6. Co která aplikace umí?
Ačkoliv kancelářský balík Microsoft Office zná téměř každý uživatel počítače, některé sady obsahují produkty, s nimiž jste se možná ještě nesetkali, proto se vám bude zřejmě hodit následující rychlý přehled všech aplikací:
Word – nejpoužívanější textový editor na světě, slouží k psaní...(read more)
Vi er i gang igjen. Denne gangen med en aldri så liten påskenøtt til dere!
Gjennom 5 episoder vil du her få en utfordring hvor vi vil ha din mening om hva som går galt hos det selskapet og de ansatte vi viser frem. Alle som sender inn rett løsning på påskenøtten er med i trekningen av premiene:
- 1 Xbox One
- 1 Surface Pro 3
- 1 Dell Venue 8 Pro
De to første episode er allerede ute!
I denne episoden presenterer vi deg for selskapet vi skal følge i påskenøtten. Du får også møte noen av de ansatte og vi hører litt om deres arbeid og utfordringer. Er alt som det skal? Hvordan jobber de i dag?
Nå er det krise hos Contoso! Men jobber de på rett måte for å løse utfordringene de nå står midt i??
Jak již z názvu vyplývá, Centrum akcí v sobě sdružuje nejčastěji prováděné akce, které na svém zařízení děláte. Není tak potřeba otevírat položky v Nastavení nebo Ovládacích panelech, vše je možné udělat rovnou. Druhou, zásadní funkcí je zobrazení upozornění od různých aplikací napříč celým systémem. Pojďme se tedy na ně společně podívat.
Režim tabletu – pokud zařízení disponuje dotykovou obrazovkou, je možné pomocí této položky aktivovat režim tabletu, který uzpůsobí prvky systému tak, aby lépe odpovídaly ovládání pomocí dotyku. V případě, že se jedná o konvertibilní zařízení, u které ho je možné odpojit klávesnici, tak se tento režim po odpojení aktivuje automaticky.
Připojit – slouží k připojení bezdrátových zvukových a video přenosových adaptérů. Tato funkce se nejčastěji používá pro připojení k adaptérům s technologií Miracast, která slouží pro bezdrátový přenos obrazu a zvuku.
Poznámka – poměrně často je potřeba si na počítači dělat rychlé poznámky. Někteří z nás k tomu využívají Poznámkový blok či podobné aplikace. Ve Windows 10 je však tato funkce spojena s aplikací pro poznámky přímo určenou – s aplikací OneNote. Jakmile tedy kliknete na tento příkaz, spustí se aplikace OneNote a vy si tak rychle můžete udělat vlastní poznámku. Výhodou je, že OneNote veškeré poznámky synchronizuje online s úložištěm OneDrive a tak jsou tyto zápisky pro vás dostupné na jakémkoliv zařízení, kde je internetový prohlížeč nebo aplikace OneNote.
Všechna nastavení – zobrazí nové prostředí pro nastavení a konfiguraci systému. Oproti systému Windows 8 se ve Windows 10 zde nachází mnohem více položek a funkcí, nově např. Windows Update a další.
Spořič baterie – aktivuje úsporný režim na zařízení s baterií, která v případě potřeby umožňuje prodloužit její výdrž. Ve výchozím nastavení je tento režim aktivován automaticky, pokud kapacita baterie klesne pod 20 %.
Síť VPN – slouží pro snadné a rychle připojení k virtuální podnikové síti (VPN)
Období klidu –
Umístění – vypíná nebo zapíná možnost rozpoznání umístění zařízení. To se může hodit například v aplikacích pro práci s mapu, počasím nebo pro vyhledávací funkce.
Režim v letadle – umožňuje vypnout všechny bezdrátové adaptéry, takže použití tohoto zařízení bude i v letadle bezpečné.
27.Jak změnit zobrazená nastavení v Centru akcí?
Výše uvedené příkazy jsou tím základním, co vám systém Windows 10 po čisté instalaci nabídne. Je ale možné, že některá z nich budete používat méně často nebo dokonce vůbec. Pak je tu tedy možno vybrané rychlé přístupy k nastavení přeskupit tak, aby více odpovídaly vašim potřebám. Stačí, když v Centru akcí klepnete na položku Všechna nastavení a přejdete do položky Systém – Oznámení a akce. Zde si pak již můžete dle svých potřeb upravit, jaké čtyři základní příkazy budou v prvním řádku matic jednotlivých nastavení.
28.Jak změnit upozornění, která se budou v Centru akcí zobrazovat
Ve stejném místě jako v předchozím případě je pak možné upřesnit, od jakých aplikací chcete nechat zobrazovat v Centru akcí upozornění. Pokud například často pracujete s poštou, pak si můžete například vypnout právě toto upozornění a nechat si tak prostor pro jiné aplikace.
29.Jak rychle přistupovat k systémovým nástrojům?
V systému Windows 10 můžete velice rychle přistupovat k pokročilým systémovým nástrojům pro upřesnění konfigurace systému. Stačí, když klepnete pravým tlačítkem myši na tlačítko Start a zobrazí se tato nabídka. V případě potřeby je možné ji vyvolat i pomocí klávesové zkratky Win+X.
30.Jak přesunout hlavní panel?
Hlavní panel se zástupci, ikonami otevřených aplikací a oznamovací oblastí nemusí být vždy umístěn na dolní hraně obrazovky. Pokud jej chcete přesunout nahoru, doprava nebo doleva, stačí jej chytit levým tlačítkem myši na volném místě panelu a přetáhnout na požadované místo. Pokud by vám tento postup nefungoval, ujistěte se pomocí stisku pravého tlačítka myši na volné části panelu, že nemáte aktivní funkci uzamknutí panelu.
SharePoint Server 2016 is unlike any previous release of SharePoint and going forward, it will be a platform that continues to evolve to provide delightful experiences for users. The reason? Microsoft product teams used the learnings, metrics, and code already running in the cloud and applied it to the Server product. It’s that close relationship with the cloud that enables SharePoint Server 2016 to unlock business value and it happens through seamless hybrid experiences.
Let’s discuss some of these hybrid experiences in more detail.
Hybrid OneDrive and Profiles
Hybrid OneDrive refers to the ability to choose where each user has their work-related private files stored, in the cloud or on-premises. As you’ll see with other experiences, it isn’t an all or nothing choice. With SharePoint Server 2016, I can easily define audiences and put users in those audiences and specify where I want their OneDrive for Business to be created. For example, I may not want my factory workers to need an Office 365 license, they produce few documents, but I still want a secure place for them to put those files. I can specify that factory workers’ OneDrive for Business will be on-premises while everyone else gets one created in Office 365. While everyone else enjoys a 1 TB storage quota, I can specify something much lower for my factory workers and not have to spend extra money on storage.
Similarly, for profiles, using redirection in SharePoint Server 2016 enables some users to have a new enhanced profile experience in Office 365. The new profile experience features a selectable cover photo, 1-click message button (which opens a Skype for Business conversation), and as you’d expect, basic contact information and an interactive organization chart.
Hybrid Team Sites
Hybrid Team Sites refers to the ability to choose where to host collaborative sites and isn’t limited to just the “Team Site” template. It equally applies to other templates like Project Site, Developer Site, and Blogs. With the SharePoint Server 2016, the “Sites” page keeps track of all your sites, regardless of where they’re hosted or which template they use. You can choose to follow sites where you have an interest and quickly see recent sites and recommended sites.
For example, based on some regulatory requirements, some sites may need to be hosted on-premises. We can easily create a site provisioning form to ask the appropriate questions and determine if a site needs to be hosted on-premises.
There may be other cases where Office 365 is a better fit. For example, consider Access Services. While it is powerful because it allows information workers to create compelling apps, it is difficult to setup and maintain on-premises. If you wanted to avoid the headaches, you could simply host sites using Access Services in Office 365.
Hybrid Social
SharePoint Server 2013 was the “social” release with new features like communities, blogs, newsfeeds, hashtags, and more. SharePoint Server 2016 retains all of those features and makes it easy to leverage services from Office 365, like Yammer. As with SharePoint Server 2013, you can use Yammer embed to place a social feed on any site or page. You can do this easily and automatically using publicly available code for Provisioning Yammer feeds.
Perhaps Yammer isn’t suitable for all of your content. SharePoint Communities offer a different approach, based on patterns of traditional message boards. Hybrid Social means you can use the best of both worlds.
Hybrid Discovery
Hybrid Discovery is the term I’m using to refer to any feature that relates to finding information, on-premises or online. First, we have true hybrid search experiences. With SharePoint Server 2016, you can configure your search indexes to be hosted in the cloud, merged with your online indexes. This means that relevancy, analytics and results are inclusive.
Second, eDiscovery can now look at your entire corpus of content as one. A single search gives results from both on-premises and online. This is especially useful in scenarios where your eDiscovery search is focused on a user or set of users who may have content spread across locations.
Third, you can now bring the power of the Office Graph and specifically Delve to your on-premises content. Delve shows me popular documents, what my teammates are working on, related content and surfaces content that I might find interesting. I want, no I need, that information for content on-premises equally as much as the content that’s online.
There’s More
I only touched on a few of the scenarios where SharePoint Server 2016 unlocks business value through hybrid experiences. There’s more, and I’m sure you’ll see information coming soon or have a chance to explore yourself. Hybrid experiences are really compelling, that’s why the SharePoint 2016 Product Line Architecture (PLA) is a hybrid architecture. The PLA takes the best of Microsoft’s learnings from the cloud, projects with customers, Premier and broad support and repeated consulting engagements to come up with a reference architecture. Find out more by contacting your Microsoft representative and by visiting the PLA blog.
Zveme vás na konferenci SECPUBLICA 2016, která se bude konat 31. 3. 2016 v prostorách Microsoftu.
Kybernetická bezpečnost je tématem, o němž má řada lidí spíše představy než znalosti. Jde o doménu specialistů a běžní uživatelé, ale třeba i správci sítí a "standardní ajťáci" propadají pocitu, že se ani nemá cenu snažit, protože to stejně špatně dopadne...(read more)
Meu nome é Alan Carlos e trago à vocês as últimas noticias do TechNet Wiki News!
Nos próximos dias 18 e 19 de Março de 2016 acontece na sede da Microsoft em São Paulo o MVP Open Days!É um evento que ocorre em todo o mundo, reunindo o time de MVP da Microsoft para palestras, bate-papo sobre as últimas novidades, e os caminhos que a Microsoft está tomando.
E o time do TechNet Wiki estará lá participando do evento e trazendo em breve à comunidade TechNet Wiki as últimas novidades!
Saiba mais sobre o como se tornar um membro do TechNet Wiki e conheça um pouco mais sobre o programaMVP Award!
Yesterday’s tip discussed the Conditional Access Framework and how it can be used to ensure device compliance for Windows 10 remote devices. In today’s tip, we take a look at some of the components and cloud services involved.
Conditional Access Framework Components
The following components work together to provide an end-to-end device compliance solution.
Conditional Access
Conditional Access is a powerful policy evaluation engine built into Azure AD. It gives IT admins an easy way to create access policies that evaluate the context of a user's login to make real-time decisions about which applications they should be allowed to access, including access to VPN.
Azure AD Connect Health
Azure AD Connect Health is a cloud based service and plays a key role in helping customers monitor and secure their cloud and on-premises identity infrastructure. In its first preview, Azure AD Connect Health provides customers who use ADFS with detailed monitoring, reporting and alerts for their ADFS servers.
Windows Health Attestation Service
The Health Attestation Service is a trusted cloud service operated by Microsoft that performs a series of health checks and reports to MDM what Windows 10 security features are enabled on the device. The role of Windows Health Attestation Service is essentially to evaluate a set of health data (using TCG log and PCR values), make a series of detections (based on available health data) and generate encrypted health blob or produce report to MDM servers.
Windows 10 Health Attestation CSP
Windows 10 contains a configuration service provider (CSP) specialized for interacting with the health attestation feature. A CSP is a component that plugs into the Windows MDM client and provides a published protocol for how MDM servers can configure settings and manage Windows-based devices. The management protocol is represented as a tree structure that can be specified as URIs with functions to perform on the URIs such as “get”, “set”, “delete”, and so on.
The following is a list of functions performed by the Windows 10 Health Attestation CSP:
Collects data that is used to verify a device’s health status
Forwards the data to the Health Attestation Service
Provisions the Health Attestation Certificate that it receives from the Health Attestation Service
Upon request, forwards the Health Attestation Certificate (received from the Health Attestation Service) and related runtime information to the MDM server for verification
During a health attestation session, the Health Attestation CSP forwards the TCG logs and PCRs values that are measured during the boot, by using a secure communication channel to the Health Attestation Service.
When an MDM server validates that a device has attested to the Health Attestation Service, it will be given a set of statements and claims about how that device booted, with the assurance that the device did not reboot between the time that it attested its health and the time that the MDM server validated it.
For more information on the HealthAttestation CSP, including examples for integrating Health Attestation into your environment, see the following link: Health Attestation CSP
Who decides device compliance?
The device management server decides if device is compliant based on its configured set of compliance rules. Intune, 3rd party MDM servers or an SCCM hybrid can be used. The individual behaviors can vary depending upon the platform used, but most are based on state queries from MDM to the HealthAttestation CSP on the Windows 10 device.
Intune Compliance Policies
The Conditional Access Framework leverages the existing compliance policies configurable in Intune. Mobile Device Management systems such as Intune are capable of querying device state and define compliance rules for the following:
Firewall status
Antivirus status
Auto-update status & Update compliance
Password policy compliance
Encryption compliance
Device health attestation state (validated against attestation service after query)
At the time of this writing Intune only supports a subset of these, but more are to be added in the future.
Next Time
Stay tuned for tomorrows tip, when we will examine a sample connection flow illustrating how all these components and services work together.
Powershell permet l'éxécution de script sur des machines distantes via diverses commandes powershell : invoke-command, enter-possession,...
Pour éviter que ces scripts distants ne saturent et n'utilisent toutes les ressources de la machine, des quotas sont assignés à ces session distantes. Certains de ces quotas sont implémentés via des Jobs Windows.
Par exemple les quotas MaxProcessesPerShell et MaxMemoryPerShellMB qui limitent le nombre maximum de processus concurrents dans cette session et la taille mémoire maximum utilisable par l'ensemble des processus de la session.
L'atteinte d'une de ces limites peut donner lieu à des erreurs diverses et variées (et pas toujours très facilement interpretables !) .
Ces limites doivent être alors augmentées à 2 niveaux :
Limite globale impose à l’ensemble des shells (Plugin) (dans WSMAN:\localhost\shell )
Limite pour le shell concerné (par exemple pour le plugin Powerhell 64 bits, WSMAN:\localhost\Plugin\microsoft.powershell\Quotas )
Pour que ces modifications soient effectives, il faut redémarrer le service winrm.
Par exemple, pour limiter:
la mémoire utilisée par la session Powershell à 2GB
le nombre maximum de processus dans la session à 30,
le script powershell suivant peut-être utilisé sur le serveur cible:
L'exemple suivant illustre l'erreur remontée lorsque l'on atteint la limite sur le nombre de processus. Le script 1.vbs ayant pour but de lancer une instance de notepad.
Le processus WsnProvhost.exe héberge la session remote Powershell. En examinant, les propriétés du processus avec Process Explorer (Sysinternals), on peut vérifier dans l'onglet "Job" les limites assignées au Job.
With Skype for Business, Microsoft gives you three compelling solutions for your voice needs:
Enterprise Voice (on-premises): Included in on-premises deployments of Skype for Business Server 2015, this is Microsoft's world-class software-powered Voice over Internet Protocol (VoIP) solution. It's a full PBX system that uses PSTN connectivity through your local operator.
Cloud PBX with PSTN Calling service (all in the cloud): Included with Skype for Business Online, Cloud PBX is Microsoft's new technology for enabling call control and PBX capabilities in the Office 365 cloud. Skype for Business Cloud PBX allows you to replace your existing PBX system with a set of features directly delivered from Office 365 and tightly integrated into your cloud productivity experience.
Cloud PBX with On-premises PSTN connectivity (a choice of hybrid solutions): You can choose Cloud PBX with an existing Skype for Business Server deployment or Skype for Business Cloud Connector Edition (currently in Preview).
To help you make the right choice, download the new Skype for Business Voice Solutions poster in PDF or Visio format.
The main section of the poster is a flowchart, which you can use to determine the best solution depending on your organization's current status and future plans. Here is a section:
Each column represents a specific configuration, complete with a representative diagram, additional description and guidance, and links to the deeper technical content on TechNet.
If you are an enterprise architect or consultant working with Skype for Business 2015 or Skype for Business Online, take a close look at this new resource.
It's our pleasure to finally interview Jesper, so let's get to it!
=============================
Who are you, where are you, and what do you do? What are your specialty technologies?
My name is Jesper Arnecke and I currently reside in Copenhagen, the capital of Denmark. Being 32 years old and with a vast interest of systems, not only IT.
I currently work at ProActive A/S, the first company to be awarded the Microsoft country partner of the year award two times in a row, three times in total in Denmark. My role, in Microsoft lingo “IT-Pro”, as I try to bridge the gap between developers, customers and laws of nature.
I’ve been working with the Microsoft portfolio for more than ten years now, getting me quite around the different products. With a strong focus on installation, configuration, administration and governance. My current focus area is SharePoint and all the connected components around, such as ADFS, AD, SQL, HyperV, IIS, Powershell.
Besides working with IT, I operate an eco-sustainable cocoa/vanilla plantation in Mexico, as well as brew and sell mead (Honey wine) in my home country. My passion lies in the concept of systems and their interactions. I love natural systems and the way they interact, supplement and create a balanced system, hence the plantation.
What are your big projects right now?
Everything is relative. I am currently focusing on launching my mead project as well as keeping my blog active as well as contributing to the community. The Mexican jungle doesn’t stop growing, so that is also priority. My biggest project however is seeing my family grow.
What is TechNet Wiki for and how does it fit into your job?
To me the Technet Wiki started out as being thought of as a repository of my own documentation. It was a way for me to always have updated documentation on how to do what in terms of installation or configuration of the IT systems I work with. I soon realized that it was not just to copy and paste, that contributing to the Technet Wiki came with a responsibility of removing my own handwriting and making it more widely understandable. To me the Technet Wiki could be the source repository for everyone working with Microsoft systems. As a contributor, a reviewer, editor or just user. The Technet Wiki is for everyone. Every little comment improves it; every big article builds it stronger.
What is it about TechNet Wiki that interests you?
Basically the concept of helping myself and also helping others in the process, or it might be the other way around though. The recognition system that builds something that is bound to me and not the company that I work for. Basically I feel that the Technet community as a hole gives me more independence.
What are your favorite articles you’ve contributed?
I prefer the articles based on either hard technical challenges or simply hard to understand and explain topics.
Perspective! – For me the single most important thing in life is perspective. In any situation you are in, you can always use perspective to leverage even higher. And Technet Wiki will offer tons of that! :)
Don’t be a stranger and connect on LinkedIn– Always more perspective to be found.
Thanks to all of those around me that grant me perspective.
===================================
Wow! Wow. So you divide your time between Denmark and Mexico? I love it when I see technology professionals who have passions like this, where they aren't afraid to get their hands dirty!
It's a pleasure getting to know you!
Everyone, please join me in thanking Jesper for his contributions in giving back to the community!
Following the announcement in June of our plans to deliver locally hosted Microsoft Cloud services – Microsoft Azure, Office 365 and Dynamics CRM Online – from Canada, today marks the next major milestone: the start of the Azure Private Preview! This milestone marks the start of a significant expansion of Microsoft’s trusted cloud services into Canada.
Today, a group of customers and partners have started testing Azure as a locally hosted service in our Toronto and Quebec City datacenters.
The response to the Azure Preview has exceeded our expectations, reflecting both the demand and opportunity we have. Our cloud services empower Canadian businesses of all sizes and across all industries to move to the cloud. Customers like PCL Construction, one of the largest contracting organizations in North America, has chosen to preview Azure in the Canadian cloud regions.
“We’ve been a Microsoft Azure customer for several years and see it as a strategic offering fueling our cloud initiatives. The agility and flexibility it affords the PCL team has been extremely valuable and complimentary to our strategic objectives of reducing time to market and simplifying our cost structure,” said PCL chief information officer Mark Bryant.
And they empower you, our partners, to fuel your growth by delivering robust new services, applications and capabilities.
Opportunity knocks
More than ever, now is the time to ensure you’re equipped to capitalize on the incredible opportunity cloud services will continue to create. The question is: have you developed your plan and the skills you need? Whether you’re new to delivering cloud services or a veteran in search of added inspiration, we have resources to help you:
And if you’re looking to build intellectual property in the Microsoft Cloud, our ISV and Application Builder Center is a great place to start
Partners, like Dyrand Systems, who are participants in the preview, are already benefitting from the early opportunity:
“Through the Azure preview, Microsoft Canada provides Dyrand Systems with tangible benefits that strengthen not only our performance but our bottom line,” said Marie Pin, Director of Business Solutions, Dyrand Systems. “The versatility, security and reliability of the platform, anchored by two regions in Canada, allows us to lower costs, increase efficiency, develop new verticals and eliminate the burden of dealing with and paying for multiple hosting providers. In turn, we are able to provide to our clients a superior suite of services that are Canadian-based, regulatory-compliant, redundancy-proofed.”
As is Orckestra, who has built their Commerce Cloud offering on Azure:
“Microsoft Azure has become the foundation of our Orckestra Commerce Cloud offering and is a key component of our competitive differentiation. It allows us to deliver speed to market, experiential and innovative features that our retail industry customers value enormously. The addition of the Canadian datacentres enhances the flexibility and appeal of the cloud to our customers. As a partner, Microsoft Azure has listened, engaged and responded to our needs.”
Today’s exciting news brings us one step closer to delivering Microsoft Cloud services to Canadians, from Canada.
Azure customers in Canada will benefit from enterprise-grade reliability and performance combined with in-country data residency, including data replication in multiple locations within Canada for business continuity, and a financially-backed service level agreements (SLA) with 99.9% availability. The new locally delivered services in Canada feature the same industry-leading levels of security, privacy, control, compliance, and transparency that define the Microsoft trusted cloud globally.
Microsoft is adding new datacentres in Canada that will both deliver Microsoft cloud services and provide commitments for core data stored at rest within Canada for Azure, Office 365 and Dynamics CRM Online. Microsoft will become the first cloud provider in Canada to offer an enterprise-grade, hyper-scale, true hybrid platform certified to meet customers legal and compliance requirements.
We remain on track to deliver all of our cloud services, hosted in Canada, with general availability for Azure currently scheduled for Q2 2016, followed closely by our flagship productivity solutions: Office 365 and Dynamics CRM.
We will continue to share details with you over the coming months as we progress towards General Availability. In the interim, please visit the Canadian Partner Newsboard or visit us at accelerate.microsoft.ca.
On behalf of everyone at Microsoft Canada, thank you for your continued partnership. If we can help you and your team better prepare for the Cloud opportunity, please do not hesitate to connect with us.
Jason (Jay) Brommet
Director, Partner Strategy & Channel Chief Microsoft Canada @jbrommet
Ya está disponible la versión de SharePoint 2016 RTM disponible, donde se encuentran los bits para poder hacer uso de Project Server 2016. Debemos tener en cuenta que Project Server 2016 es todavía un producto diferenciado de SharePoint Server 2016, y necesitará ser licenciado antes de poder usarlo. Las implicaciones son que Project Server será capaz de ser incluido en una granja de SharePoint, de tal manera que todas las actualizaciones públicas para SharePoint Server 2016 incluirán “parches” para Project Server 2016, así que nos podemos olvidar de “parches” individuales de Project Server en esta versión de Project Server 2016.
Hemos consultado los siguientes posts antes de escribir éste:
Po únorové aktualizaci Excelu 2016 můžete sešity publikovat do Power BI a pak vytvářet sestavy a řídicí panely založené na datech sešitu, které následně můžete sdílet s ostatními uživateli, či je vyvěsit na libovolný web.
Pokud chcete excelový sešit publikovat do Power BI, vyberte Soubor Publikovat.
Excel se přihlašuje k Power BI přes váš aktuální účet.
Excel zobrazuje průběh publikování do Power BI, jak ukazuje následující obrázek.
Až skončí, zobrazí okno se zprávou, které vám umožní zvolit zobrazení publikovaných dat a sestav ze sešitu v Power BI.
Když odkaz vyberete, Power BI se načte do vašeho internetového prohlížeče.
Na excelovém sešitu můžete dál pracovat a v Power BI budou automaticky probíhat aktualizace v souladu s výchozími zásadami nastavení aktualizací v Power BI.
V Power BI můžete vybrat Sestavy, potom soubor, který se nahraje a uvidíte vizualizaci excelové sestavy v Power BI.
Informace : Publikování vyžaduje, aby byl sešit uložený na OneDrivu pro firmy
Nemůžete publikovat prázdný sešit nebo sešit, který nemá obsah podporovaný službou Power BI.
Desde Budapest, Hungría en el E² Global Educator Exchange tuvimos la oportunidad de charlar con tres educadoras latinoamericanas que han mostrado cómo la tecnología hace que el aprendizaje sea más eficiente, novedoso, creativo y atractivo. Escuchen a Sylvia Fojo, de Uruguay; Marta Salazar, de Chile; y Marcela Casas, de Colombia....(read more)
There are a lot of myths on how to automatically trigger Bitlocker on an Azure AD Joined Windows 10 device, let’s hope this post will get you some answers.
Windows 10 will automatically encrypt the local drive when joining an InstantGo capable device to Azure Active Directory. This can either done during the “Out Of Box Experience” (OOBE) or when Window is installed by going to the “About” screen, here you have the option to Azure AD Join the device.
As an admin you can configure Azure AD in such a way that the device is automatically registered in your Mobile Device Management solution.
Important note: You cannot use Microsoft Intune (or any other MDM) to specify a policy and force Bitlocker on a Windows 10 PC. This is done automatically during an Azure AD Join.
What does “InstantGo capable device” mean?
InstantGo (formerly known as Connected Standby) is a very low power state that some devices support. It’s very like your mobile phone, it’s almost switched off but still can receive text messages, e-mails and switch to a different power state when receiving phone calls.
A growing list of devices support InstantGo, you can manually check if your device supports this as follows:
Open a command prompt
Type “powercfg /a”
Devices that have InstantGo support will return “Network Connected”:
If your device does not support InstantGo (and therefore: no automatic Bitlocker during Azure AD Join) you will get something similar to this:
Keep in mind that this also applies to Virtual Machines. Automatic Bitlocker during Azure AD Join requires physical InstantGo Capable devices.
Where do I find the recovery key?
Users can retrieve their recovery key by going to http://myapps.microsoft.com, select Devices and select the device for which they would like to get the recovery key:
As an Azure tenant admin you can find the recovery keys for your user by going to https://manage.windowsazure.com, browse to your Active Directory, go to the Users tab and select the user who enrolled a specific device. Browse to Devices and change the dropdown list to view Devices.
Find the device for which you would like to have the recovery key and hit Details.
“I have InstantGo capable devices but Bitlocker is not enabled automatically during an Azure AD Join”
If you are sure your device is InstantGo capable (e.g. Surface Pro 3 or Surface Pro 4) it could be that the image you are using has Automatic Bitlocker during AAD Join disabled – this is a registry key.
Recently we have seen this issue with the Surface Pro 4 Recovery Images. Until the Recovery images are updated you can work around this by either:
Use a vanilla Windows 10 (1511) ISO or media, install Windows 10, perform the AAD Join. Either inject the Surface Pro drivers into the image in advance or install the drivers manually afterwards.
OR
During the Out Of Box Experience (OOBE) hit SHIFT-F10 on your keyboard, this will bring up a command prompt. Fire up REGEDIT and browse to
HKLM\System\CurrentControlSet\Control\Bitlocker\ Make sure that “PreventDeviceEncryption” is set to “0”
If you liked this post - please consider leaving a reply.
The User Information List (“/_catalogs/users/simple.aspx” or “_catalogs/users/detail.aspx”) is a hidden list in each site collection that is only visible and accessible to Site Collection Administrators. The User Information List stores metadata information about a user. Some metadata examples are Display Name (name), Login Name (samAccountName), Department, Picture, Email, SID (determines authorization rights), etc.
The User Information List contains lots more user metadata properties other than Name, About Me, (Job) Title, and Department than you can see in the above Detail view display. You can run the a PowerShell script similar to following example to dump items in the list and get an idea of the other user properties stored in this list.
How does user metadata get added to the hidden User Information List?
Whenever you grant a user rights to a Site Collection or when that user creates/updates/deletes any item within a Site Collection, a new item will be created in the User Information List storing some metadata information about that Active Directory (AD) User, if not already there.
How does user metadata get subsequently updated in the hidden User Information List?
If you change user account properties in Active Directory and then perform a sync/import, it should import and update the changed property values in the corresponding user profile in SharePoint. Also, the sync timer job should push user account updates into the userinfo table in the content database (DB) and into the hidden User Information List in the site collection. I’ve tested this in my own lab by changing the Department and Title properties for a user account in AD and then forcing a Full sync in SharePoint, and it appeared to work as expected. The user property changes were replicated from AD into the user profile, the userinfo table, and into the hidden User Information List in the site collection.
Be aware that A SharePoint Farm Administrator can set policies on each user property in a user profile to help govern how the information in that property can be used, and one relevant policy property is Replicable. By default when Replicable policy is True, the user profile property's value can be replicated to user information lists in other site collections when its value changes. For a property to be replicated, its default privacy setting must be set to Everyone and the User can override policy must not be selected.
However, things can go awry and sometimes certain users’ profile metadata in a User Information List for unknown/mysterious reasons just ceases to get replicated updates from a profile sync run.
Where can things go wrong? SharePoint maintains a mapping between the Profile DB and content DB userinfo table, based on “[Profile DB].[dbo].[UserProfile_Full].SID“ column and “[WSS_Content].[dbo].[UserInfo].tp_systemID” column. This mapping is leveraged when SharePoint synchronizes the Profile Database and the Content Databases. Linkages can apparently get broken here sometimes and impact user metadata replication. But I won’t delve into this less common topic, and instead will cover the most typical scenario.
How do I fix user metadata in the hidden User Information List when things go awry?
Set-SPUser -SyncFromAD to fix Name (DisplayName) and E-Mail:
If you want to manually force update existing user metadata in a User Information List, You can use "Set-SPUser" cmdlet at the site collection scope with the SyncFromAD parameter. The SyncFromAD parameter specifies that user information will be synchronized (immediately, in my observation) from the user directory store. Be aware that this cmdlet only updates the Name/DisplayName and E-Mail fields. It doesn’t touch the Title or Department or other fields. Example PowerShell for a SharePoint 2013 claims-enabled web site…
Remove-SPUser and manually re-add to fix Title, Department, and other metadata:
If there are only few user accounts having inconsistent metadata in the site collection, the easiest fix might be to run the Remove-SPUser cmdlet to remove each user from the site collection (which removes them from User Information List). Then via the SharePoint UI, manually grant the user access again within the site collection (or use New-SPUser cmdlet) to force SharePoint to re-add the user into the User Information List. From my observation, it appears that SharePoint will refresh the user metadata properties from the user profile after the next profile synchronization runs (you may have to wait for an hour for the sync job to run successfully). Example PowerShell for a SharePoint 2013 claims-enabled web site...
Important: If you plan to remove the user from the site collection, all the user's permissions to this Site Collection are removed. Before you remove the user's permissions and re-add them, make sure you note the user's permissions. To do this from the SharePoint site collection, you can go to Site Actions> Site Settings > Users and Permissions > Site Permissions > Check Permissions.
Manually delete user from All People group and re-add to fix Title, Department, and other metadata:
Alternatively, you could delete a user from a site collection by deleting them from the All People group using the SharePoint UI. If you remove the user from this group, this also removes the user from the userInfo table in the Microsoft SQL Server database. I believe this is some type of soft delete, where a Deleted property is turned on. When you re-add the user, the user's information is updated in this table. From my testing it appears that SharePoint will refresh the deleted/re-added user’s metadata properties in the site collection from the user profile after the next profile synchronization runs.
Important: If you plan to delete the user from the All People group, all the user's permissions to this Site Collection are removed. Before you remove the user's permissions and re-add them, make sure you note the user's permissions. To do this from the SharePoint site collection, you can go to Site Actions> Site Settings > Users and Permissions > Site Permissions > Check Permissions.
How do I access the All People group/page in a SharePoint 2013/2010 site collection?
In Microsoft Office SharePoint 2007, you could remove the user from the All People group and re-add them. This option is no longer available in SharePoint 2010/2013. SharePoint 2010/2013 removed the page from navigation, but you can still access the All People page by appending the following to the root URL of the site collection.
The People Picker control is used to search/find and select groups (as well as people and claims). Where does the picker control pull its display data from? SharePoint first checks if the user exists in the site collection (hidden User Information List), if it does not then it retrieves the user info from Active Directory and adds the user into the site collection. People picker behavior is affected by the User Profile to SharePoint synchronization Job; however, it can be influenced by many other factors.
How does the Person or Group column type work?
The Person or Group column type in a list/library allows you to select people based on User ID and Login Name using a picker control. The People Picker control is used to search/find and select groups (as well as people and claims). Where does the picker control pull its display data from? The UserID relates to the ID of the user within the site collection. However chances are that not all users are currently members of the site collection. To address this, SharePoint first checks if the user exists in the site collection, if it does not then it retrieves the user info from Active Directory and adds the user into the site collection. People picker behavior is affected by the User Profile to SharePoint synchronization Job; however, it can be influenced by many other factors. The Show Field value for a Person or Group column type is obtained from the hidden User Information List in the site collection.
Exchange has been evolving for over 20 years now, and is still going strong! From our humble beginnings, adding SMTP protocol through an IMC connector as well as web access to email in Exchange 5.0 back in 1997 (that was some cutting edge stuff back then!), starting to play in service waters 10 years later in 2007 (ever heard of Exchange Labs?) all the way to where we are today with Exchange Server 2016 and Exchange Online– we have gone through many a transformation.
One thing is certain, though – we would not have been here without you, our customers. You keep pushing us to get better and bring you more features. When we do something wrong (yeah, that happens), the incredible Exchange community is always quick to let us know. And for those of you wishing that this virtual birthday celebration could somehow take place in person, you’ll want to sign up to attend Microsoft Ignite in Atlanta.
Thank you for all the support and amazing ride! Anyone up for 20 more?
Most Articles Award Winner The reviser is the winner of this category.
Richard Mueller
Richard Mueller is mentioned above.
Most Updated Article Award Winner The author is the winner, as it is their article that has had the changes.
Mauricio Junior - MCP, MCAD, MVP Microsoft
This is the first Top Contributors award for Mauricio Junior - MCP, MCAD, MVP Microsoft on TechNet Wiki! Congratulations Mauricio Junior - MCP, MCAD, MVP Microsoft!
Mauricio Junior - MCP, MCAD, MVP Microsoft has not yet had any interviews, featured articles or TechNet Guru medals (see below)