Мы рады объявить о доступности релиз-кандидата (RC) SharePoint Server 2016. SharePoint Server 2016 RC – это практически полнофункциональная версия, выход которой является важным этапом для заказчиков и партнеров, планирующих развернуть и оценить SharePoint Server 2016 до выхода общедоступной версии весной 2016.

BizSpark member MaaxMarket utilizes Azure’s compatibility with open source libraries, including Ubuntu, Apache, and Ngix, to deliver a cheap and easy automated marketing solution.

Based in India, MaaxMarket is a software as a service cloud-based marketing automation tool featuring a simple user interface and an affordable way for businesses to automate their marketing efforts - including Email and Social Media. MaaxMarket delivers customizable work flows, intelligent analysis, automatically generated task lists, and lead scoring mechanisms that helps businesses to identify and engage hot prospects in a timely manner. Perfect for small businesses, MaaxMarket offers personalized, automated customer follow up, making marketing cheaper and simpler than before.

A BizSpark member, MaaxMarket is built and hosted entirely on Microsoft Azure because of its reputation for dependability, says founder and CEO Lenin Srinivasan. “Azure has been a tremendous help with server uptime and a solid infrastructure platform that we can rely on. Our customers trust us with their key business data and we, in turn, trust Azure with our customer’s data. It has been the perfect relationship.” Azure also assists MaaxMarket with instant application scalability that can support thousands of customers at the same time.

In addition to Azure, MaaxMarket operates in aggregation with Microsoft’s Virtual Machine to house all of their database and application servers.

After initially hosting their product on a different service, MaaxMarket decided to switch to Azure because of its compatibility with open source software says Srinivasan. “Reliable open source integration was critical for us since all of our application servers use open source components.” MaaxMarket employs a wide array of open source material, including Linux Ubuntu for security and support, Apache web server, Ngix for accelerated content and application delivery, Tomcat, MySQL database, and MongoDB for monitoring and automation. “We weren’t sure how Azure would react to such a diverse load of open source, but it has been flawless. Everything integrated perfectly and we didn’t have to change how we operate. We know we can rely on Azure for anything we throw at it,” continues Srinivasan.

Looking to improve revenue with automated, personalized marketing, check out Microsoft BizSpark member MaaxMarket.

+++++++++++++++++++++++++

Microsoft is helping these startups succeed through its BizSpark program. To join or see other startup stories, visit us at our website here. To listen to our startups, check out these podcasts on devradio here. 

About BizSpark:  Microsoft BizSpark is a global program that helps startups succeed by giving free access to Microsoft Azure cloud services, software and support. BizSpark members receive up to $750 per month of free Microsoft Azure cloud services for 3 years: that’s $150 per month each for up to 5 developers. Azure works with Linux and open-source technologies such as Ruby, Python, Java and PHP. BizSpark is available to startups that are privately held, less than 5-years-old and earn less than $1M in annual revenue.

In Part 10 in our "To the Cloud" series, Blain Barton shows us how we can use Microsoft Azure to build websites, web apps, mobile apps, and API apps, and deploy a scalable site that uses the programming language you choose.

Re-posted from The Fire Hose

A new app from the Microsoft Garage, the Mimicker Alarm for Android mixes cool machine learning algorithms from Microsoft Research with some plain fun, and all in an attempt to wake you up – and keep you up.

The app shows off the ML capabilities of Microsoft Project Oxford, specifically around emotion, computer vision and speech.

Intrigued? Learn more by clicking on the image below.

ML Blog Team

こんにちは、Windows プラットフォーム サポートの世古です。

今回は Premium Storage のバックアップ方法についてご案内いたします。

Premium Storage は Standard Storage と比べ格段に速度が早いストレージを使用する事が出来ます。

現在 (2016 年 1 月 21 日)、Premium Storage を使用する仮想マシンでは IaaS バックアップの機能はサポートされておりません。その為、Premium Storage を使用する仮想マシンのバックアップには、VHD の情報をコピーしてバックアップを取得する事をご検討ください。VHD の情報のバックアップおよびリストアにつきましては、V2 の仮想マシンのバックアップおよびリストア手順と同様になりますので、以下の記事をご参考ください。

タイトル: Azure 仮想マシン (IaaS VM) のバックアップ方法について
http://blogs.technet.com/b/askcorejp/archive/2016/01/19/azure-iaas-vm.aspx
参考手順: V2 の仮想マシンのバックアップ方法について

なお、Premium Storage を使用する仮想マシンの IaaS バックアップにつきましては、2016 年 3 月下旬を目途に実装予定です。

Feedback Site: Azure Backup to support VMs with Premium Storage disks
https://feedback.azure.com/forums/258995-azure-backup-and-scdpm/suggestions/7658478-azure-backup-to-support-vms-with-premium-storage-d

タイトル: Premium Storage: Azure 仮想マシン ワークロード向けの高パフォーマンス ストレージ
https://azure.microsoft.com/ja-jp/documentation/articles/storage-premium-storage-preview-portal/

Today’s Tip…

Another Rob Flashback~

After my nostalgic tip from earlier this week, I remembered another bit of old knowledge that I still use all the time.  As part of my job, I open up Internet Explorer countless times in the course of a day.  This is complicated by having a homepage that continually tries to load.  I don’t want to have to wait on a homepage loading before continuing. 

To skip loading a home page I have a couple of options open to me.

Set the homepage to BLANK. 

• Internet Explorer used to have a button to do this.  While that button has been removed, the ability to have to have a blank homepage is still in the program.
• In the address bar, enter the following: About:blank
• Go into the settings for Internet Explorer
• On the General tab, click on the “Use current” button
• Click Ok
• Close and reopen Internet Explorer. 

You should open to a blank page.

Create a shortcut for opening to –nohome.

• Create a shortcut pointing to the following

"C:\Program Files\Internet Explorer\IEXPLORE.EXE" –nohome

• Use this shortcut when you want to skip loading the home page.

Either are fine choices and will save you time if you are like me and constantly jumping around different web sites.

本日、マイクロソフトは、さまざまな政府規制機関との協力のもと、Microsoft Surface Pro、Microsoft Surface Pro 2、および一部の Microsoft Surface Pro 3 (「対象 Surface Pro 3」) に同梱された AC 電源コードの自主交換プログラムを発表しました。上記の AC 電源コードは、長期間にわたり、大きく折り曲げることを繰り返したり、きつく巻いた状態にしたりすると、破損する可能性があります。破損した AC 電源コードの使用を継続すると、過熱、発火、あるいは感電のおそれがあります。

現在までに、深刻な被害が発生したとの報告は寄せられておりませんが、少数のお客様より該当の報告があったため、対象となるすべてのお客様のAC電源コードを無償で交換します。お客様の安全はマイクロソフトの最優先事項です。

お客様へのお願い
Surface Pro または Surface Pro 2、あるいは 対象 Surface Pro 3 をお持ちの場合は、交換プログラムの Web サイト（www.surface.com/powercord）にアクセスし、無償交換の対象であることをご確認の上、AC 電源コードの無償交換をお申し込みください。お手持ちの Surface Pro に関してその他のご質問がある場合には、Surface Support チームにお問い合わせください。

電源コードの取り扱いについて、Surface サポートページの「電源コードの注意事項」をご確認ください。

日本マイクロソフト

Am 21. Januar 2016 beginnt Microsoft eine weltweite Rückrufaktion für Ladekabel von Surface Pro, Surface Pro 2 und Surface Pro 3 Geräten, die vor dem 15. Juli 2015 gekauft wurden. In den USA und Kanada werden die Kabel bei Geräten getauscht, die vor März 2015 erworben wurden. Grund hierfür ist, dass eine geringe Anzahl an Surface Pro Kunden Microsoft von Schäden berichtet hat, wenn die Ladekabel über einen längeren Zeitraum zu fest gewickelt, verdreht oder eingeklemmt wurden.

Kunden in Deutschland können ab sofort über die Website www.surface.com/powercord oder unter der gebührenfreien Rufnummer 0800 / 183 3166 ein kostenloses Ersatzkabel erhalten. Konkret handelt es sich dabei um das Kabel, welches vom Netzteil zur Steckdose führt. Um einen Ersatz zu erhalten, ist es nicht notwendig, das alte Kabel im Gegenzug einzuschicken.

Ein Beitrag von Irene Nadler (@irenenadler)
Communications Manager Devices und Services bei Microsoft Deutschland

- - - -

Über die Autorin

Irene Nadler arbeitet bei Microsoft im Bereich Presse und Öffentlichkeitsarbeit und betreut die Themen Windows, Surface und Windows Phone. Mit Windows ist sie schon seit Windows 95 gut bekannt. In ihrer Freizeit stehen Kultur und Fußball ganz oben auf der Liste.

As a DevOps evangelist, when I meet a lot of people who say "Hey, We have already installed DevOps."

However, a lot of them are just using "the DevOps tools". :(

No collaboration among Dev and Ops. Also the lead time, from committing a source code into the repository to release to the production environment, is over three months.

No feedback from the production, sometimes, they automate nothing. 

For this reason, I always told people like this.

"Hey, Can your team deploy your service ten deploys per day? If you guys don't have the ability, your DevOps will be quite skeptical."

It works fine always. After listening to this, a lot of teams try to analyze their value stream and improve by themselves. I know "10 deploys per day." is not the essence of DevOps. However, I thought that people need something simple and easy to understand.

One day, Kiro Harada, who is the famous agile coach in Japan and my friend, told me

"Hey, 10 deploys per day is not great for this purpose. The number of deployment per day means nothing. It's waste or muda. Instead, you can use the lead time should be within 3 hours.DevOps's "10 deploys per day" is like the SLOC."

Yes, he is right. I totally agree with him. The number of deployment is not the essence. The lead time matters.

I thought I should have used the new phrase.

After coming back my house. I imagined a scene if I met a CEO in an elevator and told him the value of DevOps installation.

"Hi, If you allow us to try DevOps, we can deploy our service within 3 hours! What do you say?"

Hmm. Less impact.

"Hi, If you allow us to try DevOps, we can deploy 10 times per day!  What do you say?"

He might say like this.
"Awesome. Go ahead!"

Now I think we should use "3 hours lead time" for a goal for a team and "10 deploys per day" for an upper management as an elevator pitch.

I know 10 times is not the essence.

I just want to have a phrase which has an impact and lets people make easy to understand without mislead.

Could you tell me your opinion, please?

In the opening episode of “Lunch Break” Season 2, I hit the road with Ojas Rege– the vice president of strategy at MobileIron.

I’ve really enjoyed getting to know Ojas over the last year, and it was a lot of fun to drive around his backyard there in Mountain View.

In part 1 of our discussion, we talk about the current state of mobile security (it’s actually pretty good!), the huge value that Windows 10 offers organizations who are looking to improve their mobile management/security capabilities, and we look ahead to the big challenges EMM vendors (like Microsoft and MobileIron) still have to solve.



You can subscribe to these videos here.

Jan.

22

Script Download:  
The script is available for download from https://gallery.technet.microsoft.com/scriptcenter/How-to-change-the-System-4f37367e.  You can also use  Microsoft Script Browser for Windows PowerShell ISE to download the sample with one button click from within your scripting environment. 

This VBScript shows how to change the system region settings in Windows.

You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery

Разбираю в этой статье последовательность создания комфортных условий для разработчиков контента в процессе успешного создания учебного контента в среде Office 365.

“The last few months have highlighted problems we have been seeing for many years. Whether in France, Lebanon, Belgium, Mali or Egypt, we are all the same and we need to embrace our differences to connect and collaborate.”

These are the words of Ali Faramawy, President of Microsoft Middle East and Africa, addressing the recent TeenTech Global Youth Summit.

He believes strongly in the power of technology to transform society, which is one of the ideas core to Microsoft’s mission – to empower every person and every organisation on the planet to achieve more.

The Summit was organised by TeenTechSF, which is run by and for students dedicated to empowering the next generation of tech innovators. Their motto is, “Innovate, Collaborate, Create: Bringing the Spirit of Silicon Valley to the World”, which Ali embraced.

“Creativity and teamwork can change the world and create opportunities if you’re ready to transform your efforts into something real,” he commented.

His address, which was shown at the Summit and livestreamed to over 1400 students around the world, focused on the role technology can play in creating transformation and hope at a time when the world is struggling.

Ali believes technology is a way for us to express our opinions and collaborate to do meaningful things. He feels that the diversity of people at Microsoft and the work they are doing to help transform society proves this.

He highlighted the 4Afrika initiative for its involvement with projects that are improving connectivity and infrastructure across the African continent. For example, TV White Spaces makes use of the unused range of TV spectrum to provide Wi-Fi hotspots for rural communities, while M-Kopa uses solar power to light up houses and AGIN uses the cloud-based Azure platform to make it easy for farmers to access loans.

Marc Wong, TeenTechSF Founder and Global Chair, said that the Summit’s attendees enjoyed hearing Ali’s message of hope. “The response to Mr Faramawy’s video message was really great,” he said. “There was a lot of positive energy and discussion during the networking break about hope and transformation and how to create practical solutions to problems.”

Aside from Ali’s address at the Summit, a team from Microsoft hosted a workshop using Minecraft to teach basic coding principles and mentored a team from Ahliyyah School for Girls, who won the Best First-Time Hacker Award at the Summit’s civic hackathon. TeenTechSF’s commitment to STEM diversity speaks very closely to Microsoft’s mission to empower every person and every organisation on the planet to do more and achieve more.

If you missed Ali’s address at the TeenTech Global Youth Summit or you would like to hear it again, be sure to click here to see what he had to say. You can also visit the TeenTechSF Facebook page for more information about the Summit.

(Please visit the site to view this video)

Summary: Microsoft MVP, Will Anderson, continues his series by talking about importing DSC resources and adding your scripts.

Good day! Ed Wilson here to welcome back MVP, Will Anderson, as my guest blogger this week. Will is sharing Part 5 in a series about Desired State Configuration (DSC). Don’t miss the previous posts in the series:

• Desired State Configuration: Part 1
• Desired State Configuration: Part 2
• Desired State Configuration: Part 3
• Desired State Configuration: Part 4

   Note  The code used in this series can be downloaded from the Script Center Repository: 
   Conceptualize Desired State Configuration - Reference Script.

Now that we've managed to push our Desired State Configuration to a target machine, we're going to start working to find other DSC resources to further build the configuration. In my previous post, I mentioned that I didn't have RPC open on my servers by default, so I need to add some Windows Firewall rules to my systems. Furthermore, I need to add some additional ports on my distribution points to make sure they communicate back to my SCCM primary without issue. When I’m done with that, I’m going to add a script into the mix to see how the Script resource works, and show why you should look at building a custom DSC resource instead.

Warning   I'm intentionally trying to keep these posts bite-sized so you don't have an aneurysm trying to follow along with this series. Admittedly, this post is a little long, but I wanted to make sure we accomplish something more significant than adding another resource. Feel free to take a break before the Script section.

Finding DSC resources

PowerShellGallery.com is an awesome site that's been provided by the Windows PowerShell team. You can find scripts and modules that have been submitted by the team and the community. Most of these resources are also available on GitHub, and everything is searchable with your preferred Internet search provider. The PowerShell Gallery is a great place to start searching for what we need.

Searching for anything related to firewall, I found a number of resources that I can use, but I'm going to go with one called xNetworking.

Installing DSC resources

If you're using WMF 4.0, I've got bad news for you: You're going to have to manually download and install the module. You can do this by grabbing the source files from GitHub (or wherever you find the binaries). If you're using WMF 5.0, however, you'll have a much easier time installing the module by using Find-Module and Install-Module:

PS C:\Windows\system32> Find-Module xNetworking

Version Name        Repository   Description                           

------- ----        ----------   -----------                           

2.5.0.0 xNetworking       PSGallery   Module with DSC Resources for Networking area                  

PS C:\Windows\system32> Find-Module xNetworking | Install-Module

You can also use Save-Module in lieu of Install-Module if you'd like to download the files and review the code before installing. I tested this module previously and trust it, so I've downloaded and installed it on my source machine. Now I can verify that the module is installed.

PS C:\Windows\system32> Get-DscResource -Module xNetworking

ImplementedAs Name      ModuleName      Version Properties         

------------- ----      ----------      ------- ----------         

PowerShell  xDefaultGatewayAddress xNetworking     2.5.0.0 {AddressFamily, InterfaceAlias, Address, Depend...

PowerShell  xDnsConnectionSuffix  xNetworking     2.5.0.0 {ConnectionSpecificSuffix, InterfaceAlias, Depe...

PowerShell  xDNSServerAddress   xNetworking     2.5.0.0 {Address, AddressFamily, InterfaceAlias, Depend...

PowerShell  xFirewall     xNetworking     2.5.0.0 {Name, Action, Authentication, DependsOn...} 

PowerShell  xIPAddress    xNetworking     2.5.0.0 {InterfaceAlias, IPAddress, AddressFamily, Depe...

PowerShell  xNetConnectionProfile  xNetworking     2.5.0.0 {InterfaceAlias, DependsOn, IPv4Connectivity, I...

And there we see our xFirewall DSC resource. So first let's add the module to our configuration file:

configuration CMDPConfig

{

 Import-DscResource -ModuleName @{ModuleName = 'PSDesiredStateConfiguration'; ModuleVersion = '1.1' }

 Import-DscResource -ModuleName @{ModuleName = 'xNetworking'; ModuleVersion = '2.5.0.0'}

 Node ("LWINCM02")

Let's grab the template for the xFirewall DSC resource like we did with the WindowsFeature resource:

xFirewall [String] #ResourceName

{

 Name = [string]

 [Action = [string]{ Allow | Block | NotConfigured }]

 [Authentication = [string]{ NoEncap | NotRequired | Required }]

 [DependsOn = [string[]]]

 [Description = [string]]

 [Direction = [string]{ Inbound | Outbound }]

 [DisplayName = [string]]

 [Enabled = [string]{ False | True }]

 [Encryption = [string]{ Dynamic | NotRequired | Required }]

 [Ensure = [string]{ Absent | Present }]

 [Group = [string]]

 [InterfaceAlias = [string[]]]

 [InterfaceType = [string]{ Any | RemoteAccess | Wired | Wireless }]

 [LocalAddress = [string[]]]

 [LocalPort = [string[]]]

 [LocalUser = [string]]

 [Package = [string]]

 [Platform = [string[]]]

 [Profile = [string[]]]

 [Program = [string]]

 [Protocol = [string]]

 [PsDscRunAsCredential = [PSCredential]]

 [RemoteAddress = [string[]]]

 [RemoteMachine = [string]]

 [RemotePort = [string[]]]

 [RemoteUser = [string]]

 [Service = [string]]

}

Now that's a lot of options! So I'm going to create a few rules here for SCCM. Here’s what I’ll need:

• My TCP ports of 443(HTTPS), 8531(WSUS HTTPS), 445 (SMB), 135 (RPC endpoint)
• 135 UDP (requires a separate rule)
• The ephemeral 49152-65535 for RPC (requires a separate rule)
• Rules for inbound and outbound access
• 5986 TCP (I’m adding this to my TCP rules to make sure that we can document PSRemoting ports as open)

Here's the script:

xFirewall PSRemoteAndSCCRulesInboundTCP

{

 Name = "PSRemoting and SCCM Inbound Rules TCP"

 Ensure = "Present"

 DependsOn = "[WindowsFeature]BITSRSAT"

 Direction = "Inbound"

 Description = "PSRemoting and SCCM Inbound Rules TCP"

 Profile = "Domain"

 Protocol = "TCP"

 LocalPort = ("443","1723","8531","445","135","5986")

 Action = "Allow"

 Enabled = "True"

}

xFirewall PSRemoteAndSCCRulesOutboundTCP

{

 Name = "PSRemoting and SCCM Outbound Rules TCP"

 Ensure = "Present"

 DependsOn = "[xFireWall]PSRemoteAndSCCRulesInboundTCP"

 Direction = "Outbound"

 Description = "PSRemoting and SCCM Outbound Rules TCP"

 Profile = "Domain"

 Protocol = "TCP"

 LocalPort = ("443","1723","8531","445","135","5986")

 Action = "Allow"

 Enabled = "True"

}

xFirewall PSRemoteAndSCCRulesInboundUDP

{

 Name = "PSRemoting and SCCM Inbound Rules UDP"

 Ensure = "Present"

 DependsOn = "[xFireWall]PSRemoteAndSCCRulesOutboundTCP"

 Direction = "Inbound"

 Description = "PSRemoting and SCCM Inbound Rules UDP"

 Profile = "Domain"

 Protocol = "UDP"

 LocalPort = ("135")

 Action = "Allow"

 Enabled = "True"

}

xFirewall PSRemoteAndSCCRulesOutboundUDP

{

 Name = "PSRemoting and SCCM Outbound Rules UDP"

 Ensure = "Present"

 DependsOn = "[xFireWall]PSRemoteAndSCCRulesInboundUDP"

 Direction = "Outbound"

 Description = "PSRemoting and SCCM Outbound Rules UDP"

 Profile = "Domain"

 Protocol = "UDP"

 LocalPort = ("135")

 Action = "Allow"

 Enabled = "True"

}

xFirewall PSRemoteAndSCCRulesOutboundTCPEphemeral

{

 Name = "PSRemoting and SCCM Outbound Rules TCP Ephemeral"

 Ensure = "Present"

 DependsOn = "[xFireWall]PSRemoteAndSCCRulesOutboundUDP"

 Direction = "Outbound"

 Description = "PSRemoting and SCCM Outbound Rules TCP Ephemeral"

 Profile = "Domain"

 Protocol = "TCP"

 LocalPort = ("49152-65535")

 Action = "Allow"

 Enabled = "True"

}

xFirewall PSRemoteAndSCCRulesInboundTCPEphemeral

{

 Name = "PSRemoting and SCCM Inbound Rules TCP Ephemeral"

 Ensure = "Present"

 DependsOn = "[xFireWall]PSRemoteAndSCCRulesOutboundUDP"

 Direction = "Inbound"

 Description = "PSRemoting and SCCM Inbound Rules TCP Ephemeral"

 Profile = "Domain"

 Protocol = "TCP"

 LocalPort = ("49152-65535")

 Action = "Allow"

 Enabled = "True"

}

Copy and push DSC resources to target machine

Now we'll get ready to again push our configuration to the target test machine. But first, because we're currently using the push method to deliver the configurations to the test machine, we'll need to manually copy and install the xNetworking module on the target system.

Note   This is one of the issues with using the push method (for more information, read Pushing Configurations in the DSC Book). The DSC Book is a great place to learn more about key differences between the push and pull methods. It is available free on PowerShell.org: The DSC Book.

We've copied the xNetworking module to the target machine. Now that we've added the firewall rules, let's update the .mof file to make sure that it generates correctly:

PS C:\Windows\system32> C:\Scripts\Configs\CMDPConfig.ps1

 Directory: C:\Windows\system32\CMDPConfig

Mode    LastWriteTime   Length Name                                 

----    -------------   ------ ----                                  

-a----   1/7/2016 6:00 PM   20208 LWINCM02.mof                               

-a----   1/7/2016 6:00 PM   1080 LWINCM02.meta.mof                              

PS C:\Windows\system32> Start-DscConfiguration -Path .\CMDPConfig\ -ComputerName lwincm02 -Force -Verbose

Id  Name   PSJobTypeName State   HasMoreData  Location    Command    

--  ----   ------------- -----   -----------  --------    -------    

15  Job15   Configuratio... Running  True   lwincm02    Start-DscConfiguration...

VERBOSE: Time taken for configuration job to complete is 0.214 seconds

To verify that the target is running a configuration, run:

PS C:\Windows\system32> Get-DscLocalConfigurationManager -CimSession lwincm02

ActionAfterReboot    : ContinueConfiguration

AgentId      : FA621241-B2F2-11E5-80C0-000D3A331A74

AllowModuleOverWrite   : False

CertificateID     :

ConfigurationDownloadManagers : {}

ConfigurationID    :

ConfigurationMode    : ApplyAndAutoCorrect

ConfigurationModeFrequencyMins : 15

Credential      :

DebugMode      : {NONE}

DownloadManagerCustomData  :

DownloadManagerName   :

LCMCompatibleVersions   : {1.0, 2.0}

LCMState      : Busy

LCMStateDetail     : LCM is applying a new configuration.

LCMVersion      : 2.0

StatusRetentionTimeInDays  : 10

PartialConfigurations   :

RebootNodeIfNeeded    : True

RefreshFrequencyMins   : 30

RefreshMode     : PUSH

ReportManagers     : {}

ResourceModuleManagers   : {}

PSComputerName     : lwincm02

PSComputerName     : lwincm02

We'll wait a few minutes for the system to finish processing. If you're an SCCM guy like me, you know all about the “hurry up and wait!” scenario. After a few minutes, we'll take a look at the DscConfigurationStatus...

PS C:\Windows\system32> Get-DscConfigurationStatus -CimSession lwincm02

Status  StartDate     Type   Mode RebootRequested  NumberOfResources    PSComputerName               

------  ---------     ----   ---- ---------------  -----------------    --------------               

Success 1/7/2016 6:00:36 PM  Initial   PUSH False    14        lwincm02

Let's check for the firewall rules:

PS C:\Windows\system32> Get-NetFirewallRule -CimSession lwincm02 | Where-Object Name -Like '*SCCM*' | Select-Object PSComputerName,Name,Enabled,Profile,Direction | Format-Table

PSComputerName Name            Enabled Profile Direction

-------------- ----            ------- ------- ---------

lwincm02  PSRemoting and SCCM Inbound Rules TCP    True Domain Inbound

lwincm02  PSRemoting and SCCM Outbound Rules TCP    True Domain Outbound

lwincm02  PSRemoting and SCCM Inbound Rules UDP    True Domain Inbound

lwincm02  PSRemoting and SCCM Outbound Rules UDP    True Domain Outbound

lwincm02  PSRemoting and SCCM Outbound Rules TCP Ephemeral True Domain Outbound

lwincm02  PSRemoting and SCCM Inbound Rules TCP Ephemeral  True Domain Inbound

So we have added an additional DSC resource, deployed it, and configured our firewall steps.

Using Script resource to add your scripts

One of the most common things I get asked is, “How can I add custom scripts to a configuration file in DSC?”

My first response is always to create your own custom DSC resource. However, some people (myself included) sometimes need to experience the sloppy method before being turned to the Light Side.

The PSDesiredStateConfiguration module contains a DSC resource called Script. This resource allows you to insert custom scripts into your configurations. So let's take a look at it for a moment.

PS C:\Windows\system32> Get-DscResource Script -Syntax

Script [String] #ResourceName

{

 GetScript = [string]

 SetScript = [string]

 TestScript = [string]

 [Credential = [PSCredential]]

 [DependsOn = [string[]]]

 [PsDscRunAsCredential = [PSCredential]]

}

Much like building a DSC resource (for more information, see Writing a DSC Resource), there are three mandatory functions that you have to insert into the Script DSC resource provider: Get, Set, and Test.

To show you how this resource can be used, I’m going to skip down in my example script (#Apply Firewall Rules for SCCM Communication) to the insertion of the NO_SMS_ON_DRIVE.sms file on drives that I don't want SMS packages to be installed on.

GetScript, which invokes Get-DscConfiguration (Get-TargetResource) must return a hash table. You'll find in many cases on the Internet, that most people actually don't use this portion, and you'll see it commented like this:

GetScript = {

 #needs to return hashtable.

}#EndGetScript

This often begets the question, “If I don't have to use it, why bother?”

This seems to be a way to validate the input that's being given to the script block. For example, if we decided to have an $ExcludeDrive parameter to specify what drive we don't want to insert, we would do something like this:

GetScript = {

 @{'ExcludeDrive' = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne ($ExcludeDrive + ':')})}

}#EndGetScript

This should give us our drive outputs in a hash table format. I'm sure you can see where this is headed, but I'll keep going. I'm also going to keep drive E as the drive I want to exclude because this is a static configuration for now. We'll get into parameterization a little later.

Script InstallNoSMSOnDrive

  {

 GetScript = {

  @{'ExcludeDrive' = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})}

 }#EndGetScript

}#EndScript

TestScript leverages the Start-DscConfiguration command and will determine if the SetScript block needs to run. This is a Yes or No block, so you need to return a boolean True or False. Now here's the challenge, if you have an array of objects, you need to return a single True or False. Here's the problem when dealing with an array of disks that you're checking to see if the file exists:

PS C:\Windows\system32> $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

ForEach($Drive in $LogicalDisk){

     $Disk = ($Drive.DeviceID + '\')

     Test-Path ($Disk + 'NO_SMS_ON_DRIVE.sms')

     }#ForEach

True

True

False

If I run my script and it returns an array of True/False statements, only the last output will be acknowledged. So as this script stands, we have to take that array of outputs, and turn it into a single out. Here's how we do this:

• Declare our array as a variable
• Add an if statement at the end of our ForEach block to return a value of False if any output from the block returns false

If we execute our code, we'll get the following if there's one False statement:

PS C:\Windows\system32> $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

$DiskCheck = ForEach($Drive in $LogicalDisk){

 $Disk = ($Drive.DeviceID + '\')

 $Output = Test-Path ($Disk + 'NO_SMS_ON_DRIVE.sms')

 If ($Output -eq $false){Return $false}

 }#ForEach

False

If all of the outputs equal True, we'll get a null output like this:

PS C:\Windows\system32> $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

$DiskCheck = ForEach($Drive in $LogicalDisk){

 $Disk = ($Drive.DeviceID + '\')

 $Output = Test-Path ($Disk + 'NO_SMS_ON_DRIVE.sms')

 If ($Output -eq $false){Return $false}

 }#ForEach

PS C:\Windows\system32>

To manage this, we call the DiskCheck variable we created in an if statement that says if the output is null, then return True:

PS C:\Windows\system32> $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

$DiskCheck = ForEach($Drive in $LogicalDisk){

 $Disk = ($Drive.DeviceID + '\')

 $Output = Test-Path ($Disk + 'NO_SMS_ON_DRIVE.sms')

 If ($Output -eq $false){Return $false}

 }#ForEach

 If($DiskCheck -eq $null){Return $True}

True

And now we have our TestScript!

Script InstallNoSMSOnDrive

  {

 GetScript = {

  @{'ExcludeDrive' = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})}

 }#EndGetScript

 TestScript = {

  $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

  $DiskCheck = ForEach($Drive in $LogicalDisk){

   $Disk = ($Drive.DeviceID + '\')

   $Output = Test-Path ($Disk + 'NO_SMS_ON_DRIVE.sms')

   If ($Output -eq $false){Return $false}

   }#ForEach

   If($DiskCheck -eq $null){Return $True}

 }#EndTestScript

}#EndScript

Finally, to SetScript. This is exceptionally easy because it's basically adding what your original script was:

SetScript = {

 $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

 ForEach($Drive in $LogicalDisk){

 $Disk = ($Drive.DeviceID + '\')   

  If(!(Get-Item -Path ($Disk + 'NO_SMS_ON_DRIVE.sms') -ErrorAction SilentlyContinue)){      

  New-Item -Name 'NO_SMS_ON_DRIVE.sms' -Path $Disk -ItemType File  

  }#EndIf

 }#EndForeach

}#EndSetScript

It's pretty straightforward. I'm reviewing any logical disk that isn't assigned to drive E. Each drive is checked to see if the NO_SMS_ON_DRIVE.sms file exists. If it doesn't, make the file. So here's our completed Script resource provider script:

Script InstallNoSMSOnDrive {

GetScript = {

  @{'ExcludeDrive' = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})}

 }#EndGetScript

 TestScript = {

  $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

  $DiskCheck = ForEach($Drive in $LogicalDisk){

   $Disk = ($Drive.DeviceID + '\')

   $Output = Test-Path ($Disk + 'NO_SMS_ON_DRIVE.sms')

   If ($Output -eq $false){Return $false}

   }#ForEach

   If($DiskCheck -eq $null){Return $True}

 }#EndTestScript

 SetScript = {

  $LogicalDisk = (Get-CimInstance -ClassName Win32_LogicalDisk).where({$PSItem.DriveType -eq '3' -and $PSItem.DeviceID -ne 'E:'})

  ForEach($Drive in $LogicalDisk){

  $Disk = ($Drive.DeviceID + '\')      

   If(!(Get-Item -Path ($Disk + 'NO_SMS_ON_DRIVE.sms') -ErrorAction SilentlyContinue)){     

   New-Item -Name 'NO_SMS_ON_DRIVE.sms' -Path $Disk -ItemType File  

   }#EndIf

  }#EndForeach

 }#EndSetScript

 DependsOn = "[xFirewall]PSRemoteAndSCCRulesInboundTCPEphemeral"

}#EndScript

So let's see what this resource provider looks like in comparison to the others. It's a mess! Not only that, but you've basically done three-quarters of the work needed to make this an actual DSC resource. So we're going to explore that in our next exciting episode!

In the meantime, I've checked my target system, and it looks like our Script resource did the trick.

Phew! What a doozy! Well I'm sure everyone's brain needs to do a little percolating on this before we continue. To recap, here's what we've accomplished in this series:

• Learned the basic ins an outs of a configuration in DSC, including format.
• Created a basic configuration with the DSC resources and pushed it to a target machine.
• Added a new DSC resource from the PowerShell Gallery, imported it into our configuration, and pushed the module and updated configuration to our target machine.
• Added a custom script to the configuration, and discussed why Get, Test, and Set are required.

Next time, we'll be looking at the DSC Resource Designer, and creating our first DSC resource! Stay tuned!

~Will

Thanks, Will, for sharing your time and knowledge about DSC. I am looking forward to Part 6 tomorrow.

I invite you to follow me on Twitter and Facebook. If you have any questions, send email to me at scripter@microsoft.com, or post your questions on the Official Scripting Guys Forum. Also check out my Microsoft Operations Management Suite Blog. See you tomorrow. Until then, peace.

Ed Wilson, Microsoft Scripting Guy

(この記事は 2016 年 1 月 14 日に Office Blogs に投稿された記事 Leading the way in the fight against dangerous email threatsの翻訳です。最新情報については、翻訳元の記事をご参照ください。)

大多数の方にとっては信じられないかもしれませんが、Microsoft Office 365 の Exchange Online Protectionチームは通常、スパムおよびマルウェア対策として、月に 2,000 億通を超えるメールを処理し、1 分間に 1,000 万通のスパム メールをブロックしています。これは当チームの標準的な処理件数で、脅威からの保護に日々取り組んでいる成果です。さらに、メールに対する攻撃手法は巧妙かつ複雑になってきているため、特に高度な脅威を事前に特定してブロックできるように、Exchange Online Protection および Advanced Threat Protectionサービスの強化に重点的に取り組み、以下のような機能を追加しています。

• 攻撃経路に組み込まれた保護機能により、なりすましおよび一般的な添付ファイルの種類から脅威を検出
• 検出された悪意のあるメールをエンド ユーザーが操作しないように安全性に関するヒントを表示
• フィッシングの報告や Advanced Threat Protection サービスなど、ユーザーの学習に役立つしくみを確立

(Please visit the site to view this video)

Exchange Online Protection と Advanced Threat Protection の新機能

エンド ユーザーの生産性を低下させずに外部の脅威から保護するためには、継続的なセキュリティ管理が必要です。そこで今回、Exchange Online Protection と Advanced Threat Protection に新機能が追加されました。外部の未知の脅威から保護すると共に、管理者が社内の標的や攻撃のリスクを緩和または除去するオプションを確認できるようになりました。

Dynamic Delivery of Safe Attachments: 昨年 6 月、メールの添付ファイルに含まれるウイルスを検出して未知の脅威から保護する Advanced Threat Protection の Safe Attachments機能が導入されました。これにより、Office 365 の標準保護プロセスである 3 種類のウイルス検索エンジンと複数のスパム フィルターを実行した後に、不審なファイルが添付されているメールを Safe Attachments の detonation chamber のあるサンドボックス環境に移動させ、添付ファイルを解析して安全であるかどうかを判別します。このプロセスに、通常 5 ～ 7 分を要します。

Dynamic Delivery of Safe Attachments 機能を使用すれば、メールの本文と添付ファイルのプレースホルダーをユーザーに送信し、この間に Safe Attachments による実際の不審な添付ファイルのスキャンを行うため、待ち時間を解消できます。メールを受信したユーザーはメッセージを閲覧し、返信することができます。ただし、元の添付ファイルは解析中であるという通知が表示されます。実際の添付ファイルの安全性が証明された場合は、プレースホルダーが置き換えられます。危険であると判断された場合は、脅威となり得る不要な添付ファイルを管理者が除外できます。Dynamic Delivery of Safe Attachments 機能は現在、Advanced Threat Protection をご利用のお客様向けのプライベート プレビューとして提供されており、今年の第 1 四半期中に一般提供が開始される予定です。

Zero-hour Auto Purge: 未読メールを、スパム、悪意のあるメール、安全なメールなどに誤って分類してしまった場合に、その分類を変更することができます。たとえば、受信トレイに配信されたメッセージが後からスパムであると判明した場合、Zero-hour Auto Purge 機能によって受信トレイからスパム フォルダーに移動されます。反対に、誤ってスパムに分類されたメッセージは受信トレイに移動されます。Zero-hour Auto Purge 機能は現在、プレビューとして約 50 社のお客様にオンデマンドでご利用いただいており、Exchange Online Protection のすべてのグローバル テナントには 2016 年の第 1 四半期にロールアウトされる予定です。この機能は管理センターで無効にできるため、管理者がその使用の有無を決定することができます。

Outlook on the web の Safety Tips: この機能ではあらかじめ安全性に関するわかりやすいヒントを表示するため、ユーザーが開いて問題ないメールかどうかを判断しやすくなります。以下に例を挙げます。

• 信頼できるユーザーから送信されたメールの場合は、安全なメッセージであることを通知する
• 不審なメールやフィッシング詐欺メールを受信した場合は、信頼できない差出人から送信されたメールであるというメッセージを表示する

Outlook on the web の Safety Tips 機能の目的は、メッセージの状態に関する通知を強化し、不審なメールやフィッシング詐欺メールの上部に赤い通知バーを表示することで、ユーザーが適切な判断を下せるように支援することです。この視覚的なヒントを追加することにより、不正の可能性がある要求やその他の不審なアクションについて警告し、ユーザーを保護します。Outlook on the web の Safety Tips 機能は、2016 年の第 1 四半期に Exchange Online Protection のお客様に向けて一般提供が開始される予定です。

社内関係者へのなりすまし対策: 最近になって被害が増加しているのが、重役や同僚へのなりすましです。自社のメール ドメインを装っているため、一見すると社内メールのようで、既存のフィルターでは悪意のあるメールだと特定することが困難です。Exchange Online Protection では、ビッグ データ、強力な認証チェック、評価フィルターを利用した組み込みのインテリジェンスによって、なりすましメールの検出率が 500% 以上向上しました。

社内関係者へのなりすまし対策の詳細については、こちらのページ (英語)をご覧ください。

Phish Reporting: Outlook on the web のユーザーがマイクロソフトにフィッシングを報告できる新機能です。フィッシングを報告するには、[Junk] プルダウン メニューをクリックし、[Phishing] を選択します。表示される [Report as phishing] ダイアログには、フィッシングの詳細 (英語)ページへのリンクが含まれるほか、[Report] または [Don’t report] ボタンをクリックして、このメッセージのコピーをマイクロソフトに送信して調査やメール保護技術の改善に役立てるかどうかを選択できます。この機能を活用してフィッシング詐欺メールに対する認識を深めていただけますと幸いです。また、不審なメールがありましたらご報告ください。

この機能の展開は、今年の第 1 四半期中に完了する見込みです。それまでにフィッシングをご報告いただく場合には、フィッシング詐欺メールを添付して新しいアドレス phish@office365.microsoft.comまでメールをお送りください。

不審のある一般的な添付ファイルの種類をフィルター処理: 皆様からのフィードバックにお応えして、Exchange Online Protection 管理者向けの便利な機能を追加いたしました。マルウェア ポリシーを利用して、ファイルの種類に応じて悪意のある可能性がある不要な添付ファイルを除外できます。この機能により、添付ファイルのフィルター処理と悪意のあるコンテンツに対するアクションが統合され、Exchange のトランスポート ルールやマルウェア フィルター処理ポリシーの設定が不要になります。今年の第 1 四半期中に、管理センターの左側の [Protection] タブ、上部の [Malware Filter] タブの順に選択して表示される [Malware Filter] セクションに [Common Attachment Types Filter] というオプションが追加され、既存のマルウェア ポリシーを編集するか、新しいマルウェア ポリシーを作成するかを選択できます。

上記の Office 365 の Exchange Online Protection と Advanced Threat Protection の新機能は、最も高度なメールのセキュリティ、信頼性、保護機能を提供すると共に、ユーザーが適切な判断を下せるように支援し、管理者の作業を簡単にして効率を高めるという Office 365 チームの継続的な取り組みを反映したものです。ユーザーや企業のお客様を外部の攻撃から事前に保護するための機能は進化し続けています。上記の機能をお試しのうえ、ぜひご意見をお聞かせください。皆様からのフィードバックをお待ちしております。

—Shobhit Sahay (Office 365 チーム、テクニカル プロダクト マネージャー)

※ 本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。

(この記事は 2016 年 1 月 13 日に Project Support Blog に投稿された記事 Project Online: SharePoint 2013 Workflow Throttlingの翻訳です。最新情報については、翻訳元の記事をご参照ください。)

Project Online と SharePoint Online では、さまざまなリソース使用量の段階に応じてサービスの調整が行われます。場合によっては、完全にブロックされることもあります。このトピックの概要については、「SharePoint Online で調整またはブロックを回避する方法」(https://msdn.microsoft.com/JA-JP/library/office/dn889829.aspx) をご覧ください。

今回、新しい SharePoint 2013 の調整メカニズムが追加されました。この調整メカニズムでは、24 時間で 1,000 件の送信要求が作成された場合に、ワークフロー インスタンスが中断されます。ワークフローが中断された場合、ワークフローの状態と共に中断理由が表示されるため、調整に関連した中断かその他の要因による中断かを確認することができます。その後 (インスタンスが作成または再開された時点から) 24 時間後にワークフローを再開できます。

この変更については、「SharePoint Online および Project Online での SharePoint 2013 ワークフローの調整について」(https://support.microsoft.com/ja-jp/kb/3076399) に記載されています。ただし、この記事で挙げられている例は SharePoint 中心のものであるため、今回の変更が Project Online のインスタンスやワークフロー範囲の定義、Project Online 固有のアクティビティにどのように関係するかについて、別のサポート技術情報で補足する予定です。その際には、サンプルもいくつか追加いたします。今回は告知のみで、詳細については後日公開いたします。差しあたって、特に多数の要求が生成されるワークフローでは調整が行われる可能性がある点にご留意ください。

※ 本情報の内容（添付文書、リンク先などを含む）は、作成日時点でのものであり、予告なく変更される場合があります。