Microsoft 365滿足中小企IT需求

近年，雲端運算增長迅速，主因是使用雲端可充分利用資源，降低業務營運成本，故非常受中小企青睞。Microsoft最新推出的一站式雲端商業方案「Microsoft 365」，當中多種全新功能，可滿足各大小企業對IT的要求，節省員工的時間，令工作效率顯著提升。

Microsoft 365的優點

透過專為您的企業需求打造的單一解決方案，提升小組的工作效率、保護您的公司，以及簡化 IT 管理程序。

共同達成更多目標

使用 Word、Excel、PowerPoint，與客戶、同事和供應商溝通，利用雲端於單一位置集中管理小組和資源。             

隨時確保安全

保護電腦、手機和平板電腦上的公司資料，協助防範網路釣魚和安全性威脅。只須透過最新版的 Office 365 和 Windows 10 ，即可確保公司的資料免受破壞。

 
簡化商務程序

輕鬆為員工設定及部署。透過單一儀表板管理使用者與裝置，只要登入一次即可使用所有服務與裝置。

--------------------------------------------------------------------------------------------------------------

Superhub X Microsoft「雲端體驗工作坊」

為解決中小企客戶對雲端的疑問，Superhub現與Microsoft合作舉辦Microsoft 365「雲端體驗工作坊」，分享雲端及Microsoft 365所帶來的好處，並協助中小企投入雲端服務。

Superhub 誠意邀請  貴公司參與 Microsoft 365「雲端體驗工作坊」，詳情如下：

日期 : 2018年3月16日 及3月23日

時間 : 下午2時45分至5時正

地點 : Microsoft雲端體驗館 - 香港九龍觀塘巧明街6號德士活中心13樓1301-1304室 Superhub Limited

語言 : 廣東話

--------------------------------------------------------------------------------------------------------------

為作出妥善安排，敬請預先於網上登記。

即場訂閱 Microsoft 365 可獲優惠及贈品

工作坊將提供茶點招待並準備精美禮品予參與者。此外，即場於工作坊訂閱Microsoft 365，均可獲得Microsoft 365贈閱及訂閱優惠*。

*受條款及細則約束

如有任何查詢，請致電2207 9941或電郵至Info@superhub.com.hk與余小姐聯絡。

Microsoft Azure のアクティビティ ログ アラートの構成では、お客様が行ったアクティビティ（作業）に従って、アラートを上げることが可能です。しかし、ネットワークセキュリティグループ (NSG) のルール変更アラートについては、現状ポータル側で構成ができないものとなっているため、本トピックでは、ルール変更アラートの設定方法についてお知らせします。

NSG のアクテビティティ ログ アラートの構成では、NSG内部のルールの変更については、アラートが飛びません。問題としては以下の通りです。

問題

ポータルのアクティビティ ログ アラートの構成で NSG (リソースタイプ名：Microsoft.Network/networkSecurityGroups) の構成をしても、ルール (送信規則や受信規則) の変更をしても、アラートが設定した通知先に通知されない。

原因

ルールについては、別のリソースタイプの定義 (リソースタイプ名：Microsoft.Network/networkSecurityGroups/securityRules) であり、これが完全に一致しない場合は、アラートの機能としてアラートとして挙がらないため。もし、ルールではなく、NSG 自体の構成をした場合には、リソースタイプ名：Microsoft.Network/networkSecurityGroups のイベントが発生するため、アラートは発生します。

対応

現状ポータルからは、リソースタイプ名：Microsoft.Network/networkSecurityGroups/securityRules のアラート設定が対応していないため、ご利用いただく際には、PowerShellをご利用いただく必要があります。以下は簡単なサンプルです。

サンプル（新規にアクショングループを作成する場合）：

$subscriptionId = "<サブスクリプションID>"
$scope = "/subscriptions/<サブスクリプションID>"
$emailReceiverName = "<メール受信の名前>"
$emailAddress = "<メールアドレス>"
$actionGroupName = "<アクショングループ名>"
$actionGroupNameShort = "<アクショングループ名（短い名前）>"
$activityAlertName = "<Activity Alert 名>"

Login-AzureRmAccount -Subscription $subscriptionId

$email_receiver = New-AzureRmActionGroupReceiver -Name $emailReceiverName -EmailReceiver -EmailAddress $emailAddress
$action = Set-AzureRmActionGroup -ResourceGroupName Default-ActivityLogAlerts -Name $actionGroupName -ShortName $actionGroupNameShort -Receiver $email_receiver 
$AGAlertObject = New-Object Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup
$AGAlertObject.ActionGroupId = $action.Id

$condition1 = New-AzureRmActivityLogAlertCondition -Field "category" -Equal "Administrative"
$condition2 = New-AzureRmActivityLogAlertCondition -Field "resourceType" -Equal "Microsoft.Network/networkSecurityGroups/securityRules"
$condition3 = New-AzureRmActivityLogAlertCondition -Field "status" -Equal "Accepted"
Set-AzureRmActivityLogAlert -ResourceGroupName Default-ActivityLogAlerts -Name $activityAlertName -Scope $scope -Location Global -Action $AGAlertObject -Condition $condition1,$condition2,$condition3

もし、上記は新規にアクショングループを作る方法ですが、もし既存のものを使いたい場合には、$email_receiver ... 以下の3行を以下に切り替えることで、既存のアクショングループを使うことが可能です。

$action = Get-AzureRmActionGroup -ResourceGroupName Default-ActivityLogAlerts -Name "<アクショングループ名>"
$AGAlertObject = New-Object Microsoft.Azure.Management.Monitor.Management.Models.ActivityLogAlertActionGroup
$AGAlertObject.ActionGroupId = $action.Id

以上ご参考になれば幸いです。

--
Microsoft Azure テクニカルサポートチーム

I’ve stated this publicly a few times, but many people don’t realize the distinction so I’ll repeat it again here.  There are provisioned apps included in Windows 10 (that you can remove, see https://blogs.technet.microsoft.com/mniehaus/2015/11/11/removing-windows-10-in-box-apps-during-a-task-sequence/) and there are apps that are installed from the Microsoft Store when you first sign in (that you can prevent from installing on some SKUs, see https://blogs.technet.microsoft.com/mniehaus/2015/11/23/seeing-extra-apps-turn-them-off/).  For example, Weather is a provisioned app that you can remove; Network Speed Test is an app that comes from the store when the user signs in.

The documentation team has an article at https://docs.microsoft.com/en-us/windows/application-management/apps-in-windows-10 that has the current list of provisioned (in-box) and installed (from the store on first logon) for various Windows 10 releases.  But one thing that isn’t reflected in that documentation:  the list of apps installed from the store can be different depending on the type of account you sign in with, by the SKU that you are using, and even by the region of the world the device is in.

This is what the default start menu layout looks like in all Windows 10 1709 SKUs:

Each of those down-arrow icons will be replaced by an app from the store (some of which are actually installed from the store, some of which are just “shortcuts” that will trigger the installation if you launch them), after the user signs in for the first time.

So let’s do a little comparison.  First, let’s look at a local account being used on Windows 10 Pro 1709:

OK, very consumer-y, with lots of games.  Now, let’s look at a local account signing into Windows 10 Enterprise 1709:

Much better – no games, with most of the apps focused more on productivity.  And signing into Windows 10 Enterprise 1709 with a Microsoft Account, an Active Directory account, or an Azure Active Directory account yields the same result.

But on Windows 10 Pro 1709, you will see a different result when you sign in with an Active Directory account or an Azure Active Directory account.  They will look the same as Windows 10 Enterprise 1709:

So a quick summary: You’ll get games on Windows 10 Pro 1709 only when using local or MSA accounts; you’ll lever get games for AD or AAD users, or for anyone on Windows 10 Enterprise. 

Also note that Windows 10 Pro for Workstations will soon have the same behavior as Windows 10 Enterprise, as described in the Windows Insider blog:

Productivity focused out of box applications: In the Windows 10 Fall Creators Update, the out of box experience for Windows 10 Pro for Workstations draws from the Pro edition of Windows 10. One area where this is noticeable is the suite of applications installed out of the box visible as tiles in the start menu. In the next release for Windows, you will see for Windows 10 Pro for Workstations productivity and enterprise focused applications in place of consumer applications and games. This was one of the top feedback shared with us by our partners and users and we’re delivering this in our next update.

Also note that on Windows 10 Enterprise, you can turn off the installation of apps from the store altogether by configuring the “Turn off Microsoft consumer features” GPO or the equivalent MDM policy.

This post is authored by Rosane Maffei Vallim, Program Manager, and Wilson Lee, Senior Software Engineer at Microsoft.

Artificial Intelligence (AI) with deep learning and machine learning algorithms are changing the way we solve variety of problems from manufacturing to biomedical industries. The applications that can benefit from the power of AI are endless.

With the Windows Machine Learning (Windows ML) API, as .NET developers, we can now leverage the ONNX models that have been trained by data scientists and use them to develop intelligent applications that run AI locally. In this blog post, we will give an overview of what Windows ML can do for you; show you how to use ONNX in your UWP application; and introduce you to the Windows Machine Learning Explorer sample application that generically bootstraps ML models to allow users to dynamically select different models within the same application.

Channel 9's AI Show for this blog post can be found here.

Windows Machine Learning Explorer sample application code for this blog post can be found here.

Why is Windows ML + ONNX Great News for .NET Developers?

Earlier this month, we announced the AI Platform for Windows Developers.

Windows ML is an API for on-device evaluation of trained deep learning and machine learning models. It is built to help developers with scenarios where evaluation of machine learning models locally might be more advantageous, due to the lack of a reliable internet connection, latency before getting prediction results (particularly important for real-time applications) or data privacy considerations where your customers wouldn't be willing to have their data leave the device.

But more than that, Windows ML makes it easy for you to leverage the infinite possibilities of AI by establishing a simple process to integrate models with your application. By supporting Open Neural Network Exchange (ONNX), which is an open source format to represent machine learning models, you can easily leverage models created in different training frameworks to be evaluated inside your application. In addition, Windows ML's automatic interface code generation takes care of processing your ONNX file and creating wrapper classes, allowing you to easily interact with your model within your application.

Windows ML can hardware accelerate your model evaluation on DirectX 12 GPU. Developers can select their preferred evaluation device, whether CPU or GPU, and Windows ML handles communication with the hardware on their behalf.

How Can Developers Use Windows ML + ONNX in a UWP Application?

Adding the capability to run AI locally with your new or existing UWP application is now easier than ever before. You need to add an ONNX file to your UWP project to get started. Then you can decide to use the automatic generated wrapper classes directly or write a few lines of code to call the Windows ML APIs directly to evaluate your model.

Adding an ONNX File to Your UWP Project to Get Started

Windows ML's automatic interface code generation, natively integrated with VS UWP workloads, does most of the heavy lifting for you. Simply add an ONNX model file to your project, and Visual Studio will automatically extract the input and output features from the model and generate wrapper classes for your application to consume.

Figure 1 - Auto generate wrapper classes file with ONNX model in Visual Studio

This functionality is fully available for the UWP workload with Windows 10 (version 1803), Windows SDK (Build 17110), and Visual Studio (version 15.7 - Preview 1) installed.

Using Auto Generated Wrapper Classes

The wrapper classes generated by the automatic code generator provide you with an interface to easily interact with your machine learning model through Windows ML APIs. There are three basic wrapper classes:

• Input class – This class is to represent the input data which will be bound to the model.
  
• Output class – This class is to represent the output data which will be bound to the model.
  
• Model class – This class is to represent the model object to load and evaluate.
  

Figure 2 - This shows the skeleton of the generated wrapper classes that represent Input, Output, and Model.

To use the automatic generated wrapper classes, you simply need the following three lines of code:

• Create the model – This will create the model with the ONNX model file.
  
• Initialize the input – Initialize the input object with application data to be bound to the model for evaluation.
  
• Evaluate the model – Evaluate the model with the input data to obtain the resulting output data.
  

Figure 3 - This shows the three lines of code to Create the model, Initialize the input, and evaluate the model to obtain output data.

Using Windows ML APIs Directly

To truly appreciate how simple and easy it is to use the Windows ML APIs, we should look inside the Model wrapper class, to understand the three lines of code that are required to evaluate your machine learning model locally. If the architecture of your application has a requirement to dynamically load different models, this will help you understand how to build your own abstraction layer.

The first line of code is Load. This loads the ONNX model file from file system and store it as a LearningModelPreview object.

The second line of code is Bind. This creates a model binding object to allow you to bind your input and output objects to the model to be evaluated. The data type within the input and output objects depend on the requirements of your model.

The final line of code is Evaluate. This is where Windows ML brings everything together and uses the input binding to evaluate the model locally and returns its results in the output object.

And voila! You can either choose to directly use the generated wrapper classes or call into Windows ML APIs. Either way, the above three lines of code will enable you to run AI locally within your application. In the next section, we will explore a sample generic UWP application that showcases a way to build an abstraction on top of Windows ML APIs where it takes a picture or a video frame, evaluate through any model that accepts such input type, and display results.

End-to-End Sample Application: Windows Machine Learning Explorer

Windows Machine Learning Explorer (Windows ML Explorer) is a data driven and generic sample application that serves as a launch pad to bootstrap ML models to be evaluated by Windows ML. It currently includes the scenario of a circuit board defect detection model. This model can detect defects on static pictures, such as in figure 4 where the circuit board traces are broken between paths. It can also detect from real-time web camera feed of a perfectly normal printed circuit board shown in figure 5.

You can find the code of the Windows Machine Learning Explorer sample application here.

Figure 4 - A defective printed circuit board static picture was selected in Windows Machine Learning Explorer.

Figure 5 – A normal printed circuit board was shown in front of a web camera in the Windows Machine Learning Explorer.

The Printed Circuit Board (PCB) model was trained using Microsoft Custom Vision Service, with PCB data generated by the Circuit Board Generator. Once the CoreML model has been trained and generated, it was converted to ONNX format using WinMLTools. To accomplish the conversion steps, you can work with your data scientist or follow these steps with the Convert existing ML models to ONNX guide. The converted ONNX model and sample PCB pictures are then added to the application's project.

Figure 6 – The converted ONNX model file and the generated circuit board pictures are added within the Assets/PCB folder of the project.

In Windows ML Explorer, there is an abstraction layer that is built on top of Windows ML APIs. This enables us to generically add a new ONNX model to the application that takes a picture or a video frame as input, evaluate, and display results. This also allows the application to dynamically switch between models from the UI. This abstraction is represented by the WinMLModel abstract class.

Figure 7 - WinMLModel.cs file and abstract class can be found inside the MLModels folder.

The WinMLModel abstract class already loads the model file with its initialization steps. It expects any new model that inherits this class to override the following properties and methods:

• DisplayInputName – This allows the UI to display the type of input images for the model.
  
• DisplayMinProbability – This restricts the UI to only show evaluation results with probability higher than this number.
  
• DisplayName – Friendly display name of the model.
  
• DisplayResultSettings – These settings direct how the UI will show probability percentages.
  
• Filename – The location of the ONNX model filename.
  
• Foldername – The folder within the Assets folder where the ONNX model and the input pictures will be located.
  
• EvaluateAsync(MLModelResult result, VideoFrame inputFrame) – This provides the inherited model classes to determine how to bind input and output, evaluate the model, and populate the MLModelResult object to be consumed by the UI to display results.
  

The provided example of the PCB model is represented as a class that inherits WinMLModel.

Figure 8 - The full skeleton of the PCBModel class which represents the PCB model that inherits the WinMLModel abstract class.

The EvaluateAsync(PcbModelInput input, string correlationId) method uses same code as to how the generated wrapper class binds inputs / outputs and evaluates the model.

Figure 9 - This shows how the PcbModel binds inputs / outputs and evaluates the model.

Adding a New Model to Windows Machine Learning Explorer

Once you have synced, built, and ran the Windows ML Explorer sample application, it is very easy for you to add a new model that expects a picture or a video frame as input. The application also allows the users to dynamically switch between multiple models, from one to another, as shown in figure 7 in the user interface.

To add a new model to the Windows ML Explorer, you simply follow with these five simple steps:

1. Create a new model folder under Assets to represent this new model.
   
2. Add the ONNX model file to the model folder and set the file's build property as content.
   
3. Create a new Images folder under the model folder and add your input images.
   
4. With the automatic generated wrapper classes file, modify the Model class to inherit the WinMLModel abstract class.
   
5. Add an instance of the new model class within the Models list in the constructor of MainViewModel. This will enable the new model to be shown in the Select Machine Learning Model combobox dropdown in the main UI.
   

Figure 10 - Skeleton of the new model class to be added to the Windows Machine Learning Explorer.

Figure 11 - This shows how to add a new model to the constructor of the MainViewModel.

Figure 12 – This shows the result of adding a second model in Windows Machine Learning Explorer and allows the user to dynamically switch between one model to another.

So, What Are You Waiting For?

In this blog, we introduced how .NET developers can use Windows ML to create intelligent applications that runs AI locally on Windows 10 devices. These intelligent applications leverage ONNX models which can be easily used via the automatic generated wrapper classes or directly invoking the Windows ML APIs. We have also presented the Windows Machine Learning explorer, an end-to-end sample application that showcases how to create an abstraction layer on top of Windows ML APIs to allow users to dynamically switch between ONNX models within the application. Thus, with just a few lines of Windows ML code, every developer can now develop powerful UWP applications that run on the intelligent edge.

There is no reason to wait - go ahead and give it a try!

Rosane & Wilson

Resources

• Channel 9's AI Show for this blog post can be found here.
  
• Windows Machine Learning Explorer sample application code for this blog post can be found here.
  
• Official guide for Windows Machine Learning can be found here.
  

Acknowledgement

• The authors wish to thank Carlos Pessoa, Chris Barker, Lucas Brodzinski, Seth Juarez, and Wee Hyong Tok from Microsoft for reviewing this post; and Louis-Philippe Bourret from Microsoft for reviewing the sample application code.

The below was an exercise in paying attention to detail for one of my customers.  They were in the middle of an Exchange 2010 to 2016 migration and were attempting to install the first Exchange 2016 server into the organisation. Windows Server 2016 was being used as the OS for these new servers.

However it was not going swimmingly.

As part of the pre-work they were installing the OS, applying Windows updates and finally installing the Exchange 2016 prerequisites.  The required prerequisites for Exchange 2016 are documented on TechNet.

They copied over the list of OS prequistes, and then executed the command in an elevated PowerShell session.  The command used was:

Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

This did not end well.  Red text in PowerShell can be easily classified as “bad”.

For make most glorious benefit search engines:

Install-WindowsFeature : ArgumentNotValid: The role, role service, or feature name is not valid: 'AS-HTTP-Activation'.
The name was not found.
At line:1 char:1
+ Install-WindowsFeature AS-HTTP-Activation, Server-Media-Foundation, N ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (AS-HTTP-Activation:String) [Install-WindowsFeature], Exception
+ FullyQualifiedErrorId : NameDoesNotExist,Microsoft.Windows.ServerManager.Commands.AddWindowsFeatureCommand

Did they make a typo in that first OS component?  Let’s check to see what it is called in Windows using the Get-WindowsFeature cmdlet.  The result of which is shown below:

Hmm.  Nowhere to be found.  That’s a bit weird.

Why is TechNet telling them to install something that does not exist?

The Command Awakens

Well, actually it did not tell them to install a non-existent component.

The underlying issue was that they did not scroll enough to get to the prerequisites section for Windows Server 2016 and were trying to install the Windows 2012 R2 prerequisites onto Windows Server 2016.

Yes – that is what the paying attention to detail comment above refers to.  The prerequisite list of components which they should have used for Windows Server 2016 is:

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Note that there is no AS-HTTP-ACTIVATION in that list.

As you may expect, using the correct list of features on the corresponding version of Windows completed successfully:

Bootnote

I like to add the –Restart parameter so that the system restarts automatically.

Launching setup for it to them say there is a pending restart is frustrating, so I always restart after installing the relevant components.

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS  -Restart

Cheers,

Rhoderick

One common question I see is what should be the first thing I do after I set up Azure AD?  Luckily for you the Product Group has provided a nice article that covers that topic.  Please do this first and get your peers on board.  Most customers set up Azure AD, set up syncing and start using it, before ever thinking about security.  It is never to late to start following this guidance!!!

Securing privileged access for hybrid and cloud deployments in Azure AD

Enjoy

- Chad

Other Useful AAD Link:

Azure Active Directory Proof of Concept Playbook: Introduction

Author: Tushar Pathak, with assistance from Shea Caperoon

Log collection

When opening a support issue it’s critical that we have the right information to fully investigate the issue.  Support engineers often get asked by customers what data would be most useful to provide in order to have the case move forward as efficiently as possible. Having this data in first instance speeds up the resolution and avoids going back in circles.

Please refer to following chart for log collection based on the issue. When possible please submit these logs to the support engineer who is assigned to the case.

Procedures:

Collecting Client Logs

• From SfB/Lync Client, sign out or Cancel sign in

• From the client sign in screen, select Delete My Sign In Information
• From Tools > Options > enable client-side logging Options > Tools > General tab.
  • Turn on logging = Full (This is default in 2013/2016 client)
  • Select "Also collect troubleshooting info using Windows Event Logging"

• Exit the SfB/Lync client entirely (Alt + File > Exit)
• Exit Outlook entirely
• Go to Start > Run > type
  • For SfB 2016
    • %localappdata%MicrosoftOffice16.0Lync
  • For SfB/Lync 2013
    • %localappdata%MicrosoftOffice15.0Lync

• Delete folders starting with sip_
• Rename the Tracing folder to Tracing_bak
• Restart SfB/Lync client, and then reproduce the error condition – please capture a screen shot of error condition and the system time so error logs can be correlated.
• Exit client completely again and gather logging
  
• Zip entire Tracing folder from location above

SFB Configuration Information

1. 1. Navigate down to the taskbar and do a CTRL+RightClick on the Skype for Business icon. 
   2. On the menu shown, select the Configuration Information option.
   3. A pop-up window will open. Click on the button named Copy and paste the clipboard into a text file or reply email

Network

Network Capture on windows (GUI)

1. Download full netmon client from above website per the operating system bitness
2. Install full netmon on the affected machine
3. Run netmon as an Administrator (see here if you need instructions)
4. Start capture, reproduce the issue and stop capture. For best results, close all other windows or applications that are not needed to reproduce the issue
5. Save the netmon trace

Network Capture on windows

1. Open a Command Prompt as Administrator
2. Create a folder on the local disk by running the followingcommand:
   • c:>mkdir c:css-temp
3. Run the command:
   • c:>netsh trace start scenario=netconnection capture=yes packettruncatebytes=512 tracefile=c: css-temp%computername%_nettrace.etl maxsize=2000 filemode=circular overwrite=yes report=yes
4. Wait for the command to finish
5. Reproduce the problem
6. Run the command:
   • c:>netsh trace stop and wait for the command to finish
7. Prepare to upload the two files in c:css-temp to the case (ask for instructions from your support professional)

Network Capture Mac

1. Open a Terminal session
2. Run the follwing commands:
   • sudo tcpdump -w ~/Desktop/CaptureMSFT.pcap
3. Enter the admin credential to elevate
4. Reproduce the problem
5. Press CTRL+C to stop the capture
6. Ask customer to upload the file CaptureMSFT.pcap from the Desktop

This is a quick tip I recently discovered and wanted to share.  The Active Directory PowerShell Module also displays constructed attributes in results.  One useful attribute I use for Organizational Units (OU) is msDS-Approx-Immed-Subordinates, this attribute returns the number of direct descendants under any OU or container in Active Directory. Its doesn’t seem to be something that you can use in a filter but you can use it in your where-object clause.

#get all ou's and the number of direct descendants 

get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `

    name, "msDS-Approx-Immed-Subordinates", distinguishedname

#get ou's with no direct descendant

get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `

    name, "msDS-Approx-Immed-Subordinates", distinguishedname | `

        where {$_."msDS-Approx-Immed-Subordinates" -eq 0}

#get ou's with direct descendants

get-adorganizationalunit -filter * -properties "msDS-Approx-Immed-Subordinates" | select `

    name, "msDS-Approx-Immed-Subordinates", distinguishedname | `

        where {$_."msDS-Approx-Immed-Subordinates" -ne 0}

I put together a sample script to find and delete unused Organizational Units.

GitHub: FindandDeleteUnusedOUs.ps1

Hope you find this useful.

-Chad

El martes, 13 de marzo de 2018, Microsoft publicará nuevas actualizaciones de seguridad que afectan a los siguientes productos de Microsoft:

Descripción de las vulnerabilidades de seguridad

A continuación se proporciona un resumen en el que se muestra el número de vulnerabilidades tratadas en esta versión, desglosado por producto o componente y por impacto.

(1) Es posible que las vulnerabilidades que aparecen en varios componentes se representen más de una vez en la tabla.

(2) En el momento de la publicación, las puntuaciones CVE solo estaban disponibles para Windows, Internet Explorer y Microsoft Edge.

Guía de actualizaciones de seguridad

La Guía de actualizaciones de seguridad es nuestro recurso recomendado para obtener información sobre actualizaciones de seguridad. Puede personalizar sus vistas y crear hojas de cálculo del software afectado, así como descargar datos a través de una API de RESTful. Le recordamos que la Guía de actualizaciones de seguridad ya ha sustituido a las páginas web de los boletines de seguridad habituales.

Portal de la Guía de actualizaciones de seguridad:  https://aka.ms/securityupdateguide

Página web de preguntas más frecuentes (P+F) sobre la Guía de actualizaciones de seguridad: https://technet.microsoft.com/es-es/security/mt791750

Página web de tutoriales sobre la API de actualización de seguridad

En el canal de YouTube de Soporte técnico de Microsoft se publicaron una serie de vídeos de demostración sobre la API de actualización de seguridad. La serie lo guiará por la forma de acceder a la API y cómo recuperar datos de la actualización de seguridad mediante la API. ¡Disfrútela!

Página web de tutoriales sobre la API de actualización de seguridad: https://sugapitutorial.azurewebsites.net/.

Detalles de la vulnerabilidad

A continuación, encontrará los resúmenes de algunas de las vulnerabilidades de seguridad de esta versión. Estas vulnerabilidades se han seleccionado entre el conjunto global de vulnerabilidades existentes en la versión por alguno de los motivos siguientes: 1) Hemos recibido consultas relacionadas con la vulnerabilidad; 2) la vulnerabilidad se ha puesto de relieve en la prensa especializada; o 3) la vulnerabilidad puede resultar más perjudicial que otras de la misma versión. Dado que no proporcionamos resúmenes para todas las vulnerabilidades de la versión, debería consultar el contenido de la Guía de actualizaciones de seguridad
para buscar la información que no esté contenida en estos resúmenes.

Respecto a la coherencia de la información

Procuramos proporcionarle información precisa a través de contenido estático (este correo) y dinámico (basado en web). El contenido de seguridad de Microsoft publicado en la Web se actualiza con frecuencia para incluir la información más reciente. Si esto provoca incoherencias entre la información de aquí y la información del contenido de seguridad basado en web de Microsoft, la información autorizada es esta última.

Si tiene alguna pregunta respecto a esta alerta, póngase en contacto con su administrador técnico de cuentas (TAM) o director de prestación de servicios (SDM).

Saludos!

Microsoft CSS Security Team

Em terça-feira, 13 de março de 2018, a Microsoft lançou novas atualizações de segurança que afetam os seguintes produtos da Microsoft:

Visão geral da vulnerabilidade de segurança

Veja abaixo um resumo mostrando o número de vulnerabilidades solucionadas neste lançamento, discriminadas por produto/componente e por impacto.

(1) Vulnerabilidades que sobrepõem componentes podem ser representadas mais de uma vez na tabela.

(2) No momento do lançamento, as pontuações de CVE só estavam disponíveis para o Windows, o Internet Explorer e o Microsoft Edge.

Guia de Atualizações de Segurança

O Guia de Atualizações de Segurança é nosso recurso recomendado para informações sobre atualizações de segurança. Você pode personalizar suas exibições e criar planilhas de softwares afetados, além de baixar dados por meio de uma API RESTful. Como lembrete, o Guia de Atualizações de Segurança agora substituiu formalmente as páginas de boletins de segurança tradicionais.

Portal do Guia de Atualizações de Segurança:  https://aka.ms/securityupdateguide

Página da Web de perguntas frequentes sobre o Guia de Atualizações de Segurança: https://technet.microsoft.com/pt-br/security/mt791750

Página da Web de Tutorial de API para Atualizações de Segurança

Uma série de vídeos de demonstração de API de Atualizações de Segurança foi publicada no canal do Suporte da Microsoft no YouTube. A série irá orientá-lo sobre como acessar a API e como recuperar dados de atualizações de segurança usando a API. Divirta-se!

Página da Web de Tutorial de API para Atualizações de Segurança: https://sugapitutorial.azurewebsites.net/.

Detalhes de vulnerabilidade

Veja a seguir resumos de algumas das vulnerabilidades de segurança neste lançamento. Essas vulnerabilidades específicas foram selecionadas de um conjunto maior de vulnerabilidades no lançamento por um ou mais dos seguintes motivos: 1) Recebemos consultas sobre a vulnerabilidade; 2) a vulnerabilidade pode ter recebido atenção na imprensa especializada; ou 3) a vulnerabilidade tem impacto potencialmente maior do que outras no lançamento. Como não fornecemos resumos de todas as vulnerabilidades presentes do lançamento, você deve examinar o conteúdo no Guia de Atualizações de Segurança
para obter informações não fornecidas nesses resumos.

Sobre a consistência das informações

Nós nos empenhamos para fornecer a você informações precisas usando conteúdos estáticos (esta mensagem) e dinâmicos (baseados na Web). O conteúdo de segurança da Microsoft postado na Web é atualizado frequentemente para informar sobre novidades. Se isso resultar em uma inconsistência entre as informações descritas aqui e as informações no conteúdo de segurança baseado na Web publicado pela Microsoft, as informações nesse conteúdo publicado prevalecerão.

Em caso de dúvidas sobre este aviso, entre em contato com seu Gerente Técnico de Conta (TAM)/Gerente de Prestação de Serviços (SDM).

Agradecemos sua atenção.

Atenciosamente,

Equipe de Segurança Microsoft CSS

Nominations for the Microsoft 2018 Partner of the Year awards are now open, and the nomination tool can be accessed here. This will close on 17^th April 2018 and there will be no exceptions or extensions.

What are the Microsoft Partner of the Year Awards?

The Partner of the Year Awards are presented each year at the Microsoft Inspire Conference – this year Inspire is co-habited with Microsoft Ready, meaning that there will be thousands more Microsoft staff onsite than ever before. The awards are based on a self-nominating process by partners, and this year, winners will be celebrated at Microsoft Inspire in Las Vegas, Nevada from July 15^th-19^th, 2018.

The awards recognise the excellence our partners have demonstrated over the past year by showcasing them across the globe. We were very impressed with the extremely high quality of all the nominations received last year, and proud to have so many UK partners recognised – this year we expect it to be even bigger.

Resources Available to You

Explore our awards area of the Inspire site – here you can find awards guidelines, advice from the judges and tips on how to create a great entry.

How a Partner of the Year Award Can Benefit you as a Partner

As a Microsoft partner, receiving a Partner of the Year Award positions your company for new business opportunities, generates positive press coverage and can lead to even greater market recognition. As a winner, you are also invited to exclusive celebrations during the Microsoft Inspire Conference.

Don’t just take our word for it – here are our 2017 winners…

CGI UK – UK Country Partner of the Year

CGI UK are a leading Microsoft Partner who've put growth and transformation at the heart of their business, making a big investment in building Azure skills and training over 100 of their senior architects. CGI are early adopters of the Microsoft strategy and are currently in the process of migrating customers from their datacentre to Azure. They've really leveraged the Microsoft Partner ecosystem, building strategic partnerships that enable them to deliver the best solutions for client innovation. Building IP is key to their transformation and they've set a target of generating 30% of their revenue from IP by 2019. They have implemented a full end-to-end data analytics solution built on Microsoft Azure, Advanced Analytics, PowerBI and SQL Server to help their customers drive efficiencies and cost savings. Their long-term commitment to customer obsession has been a key driver of their transformation.

The Consortium - Cloud Productivity

The Consortium comprises of five specialist Microsoft partners, each with enterprise level experience and their own unique IP. The partnership, based in the UK, includes Content and Code, Modality Systems, Inframon, Coeo, and Program Framework. Together, these partners offer end-to-end digital transformation services for Microsoft's Cloud customers, helping them unlock the potential of their technology investments. By working together, the Consortium combines the expertise, flexibility and agility found in specialist partners, while offering clients the breadth of capability more typically found in global SI's. The Consortium meets diverse customer needs by bringing in the right partner(s) to offer follow on services over the lifecycle of the customer. In the 12 months the Consortium has been working together, they've helped countless customers by delivering customized solutions based on specific client needs. Projects range from digital workspaces, Skype for Business and communications, cloud and infrastructure platform, to Power BI & analytics, and project and portfolio management.

For more information on the 2018 Microsoft Partner of the Year Awards, check out our website.

The product group released the March 2018 Cumulative Update for the SharePoint 2010 product family.

For March 2018 CU we have full server packages (also known as Uber packages) for SharePoint server and Project server. For SharePoint Foundation there was no CU released in March. For the latest updates for SharePoint Foundation look for the January 2018 CU.

As this is a common question: Yes, March 2018 CU includes all SharePoint security fixes released with March 2018 PU.

Be aware that CU is a Post-SP2 hotfix. It is required to have SP2 installed before installing the CU.
It is required to have SP2 installed for the base product and all installed language packs to install March 2018 CU for SharePoint 2010.

This CU includes all SharePoint 2010 fixes (including all SharePoint 2010 security fixes) released since SP2. The CU does not include SP2.

The KB articles for March 2018 CU should be available at the following locations in a couple of hours:

• No fixes released for SharePoint Foundation 2010
• KB 4011710 - SharePoint Server 2010
• KB 4011708 - Project Server 2010

The Full Server Packages for March 2018 CU are already available through the following links:

• No fixes released for SharePoint Foundation 2010
• Download SharePoint Server 2010 March 2018 CU
• Download Project Server 2010 March 2018 CU

After installing the fixes you need to run the SharePoint 2010 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

Be aware that the SharePoint Server 2010 CU contains the SharePoint Foundation CU.
That means only one package has to be installed for the SharePoint 2010 product family.

Related Links:

• Blog: SP2 for SharePoint 2010
• Blog: Common Question: What is the difference between a PU, a CU and a COD?
• Blog: SharePoint Patching demystified
• Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
• Blog: March 2018 Office Update Release
• Technet: Update Center for Microsoft Office, Office Servers, and Related Products
• Technet: Updates for SharePoint Server 2010 and SharePoint Foundation 2010
• Technet: Updates for Project Server 2010
• Technet: Updates for Enterprise Search Products

As I received some feedback that I should also add the Urls to the KB articles of the different security fixes I added this information to my blog post.

SharePoint 2010 Suite:

• KB 4011705 - Word Automation Services for SharePoint 2010
• KB 4011709 - Office Web Apps 2010

SharePoint 2013 Suite:

• KB 4018304 - SharePoint Foundation 2013
• KB 4018298 - SharePoint Server 2013 (core components)
• KB 4011688 - Word Automation Services for SharePoint 2013
• KB 4018305 - Project Server 2013
• KB 4011692 - Office Web Apps 2013

SharePoint 2016 Suite:

• KB 4018293 - SharePoint Server 2016 (language independent)
• KB 4011023 - Office Online 2016

See the Security Update Guide below for more details about the relevant fixes:

• Security Update Guide

More information:

• KB 4090988 - March 2018, update for Microsoft Office

According to Mitre Adversarial Tactics, Techniques & Common Knowledge (ATT&CK), Persistence is "any access, action, or configuration change to a system that gives an adversary a persistent presence on that system", which is a common technique used by adversaries to keep a communication channel open with the attacked resource. The use of Run and RunOnce registry keys to survive a boot is one of those persistence techniques that is widely used for adversaries. For example, Bronze Butler used both keys to estabilish malware persistance. The good news is that Azure Security Center can detect this type of registry change and trigger an alert as shown in the example below:

Read Azure Security Center detection capabilities for more information about how Security Center is able to detect new threats.

The product group released the March 2018 Cumulative Update for SharePoint Server 2016 product family. Be aware that only a language independent fix was released with March 2018 CU. The latest language dependent fix was released with January 2018 CU.

This CU also includes Feature Pack 1 which was released with December 2016 CU and Feature Pack 2 which was released with September 2017 CU.

The KB articles for March 2018 CU are available at the following location:

• KB 4018293 - March 2018 Update for SharePoint Server 2016 (language independent) - This is also a security update!
• KB 4011687 - March 2018 Update for SharePoint Server 2016 (language dependent fixes)
• KB 4011023 - March 2018 Update for Office Online Server 2016 - This is also a security update!

The download for March 2018 CU is available through the following link:

• Download March 2018 Update for SharePoint Server 2016 (language independent) - This is also a security update!
• Download March 2018 Update for SharePoint Server 2016 (language dependent fixes)
• Download March 2018 Update for Office Online Server 2016 - This is also a security update!

Important: It is required to install both fixes (language dependent and independent) to fully patch a SharePoint server as each SharePoint installation comes with a language independent component and a language dependent component. If additional language packs are added later (only) the language dependent fix has to be applied again.

It is irrelevant which language you pick on the drop down in download center. Even the language dependent fixes are all in the same package for all languages.

After installing the fixes you need to run the SharePoint 2016 Products Configuration Wizard on each machine in the farm. If you prefer to run the command line version psconfig.exe ensure to have a look here for the correct options.

SharePoint 2016 March 2018 CU Build Numbers:

Language independent fix: 16.0.4666.1002
Language dependent fix: 16.0.4666.1000

To understand the different version numbers please have a look at my article which explains the different SharePoint build numbers.

You can use the SharePoint Server 2016 Patch Build Numbers Powershell Module to identify the patch level of all SharePoint components.

Related Links:

• Technet: Updated Product Servicing Policy for SharePoint Server 2016
• Blog: Common Question: What is the difference between a PU, a CU and a COD?
• Blog: SharePoint Patching demystified
• Blog: Why I prefer PSCONFIGUI.EXE over PSCONFIG.EXE
• Blog: March 2018 Office Update Release
• Technet: Update Center for Microsoft Office, Office Servers, and Related Products
• Blog: SharePoint Server 2016 Patch Build Numbers Powershell Module
• Blog: SharePoint Server 2016 Zero-Downtime Patching Demystified
• Blog: SharePoint does not have a build version. Full Stop.

Microsoft Intune and Mobile Device Management (MDM) for O365 both use certificates to ensure there’s a secure communication channel to send mobile device management policies between the service and managed end user devices. As part of enrollment into the service, an end user’s device will be issued a certificate for secure connection. After enrollment, an end user’s device will check back into the service to renew a certificate through the Company Portal app. Typically, this renewal is silent, and is not seen by the end user. However, if the end user is enrolled and has copies of Office or OneDrive that do not have Intune App Protection Policies (also known as MAM) associated with them, they may receive a prompt recommending that they open the company portal app.

Here's what the prompt looks like today:

Once the user selects “OK”, and the end user manually opens the Company Portal, the cert is silently renewed. If the end user defers taking any action, they will continue to get prompted several times or until the certificate expires. The device will continue to try renewing the certificate to ensure communication does not get cut off between Intune/MDM for Office 365 and the managed device. In the end, though, if the device does not renew the certificate, it will no longer be able to communicate with the service and your end user will need to launch the CP again for company-managed app access. We leave a long window for the certificate renewal since we know employees take vacation or travel for work and a managed device may be offline for a period of time.

There’s a few ways you can help ease this pop-up experience for your end users:

1. Please ask your end users to accept this prompt and ask them to open the Company Portal app.
2. If you’ve got a support team internally, you may want to let them know that end users could see the above company portal message.
3. Finally, know that Intune does not read your end user’s call history or text messages. You can read up more on what Intune can and can’t access through the site’s below:

• https://docs.microsoft.com/enterprise-mobility-security/solutions/fasttrack-intune-enduser-enrollment-instructions
• https://docs.microsoft.com/intune/end-user-educate

We’re taking feedback on what type of warning you would expect and one you think your end users would appreciate. Feel free to leave comments on this post of what your end users would expect. We’ve got work underway to update that message and then ask Outlook and OneDrive to adopt the app SDK. Please keep in mind this does not affect users with App protection policies (also known as MAM) that are not enrolled in the Intune MDM or MDM for Office 365 service.

If your environment contains at least one surface Hub, you're probably familiar with the replies sent from Surface Hub when you're booking it.

Hubs are configured as room mailbox, and designed to automatically accept or decline the meting invite based on their availability;

If the Hub is available - it'll automatically accept your meeting invite and your name will appear on the Hub's screen when you'll enter the room:

If the Hub is not available - it'll automatically decline the meeting invite, providing the reason for declining the meeting:

Hopefully the Hub is available and the meeting was approved - for some users this maybe the first time they meet the Hub, or they may need to refresh their memory since the last Hub training.

Customization!

Exchange Server and Exchange Online provide us with the option to add HTML code to the auto-response message the Hubs send.
Our busy marketing team created a fancy HTML template just for you to add to your Hub's auto-response messages and help prepare your users for their next meeting with the Hub:

When do I configure this?

You can set the auto-response with the HTML code when you're creating and configuring the Hub's account, or change the configuration for existing Surface Hub accounts. The PwerShell cmdlets are the same for both cases, and we'll cover it later in this post.

How to configure:

When sending HTML pages in an email message, you're normally facing the possibility that images will not be displayed correctly. To make sure the response from the Hub is properly displayed, you have two options:

1. Host the images  on a local server in your environment that's accessible to your users. This is a preferable option especially if your environment restricts access to the Internet or some websites.
2. Use images hosted on the internet. This option is great if most of your users are remote, or if you allow access to most internet resources.

This is something you should carefully plan for, or your users will end up getting weird looking auto-responses like the one below:

To compliment both options, we have two separate HTML versions of the same email in this location. ← DOWNLOAD HERE

You'll find one folder and two files in this share as follows:

• Index.html is the base HTML code for this email. it's the one you'll need to edit if you're hosting the media internally.
• ReplyExt.html is the HTML file already configured to access external resources.
• The 'Media' folder contains all the images required to use with the Index.html file.

Tip: clicking on any of the HTML files will open an HTML editor (give in 10 seconds) from which you can copy the code.

If you chose to host the files internally, you'll have to edit the index.html file to point to the media location.
To do so, open the index.html file and search for "media/ and replace it with the new media location:

Example:

Line 199 in index.html the refers to <img src="media/Logo_Microsoft.png" alt="Microsoft"/>
That'll have to change to something like <img src="https://IIS.domain.local/Logo_Microsoft.png" alt="Microsoft"/>

Whether you use Index.html or ReplyExt.html, you should edit the following:

• Line 203, replace  <img src="media/partnerLogoPlaceholder.jpg" alt="placeholder logo"/> with the logo of your own company.
• Line 688, replace <a href="mailto:ITsupport@contoso.com">ITsupport@contoso.com</a> with an email address in your company.

Configure Auto-response

The command used to configure the auto-response is Exchange's Set-CalendarProcessing.
To simplify the process, you can set these parameters in PowerShell:

$Reply = Get-Content -Path "C:TempHubAutoResponseindex.html" (Where "C:TempHubAutoResponse" is the location of the index.html file or the ReplyExt.html)

Set-CalendarProcessing -identity Hub101@contoso.com -AdditionalResponse $Reply (Where "Hub101@contoso.com" is the email address of the Hub's account)

Right after completing these steps, your new email template will be sent with every Surface Hub auto-response:

Webinar: June 21st 1:00pm EST   Hi! You have scheduled a collaborative Surface Hub meeting. To ensure you have a successful meeting, follow the simple steps below. Ensure Skype is added to your meeting invite Here’s how your Outlook meeting should look with a Skype bridge (optional): Get familiar with the Hub Find a Surface Hub and open “A Surface Hub Tour” app. If you don’t see it available, ask your IT admin to download the app on your own device. See below for IT contact details. As an option, you can also download the app on your personal device. Download the App>> Prepare your content for sharing If you’re using any content in your meeting, follow these instructions: Attach PowerPoint files to the Meeting Invite to make them available in the Skype meeting on Surface Hub. Upload any documents or images to OneDrive for Business and Sign in on Surface Hub to access your content. Save your documents or images to a USB Flash Drive and bring it with you to the meeting. Plug in your drive on the right side of the Surface Hub then open File Explorer to locate the drive with your files. Join your meeting Once you’re there, simply touch the blue button with your meeting on the Surface Hub screen. If your meeting is not there, make sure you invited the correct Surface Hub. Additional helpful tips for during your meeting Launch the whiteboard: The whiteboard will automatically start when you join the meeting. However, you can always start a new whiteboard from the Windows Start menu. Learn more on how to do this on “A Surface Hub Tour” app. Present your PowerPoint: If you attached your PowerPoint to the original meeting invite, open it from the Content panel in the meeting and click on Present Screen at the top of the screen. You can also access your documents after signing into Office 365, from your OneDrive, or from a USB. Connect your device: If you attached your PowerPoint to the original meeting invite, open it from the Content panel in the meeting and click on Present Screen at the top of the screen. You can also access your documents after signing into Office 365, from your OneDrive, or from a USB. Learn more by exploring “A Surface Hub Tour” app or check out additional Surface Hub learning materials here. If you have any questions, please contact ITsupport@contoso.comHappy Hub-Meeting!

We have found a new issue with Windows Server Essentials Dashboard integration wizard with Microsoft Office 365. The Integrate with Microsoft Office 365 wizard may fail to complete with the following error:

In the C:ProgramDataMicrosoftWindows ServerLogsSharedServiceHost-EmailProviderServiceConfig.log, we may find the following exception:

[7812] 170920.160416.7958: BecWebServiceAdapter: Connect to BECWS failed due to known exception : System.ServiceModel.EndpointNotFoundException: There was no endpoint listening at https://bws902-relay.microsoftonline.com/ProvisioningWebservice.svc?Redir=1098557810&Time=636356539931802459 that could accept the message. This is often caused by an incorrect address or SOAP action. See InnerException, if present, for more details. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 157.56.55.77:443

We can see the provisioning end point that the wizard is trying to reach, by running the command: ipconfig /displaydns

However, when we attempt to browse that URL (provisioning web service) in a browser, it may fail with the following exception:

Additionally, when we attempt to do a telnet test to this remote server through the port 443, it fails:

The issue occurs due to a web exception when the Bec Web Service API tries to reach out to the remote endpoint for provisioning purpose. The address is written to the following registry key on the server:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows ServerProductivityO365IntegrationSettings

Name: BecEndpointAddress

Type: String value

Resolution: To resolve the issue, follow these steps:

1. Launch the registry editor console and take a backup of the following key:

HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows ServerProductivityO365Integration

2. Click HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows ServerProductivityO365IntegrationSettings, on the right pane delete the BecEndPointAddress key and click Yes

3. Exit the registry editor console and proceed to run the Integrate with Microsoft Office 365 wizard

2018 年 3 月 14 日 (日本時間)、マイクロソフトは以下のソフトウェアのセキュリティ更新プログラムを公開しました。

• Internet Explorer
• Microsoft Edge
• Microsoft Windows
• Microsoft Office、Microsoft Office Services および Web Apps
• Microsoft Exchange Server
• ASP.NET Core
• .NET Core
• PowerShell Core
• ChakraCore
• Adobe Flash

新規セキュリティ更新プログラムを公開すると共に、新規のセキュリティ アドバイザリ 1 件の公開、既存のセキュリティ アドバイザリ 1 件の更新を行いました。なお、今月の「悪意のあるソフトウェアの削除ツール」では、新たに Win32/Detrahere および Win64/Detrahere に対する定義ファイルが追加されています。

お客様はできるだけ早期に、今月公開のセキュリティ更新プログラムを適用するようお願いします。

■ セキュリティ更新プログラム・セキュリティ アドバイザリに関する主な注意点

• アドバイザリ ADV180002 を更新し、Windows Server 2008 および Windows Server 2012 向けの更新プログラムが利用可能になったことをお知らせしました。また、CVE-2017-5754 (“Meltdown”) に関連する 32 ビット版の Windows 7 および Windows 8.1 に対する追加の保護策を提供する更新プログラムを公開したことをお知らせしました。詳細はアドバイザリ ADV180002 を参照してください。

■ 2018 年 3 月のセキュリティ更新プログラム

セキュリティの脆弱性および更新プログラムの情報を、CVE、KB 番号、製品、またはリリース日別に並べ替えたりフィルターをかけたりすることができます。

セキュリティ更新プログラム ガイド

各月のセキュリティ更新プログラムを絞り込むには、日付範囲に絞り込む月の第 2 火曜日を指定して検索してください。

マイクロソフトは新たに確認した脆弱性について、下記の新しいセキュリティ更新プログラムを公開しました。

毎年恒例の MPN Partner of the Year Awardsでは、マイクロソフトのテクノロジを基盤に革新的なソリューションを提供されたパートナー様の表彰を行っています。受賞パートナー様は、2018 年 7 月 15 日 ～ 19 日に米国ラスベガス（ネバダ州）で開催する Inspire 2018で表彰させていただく予定です。

2017年 MPN Partner of the Year Awards  受賞企業一覧はこちらから

MPN Partner of the Year Awards がビジネスに与えるメリット

MPN Partner of the Year Awards を受賞する、または最終選考に残ることで、弊社もしくは外部のメディアによる露出が増加し、市場認知度が高まり、新しいビジネスチャンスを拡大することが可能です。特典の一部をご紹介します。
※ 特典は変更の可能性があります

• 受賞パートナー様 (Winner) には、参加ツアー費用とInspire 2018 登録費用を1名無償でご招待します。（※受賞されたパートナー様には別途ご案内致します。）
• 栄誉あるマイクロソフト パートナーであることを証明するカスタマイズされたロゴ*のご提供
• 受賞企業(Winner)または最終選考企業(Finalist)としてアワードを販売促進に結びつけるカスタム PR テンプレート*のご提供
• 受賞企業および最終選考企業へのマイクロソフトの主要幹部からの祝賀レター*
• Microsoft Inspire 2018 においてマイクロソフト幹部との記念撮影 (受賞企業のみ)
• ラスベガス（ネバダ州）で開催される Microsoft Inspire 2018 で、受賞企業を表彰
• Microsoft Inspire 2018 期間中、関係者のみで行われる表彰式に受賞企業を招待。マイクロソフト幹部と交流する機会を持っていただき、マイクロソフトの各事業部との関係を強めていただきたいと存じます。

*ワールドワイドのアワードのため、日本語版での提供はございませんので予めご了承ください。

応募の手続き

応募締切: 2018 年 4月 17 日 23:59 (太平洋標準時間、日本時間 4 月 18 日 15:59) まで

(All nominations must be in the tool by 11:59pm PST, April 17, 2018. No Exceptions.)

（ご注意）

• 締め切りは理由に関わらず延長することができませんので、あらかじめご了承ください。
• 応募は弊社が指定するアワード サブミッション ツールよりすべて英語で詳細情報を記入の上、提出する必要がございます。
• 締め切り直前はアワード サブミッション ツールが混雑し繋がりにくくなる可能性もございますので、締め切り前日の 日本時間で 2018 年 4月17 日(火)中にすべてのエントリーをツールより提出していただくことを強くおすすめします。

【参考資料】

*英語版が正式な資料となりますので、内容に変更があった場合は英語版および アワード サブミッション ツール内の記載を正として扱います。日本語版は参考資料としてご参照ください。

• MPN Partner of the Year Awards Program Official Rules (公式ルール) 英語版　/　日本語版
• MPN Partner of the Year Awards Guidelines（各アワードの応募資格・質問項目参考翻訳）　英語版 /　日本語版
• MPN Partner of the Year Awards Frequently Asked Questions（よくあるご質問）　英語版　/　日本語版
• Guidance from Judges for Partners （審査員からのアドバイス） 英語版　/　日本語版
• How to Create a Great Entry （素晴らしいエントリーの作り方）英語版　/　日本語版
• アワード サブミッション ツール 日本語ガイド
• アワードサブミッションツール内の「2018 Partner of the Year Awards - Release（同意書）」日本語版

【応募方法】

ステップ 1. 上記参考資料をご参照いただき、応募するカテゴリーをご検討ください。
ステップ 2. 各カテゴリーの質問項目への回答を英語でご準備ください。
ステップ 3. 弊社が指定する「アワード サブミッション ツール」にアクセスをし、ステップ 2 で準備いただいた回答を締め切りまでにすべて英語で入力し、提出 (Submit) してください。

応募締切: 2018 年 4月 17 日 23:59 (太平洋標準時間、日本時間 4 月 18 日 15:59) まで

応募の必要条件

1. MPN Partner of the Year Awards Program Official Rules (公式ルール)を遵守したうえでご応募ください。
2. 本年度より、アワードはソリューション分野に沿って設定されています。応募するアワードに該当する「応募条件」を必ずご確認ください。
3. 応募ソリューションは、商用顧客事例が 1 件以上あり、2017 年 1 月～2018 年 7 月の 18 か月間に導入された (または導入を予定している) ソリューションをご提出していただくようお願いいたします。
4. 過去に応募されたソリューションでも、過去 12 か月の間に大幅に変更または改良されたものであれば、再度ご応募いただけます。

翻訳サービスについて （有料）

弊社によるMPN Partner of the Year Awards 2018 の応募に関わる英訳サービスの提供はございませんが、翻訳依頼をご希望される場合、以下の2社にて翻訳サービスを特別レートでご利用いただけます。さらに翻訳の性質として、各パートナー様がMPN Partner of the Year Awards 2018 を受賞する目的でエントリーされるため、説得力のある英文で、翻訳レベルのみに限らずライティング力の高い翻訳者を起用しています。ご興味がございましたら以下までお問い合わせください。

＜連絡先詳細＞

*担当者のリンクをクリックするとメーラーが立ち上がります

◆ DNA Media株式会社

担当者：桐木およびローカリゼーションサービス事業部
（必ず上記両方のアドレスを含めてご連絡いただきますようお願いいたします）

◆ 株式会社エイアンドピープル

担当者:　佐野

＜作業期間の目安＞

• ご希望の納期に応じて、特急対応も承ります。
• 期日間際の依頼が多くなるとお断りする場合がありますのでお早めにご依頼ください。

「マイクロソフト カントリー パートナー オブ ザ イヤー」について

「マイクロソフト カントリー パートナー オブ ザ イヤー」は 2010 年度から新設された賞です。

昨年 1 年間にマイクロソフト クラウド ソリューションを提供し、国レベルで優秀な業績を収めたパートナー様に授与されます。応募に際しては、顧客満足度の向上、イノベーションの促進、新規顧客の獲得、ビジネスに与えるインパクトの増大によって示される、弊社との効果的な取り組みをご紹介ください。

「マイクロソフト カントリー パートナー オブ ザ イヤー」への応募いただく場合でも、「アワード サブミッション ツール」への応募が必須です。

お問い合わせ

ご不明な点がございましたら、マイクロソフト 2018 MPN パートナー オブ ザ イヤー アワード チーム(MPNAwards@microsoft.crgevents.com)までメール(英語)でお問い合わせください。回答には 2 営業日ほどかかることがありますのでご了承ください。