Today's tip...

Great article! It includes:

• A list of buzzwords (nice touch!)
• Multiple architecture graphics

Check it out! Looking for something more? As stated in the PS at the bottom, there’s more to come. Stay tuned to the blog for a deeper dive and information on troubleshooting common issues.

References:

• “Networking in OpenShift for Windows” - https://blogs.technet.microsoft.com/networking/2018/12/06/drilling-into-networking-in-openshift-for-windows/
• Networking Blog - https://blogs.technet.microsoft.com/networking/

Today, a single breach, physical or virtual, can cause millions of dollars of damage to an organization and potentially billions in financial losses to the global economy. Each week seems to bring a new disclosure of a cybersecurity breach somewhere in the world. As we look at the current state of cybersecurity challenges today, we see the same types of attacks, but the sophistication and scope of each attack continues to grow and evolve. Add to these the threats of nation-state actors seeking to disrupt operations, conduct intelligence gathering, or generally undermine trust.

You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect, and respond to cybersecurity threats.

Like many companies, Microsoft takes technical dependencies upon a shared infrastructure, multiple teams, and inter-dependent services. Because of these dependencies, teams must work together to effectively detect and defeat the tactics of sophisticated attackers and cybersecurity threats.  With shared guidance and perspective, we can leverage existing people and process to respond to the previously “unseen” and the “unknown” issues that suddenly fall into scope. There are also situations where a group of people can share deep subject matter expertise, or cross-organizational talents and contacts, or some combination of qualities without having to resource them in each team.

Within the Microsoft Cyber Defense Operation Center (CDOC), we focus on these dependencies with teams that coordinate threat intelligence, security monitoring and incident response by exploiting both the common, and unique capabilities of each specialization. It is here that we leverage our global workforce of more than 3,500 security professionals across our product development teams, information security groups, and legal teams to protect our cloud infrastructure and services, products and devices, and internal resources. The engineering teams behind our commercial security solutions, like Azure Security Center (ASC), also take advantage of the Cyber Defense Operation Center (CDOC) community to test hypotheses and pre-flight solutions in a real-world environment. This model is based on a closed-loop system of intelligence, defense, and control that streamlines our security capabilities for more than 200 cloud services, over 100 datacenters, millions of devices, and over a billion customers around the globe.

It is also critical that Microsoft meet and exceed customer expectations of an enterprise-focused cloud provider.  Customers expect an integrated security operations center with a mission to enhance the capability, cooperation and information sharing in cyber defense by virtue of education, research and development, lessons learned and consultation.  By sharing the state of our security capabilities, as well as proposed improvement investments, we can replace vulnerability with capability by building innovative security solutions intended to outpace cyber adversaries. While security has always been a priority for Microsoft, we recognize that the digital world requires continuous advances in our commitment in how we protect, detect, and respond to cybersecurity threats. These three commitments define our approach to cyber defense and serve as a useful framework for our discussion of Microsoft’s cyber defense strategies and capabilities.

Microsoft’s protect tactics include:

• Multifactor authentication like Windows Hello for Business (H4B) is employed across our infrastructure to control identity and access management.
• Non-persistent administration using just-in-time (JIT) and just-enough administrator (JEA) privileges to engineering staff managing infrastructure and services. This provides a unique set of credentials for elevated access that automatically expires after a pre-designated duration
• Proper hygiene is rigorously maintained through updated, anti-malware software and adherence to strict patching and configuration management.
• Microsoft Security Development Lifecycle is used to harden all applications, online services and products, and to routinely validate its effectiveness through penetration testing and vulnerability scanning.
• Threat modeling and attack surface analysis ensures that potential threats are assessed, exposed aspects of the service are evaluated, and the attack surface is minimized by restricting services or eliminating unnecessary functions.
• Classifying data according to its sensitivity—high, medium or low business impact—and taking the appropriate measures to protect it, including encryption in transit and at rest, and enforcing the principle of least-privilege access provides additional protection.
• Awareness training that fosters a trust relationship between the user and the security team to develop an environment where users will report incidents and anomalies without fear of repercussion
• Extensive monitoring and controls over the physical environment of our global datacenters, including cameras, personnel screening, fences and barriers, and multi-factor authentication for physical access.
• Software-defined networks that protect our cloud infrastructure from intrusions and distributed denial of service attacks.
• Secure Admin Workstations are securely controlled, and provisioned workstations designed for both managing valuable production systems and daily activities like email, document editing and development work.
• Windows Defender Security Intelligence team of researchers identify, reverse engineer, and develop malware signatures and then deploy them across our infrastructure for advanced detection and defense. These signatures are available to millions of customers using Microsoft anti-malware solutions.

Having a rich set of controls and a defense-in-depth strategy helps ensure that should any one area fail, there are compensating controls in other areas to help maintain the security and privacy of our customers, cloud services, and our own infrastructure environment.

Microsoft operates under an Assume Breach posture. This simply means that despite the confidence we have in the defensive protections in place, we assume adversaries can and will find a way to penetrate security perimeters. It is then critical to detect an adversary rapidly and evict them from the network.

Microsoft’s detect tactics include:

• Monitoring network and physical environments 24x7x365 for potential cybersecurity events. Behavior profiling based on usage patterns and an understanding of unique threats to our services.
• Identity and behavioral analytics are developed to highlight abnormal activity.
• Machine learning software tools and techniques are routinely used to discover and flag irregularities.
• Advanced analytical tools and processes are deployed to further identify anomalous activity and innovative correlation capabilities. This enables highly contextualized detections to be created from the enormous volumes of data in near real-time.
• Automated software-based processes that are continuously audited and evolved for increased effectiveness.
• Data scientists and security experts routinely work side-by-side to address escalated events that exhibit unusual characteristics requiring further analysis of targets. They can then determine potential response and remediation efforts.

When we detect something abnormal in our systems, it triggers our response teams to engage.

Microsoft’s respond tactics include:

• Automated response systems using risk-based algorithms to flag events requiring human intervention.
• Endpoint Detection and Response (EDR) solutions for granular machine isolation, ability to restrict machine(s) and initiate AV updates and scans
• Well-defined, documented and scalable incident response processes within a continuous improvement model helps to keep us ahead of adversaries by making these available to all responders.
• Subject matter expertise across our teams, in multiple security areas, including crisis management, forensics, and intrusion analysis, and deep understanding of the platforms, services and applications operating in our cloud datacenters provides a diverse skill set for addressing incidents.
• Wide enterprise searching across both cloud, hybrid and on-premises data and systems to determine the scope of the incident.
• Deep forensic analysis, for major threats, are performed by specialists to understand incidents and to aid in their containment and eradication.
• Microsoft’s security software tools, automation and hyper-scale cloud infrastructure enable our security experts to reduce the time to detect, investigate, analyze, respond, and recover from cyberattacks.

There is a lot of data and tips in this strategy brief that I hope you will find useful. You can download the Cyber Defense Operations Center strategy brief to gain more insight into how we work to protect, detect and respond to cybersecurity threats. And I encourage you to visit the Microsoft Security Response Center’s website to learn more about how we build security into Microsoft’s products and services to help you protect your endpoints, move faster to detect threats, and respond to security breaches.

Happy hunting!
Microsoft’s Cyber Defense Operations Center:
Kristina Laidler, Sr. Director SOC and IR, Digital Security & Risk Engineering
Monica Drake, Principal Security Program Manager, Microsoft Security Response Center

The Microsoft Security Response Center is part of the defender community and on the front line of security response evolution. For more than twenty years, we have been engaged with security researchers working to protect customers and the global online community. For more information, please visit our website at www.microsoft.com/msrc and follow our Twitter page at @msftsecresponse.

Por: Frank X. Shaw, vicepresidente corporativo de comunicaciones en Microsoft.

Entrenamiento de campo del ICFJ.

Como parte de nuestra misión de impulsar a cada persona y organización en el planeta para que consigan más, Microsoft reconoce no sólo la necesidad fundamental de tener una prensa libre, sino también la necesidad fundamental de que la prensa libre se adapte a la manera en la que la gente busca información.

La tecnología ha impulsado a los ciudadanos a encontrar, crear y compartir información de maneras inusitadas. ¿Cómo podemos ayudar a los periodistas alrededor del mundo a contar historias, desde actualizaciones de deportes a investigaciones tipo perro guardián, en formas que promuevan la transparencia, el entendimiento y el involucramiento?

En esta ocasión nos sentimos orgullosos de anunciar el programa de subvenciones Microsoft Modern Journalism en colaboración con el Internacional Center for Journalists (ICFJ). Ubicado en Washington, D.C., el ICFJ tiene un historial de impulsar la innovación en las noticias, construir redes informativas, realizar programas de intercambio y promover la diversidad de voces. Su misión global, de construir la experiencia y las habilidades digitales que los periodistas necesitan para ofrecer noticias confiables esenciales para las sociedades dinámicas, ha creado hasta el momento una fuerte comunidad de 100 mil periodistas en 180 países.

Sharon Moshavi, vicepresidenta de nuevas iniciativas en ICJF, comparte su visión y opinión sobre esta nueva asociación:

“Estamos muy emocionados de asociarnos con Microsoft Modern Journalism Initiative para apoyar los proyectos de reporteo enfocados en análisis de datos y en storytelling inmersivo. A través de esos proyectos, buscamos resaltar las maneras innovadoras en que los periodistas pueden realzar la cobertura de noticias y conectar de manera más profunda con sus audiencias”.

El programa de subvenciones operará en dos fases: La primera entregará fondos y entrenamiento práctico en periodismo de datos a dos egresados de los programas del ICFJ. El periodismo de datos basa sus historias en hechos, hace la información transparente para sus audiencias, y sintetiza la narrativa pertinente esencial de lo que de otro modo sería una avalancha aplastante de información. Al perfeccionar las habilidades digitales de los periodistas, abordamos lo que el ICFJ ha definido como una “peligrosa” brecha en las salas de redacción.

La segunda fase entregará subvenciones para financiar y entrenar periodistas que necesitan abrir camino en el storytelling a través de tecnologías inmersivas como las transmisiones en vivo y la realidad combinada. Mientras que los datos invitan a una exploración basada en hechos a gran escala, el storytelling inmersivo puede ser bastante íntima. Es en estas experiencias compartidas donde el conocimiento se puede convertir en entendimiento, la observación puede generar empatía, y el aprendizaje se puede traducir en acción.

Esperamos anunciar a nuestros ganadores en marzo de 2019. Mientras tanto, los invitamos a ver, apoyar y unirse a la labor que realiza el ICFJ, ya sea a través de un aleccionador recorrido virtual en el barrio más grande de Karachi, Pakistán, la quinta ciudad más poblada del mundo, o por medio de una alentadora asociación de un conglomerado global y una organización ambiental y social no lucrativa para salvaguardar la calidad del agua en Nairobi. Estas historias en el mundo nos recuerdan los retos que todos enfrentamos, y lo mucho que dependemos de compartir historias que nos toquen, nos eduquen, y lo más importante, nos inspiren a actuar de la mejor manera.

Build your capabilities faster when you take advantage of Microsoft technical journeys. Accelerate sales, deployments, and app development by receiving technical guidance for real-world scenarios across solution areas including Modern Workplace, Business Applications, Apps & Infrastructure, and Data & AI.

Partners that leverage technical journeys see results. In the first three quarters of FY18, Microsoft Azure partners actively using services in the technical journeys observed up to 6x more revenue.¹

When you start a technical journey, Microsoft partner technical consultants connect you to the right tools to develop key capabilities so you can provide the best solutions for your customers. Your consultant will guide you through a recommended path of interactive technical webinars and personalized consultations with virtual whiteboarding, architecture reviews, and shadowing of real-world scenarios aligned to your solution area.

Get plugged in to the technical engagements that fit your unique needs. Technical journeys offer²:

• On-demand trainings and events, including technical webinars, where you can participate in instructor-led webcasts and ask clarifying questions in real-time Q&A
• Dedicated partner advisory hours, consisting of personalized one-to-one technical guidance from Microsoft partner technical consultants for technical pre-sales assistance, deployment services, and other guidance
• Free product support incidents (number determined based on membership type)
• Dev chat live with a technical expert to get tips as you plan, build, and deploy apps your application

Check out the example of a Cloud Infrastructure & Management technical journey below to see how all of these resources combined form a complete path to building your technical capabilities.

*Requires use of MPN technical presales & deployment benefits

Build the right solutions and deploy faster. Maximize the technical journeys available to you as a valued Microsoft partner. Start a technical journey today.

Interested in joining an event? Register for one of the upcoming technical events below or find one on the complete list on the Hot Sheet.

• Get Started with Azure Stack - 05 February 2019, 11:00 AM - 01:00 PM, (GMT-06:00) Central Time (US & Canada)
• Building Applications Using Microsoft Graph – February 12, 10:00 AM - 12:00 PM, (GMT-06:00) Central Time (US & Canada)
• Adopting Microsoft 365 Modern Desktop Deployment - 12 February 2019, 11:00 AM - 01:00 PM, (GMT-06:00) Central Time (US & Canada)

Other articles you may be interested in:

4 Microsoft training offerings to empower your teams
Learning more about Microsoft Advanced Support for Partners

US Partner resources

• Community call schedule
• Blog series
• Yammer group
• YouTube playlist

¹ Microsoft Azure revenue (FY18 Q1-Q3), Technical presales assistance and deployment services webinar, 2018.

² Please note that details of benefits may differ depending on membership type.

Azure API Management | OpenAPI v3 support in API Management is now in preview

The OpenAPI Specification (formerly known as Swagger) defines a standard, programming language-agnostic interface description for REST APIs.

With this preview release, Azure API Management now supports version 3 of the specification—in addition to the already supported versions 1.2 and 2.0. Implementation of the feature is based on OpenAPI.NET SDK .

For more details, visit this blog post.

Availability Zones | Service Bus and Event Hubs Availability Zones are now generally available (GA)

We’ve added Availability Zones support for Azure Service Bus Premium and Azure Event Hubs Standard for the regions below:

• East US 2
• West US 2
• West Europe
• North Europe
• France Central
• Southeast Asia

With this announcement, Availability Zones support is now generally available for Azure Service Bus Premium and Azure Event Hubs Standard in every Azure region that has zone redundant datacenters. Note that this feature will not work with existing namespaces—you will need to provision new namespaces to use this feature.

In addition, we’ve added support for Azure Service Bus premium tier in the following regions:

• China North 2
• China East 2
• Australia Central
• Australia Central 2
• France Central
• France South

The premium tier allows you to provision dedicated resources to ensure greater predictability and performance for your workloads at a predictable pricing model, and provides access to advanced enterprise features such as Availability Zones, Geo-Disaster recovery, and Virtual Network Service Endpoints.

Azure Database | Support for Amazon RDS for MySQL to Azure Database for MySQL online migrations

Access generally available functionality in the Azure Database Migration Service to migrate Amazon RDS for MySQL to Azure Database for MySQL while the source database remains online during migration. For more information about how to use Azure Database Migration Service to perform online migrations with minimal downtime, read the tutorial Migrate MySQL to Azure SQL Database for MySQL online using Database Migration Service.

Azure Database | Support for Amazon RDS for PostgreSQL to Azure Database for PostgreSQL online migrations

Access generally available functionality in the Azure Database Migration Service to migrate Amazon RDS for PostgreSQL to Azure Database for PostgreSQL while the source database remains online during migration. To learn more about how to use Azure Database Migration Service to perform online migrations with minimal downtime, read the tutorial Migrate PostgreSQL to Azure SQL Database for PostgreSQL online using Database Migration Service.

Azure SQL Database | Support for Amazon RDS for SQL Server to Azure SQL Database online migrations

Migrate Amazon RDS for SQL Server to Azure SQL Database with minimal downtime by using generally available functionality in the Azure Database Migration Service. To learn more about how to use the Azure Database Migration Service to perform online migrations from Amazon RDS for SQL Server to Azure SQL Database with minimal downtime, read the tutorial Migrate SQL Server to Azure SQL Database online using Database Migration Service.

HDInsight Tooling - New Capabilities

Azure HDInsight Tools for VSCode

The Azure HDInsight Tools for VSCode are now generally available. They provide you with best-in-class authoring experiences for Apache Hive batch jobs, interactive Hive queries, and PySpark jobs. HDInsight Tools for VSCode feature a cross-platform, lightweight, keyboard-focused code editor which removes constraints and dependencies on a platform. It can be run smoothly on Windows, Linux and Mac.

Learn more in our documentation and blog.

Spark diagnosis and debugging toolkit

A number of enhancements have been added to the rich development and debugging capabilities of HDInsight for Spark developers, including:

Job graph with playback and heatmap identifying read/write bottlenecks.
Executor usage analysis showing executors’ utilization and job execution efficiency.
Data skew detection and analysis.
Job specific data management including data preview, download, and copy.

Learn more in our documentation and blog.

We've heard your feedback around needing more control over your application's cookie flags due to requirements such as security compliance. I'm excited to share that you will now see three cookie settings for your applications published through Application Proxy.

1. Use HTTP-Only Cookie

Sets the HTTPOnly flag on your Application Proxy access and session cookies to provide additional security benefits such as preventing actions like copying or modifying the cookies from client side scripting. Although, Application Proxy has not used this flag in the past, the cookies have always been encrypted and transmitted in an SSL connection to protect against modification.

When to use: We recommend to keep this setting on for its additional security benefits. Note leave this set to no for clients/user agents that do require access to the session cookie. E.g. RDP/MTSC client connecting to a Remote Desktop Gateway published via Application Proxy.

2. Use Secure Cookie

Sets the Secure flag on your Application Proxy access and session cookies to enhance security by ensuring that the cookie is only transmitted over TLS secure channels such as HTTPS and not over an unencrypted HTTP request. This prevents cookies from being observed by unauthorized parties due to the transmission of the cookie in clear text.

When to use: We recommend to keep this setting on for its additional security benefits.

3. Use Persistent Cookie

Sets the access cookie to not expire when the web browser is closed. The cookie will last for the duration of the lifetime of the access token. These cookies are reset if the expiration time is reached or the user manually deletes the cookie.

When to use: We recommend keeping this setting at its default, off. This setting should be avoided and only used for older applications that cannot share cookies between processes. It is preferred to update your application to handle sharing cookies between processes instead of using this setting.

For more detailed information on how to start using this feature see our documentation here.

As always we love hearing your feedback or suggestions! Please send us a note at aadapfeedback@microsoft.com or suggest an idea on our User Voice form at: https://aka.ms/aadapuservoice.

We've just released Windows Admin Center 1812 Preview to Windows Insiders! Following the update to our generally available release, v1809.5 earlier this month, the Windows Admin Center Preview resumes with this 1812 release. This is the first release where you’ll be able to preview the dark UI theme, which is still a work in progress.

Other new features are:

• Power configuration tab on the server settings page, where you can change the configured power profile.
• If the server has an IPMI-compatible BMC, you’ll find the BMC serial number and a hyperlink to its IP address on the Server Overview page.
• If Windows Admin Center is installed in service mode, you can now use PowerShell to automate import/export of connections (with tags) and extension management.
• Improvements to the High-Availability deployment experience and script

Announcement blog post: https://blogs.windows.com/windowsexperience/2019/01/22/announcing-windows-server-vnext-insider-preview-build-18317

This technical webinar will help plan the right solution for your customers and build the foundation for your deployment plans through a detailed scenario assessment. These technical webinar events are planned and delivered by Microsoft Partner Technical Consultants, available to you as a Partner Network member at no cost.

Azure Stack Consultation - Azure Stack is an extension of Azure, bringing the agility and fast-paced innovation of cloud computing to on-premises environments. Only Azure Stack lets you deliver Azure services from your organization’s datacenter, while balancing the right amount of flexibility and control—for truly consistent hybrid cloud deployments. With Azure Stack, you maximize productivity by empowering developers to build and deploy applications the same way whether your apps run on Azure or Azure Stack.​

​During the technical consultation with a Microsoft expert, you can expect to: ​

• Review the architecture plan for your Azure Stack solution​
• Receive assistance in planning the architecture of your hybrid cloud solution​
• Use these materials as the foundation of your proposal or deployment plan​

Check out the full Apps & Infrastructure technical journey of technical webinars and technical consultations at aka.ms/AzureAppInnovation and aka.ms/O365AppInnovation

Ready to go to market with your solution? Make sure you’re maximizing the resources available through Microsoft’s go-to-market services. We know you have the innovations and the means—we want to help you get the word out.

That’s why we’ve put together a set of resources and benefits designed to help you market your business better and accelerate your success. We have tools and services that help you through every stage of your go-to-market journey, from offer creation, readiness, customer awareness, and lead generation to accelerating and closing the pipeline.

See how you can make marketing work for you through the go-to-market benefits available as a Microsoft partner:

• Leverage ready-to-go marketing assets to enhance your plan, saving you time and money
• Customized paths to market your business better through Smart Partner Marketing, including:
  • Learn how to set your business apart and create a unique value proposition
  • Guided digital marketing growth paths to assess current capabilities and identify how to get to the next level
  • Free digital marketing training for your marketing teams
• Build and optimize digital campaigns on social platforms through PartnerOn. PartnerOn gives you access to consistent, relevant, and customizable content to share with your customers and prospects in just a few clicks
• Additional education through Microsoft Learn courses and the next-generation partner marketing eBook
• Receive leads from Partner Referrals and turn them into real sales opportunities
• Logo builder and LinkedIn sales navigator
• And more!

You can unlock even more benefits and opportunities when you publish your solution in Azure Marketplace or AppSource. For partners with a Silver or Gold competency, there are additional resources available, including specialist consultations, reviews, campaign kits, and more.

Attract and engage new customers, generate more qualified leads, and expand your partnership when you use what’s available with Microsoft go-to-market services. To get started, download the guide.

Other posts you may like

Jumpstart your 2019 marketing strategy with Microsoft resources and assets

Maximize the resources included in your Microsoft Partner Network membership

Learn how to get the most out of new go-to-market services and Microsoft marketplaces

Find more tools and resources for US partners at aka.ms/uspartner.

Mani Ramachandran, Partner Technical Architect

Government agencies are at a crossroads. Governments today often rely on a patchwork of systems to address their complex needs, which span citizen services, community outreach, field service, project management, and financial oversight.

Cloud technology gives big government a way to stay competitive—and stay relevant—in an expanding world of big business. Agencies no longer have to focus efforts on operational management because they have new, scalable, efficient ways to meet user demands. Technology gives them an opportunity to leapfrog the typical innovation process, reset goals, and increase expectations as they transform into an agency that brings innovative, relevant leadership to the community they serve.

Microsoft Business Applications enable agencies to reduce the complexity of IT, meet their compliance regulations, and turn data and insight into intelligent action—making every interaction they have with citizens impactful and driving government efficiencies. The platform supports customers streamlining their service interactions.

This not only helps drive benefit today, but provides long-term value by empowering organizations to iterate on their systems. Customers can adapt the application to their needs in safe and secure manner, allowing them to take advantage of cloud innovations in a more continuous fashion.

The connected data from people and other systems is the fuel for intelligence to power modern government experiences, with those experiences further providing data to continuously refine interactions. We call this the digital feedback loop.

Microsoft Dynamics 365 Government entails a continuity of the protected environment that was originally branded Microsoft CRM Online Government where the protections afforded to the government community cloud under Dynamics 365 are now represented by four discrete functions:

1. Sales
2. Customer Service
3. Field Service
4. Project Service Automation

Key Benefits

Below is an overview of some of the biggest benefits that Microsoft Dynamics 365 Government offers to those in the industry:

• Give citizens a secure, easy way to connect. Engage citizens with user-friendly, 24/7 self-service options so they can connect anytime, anywhere, on their preferred channel.
• Build citizen trust with superior customer service by implementing a unified, data-driven platform, enable agents to manage and solve citizen cases faster while increasing knowledge across your agency.
• Empower employees to do more with fewer resources by leveraging built-in intelligence mobile engagement and implementing automated workflow management, boost employee productivity, reduce human error, and better optimize resources.
• Optimize long-term business processes, and planning and control costs, to improve development and provide better on-time, within-budget project management. With the right tools, provide a foundation for initiation, planning, execution, and close of project over the entire service lifecycle. Additionally, manage projects proactively using a unified management dashboard to track project performance, team and resource feedback, and customer voice.
• Make informed decisions with a deeper understanding of citizen needs using data to drive value to your citizens and achieve your government’s desired outcome. Obtain actionable insights and make data-driven decisions to better inform policies. Shifting from reactive to proactive processes, embedded insights help with the discovery of reported issues, enabling governments to take preventative measures and reduce the occurrence of similar incidents in the future.

Certifications and accreditations

Dynamics 365 Government is designed to support the Federal Risk and Authorization Management Program (FedRAMP) accreditation at a High-Impact level. FedRAMP artifacts are available for review by federal customers who are required to comply with FedRAMP. Federal agencies can review these artifacts in support of their review to grant an Authority to Operate (ATO).

It’s important to note that Microsoft Dynamics 365 Government may not yet show in our ATO. However, this does not entail a degradation of the security protections afforded to the online services environment, as there is application service continuity between Microsoft CRM Online Government and Dynamics 365 Government (as described above). As Microsoft moves to refresh FedRAMP artifacts as part of the standard audit cycles, branding references will be updated accordingly.

Dynamics 365 Government has features designed to support customer’s CJIS Policy requirements for law enforcement agencies. Visit the Dynamics 365 for Customer Engagement apps Trust Center for more detailed information related to certifications and accreditations.

Additional Resources

• Dynamics 365 Government feature availability
• FastTrack for Dynamics 365
• Microsoft Business Applications - PowerApps
• Introduction to Common Data Service

Join our community call to learn more

Excited about what Dynamics can do for government? Want to hear more? Join the Public Sector community call on Thursday, February 7 at 10 a.m. PT. We’ll talk about Microsoft Dynamics 365 for Government Partners in a conversational dialogue. Register for the call here.

Public Sector Technical Community

• Public Sector Community calls
• Yammer group
• Blog series

Other posts you may like

• New Azure Government Services for partners
• Find out what’s new with Microsoft Teams for US Government Community Cloud

There are many different ways to copy an Azure Virtual Machine's managed disks to different Azure regions for the purpose of creating images local to that region. My experience with AzCopy --sync-copy using an Azure Virtual Machine spun up specifically for the purpose of doing the copy, has been the best so I wrapped the process in Azure Automation. With a 15-minute one time setup of the Automation assets (runbooks, variables), you're literally a command away from shooting your managed disks to any Azure region at an amazing speed of close to 1TB/hour.

Check out the project here: https://github.com/richardspitz/imagefactory

Leave me a comment  either on here or on the repo and let me know what you think!

Richard Spitz
Cloud Solution Architect
Microsoft Silicon Valley

2019年1月25日（金) 12:00-13:00

Office 365 の SharePoint ってなに？と思った皆様に今の SharePoint を30分にぎゅっと凝縮してご紹介します。

• Office 365 の SharePoint を知りたいお客様
• Office 365 の SharePoint を使ってみたいお客様
• Office 365 の SharePoint をもう少し使いこなしたいお客様

ご登録はこちら

I bring you a best practice that we often use in testing environments but can prove valuable in production as well.

The idea is to create an Alert Policy for all (or some) Microsoft Teams operations.

This is great if you want to monitor Microsoft Teams management easy and quickly without having to go through the portal, and Audit Logs. In a quickly searchable manner, within Microsoft Teams.

First of all, we should define the structure we will use for our group and channels for ease of access.

Example:

As you can see, I use 3 isolated channels within 1 single Team, as not to clutter one single channel too much with all operations in it.

First of all, you should get the E-mail addresses for the channel(s) you create for this effect:

Once you have that we can start with creating the actual Alert Policies:

1. Go Through the O365 Portal (https://portal.office.com/)
2. Access Admin -> Admin Centers -> Security & Compliance

3. In the Security & Compliance center go through the options
4. Search & Investigation -> Audit Log Search -> + New alert policy

5. Next we will customize the Alert for our needs
6. Make sure to paste the Channel E-mail address in the recipients.

7. Another important note is the scope of this Alert.
In my example above, I created separate alerts, based on the activity scope, and channels.

You’re all done! All that’s left is to save the policy and wait ~24 hours for it to be applied.

The best thing about these logs is it will de-clutter your mailbox for sure with n need to stress it in case you have a huge company, without the need to set up Exchange Rules, folders for each type of audit, or the need to manually set up a new search.

You can also customize the reports at your will. For example, have a channel for all user changes, another for all groups, other for channels, etc etc…

All the best!

Marco Carampanta

Hello All,

I’m very excited to let you know that starting Q1 2019 we will be rolling out the upgrade to Microsoft Stream.  The upgrade at this point is an Opt-in so if you do nothing you will remain in Office 365 Video till it becomes a forced upgrade.

What to expect?

1. Office 365 Video admins will see a banner in the Office 365 Video homepage prompting initiation of the migration wizard.
2. Self-service wizard will guide admins through the migration process when they opt in. During this process, we will migrate all the videos, channels and permissions to Microsoft Stream.

Note: Please note that once started, the migration wizard process cannot be paused and restarted later.

What gets migrated to Stream:

Frequently Asked Questions:

Q – What is Microsoft Stream?
A – is a new video service that uses the power of intelligent enterprise video to enable knowledge sharing, easier communication, and connectivity in a secure enterprise environment. Microsoft Stream is the successor to Office 365 Video; however, the two services will co-exist during the transition period. Both are built on Azure Media Services and use the same streaming video technology, allowing playback at scale across any device.

Q – What’s the difference between Stream and O365?
A – Review the feature breakdown comparing Microsoft Stream and O365 Video here.

Q – How long takes the migration?
A – The migration shouldn’t take too long but depending on how many videos and channels you have it could take few days to finish the copy.

Q – How can I initiate the migration and what’s the experience?
A – Once your tenant is eligible for migration, tenant admins will see the banner on the Office Video homepage to initiate migration. Users will land in the migration experience and they will get information about what to expect during the migration

Q – How do you verify the migration before it’s finalized?
A – Only the Stream admins and users on the migration reviewer list will see the migrated content in its read-only state in Stream before the migration is finalized. This will give that set of user’s time to verify everything looked good and moved over correctly.

Q – What are "Stream only" groups?
A – ''Stream only'' groups are a new concept which we introduced with the migration from Office 365 Video to Stream. These groups live within Stream only and are not tied to Office 365 groups, thus they do not create other resources in the rest of O365.

More Information:

Office 365 Video will transition to Microsoft Stream

Stream Transition Overview

Office 365 Video and Microsoft Stream Feature Breakdown

Pax

「先駆け! AI 塾」ブログ
本シリーズでは、AI を "誰にとっても身近なもの" と捉え、あらゆるビジネスを発展させ、人々の生活をより豊かにするための「ツール」として活用していくための情報を発信していきます。

Chapter 1-4: 分析・自動化だけじゃない! AI で新たな価値創出

最近、世界的なキーワードとして「第四次産業革命」という言葉が話題になっています。蒸気機関の第一次、電力による大量生産が可能になった第二次、コンピューターとインターネットが台頭した第三次に続く第四の波。この革命を起こすものとされるのが AI と IoT です。少々大げさな話にも聞こえますが、 AI は産業界だけでなく、社会全体の仕組みをも根本から変える可能性を秘めています。本ブログではこれまで 3 回にわたり AI のビジネス活用を考えてきましたが、最終となる今回は、AI 導入によって生まれる新たな価値について、IPA (独立行政法人情報処理推進機構) の古明地 正俊 (こめいち まさとし) 氏にご意見をいただきながら検証します。

ビジネスにおいて、AI でできることとは結局何なのか？

日々の生活の中で、AI スピーカーやロボットなど、AI にまつわるさまざまな報道や商品を目にしますが、結局のところ、私たちのビジネスにおいて AI を導入して「できること」とは、いったい何なのでしょうか。
調査結果を見ると、AI で実現したい業務効率化の項目は「分析」と「業務自動化」が上位になっています。どちらも AI が得意とする仕事ではありますが、AI の領域はそれ以外にも多岐にわたります。

現在、開発が進むものとしてまず挙げられるのが「自動運転」の分野です。刻々と変わる周囲の状況を把握しつつ、瞬時の判断が求められる運転操作が AI にできるのかに注目が集まっています。製造業では画像認識技術を用いた製品検査や、生産設備の故障予知といった先進的な活用が始まっています。医療の分野でも AI を導入する動きが活発です。中でもディープラーニングの活用による画像診断の精度向上は、医学の進歩に重要な役割を果たすものとして期待が高まっています。

比較的 AI に馴染みが薄いと思われていた分野でも導入例が増加しています。たとえば農業では作物の生育管理に AI を活用し、これまで生産者の経験と勘に頼っていた農作業の効率化に取り組んでいます。また、小売業では店員に代わって接客を行うロボットを見かけるようになり、売り上げ予測を AI で行うなどの事例も増加しています。金融業では与信審査や株価予測の AI 化が進み、政府や関係省庁が発表する資料を AI が分析して景況感を示す仕組みが登場しました。
このように、分野を問わずあらゆる業種で AI 活用が進められている状況です。

ただし、一方では AI 導入に消極的な人も相当数存在するのが実情です。人のさまざまな知的活動が AI で可能になる一方、この多様性が AI を複雑で、難解なものにしているとも言えるでしょう。これについて古明地氏は次のように分析します。「ここ数年で AI の認知度はかなり上がりましたが、同時にバズワード化が進んでいます。漠然と “すごいものだ” と思うのではなく、”AI で何ができて何ができないのか?” “導入に際してどれだけのメリットや課題があるのか?” を具体的に知ることが大切です。」

「新価値創造」に向けて解決すべき課題とは?

では、AI 導入によって生まれる新たな価値について考えてみましょう。たとえば売上データ分析に AI を活用するケースでは、結果を製品・サービスの開発やマーケティングに役立てることで、業務効率化以外の新たな価値が創造されます。調査結果※1を見ると、AI 導入済み企業では 93％ が新事業や新サービスの創造について「そう思う」と回答し、高い可能性を感じていることがわかりました。

これについて古明地氏は、「すでに AI を導入している企業は、その効果や課題について事前にある程度理解しているケースが多いです。現状に問題があっても試行錯誤を繰り返しながら改善し、ゆくゆくは価値に結びつけようという意識、結びつけられるだろうという感触を持っている。これに対して未導入の企業では、AI に従来の業務システムのような “即効性” を求める傾向が強いと言えます」と指摘しました。

また、中には AI を導入した企業から「期待したほどの効果が得られない」といった声を聴くこともあります。もし AI を学習させるデータに誤りがあったり、業務内容に合わせた改善を怠ったりすると AI は能力を発揮できず、最悪の場合、誰も使わず放置されることにもなりかねません。新人教育の原則にならい、AI も根気よく、着実に育てていく姿勢が求められます。

AI を活用した生産性向上の事例紹介

ここまで AI 導入がビジネスにもたらす効果について考えてきましたが、一口にビジネスと言っても多くの業種、職種があり、期待されるニーズもそれぞれ異なります。そこで、AI による「手作業の効率化」をめざしたユニークな取り組みを紹介します。
https://customers.microsoft.com/en-us/story/kindai-university-azure-higher-education-japan-toyota-tsusho-jp

「近大マグロ」の養殖で知られる近畿大学水産研究所では、豊田通商、日本マイクロソフトと共同で稚魚の選別を行うシステムの実証実験を行っています。従来の作業は水槽からポンプで吸い上げた稚魚を目視で確認していましたが、ここに AI の画像識別能力を活用し、監視カメラで撮影した画像から稚魚の成育状況を判断する仕組みを開発しました。

「吸い上げる稚魚が多すぎると作業が追い付かない」「少ないと生産性が下がってしまう」これまで選別作業の現場では、専任担当者がポンプの流量を手作業で調整し、稚魚の数を増減していました。今回の実験では AI の画像解析や機械学習の活用によって最適な稚魚数を算出し、ポンプの流量調節を自動化しています。同研究所では将来的に選別作業をすべて自動化し、スタッフをより高度で専門的な業務に配置したいと考えています。水産業と AI という、これまであまり馴染みのなかった両者が結びつくことで、大幅な生産性向上の実現につながりました。

「AIの民主化」をめざして

「AI の民主化」を実現するためには、まだ解決しなければならない課題があります。AI 導入企業に対し、AI の導入・活用に関する課題感について質問した結果では、AI 導入済であるものの活用しきれていない企業では、人材育成が上位に挙がりました。古明地氏はこの結果を次のように考察します。
「AI を活用するためには専任の担当者をはじめ、研究開発、実証実験などに携わる人材が必要ですが、日本は欧米に比べてその数が圧倒的に少ない状況ですので、今後は一層人材育成に力を入れるべきだと思います。また、ユーザーに AI ソリューションを提供する開発会社もまだまだ国内では少数であり、スタートアップも欧米に比べて極端に少ない状況です。AI ソリューションを提供できる企業を増やすことも、あらゆるビジネス パーソンが AI をより身近な存在に感じられる結果につながると考えています」

4 回にわたってお届けした「先駆け! AI 塾」の第 1 章では、AI を自身のビジネスにかかわるものして具体的なイメージができないという方に向けて、より身近に、あらゆる人の生活やビジネスを飛躍させるものであるということを発信してきました。
日進月歩で進化を続ける AI ですが、その役割は「人を助けること」にあります。みんなの AI ブログでは、これからもマイクロソフトがめざす「AI の民主化」を実現するための取り組みや、さまざまな分野で活用される最新 AI 技術に関する情報を発信していきます。

※1 リサーチ内容: 「AI に関する動向調査」(調査主体 日本マイクロソフト)
ビジネス パーソン/500 サンプル回収　インターネット調査（2018 年 3 月実施）
※ 記事中のグラフについて、パーセンテージの表記合計が四捨五入により100%にならない場合があります

取材協力
古明地 正俊（こめいち　まさとし）氏
独立行政法人情報処理推進機構（IPA）イノベーション推進部部長。東京工業大学修士課程修了後、大手メーカーの研究部門においてパターン認識の研究に従事。2001 年野村総合研究所に入社し、IT アナリストとして先端テクノロジーの動向調査および技術戦略の立案などを行う。現在は IPA において IT 社会の動向調査・分析を行い、「AI白書」などの形で情報発信している。
主な著書：
図解 人工知能大全 AIの基本と重要事項がまとめて全部わかる（SBクリエイティブ）
AI(人工知能)まるわかり （日本経済新聞出版社）

Last week the Public Update (PU) for Project Server 2013 and 2016 were released for January 2019 . This month, client and server updates were released on January 8th. Typically the client updates release on the first Tuesday of the month and server on the second Tuesday release schedule.

There was a Project Server 2010 Cumulative update package released this month that contains fix for security vulnerability. Mainstream support for Project and Project Server 2010 ended October 13, 2015 - see https://support.microsoft.com/en-us/lifecycle. An SP1 patched 2010 system (with no SP2) is no longer supported - see the Lifecycle site for more information - http://support.microsoft.com/lifecycle/search?sort=PN&alpha=project+2010&Filter=FilterNO

We are now delivering as Public Updates, although Server fixes are shipped just via the Download Center and not via Microsoft Update (Unless there is a security element or a fix deemed essential - this month both SharePoint Server 2016 and 2013 fixes have security fixes - so some may have come down via the update center). These are still all cumulative and include fixes released in all previous updates since the last baseline (Initial release for 2016 and SP1 for 2013).

A note about Click-to-Run (sometimes abbreviated C2R) versions of Project for Office 365. The updates for this version are not included in this blog. For some information about Click-to-Run versions, please see the following site for version numbers and some fix information: https://technet.microsoft.com/office/mt465751. We may have a future blog with additional information about Click-to-Run update channels and methods.

Also a note for users of the Project client connecting to Project Online - see https://blogs.technet.microsoft.com/projectsupport/2016/12/15/using-project-online-time-to-be-sure-you-upgrade-the-client-software/-  you will have needed a '2016' level client to connect starting since the end of June 2017.

Feel free to open a support case if you have any questions around this or need assistance getting these patches deployed.

The 2013 PU releases also have a real prerequisite of the appropriate Service Pack 1 (SP1), and links for SP1 are given below. SP1 is enforced in this release, so you will find out (as I did) if you really do have SP1 for all your installed components and language packs! This also means RTM is no longer supported! See http://blogs.technet.com/b/stefan_gossner/archive/2015/04/15/common-issue-april-2015-fixes-for-sharepoint-2013-cannot-be-installed-on-sharepoint-2013-sp1-slipstream-builds.aspx too which describes an issue you might see if you don't have the 'right' SP1. Slipstream would work with the original SP1 - but the updates require the re-released SP1. Since the May PU this shouldn't be an issue - but including here just in case.

Another important point to add here is that there was in early 2013 running the SharePoint Configuration Wizard on a server with Project Server 2013 installed -this is fixed by applying the April 2013 or later- so a good practice would be to load SP1, then the current PU and then run the configuration wizard (if you didn't already load the April 2013 through June 2014 CU).

Project and Project Server 2016

An overview of all the Office 2016 releases for January 2019 can be found here -

https://support.microsoft.com/en-us/help/4484800/january-2019-updates-for-microsoft-office - January 2019 updates for Microsoft Office

Project Server 2016

With the 2016 release, we just have a single patch (usually this single patch comes in two parts... a wssloc and sts2016 part - however this month we only have the sts2016 part) - as we have also the single msi for installation of SharePoint Server 2016 (Project Server still needs licensing separately though). Both parts need installing before the configuration wizard is executed. The sts2016 part of the patch also contains security fixes so is released via Microsoft Update, the Update catalog as well as the download center.

Description of the security update for SharePoint Server 2016: January 8, 2019- Includes Project fixes, like the roll-up patch in Project Server 2016.

https://support.microsoft.com/en-us/help/4461541/descriptionofthesecurityupdateforsharepointenterpriseserver2016decembe

There is a database schema update this month - it changes to 16.0.4795.1000. Remember, Project Server 2016 data is in the content database. The version number 16.0.4795.1000 can be used to control the connecting client to the January 2019 level. For reference - the RTM build number seen for the DB schema would be 16.0.4327.1000.

Project 2016 Client Package:

January 2nd, 2018, update for Project 2016 (KB4461587)

https://support.microsoft.com/en-us/help/4461587/january-2-2019-update-for-project-2016-kb4461587

The version of Project Professional 2016 will be updated to 16.0.4795.1000 in the properties for WinProj.exe. In 2016 we don't do a good job of displaying the version in File, Account, About Project - we only display the MSO version and not the specific Project version (You can confirm this by looking at the version of winproj.exe - in (default for 32 bit) C:Program Files (x86)Microsoft OfficeOffice16)

If you have Click to Run and using Project Pro for Office 365 at the '16' level, then your version will depend on which update frequency you have set. Take a look at https://blogs.office.com/2016/02/09/deferred-channel-build-now-available-for-the-office-365-client-apps/ for a few changes in this area - Current Branch for Business is now called Deferred Channel. We are aware that we don't appear to expose the full change details for Project and are looking into it - you should start seeing more here soon.

Project and Project Server 2013

An overview of all the Office 2013 releases for January 2019 can be found here - https://support.microsoft.com/en-us/help/4484800/january-2019-updates-for-microsoft-office - January 2019, updates for Microsoft Office. This include multiple fixes, so Microsoft strongly recommends that you test this in a test environment based on your production environment before putting this fix live in production. You can read about the fixes included in the Project and Project Server December PUs from the following articles:

Project Server 2013 Server Rollup Package

January 8, 2019, cumulative update for Project Server 2013 (KB4461604)

https://support.microsoft.com/en-us/help/4461604/january-8-2019-cumulative-update-for-project-server-2013-kb4461604

Project Server 2013 Individual Project Package - (cumulative, but only the Project Server fixes):

January 8, 2019, update for Project Server 2013 (KB4461461)

https://support.microsoft.com/en-us/help/4461606/january-8-2019-update-for-project-server-2013-kb4461606

The dbo.Versions table should show 15.0.5101.1000 after applying the January 2019 PU. The version number 15.0.5101.1000 can be used to control the connecting client to the January 2019 PU level. Project Professional Versions (Project Server 2013 settings)

SP1 for Project Server 2013 can be found here - https://support.microsoft.com/help/2880553

Project 2013 Client Package:

January 2, 2019, update for Project 2013 (KB4461560)

https://support.microsoft.com/en-us/help/4461560/january-2-2019-update-for-project-2013-kb4461560

By Sarah Lean, Cloud Solution Architect at Microsoft

When considering a migration from your on-prem data centre to Azure, there are several stages you should consider.  

The first stage, assessment, is key to the success of your migration. You need to have a good understanding of what you have within your environment and how it all interconnects.  

There are various tools available that can help you do the discovery piece of your migration journey; Microsoft's offering is called Azure Migrate.   

Azure Migrate assesses your on-premises machines, providing performance-based sizing information, cost estimates and suitability information for running within Azure.  

Do note that Azure Migrate is a pure discovery tool. In order to migrate your machines to Azure you should look at using services such as Azure Site Recovery  and Azure Database Migration Service. 

At the moment, Azure Migrate only supports assessing VMware environments. However, functionality to be able to assess Hyper-V environments is currently in a private preview state.  

Tell me more…

By using a collector appliance within your environment, it discovers information about your on-premises VMs.  The collector appliance is a lightweight virtual machine (VM) that doesn’t require any agents installed on your servers. It connects to your VMware vCenter Server (via a read-only account) and collects VM metadata using the VMware PowerCLI cmdlets.  The collector appliance communicates on port 443 with Azure and with your vCentre server, so minimal firewall changes will be required.  

The metadata that is collected from your environment includes:  

• Cores 
• Memory 
• Disks 
• Disk sizes 
• Network adapters
• CPU and memory usage 
• Disk IOPS 
• Disk throughput (MBps) 
• Network output (MBps) 

This metadata is pushed to an Azure Migrate project, which can be in one of the following geographies:  

It’s key to remember that regardless of where the metadata is stored you can migrate your on-premises VMs to any of the Azure locations.  

Once the information has been pushed to the Azure Migrate project you can create an assessment, which will flag any issues you may have trying to run certain Operating Systems (OS) on Azure, provide recommendations for the VM size to use in Azure, and the costs associated with running these VMs each month.  

You can create multiple assessment reports to suit your needs regarding VM sizes, location, VM uptime, Reserved Instance pricing and even Azure Hybrid Benefit pricing.  This gives you the ability to model different scenarios that can be presented to your senior leadership team when trying to decide the best way forward for your environment.  

Dependency Visualisation

In addition to the assessment data collected by the collector appliance, you can also implement dependency visualisation which helps you to view and identify related machines that need to be migrated together to Azure.  

Azure Migrate leverages the Service Map solution that is part of the Azure Log Analytics service, to provide the dependency visualisation.  

You can either associate an existing Log Analytics workspace or create a new one, but please be aware once you attach a workspace to your project, you cannot change it.  

To take advantage of the Dependency Visualisation you need to download and install two agents onto each on-premises VM you want to analyse.  These agents are:  

• The Microsoft Monitoring Agent (MMA) – this is the same agent that System Centre Operation Manager (SCOM) uses 
• The Dependency Agent 

Each VM that you install the agents on needs to be able to push the data back to Azure via the Internet. If any of your VMs don’t have Internet access you will need to leverage the Log Analytics gateway.  

Below is a picture of what the dependency visualization output will look like:  

By carrying out the dependency visualisation assessment you will be able to identify which of your on-premises VMs are interconnected and have dependencies on each other.  This is useful for planning your migration as you want to migrate machines that have dependencies on each other together, to avoid any latency, connectivity or performance issues.

Cost

Azure Migrate is available at no additional charge, and the dependency visualisation feature is free for the first 180 days when used in conjunction with an Azure Migrate project.  You may incur charges if you use other solutions within Log Analytics, or run the service for more than 180 days. 

Further Reading

• If you are looking for more information regarding a migration to Azure, please head over to the dedicated Azure Migration Center. 
• The Azure Migrate documentation can be found at https://docs.microsoft.com/en-us/azure/migrate/. 
• If you’d like to suggest features for Azure Migrate in the future, please check out the user voice forum. 

Welcome to the US Partner Community Hot Sheet, a comprehensive schedule of partner training, webcasts, community calls, and office hours. This post is updated frequently as we learn about new offerings, so you can plan ahead.

Community call schedule

Community calls for the US Partner Community are led by experts from across the US Partner Team, and provide practice-building and business-building guidance.

Week of January 21-25

Week of January 28-February 1

Week of February 4-8

Week of February 11-15

Week of February 18-22

Week of February 25-March 1

Week of March 4-8

Week of March 11-15

Microsoft 2019 events

Microsoft Inspire 2019: July 14–18 in Las Vegas, Nevada

Register

Microsoft Ignite 2019: November 4-8 in Orlando, FL

Register

Check out the attached list of technical webinars for next week, to help you build your technical depth. Through these live, instructor-led webinars, you will receive interactive guidance with real-time Q&A capabilities - all at no cost to Microsoft Partner Network members!

Technical-Webinars_1-28-thru-2-1

To find additional dates and times for the webinars above, as well as the full suite of webinars and consultations available, visit aka.ms/TechnicalJourney.