I blogged about this last year here

As best practice, the Upgrade Analytics script checks for far more than just injecting the workspace key and telemetry value.

FYI - This could also be managed in an SCCM Compliance setting.

Paul Fitzgerald - Platform PFE blogged about a non SCCM method here

Assess requirements for environment:

Barebones configuration requires Commercial ID, allow telemetry, and level of telemetry data to send

Optional - Create key for IEDataOptIn

Send data to Application Insights

Customer proxy setup

Script has 11 parameters specified, not all are needed (excerpt below from script)

Param(
# run mode (Deployment or Pilot)
[Parameter(Mandatory=$true, Position=1)]
[string]$runMode,

# File share to store logs
[Parameter(Mandatory=$true, Position=2)]
[string]$logPath,

# Commercial ID provided to you
[Parameter(Mandatory=$true, Position=3)]
[string]$commercialIDValue,

# logMode == 0 log to console only
# logMode == 1 log to file and console
# logMode == 2 log to file only
[Parameter(Mandatory=$true, Position=4)]
[string]$logMode,

#To enable IE data, set AllowIEData=IEDataOptIn and set IEOptInLevel
[Parameter(Position=5)]
[string]$AllowIEData,

#IEOptInLevel = 0 Internet Explorer data collection is disabled
#IEOptInLevel = 1 Data collection is enabled for sites in the Local intranet + Trusted sites + Machine local zones
#IEOptInLevel = 2 Data collection is enabled for sites in the Internet + Restricted sites zones
#IEOptInLevel = 3 Data collection is enabled for all sites
[Parameter(Position=6)]
[string]$IEOptInLevel,

[Parameter(Position=7)]
[string]$AppInsightsOptIn,

[Parameter(Position=8)]
[string]$NoOfAppraiserRetries = 30,

[Parameter(Position=9)]
[string]$ClientProxy = "Direct",

[Parameter(Position=10)]
[int]$HKCUProxyEnable,

[Parameter(Position=11)]
[string]$HKCUProxyServer

Simple method to update machines to send Windows telemetry data:

PowerShell script

From PowerShell as Administrator

Set-Location HKLM:

$registryPath = "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPolicies"

$Name = "DataCollection"

$Name2 = "AllowTelemetry"

$CommercialID = "00000000-0000-0000-0000-000000000000"

$value = "2"  # Values from 0-3 accepted

$vIEDataOptInPath = "HKLM:SOFTWAREMicrosoftWindowsCurrentVersionPoliciesDataCollection"

$IEOptInLevel = "2"  # Values from 0-3 accepted

If ( (Test-Path $registryPath$Name) ) { write-host -f green "Registry keys already exist" }

If ( ! (Test-Path $registryPath$Name) )

{

New-ItemProperty -Path $registryPath -Name $name

New-ItemProperty -Path $registryPath -Name $CommercialID

New-ItemProperty -Path $vIEDataOptInPath -Name IEDataOptIn -Type DWord -Value $IEOptInLevel

New-ItemProperty -Path $registryPath$Name -Name $name2 -Value $value `

    -PropertyType DWORD -Force | Out-Null

Write-host -f green "Registry keys added for Telemetry"

}

References

Configure telemetry

Get Started link

Win 7,8 Opt in link

O governo federal decidiu manter o início do horário de verão para o dia 4 de novembro, quando os relógios serão adiantados em uma hora em vários estados do País. A partir desta comunicação, a configuração do horário de verão fica definida como:

Inicio do Horário de verão: 04 de Novembro de 2018 (Primeiro domingo de novembro) - Adiado em duas semanas, do dia 21/10 para 04/11 pelo decreto abaixo.
Fim do Horário de verão finaliza: 17 de fevereiro de 2019 (Terceiro domingo de fevereiro)

Decreto Oficial com as datas de horário de verão:
https://www.planalto.gov.br/ccivil_03/_Ato2007-2010/2008/Decreto/D6558.htm

Portanto, as atualizações referentes ao início de horário de verão permanecem as mesmas já disponibilizadas desde abril.

Em Abril/18, a Microsoft liberou as atualizações para que as diversas versões de sistemas operacionais suportadas tivessem esta atualização implementada.

Time zone and DST changes in Windows for Brazil, Morocco, and São Tomé and Príncipe
https://support.microsoft.com/en-us/help/4093753/time-zone-and-dst-changes-in-windows-for-brazil-morocco-and-sao-tome-a

A tabela abaixo descreve quais foram os primeiros Monthly Quality Rollups que contem a atualização do horário de verão do Brasil. Como esses Monthly Quality Rollups são cumulativos, qualquer rollup mais recente que esses abaixo contemplam a correção:

• Lembrando que os KBs que são Security-only não contém as alterações de horário de verão.
• O Windows Server 2008 SP2 não tem Monthly Quality Rollups, por esse motivo a única opção é instalar os KBs avulsos abaixo.

Além dos Monthly Quality Rollups descritos na tabela acima, os sistemas operacionais Windows Server 2008 até 2012 R2 e Windows client 7 até 8.1 tem a opção de instalar os KBs individuais abaixo:

KB4093753 (Lançado 16/04/2018)
KB4130978 (Lançado 17/05/2018 – substitui o KB 4093753)
KB4339284 (Lançado 24/07/2018 – substitui o KB 4130978)

As mudanças do KB4093753, já foram incluidas nos Monthly Quality Rollups mais recentes, por isso é esperado que você receba mensagens de que o KB avulso não é aplicável caso a máquina já possua os Monthly Quality Rollups mais recentes.

Uma forma simples de identificar se a máquina já possui a correção é com o comando w32tm /tz .O comando exibe a diferença do valor antigo (M:10 D:3), para o novo (M:11 D:1):

Antes do KB instalado:
C:>w32tm /tz
Time zone: Current:TIME_ZONE_ID_STANDARD Bias: 180min (UTC=LocalTime+Bias)
[Standard Name:"E. South America Standard Time" Bias:0min Date:(M:2 D:3 DoW:6)]
[Daylight Name:"E. South America Daylight Time" Bias:-60min Date:(M:10 D:3 DoW:6)]

Após KB instalado:
C:>w32tm /tz
Time zone: Current:TIME_ZONE_ID_STANDARD Bias: 180min (UTC=LocalTime+Bias)
[Standard Name:"E. South America Standard Time" Bias:0min Date:(M:2 D:3 DoW:6)]
[Daylight Name:"E. South America Daylight Time" Bias:-60min Date:(M:11 D:1 DoW:6)]

Informações adicionais:
A data crítica nessa mudança de horário de verão será o dia 21/10/2018. Os clientes que não instalarem nenhum KB descrito acima, terão o horário de servidores e estações incorretamente adiantados em uma hora na virada do Sábado para o Domingo dia 21/10/2018, pois era a data que o horário de verão estava programado para começar antes do decreto de Dez/2017.

https://www.planalto.gov.br/ccivil_03/_Ato2007-2010/2008/Decreto/D6558.htm

Hi Everybody – Program Manager Dan Cuomo here to tell you, the IT Pro, everything you need to know about Leap Seconds on Windows. If you saw our recent blog series on the Top 10 Networking Features, you may have already noticed an announcement about Leap Second support included in Windows Server 2019 and Windows 10 October 2018 Update.

Note: If you’re an Application Developer, stay tuned for our future post Leap Seconds for the Application Developer: What you need to know

For most IT Professionals, you may not be concerned about Leap Seconds. However, if you’re a customer with time-sensitive applications or in a regulated industry requiring high accuracy time, a _{measly little second} could hurl you into an auditing and compliance frenzy. Whether you call it a v-team or tiger-team nobody wants to have to write those status reports, After Action Reports, or Root Cause Analysis (or whatever your organization calls them) to explain just what exactly went wrong. A leap second comes and goes quickly, but the effects could last some time.

So in this article, we’ll attempt to explain everything the IT Pro needs to know so you can explain, test, and deploy Windows Server 2019 and Windows 10 October 2018 Update with confidence for your time-sensitive scenarios.

Note: Leap Seconds are only included in Windows Server 2019 and Windows 10 October 2018 Update and later releases so this content is not applicable to operating systems prior to this release.

What are Leap Seconds

Lets first understand what a leap second is. A leap second is an occasional 1-second adjustment to UTC. As the earth’s rotation slows (e.g. tidal forces, earthquakes, hurricanes, etc.) UTC diverges from mean solar time or astronomical time.  Leap seconds are added to keep the difference between UTC and astronomical time to less than 0.9 seconds. Don’t worry, we don’t need to start colonizing new planets (yet ).  But still, wish we found out how that jump across galaxies worked out for the Stargate Universe crew…

An organization called the International Earth Rotation and Reference Systems Service (IERS) oversees the announcement of Leap Seconds. They release several bulletins; Bulletin C is released every 6 months to confirm whether there will be a leap second or not.

Note: At the time leap seconds were introduced in 1972, a necessary correction of ten seconds was made to UTC. There have since been 27 leap seconds added to UTC for a total of 37 one-second corrections. Leap seconds are added, on average, every 1.5 yrs (NIST FAQ).

Leap Seconds on Windows Overview

Now let’s talk about some of the high-level principles needed to understand Leap Seconds on Windows.

UTC-Compliant Leap Seconds

If you are in a regulated industry, you must not only implement leap seconds, but you must do so in a UTC-compliant manner. This means that the leap second must be added to the last minute of the UTC day. During this minute, the clock goes from 0 to 60 seconds (for a total of 61 seconds).

Windows Server 2019 and Windows 10 October 2018 Update implements the leap second in a UTC-compliant manner enabling customers to meet the requirements in regulated industries.

Industry experts have gone on record to denounce leap second “smearing” – an alternative approach that carves the leap second into smaller units and inserts them throughout the day. Leap second smearing is not UTC-compliant and as such, Windows does NOT implement leap second smearing.

Built for compatibility

The majority of Windows users will not need Leap Second information; either their workloads do not depend on that high of accuracy or are not under industry regulations. If this description sounds like you, feel free to tweet a link to this blog, might I recommend...

...And feel free to stop reading. While the system (kernel) is tracking leap seconds, they will not affect your every day life as applications are never notified that a leap second is occurring unless an application has specifically “opted-in.”  Applications are, by default, none the wiser unless action is taken.

This is important both for customers who have heterogeneous operating system environments to interoperate seamlessly as they always have prior to this release as well as for application compatibility. Many applications expect seconds to be between 0 and 59. If the application isn’t expecting a 60, apps could fail, cats and dogs living together, mass hysteria!

Previous Leap Seconds

For these same reasons, we do not track prior leap seconds. Our goal is to enable customers needing high accuracy time moving forward. Regulations requiring high accuracy, UTC-compliant time, did not come into affect until relatively recently, and therefore prior leap seconds are not necessary to track. For reference the last leap second prior to the release of leap-second aware Windows was December 31^st 2016, that is, at the time of writing, we have not had a leap second since this date. Leap seconds after this date, will be tracked by Windows Server 2019 and Windows 10 October 2018 Update.

What happened to previous leap seconds

There’s a logical question of how previous operating systems treated leap seconds. If previous operating systems didn’t track leap seconds, are they 37 seconds off from UTC?

No, although previous operating systems did not track leap seconds, when they synchronized their time at the next interval, they recognized that they were one-second behind and time was moved forward to match the current UTC time.

A Tale of Two Timelines

"It was the best of times, it was the worst of times…It was the epoch of belief, it was the epoch of incredulity." Since leap seconds are new in Windows 10 October 2018 Update and Windows Server 2019, prior operating systems will not know about this augmented time scale. As a result, the timelines under the hood of Windows will begin to diverge between these two operating systems as leap seconds occur.

So when the next leap second rolls in, we’ll begin an alternate timeline for Windows

Unless your application is leap second aware, it is unlikely that you will notice this delta. However if you were to view an event log from a leap-second aware system on a machine that is not aware of the leap seconds, the time displayed for the event will be off by the number of leap seconds known by the system (mmc.exe is opted-in by default).

Revert to Prior OS Behavior

As a reminder, applications must opt-in to receiving leap second notifications so leap seconds will not affect any applications by default and is likely unnecessary to modify the default behavior.

However, if you have a heterogenous time-sensitive environment you can revert to the prior operating system behavior and disable leap seconds across the board by adding the following registry key:

HKLM:SYSTEMCurrentControlSetControlLeapSecondInformation

Type: "REG_DWORD"

Name: Enabled

Value: 0 Disables the system-wide setting

Value: 1 Enables the system-wide setting

Next, restart your system.

How Leap Seconds Propagate

Every four years, we have a leap year - this is known and predictable. Leap seconds however, are different in that they are not on a regular cadence. Instead, leap seconds are announced by IERS only 6 months in advance. From there, GPS distributes the leap second notification to time servers and ultimately to Windows systems. So let’s talk about some of the mechanisms in-place to make sure that you get the leap second notification.

Time Server Distribution

The Windows Time service includes a server provider that allows a Windows system to operate as a time server. For example, when you add a domain controller to your forest this domain controller can serve time to other clients on the network through this mechanism. This is not the only method of installing a time server; you can check to see if your system is operating as a time server by using the command (Enabled: 1):

w32tm /query /configuration

The Windows Time server distributes the leap second notification to time clients. As GPS distributes time (and the leap second notification) to the Windows Time server, it will pass that notification onto clients; to be clear, your system doesn’t need to be a domain controller to do this.

Windows Update

But what if your system is when the notification comes? Or more likely what if you re-image your system? You’ll want to make sure that new systems know about the upcoming leap second and if the new system is created after a leap second, you’ll want to make sure that this system is synchronized with the other machines on the network.

To make sure this is possible, we’ll distribute leap second notifications through Windows Update as well. This provides a simple mechanism for reporting (nodes that have the latest updates have the leap second information as well).

Best Practice: The simplest and most effective manner for distributing and verifying leap second information across your environment is through Windows Update.  If you're on the latest updates, you'll have the notifications!

Hyper-V VMIC

If you have Hyper-V virtual machines, the Hyper-V virtual machine integration components will also provide leap second notifications to those virtual machines.  If the virtual machine is not one of the leap-second aware operating systems (or later) this will have no affect.

Verify that your system got the leap second

In addition to verifying updates across your system, you can also use the following command to view the leap seconds known by a specific system. In the screenshot below, a positive (+) leap second will be inserted after 23:59:59 on 6/30/2019

w32tm /leapseconds /getstatus /verbose

Testing Applications

Applications must be written to consume and process leap seconds – As you're read a number of times already, we assume that applications are not leap-second aware. You can search every application’s documentation to find out if it’s leap second aware, or if you’re an IT Pro in one of these regulated industries, we anticipate that you will want to test and verify your application or system images for leap seconds.

If you want to manually test and opt-in an application, identify the process name, for example:

Next open the registry editor and navigate to

HKLM:SOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options

Add a key which is the same name as the process you want to opt-in to leap seconds. In this example, we’ve opted-in the winword.exe process by creating a Registry Key (folder icon).

Next create a REG_DWORD named GlobalFlag2 with a value of 1.

Now restart the process and insert leap seconds as before then test critical application functionality.

If your application doesn’t support leap seconds, please contact the application owner and tell them to check our future post, Leap Seconds for the Application Developer: What you need to know.

Testing Systems

Instead of testing an individual application one-by-one, you may want to test a holistic system. To do this, open the registry editor and navigate to:

HKLM:SYSTEMControlSet001ControlSession Manager

Next create a REG_DWORD named GlobalFlag2 with a value of 1 as shown here.

Restart the system then insert leap seconds as before and test critical application functionality. Note any application or system events in the event log.

Summary

Most IT Professionals may not need to be concerned about Leap Seconds. However, if you’re a customer in a regulated industries requiring high accuracy time or have time sensitive applications, you need to ensure your systems apply and maintain time accurately through a leap second. Windows Server 2019 and Windows 10 October 2018 Update brings support for, true UTC-compliant leap seconds. To make sure that these are properly implemented on your systems, you should verify your patch management strategy, application compatibility, and more.

Please give this a shot, and of course let us know how it went!

Dan "my leap seconds land on 60" Cuomo

Expand your Intelligent Communications technical knowledge. With these new webinars, available to you as a Partner Network member at no cost, you will increase your technical familiarity of Intelligent Communications, giving you ample ability to hold valuable discussions with your customers.

What’s New in Office 365 Intelligent Communications

• Microsoft Intelligent Communications continues to rapidly evolve. This technical webinar series will assist MPN partners in staying up-to-date on the latest developments and service abilities, feature updates and releases. The information presented will be mostly technical in nature, but occasionally our Microsoft technical experts will provide marketing and business news pertaining to building a Cloud practice. During this webcast, you may also ask questions as they pertain to your practice.

Technical Deep Dive on Microsoft Teams Direct Routing

• Discover how users can easily be transitioned to Calling in Microsoft Teams and learn that in using Direct Routing, call center agents can continue to use their applications while transitioning other users. Direct Routing is a capability of Phone System in Office 365 to help customers connect their SIP trunks to Microsoft Teams. In the simplest deployment model, customers start with SIP trunks from their telecommunications provider. Next, customers will use and configure a supported Session Border Controller (SBC) from one of our certified partners. Finally, they will connect their SBC to Microsoft Teams and Phone System. By integrating with an existing PBX, pilot users can be moved to Calling in Teams while users remain on their legacy PBX; The call traffic between these users during the transition stay within the organization.

Adopting Microsoft Teamwork Solutions: Teams Calling and Meetings

• In this webinar, you’ll learn about the key features and functionality of Microsoft Teams, helping you position Microsoft Teams with your customers. After a brief introduction, our Microsoft Partner Technical Consultations with cover a broad range of topics from licensing and Office 365 integration to implementation phases and specific customer scenarios. We'll walk you through product demos and share the latest Microsoft Teams roadmap as this service continues to expand and grow. 
  

Explore the full suite of technical webinars and consultations available for the Intelligent Communications technical journey at aka.ms/IntelligentCommsTechJourney.

One of the key hybrid messages with Windows Server 2019 is extending your current capabilities with Azure, even when workload migration to the cloud isn't necessarily the highest priority for your organisation. In the videos below you will see how you can leverage cloud based security, Azure backup and recovery capabilities, and extending your network into Azure.

Securing your hybrid cloud environments with Azure ATP and AAD Identity Protection

Protect users from identity threats with Azure Advanced Threat Protection and Azure AD Identity Protection. Learn about the top types of attacks against identities and users and how Microsoft 365 can help secure your environment.

Microsoft security: How the cloud helps us all be more secure

The IT environment you are responsible for is changing: cloud apps, hybrid infrastructure, mobile work, and digital connections with customers and partners to name just a few. Meanwhile, cyber-attacks are more frequent and damaging. The cloud is your secret weapon in this new security battlefield. See how unique intelligence and new innovations from Microsoft can help you be more secure across your entire digital estate.

Deploying Azure File Sync

With Azure Files and Azure File Sync, centralizing file shares in Azure not only is possible, it’s practical. But how do you actually get started with your existing file server or SAN? Never fear! We show you just how easy it is to get started, including leveraging still-relevant existing file servers and migrating off of ancient SANs and NAS devices.

Backup your data with Microsoft Azure Backup

Organizational data is susceptible to corruption, accidental deletion and ransomware. In this session, you will discover how Azure can securely backup and restore your data across multiple workloads running in the cloud as well as on-premises. Come join this jam-packed demo session and witness how Azure Backup significantly reduces complexity and cost through a zero-infrastructure solution for backing up resources. You will learn Azure Backup's native support of Windows Admin Center, Azure Files, Azure VMs, as well as SQL running in Azure VMs.

Implement Cloud Backup and Disaster Recovery at Scale in Azure

Organizations increasingly need to scale their IT operations to protect their data and bolster disaster recovery(DR) strategy. Join this session to learn how Azure Backup and Site Recovery (ASR) help solve typical problems of managing backups, as well as recovering applications at scale. Learn about capabilities like PowerShell/CLI automation, policy management, RBAC, template-based deployments, monitoring and reporting that are critical to manage large scale deployments in enterprise environments. We will also present practical examples of real-world deployments in this session.

Establishing hybrid connectivity with Windows Server 2019 and Microsoft Azure

Windows Server 2019 has the most advanced networking capabilities ever shipped in a Windows operating system. See how we’re using Windows Admin Center to make Windows Server 2019 the easiest OS to connect to your Azure virtual network. In this session we  also cover advancements in the data plane, transports, security (802.1x), container networking, and time accuracy.

Part 1 of this series was an overview of the Department of Defense (DoD) Risk Management Framework (RMF).  In Part 2, we looked at how process consultants may find within the RMF opportunities to positively influence the security practices of their clients.  In this final entry in the series, I provide an example from my work of a client that was falling short of the requirements for a specific control, and how I approached the matter.

The control in question was AC-6, least privilege.  The basic premise behind this control is that accounts, especially privileged accounts, are assigned permissions/rights on systems sufficient to accomplish their duties and no more.  Frequently accounts receive these permissions/rights through membership in groups which in turn have been assigned the appropriate level of access to systems.

When I met with the client initially, they described to me a situation with privileged groups (and thus accounts) that was unmanageable.  Hundreds and hundreds of privileged groups existed, and the organization had no way of knowing which ones were actively being used nor what levels of permissions had been assigned to the groups on which systems.  Admins that had moved within the organization often retained the membership in groups from their previous role as well as receiving new privileges from their new role, resulting in cumulative privileged access of an undetermined nature.  The result was great uncertainty among risk managers – a feeling of unease – and, likely, a state of system security that was somewhat less than desirable.

The initial ask of this client was to find out which of the groups were needed and which were not.  But even this would not address the issue of control AC-6, for there was no documentation to confirm that the groups in question possessed only the rights they needed and no more.  A cursory examination of database instances showed excessive system privileges for database admins, and it was easy to believe that this sort of thing may be found elsewhere.

If the task were to only take measure of which groups were needed, it would be a relatively simple (though time consuming) task to interview every technical team in the organization to determine what groups they used to grant access to the systems they managed, then compare the list of groups generated to the list in directory services, delete the delta, and see who screamed.

I pitched and received permission to do something ambitious – to provide a more permanent solution.  The task was great, and involved an enormous number of interviews and information gathering, review of findings, the definition of privileged roles for every team in the IT structure, implementation of new privileged groups to be assigned to those roles, a new privileged group management process (along with the corresponding forms and approval flows), and a tool to enforce policy and process discipline.  This represented a significant effort but would result in a complete reversal of the situation – total faith that there existed only the privileged groups that should exist, that those groups were assigned only the access they needed and no more, and that admins would no longer accumulate permissions over time.

I began the project armed with only one thing – an org chart.  Email addresses and phone numbers for the folks listed on the org chart were tracked down and I began making appointments to interview team leads and their lead technicians.  The goal of the initial interviews was to talk about what should be as opposed to what is.  I asked first about the mission/responsibilities of the team.  Then we turned to what systems the team members needed access to fulfill their responsibilities.  Next the question of what tasks were performed on those systems was answered, and finally what rights/permissions were needed to accomplish those tasks.  To wrap things up, we talked about whether there existed within the team different roles – different levels of access.  Do new employees receive the same level of access as more senior team members?  This line of questioning helped clarify the existence of different roles within the team.  We named those roles, then took the data regarding systems and levels of access and identified which roles had what.

The result of these interviews was a document that defined the team name and mission, the roles that existed within that team, the systems the team required access to, what tasks they needed to perform on the system, and what level of access was required to perform those tasks, organized by role.  This document was reviewed by the team lead in question (and their technical representative) as well as more senior security managers.  Once accepted, it was given to the directory services team to be used for the creation of privileged groups with rights/permissions tailored to the need.

Privileged accounts were added to these groups and removed from all legacy groups.  Functionality was tested.  Once everything was settled, the legacy groups became obsolete.  Upon completion of the project in total, all legacy privileged groups could be deleted.

This left only the ongoing management of these groups – the need to ensure that admins who moved from team to team did not accumulate permissions.  This effort seamlessly merged with another project for just-in-time-administration.  A technical solution would enforce the policies and ensure process discipline.

A solution founded on Microsoft Identity Manager (MIM) was engineered.  Admins who needed to perform privileged actions would access a portal and check out a privileged role.  The act of checking out the role added their account to the appropriate privileged group for a certain amount of time, at the end of which their privileges would be removed.  Rules were put in place to ensure that the privileged users could not check out roles for which they were not approved.  A mandatory field in the act of checking out a role was ticket number.  This created traceability and helped ensure that privileged access was being used for a valid business reason.

There were a few workflows needed – request/review/approve a privileged account, review/edit privileged group, request/review/approve permission to check out a privileged role, so forth.

In the end it was a great success, and the client’s faith in the management of privileged access was dramatically improved.  The requirements of the control were met, and so much more!  The project required planning, communication, diplomacy, a bit of technical knowledge, and faith that the organization could achieve the way things “should be” – all required skills of a process consultant.

Remain up-to-date on the latest features released within the Microsoft Power Platform from the past month by joining an upcoming live technical webinar – available at no cost to MPN partners. During the webinar, our Microsoft technical experts will present and demonstrate the latest features released within the Power Platform such as PowerApps, Flow, Common Data Service for Apps or any combination. You’ll will receive important news, articles and feature updates regarding the Power Platform and have the opportunity to ask questions.

Adopting the Microsoft Power Platform - Feature Update Series: Microsoft technical experts will present and demonstrate the latest features released within the Business Application Platform. You’ll will receive important news, articles and feature updates regarding the Power Platform with the opportunity to ask questions.

Upcoming webinars (English):

• Oct 24
• Nov 27
• Nov 27

Upon the competition of this webinar you will:

• Remain up-to-date on the latest features released in Microsoft Power Platform
• Receive important news, articles and feature updates or releases in the specified area
• Discover latest features for technologies such as PowerApps, Flow, Common Data Service for Apps

Agenda:

• Feature updates on
  • Dynamics 365 Customer Engagement
  • Microsoft PowerApps
  • Microsoft Flow
  • Common Data Service for Applications
• Demonstration on key feature updates

To view additional dates and languages available for this webinar visit aka.ms/PowerPlatformFeaturesUpdate

This post is a contribution from Mustaq Patel, an engineer with the SharePoint Developer Support team

Requirement: In SharePoint online page, how to show excel workbook dynamically using JSLink without O365 Global Suite Navigation bar.

In SharePoint online we can use script or content editor webpart to show the excel workbook in an iframe. The script webpart can also contain jquery code to set the iframe’s src to the excel workbook dynamically using some business logic. Due to cross domain calls, we cannot write jquery or css to hide the global suite bar that Excel office web app loads in the iframe. So how to show excel workbook without global suite bar and still have workbook url set dynamically. This blog post will address this requirement.
We will use Excel Web Access Webpart and list view webpart. We will connect this 2 webparts, so the Excel Web Access Webpart receives the workbook url from list view webpart. We will also be using JSLink to filter items in the listview webpart, there by only files that meet particular criteria shows up in the list view webpart.
Below are the steps to demonstrate the solution:

Create a document library. Create a View Called “MyExcelFileView” and make sure to include “Created By” Field. You can include any other fields in this view. Upload few excel files under different user so “Created By “ field have different user.

Create a webpart page or use any existing wiki page. Edit the Page. Add 2 webparts in same order as below

1. List View Webpart showing all the files from document library where all workbook are present.
   1. Upload the javascript file from below to SiteAssets library. I have uploaded at below url SiteUrl/SiteAssets/POC_ListItemFiltering.js. I have also uploaded jquery at same location SiteUrl/SiteAssets/ jquery-1.9.1.js, you may refer the jquery from CDN as well and in that case, you don’t need to upload the jquery file.
      
   2. Edit this listview webpart and under Miscellaneous, set the JS Link property as below. If you are referring jquery from cdn, you can change below
      ~site/SiteAssets/jquery-1.9.1.js | ~site/SiteAssets/POC_ListItemFiltering.js
   3. Set Appearance, layouts etc as per your needs, you can also set what view to show, to not take lot of space on the page. Select View “MyExcelFileView”. You may select any out of box view as well. Just make sure the field “Created By” is also part of the view.
      
   4. Once jslink works, it will filter and show workbooks for current logged in user.
      
2. The Page still in edit mode, add Excel Web Access webpart from Business Data. Edit its properties and make connection as below
   1. click Connections -> Get Workbook Url from -> above list view webpart -> A connection setting popup will load. Select Field Name “Document URL” finish and save the excel webpart.
   2. I have also uncheck both checkboxes in “Title Bar” and Type of ToolBar: “No ToolBar”.
   3. Save the webpart. Save the page and publish, approve if required.

The page should look as below, and you can see the first excel is already being loaded in the excel webpart. If you click that small icon in listview webpart to select another workbook, it will show in the excel webpart.

Here is the javascript we used in the jslink.

Type.registerNamespace('SSPXTesting')
SSPXTesting.Disp = SSPXTesting.Disp || {};
SSPXTesting.Disp.Templates = SSPXTesting.Disp.Templates || {};
SSPXTesting.Disp.Functions = SSPXTesting.Disp.Functions || {};
var currentUser = null;    

function getCurrentUser(siteurl)
{	    
    $.ajax({
        async: false,
        headers: { "accept": "application/json; odata=verbose" },
        method: "GET",
        url: siteurl + "/_api/web/CurrentUser",
        success: function (data) { 
            currentUser = data.d;
        },
		error: function (error) {
			console.log('some error');
			//alert("error:" +error);
		}
    });    
}

renderListItemTemplate = function (renderCtx) {		
		var	workbookname = "";			
		//File_x0020_Type	"xlsm" or "xlsx"
		var filetype = renderCtx.CurrentItem["File_x0020_Type"];
		var fileAuthor = renderCtx.CurrentItem.Author;	
        if(filetype == "xlsm" || filetype == "xlsx") 
        {
			if(!currentUser)
			{
				getCurrentUser(renderCtx.HttpRoot)
			}			
			if(fileAuthor[0].email == currentUser.Email)
			{
				return RenderItemTemplate(renderCtx);
			}
			else
			{
				//return empty string
				return '';
			}
        }
		else
		{
			// return emtpy string
			return '';  
		}        
}	

SSPXTesting.Disp.Templates.Item = renderListItemTemplate

SSPXTesting.Disp.Functions.RegisterField = function () {
    SPClientTemplates.TemplateManager.RegisterTemplateOverrides(SSPXTesting.Disp)
}

SSPXTesting.Disp.Functions.MdsRegisterField = function () {
    var thisUrl = _spPageContextInfo.siteServerRelativeUrl + "/SiteAssets/POC_ListItemFiltering.js";
    SSPXTesting.Disp.Functions.RegisterField();
    RegisterModuleInit(thisUrl, SSPXTesting.Disp.Functions.RegisterField)
};


if (typeof _spPageContextInfo != "undefined" && _spPageContextInfo != null) {
    SSPXTesting.Disp.Functions.MdsRegisterField();
}
else {
    SSPXTesting.Disp.Functions.RegisterField();
}

こんにちは。Windows サポート チームの依田です。

今回は、ある特定の条件下で、Appidcertstorecheck.exe というプロセスが大量に起動してしまう問題についての原因と対処策についてご案内します。

==============================
■ 事象概要と事象が発生した時の影響
==============================

Windows 10 / Windows Server 2016 端末にて、ある特定の条件下で、上の図の様に Appidcertstorecheck.exe というプロセスが大量に起動してしまう事象が発生することがあります。

このプロセスが大量に起動することで、対象端末のメモリが逼迫し、システムに影響を及ぼす可能性があります。

==============================
■ 事象発生原因と対処策の概要
==============================

Appidcertstorecheck.exe は、Applocker と呼ばれるアプリケーションの実行を制御する為の OS の機能が、証明書のチェックを行う際に呼び出される実行ファイルです。

今回の Appidcertstorecheck.exe が大量に起動してしまう事象は、後述の “事象の発生条件” に合致している環境下で、証明書の検証時にクライアントからインターネット上のサイト “http://ctldl.windowsupdate.com” に公開されている ”Pinrulesstl.cab” という名前のファイルにアクセスが出来ないことが原因で発生します。

その為、結論としては、”Pinrulesstl.cab” をクライアントが参照できるようにすることで事象は解消されます。

==============================
■ 事象の発生条件
==============================

・ OS バージョンが Windows 10 / Windows Server 2016 以上
・ インターネット上のサイト “http://ctldl.windowsupdate.com” に直接アクセスが出来ない
・ AppLocker の機能が有効
・ ルート証明書更新プログラムが有効

※ ルート証明書更新プログラムの詳細につきましては、記事の末尾の “参考サイト” をご参照ください。

- 補足情報
クライアントが直接インターネット上のサイト “http://ctldl.windowsupdate.com” にアクセスできなかったとしても、社内のファイル サーバーに、本来 “http://ctldl.windowsupdate.com” から取得する情報を予めダウロードしておき、信頼されているルート証明書のリスト、および信頼されていない証明書のリストをクライアントに確認させる運用をされているお客様もいらっしゃるかと思います。その様な状況においても、ファイル サーバー上に ”Pinrulesstl.cab” が存在しない場合、Windows 10 / Windows Server 2016 以上の OS では、今回の問題が発生します。

==============================
■ 事象の発生経緯
==============================

Windows 10 / Windows Server 2016 からは、セキュリティ強化を目的として、ルート証明書更新プログラム実行時、証明書の検証を行う際に ”Pinrulesstl.cab” ファイルをチェックする要件が加わりました。

”Pinrulesstl.cab” ファイルには証明書のチェーン情報が格納されており、こちらのファイルを確認することで、内部のドメイン名が意図しない証明書や不正に発行された証明書にチェーンするのを防ぐことができ、man-in-the-middle 攻撃を減らすことが可能となっております。

そして、Windows 10 / Windows Server 2016 以上の OS が、この ”Pinrulesstl.cab” ファイルにアクセス出来ない場合の具体的な動作は以下の通りです。

1.  ”Pinrulesstl.cab” にアクセスが出来ないと、アクセスに失敗したタイミングでレジストリ "PinRulesLastError" の値が更新されます。
2. レジストリ "PinRulesLastError" の値が書き換わると、CryptSvc サービスが、appidsvc (Application Identity Service) サービスを呼び出します。
3.  呼び出された appidsvc サービスが、appidcertstorecheck.exe を起動させるタスクを実行します。
4.  appidcertstorecheck.exe が起動します。

上記の動作は、”事象の発生条件” に合致した端末上で、ルート証明書更新プログラムが実行される度に発生します。
また、呼び出された appidcertstorecheck.exe が自動的に終了することはなく、OS が起動している間はタスク リストに溜まり続けることとなります。
その結果、appidcertstorecheck.exe が大量に滞留し、結果としてタスク マネージャ―上に appidcertstorecheck.exe が大量に表示される状況となります。

==============================
■ 事象の対処策
==============================

本事象を解消させる方法は、大きく分けて以下 3 点の内 “いずれか” となります。

[A] ルート証明書更新プログラムを無効化する

[B] “pinrulesstl.cab” ファイルを、社内の共有フォルダに配置する

[C] クライアントから直接インターネット上の “http://ctldl.windowsupdate.com” にアクセス出来るようにする

上記 3 点の、具体的な対処手順は以下の通りです。

-----------------------------------------------------------------------------------------------------------------------
[A] ルート証明書更新プログラムを無効化する
-----------------------------------------------------------------------------------------------------------------------

こちらは、インターネットに接続できないクローズドの環境、且つ信頼されているルート証明書のリスト、信頼されていない証明書のリストを社内のファイル サーバーにダウンロードして、各クライアントに参照させる運用をされていない環境において有効な対処策です。

上述の通り、"ctldl.windowsupdate.com" への通信や、”Pinrulesstl.cab” ファイルのチェックは、各端末の “ルート証明書更新プログラム” と呼ばれる機能が有効である場合に自動で行われます。

※ ルート証明書の自動更新プログラムは、Windows Update とは異なる機能ですが、アクセスする URL は上記の通り "http://ctldl.windowsupdate.com" であり、WindowsUpdate のサイトになります。

その為、“ルート証明書更新プログラム” 自体を無効化することで、”Pinrulesstl.cab” のチェックは行わなくなりますので、今回の事象を回避することが可能です。

// ルート証明書更新プログラムの無効化手順
---------------------------------------------------------------------------

ルート証明書更新プログラムは、以下のグループ ポリシー、もしくは後述のレジストリを直接編集することで無効化することが可能です。

<グループ ポリシー>
[コンピュータの構成]
- [ポリシー]
- [Windowsの設定]
- [セキュリティの設定]
- [公開キーのポリシー]
- [証明書パス検証の設定]
- [ネットワークの取得] タブで [これらのポリシーの設定を定義する] にチェックを入れた上で、[Microsoft ルート証明書プログラムで証明書を自動更新する] のチェックを外します。

<レジストリ>
キー： HKEY_LOCAL_MACHINESoftwarepoliciesMicrosoftSystemCertificatesAuthRoot
REG_DWORD： DisableRootAutoUpdate
値： 1

// ルート証明書更新プログラム を無効化することによる影響
---------------------------------------------------------------------------

ルート証明書更新プログラムを無効化することによる影響としては、ルート証明書更新動作が行われず、必要に応じてルート証明書を取得する動作が発生しなくなります。

ルート証明書更新プログラムを無効化が許容される環境としましては、明示的に必要なルート証明書が既に端末にインポートされている環境や、アプリケーション側で証明書エラーとなった際もそれを無視するような例外設定を行っている環境等です。

もしルート証明書更新プログラムが無効で、且つ端末の証明書ストアにも必要なルート証明書がインポートされていない場合は、証明書エラーとなり必要な通信が行えない状況となる可能性がございます。
(証明書エラーとなった際の処理はアプリケーションに依存いたします。)

なお、インターネットに接続できないクローズドの環境、且つ信頼されているルート証明書のリスト、信頼されていない証明書のリストを社内のファイル サーバーにダウンロードして、各クライアントに参照させる運用をされていない環境においては、(元々 "ctldl.windowsupdate.com" 内のコンテンツは参照されませんので) 無効化いただくことによる影響はございません。

-----------------------------------------------------------------------------------------------------------------------
[B] “pinrulesstl.cab” ファイルを、社内の共有フォルダに配置する
-----------------------------------------------------------------------------------------------------------------------

こちらは、信頼されているルート証明書のリスト、および信頼されていない証明書のリストを社内のファイル サーバーにダウンロードし、各クライアントに参照させている場合に有効な対処策です。

Windows Vista SP2 / Windows Server 2008 SP2 以降、インターネットに接続されている端末にて「certutil -syncwithwu」コマンドを実行することで、インターネット上のサイト “http://ctldl.windowsupdate.com” に公開されている情報を、任意のローカル フォルダーにダウンロードすることが可能となりました。
※ Windows 8 / Windows Server 2012 までの OS でこの機能を有効化する為には、セキュリティ アドバイザリ2854544 (KB2813430) の適用が必要。
※ こちらの動作の詳細につきましては、記事の末尾の “参考サイト” をご参照ください。

ただし、Windows 10 / Windows Server 2016 未満の OS 上で「certutil -syncwithwu」コマンドを実行しても、”Pinrulesstl.cab” ファイルはダウンロードされません。
その為、Windows 10 / Windows Server 2016 以上の端末から「certutil -syncwithwu」コマンドを実行して、”Pinrulesstl.cab” ファイルを社内の共有フォルダーに配置していただけます様お願いいたします。

手順は以下の通りです。

// ”Pinrulesstl.cab” ファイルを社内の共有フォルダーに配置する手順
------------------------------------------------------------------------------------

1. インターネットに接続可能な Windows 10 / Windows Server 2016 以上の端末を用意します。

2. 上記端末に、管理者権限を保持するアカウントでログオンします。

3. コマンド プロンプトを開き、以下のコマンドを実行します。

certutil -syncwithwu

4. にダウンロードされた ”Pinrulesstl.cab” ファイルを、社内の共有フォルダにコピーします。

なお、既存の自動更新端末を Windows 10 / Windows Server 2016 以上の端末に変更して、 を社内の共有フォルダに直接指定していただくことで、”Pinrulesstl.cab” ファイルをコピーする工数がなくなります。
将来的な運用工数削減の為に、こちらも併せてご検討ください。

-----------------------------------------------------------------------------------------------------------------------
[C] クライアントから直接インターネット上の “http://ctldl.windowsupdate.com” にアクセス出来るようにする
-----------------------------------------------------------------------------------------------------------------------

こちらは、クライアントから直接インターネット上の “http://ctldl.windowsupdate.com” にアクセスできるように、構成を変更することが可能な場合に有効な対処策です。

OS バージョンが Windows 10 / Windows Server 2016 以上の端末が、直接インターネット サイトにアクセス出来るようにすることで、“http://ctldl.windowsupdate.com” から、必要に応じて ”Pinrulesstl.cab” ファイルのチェックを行うことが可能となります。

ただし、クライアントが直接インターネットにアクセスできる環境である場合でも、プロキシ サーバーを中継している場合は注意が必要です。
ルート証明書更新プログラムにおける “http://ctldl.windowsupdate.com” へのアクセスは WinHTTP が利用されます。

WinHTTP では、ブラウザのプロキシ設定は利用されず、別途 WinHTTP の為のプロキシ設定が必要です。
こちらの、WinHTTP のプロキシ設定がされていない為に、”http://ctldl.windowsupdate.com” へのアクセスが拒否され、”Pinrulesstl.cab” にアクセスが出来ない為に、結果的に今回の事象に発展します。

こちらが原因で事象が発生している場合は、以下の手順で WinHTTP のプロキシ設定を行うことで、事象が改善される可能性がございます。

-----------------------------------------
WinHTTP プロキシの設定手順
-----------------------------------------

// Internet Explorer のプロキシ設定を、そのまま WinHTTP プロキシ設定に取り込む場合
-------------------------------------------------------------------------------------------------------------

1. 対象の全社端末にログオンの上、コマンド プロンプトを起動します。

2. 以下のコマンドを実行します。

netsh winhttp import proxy source=ie

3. 以下のコマンドで現在の WinHTTP プロキシ設定を確認し、意図したサーバーの IP アドレス (もしくは FQDN) が設定されているか確認します。

netsh winhttp show proxy

// Internet Explorer とは別のプロキシを設定する場合
-------------------------------------------------------------------------------------------------------------

1. 対象の全社端末にログオンの上、コマンド プロンプトを起動します。

2. 以下のコマンドを実行します。
※ ここでは、例として "testproxy.example.com" というプロキシ サーバーを 8080 番ポートで設定しています。

netsh winhttp set proxy proxy-server="testproxy.example.com:8080"

3. 以下のコマンドで現在の WinHTTP プロキシ設定を確認し、意図したサーバーの IP アドレス (もしくは FQDN) が設定されているか確認します。

netsh winhttp show proxy

// WinHTTP のプロキシ設定のリセット手順
-------------------------------------------------------------------------------------------------------------

WinHTTP のプロキシ設定をリセット (空の状態に) したい場合は、以下のコマンドを実行します。

netsh winhttp reset proxy

以上です。

<参考情報>

- ルート証明書プログラム
URL:https://docs.microsoft.com/ja-jp/security-updates/planningandimplementationguide/28561627

- Windows PKI – その2 – ルート証明書更新プログラムとは？
URL:https://blogs.technet.microsoft.com/jpntsblog/2009/12/24/windows-pki-2/

- セキュリティ アドバイザリ2854544 (KB2813430) ～ ルート証明書更新プログラムの管理強化
URL:https://blogs.technet.microsoft.com/jpsecurity/2013/06/11/2854544-kb2813430/

特記事項
本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。

外科手術を始め、医師たちが患者の命を直接預かる医療の最前線は、今も個人の経験に基づく "暗黙知" に支えられています。手術経験が豊富な医師が持つスキルやノウハウ、患者ごとの臓器の位置や動きなどを的確にとらえる "感覚" を、若い医師に伝える手段は、主に "言葉" と "平面画像" に頼るほかなく、多くの医師がもどかしさを覚えていました。こうした、非効率的な状況を打破するために、外科医である杉本 真樹 氏は、1 つのアイデアを実行に移しています。それが、MR (Mixed Reality : 複合現実) の積極活用を軸とした、"医療現場におけるデジタル トランスフォーメーションの推進" でした。

新薬や医療機器など、医療を支えるライフサイエンスに関するテクノロジーは常に進化を続けていますが、医療スタッフを支える情報共有環境は旧態依然としており、"医師と患者" のコミュニケーションだけではなく "医療スタッフ間" のコミュニケーションにおいて、さまざまな非効率が存在しているというのです。

続きはこちら

執筆者: Sudhakar Sannakkayala (General Manager, Azure Data)

このポストは、2018 年 9 月 24 日に投稿された Latest updates to Open Source Database Services for Azure – Ignite 2018 の翻訳です。

2018 年 7 月に投稿したブログ記事では、MySQL と PostgreSQL 向けの Azure データベース サービスに新機能を追加しようと奮闘するチームの取り組み (英語) を紹介しました。そして、リレーショナル データベース エンジンの選択肢を広げ、一連の新機能をお届けするために行ってきたその成果が、Ignite 2018 に合わせて披露されます。この記事では、Azure の新サービスと既存のサービスに追加された新機能についてさらに詳しくお伝えしたいと思います。こうした新サービスや機能向上の取り組みは、お客様やユーザーの皆様からいただいたフィードバックをもとに実施しています。

Azure Database for MariaDB のプレビューを公開

Azure Database for MariaDB サービスのプレビューの提供が開始されました。このサービスは、エンタープライズ レベルのフル マネージドのコミュニティ版 MariaDB を提供するもので、オープンソースの互換性、組み込みの高可用性、動的スケーリング、柔軟な価格体系を特徴としています。MariaDB Community Edition をご利用いただくと、リフト アンド シフト方式でクラウドに簡単に移行できるほか、お好みの言語やフレームワークを使用できます。今回のリリースにより、高機能の MariaDB を Azure 上で実行できるようになりました。

Azure Database for MySQL – リード レプリカ機能のプレビューを公開

Azure Database for MySQL で、データの非同期の連続レプリケーションがサポートされました。1 つの Azure Database for MySQL サーバー (マスター) から、同じリージョンの 5 つまでの Azure Database for MySQL サーバー (レプリカ) へのレプリケーションが可能です。これにより、読み取り操作の多いワークロードを、1 つの Azure Database for MySQL サーバーのキャパシティに縛られることなくスケーリングし、ユーザーの設定に応じてレプリカ サーバー間で負荷分散できます。レプリカ サーバーは読み取り専用です。ただし、マスターでのデータに対する変更に伴ってレプリケートされる書き込み操作は例外です。レプリカ サーバーへのレプリケーションを停止すると、そのサーバーはスタンドアロン サーバーとなり、読み取りも書き込みも受け付けるようになります。

Azure Database for PostgreSQL – Intelligent Performance 機能のプレビューを公開

Intelligent Performance サービスの一環として、Azure Database for PostgreSQL で Query Store、Query Performance Insight、Performance Recommendations のプレビューがサポートされました。これらの機能を組み合わせてデータベースを調べることで、ワークロードをより深く理解したり、ボトルネックを特定したり、クエリ パフォーマンスの変化を検出したりすることができます。

• Query Store は、クエリ実行の統計情報と待機イベントの分布情報を収集、保存する機能です。この機能によってデータベースを調べることで、ワークロードへの深い理解、ボトルネックの特定、クエリ パフォーマンスの変化の検出が可能になります。Query Store は、Intelligent Performance の他の 2 つの機能である Query Performance Insight と Performance Recommendations の基盤でもあります。
• Query Performance Insight を利用すると、データベース ワークロードを Azure Portal の GUI で調査し、実行時間の長いクエリを特定したり、クエリに関連する待機の統計を調べたり、クエリ パフォーマンスの変動を確認したりすることができます。
• Performance Recommendations を利用すると、データベースを分析し、そのデータベースのパフォーマンス向上のための推奨事項のリストを取得できます (ある場合)。現時点で Performance Recommendations 機能によって得られるのは、インデックス作成に関する推奨事項のみです。インデックス作成に関する各推奨事項には、テーブル名や列名などの一般的な情報と共に、関連するインデックスを作成するための SQL コマンドが含まれています。パフォーマンスの推奨事項に従って対策を講じるには、コマンドをコピーして PostgreSQL クライアント アプリケーションに貼り付けるだけです。なお、パフォーマンスの推奨事項を実装した後はパフォーマンス テストを実施し、変更による影響を確認するようにしてください。

MySQL および PostgreSQL 向けの Azure データベース サービス – Advanced Threat Protection のプレビューを公開

Azure Database for MySQL と Azure Database for PostgreSQL の Advanced Threat Protection を利用すると、潜在的な脅威が発生したときに適切に検出、対処できます。ユーザーには、不審なデータベース アクティビティが発生した際に、潜在的な脆弱性、データベースへの異常なアクセス、クエリ パターンが記載されたアラートが届きます。この機能は Azure Security Center のアラートと統合されており、不審なアクティビティの詳細と、そうしたアクティビティを調査、抑制するための推奨事項を提示します。Advanced Threat Protection があれば、セキュリティの専門家の支援を受けたり、高度なセキュリティ監視システムを管理したりしなくても、データベースに対する脅威に簡単に対処できます。

MySQL および PostgreSQL 向けの Azure データベース サービス – Azure へのオンライン移行機能のプレビューを公開

Azure Database Migration Service (DMS) は、複数のデータベース ソースから Azure Data プラットフォームへと最小限のダウンタイムでシームレスに移行できるフル マネージド サービスです。このサービスで以下の機能のプレビューがサポートされるようになりました。

• オンプレミスまたは仮想マシン上で稼動している MySQL データベースを Azure Database for MySQL に移行
• オンプレミスまたは仮想マシン上で稼動している PostgreSQL データベースを Azure Database for PostgreSQL に移行

MySQL、PostgreSQL、MariaDB 向け Azure データベース サービスの関連情報

これらのデータベース サービスをご利用のお客様は、以下の関連情報もぜひご確認ください。

• Azure Database for MariaDB
  • サービス概要
  • ドキュメント
  • フィードバック フォーラム (英語)
• Azure Database for MySQL
  • サービス概要
  • ドキュメント
  • フィードバック フォーラム (英語)
• Azure Database for PostgreSQL
  • サービス概要
  • ドキュメント
  • フィードバック フォーラム (英語)
• Azure の無料アカウントにサインアップ
• Azure Database Migration ガイド (英語)

今回は、MariaDB、MySQL、PostgreSQL 向けの Azure データベース サービスでご利用いただける最新機能をご紹介しました。皆様の業務にお役立ていただけますと幸いです。アイデアやご提案がありましたら、ぜひ MariaDB (英語)、MySQL (英語)、PostgreSQL (英語) の UserVoice に投稿してください。

Good day all,

In this short post I want to present a strange behavior in the TechNet Wiki editor regarding uploading images. This behavior can be considered as a BUG. During this post I will explain the issue, present the steps to reproduce the issue, and present a simple solution to workaround this issue for the sake of future cases.

Credit

On October 15 Jayendran Jay reported a BUG in our Facebook group. Jayendran noticed that the "Upload Image" option in the TechNet Wiki editor is missing, and other members confirmed that they saw this issue as well.  You can watch the original discussion here. Thanks Jayendran for reporting this issue.

Issue description

In order to embed images into TechNet Wiki article we use the button "Insert Image" as can be seen in the image below.

Once you click the button a new window (div) opened which include several tabs: (1) From Computer, (2) From Site Search, and (3) From URL.

It seems that from time to time people get a different window which does not include the first option "From Computer", which is the one we need to use in order to upload image from our local machine to the TechNet Wiki system.

At first glance and according to the original reports, it seems that the issue appears randomly from time to time, which make it a bit more complex to monitor.

Problem's explanation & Reproducing the issue

Personally, I never saw this issue before this report. I tried to reproduce the issue during the next several days without success, using different versions of browsers and different types of browsers and using different resolutions of screen (one of my guess was that this related to resolution)...

Just several minutes before I meant to respond to the original report and say that I have no idea what is the source of the issue...  suddenly it happened to me as well, which make it simple to find the source.

* It is almost impossible to find a source of an issue if we cannot see it our-self and reproduce it.

Now, that I saw the issue, I could finally examine it. Next step was to reproduce the issue. Once I did this, I can say that I am pretty sure that I found the source of this strange behavior, and I can explain it.

Reproduce the issue:

1. Login to the TechNet Wiki system
2. Open the article in edit mode
3. In a separate browser windows open another page of the TN Wiki
4. Logout in the second windows
5. In the first windows try to add image now and you get this behavior

Explanation:

This strange form which does not include the option to upload file, is what non registered users gets.

There are several reasons that can lead to the end of your browser session, including server side reasons like restart of the application/service, or client related reasons like connection timeout or connection issue (even for short time). In most cases , you do not know that you actually disconnected since the Wiki log you in automatically, but In these cases if you are in the middle of editing your article then you might get this issue.

Workaround

Since the issue related to the fact that the user is not login to the system, the solution can be very simple. Open another window to the TechNet Wiki-> Login to the system -> and close the new windows. Now you will be able to continue your work in the original windows and you will get the option to upload files.

Summery

If you try to upload image and you notice that the windows does not include the option "From Computer", then your session was probably ended. In this case you can open a second window and login the Wiki system using that window. Once you are login the system, you can go back to the original window and continue your work.

I hope that this post will be useful, and I want to emphasize how important it is for us to get your reports about bugs that you notice in the system. Your reports help us to examine the issue and if needed we can escalate the issue to the Microsoft team.

Don't forget to join us on TN Wiki Facebook group

Microsoft Ignite 2018 took place in Orlando, Florida few weeks ago. It is an annual Microsoft conference for ITPros with more then 700+ sessions and 100+ announcements.

Let's review what announcements are relevant if you are migrating from your datacenter to Azure.

First of all, 2 new regions were announced - Norway West and Norway East. Great opportunity for customers and partners in Nordics to migrate their workloads to Azure with no or minimal network latency impact. Total number of Azure regions is now 54 (available + announced).

Also there were many updates on IaaS:

• 5 new VM series were announced:
  • NVv2. Architected to support remote visualization workloads and other graphics intensive applications. The new NVv2 VMs feature up to 448GiB of RAM - twice the amount of memory present in the prior NVv1 generation - an upgraded CPU class and are backed by the NVIDIA Tesla M60 GPU. The NVv2 VMs will also support Premium SSDs and they have been optimized for applications like CAD, gaming and interactive 3D design. They are in private preview right now, and if you are interested - request access here.
  • NDv2. A new addition to the ND-series, NDv2 VMs focus on deep learning training and inferencing as well as machine learning. The new NDv2 will feature up to 8 NVIDIA Tesla V100 Tensor core GPUs interconnected via NVIDIA NVLink GPUs and up to 40 Intel Skylake cores aimed to deliver high quality results even faster. NDv2 VMs are expected to be in preview by the end of 2018.
  • HB. These new VMs will feature 60 AMD EPYC cores and 240 GiB RAM. They have the highest amount of memory bandwidth (260GBps) in the public cloud. This is really valuable for calculations required in fluid dynamics and weather forecasting. Preview will start later this year, and if you are interested - request access here.
  • HC. These VMs are optimized for computationally intensive workloads. The HC will feature up to 352 GiB RAM, 44 Intel Skylake cores with clock speeds up to 3.7 GHz, and will support Intel’s rich ecosystem of HPC software tools. Preview will start later this year, and if you are interested - request access here.
  • DC. A new family of virtual machines in Azure that can help protect the confidentiality and integrity of your data and code while it’s processed in the public cloud. These machines are backed by the latest generation of 3.7GHz Intel Xeon E-2176G Processor with SGX technology. With the Intel Turbo Boost technology these machines can go up to 4.7GHz. DC series instances enable customers to build secure enclave-based applications to protect their code and data while it’s in use.

• Managed Disks enhancements:
  • Standard SSD Managed Disks are now generally available. Standard SSD Disks are a cost-effective storage option optimized for workloads that need consistent performance at lower IOPS levels. Standard SSD Disks store data on Solid State Drives (SSDs) whereas our Standard HDD disks store data on Hard Disk Drive (HDD). Standard SSDs deliver better availability, consistency, reliability and latency compared to HDD Disks, and are suitable for Web servers, low IOPS application servers, lightly used enterprise applications, and Dev/Test workloads.
  • Ultra SSD Managed Disks are now available in public preview. Ultra SSD provides top of the line performance at the same availability levels as our other disks offerings. Additional benefits of Ultra SSD include the ability to dynamically tune disk performance, without the need to restart your virtual machines. Ultra SSD is designed for I/O-intensive workloads such as SAP HANA, top tier databases (e.g. SQL, Oracle), and other transaction-heavy workloads.
  • Larger Managed Disks - up to 32 Tib for regular tiers and up to 64 TiB for new Ultra SSDs. Significant increase comparing to old 4 TiB limit.With new disk sizes, Premium SSD performance will now reach up to 20,000 IOPS and 750MBps, and Standard SSD will now reach up to 2,000 IOPS and 500MBps. New disk sizes are in public preview now and available only in West Central US region, but they will be rolled out in other regions after GA.

New network services and features:

• ExpressRoute Direct. New mode of ExpressRoute that provides an ability to connect your network directly into Microsoft’s global network at peering locations strategically distributed across the world. ExpressRoute Direct provides dual 100Gbps connectivity, which supports Active/Active connectivity at scale. Now you can connect your datacenter directly to the closest Azure region with fast and reliable 100Gbps pipe.
• ExpressRoute Global Reach. New feature of ExpressRoute, that allows you to link together several ExpressRoute circuits in different parts of the world.
• Azure Firewall is now GA. Azure Firewall is a managed, cloud-based network security service that protects your Azure Virtual Network resources. It is 1st-party fully stateful firewall as a service with built-in high availability and unrestricted cloud scalability.
• Azure Virtual WAN is now GA and has new features in private preview. Azure Virtual WAN is a networking service that provides optimized and automated branch-to-branch connectivity through Azure. Virtual WAN lets you connect and configure branch devices to communicate with Azure. In addition to site-to-site connections (which are GA now), you can add point-to-site and ExpressRoute connectivity to Virtual WAN environment.
• VMware NSX SD-WAN for Azure Virtual WAN. VMware and Microsoft will enable customers to redesign their networks for optimized cloud access using SD-WAN and a Virtual Cloud Network architecture. The solution will combine Microsoft Virtual WAN, which spans 130 edge sites or Points of Presence (PoPs), with the optimization, security, and ease of deployment and use provided by cloud-delivered NSX SD-WAN by VeloCloud cloud.
• New Azure DDoS protection features - DDoS Attack Analytics and DDoS Rapid Response. They provide enterprise grade visibility and support to customers when their resources are under attack. DDoS Attack Analytics provides attack insights that can be used for compliance, security audits and post attack analysis to optimize defense strategies and security operations. DDoS Rapid Response will enable customers to engage DDoS experts during an active attack for specialized support.
• Azure Front Door. New service that allows to deliver and protect global applications close to your end users with a "battle-tested" service built on world-class Microsoft Global Network infrastructure. This service is a commercialized representation of a solution, that was used by Bing, OneDrive and Xbox Live teams to deliver applications globally.

New products in Azure Data Box family that allow you to quickly and cost-effectively move data from your datacenter to Azure:

• Data Box offline devices easily move data to Azure when busy networks aren’t an option:
  • Data Box - ruggedized device, with 100 TB of capacity, uses standard NAS protocols and common copy tools. It features AES 256-bit encryption for safer transit. This solution is now GA and you can order it through Azure Portal in US and Europe (other regions will follow).
  • Data Box Disk - Microsoft-provided 8 TB SSD, with a USB/SATA interface and 128-bit encryption. It comes in packs of up to five for a total of 40 TB.
  • Data Box Heavy - as its name implies, this ruggedized, self-contained device is designed to lift 1 PB of data to the cloud.
• Data Box online appliances transfer data to and from Azure over the network:
  • Data Box Gateway - storage solution that enables you to seamlessly send data to Azure and back. It is a virtual device based on a virtual machine provisioned in your virtualized environment. The virtual device resides in your premises and you write data to it using the NFS and SMB protocols. The device then transfers your data to Azure block blob, page blob, or Azure Files.
  • Data Box Edge - on-premises physical network appliance that transfers data to and from Azure. Analyze, process, and transform your on-premises data before uploading it to the cloud using AI-enabled edge compute capabilities powered by Intel FPGA. It includes Azure Data Box Gateway, mentioned previously, and Azure IoT Edge.

New file services:

• Avere vFXT for Azure. Caching solution from a company, that was recently acquired by Microsoft. It tiers data stored in Azure Blob to an SSD-based cache in Azure Compute while the job is running. Once processing is complete, the data is written back into Blob. With this flexibility to support hybrid deployments and edge computing, the Avere vFXT becomes an important part of a cloud migration strategy for file-based applications in HPC environments.
• Azure NetApp Files. Jointly developed by Microsoft and NetApp, Azure NetApp Files is a native Azure service powered by NetApp’s ONTAP technology and storage expertise. It is designed to meet and exceed most organizational requirements for performance, scalability, data management, security and more.
• Azure File Sync. This service replicates files from on-premises Windows Server to an Azure file share. Azure File Sync enables you to centralize your file services in Azure while maintaining local access to your data.
• Azure Premium Files. New service that provides fully managed file services, optimized to deliver consistent performance at 100 times improvement from the existing Azure Files. It's designed for IO intensive enterprise workloads that require high throughput and a single digit millisecond latency.

Azure SQL Database Managed Instance is now GA. Azure SQL Database Managed Instance is a new deployment model of Azure SQL Database, providing near 100% compatibility with the latest SQL Server on-premises (Enterprise Edition) Database Engine, providing a native virtual network (VNet) implementation that addresses common security concerns, and a business model favorable for on-premises SQL Server customers. Managed Instance allows existing SQL Server customers to lift and shift their on-premises applications to the cloud with minimal application and database changes. At the same time, Managed Instance preserves all PaaS capabilities (automatic patching and version updates, automated backups, high-availability ), that drastically reduces management overhead and TCO. Great option if you have SQL Servers in the scope of datacenter migration project. Also it is important to mention that:

• Now you can pre-pay for Azure SQL Database Managed Instance capacity for 1 year or 3 years and get a significant discount.
• Database Migration Assistant (DMA) - essential tool for SQL Server migration, now has full support for Azure SQL Database Managed Instance. Also there were important updates for Azure Database Migration Service.

Other updates worth to mention:

• Windows Server 2019 is now GA. Check this article to learn what's new in the latest version of Windows Server.
• New services for Azure Stack - Kubernetes, Event Hubs and Service Fabric.
• Now you can move VMs with managed disks from one subscription to another. E.g. from Azure subscription in EA to CSP, vice versa.
• Azure Cloud Shell is now GA. Azure Cloud Shell is an interactive shell for managing Azure resources, accessible directly from Azure Portal with one click. It provides the flexibility of choosing the shell experience that best suits the way you work. Linux users can opt for a Bash experience, while Windows users can opt for PowerShell.
• Azure Database portfolio now includes MariaDB (in preview) in addition to MySQL, PostgreSQL and SQL Server.
• Windows Virtual Desktop was announced and will be available in private preview later this year. It is a new VDI solution, that will allow you to deploy and scale Windows and Office clients on Azure in minutes, with built-in security and compliance.
• Azure Blueprints is not available in public preview. Azure Blueprints enables you to rapidly provision and stand up new environments knowing that they're built within organizational compliance and contain a set of built-in components. Blueprints are a declarative way to orchestrate the deployment of multiple resource templates and other artifacts such as role assignments, policy assignments, Azure Resource Manager templates and Resource Groups.

That's only a small portion of all Azure announcements that were made on Ignite 2018. Full list of announcement can be found here. All session recordings and decks can be found here.

And as a bonus - here are the recordings of sessions that you can't miss:

1. BRK2041 - A deeper look at Azure Storage with a special focus on new capabilities. Great insights into an evolution of hardware, backing up Azure storage services and the future of cost-efficient data storage in the glass and using DNA.
2. BRK2483 - Azure networking internals. How global Azure network looks on the other side and what are the challenges that Microsoft solves while operating one of the largest software-defined networks in the world.
3. BRK3296 - Tips and tricks to get the most out of your Azure virtual machines. Number of insider tips on how to get the most out of your Azure virtual machines.
4. BRK3055 - Azure migration deep dive: Accelerate your migration with the right tools. This session, rich in demos, shows you how to leverage Azure migration services, such as Azure Migrate, Azure Site Recovery, and Database Migration Service, to automate and accelerate your migration.
5. BRK2414 - Migrating your Linux solutions to Microsoft Azure. Overview of existing services and IP that will help you with the migration of Linux solutions to Azure.
6. BRK3337 - Azure migration customer experiences and best practices. Learn the steps Azure customers have used to migrate applications from on-premises data centers to Azure.
7. BRK3165 - Azure SQL Database Managed Instance: Migrate SQL Servers easily to a fully managed cloud service and BRK3163 - Securing Azure SQL Database Managed Instance: Overview and best practices - if you want to learn more about new Azure SQL Database Managed Instance.

Speciální snížené DevTest ceny Azure jsou ode dneška aplikovány také na Azure SQL DB provozované v režimu v režimu vCore. V neprodukčním prostředí se tak můžete dostat pod polovinu běžné ceny.

Viz zjednodušená kalkulace pro Business Critical Azure SQL DB 8CPU Elastic Pool

Princip Azure DevTest cen jsem popsal kdysi zde, oficiální stránka je tady.
Zjednodušeně je o to, že vývojáři s aktivním předplatným Visual Studia mohou zakládat v režimu EA nebo PAYG „Azure DevTest subskripce“, které se účtují jinak než běžné produkční subskripce. Na nich ale musí běžet neprodukční DevTest, POC, UAT,.... prostředí.

Pozn. Azure DevTest pricing jde aplikovat pouze na Subsckripce založené v rámci platebních modelů Enterprise Agreement a PAYG (karta nebo faktura), nelze použít v modelech OPEN nebo CSP.

Buri

ValidationContext.MemberName プロパティの不具合についてお知らせいたします。

.NET Framework 4.7.2 までの .NET Framework において、System.ComponentModel.DataAnnotations 名前空間の ValidationContext クラスの MemberName プロパティを ASP.NET の Web フォームのアプリケーションから参照した場合に値が null になるという不具合がございます (ASP.NET MVC や ASP.NET Web API からの利用時は問題ございません)。

この問題は 2018年 10 月の時点で修正されておりませんが、修正に向けて検討が進められており、今後進展がありましたら本ブログ記事を更新いたします。

ユーザー様にはご不便をおかけいたしておりますことを深くお詫び申し上げます。

ValidationContext.MemberName Property

https://docs.microsoft.com/en-us/dotnet/api/system.componentmodel.dataannotations.validationcontext.membername?view=netframework-4.7.2

本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。

Windows 10 をお使いのお客様は「Windows Update の利用手順 - Windows 10 の場合」を、Windows 8.1 をお使いのお客様は「Windows Update の利用手順 - Windows 8.1 の場合」をご覧ください。

Windows Update / Microsoft Update を使用することで、お使いのコンピューターに利用可能な Windows や Office などの更新プログラムをインストールすることができます。更新プログラムには、セキュリティ対策に必要なセキュリティ更新プログラムやコンピューターの信頼性の向上のための更新プログラムがあります。

Windows 7 は、既定で自動更新が有効になっているため、更新を忘れることなく常にコンピューターを最新の状態にしておくことができます。また、Windows Update から Microsoft Update に切り替えることで、Windows に加え Office などすべてのマイクロソフト製品の更新プログラムをインストールできるようになります。

Windows Update の利用手順をビデオで確認する

Windows Update の利用手順

1. [スタート] から [すべてのプログラム] - [Windows Update] をクリックします。
   

2. 重要な更新プログラムを自動的に入手するには [更新プログラムの確認] ボタンをクリックします。

手順 2. で以下のように [その他のマイクロソフト製品の更新プログラムを入手します。] と表示されている方は、下記の「Microsoft Update に切り替える方法」を参照してください。

3. 利用可能な更新プログラムが検出されたら、[更新プログラムのインストール] ボタンをクリックします。
   
   
4. [更新プログラムをインストールしています] と表示されている間にダウンロード、インストールを実行します。しばらくお待ちください。
   

※ インストールがうまくいかない場合は、「Windows Update エラーを修正する」に記載の Windows Update トラブルシューティング ツールによる解決策をご確認ください。

5. [今すぐ再起動] ボタンが表示されたら、[今すぐ再起動] ボタンをクリックします。コンピューターが自動的に再起動します。[今すぐ再起動] ボタンが表示されなければ、画面右上の [X] ボタンをクリックして Windows Update の画面を閉じて終了してください。

Microsoft Update に切り替える方法

1. [スタート] から [すべてのプログラム] - [Windows Update] をクリックします。
    
2. [詳細情報の表示] をクリックします。
    
3. Internet Explorer が開きますので、表示された画面の[Microsoft Update の使用条件に同意します] にチェックを入れ、[次へ] ボタンをクリックします。
    
4. [Windows による更新プログラムのインストール方法を選択] 画面では、重要な更新プログラムおよび推奨される更新プログラムを自動的にインストールするには [推奨設定を使用] を選択し、[インストール] ボタンをクリックします。重要な更新プログラムのみをインストールする場合は [現在の設定を使用] を選択して[インストール] ボタンをクリックします。
    
5. 「Microsoft Update は正しくインストールされました」と表示された後、更新プログラムの確認の画面へ自動的に切り替わります。
    
6. 利用可能な更新プログラムが検出されたら、[更新プログラムのインストール] ボタンをクリックします。
    
7. [更新プログラムをインストールしています] と表示されている間にダウンロード、インストールを実行します。しばらくお待ちください。
    

※ インストールがうまくいかない場合は、「Windows Update エラーを修正する」に記載のWindows Update トラブルシューティング ツールによる解決策をご確認ください。

8. [今すぐ再起動] ボタンが表示されたら、[今すぐ再起動] ボタンをクリックします。コンピューターが自動的に再起動します。 [今すぐ再起動] ボタンが表示されなければ、画面右上の [X] ボタンをクリックして Windows Update の画面を閉じて終了してください。
   

関連リンク

Windows のバージョン確認方法

• Windows のバージョン確認方法

Windows Update の利用手順

• Windows 10
• Windows 8.1

自動更新が有効かを確認する方法

• サポート技術情報 12373: Windows Update: FAQ
• サポート技術情報 306525: Windows での自動更新の構成方法および使用方法

更新プログラムが正しくインストールされたかを確認する方法

• Windows 10
• Windows 8.1
• Windows 7

本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。

Windows 10 をお使いのお客様は「Windows Update の利用手順 - Windows 10 の場合」を、Windows 7 をお使いのお客様は「Windows Update の利用手順 - Windows 7 の場合」をご覧ください。

Windows Update / Microsoft Update を使用することで、お使いのコンピューターに利用可能な Windows や Office などの更新プログラムをインストールすることができます。更新プログラムには、セキュリティ対策に必要なセキュリティ更新プログラムやコンピューターの信頼性の向上のための更新プログラムがあります。

Windows 8.1 は、既定で自動更新が有効になっているため、更新を忘れることなく常にコンピューターを最新の状態にしておくことができます。また、Windows Update から Microsoft Update に切り替えることで、Windows に加え Office などすべてのマイクロソフト製品の更新プログラムをインストールできるようになります。

Windows Update の利用手順をビデオで確認する

Windows Update の利用手順

1. Windows キーを押しながら、W キーを押します。または、画面の右端からスワイプして [検索] をタップし (マウスを使っている場合は、画面の右上隅をポイントし、マウスポインターを下へ移動して [検索] をクリックし)、[設定] をタップまたはクリックします。
2. 検索ボックスに「Windows Update」と入力します。 
3. [更新プログラムのチェック] をタップまたはクリックします。 

更新プログラムのチェックが行われます。

4. [インストール] をタップまたはクリックします。 

[詳細の表示] (Windows 8 では [詳細を見る]) をタップまたはクリックするとインストールする更新プログラムにチェックが入っているかを確認できます。

5. [今すぐ再起動] ボタンが表示されたら、[今すぐ再起動] ボタンをクリックします。コンピューターが自動的に再起動します。 [今すぐ再起動] ボタンが表示されなければ、Windows Update の画面を閉じて終了してください。終了するには、マウスを使用している場合、アプリの上部をクリックし、画面の下部にドラッグします。タッチスクリーンを使用している場合は、アプリを画面の下までドラッグします。

Microsoft Update に切り替える方法

1. Windows キーを押しながら、S キーを押します。または、画面の右端からスワイプして [検索] をタップします。
2. 検索ボックスに「Windows Update」と入力して、[Windows の更新プログラムを自動的にインストールするかどうかを選ぶ] をタップまたはクリックします。 
3. Microsoft Update の [Windows の更新時に他の Microsoft 製品の更新プログラムを入手する] にチェックを入れて [適用] ボタンをタップまたはクリックします。 
4. 終了するには、マウスを使用している場合、アプリの上部をクリックし、画面の下部にドラッグします。タッチスクリーンを使用している場合は、アプリを画面の下までドラッグします。

関連リンク

Windows のバージョン確認方法

• Windows のバージョン確認方法

Windows Update の利用手順

• Windows 10
• Windows 7

自動更新が有効かを確認する方法

• サポート技術情報 12373: Windows Update: FAQ
• サポート技術情報 306525: Windows での自動更新の構成方法および使用方法

更新プログラムが正しくインストールされたかを確認する方法

• Windows 10
• Windows 8.1
• Windows 7

本ブログ記事は初級レベルから中級レベルのコンピューター ユーザーを対象にしています。

Windows 8.1 をお使いのお客様は「Windows Update の利用手順 - Windows 8.1 の場合」を、Windows 7 をお使いのお客様は「Windows Update の利用手順 - Windows 7 の場合」をご覧ください。

Windows Update / Microsoft Update を使用することで、お使いのコンピューターに利用可能な Windows や Office などの更新プログラムをインストールすることができます。更新プログラムには、セキュリティ対策に必要なセキュリティ更新プログラムやコンピューターの信頼性の向上のための更新プログラムがあります。

Windows 10 は、既定で自動更新が有効になっているため、更新を忘れることなく常にコンピューターを最新の状態にしておくことができます。また、Windows Update から Microsoft Update に切り替えることで、Windows に加え Office などすべてのマイクロソフト製品の更新プログラムをインストールできるようになります。

Windows Update の利用手順をビデオで確認する

Microsoft Update に切り替える方法をビデオで確認する

Windows Update の利用手順

1. [スタート] ボタンをクリックし、[設定] ボタンをクリックします。
    
2. [更新とセキュリティ] をクリックします。
    
3. [Windows Update] を選択し、[更新プログラムのチェック] をクリックします。
    
4. コンピューターの状態に応じてメッセージが表示されます。
   新しい更新プログラムがある場合は、[更新プログラムを確認しています...] に続き、[更新プログラムをインストールする準備をしています]、[更新プログラムをダウンロードしています] などのメッセージが表示され、ダウンロードおよびインストールが実行されます。しばらくお待ちください。
    
   [お使いのデバイスは最新の状態です] と表示されたら完了です。画面右上の [X] ボタンをクリックして Windows Update 画面を閉じてください。
   新しい更新プログラムをインストール後に再起動を求められる場合は、[今すぐ再起動する] ボタンをクリックし、コンピューターを再起動してください。再起動中にコンピューターの電源を切らないようご注意ください。
    

Microsoft Update に切り替える方法

1. [スタート] ボタンをクリックし、[設定] ボタンをクリックします。
    
2. [更新とセキュリティ] をクリックします。
    
3. [Windows Update] を選択し、[詳細オプション] をクリックします。
    
4. [Windows の更新時に他の Microsoft 製品の更新プログラムも入手します] にチェックを入れます。これで、Microsoft Update に切り替わりました。
    
5. 引き続き新しい更新プログラムを確認する場合は、左上の [←] (戻る) ボタンをクリックして表示された Windows Update の画面で [更新プログラムのチェック] ボタンをクリックします。更新プログラムの確認方法は、Windows Update の利用手順を参照してください。
    

関連リンク

Windows のバージョン確認方法

• Windows のバージョン確認方法

Windows Update の利用手順

• Windows 8.1
• Windows 7

自動更新が有効かを確認する方法

• サポート技術情報 12373: Windows Update: FAQ
• サポート技術情報 306525: Windows での自動更新の構成方法および使用方法

更新プログラムが正しくインストールされたかを確認する方法

• Windows 10
• Windows 8.1
• Windows 7

The title kinda says it all.

If you, like me, are the owner of a brand-new Surface Go, but also own another Surface Pro, you might find that the font weight is a little heavy by default when switching between side-by-side devices.

To fix that, just hit Start, type ClearType (OK, "Clear" is often enough) and run the ClearType text tuner. Then squint and/or answer honestly

It's not something everyone needs to do - my Mum doesn't have competing devices on a day-to-day basis - but it's worthwhile to do the "ClearType eye test" for whatever eye-distance at which you actually use your new Surface buddy!

(This post brought to you by someone that noticed BGR on my RGB display while reading this!) Hint: Ctrl+Win+= zooms in Magnifier, and Ctrl+Win+- zooms out again... No extra software needed...