Check out the list of 75+ remote, interactive technical webinars and 5 one-on-one consultations, available to help you build your Cloud Infrastructure & Management technical capabilities. Through live, instructor-led webinars, you will receive interactive training with real-time Q&A capabilities – all at NO cost to Microsoft Partner Network members. If you are looking for one-on-one technical assistance focused on real-world scenarios, explore the list of technical consultations available using your MPN technical presales and deployment benefits.

Cloud Infrastructure & Management: Technical webinars & consultations list (Oct, Nov & Dec)

Important: Be sure to check out all the webinars listed outside your time zone, as they may work for your morning or evening schedule.

For more information on the Cloud Infrastructure & Management technical journey and the recommended path to consume these webinars and consultations, visit aka.ms/AzureAppInnovation or aka.ms/O365AppInnovation.

日本マイクロソフト株式会社 (本社: 東京都港区) は、グレーを本体色に採用し、スティック軸部分などに鮮やかなライト ブルーをアクセントで配置した『Xbox ワイヤレス コントローラー (グレー / ブルー)』を 2018 年 11 月 1 日 (木) より 6,480 円 (税抜参考価格)^*1 で全国のゲーム販売店にて発売します。

『Xbox ワイヤレス コントローラー (グレー / ブルー)』は、特徴的な本体デザインに加え、グリップ部分には滑りにくく操作しやすいテクスチャー加工を施しています。また、Windows 10 搭載 PC やタブレットとワイヤレス接続が可能な Bluetooth を搭載しています。^*2

ゲームの臨場感を表現するリアル トリガー^*3、高い操作性を実現したスティックと方向パッドを操作しやすい位置に配置。お持ちのヘッドセット^*4 などを直接接続できる 3.5mm ステレオ ヘッドセット ジャックを搭載したワイヤレス コントローラーです

製品基本情報

^*1 お客様の購入価格は、販売店により決定されますので、販売店にお問い合わせ下さい。
^*2 Windows 10 搭載デバイスとの Bluetooth 接続には Windows 10 Anniversary Update の適用が必要です。また、コントローラー本体のファームウェアをアップデートする必要な場合があります。Windows 10 で Xbox ワイヤレス コントローラーを更新する方法については「Windows 10 で Xbox One コントローラーを更新する方法」を参照してください。Windows 7、8.1、または 10 で Bluetooth を使わずに使用する場合は、USB ケーブル (別売) が必要です。
^*3 リアル トリガーは対応したゲームのみ有効です。
^*4 ヘッドセットの互換性に関する詳細は「互換性のあるヘッドセットを接続する | Xbox One」をご参照ください。

こんにちは、垣内ゆりかです。

マイクロソフトでは、Transport Layer Security (TLS) 1.0, 1.1 の利用を廃止し、より安全なプロトコルである TLS 1.2 以降への移行を推奨しています。(参考: 過去ブログ　[IT 管理者向け] TLS 1.2 への移行を推奨しています)

2020 年 前半、Internet Explorer 11, Microsoft Edge にて、 TLS 1.0 および TLS 1.1 を既定で無効化する措置を行う予定です。

(現時点の予定であり、予定は今後変更になる可能性があります。最新の情報は Microsoft Edge blogを参照してください)

Windows XP/Windows Server 2003 で主に利用されてきた TLS 1.0 は登場から約 20 年経過しました。その間、多くの脅威が発生し、セキュリティ面でも多くの改良がおこなわれたより新しいバージョンの TLS が登場してきました。今年ついに、最新の TLS 1.3 の標準化が行われ、現在、Windows, Edge をはじめとしたマイクロソフト製品、サービスへの実装をすすめているところです。(なお、 TLS 1.3 が達成する安全性については、暗号理論の視点で解説している 株式会社レピダムの米澤氏の解説ブログに詳細がありますので、ご興味のあるかたはぜひご一読されることをお勧めします。）

また、現在は、Windows XP や Windows Server 2003 のサポート終了、そして、業界全体でも TLS 1.2 の実装と利用が進んでいることから、TLS 1.0 が必要となる接続環境も徐々に減少しています。

こうした状況から、マイクロソフトでは、TLS 1.0, TLS 1.1 の利用をとりやめ、TLS 1.2 以降を利用するよう促進を行っています。Office 365 サービスにおいては、無効化が予定 (2018年 10月31日廃止予定) されています。暗号プロトコルは「使ってさえいれば安全」ではありません。現在の脅威に対応できるバージョンのみを利用し、リスクを下げることが重要です。

また、古いアルゴリズムの利用を停止し、新たなアルゴリズムを有効化するにあたっては、組織の環境を精査し、検証するなど、時間を要する作業が必要になります。特に TLS 1.0 は長い間利用されてきたこともあり、無効化による影響の確認には時間を要することが想定されます。ぜひ、早めに移行計画を開始してください。

TLS 1.2 への移行において、必要となる確認作業については、過去ブログ　[IT 管理者向け] TLS 1.2 への移行を推奨しています を参考にしてください。

参考情報

Modernizing TLS connections in Microsoft Edge and Internet Explorer 11

過去ブログ

2018 年 10 月 Office 365 で TLS 1.0, 1.1 での接続無効化。 最終確認を！

[IT 管理者向け] TLS 1.2 への移行を推奨しています

This week the Public Update (PU) for Project Server 2013 and 2016 were released for October 2018 . Client updates were released on Oct 2nd; server updates on Oct 7th. Typically the client updates release on the first Tuesday of the month and server on the second Tuesday release schedule.

There was a Project Server 2010 Cumulative update package released this month but it did not contain any Project updates - just the SharePoint ones. Mainstream support for Project and Project Server 2010 ended October 13, 2015 - see https://support.microsoft.com/en-us/lifecycle. An SP1 patched 2010 system (with no SP2) is no longer supported - see the Lifecycle site for more information - http://support.microsoft.com/lifecycle/search?sort=PN&alpha=project+2010&Filter=FilterNO

We are now delivering as Public Updates, although Server fixes are shipped just via the Download Center and not via Microsoft Update (Unless there is a security element or a fix deemed essential - this month both SharePoint Server 2016 and 2013 fixes have security fixes - so some may have come down via the update center). These are still all cumulative and include fixes released in all previous updates since the last baseline (Initial release for 2016 and SP1 for 2013).

A note about Click-to-Run (sometimes abbreviated C2R) versions of Project for Office 365. The updates for this version are not included in this blog. For some information about Click-to-Run versions, please see the following site for version numbers and some fix information: https://technet.microsoft.com/office/mt465751. We may have a future blog with additional information about Click-to-Run update channels and methods.

Also a note for users of the Project client connecting to Project Online - see https://blogs.technet.microsoft.com/projectsupport/2016/12/15/using-project-online-time-to-be-sure-you-upgrade-the-client-software/- you will have needed a '2016' level client to connect starting since the end of June 2017.

Feel free to open a support case if you have any questions around this or need assistance getting these patches deployed.

We should be back to 'normal' install times now - but leaving this comment here just in case...

The 2013 PU releases also have a real prerequisite of the appropriate Service Pack 1 (SP1), and links for SP1 are given below. SP1 is enforced in this release, so you will find out (as I did) if you really do have SP1 for all your installed components and language packs! This also means RTM is no longer supported! See http://blogs.technet.com/b/stefan_gossner/archive/2015/04/15/common-issue-april-2015-fixes-for-sharepoint-2013-cannot-be-installed-on-sharepoint-2013-sp1-slipstream-builds.aspx too which describes an issue you might see if you don't have the 'right' SP1. Slipstream would work with the original SP1 - but the updates require the re-released SP1. Since the May PU this shouldn't be an issue - but including here just in case.

Another important point to add here is that there was in early 2013 running the SharePoint Configuration Wizard on a server with Project Server 2013 installed -this is fixed by applying the April 2013 or later- so a good practice would be to load SP1, then the current PU and then run the configuration wizard (if you didn't already load the April 2013 through June 2014 CU).

Project and Project Server 2016

An overview of all the Office 2016 releases for September 2018 can be found here -

https://support.microsoft.com/en-us/help/4464656/october-2018-updates-for-microsoft-office - October 2018 updates for Microsoft Office

Project Server 2016

With the 2016 release, we just have a single patch (usually this single patch comes in two parts... a wssloc and sts2016 part - however this month we only have the sts2016 part) - as we have also the single msi for installation of SharePoint Server 2016 (Project Server still needs licensing separately though). Both parts need installing before the configuration wizard is executed. The sts2016 part of the patch also contains security fixes so is released via Microsoft Update, the Update catalog as well as the download center.

Description of the security update for SharePoint Server 2016: October 9, 2018- Includes Project fixes, like the roll-up patch in Project Server 2016.

https://support.microsoft.com/en-us/help/4461447/description-of-the-security-update-for-sharepoint-enterprise-server

There is a database schema update this month - it changes to 16.0.4756.1000. Remember, Project Server 2016 data is in the content database. The version number 16.0.4756.1000 can be used to control the connecting client to the October 2018 level. For reference - the RTM build number seen for the DB schema would be 16.0.4327.1000.

Project 2016 Client package:

October 2, 2018, cumulative update for Project Server 2016 (KB4461443)

https://support.microsoft.com/en-us/help/4461443/october-2-2018-update-for-project-2016-kb4461443

Project and Project Server 2013

An overview of all the Office 2013 releases for October 2018 can be found here - https://support.microsoft.com/en-us/help/4464656/october-2018-updates-for-microsoft-office - October 2018 updates for Microsoft Office. This include multiple fixes, so Microsoft strongly recommends that you test this in a test environment based on your production environment before putting this fix live in production. You can read about the fixes included in the Project and Project Server July PUs from the following articles:

Project Server 2013 Server Rollup Package

October 9, 2018, cumulative update for Project Server 2013 (KB4461456)

https://support.microsoft.com/en-us/help/4461456/october-9-2018-cumulative-update-for-project-server-2013

This month, the cumulative package does not contain patches for Project Server 2013 but only for SharePoint 2013. If you also use SharePoint in your environment, we recommend to install this update.

Project Server 2013 Individual Project Package - (cumulative, but only the Project Server fixes):

None

Project 2013 Client Package:

October 2, 2018, cumulative update for Project Server 2013 (KB4022227)

https://support.microsoft.com/en-us/help/4022227/october-2-2018-update-for-project-2013-kb4022227

This is an update for our customers who are hitting below exception while configuring Log Analytics workspace from SCOM console. This blog talks about workaround for this issue, please follow the mentioned steps.

Workaround:

-          Copy the Advisor dll (version 1.0.5) from this link to Console folder (C:Program FilesMicrosoft System CenterOperations ManagerConsole).

-          Try to configure your Log Analytics workspace connection and this time it will work.

-          Remove this Advisor dll from Console folder after Log Analytics configuration is done.

[Note]: If you will not delete Microsoft.IdentityModel.Clients.ActiveDirectory  from Console, then you will hit the above exception while adding subscription to Azure MP.

What is causing this exception?

This exception will only occur when you have Azure MP installed on your system.

The reason is both Azure MP and Advisor MP use different versions of Microsoft.IdentityModel.Clients.ActiveDirectory library.

When the intended version of this library isn’t found, Console throws FileNotFound exception

Hello All,

If your like my customers as you start using SPO for the first time, you maybe have migrated a few sites and your users have discovered that some sites are permissioned with Everyone except External or some other group that allows to may users.  And now you have to figure out how to disable this feature and save the day.

There are a few things you can do:

1. What might seem obvious but is not necessarily the easiest is to fix the permissions on Sites, Folders, and Documents so that you can continue to use the feature.
2. You can disable delve for your whole tenant by following the steps in this document while effective it disables the feature as well as all of Delve which might not be what you want to do.
3. You can disable the feature via API per user (See this article) and to help you try this GitHub project which will disable for 20 users at a time (See this GitHub project)

Pax

Today's tip...

Introducing Sketch2Code, a web based solution that uses AI to transform a handwritten user interface design from a picture to a valid HTML markup code.

User interface design process involves a lot a creativity that starts on a whiteboard where designers share ideas. Once a design is drawn, it is usually captured within a photograph and manually translated into some working HTML wireframe to play within a web browser. This takes efforts and delays the design process. What if a design is refactored on the whiteboard and the browser reflects changes instantly? In that sense, by the end of the session there is a resulting prototype validated between the designer, developer, and customer.

Within Microsoft Cognitive Services we host Computer Vision Service. The model behind this service has been trained with millions of images and enables object detection for a wide range of types of objects. In this case, we need to build a custom model and train it with images of hand-drawn design elements like a textbox, button or combo box.

The Custom Vision Service gives us with the capability to train custom models and perform object detection for them. Once we can identify HTML objects we use the text recognition functionality present in the Computer Vision Service to extract hand-written text present in the design. By combining these two pieces of information, we can generate the HTML snippets of the different elements in the design. We then can infer the layout of the design from the position of the identified elements and generate the final HTML code accordingly.

I encourage everyone to read the full article HERE and check out the YouTube video HERE

References:

• Turn your whiteboard sketches to working code in seconds with Sketch2Code - https://azure.microsoft.com/en-us/blog/turn-your-whiteboard-sketches-to-working-code-in-seconds-with-sketch2code/
• Sketch 2 Code - https://www.ailab.microsoft.com/experiments/30c61484-d081-4072-99d6-e132d362b99d
• Sketch 2 Code on YouTube: https://www.youtube.com/watch?time_continue=1&v=V6pqqPPHyYM
• Sketch 2 Code on GitHub - https://github.com/Microsoft/ailab/tree/master/Sketch2Code

The latest cumulative update for Exchange Server 2016 is now available on the download center. There is no release for Exchange Server 2013 or Exchange Server 2010 as these products are both in the extended support phase of lifecycle. The cumulative update released today includes fixes to customer reported issues, all previously reported security/quality issues and updated functionality.

Updated Pre-requisite requirements

.NET Framework 4.7.2 Support

.NET Framework 4.7.2 is now supported with Exchange Server 2016 Cumulative Update 11. .NET Framework 4.7.2 will be required on Exchange Server 2016 with the Cumulative Update released in June, 2019.

We have validated .NET Framework 4.7.2 on the previously released Exchange Server 2013 Cumulative Update 21 and are announcing .NET Framework support with Exchange Server 2013 Cumulative Update 21 as well.

.NET Framework 4.7.2 will be required on the forthcoming Exchange Server 2019. Windows Server 2019, which is also required for Exchange Server 2019, installs .NET Framework 4.7.2 by default.

Changes to Visual C++ Version Dependencies

With today’s release we are updating the Visual C++ runtime version dependencies on Exchange Server 2016. Effective with Cumulative Update 11, all Exchange Server 2016 roles (Management Tools, Mailbox, Edge) will require installation of Visual C++ 2012 runtime. This is a change from Cumulative Update 10 where Visual C++ 2013 was incorrectly listed as being required on all roles. Visual C++ 2013 runtime, in addition to Visual C++ 2012, is required on the Mailbox role only.

Versions of Exchange setup before Cumulative Update 11 silently installed Visual C++ 2010 and 2012 components. Exchange setup has been changed in Cumulative Update 11 and later to enforce the Visual C++ runtime requirements using setup pre-requisite rules. When installing Cumulative Update 11 or later for the first time on an existing server, setup will detect the presence of the previously installed instances of Visual C++ placed there by Exchange setup and will not indicate that the Visual C++ 2012 runtime needs to be installed.

However, when setup performs the first upgrade of a server to Cumulative Update 11 or later, it will remove the versions of the Visual C++ binaries placed there by Exchange setup previously. This removal is necessary to change setup behavior, correct the condition which caused us to issue an advisory to install MS11-025 and ensure that future Visual C++ updates are applied by Windows Update and Microsoft Update.

Important: To avoid a setup failure, it is necessary to install the Visual C++ 2012 runtime before installing Cumulative Update 11 or later for the first time on an existing server. The setup pre-requisite rule works as expected when using Cumulative Update 11 or later to install a new server using the Cumulative Update 11 or later package.

Note: Exchange Server 2019, when released, will include the Visual C++ pre-requisite rules enforced by setup.

Release Details

KB articles that describe the fixes in each release are available as follows:

• Exchange Server 2016 Cumulative Update 11 (KB4134118), Download, UM Lang Packs

The updates released today do not include new updates to Active Directory Schema. If upgrading from an older Exchange version or installing a new server, Active Directory updates may still be required. These updates will apply automatically during setup if the logged on user has the required permissions. If the Exchange Administrator lacks permissions to update Active Directory Schema, a Schema Admin must execute SETUP /PrepareSchema prior to the first Exchange Server installation or upgrade.

Cumulative Update 11 does require an Administrator to execute SETUP /PrepareAD to ensure RBAC roles are current before applying the cumulative update released today.

Adjustment to Cumulative Update Release Schedule

Due to the delay associated with Cumulative Update 11, there will not be a cumulative update released in December 2018. Our next planned set of quarterly updates will occur in March 2019 and will include Exchange Server 2016 Cumulative Update 12 and Exchange Server 2019 Cumulative Update 1.

Additional Information

Microsoft recommends all customers test the deployment of any update in their lab environment to determine the proper installation process for your production environment. For information on extending the schema and configuring Active Directory, please review the appropriate TechNet documentation.

Also, to prevent installation issues you should ensure that the Windows PowerShell Script Execution Policy is set to “Unrestricted” on the server being upgraded or installed. To verify the policy settings, run the Get-ExecutionPolicy cmdlet from PowerShell on the machine being upgraded. If the policies are NOT set to Unrestricted you should use the resolution steps in KB981474 to adjust the settings.

Reminder: Customers in hybrid deployments where Exchange is deployed on-premises and in the cloud, or who are using Exchange Online Archiving (EOA) with their on-premises Exchange deployment are required to deploy the currently supported cumulative update for the product version in use, e.g., 2013 Cumulative Update 21, 2016 Cumulative Update 10 or 9.

For the latest information on Exchange Server and product announcements please see What's New in Exchange Server 2016 and Exchange Server 2016 Release Notes. You can also find updated information on Exchange Server 2013 in What’s New in Exchange Server 2013, Release Notes and product documentation available on TechNet.

Note: Documentation may not be fully available at the time this post is published.

The Exchange Team

Por: Trudy Norris-Grey, CityNext, infraestructura conectada y Desarrollo de negocios globales en Microsoft in Government

Este año en Smart City Expo World Congress 2018, Microsoft se unirá a los líderes globales para compartir soluciones innovadoras enfocadas en la transformación digital de las ciudades. En este texto, se describe la manera en que Microsoft brinda servicios inteligentes y una plataforma confiable para las soluciones de los socios que impulsan a las ciudades a ser más seguras, prósperas y sustentables. Únanse a Microsoft y a sus socios en SCEWC 2018.

Cerca del 55% de los habitantes del planeta viven en la actualidad en áreas urbanas, y se espera que este porcentaje se incremente a un 68% (más de 6 mil millones de personas) para 2050. En correlación directa, se espera que el número de automóviles en el camino sea más del doble a cerca de 2 mil millones para 2050, lo que agravará los problemas de tránsito y amontonamiento. Conforme crecen las ciudades y se vuelven más pobladas, los planeadores urbanos enfrentan el reto de asegurar que los ciudadanos tienen opciones de transporte sustentables y económicas que cumplan con sus necesidades. Esto pondrá un presión significativa en las ciudades, que ya consumen alrededor del 75% de la energía global primaria, y deben determinar cómo mantener a millones de ciudadanos en movimiento a través de transportación pública y privada.

Por fortuna para los ciudadanos de la actualidad, el futuro de la movilidad urbana nunca había sido tan brillante.

Imaginen un mundo donde los vehículos autónomos recorren las calles y las autopistas. Las ciudades conectan a los ciudadanos en formas multi modales de transporte, como trenes, autobuses, y compartir viajes, con planeación intuitiva de recorrido y sistemas de pago. Los ricos datos de la infraestructura inteligente, las redes de transporte, y los vehículos conectados impulsarán a los planeadores urbanos, agencias de tránsito, y a otros líderes urbanos a progresar en la movilidad urbana para las futuras generaciones. Las ciudades tendrán la capacidad de adaptarse en tiempo real a las preferencias del viajero y construir modelos tarifarios dinámicos, así como de gestionar de manera proactiva la infraestructura y el flujo del tránsito de los vehículos al anticiparse a problemas antes de que ocurran e identificar tendencias emergentes.

Este futuro de movilidad inteligente se vuelve cada vez más una realidad conforme las ciudades y los líderes urbanos voltean hacia la transformación digital.

La visión de Microsoft para mejorar la movilidad urbana

Microsoft y sus socios han comenzado a desarrollar tecnologías de vanguardia que impulsas a las ciudades para establecer redes inteligentes de transporte y optimizar la movilidad urbana para los ciudadanos, y todo inicia con los datos. Las soluciones de Microsoft y de sus socios ayudan a las ciudades a construir infraestructuras inteligentes al conectar miles de millones de dispositivos soportados por IoT en el entorno, sobre una plataforma segura que se extiende desde los circuitos hasta la nube.

Una vez conectada, esta vasta red de dispositivos impulsa a las ciudades a generar los ricos datos requeridos para aplicar Inteligencia Artificial (IA) y descubrir información de valor que puede utilizarse para tomar acciones. Al agregar IoT y datos de ubicación mientras se utiliza tecnología segura de nube, las ciudades y agencias de tránsito pueden utilizar IA para identificar congestiones o enrutar el tránsito, alertar a los ciudadanos sobre opciones de estacionamiento, asegurar una operación consistente del tránsito de vehículos con mantenimiento predictivo, y desarrollar programas para incentivar el uso del tránsito. Incluso pueden mejorar la gestión inteligente de energía al optimizar la carga de vehículos eléctricos con datos recabados de las redes inteligentes.

Connected Vehicle Platform de Microsoft, apoyada por socios líderes en la industria, utiliza datos para llevar a las ciudades a un nuevo nivel de movilidad urbana. La telemática y los servicios predictivos mejoran la experiencia del conductor a través del uso de datos de telemetría para entregar notificaciones de mantenimiento predictivo. Los consumidores pueden mantenerse conectados con soluciones de conferencia, herramientas de productividad, y soporte de asistente personal inteligente dentro del vehículo. Los sistemas avanzados de asistencia al conductor incrementan la seguridad y el desempeño al entregar datos del ambiente y el camino al conductor o al sistema autónomo de conducción en tiempo real, todo esto mientras se utilizan servicios o datos de ubicación para navegar, buscar, recorrer y mejorar el tiempo de traslado.

Los socios ya han comenzado a ayudar a las ciudades a reimaginar la transportación con nuestras poderosas tecnologías

Cubic Transportation Systems, socio de Microsoft, es un líder integrador de tecnología de pago e información que conecta a más de 38 millones de viajeros diarios a nivel global cada día, y que procesa 24 mil millones de transacciones al año. Cubic construye soluciones inteligentes en una plataforma versátil para la gestión de la movilidad, con un enfoque en agencias de transportación en ciudades responsables de la gestión de redes de caminos y transporte público. Cubic trabaja para crear las maneras más sencillas para que los ciudadanos viajen y paguen con Microsoft, se apoya en la nube para gestionar datos de manera segura, y soporta la flexibilidad y escalabilidad que los clientes necesitan para responder en un ambiente que cambia de manera constante.

PwC, socio de Microsoft, es otro gran ejemplo de cómo podría ser el futuro de las ciudades inteligentes. Sus capacidades abarcan las diversas necesidades de las ciudades modernas y de sus ciudadanos a través de la movilidad urbana y a través de infraestructura, datos, analítica, así como de planeación colaborativa y seguridad pública. Como líder profesional de la industria de servicios, PwC trabajó con la provincia de Ontario para unificar 11 agencias de tránsito a través de PRESTO, un programa que ayudó a los ciudadanos a viajar de manera más eficiente a través de un sistema de una tarjeta de pago. Al aprovechar la poderosa y escalable plataforma de datos de Microsoft y las visualizaciones de Power BI, PwC impulsó a la provincia para convertir la analítica en una plataforma de decisiones y acciones, y hacer los cambios (como los pagos) que los clientes querían.

Conecten con nosotros en SCEWC 2018 para conocer más sobre cómo mejorar la movilidad urbana en su ciudad

Microsoft entrega tecnología de punta para la creación de ciudades inteligentes y para redefinir la movilidad urbana. Conozcan más sobre cómo Microsoft y sus socios, como Cubic Transportation Systems y PwC, crean un futuro más móvil para los ciudadanos del mañana. También, visiten nuestro stand en Smart City Expo World Congress 2018 y, ¡Regístrense para asistir a CityNext Intelligent Cities Forum!

The lead up

              Here within Microsoft we pride ourselves as being the “first and best” consumer of ConfigMgr features.  With that comes early learning and a little bit of pain as we try features early in the development cycle, and with code that is sometimes not fully tested or implemented as full as envisioned.  With the advent of the ConfigMgr (a.k.a SCCM) peer cache functionality we saw the opportunity to get in early on the roll out to aid us in some of our other projects (like a move to Azure and a DP removal for cost reduction).  Sarat Chandra was the man tasked to bring the idea of peer content sharing from the whiteboard to the production environment and while he had to deal with a few bumps in the road, he got us to a nice solid implementation.  That early lead also led to some fun tests as we worked with the development team to use and improve the feature to give you what you have available today.  One memorable learning from those early days was when a workstation (the workstation of our boss) served out over 3 TB of data to nearly 200,000 other machines, at the same time becoming useless for an entire day due to CPU and NIC consumption.  We also got a reminder that laptops move and while they might start the day in one office, later serving content to people in that office, when the laptop has moved to a Starbucks down the road, is not so good for making happy users and network admins.

Results today

              Much refinement has gone into both the product and our implementation of the feature to bring us to a much nicer point now.  We have it rolled out across the company and we have better reporting that is now showing that only 10-20% of our content requests are coming from our distribution points.  We did that through a combination of the ConfigMgr Peer cache functionality and the built-in OS BranchCache functionality.  We have also reduced our distribution point footprint in branch offices significantly, with a goal to completely remove them al in the next year.

              Getting this success required finding the right targeting for creating peer cache source servers.  Today we have some general targeting that works well for most locations, with some rule exceptions to handle a few remote offices that didn’t have a good result set for our peer source servers.  The combination that gave us the best success for defining a peer source was created as a collection which we then target with the appropriate client agent settings.  That combo is:

·       Not a high-level executive (We don’t want to risk any impacts to our CEO, for example)

·       Desktops only (they don’t move much and provide reliability)

·       Hardwire connection (more dependable throughput than wireless)

·       Not a VM

In our corporate headquarters we had many more machines to choose from for peer sourcing so we further improved content deliverability and reduced our selection set for peer source servers by also targeting only those machines with 20GB of free disk space.  This was done as an optimization to make sure we didn’t have a lot of cache churn on peer source servers.  Other locations had fewer potential targets, so we didn’t use this limitation on those locations.  Here is what the last 24hours looked like for us:

We also built custom reports to measure efficiency of Peer Content Source using rejection data that sources send based on the throttling set at the client agent settings and create an alert. This helps us track and remove Peer sources that are not efficient and help minimize content delivery delays. Below is the sample report:

Our Future:

              All this said, the ConfigMgr and OS products continue to improve, and we are looking to integrate those improvements as well.  We are about to start a pilot on the new partial download functionality that is available in the 1806 release.  We also have been really excited by what we have seen and heard about LEDbat implementation possibilities.  This new peer content process is a small change for ConfigMgr infrastructures but can be a big change in design and resiliency for your content distribution.

Continuing with another post of Windows Server 2019 sessions from Ignite, this one includes some of the security and identity sessions. There will be coverage of additional hybrid Active Directory sessions in an upcoming post, but I've included the AD FS ones here alongside the security recordings.

Elevating your security posture with Windows Server 2019

Windows Server 2016 started the journey helping customers elevate their security posture starting with the operating system. Windows Server 2019 brings many enhancements to these features as well as a whole new set of capabilities. This session provides a rich overview of many of the security capabilities that are built-in to Windows Server with a specific focus on what’s new to Windows Server 2019.  The National Institute for Standards and Technology (NIST) will also join us to discuss Microsoft’s participation in their trusted cloud project which outlines security best practices for hybrid clouds--a solution built on Hyper-V Shielded VMs. Additionally, the SQL Server team will demonstrate how they leverage Virtualization-based Security and health attestation in Windows Server 2019 to protect data at rest and at runtime in their imminent release of SQL Always Encrypted with Enclaves.

What's new in Active Directory Federation Services (AD FS) in Windows Server 2019

Active Directory Federation Services (AD FS) continues to be the #1 federation provider to login to Office 365 and has grown to power logins for over 77M users globally! AD FS is also actively used to build modern applications to power the next generation of line-of-business applications that cater to the digital transformation for modern workplaces. Learn about the exciting new and upcoming capabilities in Windows Server 2019 to securely and seamlessly sign-in users from anywhere on a variety of devices. We primarily focus on securing extranet access and enabling logins without passwords, and discuss additional security features to protect password-based logins for extranet access. We focus on new capabilities introduced to support modern applications built using OpenID Connect and OAuth. We also discuss advances made to enable smooth sign-in experiences for end users.

There are no compensating controls for an insecure Active Directory

Today everything needs to be secure, but you need to start with Active Directory. Because if AD isn’t secure – nothing else in your organization is regardless of operating system, products, or procedures. That’s a strong statement, but one that Randy Franklin Smith can back up with facts. In this fast-paced session Randy spotlights the multitudinous ways that virtually any component or information on your network can be compromised if the attacker first gains unauthorized access to AD. The good news is AD was designed well and has stood the test of time. AD security is a matter of design, comprehensive management, and monitoring and is the basis for the list of fundamentals for securing AD shared in this session.

Secure access to Office 365/Azure Active Directory with new features in AD FS in Windows Server 2019

Active Directory Federation Services (AD FS) continues to be the #1 federation provider to login to Office 365 and has grown to power logins for over 77M users globally! In this session, learn about the exciting new and upcoming capabilities in Windows Server 2019 to securely and seamlessly sign in users from anywhere on a variety of devices. We primarily focus on securing extranet access and enabling logins without passwords, and discuss additional security features to protect password-based logins for extranet access. We focus on the new Azure AD Password Protection feature to ensure strong passwords for all users. We also discuss advances made to enable smooth sign-in experiences for end users.

In Part 1, a basic overview of the United States Department of Defense (DoD) Risk Management Framework (RMF) may be found.  Now we turn to the “so what” - this entry examines how process consultants may apply their knowledge and skills to assist organizations’ efforts to realize the desired outcome of the RMF.  It is important to note that the RMF and the underlying security controls from the applicable NIST publications may be used by anyone, not just DoD!  Indeed, NIST SP 800-37r1 states, in section 1.2, “State, local, and tribal governments, as well as private sector organizations are encouraged to consider using these guidelines, as appropriate.”

The heart of the interfaces between ITIL and the RMF are the security controls.  Many of them are process-oriented!  Recall from Part 1 that these controls must be selected, implemented, and assessed.  Process consultants may be of great use in the implementation and assessment of controls.

NIST SP 800-53r1, Appendix F, contains some details about the various security controls that may be applied to systems and, most importantly to us, it provides requirements and recommendations for these controls.  There are many controls that may be influenced by IT processes.  Account management and privileged access are two, as well as contingency planning, and others.  The one that is most obvious to me is Configuration Management, and it has an entire family of controls and requirements under it, so let’s look at that.

If you were to open the NIST publication just referenced and find your way to Appendix F, you’d be able to find, somewhere in the neighborhood of page F-64, an overview of the Configuration Management family of controls.  All the controls may be implemented through a Configuration Management Plan (CMP), which is a common product of process consultants.  The task is to ensure that the CMP meets the requirements of this control family.

When assessments find artifacts and evidence that a control is implemented correctly, and that the result is an enhanced security posture, a higher degree of assurance is attained.  Enter the process consultant – we have all seen plans and process documentation wherein it is stated that things will be done a certain way, only to find that there is little to no evidence (in the form of process artifacts) that this is the case in practice.  A process consultant is particularly well-suited to review a CMP and ensure that it meets the requirements for this family of controls and, if they are diligent, to provide assurance that this is so.

CM-3 is of particular note – Change Management.   A process consultant may evaluate the organization’s change management plan to ensure that it

a)       Categorizes changes and clearly defines the categories

b)      Provides for an information security specialist be on the change review board and that this role possesses either change decision recommendation rights or voting rights

c)       Requires change decisions to be documented

d)      Requires that change records not be closed until verification of change implementation is complete

e)      Provides for the archival of change decisions and implementation verifications

f)        Provides for audit and review of change-related activities

g)       Defines change review board policies and procedures

All of this is merely to say that the plan meets the basic requirements of the control.  The text goes on to provide even more detail as to enhancements that may be made to the control.  After a review of the CMP, the act of providing assurance requires that proof be found – plans are just plans.  Therefore, the consultant should

a)       Review change records to ensure that changes are being categorized and that the system in question is distinguishable in change records from other systems (“I’d like to see all the change records in the last year for [system].”

b)      Attend several change review meetings and verify that an information security specialist is in attendance and that they either make recommendations or vote.

c)       Review change management artifacts to ensure that change decisions have been captured.

d)      Review change records to see if there is evidence that they are closed only upon verification that the change is implemented.

e)      Ensure that the artifacts of change decisions and change records in general are archived in accordance with policy.

f)        Locate evidence of change implementation and ensure that it records who made the change and is tied to the change record.  Also, incident records should be attributable to a change when applicable.

g)       Attend several change review meetings and ensure that they are conducted in accordance with policy/plan.

There are scores of controls defined in the NIST publication, many of which are either directly or indirectly influenced by “traditional” IT processes such as asset management and change/configuration management, as well as the more obviously security-related ITIL processes of Security Management, IT Service Continuity Management, and Access Management.

We have reviewed in this entry an example of how a process consultant may assist an organization in the implementation of the security controls required by the RMF.  In Part 3 I will provide an example from my work in which a customer complained of a control not being met and how I approached the matter.

What’s new and what’s coming with SharePoint & OneDrive Security, Compliance, and Administration – October 2018 Edition

In today’s complex and regulated environment, businesses need to focus on building more secure solutions that deliver value to their customers, partners, and shareholders—both in the cloud and on-premises.

Microsoft has been building enterprise software for decades and running some of the largest online services in the world. We draw from this experience to keep making SharePoint and OneDrive more secure for users, by implementing and continuously improving security-aware software development, operational management, and threat-mitigation practices that are essential to the strong protection of your services and data.

SharePoint and OneDrive are uniquely positioned to help you address these evolving security challenges. To begin with, Microsoft has continued to evolve with new standards and regulations. This has been a guiding principle as we think about security for SharePoint and OneDrive. Right alongside that principle is this one: There is no security without usability. If security gets in the way of productivity, users will find a different, less secure way to do their work.

At Microsoft Ignite 2018 we announced many of the new capabilities that are available now and coming soon to Office 365.

NOTE This is the first of regular monthly updates for what’s new and what’s coming with security, compliance, and administration in SharePoint and OneDrive.

Unified Labels

Unified labels in Microsoft 365 provide you a more integrate and consistent approach when creating labels and configuring and applying policies to protect and govern information across devices, applications, cloud, and on-premises locations. Unified labels provide a single location to create and configure data sensitivity labels for both Azure Information Protection and Office 365, so you can set up protection and retention labels and policies in the same place.

Unified labels in Microsoft 365 are available now.

SharePoint site classification labels

Across your organization, you probably have different types of content that require different security requirements to comply with industry regulations and internal policies.

Using Microsoft Information protection labels you can now apply consistent security and access policies to SharePoint Sites based on the sensitivity of the site. You can create sensitivity labels and associate them with policies in the new Microsoft 365 Security and Compliance Center. You can then apply these labels to files, emails, groups, Sites and Teams to automatically enforce consistent policies across your content.

SharePoint site classification labels will begin rolling out to Targeted Release in December 2018.

Automation application of retention labels

Data is your company’s most important asset, with the automatic application of retention labels you can ensure your most important assets are compliant to meet your corporate or regulatory requirements.  These retention labels can be created by importing the content types that you already use in SharePoint to help streamline the application of retention policies across all your content in SharePoint.

Content type to label support will begin rolling out in November 2018.

Label analytics

Information is growing at exponential rates and we’re making it easier for you to stay informed on how retention and sensitivity labels are being used to classify, retain, and protect your organization’s content in the cloud.

Using label analytics you can now get insights into how content is being labeled, including which labels are used most, and what emails and files they’re being applied to and also explore user activity to identify who’s been applying labels, investigate unusual trends, and more.

Label analytics will begin rolling out in Q4 2018.

File plans

Office 365 already provides data governance labels to establish rules for records management and retention.  Later this year we’ll be augmenting those with hierarchical file plans, allowing you to manage a range of retention labels with identifiers, departments, categories, statutory references and more.  File plans can be exported from Office 365 for easy editing in Excel, and then reimported to update label rules.

Files plans will begin to be available in Q4 2018.

Files Restore for SharePoint and Microsoft Teams

Data loss is non-negotiable, today we announced Files Restore for SharePoint and Microsoft Teams.

Files Restore is now available for SharePoint document libraries, protecting your shared files in SharePoint, Teams, Outlook groups, and Yammer groups connected to Office 365 groups and uses the same recovery capabilities that protect your personal files in OneDrive for Business.

Files Restore is a complete self-service recovery solution that allows site administrators restore document libraries from any point in time during the last 30 days and rewind changes using activity data to find the exact moment to revert to.

Files Restore for SharePoint and Microsoft Teams will begin rolling out to Targeted Release in December 2018.

Multi-geo capabilities for SharePoint

Multi-geo capabilities with SharePoint support your global data residency needs by storing SharePoint data in more than one selected Office 365 data center regions or countries. Microsoft commits to provide in-geo data residency, business continuity and disaster recovery for your core customer data at rest.

With multi-geo capabilities for SharePoint you can have a single Office 365 tenant that can span across multiple geos and enable a unified communication and collaboration experience across your global organization. You can migrate various on-premises satellites data silos into a single Office 365 tenant and at the same time meet your data residency needs. Your users are now connected to the people and content that matter most, regardless of where they work.

For IT, you can use powerful Office 365 admin tools to easily create and manage satellite sites and if needed move user data between geos to meet your data residency business needs. Get reports on where each user’s data is stored and audit trail of activities of all users in your global enterprise. Tailor sharing, security, and compliance policies separately for each geo—all from a familiar admin experience.

To learn more about Multi-Geo Capabilities in Office 365 see https://products.office.com/en-us/business/multi-geo-capabilities.

Multi-Geo capabilities with SharePoint Online are available now.

External sharing integration with Azure AD B2B

Last year at Ignite we introduced a new external sharing experience where recipients could access the shared content in a secure way by entering a one-time passcode sent to their email address without the need of creating or remembering passwords. This year, we're taking it a step further by integrating the one-time passcode sign-in experience with the Azure AD B2B platform. This enables external users to exist in your Azure AD directory as Guests which can be managed in the way you are already familiar with. This integration also brings the one-time passcode experience when sharing SharePoint sites and lists with external user.

SharePoint admin center updates

At Microsoft Ignite, in addition to our security and compliance news, we announced several exciting new features coming to the new SharePoint admin center.

Make the new admin center your default admin center…

The new SharePoint admin experience provides a completely revamped SharePoint admin center that draws heavily on our modern principles… an administrative console designed to help IT achieve more, so their users can achieve more. If you’ve enjoyed using the new SharePoint admin center up until today, you now have the option to make the new SharePoint admin center your default experience while still being able to go back to the classic admin center if you need to.

Improved management experience for group-connected sites

Office 365 Groups is a service that works with the Office 365 tools you use already so you can collaborate with your teammates when writing documents, creating spreadsheets, working on project plans, scheduling meetings, or sending email. Now we’re making it easier to manage group-connected sites by allowing SharePoint administrators manage ownership, change sharing settings, and delete and restore sites.

Simplified hub site creation and association

Sites and data grow as your organization grows. With SharePoint hub sites, you can bring flexible, dynamic building blocks to your organization’s intranet – connecting collaboration and communication.  Now in the SharePoint admin center, you can manage existing hub sites in addition to creating hub sites and associating existing sites with a hub site.  These capabilities also extend to multi-geo scenarios.

Quickly customize and control the site creation experience

Creating sites is one of the most common tasks an administrator performs in many SharePoint environments, and we’ve made it easier to customize and control how sites are created.

New site creation options allow you to create sites on behalf of users and configure common settings such as language, time zone, and storage limit and for classic and communication sites you can now also specify their managed path.

In addition to these site creation controls, you now can specify global settings that apply to all site when they're created too such as the time zone and site creation path and for organizations who want to control the site creation experience, you can enable or disable self-service site creation.

Improved site management experience

In response to your feedback, we’ve added more management controls across site management and storage, including a simplified view of your tenant-level storage usage and limit and the ability to switch to manual site storage management.

Additionally, in many cases you may want or need more than one or two administrators for a site collection.  In response to your feedback, we’ve now enabled the use of security groups as a site collection administrator in SharePoint Online.

Finally, we’re making it simpler to execute site actions by moving many of the common actions to the command bar rather than the site information panel.

Keep your information secure with improved access control and policies options

The freedom to work fluidly, independent of location has become an expectation as has the freedom to access email and documents from anywhere on any device—and that experience is expected to be seamless.  However, data loss is non-negotiable, and overexposure to information can have lasting legal and compliance implications.  IT needs to make sure that corporate data is secure while enabling users to stay productive in today’s mobile-first world, where the threat landscape is increasingly complex and sophisticated.

New updates to the SharePoint admin center include a consolidated view of access control policies to help safeguard your information.   On the new access control page, you can configure policies for unmanaged or non-compliant devices, configure the idle-session sign-out experience for users, as well as configure location policies to restrict or allow access to SharePoint Online from known IP ranges.

SharePoint admin center improvements will begin rolling out to Target Release in October 2018.

Learn more about how we secure your data with SharePoint and OneDrive in Office 365 and how customers are achieving success at https://aka.ms/SharePoint-Security.

こんにちは。

Windows プラットフォーム サポート担当の佐々木です。
今回は、クォータを設定したボリュームのバックアップを Windows Server バックアップで取る際に警告がでる事象についてご説明させていただきます。

■クォータ設定とは？

複数のユーザが共有するコンピュータにおいて、各ユーザが自由に利用できるハードディスクの容量の上限を設定することです。
OS の機能として提供されており、ファイル サーバー リソース マネージャー(FSRM) という機能の中のひとつです。

詳しくは以下のリンクをご参照ください。
ファイル サーバー リソース マネージャー(FSRM)の概要

■発生事象

Windows Server バックアップを利用したバックアップで、クォータを設定したボリュームに対し、
フォルダ指定や除外設定をしてバックアップを開始すると『バックアップを完了しましたが、警告が発生しました。』という警告が出る事象が発生します。

＜Windows Server バックアップのログに記載されるエラー内容＞

E:System Volume InformationSRMquota.md のバックアップで書込み操作中にエラーが発生しました:　エラー [0x80070020] プロセスはファイルにアクセスできません。別のプロセスが使用中です。
※エラー内容は、以下の手順で確認することができます。

①ローカル バックアップ画面左下の『詳細を表示』をクリックします。

②以下のような画面が表示されるので、左下の『失敗したすべてのファイルの一覧を表示する』をクリックします。

③メモ帳が立ち上がり、エラー内容が確認できます。

■弊社で確認した環境

Windows Server 2012

■発生条件

本事象が発生する条件は、以下の2パターンに限定されます。

＜パターン１＞
Windows Server バックアップで、クォータが設定されたボリューム内のファイルを指定してバックアップを取得する場合

＜パターン２＞
Windows Server バックアップで、クォータが設定されたボリューム内のファイルをバックアップ対象外に指定して、ボリュームのバックアップを取得する場合

※クォータを設定していても、サーバー全体をバックアップする場合や、ボリューム内のファイルをバックアップ対象から除外設定せずに丸ごとバックアップする場合は、この事象は発生しません。

■結論

バックアップ時に警告が表示されますが、バックアップとして問題はございません。
整合性のあるバックアップ データですので、リストアも可能です。
クォータ設定にも影響はございませんので、ご安心ください。

この警告を表示させないようにするためには、発生条件となるバックアップの取得方法を避けていただきますようお願いいたします。

■参考）検証

＜警告が発生する事象の再現手順＞

①クォータを設定したボリュームに対し、フォルダ指定や除外設定をかけて Windows Server バックアップを開始します。

※今回は、ボリューム E にクォータを設定しています。
※バックアップは、ボリューム E の test_folder2 フォルダを除外してバックアップを取得します。
　除外・選択するファイルやフォルダは任意です。

②バックアップ完了時、状態欄に、『バックアップを完了しましたが、警告が発生しました。』という警告がでます。

＜リストアの手順＞

①発生した警告を無視し、バックアップデータをリストアします。
完了すると以下のように表示されます。

②リストアが完了したボリュームを見ると、バックアップデータが正しく回復されていることが確認できます。

いかがでしたでしょうか。
本ブログが少しでも皆様のお役に立てば幸いです。

Logbucheintrag 181017:

2500 Partner werden in der kommenden Woche auf Microsofts Deutscher Partnerkonferenz in Leipzig erwartet. Dies zeigt, wie groß der Zuspruch für unser Ökosystem inzwischen geworden ist. Microsofts Partnernetz ist inzwischen größer als das von AWS, Salesforce und Google zusammen. Allein in Deutschland gibt es 31.500 Partnerunternehmen, die mit ihren Services und Lösungen den Erfolg von Microsoft überhaupt erst möglich machen.

Und umgekehrt macht Microsoft mit seinen Cloud-Lösungen erst den Erfolg der Partner und Kunden möglich. Gerade auf der Azure-Plattform schreitet das Wachstum stürmisch voran. Dazu trägt nicht allein die hohe Verfügbarkeit der Cloud-Infrastruktur bei, sondern auch die Tatsache, dass immer mehr Lösungen über die Cloud für den Kunden erreichbar sind – von IoT-Lösungen bis zur künstlichen Intelligenz. Deshalb steht die DPK in Leipzig auch unter dem Motto „The New Intelligence“, weil rund um intelligente Lösungen derzeit das größte Wachstumsplus entsteht.

Das zeigt sich vor allem in Deutschland, wo die Migration in die Cloud auf breiter Front läuft. Längst geht es nicht mehr um das „Ob“, sondern um das „Wie“ und „Wann“. Das schlägt sich in wirtschaftlichen Erfolgszahlen nieder: Viele Partner erzielen inzwischen mehr als die Hälfte ihrer Erlöse über Managed Services. Mit jedem Euro, den Microsoft einnimmt, verdienen Managed Service Provider das Zwölffache. Und 90 Prozent des gesamten Microsoft-Umsatzes wir durch Partner erwirtschaftet. Das allein zeigt, wie lukrativ das Ökosystem für Partner und Kunden ist.

Ein Beispiel dafür, wie interessant Cloud-basierte Lösungen für das Geschäft bei Kunden und Partnern gleichermaßen ist, ist die Cloud-basierte Datenbank Cosmos, die jetzt auch für verteilte Datenhaltung in der Cloud optimiert ist. Gerade bei global tätigen Unternehmen sind Datenreplikation und Datenupdates entscheidend. Wie sonst sollen Bestellungen in Asien und in Europa, die gleichzeitig getätigt werden können, reserviert, gebucht und verarbeitet werden? Während Microsoft Azure die Infrastruktur für eine solche Herausforderung liefert, ist Cosmos DB für verteilte, massive Datenmengen prädestiniert. Ein ideales Betätigungsfeld für Partner, die ihren Großkunden einen weltumspannenden Service bieten müssen.

Auch mit Azure IoT Edge lassen sich verteilte Infrastrukturen in der Fertigung aufbauen, wobei die Daten aus Performancegründen nicht unmittelbar in die Cloud, sondern an ihren Rand, an der Edge, gespeichert werden. Auch hier sind komplexeste Managed Services gefragt, für die Microsoft mit Partnern die Lösungen vorhält.

Und auch im Umfeld der künstlichen Intelligenz sind die Angebote für Machine Learning und Conversational Computing inzwischen so weit ausgereift, dass Partner auf der ganzen Welt eigene Lösungen damit realisieren. Dabei wächst nicht nur das Angebot an Funktionalität – auch das Knowhow bei Partnern und Kunden wächst massiv. So haben wir bei LinkedIn herausgefunden, dass die Zahl der Professionals, die KI-Expertise zu ihren Skills hinzugefügt haben, um 190 Prozent seit 2015 gewachsen ist. Dies zeigt, wie rasant sich das Microsoft Ökosystem entwickelt.

Deshalb sollte kein deutscher Microsoft Partner die DPK in Leipzig verpassen, um sich die neuesten Updates rund um „The New Intelligence“ zu sichern. Um die Vielzahl an Neuerungen gerecht zu werden, haben wir die Veranstaltungsdauer auf drei Tage verlängert und dabei auf Wunsch unserer Partner auch Kunden zu dieser Veranstaltung eingeladen. Nach den globalen Veranstaltungen Inspire und Ignite im vergangenen Quartal ist die DPK der ideale Ort, um sich alle Voraussetzungen für ein künftiges Wachstum mit Microsoft zu schaffen. Wir sehen uns!

I have converted 'Report 60010 Costing Error Detection New [Version List=NAVDIAG17.10.06]' to 'D365 BC extension (Cloud)'. I used fresh Business Central (Fall 2018) cloud tenant.
The Costing Error Detection report is old tool that can be download from partnersourse site. This report can help you find common costing data problems.

As first step I imported this report to Dynamics 365 Business Central on premises and after that converted this object to AL object with use The Txt2Al Conversion Tool.

I used new ID (50130) for this experimental object.
Remember.. for AL extension you have free range 50.000-99.999, Object Ranges in Dynamics 365 Business Central.

You could download .app file from Github project: https://github.com/finn777/ALF_Costing_Error_Detection/blob/master/AL/ALF_Costing_Error_Detection/Alexey%20Finogenov_ALF_Costing_Error_Detection_1.0.0.0.app

Some screenshot about install:
// Deploying a Tenant Customization

And .. if you see an empty report then all Okay…
For emulate error I’ve launched my extension on Development Azure VM (Container Sandbox) and added some problems via Object Designer.
// More about Sandbox Environment

As result… report see it my direct data manipulation:

こんにちは。Windows サポート チームの矢澤です。
Windows 10 RS5 (1809) における移動ユーザー プロファイルの問題が報告されておりますので、本 blog にてご案内いたします。

1. 事象
RS5 の端末において、%USERNAME% などの環境変数を利用して移動ユーザー プロファイルを構成すると移動ユーザープロファイルが利用できません。

2. 原因
%USERNAME% などの環境変数が testuser などのユーザー名に変更されず、%USERNAME% という文字列として認識されてしまいます。

3. 回避策
グループ ポリシーにて移動ユーザー プロファイルを設定している場合には回避策はございません。
Active Directory 上のユーザー オブジェクトのプロパティに直接設定している場合には環境変数を利用せず、直接実ユーザー名や実サーバー名を入力することで回避が可能です。
ユーザー数が多い場合には、以下のサンプル スクリプトにてプロパティを設定してください。

for /f "delims=" %i in ('dsquery user "<移動プロファイル対象ユーザーの OU の DN 名>"') do dsmod user %i -profile <移動プロファイルのパス>

例) test.local ドメインの test OU 配下のユーザーの移動プロファイルのパスを一括で変更する場合
for /f "delims=" %i in ('dsquery user "OU=test,DC=test,DC=local"') do dsmod user %i -profile \FILESVRprofile$username$

4. 対処策
マイクロソフトでは本事象が重大な問題であると認識しており、この不具合の修正を優先度を上げて進めております。
修正プログラムのリリース時期が決定次第、本 blog 内で再度ご案内いたします。

今回は Exchange 2013 のメールボックス サーバー (クライアント アクセスとメールボックスが共存するサーバーも含む) 上で自己署名証明書の有効期限が切れた際に発生してしまう問題についてご紹介いたします。
この問題は最近見つかった不具合となりますが、Exchange 2013 は既に延長サポート フェーズの製品であるため、残念ながら本問題に対する修正は見送られております。
なお、Exchange 2016 では内部動作が一部変更されていることから本問題は発生いたしません。

現象

メールボックスの役割がインストールされた Exchange 2013上で実施されている 2 つのプローブ (OutlookRpcSelfTestProve と OutlookRpcDeepTestProbe) が自己署名証明書の有効期限が切れた後からエラーで失敗するようになります。
具体的にはメールボックスの役割がインストールされた Exchange 2013 上で IIS の Web サイト (Exchange Back End) にバインドされている自己署名証明書の有効期限が切れた以降から 2 つのプローブが失敗するようになり、その結果として可能性管理の機能により該当サーバー上で以下の事象が発生してしまいます。

・アプリケーション プール MSExchangeRpcProxyAppPool のリサイクル
・Microsoft Exchange RPC Client Access サービスの再起動

なお、Exchange 2013 CU2-v2 など初期のバージョンでは上記以外にデータベースのフェールオーバーが実施される場合もございます。
ただし、Exchange 2013 CU3 以降では OutlookRpcSelfTestProve や OutlookRpcDeepTestProbe のプローブが失敗してもデータベースのフェールオーバーは実施されなくなっています。

- 補足
本不具合が発生している場合、ProbeResult に関するイベント ログにはそれぞれ以下の例外内容でエラーが記録されます。

<< OutlookRpcSelfTestProve のエラー >>

[詳細] タブの ExecutionContext 項目には以下の例外が記録
・Exception = System.Net.WebException: 基礎になる接続が閉じられました: SSL/TLS のセキュリティで保護されているチャネルに対する信頼関係を確立できませんでした ---&gt; System.Security.Authentication.AuthenticationException: 検証プロシージャによると、リモート証明書は無効です。

<< OutlookRpcDeepTestProbe のエラー >>

[詳細] タブの ExecutionContext 項目には以下の例外が記録
・Exception = Microsoft.Exchange.Rpc.ServerUnavailableException: Error 0x6ba (RPC サーバーを利用できません。) from ClientAsyncCallState.CheckCompletion: RpcAsyncCompleteCall

原因

Exchange 2013 のメールボックス サーバーにインストールされる自己署名証明書は組織内の Exchange Server から自動的に信頼されるように設計されています。
ただし、Exchange 2013 のメールボックス サーバー上で実施される 2 つのプローブ (OutlookRpcSelfTestProbe および OutlookRpcDeepTestProbe) に関しては自己署名証明書を自動的に信頼できない不具合があり、この不具合により自己署名証明書の有効期限が切れたタイミングで該当のプローブが失敗するようになります。

なお、Exchange 2013 のインストール時に作成される自己署名証明書は [コンピュータ アカウント] の [信頼されたルート証明機関] に登録されていますが、自己署名証明書を更新しただけでは [コンピュータ アカウント] の [信頼されたルート証明機関] には自動的には登録されません。
そのため、Exchange 2013 のメールボックス サーバー上で自己署名証明書を更新して IIS の Web サイト (Exchange Back End) にバインドする作業を実施しても、[コンピュータ アカウント] の [信頼されたルート証明機関] に登録していない場合にも該当のプローブが失敗する現象が発生いたします。

対処方法

証明書の更新作業は一般的にはクライアントからの要求を受け付けるクライアント アクセス サーバーでのみ必要となります。
ただし、本不具合を回避するためにも、Exchange 2013 をご利用のお客様は後述の手順を参考にメールボックス サーバー上の自己署名証明書を更新してくださいますようお願いいたします。
なお、クライアント アクセスの役割とメールボックスの役割を共存させているサーバー上でも本作業を明示的に実施いただく必要がございますのでご注意ください。

- 作業概要
[0] IIS の Web サイト (Exchange Back End) にバインドされている自己署名証明書の確認
[1] 自己署名証明書を新規に発行
[2] 新規に発行した自己署名証明書を [コンピュータ アカウント] の [信頼されたルート証明機関] に登録
[3] 新規に発行した自己署名証明書を IIS の Web サイト (Exchange Back End) にバインド
[4] (必要に応じて) 他のサービスに割り当てている自己署名証明書を変更

IIS の Web サイト (Exchange Back End) にバインドされている自己署名証明書の確認
以下の手順は更新対象のメールボックス サーバー上で実施してください。

1. インターネット インフォメーション サービス (IIS) マネージャーを起動します。
2. [<サーバー名>] - [サイト] - [Exchange Back End] を右クリックして [バインドの編集] をクリックします。
3. "種類" が https で "ポート" が 444 のエントリを選択した状態で [編集] をクリックします。
4. [SSL 証明書] に設定されている証明書を確認します。(必要に応じて [表示] をクリックして証明書の詳細についても確認してください)

自己署名証明書を新規に発行
Exchange 管理シェルから以下のコマンドを実行して自己署名証明書を新規に発行します。

Get-ExchangeCertificate -Server "<MBX サーバー名>" -Thumbprint "<更新対象の自己署名証明書の拇印>" | New-ExchangeCertificate -Service None

なお、更新対象の自己署名証明書の拇印 (Thumbprint) に関しては以下のコマンドを実行することでも確認することができます。

Get-ExchangeCertificate -Server "<MBX サーバー名>" | fl

新規に発行した自己署名証明書を [コンピュータ アカウント] の [信頼されたルート証明機関] に登録
以下の手順は更新対象のメールボックス サーバー上で実施してください。

1. Microsoft 管理コンソールを起動します。([ファイル名を指定して実行] で "mmc" と入力して [OK] をクリックしてください)
2. [ファイル] メニューから [スナップインの追加と削除] を選択します。
3. [証明書] (コンピュータ アカウント) を追加して [OK] をクリックします。
4. 左ペインから [証明書] - [個人] - [証明書] を選択します。
5. 新規に発行した自己署名証明書を右クリックして [コピー] を選択します。
6. 左ペインから [証明書] - [信頼されたルート証明機関] - [証明書] を選択します。
7. 中央ペインの空白部分を右クリックして [貼り付け] を選択して該当の自己署名証明書をコピーします。

* [コンピュータ アカウント] の [信頼されたルート証明機関] に登録後は Get-ExchangeCertificate で該当の自己署名証明書を確認すると RootCAType パラメータは "Registry" と表示されます。

新規に発行した自己署名証明書を IIS の Web サイト (Exchange Back End) にバインド
以下の手順は更新対象のメールボックス サーバー上で実施してください。

1. インターネット インフォメーション サービス (IIS) マネージャーを起動します。
2. [<サーバー名>] - [サイト] - [Exchange Back End] を右クリックして [バインドの編集] をクリックします。
3. "種類" が https で "ポート" が 444 のエントリを選択した状態で [編集] をクリックします。
4. [SSL 証明書] に新規に発行した自己署名証明書を設定して [OK] をクリックします。

(必要に応じて) 他のサービスに割り当てている自己署名証明書を変更
メールボックスの役割のみをインストールしているサーバーなどでは以下の箇所も自己署名証明書のまま利用されている場合もあるかと存じます。

・IIS の Web サイト (Default Web Site) にバインドしている証明書
・Transport サービスの内部トランスポート証明書

上記に割り当てている自己署名証明書の有効期限が切れても特に問題はございませんが、これらの証明書も新規に発行した自己署名証明書に変更したい場合は Exchange 管理シェルから以下のコマンドを実行してください。

Enable-ExchangeCertificate "<MBX サーバー名>" -Thumbprint "<新規に発行した自己署名証明書の拇印>" -Service IIS,SMTP

Today's tip...

SCUP (System Center Updates Publisher) enables independent software vendors or line-of-business application developers to manage custom updates.

Using SCUP, you can:

• Import updates from external catalogs (non-Microsoft update catalogs).
• Modify update definitions including applicability, and deployment metadata.
• Export updates to external catalogs.
• Publish updates to an update server.

An updated version of System Center Updates Publisher (SCUP) is now available and can be downloaded HERE.  This release of SCUP adds support for Windows 10 and Windows Server 2016.  For detailed information about supported operating systems and prerequisites, see the Install Updates Publisher topic.

The SCCM team also created a video tutorial for SCUP.  The video is part a series focusing on software updates in Configuration Manager current branch. This session focuses specifically on System Center Updates Publisher (SCUP).  Steven Rachui covers understanding and configuring SCUP, working with SCUP and integrating SCUP into and using SCUP in a Configuration Manager environment.

To see additional SCCM videos in this series you can view their Software Updates Playlist

References:

• System Center Updates Publisher adds support for new OSes - https://cloudblogs.microsoft.com/enterprisemobility/2018/03/21/system-center-updates-publisher-adds-support-for-new-oses/
• System Center Updates Publisher Documentation- https://docs.microsoft.com/en-us/sccm/sum/tools/updates-publisher
• System Center Updates Publisher Video Tutorial - https://blogs.technet.microsoft.com/configurationmgr/2018/08/24/system-center-updates-publisher-video-tutorial/
• Updated Version of System Center Updates Publisher (SCUP) : https://www.microsoft.com/download/details.aspx?id=55543
• SCCM Software Updates Playlist - https://www.youtube.com/playlist?list=PLSrRxZBnj1AUx3fFSPZ_cLOi09HlwEmaC

いま、企業活動を支える IT は「第三のプラットフォーム」へと移行しつつあります。従来のクライアント / サーバーでの運用から、持ち運び可能なモバイルや、ネットワーク経由でサービスを利用できるクラウドといった、より複合的な情報基盤への転換がおこなわれているのです。

ベネッセコーポレーション（以下、ベネッセ）もまた、第三のプラットフォームを活用したデジタル トランスフォーメーションを進める 1 社です。同社は 2016 年度より、データセンターで運用している 2,500 台規模の IT 基盤について、全体の 70％ を 推奨パブリック クラウドとして選定した Microsoft Azure 中心に移行する計画を推進。これと並行して、すべての事業部門、サービス基盤を対象に、PaaS を利用したアーキテクチャ設計を標準化したことにより、事業スピードを大きく加速しています。

続きはこちら