What if you had a place where you could quickly learn more about Azure Security, track your learning progress and master the skills you need for your role? Well, now you have this place, is called Azure Essentials (https://www.microsoft.com/en-us/azureessentials). The reason I said Azure Security, is because you can filter the topic for security and Azure Essentials will format the experience specifically for Azure Security related topics as shown below:
Pretty cool, right? Go check it out!
By Ele Ocholi | Intune Sr. PM
Are you interested in using and testing the macOS Company Portal app before it's generally available? Using Microsoft AutoUpdate, you can sign up to receive builds early by joining the Office insider program for mac which will enable you to use the updated Company Portal before it’s available to your end users.
We will try to allow for at least five work days of time before releasing the final build to the public channel to allow time for testing. You will also have the opportunity to provide feedback directly to the Intune team. We plan to continue releasing Company Portal updates through these channels until we release a final build to the public.
Instructions to sign up:
When I speak with organizations who are considering Android devices there's usually the question of, "which management option should we choose?". The answer to the question requires a clear understanding of the scenarios the organization would like to bring under management such as personal devices or corporate devices or even purpose-built devices (e.g. inventory scanners, digital signage, etc.).
There are many different versions of Android from many different OEMs and choosing and supporting each version can be challenging. However, as I'll discuss later in this post, Android enterprise aims to address OEM fragmentation while providing a variety of management options. Fortunately, Microsoft Intune will address various Android management methods available today including those offered with Android enterprise, so let's look at how Android management is accomplished with Intune.
The table below walks through each available Android device management scenario, how Microsoft Intune supports it, as well as items to evaluate when considering each option.
|
Device Management Type |
Enrollment Type |
Intune Management |
|
|
Android Device Admin Considered legacy administration, the Android device administration API has provided APIs to manage the Android device since Android 2.2. The issue with device admin is there are only so many management APIs available, the user experience is challenging, and according to Google, device admin will be depreciated in 2019. With Android Q, device admin will not be available at all.
Device Admin requires an Android device to be enrolled via an MDM and requires various administrator permissions during certain enrollment scenarios. As such, device admin offers insufficient privacy for BYOD, insufficient management capabilities for corporate owned devices, and a poor user experience all around. In addition, device admin is less secure than Android enterprise and device admin is not ideal for an environment requiring minimal or no touch enrollment.
To learn more about device admin deprecation please visit: https://developers.google.com/android/work/device-admin-deprecation |
Intune supports devices enrolled with device admin on Android 4.4+
To enroll a device to Intune using device admin please visit: https://docs.microsoft.com/en-us/intune-user-help/enroll-your-device-in-intune-android
In addition, Intune App Protection policies are supported with device admin (or without enrollment): https://docs.microsoft.com/en-us/intune/app-protection-policy
For BYOD, Intune App Protection policies are a great choice as the policies protect the corporate data at the app layer without requiring the user to enroll their device. |
|
|
Samsung KNOX Standard With Samsung devices, Samsung added their own management APIs which expands the management capabilities for devices enrolled with device admin. An example is managing the email profile for the native email app on a Samsung device.
KNOX is only available with certain Samsung devices so utilizing other OEM devices would require device admin or Android enterprise.
Note: Samsung has announced the unification of KNOX and Android enterprise. More details may be found here: https://www.samsungknox.com/en/blog/android-enterprise-and-samsung-knox-your-questions-answered-here
Samsung also offers KNOX Mobile Enrollment (KME) which allows for automatic enrollment of devices even after a reset. KME is supported starting with Android 2.4 and KME is beneficial for mass enrollment of devices without having to touch each one. Devices may be manually and/or added through a carrier to an MDM. After which, users will experience a streamlined enrollment process which removes the touch points required by device admin.
KNOX Mobile Enrollment is only available with Samsung devices so if no touch enrollment is needed for other device OEMs, Android enterprise may be an option.
To learn more about KNOX Mobile Enrollment please visit: https://www.samsung.com/us/business/solutions/samsung-knox/mobile-security-solutions/knox-mobile-enrollment/
|
Intune supports KNOX standard without additional licensing for KNOX. However, KNOX also requires Device Admin enrollment as well. Once a device is enrolled with an MDM the end user will also see prompts about KNOX after which both device admin and KNOX policies may be deployed to the device. KNOX Mobile Enrollment streamlines the enrollment process by enrolling the device automatically.
To learn more about enrolling a device that supports Samsung KNOX with Intune please visit: https://docs.microsoft.com/en-us/intune/android-enroll#end-user-experience-when-enrolling-a-samsung-knox-device
In addition, Intune App Protection policies are supported with Samsung KNOX: https://docs.microsoft.com/en-us/intune/app-protection-policy
Intune supports KME and to learn more about setting up KME with Intune please visit: https://docs.microsoft.com/en-us/intune/android-samsung-knox-mobile-enroll
In addition, Intune App Protection policies are supported with devices enrolled with KME: https://docs.microsoft.com/en-us/intune/app-protection-policy |
|
Up to this this point we've reviewed traditional management methods available on Android as well as enrolling and managing Android devices with Intune. However, if you've noticed, there seems to be a theme throughout and it's around Android enterprise. It appears all paths are leading to Android enterprise so let's learn about what Android enterprise is and how Intune will assist with managing devices enrolled using Android enterprise.
|
||
|
Android enterprise There are two primary modes of management under Android enterprise (AE). Work profiles for BYOD and Device Owner for corporate owned devices. More details on Android Enterprise device ownership please visit: https://developers.google.com/android/work/requirements |
||
|
|
Android enterprise Android enterprise (AE) offers a variety of management scenarios for certified devices providing more robust management APIs over device admin. Although Android enterprise is supported on Android 5.0+, Google recommends 6.0 or later.
Once a device is enrolled in an MDM such as Intune, Android enterprise has the concept of a work profile (formerly Android for Work) that separates or containerizes corporate applications and data on a personal device. The managed profile contains corporate data and allows only applications within the work profile to access the data within while leaving personal data separate. To learn more about work profiles please visit: https://support.google.com/work/android/answer/6191949?hl=en
In addition to work profiles, Android enterprise offers Device Owner mode where corporate owned devices are enrolled with an MDM and managed based on the purpose their intended for. To learn more about Android enterprise management for company-owned devices please visit: https://www.android.com/enterprise/management/
To provision the device owner mode the device must be factory reset, unfortunately there are no migration paths to device owner mode from device admin. The provisioning process may be driven by NFC, QR code, or zero-touch. Previous versions of Android such as 5.0 and 5.1 can use an activation code to begin the enrollment process.
For more details about device provisioning please visit: https://developers.google.com/android/work/prov-devices
To learn more about AE management scenarios please visit: https://www.android.com/enterprise/management/
Note: as stated previously, moving from device admin to Android enterprise requires a factory reset. Consider the ramifications of already deployed devices to end users and in the workplace before beginning a migration. A strategy of enrolling new devices with device owner while continuing to manage existing devices enrolled with device admin may be an option. Through attrition, devices will onboard using Android enterprise. As mentioned earlier, with Android Q, device admin will not be an option. |
Intune supports Android enterprise purpose-built device management including single-use and work profiles which aligns with many organizational use cases.
Details on how to configure Intune to and manage devices supporting Android enterprise are below.
Management of Android enterprise managed profiles and other details may be found here: https://docs.microsoft.com/en-us/intune/android-enterprise-overview
Connect Intune to Android enterprise: https://docs.microsoft.com/en-us/intune/connect-intune-android-enterprise
Android enterprise single-use (Kiosk) devices Intune enrollment: https://docs.microsoft.com/en-us/intune/android-kiosk-enroll
In addition, Intune App Protection policies are supported with Android enterprise: https://docs.microsoft.com/en-us/intune/app-protection-policy
Applications, including LOB apps are published through managed Google play. |
Selecting an enrollment option
Choosing an enrollment option really depends on the scenario and what your business requires. For example, if your devices require minimal or no touch enrollment you may consider KNOX Mobile Enrollment and/or Android enterprise. Since Android enterprise appears to be OEM agnostic, if the plan is to have various device OEMs deployed, devices supporting Android enterprise may be an option. However, if devices are used for kiosk, digital signage, ticket printing, inventory scanning, Android enterprise would be something to investigate as well. If devices are personal devices (BYOD), I recommend looking at Intune App Protection for unenrolled devices and/or Work Profiles. Lastly, before selection consider the short- and long-term ramifications of one option over another.
That's it! We've reviewed the options available for Android enrollment and Intune, documentation on how to enroll Android devices, and the future of Android management through Android enterprise.
It’s been a busy day for new Windows Autopilot resources. First, we launched a new Windows Autopilot landing page, with high-level details about Windows Autopilot capabilities and feature (with more to be added in the future, stayed tuned). Visit https://aka.ms/WindowsAutopilot to check it out.
Next, we published a (nearly completely) new set of documentation at https://aka.ms/WindowsAutopilotDocs to help you learn more about Windows Autopilot requirements, scenarios and capabilities, administration, troubleshooting, and more.
If you have feedback on the docs, click the “Feedback” link at the top of the page to let us know. Or, if you are particularly adventurous, you can edit the doc yourself by clicking the “Edit” link, then submit your proposed changes to our documentation team – if they agree with your changes, they’ll approve them for publishing. (As an added bonus, your small picture can appear as a contributor to the article.)
Hello, Wiki Ninjas!
Today is Friday with International Community Update.
The end of June is as follows:
The topic of this month:
Thank you!!
Tomoaki Yoshizawa (yottun8)
Blog: blog.yottun8.com
Facebook: Tomoaki Yoshizawa
twitter: @yottun8
TechNet Profile: Tomoaki Yoshizawa
(この記事は2018年7月10日にMicrosoft Partner Network blog に掲載された記事 What You Need to Know Before You Go to Microsoft Inspireの翻訳です。最新情報についてはリンク元のページをご参照ください。)
Microsoft Inspire (英語)がいよいよ次週に迫っています。皆様が私たちと同様エキサイティングしていることを願っています。Inspire は、学習、ネットワーキング、そしてパートナーシップを実施する素晴らしい一週間となることを約束します。
あなたがネバダ州ラスベガスに出発する前の残り数日間で、旅行の手配を再確認することをお勧めします。また、 MyInspire (英語) での個人的な会議の議題を確認し、セッションスケジューラ (英語)を使用して参加したいセッションの追加を確認するのも良いタイミングです。また、MyInspire 会議スケジューラ (英語) を使用して、他のパートナーまたはあなたが最もつながりたいマイクロソフトの従業員に会議出席依頼を送信することをお勧めします。Microsoft Inspire には16,000人以上の参加者がいて、詰め込みのスケジュールになっているので、会えないことがないよう、事前のプランをお勧めします。
この記事では、Microsoft Inspireにおける体験を生産的で楽しいものにするための追加のヒントとリマインダーをご紹介します。
MyInspire (英語) は便利なフル機能をモバイルアプリで利用できます。 AndroidまたはApple iOS用のアプリをダウンロード (英語)し、カンファレンス中にあなたの個人的な議題を管理してください。また、Microsoft Inspire 企画チームから更新情報を受け取り、会議の場所についての有益な地図やフロアプランにアクセスできるようになります。 LinkedInアカウント情報をモバイルアプリのプロファイルに追加して、LinkedInでつながっている参加者を確認してください。これを行うには、アプリケーションの参加者ディレクトリに移動し、Connections を選択します。
Microsoft Inspireに関連するすべての情報の最も包括的な情報源である「Know Before You Go (英語)」ガイドのコピーをダウンロードして保存することを強くお勧めします。到着とチェックイン、会議バッジ、交通機関、セッションとイベントスケジュール、会場の交通手段、Wi-Fi接続、安全とセキュリティなど、幅広いトピックをカバーしています。このガイドでは、Microsoft Inspire と、マイクロソフトの営業/技術支援/マーケティング組織の年次のキックオフであるMicrosoft Readyの初めての同時開催によって可能になった、カンファレンスの大きなパートを占めるさまざまなセッションの種類の説明もなされています。T-Mobileアリーナでの水曜日の基調講演にて、マイクロソフトの最高経営責任者である Satya Nadellaがパートナー様とマイクロソフトの従業員の両方の聴衆に向けて行う講演や、ラスベガス・モーター・スピードウェイで行われる、盛り上がりが期待される One Celebrationにて、両方のイベントの出席者が国際的に有名なグラミー賞受賞者とともにとる夕食、食べ物、ファン、エンターテイメントの提供も含まれます。
何ヶ月もの計画、準備、期待を経て、ネバダ州ラスベガスで、世界がビジネスを変革するための出会いの場であるMicrosoft Inspire で皆様とお会いできることを楽しみにしています。今年の主なテーマである「イノベーション」、「パートナーシップ」、「リーダーシップ」をベースに組み立てられた、そして業界をリードする素晴らしいスピーカー (英語) により構成された膨大なセッション (英語) をお届けできることを、とても楽しみにしています。Microsoft Inspire は、他のパートナー、マイクロソフトの社員、会議ベンダー、スポンサーとの関係を確立し、利益をもたらす関係を確立するための最良の場所です。Microsoft Inspire と Microsoft Ready の共同開催により、世界中のマイクロソフトコミュニティと有意義な関係を結び、共通のお客様のデジタル変革と成功を促進する機会がこれまで以上に増えることになります。
まもなくMicrosoft Inspireでお会いしましょう!
Welcome back for another analysis of contributions to TechNet Wiki over the last week.
First up, the weekly leader board snapshot...
As always, here are the results of another weekly crawl over the updated articles feed.
 |
Most Revisions Award Who has made the most individual revisions |
#1 Peter Geelen with 42 revisions.
#2 karimSP with 36 revisions.
#3 Dave Rendón with 21 revisions.
Just behind the winners but also worth a mention are:
#4 get2pallav with 18 revisions.
#5 Sabah Shariq with 10 revisions.
#6 RajeeshMenoth with 9 revisions.
#7 Kapil.Kumawat with 9 revisions.
#8 Mohsin_A_Khan with 4 revisions.
#9 Kareninstructor with 3 revisions.
#10 George Chrysovaladis Grammatikos with 3 revisions.
|
Most Articles Updated Award Who has updated the most articles |
#1 karimSP with 27 articles.
#2 Peter Geelen with 17 articles.
#3 get2pallav with 13 articles.
Just behind the winners but also worth a mention are:
#4 Dave Rendón with 7 articles.
#5 RajeeshMenoth with 7 articles.
#6 Kapil.Kumawat with 5 articles.
#7 Kareninstructor with 2 articles.
#8 George Chrysovaladis Grammatikos with 2 articles.
#9 Mohsin_A_Khan with 2 articles.
#10 .paul. _ with 1 articles.
|
Most Updated Article Award Largest amount of updated content in a single article |
The article to have the most change this week was Logic Apps: Make your HTTP endpoints SOAP enabled, by Baranee27
This week's revisers were Kapil.Kumawat, get2pallav, Peter Geelen, Dave Rendón & Baranee27
|
Longest Article Award Biggest article updated this week |
This week's largest document to get some attention is TechNet Guru - Gold Winner Contributions, by Mohammad Nizamuddin
This week's revisers were Sabah Shariq & karimSP
|
Most Revised Article Award Article with the most revisions in a week |
This week's most fiddled with article is Azure: Send B2B Invitations using PowerShell, by var9287. It was revised 6 times last week.
This week's revisers were Dave Rendón, Peter Geelen & var9287
|
Most Popular Article Award Collaboration is the name of the game! |
The article to be updated by the most people this week is Office 365: List Mobile Devices ActiveSync using Powershell, by Yaniv Totiashvili
This week's revisers were Kapil.Kumawat, get2pallav, Dave Rendón, Peter Geelen & Yaniv Totiashvili
|
Ninja Edit Award A ninja needs lightning fast reactions! |
Below is a list of this week's fastest ninja edits. That's an edit to an article after another person
Congratulations to karimSP and Sabah Shariq!
Also in the top ten are:
|
Winner Summary Let's celebrate our winners! |
Below are a few statistics on this week's award winners.
Most Revisions Award Winner
The reviser is the winner of this category.
Peter Geelen
Peter Geelen has been interviewed on TechNet Wiki!
Peter Geelen has featured articles on TechNet Wiki!
Peter Geelen has won 222 previous Top Contributor Awards. Most recent five shown below:
Peter Geelen has TechNet Guru medals, for the following articles:
Most Articles Award Winner
The reviser is the winner of this category.
karimSP
karimSP has won 10 previous Top Contributor Awards. Most recent five shown below:
karimSP has not yet had any interviews, featured articles or TechNet Guru medals (see below)
Most Updated Article Award Winner
The author is the winner, as it is their article that has had the changes.
Baranee27
Baran Mano has won 2 previous Top Contributor Awards:
Baran Mano has TechNet Guru medals, for the following articles:
Baran Mano has not yet had any interviews or featured articles (see below)
Longest Article Award Winner
The author is the winner, as it is their article that is so long!
Mohammad Nizamuddin
Mohammad Nizamuddin has been interviewed on TechNet Wiki!
Mohammad Nizamuddin has won 12 previous Top Contributor Awards. Most recent five shown below:
Mohammad Nizamuddin has TechNet Guru medals, for the following articles:
Mohammad Nizamuddin has not yet had any featured articles (see below)
Mohammad Nizamuddin's profile page
Most Revised Article Winner
The author is the winner, as it is their article that has ben changed the most
var9287
This is the first Top Contributors award for var9287 on TechNet Wiki! Congratulations var9287!
var9287 has not yet had any interviews, featured articles or TechNet Guru medals (see below)
Most Popular Article Winner
The author is the winner, as it is their article that has had the most attention.
Yaniv Totiashvili
This is the first Top Contributors award for Yaniv Totiashvili on TechNet Wiki! Congratulations Yaniv Totiashvili!
Yaniv Totiashvili has not yet had any interviews, featured articles or TechNet Guru medals (see below)
Yaniv Totiashvili's profile page
Ninja Edit Award Winner
The author is the reviser, for it is their hand that is quickest!
karimSP
karimSP is mentioned above.
Sabah Shariq
Sabah Shariq has won 23 previous Top Contributor Awards. Most recent five shown below:
Sabah Shariq has TechNet Guru medals, for the following articles:
Sabah Shariq has not yet had any interviews or featured articles (see below)
Says: Another great week from all in our community! Thank you all for so much great literature for us to read this week!
Please keep reading and contributing, because Sharing is caring..!!
Best regards,
— Ninja [Kamlesh Kumar]
In some previous blog posts I have outlined conditions where users may have inadvertently had a mailbox both on premises and in the cloud at the same time. The following links outline these scenarios and how to attempt to proactively identity users that may fall in this condition.
With an understanding of the scenarios that lead to this and how to proactively identity users administrators can quickly identify the conditions that lead to this occurring and work to prevent it for other accounts moving forward. How do we handle an account though that has encountered this condition?
There are two methods to handle accounts that have had mailboxes both on premises and in the cloud. I will outline the options below for administrators to consider – as each has benefits and drawbacks.
OPTION #0: Delete the existing Azure Active Directory Account
The Exchange Online mailbox object is linked to an Azure Active Directory account. When the azure active directory account is removed and subsequently purged from the recycle bin the Exchange Online mailbox is placed in a soft deleted state. During the next Azure Active Directory Connect synchronization cycle the user will be resynchronized to Azure Active Directory as new and will carry forward the Exchange attribute from on premises. This should result in a mail user created in Exchange Online and not a mailbox object. The mailbox object can now be migrated from on premises and the associated soft deleted mailbox merged into the original to retain data.
There are several benefits to this approach:
There are several potential drawbacks to this approach:
In Exchange Online we can verify the presence of a mailbox that matches an on premises account.
Exchange Online:
PS C:> Get-Mailbox testduplicate
Name Alias Database ProhibitSendQuota ExternalDirectoryObjectId
---- ----- -------- ----------------- -------------------------
testduplicate testduplicate NAMPR06DG282-db128 49.5 GB (53,150,2... e3eaf6c1-f012-42e9-a54...
On-Premises Exchange:
[PS] C:>Get-Mailbox testduplicate
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Test Duplicate testduplicate azure-mbx Unlimited
In the portal we can verify that the account is synchronized from the on-premises active directory.
The synchronized user has now been verified to have both a mailbox in the cloud and on-premises.
To begin the recovery the administrator should capture the Exchange Online mailbox information – specifically the Exchange GUID of the mailbox. This GUID will be utilized in the recovery of the soft deleted mailbox.
PS C:> Get-Mailbox testduplicate | select-object ExchangeGUID
ExchangeGuid
------------
fa38094d-cbfd-46b7-82f6-8a3022e39a66
Using Azure Active Directory powershell the account can be removed and purged from the recycle bin.
PS C:> Remove-MsolUser -UserPrincipalName testduplicate@domain.com -Force
PS C:> Remove-MsolUser -UserPrincipalName testduplicate@domain.com -Force –RemoveFromRecycleBin
The deletion can be verified using powershell. The user cannot be found in either the active users list or the recycle bin – this indicates a successful deletion.
PS C:> Get-MsolUser -UserPrincipalName testduplicate@domain.com
Get-MsolUser : User Not Found. User: testduplicate@domain.com.
At line:1 char:1
+ Get-MsolUser -UserPrincipalName testduplicate@domain.com
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Get-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserNotFoundException,Microsoft.Online.Administration.Automation.GetUser
PS C:> Get-MsolUser -UserPrincipalName testduplicate@domain.com -ReturnDeletedUsers
Get-MsolUser : User Not Found. User: testduplicate@domain.com.
At line:1 char:1
+ Get-MsolUser -UserPrincipalName testduplicate@domain.com -Return ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (:) [Get-MsolUser], MicrosoftOnlineException
+ FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.UserNotFoundException,Microsoft.Online.Administration.Automation.GetUser
In Exchange Online we can confirm that the mailbox object is no longer present.
PS C:> Get-Mailbox testduplicate
The operation couldn't be performed because object 'testduplicate' couldn't be found on
'CO1PR06A002DC02.NAMPR06A002.prod.outlook.com'.
+ CategoryInfo : NotSpecified: (:) [Get-Mailbox], ManagementObjectNotFoundException
+ FullyQualifiedErrorId : [Server=DM6PR06MB4026,RequestId=76d78567-e257-4608-a175-2dc3cd8658c2,TimeStamp=7/15/2018
3:51:45 PM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 260B3828,Microsoft.Exchange.Management.Rec
ipientTasks.GetMailbox
+ PSComputerName : ps.outlook.com
The duplicate online mailbox should now be in a soft deleted state.
PS C:> Get-Mailbox testduplicate -SoftDeletedMailbox
Name Alias Database ProhibitSendQuota ExternalDirectoryObjectId
---- ----- -------- ----------------- -------------------------
Test Duplicate testduplicate NAMPR06DG282-db128 49.5 GB (53,150,2...
At this time the online portion of the accounts have been cleaned up. Azure Active Directory Connect synchronization can be performed and the object should be reprovisioned from the on-premises directory.
PS C:> Get-MsolUser -UserPrincipalName testduplicate@domain.com
UserPrincipalName DisplayName isLicensed
----------------- ----------- ----------
testduplicate@domain.com Test Duplicate False
The object should now be successfully provisioned as a mail user within Exchange Online. This is the expected recipient type for an on premises mailbox.
PS C:> Get-MailUser testduplicate
Name RecipientType
---- -------------
Test Duplicate MailUser
At this time the on-premises mailbox can be migrated to Office 365. This is an optional step – but would be required in order to perform the merge of any data contained within the service at this time.
When the migration has completed successfully the object will become a mailbox object within Exchange Online.
PS C:> Get-Mailbox testduplicate
Name Alias Database ProhibitSendQuota ExternalDirectoryObjectId
---- ----- -------- ----------------- -------------------------
Test Duplicate testduplicate NAMPR06DG143-db051 99 GB (106,300,44... 7ba2fffc-e3ce-4d65-b350-d0a3763e5ffa
To complete our recovery the mailbox restoration can be processed. To begin we need the Exchange GUID of the migrated mailbox.
PS C:> Get-Mailbox testduplicate | Select-Object exchangeGUID
ExchangeGuid
------------
e683f1ee-4c85-4b99-b4bc-7511572a361d
The Exchange GUID for the soft deleted mailbox was previously recorded. Using this information we can begin the merge process.
New-MailboxRestoreRequest -SourceMailbox fa38094d-cbfd-46b7-82f6-8a3022e39a66 -TargetMailbox e683f1ee-4c85-4b99-b4bc-7511572a361d –AllowLegacyDNMismatch
Name TargetMailbox Status
---- ------------- ------
MailboxRestore testduplicate Queued
The merge can be monitored with get-mailboxRestoreRequest.
PS C:Userstimmcmic> Get-MailboxRestoreRequest
Name TargetMailbox Status
---- ------------- ------
MailboxRestore testduplicate InProgress
PS C:Userstimmcmic> Get-MailboxRestoreRequest
Name TargetMailbox Status
---- ------------- ------
MailboxRestore testduplicate Completed
At this time this option has completed.
OPTION #1: Remove the Exchange Online License
The Exchange Online mailbox object is linked to an Azure Active Directory account. When the Exchange Online license is removed from the object the associated mailbox will be made unavailable. This should result in a mail user created in Exchange Online and not a mailbox object. The mailbox object can now be migrated from on premises and the associated soft deleted mailbox merged into the original to retain data.
There are several benefits to this approach:
There are several potential drawbacks to this approach:
To begin the mailbox can be confirmed in Exchange Online and On-Premises.
Exchange Online:
PS C:> Get-Mailbox testlicense
Name Alias Database ProhibitSendQuota ExternalDirectoryObjectId
---- ----- -------- ----------------- -------------------------
TestLicense TestLicense NAMPR06DG103-db019 49.5 GB (53,150,2... c686dfd9-aa4a-4b54-8680-cc0d4c9b0a62
On-Premise Exchange:
[PS] C:>Get-Mailbox testlicense
Name Alias ServerName ProhibitSendQuota
---- ----- ---------- -----------------
Test License testlicense azure-mbx Unlimited
In the portal we can confirm that the account is synchronized from the on-premises Active Directory.
The synchronized user has now been verified to have both a mailbox in the cloud and on-premises.
The Exchange Online license can now be removed through the portal.
When the license removal has synchronized into Exchange Online the mailbox will be converted to a mail user.
PS C:> Get-MailUser testLicense
Name RecipientType
---- -------------
Test License MailUser
When the conversion to a mail user has occurred the mailbox can be migrated from on premises. If the license is re-assigned the object will convert back to a mailbox. Assigning an Exchange Online license should be withheld until the mailbox is migrated (or the previous recipient type is changed – reference the previously attached blogs) allowing it to be safe to apply a license.
The Microsoft 365 Business Secure Deployment Toolkit has just been released, and it combines structured planning and implementation guidance. This offer may be used as is by partners to quickly launch a service offering featuring Microsoft 365 Business or customised to combine their unique offers with this toolkit.
It contains the following files...
00 - Microsoft 365 Business Secure Deployment Toolkit - Delivery Guide.docx
00 - Microsoft 365 Business Secure Deployment Toolkit - Kickoff and Technical Overview.pptx
01 - Microsoft 365 Business Secure Deployment Toolkit - Assessment Workshop.pptx
01 - Microsoft 365 Business Secure Deployment Toolkit - Remediation Checklist-v1.1.xlsx
02 - Microsoft 365 Business Secure Deployment Toolkit - Deployment Plan.docx
02 - Microsoft 365 Business Secure Deployment Toolkit - Deployment Workshop.pptx
03 - Microsoft 365 Business Secure Deployment Toolkit - Security Plan.docx
03 - Microsoft 365 Business Secure Deployment Toolkit - Security Workshop.pptx
A1 - Microsoft 365 Business Secure Deployment Toolkit - Hybrid AADJ Addendum.docx
A2 - Microsoft 365 Business Secure Deployment Toolkit - Password Hash Synchronization Addendum.docx
A3 - Microsoft 365 Business Secure Deployment Toolkit - Pass-through Authentication Addendum.docx
A4 - Microsoft 365 Business Secure Deployment Toolkit - Partner-Smart-Office Flyer.pdf
As you can see, there’s quite a bit included, so it’s worth downloading and running through it to see what the current recommendations are from the Microsoft 365 Business team. If you are new to Microsoft 365 Business you will learn a great deal from this, and even if you are familiar with it you will probably get some new ideas about the features you should be implementing.
If you haven’t seen the Microsoft 365 Business Service Description, make sure you take a look especially if you aren’t aware of the changes that were introduced with the April update.
Summary: Having some fun with Abbott and Costello’s “Who’s on first?” comedy routine, and multiple voices with Bing Speech.
-------------------------------
Hello everyone!
The last few posts, I showed you all about the Cognitive Services Text-to-Speech API. You learned about the process to authenticate with Windows PowerShell.
It was also a great showcase for Invoke-RestMethod, as it demonstrated how REST API services are accessible with no real code for the IT professional.
Today, as an IT pro, I’m just going to have some fun. Sometimes that’s the best way to learn how to code.
Initially, all of this came about as a challenge from other members of “Hey, Scripting Guy!” I demonstrated a silly little script I wrote to play Abbott and Costello’s most famous comedy sketch, “Who’s on first?” with the internal voices in Windows. It’s a neat trick many PowerShell people love to play with like this.
# Establish to the Voice Comobject
$voiceAPI=New-Object -comobject SAPI.SPVoice
# Speed up the rate of the Speaker's voice
$voiceAPI.Rate=3
I proceeded to get the voices, and then depending on who’s name (yes, that’s his name), I found I would pick a voice in Windows.
# Obtain the list of voices in Windows 10
$voiceFont=$voiceAPI.GetVoices()
# Establish a table to match the Microsoft voices with the names of the comedians
$nameMatch=@{'Abbott:' = 'ZIRA'; 'Costello:' = 'DAVID' }
So it was neat. I had the text file on the hard drive, and it was all fun and games.
Some people said, “Cool, but you should try the same approach with Cognitive Services!”
It was at this point I read and learned everything I showed you in the last several posts. Today we’re going to have some fun: “Who’s on first?” portrayed by the “Azure Cognitive Services Players.”
Challenge #1 – Learn how to use Text-to-Speech in Azure. Accomplished, and built a function to leverage it. I’ve prepopulated all of the available sound file options, so I could just select from an array in this function.
Function Invoke-AzureTextToSpeech($Region,$Voice,$Content,$Filename)
{
# Obtain Access Token to communicate with Voice API
# I erased mine, you'll have to get your own ;)
$APIKey='00000000000000000000000000000000'
$AccessToken=Invoke-RestMethod -Uri "https://api.cognitive.microsoft.com/sts/v1.0/issueToken" -Method 'POST' -ContentType 'application/json' -Headers @{'Ocp-Apim-Subscription-Key' = $APIKey }
# Generate GUID for Access
# Just use this Cmdlet to generate a new one (New-Guid).tostring().replace('-','')
$XSearchAppId='00000000000000000000000000000000'
# Just use this Cmdlet to generate a new one (New-Guid).tostring().replace('-','')
$XSearchClientId='00000000000000000000000000000000'
# Current list of Audio formats for Azure Text to Speech
# HTTP Headers X-Microsoft-OutputFormat
# https://docs.microsoft.com/en-us/azure/cognitive-services/speech/api-reference-rest/bingvoiceoutput
#
$AudioFormats=( `
'ssml-16khz-16bit-mono-tts', `
'raw-16khz-16bit-mono-pcm', `
'audio-16khz-16kbps-mono-siren', `
'riff-16khz-16kbps-mono-siren', `
'riff-16khz-16bit-mono-pcm', `
'audio-16khz-128kbitrate-mono-mp3', `
'audio-16khz-64kbitrate-mono-mp3', `
'audio-16khz-32kbitrate-mono-mp3' `
)
# WAV File format
$AudioOutputType=$AudioFormats[4]
$UserAgent='PowerShellForAzureCognitiveApp'
$Header=@{ `
'Content-Type' = 'application/ssml+xml'; `
'X-Microsoft-OutputFormat' = $AudioOutputType; `
'X-Search-AppId' = $XSearchAppId; `
'X-Search-ClientId' = $XSearchClientId; `
'Authorization' = $AccessToken `
}
$Body=''+$Content+''
Invoke-RestMethod -Uri "https://speech.platform.bing.com/synthesize" -Method 'POST' -Headers $Header -ContentType 'application/ssml+xml' -Body $Body -UserAgent $UserAgent -OutFile $Filename
}
I can now use this function and dynamically supply the region data, as well as the content, in a loop or script!
Challenge #2 – Get a nice way to play WAV files synchronously, without launching additional applications.
I used a simple function based upon the earlier posted PowerTip to solve this issue.
Function Play-MediaFile($Filename)
{
$PlayMedia=New-object System.Media.Soundplayer
$PlayMedia.SoundLocation=($Filename)
$PlayMedia.playsync()
}
Challenge #3 – Get rid of the text file. I want to read the content straight from The Abbott and Costello Fan Club.
Connecting was easy. Just use Invoke-WebRequest, and store the content in an object.
$RawSketch=Invoke-WebRequest -Uri 'http://www.abbottandcostellofanclub.com/who.html'
The challenge was that the returned content was one massive string. I needed it broken up into lines for an array.
I’m sure I could have contacted some friends like Tome Tanasovski or Thomas Rayner for some help with regular expressions, but I like trying alternative approaches sometimes.
There were a lot of CRLF (CarriageReturn / LineFeed) and Tabs prefacing the lines. I needed that cleaned up.
$CR=[char][byte]13
$LF=[char][byte]10
$Tab=[char][byte]9
$RawSketchContent=$RawSketch.Content
$RawSketchContent=$RawSketchContent.Replace($cr+$lf+$tab,' ')
Once I completed this, I just had a nice list of content terminating in carriage returns. I could split this up into an array now, in the following fashion:
$SketchArray=$rawsketchcontent.split("`r")
I took a look at the raw HTML, and found a “Before” and “After” on the sketch content. I passed this into Select-Object and captured the line numbers of the array. This allowed me to have a “Begin” parsing point, and an “End.”
$StartofSketch=$SketchArray | Select-string -SimpleMatch '<PRE>' | Select-Object -expandproperty LineNumber
$EndofSketch=$SketchArray | Select-string -SimpleMatch '</PRE>' | Select-Object -expandproperty LineNumber
With this achieved, I needed to select two voices in Cognitive Services Text-to-Speech. If you remember Part 4 in the series, we showed the list to choose from. I decided on an Australian female voice for Bud Abbott, and an Irish male voice for Lou Costello.
I used a simple array to store the data.
$CognitiveSpeakers=@()
$CognitiveSpeakers+='BUD:;en-AU;"Microsoft Server Speech Text to Speech Voice (en-AU, Catherine)"'
$CognitiveSpeakers+='LOU:;en-IE;"Microsoft Server Speech Text to Speech Voice (en-IE, Shaun)"'
We need to initial certain variables to figure out Who is talking (well yes, of course he is, that’s his job), and to store away the audio content.
$CurrentSpeaker='Nobody'
$TempVoiceFilename='whoisonfirst.wav'
Now for the work to begin. We start our loop from the beginning of the content array to the end, and make sure any temporary WAV file is erased from a previous run.
For ($a=$StartofSketch+1; $a -lt $EndofSketch; $a++)
{
Remove-Item $TempVoiceFilename -Force -ErrorAction SilentlyContinue
We then identify a line of content to parse:
$LinetoSpeak=$sketcharray[$a-1]
Each line that has a speaker on the site began with either BUD: or LOU:, so I used a little RegEx to trap for where the identified speaker name ended. Anything after that would be their speaking content.
$SearchForSpeaker=(($LinetoSpeak | Select-String -Pattern '[a-zA-Z]+(:)').Matches)
The next scenario to trap for was whether the line contained a speaker name with text, or just text (which meant a continuation of the earlier line).
This variable would set to 1 (beginning of a line). If a speaker was found, the beginning of the content would naturally be further down the line.
$LinetoSpeakStart=1
Then I had to trap for some “fun situations.” Did the speaker change? Is it the same speaker, but they have more lines to speak?
If ($SearchForSpeaker -ne $NULL)
{
$Speaker=$SearchForSpeaker[0].Value
$LinetoSpeakStart=$SearchForSpeaker[0].Index + $SearchForSpeaker[0].Length + 5
Then of course if the speaker did change, I needed to repopulate objects unique to the speaker for Azure.
If ($Speaker -ne $CurrentSpeaker)
{
$CurrentSpeaker = $Speaker
$RawSpeakerData=$CognitiveSpeakers -match $CurrentSpeaker
$SpeakerData=$RawSpeakerData.split(';')
$Region=$SpeakerData[1]
$Voice=$SpeakerData[2]
$Name=$SpeakerData[0]
}
As you can see, I’m pulling in the data needed for Azure, like Voice and Region from the SpeakerData array I created earlier.
Once we’ve identified the speaker and the content, we can call up the two key functions of Invoke-AzureTextToSpeech and Play-MediaFile:
If ($LinetoSpeak.Length -gt 1)
{
$LinetoSpeak.replace('','').replace('','')
$Content=$LineToSpeak.Substring($LinetoSpeakStart).replace('','').replace('','')
Invoke-AzureTextToSpeech -Region $Region -Content $Content -Voice $Voice -Filename $TempVoiceFilename
Do { } until (Test-Path $TempVoiceFilename)
Play-MediaFile -filename $TempVoiceFilename
Start-Sleep -Milliseconds 1000
}
You’ll note that there is a Start-Sleep in the loop. This is because there is a limit on the REST API of how many transactions it can take within a certain timeframe.
I thank you for sharing your time with me today. Hopefully you had a little fun, and maybe even learned of some ways you, too, can play with HTML content.
If you see a more efficient way of doing this, I’d love to see the results! It could be a really cool blog post itself!
Until next time, remember that the Power of Shell is in you!
I invite you to follow the Scripting Guys on Twitter and Facebook. If you have any questions, send email to them at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum.
Sean Kearney, Premier Field Engineer, Microsoft
Frequent contributor to Hey, Scripting Guy!
(2018年7月11日,台北)
微軟今(11)日正式發佈新成員 Surface Go 加入 Microsoft Surface 系列,這是一台為教育環境以及第一線員工 (Firstline Worker) 量身打造的二合一裝置。對正在探索知識的學生而言,每分每秒都可能發現新大陸;對於身為企業骨幹的第一線員工而言,他們直接面對客戶並解決顧客的問題,而 Surface Go 可以幫助他們抓住時效提供支援,迅速滿足需求。
【新聞照片一】微軟正式發佈為教育環境以及第一線員工 (Firstline Worker) 量身打造的二合一裝置 Surface Go ,也是 Surface 家族中最小巧、最輕薄且最經濟實惠的二合一裝置。
Microsoft Surface 開發至今,每一部嶄新裝置的誕生,都是希望幫助大家在生活及工作中提升生產力、實現更多、成就更大,同時以優越的行動力,使複雜的任務變得簡單。因為這樣的信念,微軟團隊設計的每一款 Surface 都致力於滿足不斷變化的生活方式,期望在效能、多功能性、及外型設計取得平衡。微軟的二合一裝置,兼具了平板電腦的行動力和筆記型電腦的強大效能,激發新的創作方式,讓使用者在追求自己所熱愛的事物、與朋友和家人保持聯繫或與團隊合作之時,也能出色地完成各種挑戰與任務。
Surface Go 至今是 Surface 家族中最小巧、最輕薄且最經濟實惠的二合一裝置。 身為Surface Go推手的微軟首席產品長 Panos Panay表示:「當我們設計這款裝置時,我們也在問自己,人們為什麼需要 10 吋的 Surface、並希望從中獲得什麼呢?答案顯而易見,羽量級、高效、可以讓更多人使用。而我很高興地向您介紹 Surface Go,因為它集所有答案於一體,並將帶給您更多驚喜。」
迄今最小巧、最輕薄且最經濟實惠的 Surface
Surface Go具有強大的效能和連接性,除了享有便捷特性,亦是一個更具有設計風格和生產力的工具。Surface Go的重量僅為 1.15 磅 (約518公克),厚度僅為 8.3 毫米,便攜性在這 10吋的裝置中更為突顯。Surface Go 建議售價為 399 美元起**,在維護 Surface 系列優質品質的同時,它亦代表了 Surface 系列新的價格進入點。
Surface Go 搭配高彩解析的 PixelSense 顯示器,支援具有 4096 級壓感、低延遲和高精確度的 Surface 手寫筆,讓使用者可準確記錄筆記、繪圖和電腦輔助設計。此外,在直式顯示模式下,螢幕頁面被設計成可呈現大多數學校教科書的比例;在橫式顯示模式下,螢幕頁面可併排呈現,就像手拿平裝書一樣;而在螢幕上書寫,就好像在筆記本上書寫一樣自然和直觀。
微軟首席產品長 Panos Panay 分享道:「自從我的兩個小女兒開始使用 Surface Go 以來,我每天都能看到她們在上面看電影、讀書和畫畫。對她們來說,Surface Go 是完美的裝置;對我來說,無論是在家裡、辦公室、還是飛機上,把 Surface 手寫筆放在螢幕上,讓思緒流動,都是我創作過程中必不可少的一步。這是我的工作方式。隨身攜帶 Surface Go 能幫助我輕鬆快速地捕捉這些構思的瞬間。」
【新聞圖片二】Surface Go 搭配高彩解析的 PixelSense 顯示器,支援具有 4096 級壓感、低延遲和高精確度的 Surface 手寫筆,讓使用者可準確記錄筆記、繪圖和電腦輔助設計。
舒適便捷的 10吋二合一平板電腦
Surface Go 小巧且效能強大,能夠提供工作所需的性能。它搭載第 7 代 Intel® Pentium® Gold 處理器 (4415Y),採用無風扇設計,享有長達 9 小時的電池續航時間。Surface Go 支援您在工作或學習時使用的應用程式如 Office,同時可以用於放鬆、閱讀或者觀看影片**。Surface Go 採用全摩擦鉸鏈一體式支架,其開合角度最大可至 165 度,用戶能輕鬆地從平板模式轉換至工作室模式,從站到躺、從瀏覽到繪圖都好用。Surface Go同時更支援 Windows Hello 功能,用戶可透過臉部識別更快捷、安全地登入電腦;前置 500 萬畫素 HD 鏡頭及後置 800 萬畫素自動對焦鏡頭,讓視訊通話及拍照錄影皆清晰易辨。
全新的 Surface Go 實體鍵盤保護蓋是專為其打造,配有全尺寸軌跡板,並選用頂級 Alcantara® 材質,集合創新設計功能,加上人體工學設計的按鍵角度,為使用者提供極佳的輸入體驗;此外,它還具有高靈敏度的背光調整和支援 5 點多指手勢的 Windows Precision 觸控板,搭配全新 Surface Mobile 滑鼠,工作更精準與舒適。此外,Surface Go 也滿足大眾需求,提供各類連接埠,包括可用於充電、連接擴充基座的 Surface Connect 、支援資料傳輸和視頻連接,且同樣可提供充電的 USB-C 3.1 介面、耳機插孔以及支援儲存空間擴充的 MicroSD 讀卡器,讓使用者無論是在圖書館、飛機上或會議室也能藉由 4K 顯示螢幕展示與分享。
【新聞照片三】Surface Go採用全摩擦鉸鏈一體式支架,其開合角度最大可至 165 度,用戶能輕鬆地從平板模式轉換至工作室模式,從站到躺、從瀏覽到繪圖都好用。
Microsoft Surface Go正式問世
Wi-Fi 版 Surface Go 於 7 月 10 日起在部分市場開放預售*,產品將於 8 月 2 日開始陸續上市。對於與客戶互動的第一線員工,或希望為學生提供多功能學習工具的學校,Surface Go提供您更具驚人價值的優質體驗。無論您去哪裡,無論等待您的是怎樣獨特的任務,Surface Go 如影隨行。
部落格英文原文可參閱此,更多產品詳情請參閱台灣微軟官方網站。
Welcome to the July 8 - 14, 2018 edition of the Office 365 Weekly Digest.
Eleven features were added to the Office 365 Roadmap last week, with several for Exchange Online (Message Encryption, Mailbox Auditing), as well as updates for OneDrive for Business, Planner, SharePoint Online and Outlook for Windows.
Most of the recently opened online customer immersion experiences have reached capacity, with the exception of "Productivity Hacks to Save Time and Simplify Workflows" on August 22, 2018. Also included this week are a few on-demand webinars for PowerApps and Power BI.
The huge news from last week was the announcement of a free version of Microsoft Teams. In addition, there are posts on what's new for IT admins in Teams and the availability of Teams online courses for IT Pros. We also announced intelligent event capabilities in live and on-demand events for organizations via Microsoft Stream, Microsoft Teams and Yammer. Other posts of note include page metadata in SharePoint Online, new Workplace Analytics and MyAnalytics features, and default mailbox auditing in Exchange Online.
Noteworthy item highlights include the Office 365 Update video for July 2018, Office 365 updates for Android, iOS and Mac, and the general availability of Microsoft Whiteboard.
OFFICE 365 ROADMAP
Below are the items added to the Office 365 Roadmap last week:
| Feature ID | Title | Description |
Status |
Added |
Estimated Release |
More Info |
| 31757 | Compliance Manager Manual Control Import | Manual Control Import Allows customers to import their own security and compliance controls into Compliance Manager, including controls for corporate policy, local law, industrial standards. Organizations can create risk assessment tiles for on-premises services and non-Microsoft assets, and manage their compliance posture in one place. |
In development |
07/11/2018 |
Q4 CY2018 |
n / a |
| 31754 | SharePoint and OneDrive: mass delete notification | To help raise awareness of possible uncommon or accidental file deletions (based on a 'higher than usual' number of deleted files per hour), people will be notified if a large number of files are deleted. For OneDrive, if a large number of files are deleted from a person's OneDrive, that person - the *owner* - will be sent an email notification letting them know about it and pointing them to the Recycle Bin in case they want to restore. For SharePoint team sites, if a large number of files are deleted, the *person that deleted them* (site owner or member) will be sent an email notification letting them know about it and pointing them to the Recycle Bin in case they want to restore. Each email notification will include an unsubscribe link at the bottom for those that wish to opt out of this type of notification. |
In development |
07/11/2018 |
July CY2018 |
n / a |
| 31522 | Office 365 Message Encryption: customize with company branding | New capabilities in Office 365 Message Encryption uses encryption and rights protection to help you protect and control your sensitive emails. We are adding new value into Office 365 Message Encryption, so you can now apply your company branding to customize the look of your organization's Office 365 Message Encryption email messages and the contents of the encryption portal. See link to add your organization's brand to your encrypted messages. |
Launched |
07/12/2018 |
Q4 CY2017 |
Add your organization's branding to your encrypted messages |
| 31526 | Office 365 Message Encryption: Default on for new Office 365 tenants | Starting February 2018, Office 365 Message Encryption and the protection capability in Azure Information Protection will automatically be enabled for our **new** Office 365 tenants with an eligible subscription. |
Launched |
07/12/2018 |
Q1 CY2018 |
Improvements to the protection stack in Azure Information Protection |
| 31523 | Office 365 Message Encryption: Support for protecting PDF attachments | New capabilities in Office 365 Message Encryption uses encryption and rights protection to help you protect and control your sensitive emails. In addition to protecting the Office attachments, we are adding support for protecting PDF files as attachments when sending sensitive email messages. |
In development |
07/12/2018 |
Q4 CY2018 |
n / a |
| 30711 | MyAnalytics Nudging | MyAnalytics nudges in Outlook are brief, data-driven productivity tips that appear within Outlook as you process emails and meeting invites. For example: as your calendar fills up with meetings, MyAnalytics will remind you to set aside time for focused work before accepting new invites in Outlook. |
In development |
07/12/2018 |
July CY2018 |
Introducing Workplace Analytics Solutions and MyAnalytics Nudging |
| 31753 | Add more information on your Task Board card | Customize the task board cards to show whatever fields you want. |
In development |
07/12/2018 |
August CY2018 |
n / a |
| 31487 | Idle Session Sign-out for SharePoint and OneDrive | Idle session sign-out is one of a number of policies you can use with SharePoint and OneDrive to balance security and user productivity and help keep your data safe regardless where users access the data, what device they're working on, and how secure their network connection is. |
Launched |
07/13/2018 |
July CY2018 |
Sign out inactive users |
| 32224 | Update to Exchange Mailbox Auditing – Mailboxes Audited by Default and New Mailbox Actions to Audit | To ensure that our customers have access to critical audit data to investigate security incidents in their tenancy when required, the Exchange Online service will begin introducing a configuration that will automatically enable mailbox auditing on all applicable mailboxes to users of the Commercial service. When this update is complete, Tenant administrators will no longer be required to configure the per-mailbox AuditEnabled setting for the service to begin storing security audit data on their behalf. Additionally, we continue to add mailbox audit actions to the default configuration, most recently UpdateInboxRules and UpdateCalendarDelegation. These actions are of high interest to security analysts to understand the activities that are taking place within the tenant. |
In development |
07/13/2018 |
Q4 CY2018 |
n / a |
| 31171 | Service Encryption for Exchange Online | Office 365 offers an added layer of encryption at the application level for customer content in Office 365, including SharePoint Online and OneDrive for Business. We are now rolling out Service Encryption for Exchange Online. |
In development |
07/13/2018 |
Q2 CY2019 |
Encryption in the Microsoft Cloud |
| 26542 | Outlook for Windows: Coming Soon preview pane | By clicking on a new Coming Soon button, a new pane opens in Outlook for users to preview new features, learn more and provide feedback. A toggle on/off allows users to try the new features. |
In development |
07/13/2018 |
July CY2018 |
n / a |
UPCOMING EVENTS
When: On-demand | These webinars can help you to leverage the features and functions of Microsoft PowerApps. Webinars are listed by series – Beginner, Intermediate, Advanced, SharePoint, Model Driven and App Designer. Please note that, in some cases, you'll need to re-enter registration details, and then you'll be sent a link to the recording via email.
When: On-demand | These webinars can help you to leverage the features and functions of Power BI. Webinars are listed by category – Featured, Getting Started, Partners, Community, and Advanced Topics. Please note that, in some cases, you will need to register or re-register to access the recording.
Productivity Hacks to Save Time & Simplify Workflows
When: Wednesday, August 22, 2018 at 12pm ET and 3pm ET | This 90-minute hands-on experience will give you the opportunity to test drive Windows 10, Office 365 and Dynamics 365. A trained facilitator will guide you as you apply these tools to your own business scenarios and see how they work for you. During this interactive session, you will: (1) Discover how you can keep your information more secure without inhibiting your workflow, (2) Learn how to visualize and analyze complex data, quickly zeroing in on the insights you need, (3) See how multiple team members can access, edit and review documents simultaneously, and (4) Gain skills that will save you time and simplify your workflow immediately. Each session is limited to 12 participants, reserve your seat now.
BLOG ROUNDUP
Introducing a free version of Microsoft Teams
Beginning July 12, 2018, Microsoft Teams is available in a free version worldwide in 40 languages. This offer was designed for small businesses and groups of coworkers that don't have commercial Office 365 subscriptions. Now with this great introductory experience, any group can use Teams as their hub for teamwork and discover the value of Office 365 as they grow and scale. Whether you're a freelancer, a small business owner, or part of a team inside a larger organization, you can start using Teams today. The free version includes the following for up to 300 people: (1) Unlimited chat messages and search, (2) Built-in audio and video calling for individuals, groups, and full team meetups, (3) 10 GB of team file storage plus additional 2 GB per person for personal storage, (4) Integrated, real-time content creation with Office Online apps, including built-in Word, Excel, PowerPoint, and OneNote, (5) Unlimited app integrations with 140+ business apps to choose from—including Adobe, Evernote, and Trello, and (6) Ability to communicate and collaborate with anyone inside or outside your organization, backed by Microsoft's secure, global infrastructure.
Related:
Announcing intelligent event capabilities in Microsoft 365
You can now produce live and on-demand events for teams and across the organization. Live events enable producers to curate and control the content that is broadcast to an audience. Attendees can participate in real time, with high-definition (HD) video and interactive discussion or catch up later with powerful AI features that unlock the content of the event recording. You can create a live event in Microsoft Stream, Microsoft Teams or Yammer—wherever your audience, team, or community resides. The event can be as simple or as sophisticated as you'd like. For casual presentations and panels, you can use webcams, content and screen sharing. For more formal events, you can stream a studio-quality production. After the event, in the video on demand, with intelligent features including: (1) Speaker timeline uses facial detection to identify who is talking, so you can easily jump to a particular speaker in the recording, (2) Speech-to-text and closed captions, and (3) Transcript search and timecodes let you quickly find moments that matter in a video. Live event capabilities will be available for preview beginning in the coming weeks. During the preview, these capabilities will be rolled out to Stream, Yammer, and Microsoft Teams, we will improve the richness and robustness of the capabilities based on customer feedback, towards general availability later this year.
Related:
Structure your intranet – page metadata coming to SharePoint in Office 365
Ensure your content reaches your intended audience. Now you can tag SharePoint pages with properties (metadata) to help best describe them. Plus, use custom Pages library columns to filter and target pages. This allows you to reach the right audience ensuring the right content gets viewed by the right people. Structure your intranet by leveraging the power of page metadata. The balance of a modern intranet rests in between the dynamic display of information and the ability to better curate and target who sees what.
Introducing Workplace Analytics solutions and MyAnalytics nudges
We are announcing two new features—Workplace Analytics solutions and MyAnalytics nudges—designed to put individuals and teams at the center of change. Workplace Analytics uses data from everyday work in Office 365 to identify collaboration patterns that impact productivity, workforce effectiveness, and employee engagement. Nudges in MyAnalytics can help close the gap by providing friendly, data-driven collaboration tips that surface as you get work done in Office 365. Starting this summer, four types of MyAnalytics nudges will start to surface in Outlook as you read and compose emails and meeting invites - (1) Get more focus time, (2) Run more effective meetings, (3) Reduce your after-hours impact on coworkers, and (4) Stay on top of to-do's and unread email. Starting this summer, MyAnalytics users will see nudges on the latest version of Outlook on the web. Users can turn off nudging using the MyAnalytics add-in for Outlook. More details are provided in our support article. | Related: Microsoft Mechanics – Workplace Analytics and MyAnalytics updates | Video: Microsoft Workplace Analytics solution for teamwork
Exchange Mailbox Auditing will be enabled by default
After listening to customer feedback and suggestions, Exchange Online is making some key changes to the mailbox auditing feature for Office 365 commercial users. First, mailbox audits will be stored for all user mailboxes within the commercial service by default. Second, the default audit configuration will change and include more audit events. These enhancements and modifications are a part of Microsoft's commitments to improve the security tooling available to our customers and to ensure that our customers have access to critical audit data to investigate security incidents in their environment when required. In support of Microsoft's commitment to providing our customers with an easy-to-use set of security features, customers will no longer be required to configure mailbox auditing on a per-mailbox basis, and instead will be able rely on a tenant-wide configuration to enable or disable mailbox audit event collection. Mailbox events will be stored on the all user mailboxes automatically without required action. In addition, we plan to expand the default set of audit actions to include more of the currently available Owner and Delegate events. Over the next several months, we will enable the default-auditing configuration on all tenants with a steady ramp-up with all commercial customers to be covered by the end of the calendar year. At that time, there is nothing you need to do for the service to begin storing your user's audit events. And if you have already enabled mailbox auditing in Exchange on your user's mailboxes and are doing so for all new mailboxes - great! Mailboxes that are configured to audit today will continue to do so.
NOTEWORTHY
Video: Office 365 Update for July 2018
Format: Video (8 minutes) | Jim Naroski covers recent enhancements to Office 365, including Office 365 Admin Center, Planner, Sway, Teams, User Experience, and more. The video transcript, complete with links to additional information on everything covered, is available at http://aka.ms/o365update-blog.
Office 365 for Android - July 2018 release details
On July 14th, 2018, Microsoft released an updated version of Office for Android (Excel, PowerPoint & Word) build # 16.0.10325.20043 in 68 languages. Our Office International team translated this latest update. Some of the new features available for the first time to Office 365 subscribers using Office for Android on their tablet or phone include the ability to edit in landscape in PowerPoint. More information and help content on this release can be found in the Android section of the What's New in Office 365 page.
Office 365 for iPad & iPhone - July 2018 release details
On July 9th, 2018, Microsoft released an updated version of Office for iPad/iPhone to Office 365 subscribers - Version 2.15 (18070200) in 35 languages. Our Office International team translated this release. Here are some of the new features included this month: (1) Word count shows as you scroll, and (2) Sync draft messages between different Outlook endpoints so you can start a message on your phone and finish and send it on your desktop, or vice versa! This started to roll out to Office 365 customers on July 10th 2018 and it should be with 100% of customers by July 24th 2018. More information and help content on this release can be found in the iOS section of the What's New in Office 365 page.
Office for MAC 2016 - July 2018 Release details
On July 11th, 2018, Microsoft released Office 2016 for Mac Version 16.15.18070902 in 27 languages. Our Office International team was responsible for translating this release. You will see the following features once you update: (1) In PowerPoint add live action to your slide with a YouTube video, and then view it without having to leave the app; and (2) Improved security for Google accounts. More information and help content on this release can be found in the MAC section of the What's New in Office 365 page.
Microsoft Whiteboard is now generally available for Windows
We are pleased to announce the general availability of the Microsoft Whiteboard app for Windows 10. Whiteboard gives teams a freeform, intelligent canvas for real time ideation, creation, and collaboration. Since releasing a preview of the app in December, more than 200,000 customers have helped us fine tune the feature set and end user experience. Based on their feedback we've added a number of new features, including text notes, the ability to add and manipulate images, enhancements to shape and table recognition, accessibility improvements, compliance with various global standards, and more. In addition, the Whiteboard app for iOS and preview on the web will be coming soon. These releases will mark an important milestone in our journey to make Whiteboard the best tool for freeform collaboration across platforms and form factors. | Related: Video - Introducing Microsoft Whiteboard
Microsoft OneDrive named as a leader in Gartner Magic Quadrant for Content Collaboration Platforms
Enabling secure ways to share and collaborate on content with coworkers and colleagues, both inside and outside your organization, is critical to improving productivity and teamwork. According to Gartner, "By 2022, 50 percent of organizations will use collaborative document editing as the standard interaction method for document creation." Microsoft OneDrive makes this a seamless experience, connecting you to all your files on any device while protecting your work from data loss, malicious attacks, and more. We are honored that Gartner has recognized Microsoft, for the second year in a row, as a leader in the Content Collaboration Platforms Magic Quadrant report. Microsoft placed highest in ability to execute and has made substantial improvements in the completeness of vision over last year's report. Additionally, Microsoft is recognized as a leader in both the Content Collaboration Platforms and Content Services Platforms Magic Quadrant reports.
Today's tip...
Service Health provides you with a customizable dashboard which tracks the health of your Azure services in the regions where you use them. In this dashboard, you can track active events like ongoing service issues, upcoming planned maintenance, or relevant health advisories. When events become inactive, they get placed in your health history for up to 90 days. Finally, you can use the Service Health dashboard to create and manage service health alerts which proactively notify you when service issues are affecting you.
Service Health tracks three types of health events that may impact your resources:
In my previous blog post, I wrote about the new Microsoft Teams for Surface Hub (Preview) app.
In this post, I'm going to cover the steps required to push the Microsoft Teams for Surface Hub (Preview) app to Surface Hubs that are on the Insiders program, and configure its options using Intune.
To push the app to the Surface Hub you'll have to you'll have to configure Intune and the Microsoft Store for Business to push apps to the Surface Hub. Follow this post to configure both if you haven't done it yet.
Remember - you must acquire the offline license version to the Microsoft Teams app to be able to push it using Intune:
After syncing the store with Intune, you'll see the app in the Apps list:
Next, configure the Microsoft Teams app CSP settings in Intune.
Create a new Device configuration profile in Intune. Set the Platform to Windows 10 and later, and the Profile type to Custom:
There are two dedicated CSPs we're using to configure the app on the Surface Hub. Both must be present for the app to work:
./Vendor/MSFT/SurfaceHub/Properties/SurfaceHubMeetingMode is the CSP that replaces the .ppkg files you'll be using if you're manually installing the app. it comes with the values of 0, 1 or 2 and would act as follows:
0 - Skype for Business is the preferred app on the Surface Hub's Start Screen, however you can still join Microsoft Teams meetings.1 - Microsoft Teams is the preferred app on the Surface Hub's Start Screen, however you can still join Skype for Business meetings.2 - Microsoft Teams is the exclusive app on the Surface Hub's Start screen and Skype for Business is disabled.The Data type for this setting is Integer and you can choose any value from the above as illustrated in the following image:
./Vendor/MSFT/SurfaceHub/Properties/VtcAppPackageId is the CSP representing the app ID that's replacing Skype for Business; Microsoft Teams. The value for this CSP is always Microsoft.MicrosoftTeamsforSurfaceHub_8wekyb3d8bbwe!Teams
The Data type for this CSP is String. Copy and paste the value from the line above as illustrated in the following image:
To assign the policies (App deployment and Device configuration) to the Surface Hubs, create a security group with the Surface Hubs device accounts:
Go back to the Microsoft Teams for Surface (Preview) app in the Apps list and click 'Assignments'. Assign the app to the Security Group you created with the following settings:
Click ok and save the configuration.
Next, for the Device configuration profile, assign it to the Security Group you created:
Intune will push the and settings immediately. You may need to restart the Surface Hub to complete the process:
Hello folks, David Steadman Here!!
We have released our latest hotfix for MIM 2016 SP1 .
Improved security with the use of gMSA Support
https://docs.microsoft.com/en-us/microsoft-identity-manager/microsoft-identity-manager-2016-gmsa
Improved Language support to new defined standard
Updated Logic to Service Dynamic Logging to include circular logging
All Current/New PowerShell cmdlets documentation
https://docs.microsoft.com/en-us/powershell/microsoft-identity-manager/overview?view=idm-ps-2016sp1
As customers are still working with Windows 7 and PowerShell (PS) versions before 3.0, sometimes there are work a rounds needed. You can upgrade your PS version on Windows 7 to a newer version, but that’s not always an option for everyone.
One of the newer cmdlets available in PS 3+ is the Get-NetConnectionProfile that gets a connection profile associated with one or more physical network adapters. A connection profile represents a network connection.
If you don’t have the luxury of updating PS on a Windows 7 machine, I worked up this little function to help people, leveraging the underlying .NET process from the INetwork:Getname method. Just copy/paste the code into ISE, or Visual Studio, or add it into your profile, or even add it into a module on the machine you need it to run. This allows you to reuse the code as needed. I didn’t add any additional code to remote into other machines, maybe in the future if there is enough need.
Function Get-NetConnectionProfileWin7 {
<#
.Synopsis
Works in Windows 7 with PS 2
.DESCRIPTION
Function that gets a connection profile associated with one or more physical network adapters.
A connection profile represents a network connection.
.EXAMPLE
Get-NetConnectionProfileWin7
.NOTES
Created for Windows 7 and PS 2.0+.
#>
$NetworkListManager = [Activator]::CreateInstance([Type]::GetTypeFromCLSID(‘DCB00C01-570F-4A9B-8D69-199FDBA5723B’))
$NLM_ENUM_NETWORK_CONNECTED = 1
$NLM_ENUM_NETWORK_DISCONNECTED = 2
$NLM_ENUM_NETWORK_ALL = 3
foreach($net in $NetworkListManager.GetNetworks($NLM_ENUM_NETWORK_CONNECTED))
{
Write-Host "Name: "$net.GetName() -ForegroundColor Green
Write-Host "Status of connection: " $net.IsConnected
Write-Host ""
}
}
Here is a .ps1 file zipped up if you want the code in this format.
We recently announced free extended security updates will be available in Azure virtual machines for SQL Server, Windows Server 2008, and 2008 R2 for an additional three years after the end of support deadline. End of support is coming soon and this means impacted organizations will lose access to regular security updates and could face significant security risks. Migrate these 2008/2008 R2 workloads to Azure immediately with no application code changes and continue to get security updates to keep workloads protected while working on your modernization plans. Purchase extended security updates for other environments as well, to keep workloads protected while you work on your upgrade and migration projects.
To learn more, read the full blog post and visit the 2008 end of support page.
Announcing Azure Data Box Disk Preview
Azure Data Box Disk provides a simple, secure, SSD disk-based offering for offline data transfer to Azure. Customers that have data transfer requirements but lack the onsite technical expertise required for more robust data transfer offerings can use the Data Box Disk service to transport as much as 40 TB of data into Azure by simply connecting the disks to a computer via USB or SATA and using drag-and-drop or robocopy commands for data transfer.
Data Box Disk Preview is available in the EU and US. The preview is currently free.
Customers and Cloud Solution Provider (CSP) partners are invited to sign up for the Data Box Preview on the same portal as Data Box Preview.
Partners—please sign up on our partner portal.
At Inspire, we're announcing several new features to the preview of Azure IoT Central. These new features provide an easy avenue for partners across the IoT ecosystem to benefit from IoT. They include support for Azure CSP, new workflows powered by Microsoft Flow connector, continuous data export, and integration with Power BI. These features made available make it easy for partners to resell, manage, and extend customer solutions.
To learn more about the Azure IoT portfolio including the latest news, visit the Azure IoT page.
Securing your resources is important, which is why we’ve made it even simpler for you to do. Azure Security Center is now integrated into the subscription experience. It's easy to enable Security Center and quickly assess the security state of your resources, get actionable recommendations, and mitigate risks.
Learn more about this capability.
To help you address your security challenges, Azure Security Center for Azure Government is now available in preview. Security Center delivers unified security management for hybrid cloud workloads, with continuous monitoring as well as security assessments and recommendations. Coupled with advanced threat protection to identify and mitigate risk and reduce exposure, this enables government cloud security teams to better protect their data, networks, and IT infrastructure from cyberattacks.
Azure File Sync is now generally available.
Azure File Sync replicates files from your on-premises Windows Server to an Azure file share. With Azure File Sync, you don’t have to choose between the benefits of cloud and the benefits of your on-premises file server—you can have both. Azure File Sync enables you to centralize your file services in Azure while maintaining local access to your data.
For more information on Azure File Sync, please visit our product page.
Azure Firewall is a fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability. Centrally create, enforce, and log application and network connectivity policies across subscriptions and virtual networks. Azure Firewall uses a static public IP address for your virtual network resources allowing outside firewalls to identify traffic originating from your virtual network. The service is fully integrated with Azure Monitor for logging and analytics.
Learn more about Azure Firewall.
Read the Azure Firewall Preview documentation.
Azure Virtual WAN is a networking service providing optimized and automated branch-to-branch connectivity through Azure. Virtual WAN allows you to connect your branches to each other and to Azure, centralizing your network and security needs with virtual appliances such as firewalls and Azure network and security services.
Visit the documentation for guidance on how to join the managed preview.
Azure Marketplace is the place for customers of all sizes to discover certified solutions. We recently announced Azure Marketplace has released two additional capabilities: private offers, and geo-expansion to Canada for consulting offers in Azure Marketplace.
Enterprise customers increasingly want to use online marketplaces to discover, try, and buy cloud services. Now with private offers, publishers can privately share solutions with specific customers in a variety of ways.
Azure Marketplace is expanding consulting services from US to Canada. Now generally available in Canada, this new listing option expands Azure Marketplace beyond partners and applications so that customers can find a wide range of consulting services, such as assessments, onsite workshops, proofs of concept, and implementation, each backed by a partner with deep Azure expertise.
To learn more, read the full blog post and visit Azure Marketplace.
SQL Data Warehouse sets industry standards for query performance
Azure SQL Data Warehouse is a fast, flexible, and secure analytics platform in the cloud. Azure SQL Data Warehouse customers will now enjoy at least two times faster query performance from their workloads, making this the fastest data warehouse in the cloud. These performance gains are made real by the instant data movement feature that allows for extremely efficient movement between data warehouse compute nodes.
Azure SQL Database managed instance business critical tier in preview
The business-critical performance tier is now available to Azure SQL Database Managed Instance. Designed for mission-critical business apps with high I/O requirements, business critical supports high availability with the highest level of storage and compute redundancy.
Save more during this preview with Azure Hybrid Benefit for SQL Server, which provides up to 55 percent off the license-included full price when applied.
New purchasing model for Azure SQL Database
The vCore-based purchasing model for Azure SQL Database elastic pools and single databases is now generally available. The purchasing model is in addition to the existing DTU-based model. Designed to give you flexibility, control, transparency, and an easier way to compare to on-premises workloads, it allows you to scale compute, storage, and IO independently based upon your workload needs. Options within the vCore-based model are also eligible for up to 55 percent savings with the Azure Hybrid Benefit for SQL Server.
The long-term backup retention feature is now available in all Azure regions. It provides greater flexibility in setting your retention policies and managing individual backups. Backups also now use read-access geo-redundant storage (RA-GRS), which provides an even higher degree of protection for your data.
Azure SQL Database supports auto-failover
Auto-failover groups are now generally available for Azure SQL Database, supporting transparent geographic failover of multiple databases with automatic activation.
We recently announced the general availability of Azure Maps (formerly Azure Location-Based Services), a portfolio of geospatial APIs that enables developers to integrate searching, mapping, routing, traffic, and time zone services to their web, mobile, and enterprise applications.
Several new features are being added to our standard portfolio:
Learn more about Azure Maps and read our Infopedia page.
If you have questions, please contact us .
Azure SQL Data Warehouse is a fast, flexible, and secure analytics platform in the cloud. We're announcing the general availability of the compute optimized Gen2 tier in the UK West region. With this general availability, customers can now provision the latest tier of SQL Data Warehouse across 23 regions with a financially backed SLA of 99.9 percent availability.
We're excited to announce the preview of Service Fabric Mesh, a fully managed option from Azure Service Fabric that simplifies deployment and operations by removing the burden of managing virtual machines (VMs), storage, or networking.
We're also releasing the Service Fabric 6.3 runtime that includes Service Fabric Mesh applications (preview) support, along with other features and improvements including support for Service Fabric Reliable Services in Windows containers, and VM isolation for Linux containers.
Learn more on the Azure blog.
With Azure Dev Spaces, a feature of Azure Kubernetes Service (AKS) now available in preview, the lengthy process of working in complex microservices applications can be drastically simplified.
Using Azure Dev Spaces, all you need is your IDE and the Azure CLI. Azure Dev Spaces provides a rapid, iterative Kubernetes development experience for teams. With minimal machine setup, you can iteratively run and debug containers directly in AKS–even in complex environments. Teams can share an AKS cluster to collaboratively work together, with each developer able to test end-to-end with other components without replicating or mocking up dependencies. You can also use Dev Spaces to develop on the OS of your choice—Windows, Mac, or Linux—using familiar tools like Visual Studio, Visual Studio Code, or just the command line.
Azure DevOps Projects enables customers to start running their application on any Azure service in just three steps—simply select an application language, a runtime, and an Azure service. In addition to deploying a sample application, DevOps Projects also sets up a full CI/CD pipeline powered by Visual Studio Team Services.
DevOps Projects now has support for a variety of languages,including .NET, Java, PHP, Node, Python, Go, and Ruby. Using DevOps Projects, deploy to AppService, VM, Service Fabric, and AKS.
This product is now a generally available feature in the Azure portal.
Blog técnico de Microsoft TechNet-MPN
Microsoft ofrece webinars técnicos dirigidos por instructores y consultas técnicas que se centran en escenarios de seguridad y cumplimiento de normas. Se ofrecen en varias zonas horarias e incluyen capacitación interactiva y capacidades en tiempo real y sin costo para los miembros de la red de Microsoft Partner.
Explore las posiblidades: https://blogs.technet.microsoft.com/ptsblog/2018/07/11/security-and-compliance-technical-webinars-consultations-july-august-september/
Microsoft TechNet – MPN blog
A Microsoft está oferecendo webinars técnicos ministrados por instrutores e consultas técnicas que estão focadas em cenários de segurança e conformidade. Eles são oferecidos em vários fusos horários e incluem treinamento interativo e habilidades em tempo reale sem custo para os membros da Microsoft Partner Network.
Explore as possibilidades: https://blogs.technet.microsoft.com/ptsblog/2018/07/11/security-and-compliance-technical-webinars-consultations-july-august-september/
Sick of all the good weather? Then join us this week at the Microsoft Reactor in London for a session on Data and AI. This 3-hour session is free to attend, and features an agenda packed full of technical deep-dives and customer stories. The event kicks off at 6pm, so come on over after work and don't miss out!
If you'd like to attend, please register your attendance on Meetup. If you can't make it this time, stay tuned for more details post-event, and check our our events listing for future meetups.