path "$tmpextension" -Destination ('{0}.vscodeextensions{1}' -f $env:USERPROFILE, (Get-Item -Path $zipFile).BaseName) -Recurse -Force
Remove-Item -Path $tmp -Recurse -Force

For more information and resources on writing PowerShell with VSCode, check out these:

Transitioning from PowerShell ISE to VS Code:
https://channel9.msdn.com/Blogs/MVP-Azure/Transitioning-from-PowerShell-ISE-to-VS-Code

Experimenting with VSCode instead of the ISE:
https://voiceofthedba.com/2017/09/18/experimenting-with-vscode-instead-of-the-ise/

Debugging PowerShell script in Visual Studio Code:
https://blogs.technet.microsoft.com/heyscriptingguy/2017/02/06/debugging-powershell-script-in-visual-studio-code-part-1/

HTH,

Martin.

プラチナ 及び ダイヤモンド カテゴリースポンサーのお申込み締め切りは1月26日(金)

2018年に日本マイクロソフトが主催する フラッグシップイベントとして、de:code 2018 の開催が決定いたしました。de:code 2018 は、開発者をはじめとする、ITに携わる全てのエンジニアの皆様のために年に一度開催する有料のイベントです。米国マイクロソフトが 2018 年に開催予定の Microsoft Build 2018 で発表される最新情報を基に、マイクロソフト テクノロジのビジョンと方向性、及び 今後注目すべきテクノロジとイノベーションに関する情報を提供し、お客様とパートナー様の今後のビジネス展開とエンジニアの皆様のスキル向上に貢献することを目的にしています。

開催日時及び場所 : 2018年5月22日 (火) – 23日 (水)　 ザ・プリンスパークタワー東京

参加対象者:  開発者の方（Primary Target）及び ITに携わるエンジニアの方 マイクロソフト以外のプラットフォームの開発者の方も対象になります。

▼ de:code 2018 オフィシャルサイトに移動する

只今、スポンサーシップ募集中!!

de:code 2018 にご協賛いただけるスポンサー様を募集しております。

お申込み締切日（カテゴリーによって締め切りが異なります。ご注意ください。）

• 2018年 1月26日（金）プラチナ カテゴリー 及び ダイヤモンド カテゴリー
• 2018年 2月28日（水）全カテゴリー

▼ de:code 2018 および 2018 年日本マイクロソフト主催フラッグシップイベントのスポンサーシッププログラムの概要をダウンロードする

ご質問・問い合わせ: de:code 2018 スポンサー事務局 までご連絡ください。

當數據太雜亂時就需要利用圖表來輔助呈現，過去一些具地區性的數據資料，我們會搭配直條圖、長條圖、圓餅圖…等呈現，但其實O365的用戶還可以使用地圖圖表功能，將這些依地區分配的數據，直接在地圖上清晰表達喔！

視覺化地區性數據

地圖圖表可以視覺化地區與數值的關係，並使用雙色的漸層頻譜來描繪。

現在小編就為大家示範如何將地區的業績銷量，簡單又清楚地透過地圖圖表呈現！

▲框選「國家」、「銷量」兩項欲製作成圖表的欄位

▲點選「插入」、「地圖」

▲Excel自動呈現地圖上

▲點選「設計」還可以更改圖表的樣式和顏色喔！

看完以上的示範是不是覺得操作簡單，資料呈現又非常清楚呢？

趕快開始將一些地區性資料都改用地圖圖表呈現吧！相信一定會讓資料表現大大加分喔！

このポストは、1 月 10 日に投稿された Cloud Platform Release Announcements for January 10, 2018 の翻訳です。

この記事では、クラウド プラットフォーム チームが進める一連の新しい更新をまとめてご紹介します。

マイクロソフトでは、ユーザーの皆様によるクラウドの利用をサポートする取り組みを日々行っています。私たちは幅広い製品ポートフォリオを通じてマイクロソフトならではの最新技術、総合的なモバイル ソリューション、開発ツールを提供しており、ユーザーの皆様にはこれらをご活用いただくことで皆様が本来持つ力を余すところなく発揮していただきたいと考えております。今回お届けする最新リリース情報は以下のとおりです。

• Azure HDInsight に関する発表と料金の引き下げ
• Cognitive Services の Language Understanding サービスの一般提供
• Azure SQL Database – 自動チューニングの機能強化の一般提供
• Azure SQL Database – Elastic Database の Java 用ライブラリの一般提供
• Azure のセキュリティと運用の管理 – Azure Site Recovery Deployment Planner の機能強化
• Microsoft Azure Information Protection – iOS での保護された Office ドキュメントの作成

• Microsoft Cloud App Security のプレビュー

HDInsight に関する発表と料金の引き下げ

Azure HDInsight は、あらゆるニーズに対応するフル マネージド型のエンタープライズ向けオープン ソース分析サービスです。先日この Azure HDInsight について、魅力的な発表 (英語) がありました。

• 2018 年 1 月 5 日より、HDInsight のすべてのワークロードの料金を最大 52% 引き下げ、Microsoft R Server アドオンの追加料金を最大 80% 引き下げ。今回の値下げに伴い、Azure HDInsight クラスターにオプションで追加できる「Premium レベル クラスター」が、「Enterprise セキュリティ パッケージ」という名称に変更されました。Enterprise セキュリティ パッケージは現在プレビュー期間中で、Premium レベルと同じ料金が適用されます。詳細については、HDInsight の料金ページをご覧ください。
• Apache Kafka for HDInsight の一般提供を開始。この一般提供開始により、IoT、不正検出、クリックストリーム分析、ソーシャル分析といったエンタープライズ クラスのリアルタイム分析ソリューションをオープン ソースで構築し、そのソリューションに 99.9% の可用性を保証する Azure HDInsight の SLA を適用できるようになります。現在、Apache Kafka for HDInsight はプレビュー料金で提供されています。一般提供料金は 2018 年 3 月 1 日から適用されます。Apache Kafka で使用されるディスクには、一般提供の料金が適用されます。詳細については、Apache Kafka for HDInsight に関するブログ記事 (英語) をご覧ください。また、料金の詳細は料金ページでご確認ください。
• Log Analytics との統合の一般提供を開始。Azure Log Analytics が Azure HDInsight と統合され、ミッション クリティカルな分析ワークロードでエンタープライズ クラスの監視機能を利用できるようになりました。この機能を使用すると、Azure HDInsight のすべてのワークロードでアラートの設定、監視、デバッグが可能です。
• Power BI DirectQuery との統合のプレビューを開始。インタラクティブなクエリ クラスターに既に存在しているデータやメトリックスから動的なレポートを作成できるようになりました。最新のデータを使用して、データ セット全体を視覚化するソリューションを迅速に構築できます。

• Spark 用開発ツールを更新。今回のリリースで、Azure HDInsight で動作する Spark 向けのサポートが Visual Studio Code に追加されました。これにより、運用環境用の堅牢なデータ パイプラインの構築や、分散型 Spark ジョブのデバッグが可能になります。さらに、Visual Studio Code で Python 向けおよび Spark 向けのインタラクティブなエクスペリエンスが利用できるようになっています。

これらの新機能の詳細については、こちらのブログ記事 (英語) をご覧ください。マイクロソフトでは、今回 Azure HDInsight の新機能と料金の引き下げを発表できたことを嬉しく思っています。今後お客様は、フル マネージド型でエンタープライズ クラスの拡張可能なビッグ データ ソリューションをさらに低コストで活用しながら、世界規模の多様なオープン ソース分析ワークロードを実行していただけます。

詳細についてはこちらのブログ記事 (英語) や Web ページをご覧のうえ、ぜひ今すぐAzure HDInsight をお試しください。

Cognitive Services の Language Understanding サービスの一般提供

先日、Microsoft Cognitive Services の Language Understanding サービスの一般提供が開始されました。これにより、パフォーマンス、サポート、SLA の面での成熟度が大きく進展することになります。

Language Understanding サービスでは、シンプルなツールを使用して独自のカスタム言語モデルを構築でき、ユーザーからの入力を理解してそれに応じたアクションを取るアプリケーションやボットを作成できます。

• ユーザー インターフェイスが更新され、アプリ 1 つあたりのインテント (文章から識別されるタスクやアクション) は最大 500 に、エンティティ (インテントに関するタスクやアクションを完了させるために文章から抽出された関連情報) は最大 100 に拡張されました。たとえば、Language Understanding サービスを使用した旅行アプリでは、「パリへの航空券を予約する」という文章から BookFlight インテントと「パリ」という Location エンティティを抽出し、予約を行えるようになります。Language Understanding サービスは、ユーザーの発言の中からエンティティを認識し、それにラベルを付けます。これを利用することで、ユーザーの要求に応えるために取るべきアクションを選択できるようになります。
• 既存の 5 つのリージョン (西ヨーロッパ、米国西部、米国東部 2、米国中西部、東南アジア) に加えて、新たに 7 つのリージョン (米国中南部、米国東部、米国西部 2、東アジア、北ヨーロッパ、ブラジル南部、オーストラリア東部) でも利用できるようになりました。これにより、ネットワーク レイテンシと帯域幅が改善されます。
• 多くの言語でさまざまな機能がサポートされるようになりました。

• これまで英語のみで提供されていた構築済みエンティティ (日付や時刻などの一般的な概念) が、フランス語、スペイン語、ポルトガル語でも利用できるようになりました。
• 構築済みドメイン (ドメインごとにグループ化された、既製のインテントとエンティティのコレクション。ユーザーが直接追加しアプリ内で使用できる) が中国語にも対応しました。
• Language Understanding サービスの語彙をカスタマイズしてボットのドメインの語彙として使用するためのフレーズ候補が、新たに中国語、スペイン語、日本語、フランス語、ポルトガル語、ドイツ語、イタリア語の 7 言語でもサポートされるようになりました。

詳細については、発表時のブログ記事をご覧ください。

Azure SQL Database – 自動チューニングの機能強化の一般提供

自動チューニングの強化された機能が利用できるように: 今回強化された自動チューニングの機能は 2 つあります。1 つは、「FORCE LAST GOOD PLAN」というチューニング オプションを含む、自動プラン修正と呼ばれる新機能です。もう 1 つは T-SQL から自動チューニングを構成する機能で、スクリプトを使用してデータベースの作成や管理を柔軟に行うことができます。新機能の詳細については、こちらのブログ記事 (英語) をご覧ください。

Azure SQL Database – Elastic Database の Java 用ライブラリの一般提供

Azure SQL Database の Elastic Database ツール: Java 用 Elastic Database クライアント ライブラリの一般提供が開始されました。このクライアント ライブラリでは、SaaS (サービスとしてのソフトウェア) アプリケーション向けのマルチテナント パターンのサポートなど、シャーディング テクノロジを使用してアプリケーションのデータ層のスケールアウトを支援します。既存の C# バージョンと同様に、Java バージョンもオープン ソースです。皆様のコミュニティへのご参加をお待ちしています。詳細については、ドキュメント「スケーラブルなクラウド データベースの構築」をご覧ください。

Azure のセキュリティと運用の管理 – Azure Site Recovery Deployment Planner の機能強化

Azure Site Recovery を使用すると、ビジネス継続性を実現するためにお客様の環境に必要なコンポーネントが簡単に把握できるようになります。Deployment Planner では、お客様が達成したいと考える RPO に基づいて、ビジネス継続性を実現するために必要なネットワーク帯域幅やストレージに関するインサイトが提供されます。また、これまでサポートされていた VMware に加えて、新たに Hyper-V もサポートされます。Deployment Planner のコスト見積もりツールでは、実際に Azure でアプリケーションを実行する前に、ネットワーク、ストレージ、コンピューティングの各コストを見積もることができます。詳細については、VMware および Hyper-V 用 Azure Site Recovery Deployment Planner に関するブログ記事をご覧ください。

Microsoft Azure Information Protection – iOS での保護された Office ドキュメントの作成

iOS デバイスで Word、PowerPoint、Excel の保護されたドキュメントが作成できるように: モバイル デバイスで機密コンテンツを扱うことは珍しくありません。モバイル デバイスは生産性や共同作業の効率を高めますが、意図せずまたは悪意により機密情報を紛失するリスクも増大します。今回の機能強化により、iOS デバイスで Word、PowerPoint、Excel の保護されたドキュメントを作成できるようになりました。今回の更新の詳細についてはこちらの記事、Office で Information Rights Management を使用する方法についてはこちらの記事をご参照ください。

Microsoft Cloud App Security のプレビュー

クラウド アプリの機密ファイルをスキャンし自動で分類ラベルを適用: 今回新たに Azure Information Protection と Microsoft Cloud App Security の統合のプレビュー (英語) が開始されました。Microsoft Cloud App Security がクラウド アプリのファイルをスキャンして分類し、自動で Azure Information Protection のラベルを適用して、暗号化などの保護を行います。詳細については、Cloud App Security に関するブログ記事 (英語) をご覧ください。

現象

2018 年 1 月度の Office 対象のセキュリティ更新プログラムとしてリリースされた Office 2007、Office 2010、Office 2013、Office 2016 向けの更新プログラムを適用すると、数式エディター 3.0 の機能が削除されます。

詳細

数式エディター 3.0 は、サードパーティによって作成された機能で、多くのバージョンの Office に含まれていましたが、セキュリティの脆弱性の問題が確認されたため、安全性への影響を考慮して 2018年 1 月度のセキュリティ更新プログラムの適用後は削除されます。通式ツールは継続して使用することができます。

数式エディター 3.0 の機能が削除された後に、数式エディター 3.0 で新たに数式を作成したり、Office ファイル内の含まれる数式エディター 3.0 オブジェクトを編集することはできません。
数式エディター 3.0 の機能が削除された後の影響や対処策については、以下のサポート技術情報が公開されています。

Office 内の数式を編集するときのエラー
https://support.microsoft.com/ja-jp/help/4057882/

Windows インストーラ版の KB 番号は以下となります。

Office 2007
2007 Microsoft Office スイート セキュリティ更新プログラムについて2018 年 1 月 9 日
https://support.microsoft.com/ja-jp/help/4011656

Office 2010
Office 2010 用のセキュリティ更新プログラムについて2018 年 1 月 9 日
https://support.microsoft.com/ja-jp/help/4011610

Office 2013
Word 2013 セキュリティ更新プログラムについて2018 年 1 月 9 日
https://support.microsoft.com/ja-jp/help/4011651

Office 2016
Office 2016 用のセキュリティ更新プログラムについて2018 年 1 月 9 日
https://support.microsoft.com/ja-jp/help/4011574

クイック実行版の Office 2013 または Office 2016 向けの更新を適用した場合も、同じように数式エディター 3.0 の機能が削除されます。

本情報の内容 (添付文書、リンク先などを含む) は、作成日時点でのものであり、予告なく変更される場合があります。

Hello All,

As you plan your migration from your on-prem SharePoint farm to SharePoint online, I would like to encourage you to look at the SharePoint Migration Tool being released by Microsoft.  The tool was made generally available 1/9/2018.

First we recommend the following hardware for the on-prem tool machine that is performing the migration, this will insure the optimal speed:

CPU: 64-bit Quad core processor or better

RAM: 16 GB

Local Storage: Solid state disk: 150 GB free space

Network card: 1 Gbps

Operating system: Windows Server 2012 R2 or Windows 10 client

.NET Framework: 4.6.2

The tool was designed to move items from a document library on-prem to document library in SPO, for authentication you need to have read on the source and Site Collection administrator on target.  See this article for more information about how the tool works.

You can run bulk migrations by using a formatted CSV file, see this article for specific information on the formatting of the CSV file.

The tool will maintain permissions from on-prem site to SPO site, if the user already exists, the easiest way to insure this is to setup DirSync.  If this is not possible or you have specific needs then you can customize a user mapping file by following this article.

Of course we have Advanced settings like Enable Incremental migration, Migrate File version history, Do not migrate files created before, and others that you can use to tailor your migration.  Please read here for descriptions of these settings.

Finally you can download the tool here.

Pax

Traduje se historka, že v rámci společnosti Microsoft běží rutina, která detekuje počet aktivních uživatelů produktu či služby. A jakmile se číslo přehoupne přes definovaný počet, spustí proces přejmenování dané služby. Tohle ale bohužel nebude ten případ.

Jednou z nedávno oznámených novinek v oblasti online služeb je plán budoucího nahrazení Skype for Business Online technologií Microsoft Teams. O co překvapivější a pro některé děsivější oznámení to bylo, o to více se na samotnou změnu chystal a chystá samotný Microsoft. Pro naše postavení předního českého implementačního partnera online služeb se mi dostalo možnosti komunikovat přímo s vývojovým týmem této technologie a i proto jsme společně s dalšími partnery dokázali usměrnit tuto změnu na mnohem pohodlnější kolej. Aspoň doufám.

Migrace na Microsoft Teams

Srovnejme si několik základních faktů. Tato změna se týká online nasazení Skype for Business Online a je plánována do průběhu následujících dvou let. Především z důvodu, že nyní se ještě nejedná o plně zastupitelné technologie. Firemní IT oddělení mají možnost řídit celou změnu formou pozvolného přechodu a směrování funkcí z původního Skype for Business do Microsoft Teams, či využití jejich společné koexistence, nebo naopak přechod provést formou velkého třesku.

To záleží na konkrétní organizaci a především výchozím stavu. Pokud ještě žádné online komunikátory nevyužívá, je lepší začít na Microsoft Teams. Pokud ano, scénář paralelního provozu může usnadnit přechod v delším časovém rámci. A velká řízená prostředí budou pravděpodobně směřovat od velkého třesku po přesné testování a pilotování jednotlivých funkcí a jejich postupného přechodu.

Jasné je především to, že tato změna rozhodně nenahrává nepřipraveným. Firemní IT, které během tohoto roku nepodnikne žádné kroky, může jednoho dne potkat nepříjemný fakt, kdy všem uživatelů Skype for Business klient oznámí upgrade na Microsoft Teams. A technická podpora se z toho bez ztráty kytičky nevymotá. Připravte se ještě dnes. Nebo aspoň začátkem roku 2018.

Co jsou Microsoft Teams

Pokud jste dočetli až sem a ještě Microsoft Teams nikdy nepotkali, podívejte se na interaktivní ukázku na https://teamsdemo.office.com/.

Technologicky Microsoft Teams staví na architektuře moderní cloudové služby. Nelze říci, že by již kdesi běžel virtuální server pro danou organizaci, vše obstarává sada navzájem propojených microservices. Tím jsou mnohem robustnější a umožňují rychlejší vývoj celého produktu. A ta rychlost je opravdu znát. Vývojový tým nejen že zpracovává zpětnou vazbu, ale opravdu komunikuje a zapracovává změny snad nejrychleji, co jsem v rámci korporátního vývoje měl možnost vidět.

Jako službu bych Microsoft Teams přirovnal ke kukátku. Ke kukátku do všech dalších služeb, portálů, aplikací a dat, které společnost má a provozuje, které tým může využít. Pod pojmem tým si můžeme představit kolegy doručující konkrétní projekt, produkt či kampaň, mající stejné zájmy, nebo členy jednoho oddělení. Na jednom místě najdete konverzaci s kolegy v týmu, týmové soubory, týmové úkoly v Planneru, potřebnou sekci intranetu, můžete napojit aplikace třetích stran, získávat z nich data a notifikace, přidávat si vlastní záložky, pořádat audio a video konference a mnohé další.

A nyní prakticky

Zásadním pro nasazení je distribuce klientů na koncové stanice, konfigurace lokálního prostředí a platformy, podpora audio a videokonferenčních zařízení a adopce mezi uživateli. Microsoft Teams jsou přístupné z webového prohlížeče moderní provenience na adrese https://teams.microsoft.com/. Zde si uživatelé také mohou sami stáhnout a nainstalovat klienta pro Windows, macOS či mobilní zařízení s iOS, Android a stále i Windows Mobile. Klienta ale může také centrálně distribuovat IT i pomocí MDM Intune a bude také integrován do výchozí instalační sady Office 2019 v rámci Office 365 ProPlus.

Konfigurace prostředí vyžaduje ze strany IT otevření potřebných prostupů směrem do Internetu podobně jako u dalších služeb, zvláště po stránce PROXY či SSL inspekcí. Dále také nastavení možností integrace služeb třetích stran, omezení zakládání nových týmů či jejich jmenné konvence. Jelikož pod Microsoft Teams jsou nutností Office 365 Groups, je dobré podívat se i na jejich konfiguraci a možnosti užití v organizaci.

Audio a videokonferenční zařízení zatím v drtivé většině Microsoft Teams přímo nepodporují, ale například Polycom již přislíbil a testuje nová sestavení firmware přinášející nejen nutnou podporu nových verzí TLS, ale také právě Microsoft Teams.

Adopce mezi uživateli bude důležitou částí celého procesu. Vytvořit příručky pro technickou podporu, vyškolit klíčové uživatele, naučit s novým produktem pracovat uživatele. Protože Microsoft Teams mají podobný princip jako Yammer a další komunikační nástroje dnes běžně v soukromém životě využívané, nebude především mezi mladšími uživateli toto velkým problémem.

Ideálním rozšířením je pak správné nastavení firemní integrace s dalšími systémy, využití na míru napsaných botů a propojení například s PowerApps a Microsoft Flow, které týmům dále usnadní práci. Proč například nemít rovnou v jedné aplikaci informaci o stavu zásob, pod definovanou mez. A na jedno tlačítko vytvořit objednávku pro novou dodávku? Divili byste se, jak je to snadné.

Lokální instalace

Lokální instalace Skype for Business Server nejsou rozhodně mrtvou záležitostí. Na podzim roku 2018 vyjde nová verze 2019, která by měla přinést právě podporu vzájemné komunikace společností, které používají tradiční lokální telefonii a společnosti fungující v online režimu Microsoft Teams. K dispozici by měly být i samotné konverzní role mezi jednotlivými službami.

Budoucnost Microsoft Teams

Microsoft Teams postupně budou implementovat jednotlivé funkce, které nabízí Skype for Business a mnohé další. Přepracováno bude administrační centrum, přibudou nové možnosti pro zajištění souladu a možnosti pro ochranu informací, prezentační funkce a další. Níže uvedené najdete také v aktuální podobě na oficiální roadmapě Office 365.

Závěrem

Ještě stále jste v šoku? Potřebujete s touto změnou ve společnosti pomoci? Že vám takto zásadní informace doposud unikala? Neváhejte se obrátit na služby certifikovaných profesionálů, kteří s celým procesem mohou pomoci od prvotní konfigurace až po adopční kampaň u koncových uživatelů.

- Petr Vlk (KPCS CZ, WUG)

[주의 사항]

본 블로그에 게시된 정보의 내용 (첨부 문서, 링크 등)은 작성일 현재 기준이며 예고없이 변경 될 수 있습니다.

또한, 참고용으로만 제공됨으로 Microsoft에 책임이 없음을 알려 드립니다. 반드시 적용 전 충분한 테스트를 진행하시기 바랍니다.

[요약]

현재 KMS 인증 방식을 MAK 인증 방식으로 변경하는 방법

[원인 또는 해결 방법]

1. [시작]->[실행]에서 Cmd.exe를 입력하여 Command 창을 관리자 권한으로 실행하여 Office OSPP.VBS 파일이 있는 다음 경로로 이동
   1. 예> C:Program Files (x86)Microsoft OfficeOffice16
2. 현재 Office 상태를 확인 체크를 통해 Product Key를 확인
   1. cscript ospp.vbs /dstatus
3. 현재 입력 되어 있는 KEY를 삭제
   1. cscript ospp.vbs /unpkey:6VGP2
   2. 참고  위에서 언급 된 마지막 5자리 KEY 제품 및 설치 버전에 따라 달라 질 수 있기 때문에 반드시 2번을 통해 확인
4. 새로운 Key를 입력
   1. cscript ospp.vbs /inpkey:<MAK Key 입력>
5. 정품 활성화 진행 후 확인
   1. cscript ospp.vbs /act
6. Office를 실행하여 정품 인증 확인

Welcome to the January 7 - 13, 2018 edition of the Office 365 Weekly Digest.

There were thirteen additions to the Office 365 Roadmap last week, including updates for Bookings, Outlook for Android/iOS, etc. Of note is the entry for the (new) SharePoint Admin Center, which is scheduled to start rolling out to Targeted Release on January 22, 2018.

The events calendar is back in full swing, with numerous opportunities for customer online immersion experiences, as well as Azure Active Directory webinars. A new event, "Share and Work Together with SharePoint Team Sites", is scheduled for January 18, 2018.

The SharePoint Team has started the new year with a bang, with significant updates last week including enhancements to image editing in SharePoint Online sites, the creation of custom site designs, the general availability of the SharePoint Migration Tool, and updates to the SharePoint Migration Assessment Tool. The Office 365 Secure Score tool also has several new features, and there is a preview of the new Office Customization Tool for Click-to-Run. 

Highlights from last week's noteworthy items are the January 2018 Office 365 Update video, Outlook Cheat Sheets available in more languages, and a few tech tip videos for Microsoft Teams.

OFFICE 365 ROADMAP

Below are the items added to the Office 365 Roadmap last week:

UPCOMING EVENTS

Azure Active Directory Webinars for January

When: Multiple sessions currently scheduled from January 9 - 18, 2018 | A new webinar, An Introduction to Azure AD B2C, will be available in January 2018. Other sessions include Getting Ready for Azure AD, Securing Your Identities with Multi-Factor Authentication (MFA), Azure AD Identity Protection and Privileged Access Management, Accessing Your Organization's Internal Applications via Azure AD App Proxy and more. Each 1-hour or 75-minute webinar is designed to support IT Pros in quickly rolling out Azure Active Directory features to their organization. All webinars are free of cost and will include an anonymous Q&A session with our Engineering Team. So, come with your questions! Capacity is limited. Sign up for one or all of the sessions today!  Note: There are also some sessions available on-demand.

Visualizing, Analyzing & Sharing Your Data Without Having to be a BI Expert

When: Tuesday, January 16, 2018 at 12pm ET | This 2-hour hands-on experience will give you the opportunity to test drive the latest business analytics tools. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they can work throughout your organization. During this interactive session, you will explore how to: (1) Locate and organize large amounts of data from multiple sources, (2) Visualize complex data and identify trends quickly without having to be a BI expert, (3) Find and collaborate with company experts on the fly, even if they work in another part of the country, and (4) Gather colleague's opinions easily and eliminate communication and process bottlenecks. Each session is limited to 12 participants, reserve your seat now.

Productivity Hacks to Save Time & Simplify Workflows

When: Wednesday, January 17, 2018 and Wednesday, January 24, 2018 at 1pm ET | This 90-minute hands-on experience will give you the opportunity to test drive Windows 10, Office 365 and Dynamics 365. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Discover how you can keep your information more secure without inhibiting your workflow, (2) Learn how to visualize and analyze complex data, quickly zeroing in on the insights you need, (3) See how multiple team members can access, edit and review documents simultaneously, and (4) Gain skills that will save you time and simplify your workflow immediately. Each session is limited to 12 participants, reserve your seat now.

Share and Work Together with SharePoint Team Sites

When: Thursday, January 18, 2018 at 11am ET | Join us for a discussion on how investments in SharePoint team sites reimagines collaboration in modern workplace. We will start with articulating the role of SharePoint team sites in Microsoft's universal toolkit, follow it up with key investments in new and enriched capabilities, hybrid scenarios, role of intelligence in helping users to achieve more, and security and compliance capabilities in the platform. Presenter: Mark Kashman, Senior Product Marketing Manager, Microsoft

Connecting, Organizing & Collaborating with Your Team

When: Tuesday, January 23, 2018 and Tuesday, January 30, 2018 at 12pm ET | During this session, you will have the opportunity to experience Windows 10, Office 365 and Microsoft's newest collaboration tool: Microsoft Teams. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will explore how to use Microsoft Teams and Office 365 to: (1) Create a hub for team work that works together with your other Office 365 apps, (2) Build customized options for each team, (3) Keep everyone on your team engaged, (4) Coauthor and share content quickly, and (5) Gain skills that will save you time and simplify your workflow immediately. Each session is limited to 12 participants, reserve your seat now.

Transforming your business to meet the changing market and needs of your customers

When: Thursday, February 1, 2018 at 12pm and 3pm ET | This 2-hour hands-on experience will give you the opportunity to test drive Windows 10, Office 365 and Dynamics 365. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Use digital intelligence to build personalized experiences across all customer touchpoints, (2) Improve customer service through a single, unified experience that delivers end-to-end service across every channel, (3) Increase customer satisfaction with intelligent scheduling, native mobile support, and remote asset monitoring to help you get the job done right the first time, and (4) Run your project-based business more productively by bringing people, processes, and automation technology together through a unified experience. Each session is limited to 12 participants, reserve your seat now.

BLOG ROUNDUP

SharePoint pages and image editing updates in Office 365

At Ignite 2017, we announced the next wave of innovation coming to SharePoint pages to provide faster time to creation, enhanced control of text and images, increased promotion options, commenting and likes, and visibility on how your content is doing. You are in control of your message. Create it and get it out there to raise awareness and engagement throughout your company. We're pleased to share that these features and updates are rolling out to Targeted Release Office 365 customers. Expect them to appear within the coming days and weeks. And soon, beyond Targeted Release, they release to the full production environment.

Create and use custom SharePoint site designs in Office 365

With great sites comes great responsibility and structure. It is the focus of IT and content managers to enable the business to achieve their outcomes while staying in compliance with company guidelines and preferences. And now you can with the ability to further customize the 'modern' SharePoint sites experiences in a repeatable, programmatic way. We are pleased to announce that the ability to create and use custom site designs is rolling out to Targeted Release Office 365 customers. As SharePoint team sites and communication sites become more organized according to the business, they, too, need to best align with the preferred look & feel and structure via use of custom site themes and custom site designs. And a tenant-wide gallery helps to ensure each site can be assigned the right set of themes and designs by the right people; it is possible to assign who can pick and use specific designs at the time when they create new sites. Custom site designs and custom site themes apply to both team sites and communication sites, and provide you with flexibility and choice.

General Availability of the SharePoint Migration Tool & SharePoint Migration Assessment Tool Updates

Taking advantage of cloud services doesn't have to be difficult or a long-phased migration project. We're excited to announce General Availability of the SharePoint Migration Tool, a simple, and fast migration solution to help you migrate content from on-premises SharePoint sites and file shares to SharePoint or OneDrive in Office 365. Based on the learning and experience from Microsoft FastTrack, the SharePoint Migration Tool from Microsoft was designed to help you bring your information to the cloud and take advantage of the latest collaboration, intelligence, and security solutions with Office 365. With a few simple clicks in the intuitive user interface, you can quickly and easily migrate files from file shares, SharePoint sites, or support bulk migrations. Whether you're looking to migrate from file shares on-premises to SharePoint or OneDrive or from on-premises versions of SharePoint, the SharePoint Migration Tool supports the smallest of migrations to large scale migrations with support for bulk scenarios.

Updates to Office 365 Secure Score

We have received a lot of feedback from the Tech Community on how to make Secure Score better and it is greatly appreciated by the team. We are happy to share that we are adding a couple of enhancements to Secure Score. Many of you like the idea that you can compare your score to the average score of all Office 365 tenants. However, some have concerns about the relevance of this to your organization. Based on this feedback we have a new average for you to compare against. Coming soon we will be introducing an industry average score, this will show you how your score compares to other organizations that have designated the same industry in Secure Score or the Service Assurance page of the Security and Compliance Center. Another enhancement we are adding is around making it easier to find how your score changed between two dates and what the impact was. Along the lines of making things easier, we know that finding controls in the action list can be a challenge when the list is long. To help find controls faster we are introducing a search field for the action queue. And finally, the reporting actions have had an overhaul. The reports in Azure have under gone a significant optimization in terms of making them easier to consume and more relevant.

Customizing Office 365 ProPlus using the Office Customization Tool for Click-to-Run

We are announcing a preview of the Office Customization Tool for Click-to-Run, a simple to use web application that enables desktop administrators to customize Office 365 clients. Until today, Windows desktop administrators would use notepad or an equivalent text editor to compile various XML statements to define the Office edition, feature update frequency, version, language and other number of available settings. This somewhat tedious task, in most cases, would result in installation errors from fouled up manual entries or copy-and-paste actions into the text editor. With the new Office Customization Tool, desktop admins can leverage the rich user interface that intuitively shows all available options to build the desired Office configurations. One of our favorite additions, is the configuration builder. Desktop admins can quickly see a list of all configuration settings being chosen on the right-hand side of the screen, giving the desktop admin a quick and easy way to see the result of their selections without jumping through multiple screens. Desktop Admin also have an option to upload any previously configured XML files to the configuration tool and modify them with new or existing settings.

NOTEWORTHY

Video: Office 365 Update for January 2018

Format: Video (9 minutes) | Jim Naroski covers recent enhancements to Office 365, including Whiteboard, PowerPoint, Sway, Yammer, OneDrive, eDiscovery, and more. The video transcript, complete with links to additional information on everything covered, is available at http://aka.ms/o365update-blog.

Outlook Cheat Sheet PDFs available to download in 37 languages

There were some nice Outlook Cheat Sheet PDFs that caught people's attention at Ignite. They show you how to quickly accomplish useful tasks in Outlook Mail and Calendar across the various platforms we ship on. Just recently, our Office International team, localized and published these into 36 other languages. They are available to download from here.

Tech Tips for Microsoft Teams including community management with Yammer

Hello Microsoft Tech Community! We want you to have some quick guidance videos for common tasks in Microsoft Teams. We've published several that we think will be helpful – (1) Community management using Microsoft Teams and Yammer - Microsoft Teams is a powerful tool for enabling collaboration among community managers. Enabling the Yammer connector can ensure you stay up to date on what's happening within the context of your broader team. This video walks you through this scenario step by step; (2) Guest Access Tech Tips: We've now published step by step guidance for enabling Guest Access in Microsoft Teams as well as adding a guest to your team.

Flow of the Week: Send multiple attachments on a single email

Hello, and welcome to another post in the Flow of the Week series. In case, this is the first article you are reading – Flow of the Week is a series of blog posts, which illustrates use cases and scenarios that can be automated using Microsoft Flow – so be sure check out other posts in this series. This week, we are going to be looking at one of the common asked questions by our customers, sending multiple attachments on a single email. To illustrate this, we will be creating an item on a SharePoint list and attach a few files to it. Our flow will trigger, on this new item being added. The flow will get all the attachments on the item, construct an array of all the attachments and finally we will use this "array of attachments" and send it out on an email. Let's dig in to it, shall we?

Data protection beyond backup and recovery with Office 365

Protecting your data against file corruption, data loss, and malicious intent is a top priority for Microsoft, and an integral part of the Office 365 service. Our approach to data protection goes beyond high availability and disaster recovery scenarios. Resiliency and recoverability are built into the service. Even if a traditional backup solution provides recovery options to address file corruption, deletion, and malicious attacks, it won't necessarily help you recover quickly from such incidents. Research shows that it can take months to detect the presence of an attacker an organization's network. Given this, a backup and restore solution could be a potential area of attack, and could further broaden the scope of attack into your disaster recovery environment. Additionally, all backup data would need to be thoroughly cleansed before it could be leveraged as a viable restore option. With this in mind, Office 365 has moved beyond the backup and restore solutions that were first established in on-premises environments. Microsoft invests deeply in providing a holistic in-place solution that both keeps multiple copies of your data across multiple locations, and enables you to develop upfront policies for prevention and detection. These policies can be enforced manually and automatically at multiple levels of granularity, including via intelligent location-based classification, patterns, or sensitive types of content. The multiple built-in security capabilities of Office 365 in combination with services and controls, such as Data Loss Prevention, Advanced Threat Protection, Threat Intelligence, Advanced Data Governance, etc., help ensure your data is protected in-place and incidents like file corruption, deletion, and malicious intent are minimized at all times.

By Alex Bennett, Firebrand Training

One of the changes encountered when migrating to the cloud is the difference in the way we pay for the service.

On-premise you’ll tend to use a capital expenditure model: if there is a new service to deploy you will create a budget, get it approved and then buy the physical kit or provision the virtual machines. You will also have planned for peak and for future growth.

The money is spent upfront and if the figures are wrong or your service experiences unexpected growth you must ask the businesses for more money.

Even if your forecasts are correct, you’ll still have spare growth capacity that is idle until your application grows into it.

But once you migrate to the cloud, you’ll use an operational expenditure model where you pay for what’s used. This means you can size services around what’s needed at right now, instead of having to plan for the next one, two, or three years of growth.

You pay by-the-minute for the service and if a service is no longer required you can simply turn it off. This initially saves cash, in exchange for an ongoing monthly bill. But could there be benefits for paying for the cloud in the same way we pay on premise?

Reserving your VM

As of November 2017, you’re no longer limited to an operational expenditure model in Azure. By using Azure Reserved Virtual Machine Instances (known as RIs) you can change your cloud payment model to a capital expenditure model.

This model works well for a number of situations. Imagine you’re deploying a web service that will require at least two VMs online 24/7 for the next year, with other VMs brought on-and offline as demand fluctuates.

In this situation, you could purchase two, one-year RIs. RIs are paid for upfront with a 1-year commitment and the longer you commit the more you save; this can mean cost-savings versus paying monthly. To respond to increased demand, you’ll still be able to finance other VMs on a pay-as-you-go basis.

If you commit to three RIs you could save up to 82% when compared to pay-as-you-go. That’s a huge saving, especially if you have access to the funds upfront.

How to buy an Azure Reserved Virtual Machine Instance

When you purchase a RI through the Azure dashboard, a VM will not be automatically started. Purchasing an RI is like obtaining a credit.

First, purchase an RI based on a VM type (take a look at this guide on Azure Families for more information). Microsoft will then look at your account or subscription for a VM of the same family. If found, it will apply your RI credit to that VM.

If you buy an RI for a VM family that you are not currently running, the credit will not be applied and you will not be able to take advantage of it for that billing period.

RIs can be purchased for use across an Azure account or a subscription. If you buy a RI for an Azure account, the discount it gives you can be applied to any VM in any subscription on that account. If you buy an RI for a subscription, it can only be applied to VMs in that subscription.

Exchanging or cancelling your Reserved VM instances

So, what happens if you purchase a three-year RI and no longer need it, or you want to change the RI family? Microsoft offer the ability to exchange or cancel RIs. Cancellation will incur an early termination fee of 12% (of the upfront cost) and will allow you to exchange your RI for a different type.

Are Azure RIs available for all VM families and Regions?

The short answer is no. RIs are available for all families except for the A-series, A-v2 series, or G-series.

There are also region restrictions, for example RIs are not available in the Azure Government, Germany of China regions. You can find a complete list of regions available on the Microsoft Azure website.

Do RIs offer a capacity guarantee?

RIs offer prioritised capacity but they do not offer a capacity guarantee. This means that if the Azure region that you wish to deploy a VM to is really busy you might not be able to deploy your VM and take advantage of the RI Credit – though this is rare.

How to learn more about Azure Reserved Virtual Machine Instance

You could make significant cost-savings if you are prepared to pay upfront for an RI. While RIs will not replace on-demand instances, we’re likely to see companies now investing in a mixture of Virtual Machine payment models to suit their needs; using RIs for predictable workloads and on-demand instances as they are needed.

For more information on the discount provided by Reserved Virtual Machines, take a look at Microsoft’s documentation.

Or for classroom tuition, the Azure Academy: Infrastructure and Networking covers Reserved Virtual Machine Instances purchases as well as pay-as-you-go services. Developed with Microsoft, this is not a certification course – instead, you’ll get hands-on knowledge of the latest Azure features, before they’re integrated with the official MOC (Microsoft Official Curriculum).

Logbucheintrag 180115:

"Developers, Developers, Developers!" Es war der „Schlachtruf“ von Steve Ballmer. Videos mit seinen Bühnenauftritten haben sich viral im Netz verbreitet. Solche Urschreie würden nicht zu seinem Nachfolger im Amt als Chief Executive Officer, Satya Nadella, passen. Aber auch für ihn gilt, dass Entwickler entscheidend sind für den Erfolg. Code Development ist eben auch Business Development.

Das ist die Strategie, mit der wir Azure zu einer der erfolgreichsten Cloud-Plattformen ausbauen. Das Wirtschaftsmagazin Forbes rechnet damit, dass Microsoft im laufenden Geschäftsjahr mehr als 20 Milliarden Dollar Umsatz im Cloud-Geschäft erzielen wird. Grund genug für die Redaktion, Satya Nadella zum „CEO of the Year in the Cloud Wars“ zu küren. In den vier Jahren unter seiner Ägide hat sich der Marktwert von Microsoft mehr als verdoppelt. Letzte Woche lag er bei rund 680 Millionen Dollar.

Doch ohne die Leistung der Entwickler wäre das nicht gelungen. In diesen vier Jahren haben wir das Lösungsangebot auf der Azure-Plattform konsequent ausgebaut. Kein anderer Cloud-Anbieter kann ein so breit angelegtes Angebot an Cloud-Services vorlegen. Mit Dynamics 365, Office 365 und Microsoft 365 haben wir die gesamte Lösungspalette in die Cloud migriert.

Und gleichzeitig verfolgen wir mit der Strategie „Intelligent Cloud, Intelligent Edge“ die Weiterentwicklung der Cloud zur Infrastruktur für die Digitalisierung. Dazu gehört auch, dass wir mit Microsoft IoT Central eine vollständige Suite für das Internet der Dinge anbieten und praktisch alle Lösungsangebote inzwischen durch künstliche Intelligenz anreichern.

Künstliche Intelligenz ist mit Sicherheit das heißeste Pflaster auf dem Markt für Unternehmens-Software. Seit 2016 arbeiten rund 5000 Entwickler und Wissenschaftler in der neu gegründeten AI and Research Group unter der Leitung von Harry Shum an der Weiterentwicklung unseres KI-Angebots. Unser Ziel ist die „Demokratisierung von KI“, wie Satya Nadella es formuliert hat: jede Person und jede Organisation soll Zugriff auf diese Technologie haben können, so dass aus Daten Informationen und aus Analysen Entscheidungen werden. Mit Azure bieten wir dafür die Plattform.

Gegenüber Forbes hat Satya Nadella diese Vision so formuliert: "Overall the approach we have taken for multiple years now is to transform everything that we do inside the company, whether it's about creation, how we are organized in the R&D, how we think about breaking down any silos and category definitions we may have had in the past, how we think about even marketing and the marketing approach and then, of course, even with the go to market. And this transformation is ongoing. This has been happening over multiple years, but we now have got very good customer momentum, because ultimately this is all driven by the opportunity at hand, which is much bigger than anything that we have participated in the past, so the total addressable market is much bigger. And second, our customer expectations and our partner expectations of how we show up with them has changed. And so over the years we have been making changes and now that we have a lot more momentum and critical mass we're going to that next phase and that's what you are seeing us in terms of changing the skill sets, changing the scope of how we show up to support the digital transformation needs of both large customers, as well as small businesses."

Gleichzeitig unterstützen wir mit Azure die Open Source Community – und auch das ist ein Schritt zur Demokratisierung von Technologie. Dazu tragen Partnerschaften mit Cloud Fioundry, Red Hat oder SUSE bei. Aber auch viele unserer Kunden entwickeln auf der Basis von Open Source ihre Systeme weiter. Es muss unsere Aufgabe sein, sie dabei nach Kräften zu unterstützen.

„Developers, Developers, Developers!“ – Der Urschrei von Steve Ballmer ist zwar längst verhallt. Aber die Vision lebt fort. Code Development ist eben auch Business Development.

The week of Jan 22^nd, we hosted a workshop tour in five cities across Canada focused on database options on Azure, not including SQL. As you may notice from the event title, the workshop dug into providing an overview of use cases and scenarios, along with hands-on experience of working with the community editions of MySQL and PostgreSQL databases, fully managed by Azure. Additionally, for NoSQL fans, the workshop dove into leveraging existing investments you have made into OSS frameworks and languages with Azure Cosmos DB – a globally-distributed, multi-model database service that is schema-less and generally classified as a NoSQL database.

In this blog post, you’ll find links to self-paced labs, videos, documentation, trial options and a way to obtain assistance from Microsoft partners for complimentary assessment or proof of concept.

For either continued learning after attending the workshop, or because you missed the workshop, I recommend the following hands-on labs that you can do without an Azure subscription:

• Azure Cosmos DB Self-Paced Labs
• Azure DB for MySQL Self-Paced Lab
• Azure DB for PostgreSQL Self-Paced Lab
• Azure Cosmos DB Emulator Docker Container
  • Using the Cosmos DB Emulator, you can develop and test your application locally, without creating an Azure subscription or incurring any costs. When you're satisfied with how your application is working in the Cosmos DB Emulator, you can switch to using an Azure Cosmos DB account in the cloud.
  • Docker for Windows / Docker for Linux emulator was in development at the time of writing this blog

Prefer short videos for learning?

Check out these quick links:

• All Azure Cosmos DB videos
  • Example Topic: Migrate MongoDB apps to Azure Cosmos DB
• All Azure DB for MySQL videos
  • Example Topic: Build scalable web applications with Azure Database for MySQL
• All Azure DB for PostgreSQL videos
  • Example Topic: Develop an intelligent analytics app with PostgreSQL

Looking for some light night time reading?

Check out the following documentation including tutorials, quick starts for multi-model APIs, how-to guides and lots of other great information:

· Azure Cosmos DB documentation

· Azure Database for MySQL documentation

· Azure Database for PostgreSQL documentation

Trial by Fire?

And finally, if your preference is to roll-up your sleeves and just start building, start now by giving it a test drive on Azure:

•  Time-limited Azure Cosmos DB trial without a subscription, free of charge or commitment
•  Free Azure Trial of Azure DB for MySQL
•  Free Azure Trial of Azure DB for PostgreSQL

For organizations looking for assistance from a Microsoft partner for their data and/or analytics projects, you may request a complimentary workshop, assessment of PoC at: http://aka/ms/data6offers

Thank you for your interest and we hope to continue to bring you more open source solutions on Azure!

Your Open Source on Azure Team at Microsoft Canada

CanadaOpenSource@microsoft.com

Hi, Matthew Walker again. Virtualization and High Availability PFE. Recently I worked with a few of my co-workers to present a lab on building out Shielded VMs and I thought this would be useful for those of you out there wanting to test this out in a lab environment.

First a little backstory on Shielded VMs and why you would want to use them.

Shielded VMs are new for Windows Server 2016, and in a production environment they can only be run on Windows Server 2016 Datacenter Edition. Shielded VMs, when properly configured, use Bitlocker to encrypt the drives, prevent access to the VM using the VMConnect utility, encrypt the data when doing a live migration, as well blocking the fabric admin by disabling a number of integration components, this way the only access to the VM is through RDP to the VM itself. With proper separation of duties this allows for sensitive systems to be protected and only allow those who need access to the systems to get the data and prevent VMs from being started on untrusted hosts. More information on Shielded VMs can be found at https://docs.microsoft.com/en-us/windows-server/virtualization/guarded-fabric-shielded-vm/guarded-fabric-and-shielded-vms-top-node

In my position I frequently have to demo or test in a number of different configurations so I have created a set of configurations to work with a scripted solution to build out labs. The solution is available on GitHub at https://aka.ms/labbuilder , in addition I have a fork of this at https://aka.ms/mwlabbuilder . At the moment there are some differences between the two and only my fork will work with the configurations I have. The configurations that I have created are at https://aka.ms/shieldedvmspoc.

Now, to setup your own environment I should lay out the specs of the environment I created this on.

I7 6820HQ 4 core Proc with Hyper-Threading enabled

32 GB of RAM

500 GB SSD to run VMs from (SSD is really important, the Disk IO load caused can have a negative effect on these VMs, and may cause failures on spinning drives.)

Windows Server 2016 with the latest cumulative update as the host.

(All of the above is actually a Hyper-V VM running on my Windows 10 system, I leverage nested virtualization to accomplish this, some of my configs require Windows Server)

There is a list of files that need to be downloaded in preparation

1. LabBuilder scripts https://aka.ms/mwlabbuilder
2. LabBuilderLabs scripts https://aka.ms/shieldedvmspoc
3. Eval ISO for Windows Server 2016
4. Eval Installer files for SCVMM https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2016
5. Eval Installer files for SQL 2014 SP2 https://www.microsoft.com/en-us/evalcenter/evaluate-sql-server-2014-sp2
6. ADK files compatible with Windows Server 2016 https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit

Optional items to download if you want to try some of the other configurations

1. Eval ISO for Windows Server 2012 R2
2. WMF 5.1 update for Windows Server 2012 R2

So first Download the LabBuilder and LabBuilderLabs files

Extract them to a directory on your system you want to run the scripts from. You will need a good bit of space as we will be creating template VMs here from the ISOs needed.

I used the E drive on my system.

Once you have extracted each of the files from GitHub you should have a folder that is like the screenshot below

By default these files should be marked as blocked and prevent the scripts from running, to unblock the files we will need to unblock them.

If you open an administrative PowerShell prompt and change to the directory the files are in you can use the Unblock-File cmdlet to resolve this.

I ran "Get-ChildItem -recurse | Unblock-File" to get all the folders and subfolders.

We need to create a few more folders and add in some additional items.

First, we need a Tools Folder

Within the Tools folder we need to create a few more subfolders, Files, Help, ISOs, SCVMM and SQL.

In the Files folder we will be placing some needed files for SCVMM, the Windows ADK installers

You will also require the Windows Assessment and Deployment Toolkit from https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit - Get the version for Windows 10, version 1607 or higher. This will require you to download the ADKSetup and run it and select to save the installer files.

Inside the Files folder it should look like the screenshot below.

The ADK folder should be like this.

Moving back up, we will need to download the Eval Copies of SQL and SCVMM from the TechNet Eval Center(You will have to register to download these)

The SQL eval edition is here https://www.microsoft.com/en-us/evalcenter/evaluate-sql-server-2014-sp2 (SQL 2016 doesn't work with these scripts at this time due to changes in the install routine), System Center Virtual Machine Manager is here https://www.microsoft.com/en-us/evalcenter/evaluate-system-center-2016

Extract the downloaded files to the folders in the Tools directory, the SCVMM folder should look as below

And SQL folder should be as below

The Help folder under tools is not really necessary, however, to ensure I have the latest PowerShell help files available I will run the Save-Help PowerShell cmdlet to download and save the files so I can install them on other systems

Syntax is (again using the E: drive in my case) save-help
-DestinationPath
E:BuildLabsToolsHelp - by default this will only get the help files for installed modules so I generally run it on a system I have installed all the Remote server Admin tools onto to ensure I cover a many as possible.

Again, this isn't necessary, but I do it to ensure I have those help files available to install on VMs using the Update-Help Cmdlet.

You don't need anything in the ISOs folder, that will get auto-populated later.

Next, we move back up to the main folder and populate the Resources Folder, so again create a new folder named Resources

Inside this Folder we need the latest Cumulative Update for Server 2016 https://support.microsoft.com/en-us/help/4038782/windows-10-update-kb4038782 and servicing stack update https://support.microsoft.com/en-us/help/4035631/servicing-stack-update-for-windows-10-version-1607-and-windows-server so please download that from the Windows Update Catalog. While these are not the latest cumulative updates they were the latest I downloaded and tested with, and are referenced in the config files.

I also include the WMF 5.1 update for 2012 R2 for other lab scenarios but it isn't needed here. (If you want to get the files the link is available at https://support.microsoft.com/en-us/help/3191564/update-for-windows-management-framework-5-1-for-windows-8-1-and-window )

Next, we need to go into the Configurations Folder

In the Configurations folder is another folder titled ISOFiles, this is where we will be placing our ISOs for Server 2016.

I know it seems like a lot, but now that we have all the necessary components we can go through the setup to create the VMs

Select the SetupLab.PS1 and select "Run with PowerShell"

You may receive a prompt to run the file depending on your execution policy settings, and you may be prompted for Admin password as the script is required to be run elevated.

Once the prompt is elevated it will have a "Press any key to continue…" prompt, just press enter or space bar

First it will download any DSC modules we need to work with the scripts.

You may get prompted to trust the NuGet repository to be able to download the modules – Type Y and hit enter

It will then display the current working directory and pop up a window to select the configuration to build. If you want to try the Hyper-V Demo, Combo or Software Defined Storage environments, they require a 2012 R2 ISO, so make sure you get the ISO form the Eval Center, but for this blog we want to select the Shielded VM Lab (DSC Lab environment doesn't work at this time, it is in dev)

Click Ok.

You will then be prompted to provide a path to setup the VMs, (default is current driveLabs, in my case E:Labs)

I'm going to specify E:SVMsLab in this case

The script will then verify that Hyper-V is installed and if it is server it will install the Failover Clustering feature if not installed (not needed for shielded VMs, sorry I need to change the logic on that)

The Script may appear to hang for a few minutes, but it is actually copying out the .Net 3.5 installer from the ISO and copying the ISO into the tools folder, so it can take a few minutes.

Once that completes it should start creating the necessary settings in Hyper-V (Virtual Switches) and creating the VHDX template files for creating VMs later. The error below is normal and not a concern.

Creating the Template files can take quite a long time, so just relax and let it run.

Once the first VM (Domain Controller is created, I have set up the script to ensure it is fully configured before the other VMs get created. You will see the following message when that occurs.

This piece can take a long time, as Desired State Configuration components are creating the domain and installing SQL and SCVMM on this host.

Periodically during this time you will see message such as the below indicating the status

Once all resources are in the desired state the next set of VMs will be created. Once the script finishes however those VMs are not completely configured, DSC is still running in them to finish out the configuration such as Joining the domain or installing roles and features. Inside those VMs you can run Get-DSCConfigurationStatus to determine the state of DSC and if it has finished. Usually doesn't take too long.

When complete you should have the 3 VMs as shown below.

So, there you have it, a couple of VMs and DC to begin working on creating a virtualized environment that you can test and play with shielded VMs a bit.

Lab3_SHVMS2 is your DC, Lab3_SHVMS1 is host that can run Hyper-V and Lab3_SHVMS3 will be were you configure your Host Guardian Service.

So now grab the documentation linked at the top and you can get started without having to build out the base.

I hope this helps you get started playing with some of the new features we have in Windows Server 2016.

Matthew Walker, PFE

Discovering Cloud Administration with the Microsoft Professional Program (MPP)

Discovering and learning more about Azure and AI has been on my technical training To-Do list for some time. After returning to work from a short leave of absence, I've made it a priority to devote the time needed discover more about both and Azure is where I'm starting. You can call it my new year's resolution. For Azure, the updated Microsoft Professional Program (MPP) for Cloud Administration helps with my Azure training goal and is designed exactly the way I like to learn; self-paced, online, with accompanying discussion boards.

The program will start you down the path of learning how to:

• Setup Azure virtual machines
• Automate Azure workloads
• Migrate Workloads to Azure
• Deploy and manage Azure applications
• Work with databases in Azure
• Setup virtual machines

I'll be writing and sharing my notes for each course. My goal is to share what each course covers, how much time I spent, highlights, suggestions for completing the course and overall program, along with any other interesting or related information.

There are a total of 10 course plus a final capstone project which are each covered by my reviews for each course.

Course 1: Getting started with Cloud Administration

Course 2: Provision and Manage Virtual Machines

Course 3: Implement and Azure Network Infrastructure

Course 4: Manage Azure Active Directory

Course 5: Implement and Manage Azure Storage

Course 6: Deploy and Manage Azure App Service

Course 7: Provision, Configure and Manage Azure SQL Database

Course 8: Secure and Manage Compliance of Azure Resources

Course 9: Automate Azure Workloads

Course 10: Migrate IaaS Workloads to Azure

Capstone: Microsoft Professional Capstone: Cloud Administration

If you are going through the Cloud Administration MPP program, please leave a comment and share your experience. It’s a lot of fun to discuss these courses with others who are going through them.

Thanks,

Adam Lichtenberg [MSFT]

Executive Overview

SCCM PeerCaching was first introduced in SCCM 1610 as a pre-release feature and officially added to SCCM in 1710. PeerCaching is intended to serve as an additional option for clients to download content, mostly thinking in terms of OS Deployments to accelerate the process while taking into consideration environmental factors like network bandwidth.
In a PeerCache, there are one or more systems which host the content, and clients looking for said content will have the peer available as an additional option. There are some limitations to PeerCaching, unlike a standard distribution point running on a full Windows Server. These will be discussed later in the blog.
This document is intended to show requirements, answer questions, and show testing results. There are many “how-to” guides on the internet that walk through this. This blog can be scaled out as needed, the examples shown were a minimal configuration to demonstrate PeerCache.

Requirements/What you need

• SCCM 1610 (pre-release) or later (1710 full release)
• As a best practice, insure that the systems hosting and downloading the content are well connected. The purpose of PeerCaching is to find a local system that will allow for a faster download.
• One collection for PeerCaching systems

• This collection needs a client setting for PeerCaching. Note the enlarged cache size below as well as allowing the client to share content. The default ports are 8003 and 8004. This is configurable, but not recommended to change.

• The Windows Firewall will be automatically configured with these settings. Keep in mind that Group Policy can still override this if you disable allowing exceptions.
• The Client Cache Settings
  Important: Insure this client setting is a higher priority than other client cache settings. Use Resultant Set of Policy to insure this.
• The PeerCache Source systems also need collection variable, which configures content to be held after a Task Sequence is run. By default, content is deleted to make space after a Task Sequence as needed. The variable SMSTSPreserveContent must be set to True.
• This collection needs to be populated with systems so that they can get the downloaded content after the Task Sequence is deployed to it.

• This variable is only intended to tell clients to prefer peer downloads, when they can find them. This is for the computers booting into Windows PE or running a Task Sequence from inside Windows. The variable SMSTSPeerDownload must be set to True.
• Keep in mind that a Peer host always needs to be available, and this can be problematic with power policies as a lot of deployments happen in off-hours. In the case of self-service OS Deployments, they can happen as people leave for the day.

The key step here is of type “Download Package Content”

Note that Applications are not supported to pre-stage. In an OS Deployment, it is recommended to create a package and deploy a program for multiple reasons, but among the highlights are:

• Applications have detection rules and dependencies, OS Deployments do not need this. If you want to deploy the same app later, simply the detection rules will find the app installed (if set up correctly) and skip the reinstall.

• But wait, Packages have “Run this program first”. This is true, but also not a feature that is heavily used. It also takes server resources to process.

Setting it all up

Step 1: Follow the above to set the environment
Insure the variables are set, task sequence is created, collections made, etc.

Step 2: Test connectivity
Insure the peer host has the appropriate client settings and test the configured ports (8003, 8004 to see if they are listening). Either using the telnet client or nbtstat (good old tool that’s still part of Windows) can see if a listening port is established.

Step 3: Set up and deploy the PeerCache host:
You can set the PeerCache in one of two ways:

• Advertise / Deploy a Task Sequence to an existing Windows device which will be hosting the content (keep in mind the above requirements for the host system). To keep the PeerCache updated, I’d recommend a mandatory task sequence.
• Starting in SCCM 1710, apply detection logic to the system and run a child task sequence which copies the data as part of staging a new system for PeerCaching.

Booting it up / Test Results

When booting the Windows peer client, you will see everything work as normal, with the exception that PeerCaching is enabled.

Below is an example from my labs, these are the players:

• SCCM.stevens.family: The SCCM site server
• PC10.stevens.family: The PeerCache host
• SCRATCH10.stevens.family: The client receiving a new deployment

Test results:

• Boot into Windows PE
• Open up the command prompt and open up the SMSTS.log to view results

Filter on the FQDN (in my case stevens.family)

• Highlight on PC10, so we can see the PeerCache is being used. In this case, the PeerCache is distributing the Windows 10 MDT toolkit files to the client.
• If for some reason the PeerCache is not available, the client will wait and retry. So, if you’ve chosen to remove the PeerCache from this site, make sure to remove the variable. This could add a significant amount of time to the deployment. The setting SMSTSPeerDownload “prefers” the PeerCache system, not that it will “only” download from the PeerCache. It will look for another DP (and in another site), if it is allowed to.

Limitations of PeerCaching

There are three types of systems a client can get content from:

• A full Distribution Point running on Windows Server OS
• A Distribution Point running on a Windows Client OS (Windows 7 SP1 (Pro, Ent, Ultimate) or later required)
• A PeerCache Distribution Point can store limited content types. For example, Applications and Software Update packages are not supported at this time. If you are looking to keep this content available at a remote site, it would be best to create a Distribution Point over a PeerCache.

• Just my opinion, but I believe the reason why Software Update Packages are not supported at this time is because of the nature and complexity of this package. I have seen several scenarios that would make keeping the PeerCache updated in a timely fashion and in line with a deployment deadline unreasonable at best.

• Some will create update packages per month, and even break them down from this. They may have 3-5 years of packages and not clean them up. It’s no uncommon to see 50-75 Software Update Packages
• Automatic Deployment Rules, such as Windows Defender will have the DPs constantly updating the package.

Quick table comparing the features of different Operating Systems running a Distribution Point:

Keep in mind a Distribution Point is your best bet whenever it comes to cached and updated content delivery as it is managed directly from the SCCM console. Distribution Points on a Windows desktop OS (like 7/8/10) lack some of the server components (like Windows Deployment Services for PXE booting) and multicast. Windows Server Core doesn’t support Windows Deployment Services, but offers a much more secure and faster operating system (lacking the Windows GUI speeds things up tremendously and vastly reduces the attack space of the OS).

Rough notes that didn’t seem to fit anywhere else (or saying it again)…

• Keep in mind the PeerCache system must be continually updated as packages change. The good news is that if content has been redeployed and is already downloaded, a check is done against the package. If it already exists, it will not copy again.
• You do need to open up 2 ports for client communication, for the sake of simplicity, I would keep it at the default 8003 and 8004. You don’t want to have different sites coming up with different standards.
• You need to insure your cache is big enough to hold all the content you want to put on the Distribution Point. Disk space in the modern era is cheap, and the cache can be extended in the client settings at any time.
• The computer used as a PeerCache source should not move, as the last hardware inventory determines its availability based on what site it’s in.
• Download Package Content is a new action for the SCCM Task Sequence: it identifies packages that should be retained in PeerCache for other clients to download.
• Clients will not download any content from the Peer Source if the content is not fully downloaded. It doesn’t operate like other P2P software in that it grabs individual bits off of several systems to create a complete file.
• Clients don’t treat a PeerCache any differently than a Distribution Point when it comes to a retry. If it sees a PeerCache is down, it will stop trying to locate it and look to another source. It will first prefer the subnet, then AD Site, then boundary group sources. If multiple sources exist in any of these, a random source will be selected on the client to aid in fault tolerance. It doesn’t always pick “#1”.
• Clients will try for about 10-15 minutes or so to contact a Peer Source, and then fail to the next. Some errors (like file not found), the client will immediately fail over.
• For multiple Peer Sources, a client cannot be forced to go to a specific Peer. For load balancing, if a Peer Source is considered overloaded, it will return a error code to the client, who will then seek out another Peer or DP (this was new starting in 1702).

Congrats on making it (finally) to the end of my blog for SCCM PeerCaching.

— Easy link to my blog: http://aka.ms/leesteve —
If you like my blogs, please share it on social media and/or leave a comment.

While trying to decommissioning a Lync Server 2013 Director Pool we got the following error message when we publish the new topology:

This wasn't expected since a Director Pool shouldn't have users associated with it.

After troubleshooting the issue, we notice that some users had the attribute msRTCSIP-PrimaryHomeServer associated to the Lync Server 2013 Director Pool.
These users were previously moved to Skype for Business Online, during the move the attribute was updated to the Director Pool that was configured as federation route.
Please note that this behaviour can also happen if we have a Front End Server Pool in the federation route.

Because the msRTCSIP-PrimaryHomeServer attribute isn't used by Skype for Business Online we can clear it.

The first step is to get the Pool Distinguished Name and the quickest way is using View Logs in the Publishing Wizard:

Then, we Expand all Actions and scroll down to Check Orphaned Users:

In this example the Pool Distinguished Name is:

CN=Lc Services,CN=Microsoft,CN=1:8,CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=uclobby,DC=com

And we assign it to a variable ($PoolDN):

$PoolDN="CN=Lc Services,CN=Microsoft,CN=1:8,CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=uclobby,DC=com"
$PoolDN

Alternatively, we can use PowerShell to get the Pool Distinguished Name:

Import-module ActiveDirectory
$RTCDN = "AD:CN=*,CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,"+(Get-ADDomain).distinguishedname
$PoolDN="CN=Lc Services,CN=Microsoft,"+(Get-ItemProperty -Path $RTCDN -Name dNSHostName,distinguishedname | ?{$_.dNSHostName -eq "<POOL FQDN>"}).distinguishedname

Now we can list the all users that have msRTCSIP-PrimaryHomeServer attribute associated to the pool:

Get-CsUser -LDAPFilter "(msRTCSIP-PrimaryHomeServer=$PoolDN)" | Select SamAccountName,DisplayName,SipAddress,HostingProvider | ft -AutoSize

Note: We can only use this workaround if the HostingProvider is sipfed.online.lync.com.

If we have few users we can simply clear the msRTCSIP-PrimaryHomeServer attribute manually:

Get-ADuser <USERACCOUNT> | Set-ADObject -Identity $_.distinguishedname -Clear "msRTCSIP-PrimaryHomeServer"

However, if we want to clear the attribute for all users associated to the Lync Server 2013 Director Pool we should use the following:

Get-ADObject -LDAPFilter "(& (msRTCSIP-PrimaryHomeServer=$PoolDN)(msRTCSIP-DeploymentLocator=sipfed.online.lync.com))" | Set-ADObject -Clear "msRTCSIP-PrimaryHomeServer"

Note: We added the msRTCSIP-DeploymentLocator since we can only clear the msRTCSIP-PrimaryHomeServer if the users were moved to Skype for Business Online.

After clearing the msRTCSIP-PrimaryHomeServer attribute we successfully remove the Lync Server 2013 Director Pool: