Imaginons le cas suivant :

Vous installez un nouveau ou une mise à jour d’un driver (imprimantes, carte vidéo, carte réseau, etc.).
Suite à cela vous rencontrez un problème.
Vous décidez de le désinstaller, toutefois celui-ci se réinstalle soit lors d’ajout de l’imprimante soit lors d’une détection par exemple ou bien encore via Windows Update si une autre personne décide de l’installer, car il est disponible dans les updates optionnels.

Voici la procédure pour :

A. Faire un rollback du driver, par exemple dans le cas d’un driver vidéo, Réseau, etc.
B. Supprimer le package du Driver Store
C. Masquer le driver third party si celui-ci est disponible en option via Windows Update.

A. Faire un rollback du driver :

Via le Device Manager faire le Roll back du drivers pour revenir à la version précédente (suite à une mise à jour)
Device Manager-> Clic droit sur le Devicer-> Tab Driver-> Roll Back Driver
Ci-dessous un exemple pour le driver de la carte réseau

B. Supprimer le package du Driver Store :

Dans un premier temps il faut identifier le fichier INF du driver third party en question :
1. Ouvrir un CMD

2. Exécuter la commande Via un cmd lancer la commande pnputil.exe -e > drivers.txt

3. Ensuite, ouvrir le fichier drivers.txtet faire une recherche sur le nom du ‘’Driver package provider’’ dans mon exemple je fais une recherche sur la société ‘’Contoso’’ qui  fournis le package du driver de l’imprimante installée

Note ‘’Contoso’’ société qui fabrique des imprimantes lasers est le nom fictif utilisé ici afin d’exemple.

4.Ensuite, récupérer le nom du fichier INF se trouvant dans la section ‘’Published name :‘’, dans mon exemple ici ‘’oem999.inf’’

5.Pour supprimer le package du Driver Store, exécuter la commande suivante dans un CMD :

pnputil.exe -f -d oem999.inf

Options disponibles de l’outil Pnputil.exe:

C. Masquer le driver third party si celui-ci est disponible en option via Windows Update.

L’action ci-dessous aura pour but d’éviter que quelqu’un sélectionne l’option de l’installation d’un driver third party proposé par l’éditeur via Windows update.
Nous prendrons ici l’exemple du driver Contoso.
Dans Windows Update allez sur les updates optionnels puis faire un clic droit sur l’update et choisir ‘’Hide update

Si vous voulez de nouveau rendre visible l’update masquer dans Windows Update sélectionner ‘’Restore hidden updates’’ puis sélectionner l’update que vous souhaitez rendre visite et cliquer sur Restore.

Implementation the previous post "SCOM Rule contains timed script and Alert without condition" are already been covered by Jonathan Almquist -  https://blogs.technet.microsoft.com/jonathanalmquist/2010/05/25/how-to-generate-an-alert-directly-from-a-script-based-rule/

but Jonathan explains how to write this rule by MP Authoring tool, I will show you how to create this rule by using Visual Studio Authoring Extension:

first you need to download the VSAE : https://www.microsoft.com/en-us/download/details.aspx?id=30169

# Create New Project

# Select SCOM Version

# Create New Folder

# Rule (Custom)

# Select the Rule, in right side look on the following options: Data Source / Condition Detection / Write Action

# Data Source ... Select "TimedScript.PropertyBag"

# In Data Source Configuration, write the Script, and click OK

# First Select Target Class, In Condition Detection Type ID, Select System.ExpressionFilter

# Condition Detection Configuration, Config the Property Bag Output

# Write Action ... Select GenerateAlert TypeID

# Data Source Configuration ...

# Build Solution

# Management Pack file location

# in Solution folder - bin\debug, copy XML file, and Import it to SCOM

Great news! Starting this week, Azure Recovery Services (which include Azure Backup and Azure Site Recovery) are available for all CSP partners. It means that 2 very popular Azure services can be used by customers through the CSP model.

This is what CSP partners asked us for months. Azure Backup and Azure Site Recovery (ASR) are popular services even among cloud-agnostic customers. Before this week, configuration of Backup and ASR was available through PowerShell and APIs, and it was hard for CSP partners to deploy and manage. Now this functionality is available through Azure Portal. It means than CSP partners can easily provide backup and disaster recovery services to their customers in a managed way, or their Azure CSP tenants can use Azure Backup and ASR on their own, just adding these services into their existing subscriptions.

To add backup and disaster recovery services to an existing Azure CSP subscription, just add "Recovery Services" in "Data + Storage" menu of the Azure Marketplace.

I recommend to create Recovery Services vault in a dedicated Resource Group with an assigned Tag to separate billing data for backup and ASR and for other Azure services (e.g. IaaS, DBs etc.).

You can configure Backup and Recovery services in the same menu called "Recovery Services vaults".

 Azure Backup

First of all, you need to understand the pricing model of Azure Backup. It is described here. You are charged for 2 things:

1. Protected instances - you pay for every instance that you backup. It can be a VM, SQL database, Exchange database etc. If you backup Exchange server and a VM that it runs on, you are charged for 2 instances. There are 3 price tiers for instances, that depend on data size per instance (less than 50Gb, 50-500Gb, more than 500Gb).
2. Consumed storage for the backup vault. Block blob storage is used for that, and you can choose between Locally Redundant Storage (LRS) or Geo-Redundant Storage (GRS), its pricing is available here.

By default, Backup vault uses Geo-Redundant Storage. If you don't want to pay for extra redundancy, you can switch to Locally Redundant Storage, which is 2 times cheaper. I recommend you to switch in the beginning using "Backup Configuration" menu in settings. After you'll put any backup data in Recovery service vault, you won't be able to change this setting.

There are 3 scenarios available for Azure Backup:

1. Azure Virtual Machine backup - backup Azure virtual machines
2. File-Folder Backup - backup files on Windows clients and Windows Servers using a special Recovery Services agent
3. System Center Data Protection Manager - connect System Center Data Protection Manager server (located On-Premise or in the cloud) to Azure Backup to store DPM backup data in Azure Backup vault.

Azure Virtual Machine backup

Azure Backup allows use to backup virtual machines that run in Azure with a simple two step configuration:

1. Create backup policy or choose an existing one
2. Select virtual machines that you want to backup. You can choose among all VMs in the current subscription that you have access to.

After that you can see the current status of this backup and manage recovery jobs in "Backup Items" menu.

File-Folder Backup

This scenario allows you to backup files on remote Windows client VMs and Windows Servers. These computers can be located anywhere - On-Premise, in Azure, in service provider environment etc. To configure this you need to download Recovery Services agent and install it on every computer where you want to backup files. Also you need to download Vault Credentials file by clicking on "Download" button, you'll need this file during the agent installation.

After the agent installation, open Azure Backup Client and schedule a new backup. You'll need to select items to backup and configure a retention policy.

Agent encrypts the data using the encryption key that you specify during the configuration. So all the backups stored in Azure will be encrypted.

To recover the data, you need to launch Agent Backup Client on this computer or on another computer and choose "Recover data" option.

On the Azure Portal you can see how many recovery points are stored in the backup vault.

System Center Data Protection Manager

This scenario allows System Center Data Protection Manager to copy backups to Azure Backup vault. It can be used for:

1. Long-term backup - e.g. store backups on local disk storage only for the last month, and copy backups to Azure Backup vault weekly and store them there for years
2. Short-term backup - copy backups from local disks to Azure Backup vault daily. Anyway - you need to store at least one backup on local disks before moving it to Azure Backup vault.

Azure Backup vault eliminates the need of tape storage for long-term backups, because usually it is much cheaper to backup to Azure instead of buying an expensive tape storage system. Currently you can store backup data for the last 99 years. Move then enough.

DPM 2012 R2 and later can backup files, SQL Server databases, Exchange databases, SharePoint farms, Windows Server system states and Hyper-V VMs. Details are available here.

This functionality can be used in 2 different ways:

1. Service provider backups data of all tenants (IaaS, hosted Exchange, Database-as-a-Service) to DPM. DPM copies backup copies to the Azure Backup vault, provided via common Azure CSP Subscription. Currently each DPM server can use only one Azure Backup vault, so it is impossible to use several different Azure subscriptions for different tenants data on the same DPM server.
2. CSP Partner provides managed backup service to its customer. He deploys DPM server (or configures the existing one) in the on-premise customer environment and configures it to use Azure Backup vault in a dedicated Azure CSP subscription.

First of all, you need to install Azure Recovery Services agent on a DPM server. This is the same agent as was used for File-Folder Backup scenario. Click "Download" button and save vault credentials file to the location, that can be accessed by DPM server.

After that, go to Management -> Online menu in DPM Administration console and click "Register" button.

Choose the file with vault credentials that you've got from Azure portal.

During the installation process, you'll be able to configure Internet connection throttling settings. Also you'll need to specify a local staging folder, that can be used to temporary data during recovery jobs from Azure Backup vault.

Generate a passphrase that will be used for data encryption in Azure backup vault. Save this passphrase to a secure location, you'll need it to recover data from Backup vault if primary DPM server will fail.

Good hint in the installer - don't forget to configure DPM database backup.

After that you'll need to create a Protection Group or add Online Protection option to the existing Protection Group.

If you have a huge amount of data that you want to move to Azure Backup vault, and you have a limited internet connection, then consider using Azure Import\Export service to send an initial copy of data using FedEx (US and Europe) or DHL (Asia) to send disks with data to Azure datacenter. Details are here.  Anyway - the full copy of data is being transferred to Azure Backup vault only once. After that only compressed incremental data will be sent, which is much smaller in size.

You can see all conntected DPM servers on Azure CSP portal in "Backup Management Servers" menu.

In the next post I'll provide the information regarding Recovery Services (ASR) functionality, that become available in Azure CSP. Stay tuned!

こんにちは、Exchange サポート チームの小間です。
以下のブログ記事でご紹介しているように、オープン ソースで開発されている EWSEditor 1.14 で OAuth を使用できるようになりました。

TITLE: EWSEditor 1.14 Released
URL: https://blogs.msdn.microsoft.com/webdav_101/2016/04/02/ewseditor-1-14-released/

Exchange Online では EWS 接続に OAuth を使用することができますので、独自開発した EWS アプリケーションのトラブル シューティングなどに EWSEditor も活用できるようになります。
しかしながら、OAuth を使用するには Azure Active Directory にアプリケーションを登録する必要があります。そのため、今回の記事ではアプリケーションの登録方法と、EWSEditor の設定方法をご紹介します。

なお、Azure Active Directory を使用するため、今回の記事は Office 365 (Exchange Online) のテナントをお持ちで、かつ管理者アカウントで Microsoft Azure のサブスクリプションも有効化されている方を対象にしています。

アプリケーションの登録

1. 以下の URL から、Office 365 の管理者アカウントで Microsoft Azure の旧ポータルにサインインします。
https://manage.windowsazure.com/

2. 左ペインから [ACTIVE DIRECTORY] をクリックします。
3. Office 365 で使用しているディレクトリが表示されますのでクリックします。

4. [アプリケーション] タブに移動します。
5. 画面下部の [追加] をクリックします。

6. ウィザードが開始します。[組織で開発中のアプリケーションを追加] をクリックします。

7. 任意のアプリケーションの名前を入力します。[種類] は [ネイティブ クライアント アプリケーション] を選択します。

8. [リダイレクト URI] を入力します。必ずしも実際にアクセスできる必要はないため、ここでは localhost を使用しています。

9. アプリケーションの追加が完了したら、[構成] タブに移動します。
10. 表示されている [クライアント ID] と、先ほど入力した [リダイレクト URI] を控えておきます。

11. 同じページの下に [他のアプリケーションに対するアクセス許可] がありますので、[アプリケーションの追加] をクリックします。

12. [Office 365 Exchange Online] を追加します。

13. Office 365 Exchange Online のデリゲートされたアクセス許可から [Access mailboxes as the signed-in user via Exc…] をオンにします。

14. ページ下部の [保存] をクリックします。

以上で、Azure Active Directory へのアプリケーションの登録は完了です。

EWSEditor で OAuth を使用する

1. 以下のページから EWSEditor をダウンロードして起動します。OAuth をサポートするのはバージョン 1.14 からのため、ここでは バージョン 1.14 を使用します。

TITLE: EWSEditor
URL: https://ewseditor.codeplex.com/

2. About ページが表示されるので [OK] をクリックします。
3. [File] - [New Exchange Service] をクリックします。
4. [Use Autodiscover or use Exchange Web Service URL directly] から [Service URL] を選択します。URL は [365] をクリックすると自動で入力されます。
5. [EWS Schema Version] は最新のもの ([Exchange 2016]) を選択します。
6. [Use oAuth] を選択し、以下の画面ショットを参考に入力します。
・ Redirect URI : アプリケーション登録時に指定したリダイレクト URI。
・ Client App ID : アプリケーションのクライアント ID。
・ Server Name : https://outlook.office365.com
・ Auth Authority : https://login.windows.net/<Office 365 テナント名> (「https://login.windows.net/contoso.onmicrosoft.com」のようになります。)

7. [OK] をクリックすると、Office 365 のサインイン画面が表示されます。Office 365 のユーザーでサインインします。
8. 問題なく認証されると「Do you want to automatically add the mailbox root to the tree view?」と確認が表示されます。ここでは、正しく通信できるかどうかの確認のために [はい] をクリックします。
9. フォルダー階層が表示されます。

以上で、OAuth を使用した EWSEditor の使用方法の紹介は終了です。
認証が OAuth になるのみで、EWS の通信は他の認証と同じように使用できます。

今後も当ブログおよびサポート チームをよろしくお願いいたします。

What is Windows Fabric?

It is Distributed systems platform for building scalable apps, Distributed system is a software system in which all component work together , Used for on premises and cloud scenarios, Windows Fabric enables application and services across all tiers to run at cloud scale with the ability to be patched and managed without downtime

Supports stateless and stateful applications

Reverse proxy would be one example of a stateless application

Lync is a stateful application

Windows Fabric Architecture

Skype for Business and Lync 2013 are leveraging the Reliability subsystem in the windows fabric component, ensures the placement of routing groups, ensure the replication between the primary and the other secondary nodes

Windows Fabric Availability

In this example we have a windows fabric cluster with 5 Nodes, Windows fabric divide the users in these nodes in a routing groups, each of these routing groups will have up to three replica, one primary and two secondary, so what happens if the primacy goes down, Fabric knows it has 2 secondary nodes and will promote one of the secondary to be a primary, if the primary (Node 3) Fails for a period of time, windows fabric will create another secondary, Node 5 for example as the figure below,, if windows fabric cant maintain quorum or doesn’t have enough nodes it will shutdown, If a node is added to the pool groups will be rebalanced, User replicator is responsible for replicating the cluster assignment and user group assignment to all databases within the Cluster

What Skype for Business/Lync services are using windows fabric?

Routing Services:

- Contacts, Conferences, Client cert, etc  

Lync Storage Services

- writes archiving/compliance to SQL and Exchange

MCU Factory Services

- Stores current MCU Load and decides the next MCU to allocate

Conferencing Directory  Services

- Maps Dial-IN numbers to the correct conference URI

What is Replicated across Nodes?

Persistent User Data

- Synchronous replication to two more FEs (Backup / Replicas)

- Presence, Contacts/Groups, User Voice Setting, Conferences

- Lazy replication used to commit data to Shared Blob Store (SQL Backend)

Transit User Data

- Not replicated across Front End servers

- •Presence changes due to user activity, including: Calendar, Phone call, inactive

Windows Fabric Tools

FabricLookup.exe, this tools is part of Lync 2013 Resource Kit

Trouble Shooting Scenario:  Event Log

Name: Lync Server
Source: LS User Services
Event ID: 32174
Level: Warning

Description: Server startup is being delayed because fabric pool manager has not finished initial placement of users.
Currently waiting for routing group: {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}.
Number of groups potentially not yet placed:
Total number of groups:

Cause:
This is normal during cold-start of a Pool and during server startup.
If you continue to see this message many times, it indicates that insufficient number of Front-Ends are available in the Pool. s for windows Fabric

Possible cause for this event:

- Not all servers in the pool are up

- problem in placing the primary replica of the routing group

Solution:

- try to start the RTC service on the front ends

start-cswindowsservice -name "RTCSRV"

- Check the event log for System, Application and Lync server

- if windows fabric fails to do the replica for certain amount of time then try to perform quorum loss recovery(wait 35 minutes)

reset-cspoolregistarstate -poolfqdn (poolname) -resettype qoroumlossrecovery

Trouble Shooting Scenario:  Users cannot sign in or sign in a resiliency mode

- Primary server is not available

- Both Secondary are not available

this condition can occur if the connection to the backend server is not available, or windows fabric cannot writes to the secondary replica

Resolution:

- Check connectivity issues between Front end and backend

- Check the state of replica

Get-cspoolfabricstate -poolfqdn (poolname) -verbose -type routing

get-cspoolfabricstate -routinggroup <ID> -verbose and look for fabric service write status if you see granted on that parameter means it is on a healthy state, if you see write is not allowed then we have an issue and we can run quorum loss recovery

生產力暨物聯網應用開發元年

時間 : 4月19日 9:00 到 4月21日 16:00

地點 :TAF 空總創新基地 (聯合餐廳) 台北市大安區建國南路一段 177 號 由側門進入

One thing everybody wants is a great performing device coupled with an operating system that gives them the best tools for work and play.

That’s why we’re excited that Ghanaian company, Zepto Limited, has launched the UmiTab 10.1 2-in-1 Tablet Computer. The UmiTab 10.1 is an affordable option for users in Ghana wanting a versatile device with long battery life and top quality software. Retailing at 999 Ghc, it comes with the full Microsoft productivity offering – Windows 10, Office 365 Mobile and 1TB OneDrive access free for a year.

That means when you purchase the UmiTab 10.1, you’re joining a community of more than 200 million monthly active users running Windows 10 on their devices. We’re proud to say that it’s our most secure Windows ever, kept up-to-date automatically with innovations and security updates. You also get built-in, enterprise-grade security, which allows you to replace passwords with more secure options, protect your data and identity and run only the software you trust.

With the affordability of the UmiTab 10.1, coupled with International Data Corporation (IDC) findings that one in three people using illegal software will likely encounter malware, often leading to loss of data and identity theft, there’s really no excuse not to be using genuine software that puts your data security first.
To purchase the UmiTab 10.1, shop online at Jumia or Tisu. For more information, visit www.zeptoonline.com.

Один из примеров, в котором списки и контейнеры наиболее заметны, это функциональные бок-схемы, также известные как схемы с дорожками. Надстройка для создания схем с дорожками в версии Visio 2010 была полностью переделана с учетом списков и контейнеров. В результате, функциональная блок-схема стала «списком контейнеров»! Эта структура также используется для схем с дорожками в Visio 2016:

• Структура, в которой содержатся дорожки – это список.
• Каждая дорожка – это контейнер.

Для наглядного понимания использования списков и контейнеров мы создадим часть схемы с дорожками.

1. Щелкнем на вкладке Файли выберем вкладку Создать. Щелкнем на Категории, а затем выберем категорию Блок-схемаи дважды щелкнем на миниатюре Функциональная блок-схема, чтобы создать новый документ.

2. Щелкнем на верхней границе функциональной блок-схемы и введём Примерная схема с дорожками. Поскольку структура функциональной блок-схемы представляет собой список, то введенный текст отображается в заголовке списка.

3. Щелкнем на прямоугольнике с левого края верхней дорожки и введём Бухгалтерия. Поскольку дорожка – это контейнер, текст отображается в заголовке контейнера.

4. Щелкнем на прямоугольнике с левого края нижней дорожки и введем Юридический отдели нажмем клавишу Esc. Результат первых трех шагов представлен на рисунке ниже.

5. Перетащим фигуру Процессна дорожку Бухгалтерия. Граница дорожки подсвечивается зеленым цветом, что характерно для контейнеров.

6. Перетащим фигуру Решениена дорожку Юридический отдели разместим ее справа от фигуры процесса в дорожке Бухгалтерия.

7. Перетащим стрелку автосоединения с правого края фигуры процесса к левому краю фигуры решения.

8. Наведем указатель мыши на границу функциональной блок-схемы в месте соединения дорожек БухгалтерияиЮридический отдел.

Присутствие указателя вставки на границе между дорожками Бухгалтерия и Юридический отдел визуально показывает, что мы работаем со списками. Обратите внимание на синий треугольник вставки с края индикатора вставки. При щелчке на синем треугольнике, в место, обозначенное индикатором, будет автоматически добавлен стандартный объект вставки.

9. Щелкнем на синем треугольнике вставки, представленном на предыдущем рисунке. Visio вставляет новую дорожку между двумя существующими и сохраняет все соединения между фигурами на дорожках.

10. Щелкнем в области заголовка дорожки Бухгалтерияи перетащим ее вниз под дорожку Юридический отдел. Visio перемещает дорожку Бухгалтерияв конец списка и сохраняет соединения между фигурами в ней и во всех других дорожках.

Добавление, удаление и переупорядочение дорожек в версии Visio 2013 выполняется более предсказуемо и логично, поскольку лежащая в основе структура построена на контейнерах и списках.

Схемы с дорожками, будучи сформированными как контейнеры, имеют дополнительное преимущество: фигуры в контейнере «знают», где они содержатся. Чтобы убедиться в этом, проанализируйте содержимое поля Функция в данных фигуры для любой фигуры блок-схемы с дорожками. В качестве примера на следующих рисунках продемонстрированы данные для фигуры процесса и данные для фигуры решения из предыдущего рисунка.

Значение в поле Функция берется динамически из заголовка дорожки; если изменить заголовок дорожки, то для всех содержащихся в ней фигур значение в поле Функция будет обновлено.

There are only so many hours in the day, so making the most of your time is critical. But there are only really two ways to improve productivity – you either work harder, or work smarter.

Microsoft recently announced the Lumia 650, – the latest smartphone to run on Windows 10 which has been designed specifically to help you work smarter, better and more efficiently.

The Lumia 650 was built for people on the move, and is packed with features to help you be more productive throughout your day.

We’ve outlined our top four Lumia 650 tips to help you make more of your day:

Separate your work and personal life: A work-life balance is important. So, by simply setting up individual work and personal accounts, you can ensure that you remain focused in the office, and aren’t distracted by work in your free time.

Peace of mind: Modern day security threats are always a worry when it comes to personal and company data, but the new Lumia 650 protects you and your company with built-in security.

Work from anywhere: Specially designed features for the Lumia 650 mean you can work from pretty much anywhere, armed with nothing but your smartphone; super-long battery life of up to 16 hours talk time, two microphones for crystal clear conference calling, a wide-angle front facing camera for high-definition video calls, and all the latest Microsoft Office apps available straight out of the box.

Never miss a thing: Long gone are the days of having to input appointments on separate devices, or copy notes and pictures from your mobile to your laptop. Now, you can save time by seamlessly syncing your smartphone with your Windows 10 PC, and accessing your work from anywhere on your phone using OneDrive.

Have a look at this video for more information about the Lumia 650: 

.(Please visit the site to view this video)

There are only so many hours in the day, so making the most of your time is critical. But there are only really two ways to improve productivity – you either work harder, or work smarter.

Microsoft recently announced the Lumia 650, – the latest smartphone to run on Windows 10 which has been designed specifically to help you work smarter, better and more efficiently.

The Lumia 650 was built for people on the move, and is packed with features to help you be more productive throughout your day.

We’ve outlined our top four Lumia 650 tips to help you make more of your day:

Separate your work and personal life: A work-life balance is important. So, by simply setting up individual work and personal accounts, you can ensure that you remain focused in the office, and aren’t distracted by work in your free time.

Peace of mind: Modern day security threats are always a worry when it comes to personal and company data, but the new Lumia 650 protects you and your company with built-in security.

Work from anywhere: Specially designed features for the Lumia 650 mean you can work from pretty much anywhere, armed with nothing but your smartphone; super-long battery life of up to 16 hours talk time, two microphones for crystal clear conference calling, a wide-angle front facing camera for high-definition video calls, and all the latest Microsoft Office apps available straight out of the box.

Never miss a thing: Long gone are the days of having to input appointments on separate devices, or copy notes and pictures from your mobile to your laptop. Now, you can save time by seamlessly synching your smartphone with your Windows 10 PC, and accessing your work from anywhere on your phone using OneDrive.

Have a look at this video for more information about the Lumia 650:

(Please visit the site to view this video)

41.     Co to jsou kontextové karty?

42.     Jak rychle najít funkci v aplikaci?

43.     Jak ochránit dokument heslem?

44.     Jak odstranit ochranu heslem?

45.     Jak vrátit zpět nepovedenou operaci?

Apr.

6

Script Download:  
The script is available for download from https://gallery.technet.microsoft.com/FTP-with-SSL-creation-if-ce02c21d.

You can also use  Microsoft Script Browser for Windows PowerShell ISE to download the sample with one button click from within your scripting environment. 

The sample powershell script does the following: 1. Checks if the required FTP site already exits 2. If it exists it will show the suitable message. 3. If it doesnt exist it will create the IIS FTP website named "testftp" with SSL certificate

You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery

Apr.

6

Script Download:  
The script is available for download from https://gallery.technet.microsoft.com/How-to-create-a-msdeploy-c7c09bd1.

You can also use  Microsoft Script Browser for Windows PowerShell ISE to download the sample with one button click from within your scripting environment. 

This batch / command script will help in performing the below: 
1. This will package all the sites with the help of msdeploy without the site contents and includes just the configurations. 
2. This script will also move the application pools into the package 
3. This resultant package along with the generated log files will be moved to a different location.

You can find more All-In-One Script Framework script samples at http://aka.ms/onescriptingallery

Today’s Tip…

Azure Container Service (ACS) provides a way to simplify the creation, configuration, and management of a cluster of virtual machines that are preconfigured to run containerized applications. Using an optimized configuration of popular open-source scheduling and orchestration tools, ACS enables you to use your existing skills or draw upon a large and growing body of community expertise to deploy and manage container-based applications on Microsoft Azure.

Learn More:

Getting started developing with Docker and Azure Container Service

Deep dive on the Azure Container Service with Mesos

Windows Server containers, Docker, and an introduction to Azure Container Service

Episode 198: Azure Container Service with Ross Gardler

All -

If you are looking for ways to get your work done from anywhere, I recommend you attend the below FREE Microsoft Office 365 webinar. During this session you will discover how to access Outlook from anywhere, share files and get things done in real time! A live presenter will encourage questions and discussion of scenarios specific to you and your environment.

Registration landing page: http://aka.ms/O365gettingitdone!

Webinar dates:

• Get It Done from Anywhere – synching and Outlook - 4/7/2016 10:30 AM - 11:30 AM
• Get It Done from Anywhere – synching and Outlook - 4/14/2016 10:30 AM - 11:30 AM
• Get It Done from Anywhere – synching and Outlook - 4/21/2016 10:30 AM - 11:30 AM
• Get It Done from Anywhere – synching and Outlook - 4/28/2016 10:30 AM - 11:30 AM

Find other webinars like this one here: http://fasttrack.microsoft.com/office/webinar/live

NOTE: the above times are in US Pacific time zone

Regards,
Bea

This past week I had a chance to host a Webinar for our SMB partners to review the Sprint to the Finish offers in market to help close out H2.

I hope you all had a chance to attend the session, but if you missed it, don't worry.  We've posted the recording and all relevant material to our Yammer site (www.yammer.com/cdnwpc).  And as always you can find all of our offers posted on our Canadian Partner News Board (www.aka.ms/newsboard).

As a quick reminder here's what we have in play for you to take advantage of right now!!

Office 365 - Win New Customers

In this worldwide program you can earn up to $10,000USD for new customer acquisition motions in both Open and CSP.  This offer pays per seat for selling to >3 new customers during the offer period (min 5 seats, max 50 per customer). 

You must meet all requirements (including the usage requirement) so be sure to review the T&Cs and reach out if you have any questions. 

This program runs from February 1, 2016 until June 30, 2016

Sign up and review the T&Cs at www.aka.ms/smbsprint

Office 365 Growth Accelerator

In this Canada specific program, you have the opportunity to earn up to $5,000CDN for growing your O365 customer base.  You must sell to a minimum of 5 customers during the offer period (min 10 licenses per customer) and maximize your earnings at 15 customers.  Open licenses only.  LSPs are not eligible to participate. 

Please see T&Cs for full offer rules and eligibility.

This program runs from October 1, 2015 until June 30, 2016

Sign up and review the T&Cs at www.microsoftpartnerinvestments.com

CRM Online Offer

Earn as much as $100,000USD in this global CRM Online offer.  Eligible partners will earn a $/seat incentive for all qualifying sales of CRM Online through Open and CSP licensing during the offer period.  Min 5 seats and Max 10 seats per customer.  Activation required. Please see T&Cs for full offer rules and eligiblitiy.

This program runs from February 1, 2016 until June 30, 2016.

Sign up and review the T&Cs at www.aka.ms/smbsprint

CRM High Frequency Offer

Take advantage of this Canada specific offer to earn up to $10,000CDN for increasing your CRM Online customer base.  Sell Open licenses to 10 unique customers during the offer period to maximize your earnings in this program. 

Please see T&Cs for full offer rules and eligibility.

This program runs from March 1, 2016 until June 17, 2016

Sign up and review the T&Cs at www.microsoftpartnerinvestments.com

Windows Server/SQL Server/Dev Tools Offer

Time is winding down on this Canada specific offer.  Earn a specified $/SKU incentive for selling Windows Sever, SQL Server, or Developer Tools through Open Licensing until the end of March!  Minimum quantities and other restrictions may apply.  Please review T&Cs before participating.

Please see T&Cs for full offer rules and eligibility.

This program runs from November 1, 2015 until March 31, 2016

Sign up and review the T&Cs at www.microsoftpartnerinvestments.com

PLUS if you participate in Microsoft's Managed Partner Incentive program you may be eligible to earn even more. Contact your PSE for more information.

Please visit https://partner.microsoft.com/en-US/solutions/SMB#SMB_Sprint_to_the_Finish_overview for some more great resources on maximizing your earning potential under these great programs!

IT Pros -

If you are looking for Azure Active Directory (AAD) training or better understanding of the product, you are in the right place! The AAD team at Microsoft has been providing free monthly webinars on different AAD topics (they also record them).

Join us and learn how to get up and running on Azure AD Premium quickly and easily!

Azure Active Directory Premium Customer Training Webinars landing page: https://info.microsoft.com/AADP-Webinar-CLE_AADP-Main-Landing-Page.html?ls=Email

April topics and dates:

• Getting Ready for Azure AD - Monday April 18
• Manage Your Enterprise Applications with Azure AD - Tuesday April 19
• Secure Your Identities with Azure AD Multi Factor - Wednesday April 20
• Streamlining Password Management Using Azure AD - Thursday April 21
• Accessing Your Organization’s Internal Applications via Azure AD App Proxy - Friday April 22
• Manage Partner and Vendor Access Using Azure B2B Collaboration - Tuesday April 26

NOTE: All webinars have three options to attend, these are at 7:00am, 11:00am, and 7:00pm PST

Thanks,
Bea

All -

Registration landing page: http://aka.ms/O365buildawareness 

Webinar dates:

• Building Awareness - 4/7/2016 8:30 AM - 9:30 AM
• Building Awareness - 4/14/2016 8:30 AM - 9:30 AM
• Building Awareness - 4/21/2016 8:30 AM - 9:30 AM
• Building Awareness - 4/28/2016 8:30 AM - 9:30 AM

Find other webinars like this one here: http://fasttrack.microsoft.com/office/webinar/live

NOTE: the above times are in US Pacific time zone

Regards,
Bea

Several months ago, I released a tool (the Office 365 Proxy Pac Gen) to generate a Proxy Automatic Configuration file that can be used to bypass local proxy servers for Office 365 services.  I also wrote a blog (Office 365 PAC file) on using the tool. I've received a lot of personal feedback on it, and wanted to expand on how to use the configuration file in production to manage desktops.

As I stated in my blog posting, bypassing the proxy requires two elements:

- A list of URLs/domains that the browser knows to not send to the proxy environment
- Firewall access rules configured to allow outbound access to the IP addresses corresponding to the domains found in the proxy bypass list

That sounds well and good; so how do you configure your desktop environment to take advantage of this proxy automatic configuration file?  There are two basic ways that this can be accomplished.

- GPO that specifies the location of the .PAC file (which will typically only be useful for Internet Explorer or Edge browsers, unless separate administrative templates have been configured for Firefox or Chome
- WPAD (Web Proxy Autodiscover Protocol

Web Server

First things first.  In order for your clients to pick up a configuration file at all, there has to be a web server hosting the file.  The configuration is relatively straightforward if you're setting up IIS.

1. Install IIS.  Yes, it's pretty easy.  If you've never done it before, here's the cliff notes on the various IIS versions.
   1. IIS 7.x (Windows 2008 R2) - https://technet.microsoft.com/en-us/library/ee692294%28v=ws.10%29.aspx
   2. IIS 8.x (Windows 2012/R2) - http://www.iis.net/learn/get-started/whats-new-in-iis-8/installing-iis-8-on-windows-server-2012
2. Configure the appropriate MIME types (at this point, we're going to configure a MIME type for both WPAD.DAT and the proxyautoconfig.pac file--it's the same file, but delivered via different methods.
   1. Launch an elevated PowerShell prompt.
   2. Run the following cmdlets:
      C:\Windows\system32\inetsrv\appcmd.exe set config /section:staticContent /-"[fileExtension='.pac']"
      C:\Windows\system32\inetsrv\appcmd.exe set config /section:staticContent /+"[fileExtension='.pac',mimeType='application/x-ns-proxy-autoconfig']"
      C:\Windows\system32\inetsrv\appcmd.exe set config /section:staticContent /-"[fileExtension='.dat']"
      C:\Windows\system32\inetsrv\appcmd.exe set config /section:staticContent /+"[fileExtension='.dat',mimeType='application/x-ns-proxy-autoconfig']"
      
      
      

3. Place two copies of the PAC file in the root of the virtual directory for the default web site.  You can schedule the Office 365 Proxy PAC generator PowerShell script on the web server to create the files. Name one "proxyconfig.pac" (or whatever, as long as the extension is .PAC). Name the other "wpad.dat" (this one is particular and must be named that).  Here's an easy way to keep the PAC and WPAD files updated:
   
   1. Download the Office 365 PAC file generator and save it to C:\Scripts (for example) on the webserver hosting the PAC/WPAD files.
   2. Create a batch file called "C:\Scripts\PacSchedule.bat" with the following data (replacing the address of the proxy server with your own):
      
      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe c:\scripts\Office365ProxyPac.ps1 -ProxyServer '192.168.0.1:8080' -OutputFile 'C:\InetPub\wwwroot\Proxyautoconfig.pac'
      C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe c:\scripts\Office365ProxyPac.ps1 -ProxyServer '192.168.0.1:8080' -OutputFile 'C:\InetPub\wwwroot\wpad.dat'
      
      
   3. Run it to test.
      
      
      
   4. Create the scheduled task.  You can do this via the Task Scheduler GUI or from a PowerShell commandline:
      $action = New-ScheduledTaskAction -Execute 'C:\scripts\PacSchedule.bat'
      $trigger = New-ScheduledTaskTrigger -Daily -At 9am
      Register-ScheduledTask -Action $action -Trigger $trigger -Taskname "PAC Scheduled download" -User 'forestc\labadmin' -Password 'Password1'
      
      

DNS Server

For WPAD deployments, the client machine Configure a DNS A record for "wpad.domain.com" (where 'domain.com' is your LAN's DNS zone) to point to the IP address of the virtual server.

1. Launch DNS Management Console.
2. Navigate to the forward lookup zone for your domain.
3. Right-click > New Host > enter wpad as the hostname and the web server hosting the PAC and WPAD.DAT files in the IP address window, and click Add Host.
   

DHCP Server

Now that the the web server and DNS records have been configured, we need to configure the DHCP server to distribute the appropriate option (252).

1. Launch DHCP Administration Console.
2. Select IPv4, right-click, and then select Set Predefined Options.
3. Click the Add button, and then fill out the appropriate values and click OK:
   Name:wpad
   Data type:string
   Code: 252
   
   
   
   
4. In the String value box, type http://wpad.domain.com/wpad.dat (replacing domain.com with your domain).
   
   
   
5. Click OK.
6. Right-Click Server Options, click Add, select Option 252 from the list, and click OK.
   

Once that's done, you can use a GPO or Group Policy preference to configure Windows hosts running IE to use WPAD or the specified PAC file.  Firefox, Chrome, Safari and other browsers should have WPAD discovery on by default.

por Bret Arsenault - Diretor de Segurança da Informação 

Em Novembro passado, o CEO da Microsoft Satya Nadella destacou a necessidade de uma nova abordagem de segurança corporativa e esboçou alguns dos investimentos que estamos fazendo. Esta nova abordagem permite aos nossos clientes acelerar a sua adoção em proteger, detectar, responder à postura de segurança.

Manter a nossa rede segura, protegendo ao mesmo tempo os nossos dados e os dados dos nossos clientes são cruciais. Como Diretor de Segurança da Informação na Microsoft, estou constantemente à procura de formas de melhorar a nossa postura de segurança, através de novas tecnologias que aceleram a nossa capacidade de proteger, detectar e responder a incidentes de cyber.

Proteger o ambiente da Microsoft implica na gestão de segurança para mais de 1 milhões de dispositivos corporativos em todo o mundo, utilizando várias plataformas. A diversidade do nosso ambiente de computação muitas vezes espelha a de nossos clientes, o que nos permite desenvolver serviços que satisfaçam as suas necessidades de segurança. A minha equipe é frequentemente o primeiro cliente de tecnologias da nossa empresa e estamos trabalhando bastante para garantir que os produtos estejam prontos para o cliente antes de ir ao mercado.

Como os invasores ficam mais sofisticados, temos necessidade de evoluir a nossa capacidade para obter informações em tempo real e temos inteligência preditiva em toda a nossa rede para que possamos permanecer um passo à frente das ameaças. Temos de ser capazes de correlacionar a nossa segurança de dados com nossa inteligência contra ameaças de dados para saber distinguir o bem do mal. E temos aproveitando a indústria e os nossos parceiros para garantir uma abordagem abrangente. Estas três coisas se alinham com a abordagem que a Microsoft traz para a segurança de nossos clientes - uma abordagem holística, plataforma de segurança ágil, informado pela ideias da nossa segurança gráfica de inteligência e a integração com parceiros da indústria. Faz 100 dias desde Satya discutiu a nossa abordagem de segurança recentemente revigorada, fizemos alguns progressos significativos que eu gostaria de compartilhar com vocês hoje. 

Plataforma segura

Fizemos uma série de melhorias em nossa plataforma para ajudar a habilitar inovações rápidas enquanto protegemos os dados corporativos e ativos.

• Disponibilidade geral de aplicativos de segurança na nuvem com a Microsoft Cloud App Security.
  Em Setembro a Microsoft fez um significativo investimento em segurança quando adquirimos a Adallom, um líder de segurança intermediária de acesso à nuvem (CASB), para proteger os dados dos clientes dentro de aplicativos de SaaS. Desde a aquisição temos trabalhado para integrar o conhecimento e a tecnologia que Adallom trouxe para a nuvem com os recursos de segurança que temos no Microsoft Azure e Office 365.

• Anunciamos também o aplicativo de nuvem da segurança a Microsoft Cloud App Security, baseado na tecnologia Adallom, que irá se tornará geralmente disponível em Abril de 2016.  O a Microsoft Cloud App Security traz o mesmo nível de visibilidade e controle que os departamentos de TI têm em sua rede local para os seus aplicativos SaaS, incluindo aplicativos como Box, SalesForce, ServiceNow, Ariba, e naturalmente Office 365.

• Para mais informações leia o blog da equipe do Active Directory .

• Novos aprimoramentos de segurança junto ao Office 365
  e o Microsoft Cloud App Security serão igualmente fontes de novos recursos de gerenciamento avançado de segurança incorporado ao Office 365 que irão melhorar a visibilidade e o controle de TI. Estas novas capacidades incluem:

• Alertas de segurança avançados, que notificam os administradores de Office 365 sobre as atividades anormais e suspeitas em serviço para que eles possam tomar uma ação.

• Aplicativo de descoberta de nuvem, o que lhe permite analisar a que serviços de nuvem seus usuários estão se conectando.

• Permissões dos aplicativos que fornecem a capacidade de aprovar ou revogar permissões para serviços de terceiros a qual seus usuários estão autorizados a se conectar no Office 365.

• Leia no Blog do Office para obter mais informações sobre esses novos recursos de segurança do Office 365.

• Anunciamos o Customer Lockbox para o SharePoint Online e o OneDrive para negócios começam a serem implementados no início do segundo semestre de 2016.
  Em casos muito raros quando um engenheiro da Microsoft deve solicitar acesso serviço ao ao Office 365, como solucionar um problema do cliente com uma caixa de correio ou conteúdo do documento, eles precisam passar por vários níveis de aprovação dentro da Microsoft. Em Dezembro, anunciamos a disponibilidade geral de Customer Lockbox do cliente para o Exchange Online, que integra o cliente para o processo de aprovação.

• Para obter mais informações sobre o cliente para o SharePoint e OneDrive Customer Lockbox para negócios, leia este artigo no Office blog.

• Mais opções de relatórios e gerenciamento de segurança na Central de Segurança do Azure.
  Os clientes têm a capacidade de configurar políticas de segurança para cada uma de suas assinaturas Azure.  Dentro de uma subscrição, organizações podem estar executando cargas de trabalho que têm requisitos de segurança diferentes. Para acomodar essa, agora além de configurar uma política de segurança no nível de assinatura, os clientes também têm a opção de configurar uma política de segurança para um grupo de recursos - que lhes permitam adaptar a política com base nas necessidades de segurança das cargas de trabalho específicas.

• Uma nova fonte de painel de BI permite que os clientes possam visualizar, analisar e filtrar recomendações e alertas de segurança a partir de qualquer lugar, incluindo um dispositivo móvel. Os clientes podem usar a fonte de painel de BI para revelar tendências e padrões de ataque.

• O blog do Azure tem mais informações sobre a importância desta nova capacidade.

• Estendendo a segurança e auditoria da Microsoft Operations Management Suite (OMS), um novo dashboard de Segurança e Auditoria proporcionará maior linha de visão dos eventos relacionados à segurança em data centers do cliente. Isso inclui informações sobre os eventos de controle de acesso e autenticação, atividade de rede, proteções contra malware e atualizações de sistema.

• Você pode encontrar mais informações sobre estas novas melhorias do Microsoft Operations Management Suite no blog sobre o gerenciamento híbrido.

Gráfico de Segurança Inteligente

Como os clientes desenvolvem suas estratégias de segurança a partir de um simples modelo para "proteger e recuperar" com uma abordagem mais holística para proteger, detectar, e responder à inteligência central. Em novembro nós compartilhamos como usamos visões únicas do nosso gráfico de segurança inteligente, formado por trilhões de sinais a partir de milhares de fontes, para melhor detectar ataques, acelerar a nossa resposta e proteger melhor os nossos clientes e parceiros das ameaças em dias modernos.

Os produtos que estamos lançando vai melhorar a segurança e ajudar a proteger você e ajudar você a se proteger.

• Azure Active Directory Identity Protection na visualização pública.
  Um grande exemplo de um novo investimento de segurança da Microsoft é nesta área de Azure Active Directory Identity Protection.  Os recursos de segurança do Azure Active Directory são construídos sobre a experiência da Microsoft em proteção de identidades com uma enorme precisão, analisando de mais de 14 mil milhões de logins para ajudar a identificar 30.000 usuários potencialmente comprometidos por dia. Azure Active Directory Identity Protection constrói sobre esses resultados e detecta atividades suspeitas para usuários finais e identidades privilegiadas com base em sinais como ataques de força bruta, credenciais vazadas, login a partir de locais desconhecidos e dispositivos infectados. Com base nestas atividades suspeitas, o risco do usuário e a gravidade são calculados em políticas baseadas em risco que podem ser configurados permitindo que o serviço proteja automaticamente as identidades de sua organização de ameaças futuras.  Estamos anunciando que Azure Active Directory Identity Protection estará disponível para visualização pública logo mais.

• Para obter mais informações sobre o Azure Active Directory Identity Protection leia este blog sobre a equipe do Active Directory.

• O Centro de Segurança do Azure para detecção avançada de Ameaças
  depois de anos de análise de envios de dumps que nossos clientes optaram por enviar à Microsoft por mais de um bilhão de PCs em todo o mundo, a Microsoft desenvolveu a capacidade de analisar estes dados para efetivamente detectar sistemas comprometidos porque muitas vezes são os resultados de falhas nas tentativas de exploração e malware.

• Esses recursos foram integrados em Azure Centro de Segurança que oferece recursos avançados de detecção de ameaças para os clientes que hospedam máquinas virtuais no Microsoft Azure. Agora o Centro de Segurança do Azure recolhe automaticamente crash eventos do Azure em máquinas virtuais, analisa os dados e alerta o cliente quando ele detectou que uma de suas máquinas virtuais está provavelmente comprometida. Da mesma forma, rede adicionais e análises comportamentais também foram integradas em Azure Security Center que continuará a evoluir nesses recursos para detectar e atenuar ainda uma maior variedade de ameaças e fornecer inteligência acionável para nossos clientes.

• Você pode encontrar mais informações sobre estas novas capacidades de Centro de Segurança Azure neste artigo sobre o Azure blog.

• Nova ameaça Visualização na OMS
  Suíte de Gerenciamento de operações em inteligência de ameaça global da Microsoft para alertar você quando são escritos nos logs do firewall, os logs do IIS indicam que um dos seus servidores está se comunicando com um endereço IP malicioso. Você verá esses ataques em um mapa interativo, os clientes serão agora capaz de visualizar os padrões de ataque e saber mais.

• Você pode encontrar mais informações sobre estas novas melhorias do Microsoft Operations Management Suite no presente artigo sobre o híbrido Management blog.

Trabalhando com parceiros

Nenhuma empresa pode resolver os desafios de segurança que os nossos clientes enfrentam hoje, e é por isso que o ecossistema de segurança e para todos os nossos parceiros de segurança é fundamental a nossa abordagem. Anunciando o novo Centro de Segurança do Azure para Soluções de parceiros que tornam mais fácil do que nunca para os clientes trazerem as suas soluções de segurança confiável com eles para a nuvem.

• O Centro de Segurança do Azure e ofertas de parceiros.
  Estamos anunciando que nas próximas semanas, Centro de Segurança Azure para implantações da próxima geração de Firewall é recomendada e que permite que os clientes façam a verificação da disposição do Check Point vSEC em apenas alguns cliques. A próxima geração de soluções de firewall da Cisco e da Fortinet seguirá, como soluções de firewall de aplicativos da Web Application Firewall Solutions,  Imperva SecureSphere and Imperva Incapsula. Alertas a partir destas soluções de parceiro serão igualmente integrados no Centro de Segurança para que os clientes possam visualizar e responder as questões de segurança que afetem os seus recursos Azure em um só lugar.

• Para obter mais informações sobre estas novas ofertas de parceiros  sobre O Centro de Segurança do Azure consulte este artigo no Azure blog.

Os nossos clientes podem começar a usar a tecnologia que nós anunciamos hoje para melhor se protegerem de ameaças atuais e emergentes. Na RSA Conference 2016 compartilhamos mais sobre a nossa abordagem e o nosso compromisso de fornecer a plataforma inteligente e parceiros que irão nos ajudar a proteger nossos clientes agora e no futuro.

Bret Arsenault

Original: https://blogs.windows.com/windowsexperience/2016/03/01/announcing-windows-defender-advanced-threat-protection/