こんにちは、サポートの森村です。
本記事では Project Online の [Project] タイルを使用した場合の動作について、弊社の米国のエンジニアが公開済みの下記ブログ記事の内容についてご案内いたします。

タイトル : Project Online: The new ‘Home’ experience
タイトル : https://blogs.technet.microsoft.com/projectsupport/2018/08/15/project-online-the-new-home-experience/

Project Online 関連のサブスクリプション (Project Online Premium、Project Online Professional、Project Online Essentials) のライセンスを割り当てているユーザーの場合、Office 365 にサインインするとアプリケーション ランチャーに [Project] のタイルが含まれています。
本日 2018/8/28 時点では [Project] タイルをクリックすると、既定の Project Web Access サイトコレクション (PWA サイト) である、/sites/pwa にアクセスする動作となっております。
こちらの動作を、近日中に変更し、下記のような「Project ホーム画面」 (https://project.microsoft.com/) に移動する動作となる予定です。
[Project] タイルの動作を以前のままにする、等の設定変更はできませんので、従来通り /sites/pwa の PWA サイトへの直接アクセスが必要な場合は、ブックマーク等の機能を利用いただくか、あるいは Project ホーム画面最下部の [Project Web App に移動] をクリックしてください。

画面の説明
● [新規作成] メニュー
既定の PWA サイト (/sites/pwa) 上でプロジェクトの作成権限がある場合は、こちらのメニューから既定の PWA サイト上に新規プロジェクト作成を行うことが可能です。
なお、既定の PWA サイト以外の別の PWA サイトに対し新規プロジェクトを作成することはできません。また、作成する PWA サイトを変更することもできません。

● [お気に入り]
下部の [最近] に表示されているプロジェクトをマウスでポイントし、☆マークをクリックするか、三点リーダーメニューから [お気に入りに追加] を選択すると、お気に入りのプロジェクトとして表示されます。

● [最近]
最近該当ユーザーによって作成、編集されたプロジェクトの一覧が表示されます。クリックすると該当プロジェクトが [プロジェクト センター] 上で表示されるページに移動します。
複数の PWA サイトを使用しているユーザーの場合は、既定の /sites/pwa の PWA サイト以外の PWA サイトで作成したプロジェクトについても表示が行われ、またクリックすることで別 PWA サイト上のプロジェクトが表示される動作となります。

● [Project Web App に移動]
既定の PWA サイト (/sites/pwa) に移動します。

関連ブログ情報
PWA サイトにアクセスするためには、Project Online 関連のライセンス付与の他に、PWA サイトへのアクセス権付与が必要です。
詳細は下記のブログ記事などをご確認ください。

タイトル : Project Online を使用する際にはライセンスおよびアクセス権限の割り当てが必要です
アドレス : https://blogs.technet.microsoft.com/sharepoint_support/2015/04/06/project-online/

今回の投稿は以上です。

本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。

Hello and welcome everybody to our TNWiki Article Spotlight on Tuesday!

This is my first blog post after a long time! My last post was published here on August 22, 2017. It is slightly more than a year! Wow, I feel many things changed! I even have a new signature icon which is really nice! Thank you Kamlesh Kumar for creating such a pretty icon!

We also have new processes! New authors and bloggers! And so many new articles published during this time! So, to find a nice article for this spotlight blog post, I read several nice articles which I picked up from last few Monthly Guru Award Winners. I read each of them end to end.

After reading all of them I would like to talk about my favorite article
SQL Server: All about Detach and Attach operations and common scenarios where they may or may not work

published by Mohsin_A_Khan.

I really liked the way he explains the issues and their solutions. He did a great job on writing a very useful and well-organized article around the attach and detach operations in SQL Server. The article covers several real-world issues and provides practical solutions with clear notes, warnings, references, and workarounds where needed. The article has one of the highest issue density in the TechNet Wiki articles. Although he wrote about many issues I enjoyed the content association. Right after he brought up an issue, he told you what is the solution.

All the samples worked accurately on my test virtual machine. Albeit I didn’t find the example code on “alter database…modify file” section, but it explained very well. Moreover, in the section “When a log file cannot be rebuilt”, he put a note section that mentioned Paul Randal’s blog post which was very useful. Finally, in the conclusion section, he brought it to a good end!

In his article you will find solutions to the following issues:

• Detaching and attaching a database
• How to move a database that participating in Log Shipping?
• Common scenarios where attach may or may not work
• When SQL instance is cleanly shut down
• When a single log file is missing
• When multiple log files are missing
• When a log file cannot be rebuilt
• When the database is read-only
• How log rebuild breaks the log backup chain

Saeid Hasani

Microsoft TechNet Wiki Ninja

Blog | Wiki | Profile

Hello All,

I was reading about this tool during an internal discussion on security and thought you might be interested….

You can use Office 365 Secure Score to realize which security best practices your following, and then using the results improve your security using the built-in features provided but that you have not implemented.

The application will analyze your tenant then compare those results against a baseline created by Microsoft engineers.  The score is generated at approx 1am PST everyday after that time a Global Admin or custom admin can go to the portal to view/share the score or look at the results to find a way to improve your score.  Changes you make will take up to 48 hours to discovered by the App, but could take less time as well.

Improving your score by enabling features in your queue is simple, select an action that you want to implement like ‘Use Audit data’.  First select the action to see Microsoft description of the action, then review the threats that will be mitigated.  If you need to understand the action better then click on the Learn More button (See screen shot), after that go thru the steps to implement the action in your tenant.

If you would like to help improve the tool then please go here and leave your ideas.

Pax

Today's tip...

Earlier, we tipped on the packaging of the Windows Server Summit content into an ‘Event-in-a-box’. As it happens, earlier this month saw the introduction of a new event with the holding of the first-ever Microsoft Business Applications Summit.

Session categories include:

• Strategy and vision of the Microsoft Power platform
• PowerApps & Microsoft Flow Customer Sessions
• Common Data Service & Model-driven PowerApps solutions
• And more

See the complete event recap here.

The two letters heard most frequently at Microsoft Inspire this year were "A" and "I". In this Partner Tech Perspective, I'd like to take you through some of the approaches we believe will be most effective for our partner community in establishing their Artificial Intelligence (AI) practices and solutions. Let's tackle this by addressing the three biggest challenges facing successful AI projects:

• AI solutions are only as effective as the quality of the questions asked. All too often, our customers don't know what questions to ask. Even savvy business leaders can struggle with the decomposition of desired business outcomes into digital signals, insights, and automated action—but the Listen, Think, Act model can help structure AI solution consultations with your customers.
• A lack of commitment or endorsement of AI from top leadership as a decision-making alternative to "how it's always been done" results in projects failing to turn into funded initiatives. Instead, infuse AI into every project/service you deliver as a subtle way of introducing your customers to the power of AI.
• The condition of a customer's data estate can often become a serious obstacle to operationalizing an effective AI solution. A host of data problems—including poor processing, lack of completeness and relevance, poor integration, and non-compliance—can pose serious risks. Leverage the opportunity to modernize as you migrate and create the conditions for effective AI scenarios after moving to cloud.

There are certainly other challenges in successfully implementing AI solutions for customers, including access to AI and Data Science talent, which we’ll touch upon at the end. For now, we’ll use a series of three posts to tackle the main challenges, starting with this one.

Winning new AI projects

Solution: The Listen, Think, Act model

I like to structure a digital transformation discussion using the model of Listen, Think, Act. This thought experiment begins by determining what act would have to take place to address the business problem. For example, do we need to create a field service request for a maintenance issue which we think is imminent? Do we need to issue a special stock grant to a critical employee who we predict is about to leave the company? Do we need to make a new service bundle offer to a customer that is ready for more?

With that end in mind, consider what data we might listen to that could inform a solution to the problem? Be sure to consider data and signals that may not currently be available to the customer, because virtually anything can be instrumented at this point.

Next, think about that data—this is where we would directly apply AI. By considering the data, what unique insight could we derive that addresses the business problem?

Then, back to the action. We must act on that insight; to truly digitally transform the business, the action should be automated to the extent possible. That might mean workflow configuration through Microsoft Dynamics 365 or Microsoft Office 365, or it could be low code/no code via Flow and PowerApps, or a fully custom and integrated workflow that results in an action occurring at the edge on a mobile device.

Let's walk through a real-world example of this approach. Say you read an article in the Wall Street Journal about American Airlines cutting unprofitable international flights in response to higher fuel prices and uncertain demand. Now, canceling international routes is not without significant cost for an airline, both in terms of operational expense and opportunity losses. The business problem could be described as uncertainty in route demand vs. fuel costs resulting in expensive guesses about routes. One way to address this problem would be to generate a heatmap of 6-month forecasted passenger profitability between cities (which we do for Azure capacity demand planning). As inputs (Listen), take indicators of passenger traffic, such as exchange rates or hotel occupancy rate trends, and indicators of fuel prices, such as oil reserve levels. Then, one could develop an index of future passenger profitability by route (Think). This heat map, implemented as a dynamic Power BI map, for example, could then feed the planning team with an overlay to current route contract negotiations (Act). The end result would be more predictability on route commitments and improved profitability.

Listen, Think, Act is an easy way to get the conversation going with our customers, and helps to keep the conversation at the right business altitude—focused on business outcomes and not simply experimenting. It also ensures that you’re working toward a holistic solution that’s inclusive of data acquisition/IoT, AI & analytics, and business process automation/edge computing.

Once you have used the Listen, Think, Act approach with your customer to establish an AI solution scenario, I encourage you to explore the Team Data Science Process (TDSP), a methodology for delivering and managing effective AI solutions throughout the lifecycle of your data science projects. It helps you ask the right questions and addresses the gaps and challenges throughout the AI lifecycle by providing best practices, examples, and templates. You can find more details on TDSP here.

Keep an eye out for the next post, in which we’ll tackle the problem of AI sponsorship and executive buy-in.

Scott Emigh is the Chief Technology Officer for Microsoft’s US One Commercial Partner (OCP) organization. With an extensive background in tech and solution sales, Scott leads a national team of Solution Architects, Evangelists, and Strategists all focused on developing and enabling our US partner ecosystem – ISVs, System Integrators, Managed Hosters, and Volume Channel. Our mission at Microsoft remains steadfast – to empower every organization on the planet to achieve more. Our partner ecosystem is at the forefront of bringing this powerful mission to life. OCP will work to transform our partner ecosystem and simplify the programs and investment structure for our partners to drive growth and profitability. We will provide the programs, tools, and resources you need to build and sustain a profitable, successful cloud business.

Olá Pessoal,
Vimos alguns casos no suporte onde usuarios de dominios federados não conseguiam logar em suas contas ou criar um novo perfil do Exchange Online usando o aplicativo Outlook para Android e a mensagem exibida é somente "ocorreu um erro"

• O que acontece é que apesar do aplicativo ser desenvolvido por nós cada dispositivo gerencia suas requests/responses de maneira diferente e o Android é mais exigente na questão de certificados do serviço de federação
• Com isso os certificados root e intermediate não podem faltar em suas respectivas pastas como também nao podem estar inseridos em outras pastas, o correto é seguir essa ordem:

• Você pode verificar se o ceritficado publicado nos servidores WAP & ADFS se o endereço (exemplo: adfs.dominio.com.br) não contém corretamente o intermediate e root em suas pastas nos servidores que respondem pelo endereço usando alguns links como https://cryptoreport.websecurity.symantec.com/checker/ ou https://ssltools.digicert.com/checker/views/checkInstallation.jsp (você também pode usar qualquer outro site que verifique a cadeia de certificados no endereço que você inserir (você precisa inserir o endereço do seu serviço de federação que está publicado na internet).
Exemplo que pode ser exibido na consulta aos sites descritos acima:

adfs.dominio.com.br
You have 1 error
Intermediate certificate missing.
SHA2 Extended Validation Server CA | Download certificate

Intermediate certificate missing.
SHA2 Extended Validation Server CA | Download certificate

• Se você estiver enfrentando esse problema tome as ações de inserir o certificado nos servidores WAP e ADFS nas respectivas pastas corretas e reinicie os servidores.

• Documentado aqui está o contexto do que o erro de codigo 3 significa: https://developer.android.com/reference/android/net/http/SslError.html
SSL_UNTRUSTED
int SSL_UNTRUSTED
The certificate authority is not trusted
Constant Value: 3 (0x00000003)

• E aqui está o log do Outlook App analisado pelo time especialista em Outlook para Android onde consta o erro de codigo 3

D 2018-07-20T11:43:27.900+0000 [ci=lkZEpaox7M] main Office365LoginA Authentication error:Code:-11 primary error: 3 certificate: Issued to: CN=adfs.dominio.com.br,O=COMPANHIA DE TI,OU=MS,L=PARANA,ST=CuritibaC=BR;
Issued by: CN=Organization Validation CA - SHA256 - G2,O=nv-sa,C=BE;
on URL: https://adfs.dominio.com.br/adfs/ls/?login_hint=nome.sobrenome%40dominio.com.br&wfresh=0&wauth=http%3a%2f%2fschemas.microsoft.com%2fws%2f2008%2f06%2fidentity%2fauthenticationmethod%2fpassword&client-request-id=e416db57-b03b-44b4-b280-f33bee6a1592&username=nome.sobrenome%40dominio.com.br&wa=wsignin1.0&wtrealm=urn%3afederation%3aMicrosoftOnline&wctx=estsredirect%3d2%26estsrequest%3drQIIAa1RPW_TQBjO2YmBqlKrSoWOHaiEkOKPc9LmAyQcmbYCh5Cqbeqoi-_Oji-xfcaxL22m_gNQR8TEgtQJVQwI_kGnSCwIxMbUASGxMOL8B5ZXz7M8X--CpMkalNUVoN0Xc9i4C7fqEKpqpVyFVa1cUXW1jCAk5brmYlJ39C3XqSQrC8u977d_Nt9_MC_P_jR_DVfPL4AZjp0s9RuKglkohxQnbMy8VGaeR7ErsywNGBspHh7U1BectTW7_fRJn6Jha9LFpteJ2IZufgRgBsCZAM6FO56DKJMxcwOfPcLjSJ7romQmgG_CUsfIveD8sIRO3WuhFLABjV6Lx_a-xsju3gRPGbfgCe_DILMiEqNwjxO9naHwULXgM456Gke0f_q856tktzXt0Bq3j1qxFW4PEdQmaGeU2bCeWvCwYkPfRyEJLsR1P03jcV7Sians5InigM6DKe4J9p1o4F6KUk5DFn0VwawIrouLN8Hy4lphvXBPUMHfInhbyud78HLtS_bux86bjc9LxeZq4aqknAZVVtsedDcNPWz3vGRz2g0PaqmixKbHjf2DxOCjhHDn6HH3YbWhvZLAlXTDiEjCKPktFT7d-i8P-Ac1 CorrelationId: e416db57-b03b-44b4-b280-f33bee6a1952

There is currently no cmdlet to easily remove an Azure Hybrid Connection object (from an App Service Plan).
So in a case you need to remove several connection objects, doing it from the protal is tedious.

This is why I created the following script:

HTH,

Martin.

執筆者: Marty Donovan (Senior Program Manager, Industry Experiences)

このポストは、2018 年 8 月 20 日に投稿された Driving industry transformation with Azure – Getting started – Edition 1 の翻訳です。

マイクロソフトは、あらゆる組織がその業界ならではの課題を解決し、新たなビジネス チャンスを創出し、デジタル トランスフォーメーションを推進できるよう支援することを重視しています。マイクロソフトや主要パートナーが、各業界に特化したソリューション、コンテンツ、ガイドなどのリソースをほぼ毎日のように発表しているのは、そのためです。このブログ シリーズでは、あらゆる業界のお客様が新たなビジネス チャンスを掴めるように、Azure を活用した課題解決や機会創出の方法に関する最新情報を毎月まとめてお届けします。

銀行/金融業

• 詐欺や金融犯罪への対策
  サイバー攻撃や詐欺の手法は日々進化しており、システムによるより迅速な検出が求められています。この記事では、金融業界をけん引する大手銀行における活用事例と情報が紹介されています。Azure の機械学習と AI のソリューションにより、リスクをすばやく検出して保護する方法をご覧ください。
• Azure を活用して金融分析機能をアップグレードする方法 (英語)
  コーポレート ファイナンスや投資銀行にとって、リスク分析はきわめて重要です。Azure を活用してリスク評価ソリューションを実装する方法をご覧ください。
• 大手小売店の事例から学ぶ (英語)
  銀行では、新しいサービス オプション、迅速な対応、個別のアドバイスなど、サービスのさらなる充実が求められています。この記事では、最先端の小売店の事例から学べるヒントを紹介しています。
• Microsoft Azure が、金融機関向けに改ざん防止の Azure Blob Storage 不変ストレージをリリース (英語)
  Azure Blob Storage の不変ストレージのパブリック プレビューが開始されました。これは、金融機関は消去や変更が不可能な状態でデータを格納し保持することができる新機能で、無料で提供されます。これにより、ソフトウェア プロバイダーやパートナーの皆様には、機密性の高いワークロードの記録を保持するための不変ストレージとして Azure をご利用いただけます。

医療/ライフ サイエンス

• オンライン セミナー「Microsoft Azure Blueprints による医療業界での人工知能 (AI) の活用促進 - 第 1 回: はじめに (英語)」にぜひご登録ください。
  医療業界では、患者の入院日数予測、画像診断、詐欺防止などの幅広い領域で AI を活用できるようになることが、大いに期待されています。AI を有効活用するためには、プロジェクトではなく、優れたソリューションが必要です。Microsoft Azure Blueprints を利用すれば、医療用の AI ソリューションの導入に必要な準備をスムーズに進めることができます。Blueprints では、サンプル コード、テスト データ、セキュリティ、コンプライアンスに関するサポートなどのリソースを提供しています。このセミナーは、医療従事者、保険者、製薬会社、ライフ サイエンス企業を対象としています。
• 革新的なクラウド テクノロジを適用して医療の質を向上
  患者のリスク検知、病気の早期発見、プライバシーの保護、詐欺の防止などを実現するために、医療機関で AI と機械学習をどのように活用しているかご確認いただけます。
• ブロックチェーンを詐欺防止に活用 (英語)
  医療詐欺は、医療費の高騰に大きな影響を与えています。詐欺行為はデータの整合性や透明性が十分に確保されていないことで発生しやすくなります。この記事では、データの整合性や透明性の問題解決にブロックチェーンを活用する方法を紹介しています。
• 医療業界における機械学習の最新の活用事例 (英語)
  保険、医療、製薬業界では、機械学習を導入して活用したいと考える関係者が増えています。この記事では、機械学習の主要トピックと医療業界での活用例を紹介しています。

保険

• 保険業界のリスク管理に IoT を活用 (英語)
  モノのインターネット (IoT)、人工知能 (AI)、機械学習 (ML)、ビッグ データなどの最新技術は、保険会社のリスク評価精度向上、継続的なリスク管理、リアルタイムでのリスク緩和などを実現する大きな可能性を秘めています。
• Azure で保険金請求画像を分類する
  保険金請求におけるテキストや画像の分析など、画像処理が必要となる業務を想定したシナリオ例を紹介しています。

製造

• IoT でビジネス チャンスを拡大
  製造業での IoT 活用の場は、データ収集だけに留まりません。他にも、情報に基づいて事業目標を推進したり新たな機会を創出するためのインサイトを収集する際に利用することもできます。製造業の運営に IoT を上手く活用している事例をご確認ください。
• 予測メンテナンスによるダウンタイムの予知と防止 (英語)
  現在の製造業には、クラウド ストレージ、機械学習、エッジ コンピューティング、IoT などの新たな技術が採り入れられていますが、新たな課題として挙げられているのが、予測メンテナンスです。
• オンデマンドのスケーラブルなハイパワー コンピューティング (英語)
  大規模なコンピューティング能力が求められているエンジニアリングや製造業の分野で、Azure プラットフォームをどのように活用できるかを紹介しています。

小売/一般消費財

• 小売および一般消費財業界における Azure クラウドのビジネス価値 (英語)
  小売業や一般消費財ブランドにクラウドへの移行を勧める理由と、移行の手順について説明しています。
• Azure に e コマース インフラストラクチャを移行する方法 (英語)
  Azure への移行を計画している小売業者向けに、以下のようなさまざまな選択肢や、意思決定までの手順を紹介しています。
  • アプリケーションをクラウドでそのまま再ホストする場合: インフラストラクチャのコストを即座に削減できる
  • アプリケーションのリファクタリングを検討している場合: Azure PaaS (または SaaS) に移行すれば新サービスを統合しやすくなり、機能、パフォーマンス、スケーラビリティの向上につながる

最新情報はソーシャル メディアで定期的に配信しています。ご興味がありましたら、ぜひこちらの Linkedin のアカウントをフォローしてください。

このセミナーの参加登録はこちら

Autorem článku je Tomáš Kubica, Microsoft TSP. Další informace na téma Azure Stack v češtině najdete na jeho blogu:

• Azure Stack: úvod do cloudu, který se zatoulal k vám do sklepa
• Azure Stack: jak funguje portál pro administrátora, plnění IaaS katalogu a nabídky subskripcí
• Azure Stack: storage

こんにちは。Windows サポートの丸山です。

今回は、Windows Server 2016 環境にて共有フォルダーのサブフォルダーを削除、または移動すると、その上位フォルダーのアクセス権が一部削除されてしまう事象について、ご紹介させていただきます。

■ 発生する事象について

Windows Server 2016 環境にて共有フォルダーのサブフォルダーを削除、または移動すると、その上位フォルダーのアクセス権が一部削除されることがあります。
例えば、以下のように、共有フォルダーとなる C:SHARE 配下の SUB フォルダーを削除しますと、上位フォルダーのアクセス権の一部が削除されることがあります。

現在のところ、削除されるアクセス権には、以下のような特徴があることがわかっています。

(1) 共有されているローカル フォルダーの配下である
(2) 上位のフォルダーに継承が "なし" のアクセス権が付与されている
(3) 当該アクセス権には、既定の "読み取りと実行"、または "変更" 権限のみが付与されている
(4) 当該アクセス権は、上位のフォルダーから見た子のファイル、フォルダーには付与されていない
(5) エクスプローラーを用いて、フォルダーの削除、または移動を行っている

また、本事象は Windows Server 2016 環境のほか、バージョン 1511 以降の Windows 10 でも発生することが確認されております。
Windows 8.1 以前のクライアント OS や、Windows Server 2012 R2 以前のサーバー OS では発生しません。

■ 確認されている抑止策について

本事象を回避いただくには、共有フォルダーを操作するときにローカル フォルダーとしてアクセスせず、ネットワーク共有フォルダーとしてアクセスすることで抑止可能でございます。

前述の条件に合致するようなアクセス権が運用されております場合には、ご不便をおかけしますが、回避策による運用を検討ください。
また、本事象につきましては、弊社製品開発部門と連絡を取り、根本的な問題解決に向けた検討を進めております。
状況に進展がありましたら、本 BLOG の更新にてご報告させていただきます。

--
丸山 健一 (マルヤマ ケンイチ)
Windows プラットフォームサポート担当
日本マイクロソフト株式会社

Today's tip...

On July 19th, it was announced that Azure File Sync is now generally available! This is big.

Azure File Sync extends on-premises Windows Server File Servers into Azure, enabling our customers to quickly and efficiently start adopting the benefits of Azure while maintaining the local performance of their on-premises Windows Server. Essentially, Azure File Sync makes Windows Server a hot cache on-premises and it’s elegant:

• Step 1: Download and install the Azure File engine on to a Windows File Server running Windows Server 2019, 2016 or 2012 R2.
  • (physical or virtual, can be running anywhere)
• Step 2: Register Windows File Server with Azure
• Step 3: Configure Azure File Sync with how much free space you want to keep on-premises.
  • For example, say you want to keep 25% free on-premises

You’re done!

Now, Azure file sync will AUTOMATICALLY keep the file server 25% free and AUTOMATICALLY tier the coldest data (i.e. hasn’t been touched by age) storage up to Azure. The customer benefits are huge:

1. The customer now has virtually bottomless file storage. Azure File Sync will keep moving old data up to the cloud maintaining free space. No more running out of space.
2. To the end users, files still appear as if they’re on the file server. If a user goes to grab an old file, the file will automatically be retrieved from Azure and run on the local file server because it’s hot again!
3. Files can be synced across multiple sites! Suppose you have files you want to share with Seattle, New York, Paris, Sydney and London. Configure the Sync and Azure File Sync will handle the rest.
4. Once files are being replicated to Azure, now Azure services can access them ALL IN AZURE without needing to reach back down on-premises because they already reside in AZURE! Thus, we have just reduced network bandwidth as well!
5. Because these files are synced with Azure, you can now backup these up with Azure backup (with encryption of course) to safeguard the data.

Related Links:

Azure File Sync is now generally available!

Azure File Storage Product Page

Planning for an Azure File Sync deployment

Azure File Sync was highlighted in the Windows Server Virtual Summit Keynote – (22:30 in the Keynote)

Share On: Twitter      Share on: LinkedIn
 
This blog is part of a series for the Top 10 Networking Features in Windows Server 2019!
-- Click HERE to see the other blogs in this series.

Look for the Try it out sections then give us some feedback in the comments!
Don't forget to tune in next week for the next feature in our Top 10 list!

In this modern era of cloud computing, more and more customers are looking to move their workloads to public, private or hybrid clouds. Security is one of their main inhibitors in moving to cloud. How secure are their workloads in the cloud? Is their data safe from theft and tampering? Will it all work with IPv6?

Windows Server 2019 SDN delivers many features to increase customer confidence in running workloads either on-premises or as a service provider in the cloud. These security enhancements are integrated into the comprehensive SDN platform that our customers have already been using since Windows Server 2016.

For more information on general platform and management features, refer to SDN management blog (link) and the hybrid SDN gateway performance blog (link).

Encrypted Subnets

How many of the legacy applications on your network are using encryption?  How many of them are using an encryption method that is still considered secure?  Chances are you have some apps that are vulnerable to data theft and tampering.

You could find every app, analyze the encryption and update it, or you could encrypt at the network level with SDN.  With SDN network subnet encryption in Windows Server 2019, any packet that leaves a VM is automatically encrypted as it passes to other destinations on the same back-end network.  If a vulnerability is found, then the fabric can be updated quickly and all applications automatically gain the necessary level of security.

This is enabled on any of the subnets in a virtual network by specifying an encryption certificate to use and setting "Encryption" to true.

"As organizations look to enable protection through software defined controls and eliminate complexities, configurations leveraging virtual network encryption greatly enhance security in a simplified manner"

- Rand Morimoto, President, Convergent Computing

Ready to give it a shot!?   Download the latest Insider build and Try it out!

Firewall Logging

The ability to microsegment allows you to create isolation boundaries, but how do you know they're working? How can you tell if you're under attack? If a breach has occurred, how can you perform the post-mortem analysis to determine how far it went?

Firewall logging is critical for the ability to do all of the above.

In Windows Server 2019, SDN enables the Hyper-V host to generate Firewall logs that are consistent in format with Azure Network Watcher.  This enables the ecosystem of tools that has sprung up around Network Watcher to be easily adapted to work with the Windows Server SDN implementation.

After applying a one-time configuration to the network controller, you simply enable logging on individual Access Control List rules and network flows that match that rule are automatically logged.

"Windows Server 2019's SDN settings have an extremely helpful firewall-auditing component that can be enabled to log all network communications between SDN connections"

- Rand Morimoto, President, Convergent Computing

Ready to give it a shot!?   Download the latest Insider build and Try it out!

Fabric ACLs

Windows Server 2016 provides the ability to lock down the security of your virtual networks by automatically applying ACLs to VMs connected to virtual subnets.  Windows Server 2019 expands this capability to the fabric as well, allowing you to restrict access to your infrastructure machines in a way that is more easily managed and automatic, by adding ACLs to the logical subnets.  This means that any SDN managed VM connected to a VLAN based network will automatically get the necessary ACLs applied.

Ready to give it a shot!?   Download the latest Insider build and Try it out!

Virtual Network Peering

The primary security boundary for SDN is the isolation that's provided by the virtual network itself, but sometimes it becomes necessary to breach this boundary so that two virtual networks are able to communicate with each other.  This may be the case if you've deployed a Database in one virtual network, but want it to be accessed by other applications that have been deployed in their own separate virtual networks.  Virtual Network peering enables just that.  It combines the virtual routers in associated virtual network so they can communicate with each other, without having to traverse through a gateway. This enables high throughput, low latency communication between the virtual networks.

"This is really about making the scenario simpler to deploy / manage and removing the perf overhead.  As it happens we have a bunch of scenario’s where this feature will be useful, even in its current form.  As you know we run our two primary DC’s as active / active deployments and one of our big bug-ears has been providing this type of scenario, while still facilitating multiple entry points.  I can see multiple current workloads scenario’s where this will improve performance, rather than using our current approach of L3 GW’s over the MPLS inter-link"

- Philip Moss, Chief Product Officer, Acuutech

Ready to give it a shot!?   Download the latest Insider build and Try it out!

IPv6 support

While you may not want to use IPv6, at some point you may have to and because of that we've added support for IPv6 to SDN.  While not a security feature per-se, with Windows Server 2019, SDN includes the ability to use IPv6 for virtual network address spaces, virtual IPs and for logical networks.  All of the security features of SDN now work with IPv6 addresses and subnets, including Access Control Lists and User Defined Routing.

To use this feature, download the latest Insider build and use IPv6 subnets on your virtual subnets in the same way that you would use IPv4, and assign IPv6 addresses to your virtual machines.

Summary

As you can see, we have made a ton of investments in SDN to safeguard the security of your workloads with Windows Server 2019.

1. You can encrypt data in transit with virtual network encryption to prevent data theft and tampering
2. You can log traffic on the hosts for troubleshooting, auditing or simply post mortem analysis
3. You can now apply security ACLs for your physical fabric networks
4. You can enable secure, high performant communication between virtual networks
5. You can use IPv6 addressing for your virtual networks

All these enhancements will bolster customer confidence when they run their workloads in the hybrid cloud. They can rest assured that their workloads are safe and secure with Windows Server 2019.

Thanks for reading,

Greg Cusanza and Anirban Paul

This blog post is conceived so that in a few minutes you can get an overview of what has been going on in Azure last month, with a compilation of Azure announcements. My highlight this month are the news around Disaster Recovery and the Vnet endpoints for MySQL and PostgreSQL. Which ones are your favorites?

Azure Stack

• Enhance security and simplify network integration with Extension Host on Azure Stack

Management

• Expanded Azure Blueprint for FFIEC compliant workloads

IaaS

• Compute:
  • General availability of instance size flexibility for Azure Reserved Virtual Machine Instances
  • Azure Site Recovery powers Veritas Backup Exec Instant Cloud Recovery for DR
  • Migrate Windows Server 2008 to Azure with Azure Site Recovery
  • New customizations in Azure Migrate to support your cloud migration
• Storage:
  • Managed Disks migration now available in the Azure Portal
  • Azure Block Blob Storage Backup
  • Cross-subscription disaster recovery for Azure virtual machines
• Networking:
  • New locations for Azure CDN now available
  • DPDK (Data Plane Development Kit) for Linux VMs now generally available
  • Announcing VNet service endpoints general availability for MySQL and PostgreSQL

Security and IAM

• Enhance your DevSecOps practices with Azure Security Center’s newest playbooks
• Respond to threats faster with Security Center’s Confidence Score

Apps

• Linux on Azure App Service Environment now generally available
• Announcing the public preview of Windows Container Support in Azure App Service

Data

• SQL:
  • Announcing general availability of Azure SQL Database reserved capacity
  • Automatic intelligent insights to optimize performance with SQL Data Warehouse
  • Azure SQL Data Warehouse Gen2 now generally available in France and Australia
• NoSQL:
  • New Azure #CosmosDB JavaScript SDK 2.0 now in public preview
  • Azure #CosmosDB reference solution: Visualizing real-time data analysis with change feed
• HDInsight
  • How to enhance HDInsight security with service endpoints
  • Azure HDInsight Interactive Query: Ten tools to analyze big data faster
  • Azure #HDInsight Interactive Query: simplifying big data analytics architecture
  • Azure #HDInsight Apache Phoenix now supports Zeppelin
• Azure Data Factory Visual tools now supports GitHub integration
• Sharing a self-hosted Integration Runtime infrastructure with multiple Data Factories

Blockchain

• Multi-member consortium support with Azure Blockchain Workbench 1.3.0

IoT

• Intro articles:
  • Getting started with IoT: driving business action through analytics and automation
  • Getting started with IoT: what do you do with all that data?
  • IoT in Action: Building secure, sophisticated solutions
• Now Available: Azure Sphere technical documentation
• Hardening the security of Azure IoT Edge
• Installing certificates into IoT devices

ML/AI

• Real example: improve accuracy, reduce training times for existing R codebase
• Accelerating Artificial Intelligence (AI) in healthcare using Microsoft Azure blueprints
• Speech Services August 2018 update: SDK v0.6.0 and .NET Standard 2.0 support, amongst other news
• Logic Apps, Flow connectors will make Automating Video Indexer simpler than ever

Have fun!
Daniel

Hi there! Stanislav Belov here to provide you with the next issue of the Infrastructure + Security: Noteworthy News series!  

As a reminder, the Noteworthy News series covers various areas, to include interesting news, announcements, links, tips and tricks from Windows, Azure, and Security worlds on a monthly basis.

Hello, and a happy Wednesday to our outstanding readers! Brandon Wilson here with a pointer to some more of the new networking features in Windows Server 2019 coming to you straight from the Windows Core Networking team!

In this week's posting, the discussion surrounds software defined networking (SDN) security. Here is an excerpt straight from the product group:

"Top 10 Networking Features in Windows Server 2019: #4 Security with SDN

https://blogs.technet.microsoft.com/networking/2018/08/29/sdnsecurity/

Excerpt: In this modern era of cloud computing, more and more customers are looking to move their workloads to public, private or hybrid clouds. Security is one of their main inhibitors in moving to cloud. How secure are their workloads in the cloud? Is their data safe from theft and tampering? Windows Server 2019 SDN delivers new SDN security features to increase customer confidence whether running workloads on-premises or as a service provider in the cloud."

As always, if you have comments or questions on the post, your most direct path for questions will be in the link above.

Thanks for reading, and we'll see you again next week!

Brandon Wilson

Hi Folks!

I wanted to share a quick PowerShell DSC script that multi-homes the MMA (OMS Agent). Please feel to test in your environment. Enjoy!

https://gallery.technet.microsoft.com/PowerShell-DSC-to-multi-ed38164b

Cheers,

Mike

Det er med stolthed, at vi kan præsentere et samarbejde på tværs af sektorer. Microsoft er gået sammen med Professionshøjskolen København (KP) og Lenovo for at levere et stykke levende laboratorier med udgangspunkt i digital samskabelse og kreativitet samt innovation. Det er kørt i stilling med fokus på Minecraft: Education Edition (som nu også findes til iPad), virtual reality og mixed reality. Det er muligt at se hele setup'et OG få en snak/session, hvis man kontakter mig på moovesen@microsoft.com,  Lasse Remmer hos KP på lrem@kp.dk eller Christian Juul Viholt hos Lenovo på cjp@lenovo.com.

Vi glæder os til at tale disse teknologier ind i jeres planer for udvikling af kommunens skoler og læringsområder. Se videoen for at blive klogere på, hvad det er, vi arbejder sammen om.

This month, we focus on how the Microsoft Partner Network can help you reach more customers.

Microsoft is committed to collaborating with its partners, and one of our key pillars is to help you reach more customers. We do this in various ways, but this month’s webinars focus on marketing tactics to reach customers, as well as how to leverage effectively.

Marketing resources for partners to reach more customers

Are you an experienced marketer new to Microsoft solutions? Or just starting your practice and new to marketing? Microsoft supports partners with marketing resources for both new and experienced teams, from workshops to customizable assets.

Do you need help marketing Microsoft products? Microsoft’s foundational Marketing workshop has seven modules that help you identify your customers, create content, and measure results. Additionally, you can also watch our on-demand marketing workshops on branding, events and webinars, and social selling. Several partners have rebranded their businesses or found new prospects after attending the workshops.

Marketing SureStep Office Hours present different marketing topics each week. You’ll learn as much from other partners as you will the presenters in these interactive sessions. Find out more here.

Finally, Microsoft has created collateral to make it easy for you to create a campaign for Microsoft 365, Office 365, Dynamics 365, and Microsoft Azure. You’ll find guides, social media posts, infographics, and pitch decks you can use right away on the Microsoft Partner Network.

Attend “Marketing tactics to reach more customers,” our 60-minute session with marketing consultant Suzanne Ross on September 5 at 9:30 PT to learn how to use these resources to create a campaign aligned to Practice Development Playbooks. Register here.

How to boost your pipeline with partner referrals

Partner referrals provide a powerful capability to Microsoft Partner Network members that connects your practice with the right customers. Create a business profile to showcase your business solutions and expertise capable of addressing unique business needs to customers.

Partner referrals enable customers to search for Microsoft partners. But it’s so much more than a basic search function—the tool uses machine learning to reward partner engagement and interaction with customers. You can get to the top of the search results through attaining a competency or earning endorsements from customers who appreciate your work.

Join us for a community call on how to “Boost your pipeline with partner referrals” on Wednesday, September 19 at 9:30am PT. Tarang Shah from the Worldwide One Commercial Partner Organization will talk about how this tool can help you reach more customers, build and optimize your business profile ,and how to manage referrals in the tool. Register for the session here.

What’s next?

Take advantage of our other great resources:

• Check out marketing foundational workshops
• Study the Practice Development Playbooks
• Register for other upcoming MPN 101 calls or view the call recordings here

Stay engaged with the Microsoft Partner Network

• Community call schedule
• Blog series
• Yammer group
• YouTube playlist

We've seen customers have issues where they deploy an iOS or Android policy to a device, but it doesn’t get applied to the device. This could simply be because the policy is not compatible with the OS version and device type or that the policy is incorrectly targeted to the user or device. Another way you can resolve this is by following the troubleshooting steps we’ve listed below.

In portal.azure.com, go to Intune > Troubleshoot and select the user to troubleshoot.

1. After the user is selected, make sure Intune License and Account Status appear with green checks.
2. On the same page, under Devices, find the device to troubleshoot and check that the Managed By column shows MDM or EAS/MDM.  If you do not see these values, the device is not enrolled. It will not receive compliance or configuration policies until it’s enrolled. App Protection Policies (also known as MAM policies) do not require enrollment.
3. Check that Azure AD Join Type shows Workplace. If you see Not Registered, there might have been a problem during enrollment. Unenrolling and re-enrolling the device will resolve this problem.
4. Check that Intune Compliant and Azure AD Compliant show Yes. A No in either column might indicate one of the following problems:

• The device does not meet the requirements defined in your organization’s compliance policies.
• The device is not connected to the Intune service.

5. Check that Last Check In shows a recent time and date. Devices check in with Intune at least every 8 hours. If it’s been more that 24 since last check-in, there might be a problem with the device. A device that cannot check in cannot receive policies from Intune. To force a device to check in, follow the set of instructions below that matches the device’s OS. These steps can be done from any device.
6. a) For Android, open the Company Portal app and select Devices > problem device from list > Check Device Settings.

          b) For iOS, open the Company Portal app and select Devices > problem device from list > Check Settings.

          c) For Windows, open the device Settings and select Accounts > Access Work or School > applicable connection > Info > Sync.

5. Select the device to view the device’s policy details.
6. Under Devices > Manage, go to both Device compliance and Device configuration and make sure the device policy you’re trying to assign is listed.
7. a) If the policy is listed, review its State:

• Not applicable - this policy is not supported on this platform. For example, iOS policies won’t work on Android devices, and Samsung KNOX policies won’t work on non-Samsung KNOX devices.
• Conflict - There is an existing setting on the device that Intune cannot override.
• Pending - The device has not checked in to Intune to retrieve the policy.
• Errors – Review a list of possible errors in the Intune documentation 

           b) If the policy is not listed, it has not been assigned correctly. Go back to policy creation and assign policy to the user device.

We hope this helps you narrow down the reason for iOS or Android policies not applying to devices.