AWS

Flexible work has become a mainstay of modern business throughout the world. And companies are doing their best to accommodate hybrid workers while still meeting business needs and security standards. It's essential to provide the support employees need to do their best work—wherever they get it done. When equipped with the necessary devices, tools and training, studies have shown that productivity goes up for remote workers. Technology leaders need to know that employees want: Trusted devices and software that enable them to work confidently from anywhere. A secure technology setup so they can complete their best work without compromising security. Powerful devices that are easy to use and software and hardware that work together seamlessly, saving them time and energy. Best devices for hybrid work Surface devices, powered by Microsoft 365, are designed to support productivity in any location by seamlessly connecting the experience across software and hardware. This means your employees can work however they like, from removing obstacles to logging on with Windows Hello to more natural and efficient ways of working with the touchscreen. Of course, the choice of device depends on the nature of your work, your performance needs and your budget. Check out all the Surface devices here: Hybrid Work Technology and Solutions – Microsoft Surface for Business. If you're managing a hybrid work environment, you'll want technology that easily supports your employees and enhances their productivity, on-the-job satisfaction and commitment to stay and grow with the business. Learn from organizations that improved IT workloads and helped employees achieve more with Microsoft Surface devices and technology in Empower your hybrid workforce with the right tools. Provide security, reduce complexity and encourage productivity IT teams need hardware and software solutions that work together smoothly, especially when customers and colleagues are scattered geographically. Whether you're looking for a PC with a lot of memory to edit videos, a lightweight, portable tablet for on-the-go working, or an everyday device to serve frontline customers, there's a Surface device for you. In Empower your hybrid workforce with the right tools, you’ll learn how the right technology can enable you to: Empower employees to do their best work whenever, wherever. It’s essential that your team has reliable laptops, tablets and mobile devices to work with the software they rely on—no matter whether they're at the office or on the go. There are a variety of Surface devices to choose from, and they're all designed for hybrid work. "Working remotely is often a source of stress for the teams, and the Surface Hub 2S has lessened that. We realized that (with Surface devices) working remotely could make more services accessible to more people. We also realized that real-time discussions between various providers were more efficient and optimized patient care." - Dr. Lionel Nace, Director of Emergency Services, Regional University Hospital Center in Nancy, France. Extend advanced security over your tech stack. Enable hybrid work without compromising on security. With Surface and Microsoft 365, every layer of your tech stack can work together to protect your business. “Even though very little data resides on Surface Pro devices under our thin client model, we needed to apply security policies to uphold our key security principles. We used the Microsoft System Center Configuration Manager to amplify security and convenience. I think we achieved a good balance of heightened security and usability." -Masashi Yamashita, IT Business Support Lead in the Network and Cloud Division, NTT Comware Corporation. Get up and running instantly. When hardware and software are optimized to work together from the start, you'll save yourself time, money and frustration. With Surface and Microsoft software and tools, you can remotely manage devices, reduce device management complexity, stay on top of application updates and scale your business. “And since we were trialing everyone working from home in Microsoft Teams, we realized that if we used Microsoft 365 tools with Microsoft devices, we could create an integrated experience across our digital workplace." -Ron Roozeboom, Manager of Digital Workspace, Eneco. With the ease of deployment and maintenance of Surface devices, you'll empower teams to focus on what's most important. And with seamless integration with familiar apps and chip-to-cloud security, you'll improve employee productivity and satisfaction throughout your organization. Give your current and prospective employees what they need in a hybrid work environment. Learn how to help your organization and employees achieve more in Empower your hybrid workforce with the right tools. Learn more Hybrid Work Technology and Solutions – Microsoft Surface for Business Surface Pro 9: The Most Powerful 2-in-1 Surface Laptop for Your Business Surface Laptop 5: A Lightweight Business Laptop for Productive Work Surface Laptop Studio Powerful Business Laptop Continue reading...

Today I am pleased to announce the public preview of a new feature in Azure Virtual Desktop called Custom image templates. Custom image templates allows admins to build a custom “golden image” with the added capability to include Azure Virtual Desktop built-in customizations as well as your own customization scripts to install other applications or set of configurations. This feature is a wrapper for the Azure Image Builder (AIB) service. It takes the elements that you want to include in your build, and ships it to the AIB service which builds the image including any additional customizations you have either selected from the AVD built in customizations or those of your own. AIB will then distribute the resulting image to either a managed image or to the Azure Compute Gallery which supports capabilities such as automated versioning and image replication across any Azure region. We have created a number of "built-in" customizations that you can easily select to include into your image. These cover typical installations and configurations used in golden images for which you would need to write your own PowerShell scripts to configure if using other tooling to create images. This saves you time as we have automated these installations and configurations for you. These cover but are not limited to: Installing Language packs Installing FSLogix Installing Teams and configuring optimizations Installing and configuring multimedia redirection Configuring Screen capture protection Configuring session timeouts Configuring RDP Shortpath Installing any outstanding Windows updates. This list will grow as we add additional items. Once this golden image has been created you can then create a host pool from this image. You can also use any existing tooling to use this image and update your existing session hosts within a host pool. As this feature uses Azure Image Builder behind the scenes it is recommended that you familiarize yourself with this capability. This is our first entry into features offering image management capabilities natively within Azure Virtual Desktop. Expect many improvements and future enhancements to this service in the future. We are planning to add features that would enable automated scheduled recurring image creation, integration with App stores to install applications into the image and many others. The Custom image template documentation is available here. Also check out Entitled "The AVD Admins Super Power!!!" it walks you through the process of using Custom image templates. As this feature is in preview we recommend you use this for testing purposes as we continue to make improvements and fixes. We are aware of a couple of small known issues which will be resolved shortly. The first is that Windows Updates are not applying for Windows 11 OS images and setting the time zone in the "Set default OS language" customization is not working. Please use the "Timezone redirection" customization in the Other scripts section instead, which will ultimately replace this one. We hope that you will try out this new feature to alleviate the burden of managing a complicated manual image creation process. Please provide any feedback in the Azure Virtual Desktop feedback portal using the idea label: "Custom image templates" Continue reading...

If you manage updates in the cloud and would like a more intelligent and automated approach, try Windows Update for Business deployment service! Gain more control and more confidence over approving, scheduling, and rolling out updates across your environment, knowing that your devices are safeguarded from known and likely issues. Here's what we've packaged for you in this two-hour snacking journey: the service description, its benefits, prerequisites for using it, practical guides on specific capabilities, Microsoft Graph training, and a behind-the-scenes look at how the deployment service actually works! Time to learn: 118 minutes [attachment=39358:name]READ Windows Update for Business deployment service Learn how the deployment service works. Review its capabilities, deployment protections, and getting started guidance. (7 mins) WUfB + Group Policy + CSP + MS Graph + API + SDK + Intune + MDM + Rings + ML + Quality Updates + Feature Updates + Drivers + Firmware + PowerShell [attachment=39359:name]READ Prerequisites for the Windows Update for Business deployment service Do you meet the prerequisites for using the Windows Update for Business deployment service? Check your Azure join, licensing, device and diagnostic data requirements, and other considerations. And don't miss the tips! (6 mins) Windows 11 + Windows 10 + Azure + AAD + Enterprise + Education + AVD + Microsoft 365 + Workstations + Graph API + Policies + Drivers + Autopilot [attachment=39360:name]READ & WATCH Try Windows Update for Business with Microsoft Graph MS Graph powers the Windows Update for Business deployment service, so you might want to learn how to leverage it. Find copy-paste details and screenshots for eight different scenarios. Additionally, check out an embedded video tutorial on using a Teams chat bot to create a feature update deployment. (10 mins) MS Graph + OData + Request Type + URI + Request Body + Graph Explorer + Azure AD ID + M365 + Teams + Authentication [attachment=39361:name]LEARN Manage Windows updates for cloud-connected devices by using the Microsoft Graph PowerShell SDK Take this learning module to become a pro in using MS Graph. Follow the guidance in each unit to enroll and unenroll devices, discover updates, deploy updates, schedule updates, and expedite updates when necessary. (39 mins) MS Graph + PowerShell + Feature Update + Security Update + Expedite + Azure + Intune + Administrator + Safeguards [attachment=39362:name]READ Deploy expedited updates with Windows Update for Business deployment service Review the prerequisites and walk through how to expedite security updates. With Graph Explorer, run queries to identify test devices, list catalog entries for expedited updates, create a deployment, add members to the deployment audience, and more. (7 mins) Graph Explorer + Azure AD + HTTP + Query + Catalog ID + JSON + Deployment + Audience + ID + Update Health Tools [attachment=39363:name]READ Deploy drivers and firmware updates with Windows Update for Business deployment service If interested in driver and firmware updates, browse this comprehensive documentation. Find prerequisites, policy considerations, and Graph Explorer guidance to all the steps to deploy a driver update to clients. You'll learn how to retrieve, add, delete, and update data. (17 mins) MS Graph API + SDK + Azure AD + Microsoft 365 + HTTP + JSON + Query + Audience + Policy + ID + Compliance [attachment=39364:name]WATCH See how driver and firmware servicing works with Windows Update for Business deployment service! (1 min) [attachment=39365:name] [attachment=39366:name]READ Deploy feature updates with Windows Update for Business deployment service (12 mins) Feature updates are made more intelligent with Windows Update for Business deployment service. Learn all about it in this official documentation before diving into some of the available controls below. Find prerequisites and guidance on how to use Graph Explorer to make requests to the MS Graph APIs to retrieve, add, delete, and update data. Gradual rollouts with the Windows Update for Business deployment service (10 mins) Learn how gradual rollouts really work. Take an inside look at modeling and implementing gradual rollouts and how to configure them with Microsoft Intune. Walk through an example of updating devices with different attributes and watch your confidence grow with every wave. Safeguard holds with the Windows Update for Business deployment service (9 mins) See what's the difference between safeguard holds for known and likely issues and what they look like behind the scenes. Don't forget to monitor your compliance and stay in the know with the resources we include in this blog post! Feature Update + ML + Rings + Policy + Device Attributes + Confidence + Intune + MDM + Automation + Known Issues + Likely Issues + WU + Diagnostic Data + Enterprise + Education + MS Graph + PowerShell + Intune + WUfB Reports + SUVP + WIP Remember, Windows Update for Business is an umbrella term for multiple products and services. We've got a taste for it in Skilling snack: Using Windows Update for Business and we'll grab another bite on Windows Update for Business reports in a couple of weeks! If you're craving to see how the service is evolving with Intune, feel free to rewatch , shared previously in Skilling snack: Windows feature update management (14 minutes). Our growing menu of resources at Windows skilling snacks: bite-sized learning for IT pros already has three months' worth of resources on a variety of topics. What's your jam? Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

In this blog post, we share how Microsoft's dedication to continuous learning and development led to the creation of Learning Fridays and a series of hackathons focused on AI. Our Customer Success teams came together to ideate and gain hands-on experience with the latest technology, resulting in valuable insights and blog posts. Read on to discover the power of AI with step-by-step guidance and access to a Hackathon Starter Kit. At Microsoft, we prioritize continuous learning and development. To support this, our leadership has set aside the first Friday of each month as a dedicated Learning Friday, during which employees have the time and resources to pursue their learning goals. For the last two Learning Fridays, we have held one day hackathons to bring our Customer Success teams together to learn, ideate on potential customer solutions and to get hands-on experience with the latest technology driving innovation and success in our industry. The event focused on AI topics that were relevant to different parts of the business. Our team ensured that everyone was on the same page by level-setting the basic vocabulary. Each group had access to a coach who understood their role and had a slight head start on the topic. We encouraged everyone, regardless of their level of experience with AI, to bring a Growth Mindset and get involved in this valuable learning experience. We were thrilled to see so many people come together to share this exciting event and learn from each other. Insights from the Learning Fridays: Blog Posts and Training Courses Take a look at these blog posts written by our Customer Success teams that came out as a result of the Learning Fridays, Unlocking the Power of Open AI – Azure DevOps Backlogs from Images/PDFs OpenAI’s GPT-3 to Triage Azure DevOps Bugs Azure OpenAI Integration with FhirBlaze Attendees finished several training courses and collected over 75 badges via Microsoft learn portal. You can go through similar courses and discover the power of AI with step-by-step guidance. Introduction to Azure OpenAI Service for beginners. Develop AI solutions with Azure OpenAI for Intermediate. Running Your Own Hackathon: A Starter Kit If you're thinking about running your own hackathon within your organization, we've put together a Hackathon Starter Kit on GitHub to help you get started. The starter kit provides guidelines and templates to plan, organize, and execute a hackathon event. It can help streamline the process and ensure a successful outcome. You can also reach out to your Microsoft contact for guidance on running an internal hackathon. Upcoming Hackathon: Mid-June 2023 Exciting news! We're planning a hackathon for Business Unit Owners, Application Owners, and Developers to explore OpenAI prototypes and use cases with knowledgeable coaches. Whether you want to learn more about OpenAI, brainstorm new ideas, or explore a specific use case, this is a great opportunity to collaborate and innovate. Keep an eye out for more information on the date and how to participate. I hope you enjoyed this write-up. If you like the content I put out or want to be part of a community of healthcare developers sharing knowledge and resources, check out our HLS Developer discord at Join the Health & Life Science Devs Discord Server!. We have links to all our content there and a bunch of channels to communicate with us and like-minded tech and healthcare people. Hope to see you there. Continue reading...

A banner image with text: "Microsoft 365 Admin Digest: Your monthly IT admin blog for all things Microsoft 365.” Spring is upon us in Redmond, and everything is starting to bloom—including artificial intelligence (AI). Just like the season, AI is bringing new beginnings and growth to organizations and their IT departments. In this month’s Microsoft 365 Admin Digest issue, we’ll dive into Microsoft’s latest AI research, a new case study about change management with Microsoft 365, Microsoft's latest AI research, show you where to find relevant trainings for your users, and share details about important changes coming to Exchange Online. Microsoft 365 change communications, a case study Change management is a constant and critical aspect of IT that affects every IT pro—including those of us at Microsoft. Our latest case study reflects on Microsoft’s own internal processes for supporting change management across the company, especially in the context of rapid development. “In 2014, Microsoft published a new roadmap every six weeks with about 30 items. Today, it publishes daily with more than 100 new items added per month, with the full roadmap rarely covering less than 1,600 items at any given time.” The case study focuses on how Microsoft 365 manages its roadmap to provide visibility and drive alignment across engineering and product marketing teams. It also dives into the process for new feature submissions, which initiates a sequence for roadmap operations teams to coordinate with internal stakeholders across Microsoft to develop the change communications necessary for launch. “Because every change is intended to improve customers’ experiences, Microsoft encourages customers to test and provide feedback on updates before rolling them out for general availability.” Microsoft 365 admins and IT pros are critical to our innovation cadence. Since those roles are often the first to receive notifications of upcoming changes in the Message center, their feedback through the Microsoft 365 admin center can influence future roadmap items. Ultimately, Microsoft wants maximum customer transparency when rolling out any update, change, product, service, or feature, whether that customer is a commercial enterprise, small or midsize business, or government entity. To help achieve this, Microsoft built a streamlined process for innovation and product development, and its coordinated approach to the roadmap can help organizations prepare for change and offer feedback. Any organization can take inspiration from the Microsoft 365 Roadmap as a model for bringing new features and services to their user base, removing much of the uncertainty and complexity inherent in change. Read the full case study on change management here. Take a bigger role in driving productivity and engagement The WorkLab team just published a special report last week on, “The New Performance Equation in the Age of AI,” and it's worth reading. Our research shows that employee engagement is key to organizational success. Moreover, productivity and employee engagement are not only key to performance, but each actually multiplies the other. And that makes sense; after all, when you’re engaged in your work, you’re more productive. The WorkLab report goes deep, offering actionable tips to business leaders, and by extension, IT pros for boosting performance through greater employee engagement and productivity. Employee engagement matters both to organizations and its bottom line—especially amid economic uncertainty. Organizations should: Measure and report on employee engagement as you do financial metrics—in town halls, at board meetings, and in annual reports. Adopt an organization-wide management framework that helps leaders develop skills and adopt a growth mindset around engagement. Communicate that engagement is a business imperative—for instance, by creating an engagement-related goal for managers. Give managers access to data to help them take action on improving communication, employee engagement, and productivity. Adopt a digital employee experience that leverages next-generation AI and data-driven insights. [*]Clear communications and goals unlock employee engagement. Create clear priorities at the leadership level and use goal-setting frameworks like OKRs to help everyone focus on those priorities. Equip leaders with modern communication tools that meet employees where they are in the flow of work. Use AI and data-driven analytics to increase communication effectiveness. [*]To sustain engagement, build a feedback flywheel. Make sure your listening strategy is comprehensive—incorporate relevant direct and indirect signals. Use AI to analyze collected data, increase your understanding of patterns, and accelerate your time to action. Empower managers to create their own feedback flywheels to drive meaningful change within their teams, and to help ensure key metrics are in place to measure impact. Set accountability measures that help employees trust that action will be taken. Be transparent about how feedback will be used and provide clear next steps. There are lots of opportunities for IT pros to help their organizations increase productivity and engagement. We’ve already covered some of the tools in the Microsoft 365 admin center that can support this, like Adoption Score and Experience Insights, through greater insights into productivity. Your toolbox should also include next-generation AI, which will affect both the IT department and individual IT pros. The technical upskilling and Microsoft certifications in last month’s Admin Digest blog post can help the latter determine the best ways to use AI for their orgs. Find relevant trainings for your users Suggested training can help your organization by providing insights into the Microsoft 365 help and training articles being read by your signed-in users on support.microsoft.com, and in-app help panels with these three insights: Top viewed articles across organizations shows you help and training articles that have been getting the most views. Trending across organizations shows you the help and training topics that are trending, which can help reveal topics of new interest and emerging issues. Commonly viewed together provides insight into the articles being read by all users in all Microsoft 365 organizations, along with the top viewed and top trending articles. You can use these insights to create and deliver training packages for your users. For more information, check out Microsoft 365 Experience Insights dashboard. Protect Exchange Online from Persistently Vulnerable Exchange Servers Last month, Microsoft announced a new enforcement system in Exchange Online that is designed to deal with the problem of unsupported and unpatched Exchange servers that send email to or through Exchange Online. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Microsoft uses the Zero Trust security model for its cloud services, which requires connecting devices and servers to be provably healthy and managed. Servers that are unsupported or remain unpatched are persistently vulnerable and cannot be trusted, and therefore email messages sent from them cannot be trusted. Persistently vulnerable servers significantly increase the risk of security breaches, malware, hacking, data exfiltration, and other attacks. To address this problem, Microsoft is enabling a transport-based enforcement system in Exchange Online that has three primary functions: reporting, throttling, and blocking. The system is designed to alert an admin about unsupported or unpatched Exchange servers in their on-premises environment that need remediation (upgrading or patching). The system also has throttling and blocking capabilities, so if a server is not remediated, mail flow from that server will be throttled (delayed) and eventually blocked. To learn more about the new enforcement system, as well as when and how your organization may be affected by it, be sure to check out the announcement, and join a live discussion on this topic for an Exchange AMA event on Wednesday, May 10th at 9:00 AM Pacific. Simplify domain allow list management Last week Microsoft announced the introduction of the cloud.microsoft domain that will bring authenticated, user-facing Microsoft 365 apps and services onto a single, consistent and cohesive domain. This move is set to bring several benefits to customers and admins. It will drastically reduce the complexity of the allow-lists required to help your tenant stay secure while enabling users to access the apps and services they need to do their work. Exclusive ownership of the .microsoft top-level domain enables enhanced security protocols and governance controls, and the value of security investments done at the top-level domain to seamlessly accrue to the apps. All experiences hosted on the .microsoft domain can be assumed to be legitimate and authentic. Initially, only net-new services will be deployed in the cloud.microsoft domain. Existing workloads have a broader range of implications to consider and will transition at a slower pace. In most cases, no customer action will be needed to continue using Microsoft 365 workloads the same way you do today. Admins seeking to update their allow lists will find that *.cloud.microsoft has already been added to the official list of Office 365 URLs and IP address ranges. Before changing the domain for any existing service which requires customer network configuration, we will notify you at least 30 days in advance as specified in Microsoft’s standard network update cadence. For more information read the blog introducing the cloud.microsoft domain. Join the Microsoft 365 Conference We are just days away from the Microsoft 365 Conference in Las Vegas and we're excited to meet the attendees. We have a session track dedicated to delivering content relevant to Microsoft 365 admins and IT pros that provide with a wealth of knowledge from a roster of experts. The complete session list is on the conference website, but here are a few of the sessions that cover topics of interest for Microsoft 365 admins: What’s New and What’s Coming in Microsoft 365 Administration Microsoft 365 admins: Lessons Learned and Leading Practices Tools for End-User Learning and Adoption Simplifying Change Management awareness in Microsoft 365 There will also be plenty of opportunities to engage and network with Microsoft employees and attendees, and to hear about all the exciting things happening across Microsoft 365, like Copilot. Stay updated While we continue share IT admin highlights and insights in this blog series, consider also subscribing to Microsoft 365 admin center updates from the Microsoft 365 Roadmap. Keep an eye out for communications published in the Message center, too. We also highlight new feature releases and enhancements released each month in our What's new in the Microsoft 365 admin center article. Comment below if there are IT admin or change management topics that you’d like us to explore in the future! Continue the conversation by joining us in the Microsoft 365 community! Want to share best practices or join community events? Become a member by "Joining" the Microsoft 365 community. For tips & tricks or to stay up to date on the latest news and announcements directly from the product teams, make sure to Follow or Subscribe to the Microsoft 365 Blog space! Footnotes: In addition to special reports like this, the WorkLab team also publishes an annual Work Trend Index (WTI) report that draws insights from over 30,000 people, 31 countries, and trillions of productivity signals: Work Trend Index Continue reading...

How do you manage the password of a specified local administrator account to help keep your organization secure? By regularly rotating the password and backing it up with Local Administrator Password Solution (LAPS). With the legacy solution, you could only do this with Active Directory (AD) on premises, but new capabilities make it easy to manage cloud and hybrid environments, too. For cloud environments, we're excited to introduce new ways to leverage LAPS with Intune and Azure Active Directory (Azure AD). Which one's your cup of tea? Time to learn: 84 minutes [attachment=38736:name]READ Windows LAPS overview Start here to learn about LAPS. Get the overview of supported platforms, benefits, key scenarios, restrictions, policies, management, and main differences between the new and legacy solutions. A lot has changed with the April 11, 2023 update! (5 mins) LAPS + AD + AAD + Windows 10 + Windows 11 + Server + DSRM + CSP + Group Policy + Legacy [attachment=38737:name]WATCH Managing local admin account passwords in AD and Azure AD Look inside at the design and implementation of the new and improved LAPS on premises and in the cloud. See the new Configuration Service Provider (CSP), Windows Server Active Directory new features, new Group Policy Object (GPO), automatic password reset, and more. (21 mins) Admin + Passwords + MDM + AD + AAD + SCP + GPO + ADUC + PowerShell + Intune [attachment=38738:name]READ By popular demand: Windows LAPS available now! Read the announcement of new features and capabilities available on premises with the April 11, 2023 security update. Get a sneak peek at the cloud management capabilities coming soon. Check out the steps and screenshots of the improved experience. (6 mins) AD + AAD + Legacy + Native + Microsoft Graph + Intune + CSP + Group Policy + Hybrid + Pro + EDU + Enterprise + Server [attachment=38739:name]READ LAPS configuration service provider (CSP) Manage backup of local administrator account passwords with LAPS CSP. Consult a list of all LAPS configuration service provider nodes. Find actions and descriptions of framework properties with easy copy-paste code. (17 mins) CSP + GPO + Device + Pro + Enterprise + Education + Windows SE + AD + AAD + AADJ [attachment=38740:name]READ Windows LAPS management through Microsoft Intune Find prerequisites and a walkthrough of several key LAPS experiences in Intune. Specifically, learn to manage Windows LAPS policies, view the local admin password for a specific device, rotate a local admin password, and audit logs. (7 mins) Intune + Endpoint Security + Account Protection + AAD + GPO + Audit + Logs [attachment=38741:name]READ Manage Windows LAPS with Microsoft Intune policies Use Microsoft Intune endpoint security policies for account protection to manage LAPS on devices enrolled in Intune. See all capabilities, prerequisites, permissions, and frequently asked questions in this official documentation. (9 mins) Intune + AAD + AADJ + HAADJ + CSP + RBAC + Admin + Password + Backup + Rotate + Windows 11 + Windows 10 [attachment=38742:name]PREVIEW Use Windows Local Administrator Password Solution (LAPS) with Azure AD (preview) Azure Active Directory (Azure AD) support for Windows LAPS is in public preview! Read about the requirements, how to enable LAPS with Azure AD, recover local admin passwords, list all Windows LAPS enabled devices, audit password update and recovery, and manage Conditional Access policies, among other tips. (8 mins) AAD + PtH + RBAC + Conditional Access + CSP + GPO + AADJ + HAADJ + MS Graph + API + PowerShell + MDM [attachment=38743:name]READ Introducing Windows Local Administrator Password Solution with Microsoft Entra (Azure AD) Learn how to secure your devices joined to Azure AD with LAPS. This also applies to hybrid-joined devices. Walk through the screenshots of setting up LAPS, as well as recovering, resetting, and auditing local administrator passwords. (6 mins) AAD + Entra + Intune + CSP + MS Graph + API + PowerShell + RBAC + PtH + Conditional Access + Endpoint Security [attachment=38744:name]EXPERIENCE Legacy LAPS at Official Microsoft Download Center Interested in the legacy on-premises solution? See details, system requirements, and installation instructions. Hit that Download button when you're ready! (5 mins) That's a wrap for legacy LAPS, new and improved LAPS for on-premises management, and cloud-ready LAPS. Try out the public preview of LAPS with Azure Active Directory and Microsoft Intune support today! Leave us a comment below and visit our growing library of bite-sized learning at Windows skilling snacks: bite-sized learning for IT pros! Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

We realize that a clear Windows client roadmap update helps consumers and organizations with planning their Windows release activities. Today we'll provide a brief update on the latest version of Windows 10, as well as share more on the time frame for the next Long-Term Servicing Channel (LTSC) release of Windows 11. Windows 10 support lifecycle As documented on the Windows 10 Enterprise and Education and Windows 10 Home and Pro lifecycle pages, Windows 10 will reach end of support on October 14, 2025. The current version, 22H2, will be the final version of Windows 10, and all editions will remain in support with monthly security update releases through that date. Existing LTSC releases will continue to receive updates beyond that date based on their specific lifecycles. Recommendation We highly encourage you to transition to Windows 11 now as there won't be any additional Windows 10 feature updates. If you and/or your organization must remain on Windows 10 for now, please update to Windows 10, version 22H2 to continue receiving monthly security update releases through October 14, 2025. See how you can quickly do this via a servicing enablement package in How to get the Windows 10 2022 Update. The final end of support date for Windows 10 does not change with this announcement; these dates can be found on the Windows 10 Lifecycle page. Windows 11 LTSC It's important for organizations to have adequate time to plan for adopting Windows 11. Today we're announcing that the next Windows LTSC releases will be available in the second half of 2024: Windows 11 Enterprise LTSC Windows 11 IoT Enterprise LTSC We'll provide more details as we get closer to availability. Recommendation If you're waiting for a Windows 11 LTSC release, you can begin planning and testing your applications and hardware on the current GA channel release, Windows 11, version 22H2. Check out App confidence: Optimize app validation with Test Base for more tips on how to test your applications. Stay informed In the future, we will add more information here and to the Windows release health page, which offers information about the General Availability Channel and LTSC under release information for appropriate versions. The Windows release health page lists release information for different versions of Windows. Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

We are thrilled to share that our Developer Technologies MVP in Sweden, Jessica Engström, was selected as one of Women Who Code's Top 100 Technologists to Watch in 2023. Congratulations, Jessica! In this blog, we share her achievements in her own words. Let’s learn her story. Tell us about your community activities and how you help community members. “Apart from cats, my biggest passions are teaching, giving back to the community, and enabling others to strive. It started with my husband and me founding Coding After Work user group, where we provided a place for anyone with a love for code to join us, bring their own projects, and get help and inspiration from others in the user group. It led to me starting to speak at conferences and events, and I got to meet so many incredible people and have such interesting conversations. We wanted to share our interesting conversations with other people who are not so lucky to be able to travel the world meeting them, and that’s how Coding After Work Podcast was born. Organizing conferences is so much fun, I’m one of the organizers of Sweden’s largest .NET conference Swetugg. When the pandemic hit, we (Daniel Hindrikes, my husband, and I) started an online conference, .NET Frontend Day, focusing on frontend technologies for .NET. This year I was part of organizing a new conference, .NET Castle conference, which was set in a castle, so not only did we have a bunch of attendees, but we also had (paintings of) Swedish kings and queens in the audience. Coding After Work moved to be online on Twitch and YouTube. We went into a hardware store, ordered the greenest wall color we could find, and painted the entire wall in chroma key green. Let me tell you, that’s a lot of green!” How did you start your career as a technologist? “I started out studying programming, but I quickly realized that my passion was all about the user, and how we can improve our user experience and include more people with accessibility. Microsoft Sweden Developer Experience saw what I was doing in the community and approached me to consult as an audience coordinator / Marketing specialist (read community manager or developer relations). After that, I started teaching and doing workshops about everything from holographic computers to AI with cognitive services but mostly UX for developers & Agile methodologies/Scrum. I think having an understanding of code helps a lot when it comes to improving your UX and accessibility, and especially teaching developers how to think about it.” How did you feel when you heard the news about you became one of women who codes top 100 technologist to watch in 2023? “It was very unexpected, and I feel so honored and thankful to be on that list of amazing women worldwide!” Message to women who pursue careers in technology “A message to other women or underrepresented people is to try to see your worth! I have been struggling with that myself, and I have a major case of impostor syndrome, and that, unfortunately, can open up possibilities for people to step on you and even use you. Reach out to other people in the industry and ask them questions like what fair compensation for the kind of work you do or want to get into is. Ask not only other women or underrepresented people, but ask men, ask people who have been in the industry longer, and use the MVP community. I’m so thankful I got around to asking a fellow MVP about that because it turned out that I was taken advantage of and could increase my consultant fee 10-fold. Nobody even batted an eye about the higher cost because it was more aligned with my expertise and experience!” Visit her LinkedIn post to find her excitement about being the Women Who Code's Top 100 Technologists to Watch in 2023 We close this blog with her additional message to all technologists. “Don’t be afraid to reach out to your community. Most of us are happy to help if we can, and I dare to say nobody will be angry about you asking a question. You might be surprised how many of us have or have had impostor syndrome, anxiety, are introverts, and so on. We’ve all been there, and we want to pay it forward.” Continue reading...

As Microsoft cloud services have grown over the years, the domain space they live on has grown as well – into the hundreds. Over time, this fragmentation has created increasing challenges for end user navigation, administrative simplicity, and the development of cross-app experiences. An image depicting a word cloud of dozens of different URLs on several different domains, all for existing Microsoft apps and services. That’s why today we’re excited to announce that Microsoft is beginning to reduce this fragmentation by bringing authenticated, user-facing Microsoft 365 apps and services onto a single, consistent and cohesive domain: cloud.microsoft. Animated image of a browser address bar rotating through several app URLs on the cloud.microsoft domain: outlook.cloud.microsoft, status.cloud.microsoft, loop.cloud.microsoft, onedrive.cloud.microsoft, teams.cloud.microsoft, sway.cloud.microsoft and viva.cloud.microsoft. Benefits of a unified domain Consolidating authenticated user-facing Microsoft 365 experiences onto a single domain will benefit customers in several ways. For end users, it will streamline the overall experience by reducing sign-in prompts, redirects, and delays when navigating across apps. For admins, it will drastically reduce the complexity of the allow-lists required to help your tenant stay secure while enabling users to access the apps and services they need to do their work. And for all our customers – and our developers – it will lay a foundation for better and tighter integration across the Microsoft 365 ecosystem by streamlining development and improving performance of cross-app experiences. Why cloud.microsoft? ‘Dot brand’ top-level domains like .microsoft are an established method for enhancing the security, trustworthiness, and integrity of an organization’s web offerings. Similar to how the US government has exclusive rights to the .gov top-level domain (TLD), Microsoft has exclusive rights to the .microsoft TLD. Exclusive ownership enables enhanced security protocols and governance controls, and the value of security investments done at the top-level domain seamlessly accrue to the apps. And all experiences hosted on the .microsoft domain can be assumed to be legitimate and authentic: anyone attempting domain spoofing would have to go through Microsoft itself, as we are both the registry operator and sole registrant for this exclusive, trusted namespace[1]. A common term before the “dot” is also necessary in order to realize the full benefits of a unified domain. “Cloud” was selected as a durable, extensible, neutral term with a meaningful relationship to the wide range of services that will come under its umbrella, starting with Microsoft 365. What to expect Initially, only net-new services will be deployed on the cloud.microsoft domain. Existing workloads have a broader range of implications to consider and will transition at a slower pace. In most cases, no customer action will be needed to continue using Microsoft 365 workloads the same way you do today. Admins seeking to update their allow lists will find that *.cloud.microsoft has already been added to the official list of Office 365 URLs and IP address ranges, and end users will find that existing links and bookmarks will eventually redirect them automatically to the new domain. Microsoft is committed to making this transition as seamless as possible for our customers. Before changing the domain for any existing service which requires customer network configuration, we will notify you at least 30 days in advance as specified in our standard network update cadence. For domain changes to our apps and services that require deeper customer actions (such as updates to customer applications), we will provide targeted communications and give ample time for you to adjust. We will also implement long-term redirects to help ensure that legacy bookmarks, hyperlinks, and connections continue to function with old domains. To learn more, visit Managing Microsoft 365 endpoints, and be sure to join us for an Ask Microsoft Anything (AMA) on Wednesday, May 24th at 8:00 AM Pacific time to chat further with the leaders of this initiative about what to expect. FAQ What about workloads beyond Microsoft 365? The current announcement is limited to Microsoft 365. We will share plans for other services in the future. Why not microsoft.com? The microsoft.com domain currently hosts a wide variety of content: not just Software as a service (SaaS) apps, but also marketing, support, e-commerce, and more. Keeping SaaS experiences isolated in their own domain space establishes a clean security boundary for our compliant authenticated experiences and enables simplified endpoint allow-list management for admins. There are also anti-spoofing and integrity benefits to hosting such experiences on an exclusive, purposefully-managed TLD like .microsoft vs. a generic TLD like .com. Is microsoft.com going away? No. Microsoft.com will continue to be used for non-product experiences such as marketing, support, and e-commerce. Only authenticated, user-facing product experiences will be hosted on cloud.microsoft. Continue the conversation by joining us in the Microsoft 365 community! Want to share best practices or join community events? Become a member by "Joining" the Microsoft 365 community. For tips & tricks or to stay up to date on the latest news and announcements directly from the product teams, make sure to Follow or Subscribe to the Microsoft 365 Blog space! Footnotes: [1] Please see the .microsoft registry agreement on the ICANN site for more background. Continue reading...

As we observe and honor Earth Day on April 22, we're mindful of the importance of meeting our customers’ needs alongside responsible environmental stewardship. And here on the Surface team, we’re committed to producing devices with as little impact on the planet as possible. Our commitment to sustainability goes back years and has evolved into : reducing carbon impact, designing with circularity in mind, and having integrity built in. These elements make up the design language of every major product we launch. Reducing carbon impact Microsoft Surface devices are integral to achieving the company's commitment to be carbon negative by 2030. We're also delivering technology to help our customers measure and manage their Surface carbon emissions more effectively. Launched earlier this year, the Surface Emissions Estimator is a tool that helps you calculate the carbon footprint of your Surface devices1. It provides an estimate of the carbon emissions associated with the production, use, and disposal of your device. You can use this tool to calculate the carbon footprint of your Surface devices by entering information about your device, such as its model, usage, and power settings. The calculator can even recommend ways of reducing your carbon footprint. Sample results showing estimated carbon emissions for three devices Ocean plastic One of the more promising advances in device manufacturing is the use of ocean-bound plastic, recovered from plastic waste. First, it’s cleaned and processed into recycled plastic resin pellets and then blended in with virgin plastic during manufacturing. Two years ago, we launched the with a shell made with 20% recycled ocean plastic, the first consumer electronics application of this material. Going beyond ocean-bound plastic (plastic collected within 50 km of shorelines), each mouse contains recycled resin derived from recycled water bottles taken directly from oceans, beaches, and waterways. We’ve since carried this innovation to our newest accessory, Surface Thunderbolt 4 Dock for Business. The dock and power supply unit enclosures (excluding the AC cable) are attributed to 20% ocean-bound plastic2 and feature lighter materials than our previous docks. Single-use plastics have been removed from its packaging, making the packaging about 99% recyclable in OECD countries.3 Design for circularity The traditional “take, make and waste” model of electronics is becoming unviable. That's why, at Surface, we design products with the circular economy in mind, meaning we follow a reduce, reuse and recover model. By 2025, our goal is for our packaging to contain zero single-use plastics and by 2030 will be 100% recyclable. We continue to integrate innovations from our most recyclable products into the rest of our products. We also make recycling convenient and secure with global recycling programs and data-wiping. Designing for circularity minimizes waste and extends the lifespan of our devices for as long as possible, thanks to a modular design that lets commercial customers replace parts rather than throw away their devices. Surface Pro 9, for example, comes with 14 modular components, including the display, hard drive, motherboard, and battery. 4 Integrity in manufacturing Our design process focuses on building products of the highest craftsmanship with a responsible supply chain that meets higher ethical and environmental standards. Integrity also reflects our commitment to transparency on the impact of our products and supply chain, which is why we produce eco profiles for all our major devices. As the EPEAT requirements become more rigorous, our products and operations are evolving to meet more stringent standards. We plan for our products to meet the new EPEAT requirements at the Gold level.5 Surface registered products can be found on the EPEAT Registry. Crafting for longevity is vital to long-term sustainability across all three focus areas, as it can reduce emissions and increase circularity by keeping materials in use for longer. It's why our latest Surface products are the most repairable devices in their product lines. This is also where our material innovation can shine as we weave in recycled materials. You'll see it in our packaging, made of sustainably forested material that's 99% recyclable6 for Surface Laptop 5. We're also excited for our latest products to continue to bring hardware and software together to optimize energy performance. All Surface laptop and tablet devices are ENERGY STAR certified with a focus on energy efficiency and battery life. And our Surface Laptop 5 and Pro 9 devices are over twice as energy efficient as the Energy Star recommended limits. They can all also take advantage of new sustainability features in Windows 11, the first PC operating system to offer a carbon-aware feature.7 Ready for a new device? There are multiple ways to responsibly recycle your device or give it new life. Trade it in: The Microsoft Store Trade-In Program8 offers cash back for certain used devices suitable for refurbishment or reuse. See aka.ms/tradein. Sell or donate: Consider selling or donating your used device to an authorized refurbisher to give it a potential second life for a new user. See aka.ms/refurbishers. Recycle: Microsoft and other device manufacturers offer free mail-back recycling programs for used devices. See aka.ms/recycle. Learn more 2021 Environmental Sustainability Report | Microsoft CSR Energy efficiency | Microsoft Legal Product environmental and safety documents | Microsoft Legal References 1. Emissions Estimator report provided for informational purposes only. You should not interpret the report you receive to be a commitment on the part of Microsoft; actual emissions may vary based on your location, purchase method, usage, and other factors. 2. Ocean-bound plastic is plastic waste recovered from oceans and waterways, cleaned, and processed into recycled plastic resin pellets. These recycled pellets are blended in with virgin plastic during the manufacturing process. To learn more, see Sustainable Products & Solutions | Microsoft CSR. 3. In OECD countries, Microsoft operates recycling programs either independently or through third parties covering Microsoft Devices. In addition, check local recycling programs for availability. 4. Customer Replaceable Units (CRUs) are components available for purchase through your Surface Commercial Authorized Device Reseller. Components can be replaced on-site by a skilled technician following Microsoft’s Service Guide. Opening and/or repairing your device can present electric shock, fire and personal injury risks and other hazards. Use caution if undertaking do-it-yourself repairs. Device damage caused during repair will not be covered under Microsoft’s Hardware Warranty or protection plans. Components will be available shortly after initial launch; timing of availability varies by component and market. 5. EPEAT rating availability may differ by market. 6. Recyclability dependent on recycling options in markets where products are discarded. Check local recycling programs for availability. Learn more at aka.ms/recycle 7. See Windows Update is now carbon aware 8. Available in select countries only. Continue reading...

Welcome to the “Director’s cut” of the 2022 Windows Server Summit. I am going through and posting each of the sessions (and my comments) that were part of the event that took place December 6th, 2022. Now we're into some meat and potatoes kinda stuff with Sonia and Orin taking you on a whirlwind tour of how to modernize you Windows File Server. Things they cover include: Migrating file shares with Storage Migration Service, Securing your server with Connection Security Rules and how to keep things orderly by implementing File screens. They've got demos, some practical advice and a tip of the hat to some things you might have forgotten are possible on Windows File Servers. This is a mini breakout session that keeps you engaged for the full 16 minutes. Click on the video below to start your File Server modernization journey. Speakers: Sonia Cuff, Principal Cloud Advocate Team Lead Orin Thomas, Principal Cloud Advocate Resources: What's New With Windows Server 2022 (Grab an Azure Edition ISO) What's new in Windows Server 2022 Learn more: try Windows Server 2022 and Windows Server on Azure Windows Server 2022 | Microsoft Licensing Changes with Azure Hybrid Benefit https://aka.ms/WSSAHB Information on Extended Security Updates (ESUs) SQL & Windows Server 2012 End of Support | Microsoft Invest in your skills with the Windows Server Hybrid Administrator Associate Microsoft Certified: Windows Server Hybrid Administrator Associate - Certifications To watch more sessions from the 4th annual Windows Server Summit – check out the playlist https://aka.ms/WSS2022Playlist Continue reading...

As mentioned in previous posts, 11/11/2021 and on 11/15/2022, Office 2013 reached the end of the Extended Support lifecycle on April 11, 2023. Continuing to use Office 2013 could increase your organization’s exposure to security risks, impact your ability to meet compliance obligations, and/or affect end user productivity. Additionally, support for other Microsoft Office products is also coming to an end in the next months. Please review the following list and act before the end of the product’s lifecycle: Office 2019 for Mac reaches end of support on October 10, 2023. This means Office 2019 for Mac will no longer receive security updates, bug fixes, technical support, or online technical content support. Connecting Office 2016 and Office 2019 to Microsoft 365 reaches end of support on October 10, 2023. After this end date we won’t block these Office versions from connecting to Microsoft 365 services if they are kept up to date. But after October 10, 2023, improvements to Microsoft 365 services will no longer be tested with these Office versions, so, users could experience performance or reliability issues. Read more about this in our Microsoft Learn article. If you're running a version affected by any of the end of support dates, we recommend upgrading to Microsoft 365 E3, which comes with Microsoft 365 Apps – the apps you're familiar with (e.g., Word, Excel, PowerPoint, Outlook, etc.). It falls under the Modern Lifecycle Policy, so it’s continuously supported. Here are some resources to help plan the move: Review a summary of the Microsoft 365 Apps and Office support configuration matrix. Read the Office 2013 upgrade guidance for an overview of how to move from Office 2013 to Microsoft 365 Apps. Consider engaging Microsoft FastTrack – a Microsoft support service for moving to Microsoft 365 E3. Please visit our Office End of Support community for more information and resources about end of support for Office. Thanks again for being a Microsoft customer! Continue reading...

Two years ago, we shared that “It's Time to Hang Up on Phone Transports for Authentication.” Today, we’re adding the public preview of Authenticator Lite to the tools we are offering to help you move from text message (SMS) and voice-based authentication. Our priority is getting every user to sign in with modern strong authentication – passwordless, hardened against phishing, easy to use and adaptable to evolving attacks. Our top recommendation for modern strong authentication is the Authenticator, which offers the most robust security features, updated the most frequently, for free. Microsoft Authenticator app has over 100 million users worldwide who trust it as a secure and easy way to authenticate, making it the most popular way to sign in with strong authentication in Azure. Because modern strong authentication is so important, we're making it even more accessible by embedding it right into the Outlook client! We call this embedded experience Authenticator Lite - and we're excited to announce it is now in public preview! For users that haven’t yet downloaded Authenticator, they can now complete MFA for their work or school account for free using the Outlook app on their iOS or Android devices. Users can approve authentication requests and receive TOTP codes, bringing the security of Authenticator to a convenient location while simplifying users’ move off phone transports for authentication. During public preview, admins can choose to enable or disable this capability for a group of users or to leave the feature in a Microsoft managed state. Enabling a group for Authenticator Lite is possible from the Entra portal via the Authenticator configuration page. It’s also possible to enable the feature through MS Graph. Authenticator Lite, as the name suggests, will extend a subset of the Authenticator’s capabilities into Outlook. Each verification notification will include a number matching prompt and biometric or pin verification if enabled on the device. More information on the Authenticator Lite notification configurations can be found here. Once enabled for Authenticator Lite, users on the latest version of Outlook without the Authenticator app will be prompted to register Outlook as an MFA method when they launch the app on their device. Once users are registered, during their next authentication, users will be prompted to authenticate using a push notification in their Outlook app. Registered users will also have access to a TOTP code found in their Outlook settings under Authenticator. For more information on enabling this feature for your users, see here. Rollout to support this feature in Outlook is currently underway. This feature will roll out to tenants in the state ‘Microsoft managed’. For the duration of public preview, leaving the feature set to ‘Microsoft managed’ will have no impact on your users and the feature will remain turned off unless you explicitly change the state to enabled. In late April 2023, we will remove preview tags and enter general availability. On May 26, 2023, if the feature is left set to ‘Microsoft managed,’ your tenant will be enabled for Authenticator Lite by Microsoft. If you do not wish for this feature to be enabled on May 26, set the state to ‘disabled’ or assign users to include and exclude groups prior to May 26. We hope you and your users enjoy this new feature, and, as always, please let us know of any questions or feedback by leaving comments down below or reaching out to us at aka.ms/AzureADFeedback. Regards, Alex Weinert VP Director of Identity Security, Microsoft Microsoft Identity Division Learn more about Microsoft identity: Get to know Microsoft Entra – a comprehensive identity and access product family Return to the Microsoft Entra (Azure AD) blog home  Join the conversation on Twitter and LinkedIn Share product suggestions on the Entra (Azure AD) forum Continue reading...

Servicing refers to maintaining your devices up to date with security, quality, and feature updates. In Windows, it's part of the optimal lifecycle that preserves functionality and security of our products and your peace of mind. Check out our policies below, take training on our servicing model and channels, browse frequently asked questions, and find detailed release information for your versions of Windows! Time to learn: 122 minutes [attachment=37633:name]READ Overview - Product End of Support and Retirements - Microsoft Lifecycle Learn about modern and fixed policies for Microsoft products. From there, search end-of-support (EOS) and retirement details by year or product. (2 mins) EOS + Retirement + Support + ESU [attachment=37634:name]READ Explore the Windows servicing model - Training Review your options of Windows servicing channels, including the Windows Insider Program, the General Availability Channel, and the long-term servicing channel (LTSC). If you're a beginner IT admin, claim your 700XP-award for completing this introductory learning module! (18 mins) WaaS + Servicing + Insider + GA + LTSC [attachment=37635:name]WATCH Windows Insider LIVE: March 2023 If you're part of the Windows Insider Program, watch this discussion of what's coming in 2023, including new and improved channels! Try a new Canary Channel or the rebooted Dev Channel and learn how to switch channels based on your needs. Not an insider yet? Scroll down and register under Experience! (53 mins) WIP + Canary + Dev + Beta + Release Preview + Continuous Innovation [attachment=37636:name]READ Lifecycle FAQ - Windows Have a question? See if it's already been asked and answered! Find information on general Microsoft lifecycle policies, feature and product lifecycles, and servicing timelines for versions of Windows. (14 mins) Windows 11 + Windows 10 + Windows Server + WSUS + Embedded + IoT + Hardware + OEM + Edge + LTSC [attachment=37637:name]READ Windows 11 - release information Consult servicing information by version, as well as release history of Windows 11. Learn how we service our latest versions of Windows currently in the General Availability Channel. (2 mins) 22H2 + 21H2 + Home + Pro + Pro for Workstations + Education + IoT + Pro Education + Enterprise + EOS [attachment=37638:name]READ Windows 10 - release information Consult servicing information by version, as well as release history of Windows 10. Find servicing options, dates, and KB articles for each build. (33 mins) 22H2 + 21H2 + 20H2 + Enterprise + IoT + LTSB + LTSC + extended support + EOS [attachment=37639:name]EXPERIENCE Search Product and Services Lifecycle Information - Microsoft Lifecycle Search for the lifecycle information by product. Lifecycle data export - Microsoft Lifecycle Export lifecycle data by product, family, group, or date. The Windows Insider Program Be the first to see what's next for Windows in the Windows Insider Program. Register today! (time varies) You can bookmark Windows release health for updated release and lifecycle information. And when your devices do reach that retirement time, find our End-of-life management and recycling stance and tips. Have another snackable topic in mind? Let us know in the comments below! Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

Last month we took a deep dive into the update powers available to IT teams from Microsoft – including to explain the differences between the solutions on offer. This month we're back to talk about what's new in the service. New Windows Autopatch tenant health status The new ‘Inactive Status' feature is intended to make IT admins' lives easier. To help administrators recognize critically urgent issues that require immediate action, the status of their Windows Autopatch instance will be set to ‘inactive.' This will limit administrator access to only the Windows Autopatch blades and controls that need attention. Examples include misconfigured tenant access settings that would prevent the service from operating properly or software licensing issues. All other Intune features will remain accessible, and tenants that are in good health won't experience any changes. Independent insights into the impact of Windows Autopatch from Forrester Forrester has just released a study that features real Windows Autopatch customers talking about the impact the service has had on their organization and has prepared some projections so you can gauge what real value you might expect from enrolling your devices. The executive summary is a great starting point, but if you're looking for the full Forrester Consulting Total Economic Impact™ Study Commissioned by Microsoft, read New Technology: The Projected Total Economic Impact™ Of Windows Autopatch. We think these real customer quotes will make you want to read more: "By making sure that our software is current, there are fewer vulnerabilities and threats for those devices. It reduces that security gap for us." - CISO and chief data protection officer, digital services "We want to make sure that we are hitting full compliance each month, and we want to be able to get this stuff out as quickly as we can. [Windows] Autopatch gives us that visibility and the reliability of getting better patch results than we've had before." - Manager of computing solutions, chemicals The value of keeping security up-to-date New security technology was the hot topic at Microsoft Secure, but The Microsoft Digital Defense Report 2022, released late last year, shared an important finding: 98% of cyber-attacks can be prevented with ‘basic security hygiene' of which ‘Keep up to date' is a key component. The Microsoft Digital Defense Report 2022 shows that basic security hygiene still protects against 98% of attacks While this statement alone should encourage all security-minded decision makers to take a keen interest in patching, there's even more to the security value of Windows Autopatch. We dive into that story in this episode of our YouTube series and in some exciting assets you'll see soon, especially if you subscribe to this blog. New feature in public preview: customize quality updates deployment cadence with Windows Autopatch Windows Autopatch now allows you to set custom schedules for the deployment of quality updates for each of your rings. While we recommend the default settings, we acknowledge that some organizations have unique needs. With the public preview release of this feature this month, we hope you'll test the ability for this feature to meet those needs. Offer your feedback via our community page. Custom cadence types In short, Admins will now be able to define when updates are released to rings with custom deadline-driven or scheduled install settings from the Devices > Windows Autopatch > Release management blade in Microsoft Intune. Screenshot of Microsoft Intune admin center with the Deployment cadence settings opened Deadline-driven customizations allow customers to change deferrals and deadlines (within a 14- day window) and grace periods (within a 7-day window) for each deployment ring. Scheduled install customizations prevent forced restarts or interruptions, and allow admins to specify when an update is applied—either outside Active hours (if defined) or at a defined occurrence. For an in-depth explanation of how these features work, see the documentation here. Now in general availability: the ability to opt-out of updates for Microsoft 365 Apps Announced last month, and now generally available, Intune Administrators can now block Windows Autopatch from offering Microsoft 365 apps updates. Since Windows Autopatch currently sets enrolled devices to Microsoft 365 App updates via the Monthly Enterprise Channel, this feature allows organizations subscribed to different channels to still take advantage of Windows Autopatch. Autopatch is turning 1! Major milestones are often a time for looking back, but the Windows Autopatch team is instead moving full steam ahead to make the next year one to remember. Currently enrolled customers have seen some message center posts that hint at features that are coming soon to public preview. For those still waiting to enroll their tenants, here's a peek at what's coming: Custom ring configurations, and a new 5-ring default Autopatch groups to apply different cadences and ring configurations to discrete populations of devices Update to Windows 11 with Windows Autopatch New reports with more granular detail, including feature updates New guardrails and controls to keep policies and configurations working smoothly Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

Introduction: As the ERP world continues to evolve and becomes more complex, businesses are constantly seeking new ways to enhance efficiency, improve processes, and unlock valuable insights. At Microsoft, we are constantly discovering new ways to unleash creativity, unlock productivity, and uplevel skills so that more people can benefit from using AI with enterprise applications. This is allowing our customers to build the future faster and more responsibly by powering their apps using large-scale AI models. Our collaboration with OpenAI, along with the power of Azure have been core to our journey. Integrating OpenAI's cutting-edge AI capabilities and Microsoft Azure's powerful cloud infrastructure into SAP S/4HANA can be a huge game-changer for organizations aiming to stay ahead of the curve. This technical post delves into seven innovative scenarios that demonstrate the potential of Azure OpenAI (AOAI), Azure Logic Apps, Azure Functions, Azure Automate to revolutionize various aspects of SAP S/4HANA, and other ERPs from financial automation to system monitoring and regular SAP Basis related tasks. Technically speaking, Azure OpenAI utilizes GPT-4, an advanced AI language model capable of comprehending and generating human-like responses. This makes it perfect for automating tasks, enhancing data accuracy, and uncovering valuable insights. Microsoft Azure provides cloud-based services, such as Logic Apps and Functions, which facilitate seamless integration between SAP systems and AI capabilities. The amalgamation of these technologies paves the way for transforming SAP S/4HANA into a more intelligent, efficient, and powerful platform for businesses. whiteboard session with AI + SAP Importance of Understanding OpenAI and Azure Integration with SAP S/4HANA: With generative AI technologies, we are unlocking new efficiencies for businesses in every industry and getting into more how Azure OpenAI can be integrated with SAP S/4HANA for modern SAP consultants, as it can help organizations unlock new levels of efficiency and effectiveness in their SAP systems. By leveraging AI capabilities and cloud-based integration tools, businesses can automate repetitive tasks, optimize processes, and harness valuable insights to drive better decision-making and stay ahead of the competition. In this blog, we will run seven technical Whiteboard 'challenging' (and innovative too!) scenarios that highlight the potential of generative AI technology and Azure integration with SAP S/4HANA across a range of functional areas. Let’s glimpse these scenarios in detail! Whiteboard Scenario 1: Automating Sales Order Creation from Email Requests In this scenario, a company receives sales order requests from customers via email. Azure OpenAI natural language processing capabilities can be used to extract relevant information from emails and create corresponding sales orders in SAP S/4HANA. Steps: Set up an Azure Logic App with a trigger to monitor the company's email inbox. Configure an Azure Data Factory and Azure datalake to utilize Azure OpenAI to extract relevant information (e.g., customer details, product, quantity in Json/csv format) from the email body. Use an SAP connector to create a sales order in SAP S/4HANA using the extracted information. Send an email confirmation to the customer with sales order details. (see below flow diagram) Whiteboard Scenario 2: Automating Invoice Data Validation and Approval In this scenario, a company wants to automate the process of validating and approving invoices received from vendors. Azure OpenAI can be used to extract and validate data from invoice documents, and then update the corresponding purchase order status in SAP S/4HANA. Steps: Set up an Azure Logic App trigger to monitor a designated folder where invoice documents are uploaded. Configure an Azure Function to utilize Azure OpenAI to extract relevant information (e.g., vendor details, invoice number, total amount) from the invoice documents. Use a custom connector to validate the extracted invoice data against purchase order data in SAP S/4HANA. If the invoice data is valid, update the purchase order status in SAP S/4HANA to "Approved" and send an approval email to the vendor. If the invoice data is not valid, send an email to the accounts payable team with the discrepancies highlighted for manual review and repeat! (See below flow diagram) Whiteboard Scenario 3: Automating Customer Support Query Resolution In this scenario, a company wants to use Azure OpenAI to automatically resolve customer support queries by providing relevant information from SAP S/4HANA. Steps: Set up an Azure Logic App with a trigger to monitor incoming customer support requests. Configure an Azure Function to utilize OpenAI to understand the customer query and identify the required information. Use an SAP connector to fetch the relevant information from SAP S/4HANA based on the query. Use Azure OpenAI to generate a human-like response with the requested information. Send the generated response to the customer. (see below flow diagram) flowchart Whiteboard Scenario 4: Automating Material Requirement Planning (MRP) Data Analysis One of my favorite scenarios is related to data analysis. In this scenario, a company wants to use OpenAI to analyze MRP data in SAP S/4HANA and generate actionable insights to optimize inventory levels, production planning, and procurement processes. Steps: Set up an Azure Logic App with a scheduled trigger to initiate the MRP data analysis process. Use a custom connector to fetch MRP data from SAP S/4HANA, including material stock levels, demand forecasts, and production schedules. Configure an Azure Function to utilize Azure OpenAI to analyze the MRP data and identify trends, potential stockouts, and procurement opportunities. Generate actionable insights and recommendations based on the analysis. Share the insights with relevant stakeholders (e.g., supply chain managers) via email or a custom dashboard or a chatbot on Microsoft Teams (see below flow diagram) Whiteboard Scenario 5: Automating Financial Reporting and Analysis In this scenario, a company wants to use OpenAI to automatically generate financial reports (e.g., balance sheets, income statements) and provide analysis and commentary on key financial metrics, leveraging data from SAP S/4HANA. Steps: Set up an Azure Logic App with a scheduled trigger to initiate the financial reporting and analysis process. Use a custom connector to fetch financial data from SAP S/4HANA, including general ledger accounts, financial statements, and transactional data. Configure an Azure Function to utilize OpenAI to process the financial data, generate the required financial reports, and calculate key financial metrics. Use OpenAI to generate natural language analysis and commentary on the financial metrics, highlighting trends and potential areas of concern. Compile the generated financial reports, analysis, and commentary into a comprehensive document, and share it with relevant stakeholders (e.g., finance managers, executives) via email or a custom dashboard or a chatbot on Microsoft Teams. (see below flow diagram) Whiteboard Scenario 6: Automating Quality Control in Production Processes In this scenario, a company wants to use OpenAI's computer vision capabilities to automate quality control checks in its production processes. The AI system will analyze images of finished products to identify defects and update the corresponding inspection records in SAP S/4HANA. Steps: Set up an Azure Logic App with a trigger to initiate the quality control process when new production images are uploaded to a designated folder. Configure an Azure Function to utilize OpenAI's computer vision capabilities to analyze the production images and identify any defects or abnormalities. Based on the AI analysis, update the inspection records in SAP S/4HANA using a custom connector, marking the products as "Passed" or "Failed" based on the presence of defects. If a defect is detected, notify the production team and quality control personnel via email or an integrated notification system for further investigation and corrective action. Whiteboard Scenario 7: Automating Bank Statement Reconciliation In this scenario, a company wants to use OpenAI to automate the process of reconciling bank statements with their financial records in SAP S/4HANA. Steps: Set up an Azure Logic App with a trigger to initiate the reconciliation process when a new bank statement is received or uploaded to a designated folder. Configure an Azure Function to utilize OpenAI to extract transaction details (e.g., transaction date, amount, description) from the bank statement. Use a custom connector to fetch financial transactions from SAP S/4HANA for the corresponding time-period. Configure another Azure Function to match the extracted bank statement transactions with the financial transactions in SAP S/4HANA. Update the reconciliation status of the matched transactions in SAP S/4HANA using a custom connector. Generate a reconciliation report highlighting any discrepancies or unmatched transactions and share them with relevant stakeholders (e.g., finance managers, accountants) via email or a custom dashboard or a chatbot on Microsoft Teams. (See below flow diagram) By implementing these scenarios, companies can leverage Azure OpenAI features to automate repetitive tasks, reduce manual effort, and improve data reading accuracy in SAP S/4HANA using Azure Logic Apps, Azure Functions, Teams & Power Automate. Each scenario will provide high-level whiteboarding steps for implementing the integration, highlighting the key components and processes involved. Conclusion: As the SAP landscape becomes more complex to leverage the power of digital transformation, SAP consultants are constantly looking for innovative ways to optimize and automate their operations. OpenAI, when combined with Azure and SAP S/4HANA, offers a unique opportunity to achieve this goal, transforming how businesses manage their processes and make data-driven decisions. This blog has explored 7 powerful use cases that demonstrate the potential of integrating OpenAI with Azure and SAP S/4HANA to automate various tasks and deliver valuable insights. Embracing this innovative approach will not only help you stay ahead of the competition but also improve overall business efficiency, reduce manual efforts, and provide a better experience for your end-users. By integrating Azure OpenAI and SAP S/4HANA, you can unlock the true potential of your ERP systems and drive your organization towards digital excellence. As you consider implementing these scenarios in your organization, it's important to ensure that all security and GDPR compliance requirements are met. Before testing, make sure to conduct thorough security and privacy assessments to avoid potential risks. In conclusion, the power of Azure OpenAI and SAP S/4HANA integration can transform the way you manage your ERP operations. We encourage you to explore these scenarios and harness the benefits of this cutting-edge technology. Good luck on your journey towards a smarter and more efficient SAP landscape! Let's us know your thoughts and feedback on these scenarios crafted! There could be endless possibilities in coming years with Azure OpenAI advancement! Useful links Azure OpenAI Service frequently asked questions - Azure Cognitive Services | Microsoft Learn Create a cloud flow from a description - Power Automate | Microsoft Learn Request Access to Azure OpenAI Service (microsoft.com) AzureOpenAIExamples (github.com) Check out our Introduction to Azure OpenAI training course #AzureOpenAI #PowerAutomate #SAPonAzure #Azurefunctions Disclaimer: The scenarios mentioned in this blog post should be tested while adhering to proper security and GDPR compliance checks. Azure OpenAI and SAP S/4HANA integration should be executed within the boundaries of your organization's security and privacy policies. Continue reading...

File management might be tedious, but it is sometimes required, especially when storage space is limited. PowerShell is an excellent tool for automating most activities, and identifying duplicate files on your computer is an excellent application of the tool. The script below will detect and report (rather than delete) all files in the directory and subdirectories, group them by size, filter out groups with only one file, and report on the duplicate files with their full path and creation time. # Get all files in a directory and subdirectories $files = Get-ChildItem -Recurse -File # Group files by size $groups = $files | Group-Object Length # Filter groups with more than one item $duplicates = $groups | Where-Object {$_.Count -gt 1} # Output duplicate files foreach ($duplicate in $duplicates) { Write-Host "Duplicate files of size $($duplicate.Name):" $duplicate.Group | Select-Object FullName, CreationTime | Sort-Object CreationTime | Format-Table -AutoSize } This script may be run in PowerShell by saving it as a.ps1 file and then running it from the PowerShell command prompt. Please keep in mind that if you have a large number of files on your computer, this script may take some time to run. How to detect duplicate files on your computer via PowerShell As always, please share your PowerShell automation scripts in the comments section below so that they can be added to or improved upon the script published above. Continue reading...

Windows monthly updates come in several shapes and forms, but they are all here to keep organizations and individuals protected and productive. Take a 5-minute break to brush up on the assortment of releases or block out 41 minutes to take deeper training on managing them. In the other quarter-hour chunks, you can learn about new ways we help you manage updates, how cumulative updates have improved with Windows 11, and how to know when your devices will update. Time to learn: 117 minutes [attachment=36177:name]READ Windows monthly updates explained Start with this easy reference guide that simplifies the different types of updates. What’s the difference between security and optional non-security updates? What’s special about out-of-band (OOB) updates and continuous innovation? See our simple guide to keeping you protected and productive. (5 mins) Security Release + Non-Security Release + OOB + Continuous Innovation + SUVP + Release Notes + Release Health [attachment=36178:name]READ Manage Windows updates in the cloud Complete this learning module for up to 1000 experience points. Review what you’ve learned about feature update management and dive deeper into quality or security updates. (41 mins) Deadlines + User Experience + DO + Group Policy + MDM + Intune [attachment=36179:name]READ + WATCH Update power: Microsoft management solutions for your scenario(s) Which update solution is right for your scenario? This guide describes and shows cloud-based and on-premises solutions, including Windows Update for Business, Windows Update for Business deployment service, Windows Autopatch, and Windows Server Update Services (WSUS). (24 mins) MDM + WUfB + WUfB DS + Autopatch + WSUS + Intune + Microsoft Graph + Enterprise + Education + Pro + On-Prem [attachment=36180:name]READ Use Intune to expedite Windows quality updates If needed, expedite the installation of the most recent Windows 10/11 security updates with Intune. Start with how expedited updates work (with examples!) and whether you meet the prerequisites. Then learn how to create and assign an expedited update, manage relevant policies, then monitor, and report on them. (14 mins) Intune + Windows Update + WUfB DS + Azure AD + Deferral Period + Deadline + Microsoft 365 + VDA + Group Policy [attachment=36181:name]WATCH Windows 11 cumulative update overview Review how the Latest Cumulative Updates (LCUs) for Windows 11 have become smaller, faster, and easier to manage. Jump behind the scenes of package and download size reduction, improved installation orchestration, increased servicing of new language packs, and improved language and features on demand supplemental media. (17 mins) CU + Language Packs + FODs + CPU + WU + WUfB + WSUS + Dynamic Update [attachment=36182:name]WATCH When is my device going to update? In this video recording, hear from the developers who wrote the code behind when your devices are going to scan, download, and install Windows updates, and when they reboot. Learn about the logic that goes into the “intelligent” decisions around when to update. (16 mins) Windows Update + WUfB + Intune + Update Rings + OOB + Deferrals + Policies + Active Hours + Notifications Great to see you on the other side of the 117 minutes! If you have room for dessert, check out Get current and stay current with Windows Autopatch (16 minutes to read and watch) about one of the popular solutions for enterprises that leverage Windows Update for Business or Windows Server Update Services. Can’t get enough of this or another topic? Let us know in the comments below! In the meantime, a happy two-month anniversary to all those who have been with us through these Windows skilling snacks: bite-sized learning for IT pros! Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

Welcome to the March 2023 update. This month, we are excited to announce several new features across web, Windows, and Mac. For web users, speed up large workbooks with Check Performance, insert and edit formulas with Formula Argument Assistance, and enhance your query organization with Drag & Drop in Queries Pane. Block untrusted XLL Add-Ins has launched to all Windows users, while Assign a Task with @mentions is now available for Windows and Mac users. Also, now that college basketball excitement is in full swing, check out this College Basketball Random Bracket - try them with family and friends. Excel for the web: Check Performance Formula Argument Assistance Drag & Drop in Queries Pane #FIA Excel for Windows: Block untrusted XLL Add-Ins Assign a Task with @mentions Excel for Mac Assign a Task with @mentions Excel for the web Check Performance When you open your workbook, Excel can detect whether your workbook contains unwanted formatted cells that can slow down your workbook. If so, Excel suggests launching “Check Performance.“ You can also manually launch the feature from Review > Check Performance. Read the blog article, and see it in action Check Performance Formula Argument Assistance Formula Argument Assistance card accompanies you while writing a formula, and helps you insert or edit the arguments. You no longer need to reach out to external sources for help when you are typing your formula! The Argument Assistance card will help you write formulas more efficiently and reduce errors. Read more > Formula Argument Assistance #FIA! Drag & Drop in Queries Pane Drag & Drop in the Queries pane enhances your ability to organize your queries - you can easily sort queries or move them between folders. Drag & Drop in Queries Pane Excel for Windows Block untrusted XLL Add-Ins This feature adds a layer of security to your worksheets. It protects you from potential attacks coming through XLL add-ins, a particular type of add-in that is being used to distribute malware to unsuspecting victims. Read more > Block untrusted XLL Add-Ins Assign a Task with @mentions Assign a Task allows users to collaborate more effectively with their teams by creating and assigning tasks within their Excel worksheets and Word documents using @mentions in comments and tagging a team member. Once a team member is assigned the task (by selecting the ‘Assign to’ check box to the comment to convert to a task and then clicking the blue arrow), they receive an email notification to let them know they have tasks to action. Read more > Assign a Task Excel for Mac Assign a Task with @mentions Assign a Task allows users to collaborate more effectively with their teams by creating and assigning tasks within their Excel worksheets and Word documents using @mentions in comments and tagging a team member. Once a team member is assigned the task (by selecting the ‘Assign to’ check box to the comment to convert to a task and then clicking the blue arrow), they receive an email notification to let them know they have tasks to action. Read more > Assign a Task Check if a specific feature is in your version of Excel Click here to open in a new browser tab Your feedback helps shape the future of Excel. Please let us know how you like a particular feature and what we can improve upon—send us a smile or frown.  You can also submit new ideas or vote for other ideas via Microsoft Feedback. Subscribe to our Excel Blog and the Insiders Blog to get the latest updates. Stay connected with us and other Excel fans around the world – join our Excel Community and follow us on Twitter. Continue reading...

Since introducing Microsoft Defender Threat Intelligence (Defender TI) in August, our customers have made their organizations safer by proactively addressing threats with its array of raw intelligence and having unparalleled insight into the threat ecosystem with its extensive library of finished intelligence. Today, we are excited to announce several new features and capabilities that put more threat actor insights at our customers' fingertips and enhance SIEM and XDR capabilities in their existing tools and workflows, including the integration of Defender TI into Microsoft 365 Defender. M365 Defender Integration Threat Intelligence is a foundational component of any security operations platform. Defender TI is now available to licensed customers directly within the Microsoft 365 Defender portal to deliver powerful intelligence that helps analysts correlate information and provides immediate context about threats during their investigations, all within a unified experience. Licensed users will see the following: A new threat intelligence navigation tab and threat analytics merged with Defender TI articles, Intel Profiles, and IOCs. Threat Analytics merged with Defender TI articles and IoCs written and compiled by Microsoft's award-winning threat researchers. An Intel Explorer tab enables pivots on Internet data to launch advanced investigations across Microsoft's continuously updated map of the entire internet. Intel Profiles Intel Profiles are a form of finished intelligence putting the wealth of information collected from the award-winning Microsoft Threat Intelligence team about threat actors and their tools all in one place. Intel profiles are updated daily with analyses of threat actor tools, tactics, and procedures (TTPS) mapped to the MITRE framework and industry-specific guidance, target profile information, and indicators of compromise (IOCs) related to threat groups or tooling. Microsoft 365 Defender and Microsoft Sentinel customers can quickly access this information to analyze, investigate, and hunt threats. Profiles are updated whenever new information is discovered. Intel Profiles focus on three key areas: Actors: Threat actors Microsoft has previously publicly disclosed. Tools: Analysis of the capabilities of specific tools leveraged by actor groups. Activity: Original research around actors, campaigns, and vulnerabilities. API Defender TI now has an API to boost interoperability and help the SOC punch above its weight by responding to threats at scale. The Defender TI API allows organizations to query Defender TI data to operationalize intelligence gleaned from threat actors, tools, and vulnerabilities. Security teams can enrich their understanding of entities inside security incidents, automate triage efforts, and integrate with a broad ecosystem of security tools, including Microsoft Sentinel. New Sentinel playbooks will leverage the API to enable defenders to query Defender TI's raw and finished intelligence at scale to quickly boost their understanding of threats. These playbooks evaluate indicators in an incident with Defender TI's reputation data—everything we know about a piece of online infrastructure—to mark its severity and automatically triage it accordingly. Playbooks will also automatically enrich incidents with Defender TI's web component data, leveraging Microsoft's map of the internet to show the makeup of a webpage or the technology and services driving a specific piece of infrastructure. These show the extent of an actor's infrastructure or additional sites that have been compromised so teams can understand the full extent of a threat. Sentinel Solutions IOCs from Defender TI finished intelligence are already natively integrated with Microsoft Sentinel, but now there are new ways to leverage them. Via a Microsoft Sentinel Data Connector and Microsoft Threat Intelligence Analytics rule, customers can leverage IOCs surfaced in Microsoft Threat Intelligence to ensure their organizations are protected from the latest threats. Microsoft Sentinel Data Connector: Microsoft researchers will continually add all publicly available indicators of compromise (IOCs) from Defender TI finished intelligence to the Microsoft Sentinel TI blade. Microsoft Sentinel users can access these valuable IOCs for free to drive analytics, hunting, and investigations. Microsoft Defender Threat Intelligence Analytics Rule: When enabled in Microsoft Sentinel, this built-in rule takes URLs, domains, and IPs from a customer environment via log data and checks them against a dynamic list of known bad IOCs from Defender TI. When a match occurs, an incident is automatically created, and the data is written to the Microsoft Sentinel TI blade. By enabling this rule, Microsoft Sentinel users know they have detections in place for threats known to Microsoft. We want to hear from you! Be sure to join our fast-growing community of security pros and experts to provide product feedback and suggestions and start conversations about how Defender TI is helping your team stay on top of threats. With an open dialogue, we can create a safer internet together. Learn more about Defender TI: aka.ms/mdti, and try it today: security.microsoft.com Continue reading...

Have you ever been in a situation where a Windows device takes an update that is not compatible with the system or causes an issue that prevents user productivity? In this scenario, it can be frustrating to determine the best way to get the device(s) back to a protected and productive state. Using Microsoft Intune, here are a few ways to address the situation. If the update you want to uninstall is a Windows feature update that replaced the previous version of the operating system (OS) on the device, you can roll back the feature update using Intune and by leveraging the Update CSP. Screenshot of the Overview page in the Intune admin center, showing the Uninstall options for update rings for Windows 10 and later To use the Uninstall option for feature updates (Rollback/FeatureUpdate in the Update CSP) in Intune, the device must be running Windows 10, version 1803 and above, have feature updates paused, and be within the uninstall period. Intune also provides the ability to uninstall quality updates installed on a device. Again, to leverage this capability, the device must be running Windows 10, version 1803 and above, have quality updates paused, and be running the latest quality update available to the device based on quality update deferral settings. To uninstall other types of updates, including Windows feature updates delivered via enablement package, you can leverage PowerShell scripts in Intune. *An enablement package, sometimes referred to as an eKB, is a small, quick-to-install "master switch" that activates features already present on a device but in an inactive and dormant state. Enablement packages are available for feature updates that share the same core operating system (OS) as the version of Windows prior to them (e.g. Windows 10, version 21H2 and Windows 10, version 22H2). PowerShell Once you are ready to use PowerShell scripts on Windows 10/11 devices in Intune, run the following two PowerShell scripts: First, to get the full list of updates installed on the device run: get-windowspackage -online -PackageName "*KB*" Then, to uninstall a specific update that was present in the list of installed updates, run: Remove-WindowsPackage -Online -PackageName "Package_for_KB5015684~31bf3856ad364e35~amd64~~19041.1799.1.2" You will need to swap the package information above with the package that you wish to uninstall. Note: You will want to run both scripts under the system account. This means you should choose "No" as the default for "Run this script using the logged on credentials". Once the uninstallation is complete, restart the system. Deployment Image Servicing and Management (DISM) Alternatively, you can use the DISM tool directly: dism /online /remove-package /PackageName:Package_for_KB5015684~31bf3856ad364e35~amd64~~19041.1799.1.2 You will need to swap the package information above with the package that you wish to uninstall. As above, once uninstallation is complete, restart the system. I hope you find this brief guide to uninstalling updates helpful. May you never need this information! As always, please feel free to reach out to me on Twitter @AriaUpdated or here on the Tech Community with questions, comments, and feedback. Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

I just finished writing up the release notes for Azure Data Studio 1.42, and I cannot get over the amount of work the engineering team has completed since January. Go big or go home. For regular users of Azure Data Studio, we hope you are starting to experience the improvements we have been making in the application. This continues with the 1.42 release, though we also found time to introduce new functionality as well. Group by Schema One of the original feature requests for Azure Data Studio was the ability to view objects by schema in Object Explorer (OE). Finally, that functionality is available in this release for the MSSQL provider: Screenshot of group by schema enabled The default behavior shows the objects grouped by type (Tables, Views, etc.) and can be quickly toggled by clicking the branching icon in the Servers View. The configuration persists through restarts of Azure Data Studio, and it applies across all MSSQL connections; it is not selective to instance or database. We have also given users more control in terms of server timeouts for Object Explorer (OE). The default value is 45 seconds, and you can customize the OE option within Settings ( CTRL/CMD + , ) by changing Mssql > Object Explorer: Expand Timeout. For Azure SQL Database serverless and slower connections, more time might be needed for a response from the server, and increasing this value may reduce timeouts in those scenarios. User Management We are working on our roadmap for the coming year, and now seems like a fine time to mention that we are adding User Management capabilities. The feature is currently in Preview, but if you’re looking to create a server login, simply right-click on the Logins node and select New Login. Screenshot of New Login menu option User management is available for both traditional, on-prem instances (SQL and Windows authentication), and for Azure SQL DB (SQL and Azure Active Directory). Database users can also be created from the User node, (under the Security node in the database), and schema and role membership can be assigned or updated. We will continue to expand this functionality over the next couple releases as we bring it to GA, and would love to hear more about how you interact with SQL logins and users. Feel free to peruse the Azure Data Studio issues for the user management workstream, or drop into a discussion and share your feedback. Connectivity There are two significant changes related to connections to which we want to draw your attention. The first is an update to the Encrypt property for the MSSQL provider connections. In the November release (1.40) you may remember that the default value for the Encrypt property changed to True. In this release, we have completed support for all three encryption options: Strict, Mandatory (True), and Optional (False). New connections still default to Mandatory (True), but you now have the additional capability to enable Strict encryption for full support of TLS 1.3 with SQL Server 2022. On the topic of the connection dialog, there is a new property, Host name in certificate, on the Advanced tab under Security. For servers that have a certificate configured, you must enter the Subject or DnsName used in the certificate in the Host name in certificate property. Also on the Advanced tab, under Initialization, there now exists Command timeout. The default is 30 seconds, but for those of you with Azure SQL DB serverless you may find that increasing this timeout for those connections reduces timeout occurrences, as it allows the database additional time to come online if it’s been paused. Screenshot of options in Advanced Properties for connections The second significant change is the new setting Mssql Enable Sql Authentication Provider, which can be enabled in Settings (CTRL/CMD + , ). For those that connect to Azure SQL with Azure Active Directory and Multi-Factor Authentication (AAD + MFA), enabling this option allows connections to be maintained without the concern of losing access token lifetime or getting dropped by the server. Access tokens will be refreshed internally by the SqlClient driver whenever they are found to be expired. We expect this should benefit those who have previously reported issues related to loss of connectivity. But that’s not all…the 1.42 release also adds support for connections to Microsoft Dataverse using the TDS endpoint, it has additional error reporting for Azure connections, and we introduced support for change password. Additional Improvements Those of you using arm64 Windows and macOS may notice that the application runs a little faster, as we have completed backend work to make the SqlToolsService (on which Azure Data Studio runs) support native arm64. You may notice a few minor changes in the UI; we added New Deployment under the File menu: Screenshot of New Deployment... menu option and we changed the Add an account icon in the Linked Accounts pane (accessed by adding a new Azure account) to make it more consistent with our add action elsewhere. Finally, in this release we have removed Big Data Cluster (BDC) support, as originally planned. There exists a separate download of ADS 1.41 that BDC customers can continue to use. Wrap up The complete list of improvements and bug fixes can be found on the release notes page, and please continue to report issues in GitHub. For those of you that like to keep pace and are willing to try out changes as we make them available, we encourage you download the Insiders build. New Insider builds are released daily and updates can be initiated by selecting Check for Updates… in the Help menu. The Insider release can run side-by-side with the stable release on your machine. We again thank the users that report issues, log feedback, and work with us to uncover the root problem. You are helping to make Azure Data Studio a better and more complete tool for managing data in Azure, and we appreciate your support. Continue reading...

Windows updates keep you protected and productive in different ways, and we continue to optimize the update experience. Whether you're an IT administrator or a general user, Windows monthly updates provide you with the security fixes to help keep your devices protected—as well as enhancements based on your feedback. Monthly updates are cumulative and include all previously released fixes to guard against fragmentation of the operating system (OS). This contributes to the reliability and quality of the Windows platform. This post summarizes the different types of monthly updates and shares insights on how we've optimized our approach to Windows servicing and delivery. Monthly security update release For many of you, Update Tuesday (also referred to as "Patch Tuesday") is a regular part of Windows servicing. Published on the second Tuesday of each month, our security update releases are cumulative. That is, they include both new and previously released security fixes along with non-security content introduced in the prior month's optional non-security preview release (see below). These updates help keep Windows devices secure and compliant by deploying stability fixes and addressing security vulnerabilities. Note: People tend to use "B release," quality update, security update, and LCU interchangeably. Monthly security updates are mandatory and are available through our standard channels, which include Windows Update, Windows Update for Business, Microsoft Intune, Microsoft Configuration Manager, Windows Server Update Services (WSUS), and the Microsoft Update Catalog. Optional non-security preview release You've got options with optional non-security preview releases. Available the fourth week of the month, these production-quality updates are released ahead of the planned security update release for the following month. In addition, new features, like Search highlights, may initially be deployed in the prior month's optional non-security preview release, then ship broadly in the following month's security release. Note: The term “optional non-security preview release” now replaces what we used to call either a “C” or “D” release to align with the current process. Optional non-security preview releases are also cumulative and are only offered for the most recent supported versions of Windows. Starting in April 2023, we now target optional non-security preview releases for the fourth week of the month. We have found this to be the optimal time for us to publish and for you to consume these updates. That's two weeks after your latest monthly security update and about two weeks before you'll see these features become part of the next mandatory cumulative update. We're excited for this improvement as it is meant to optimize the validation of payloads, improve consistency, and enhance the predictability of your testing, update, and upgrade experience. To access optional non-security preview releases, navigate to Settings > Windows Update > Advanced options > Optional updates, select from the available updates, and click Download and install. Out-of-band releases Out-of-band (OOB) releases may be provided to fix a recently identified issue or vulnerability. They are used in atypical cases, such as security vulnerabilities or a quality issue, when devices should be updated immediately instead of waiting for the next monthly quality update release. Out-of-band releases are cumulative, meaning that they include the updates from the previous security and/or non-security release, as well as the additional fix. Continuous innovation in Windows 11 Beginning with Windows 11, version 22H2, new features and enhancements are delivered to the most recently released in-market version of Windows 11 more frequently using servicing technology. As with all updates, we utilize a phased and measured approach in rolling out continuous innovation to the Windows 11 ecosystem. Experiences may be introduced in an optional non-security preview release prior to being made available broadly via a monthly security update or via Controlled Feature Rollout (CFR) technology. For more information on how to control when select features introduced via servicing are released to the devices you manage, see Commercial control for continuous innovation. Recommendations As a general practice, we recommend that you update your devices as soon as possible, whether you're a general user or an IT professional. For IT admins, we also recommend taking advantage of the optional non-security preview releases to internally validate releases ahead of the following month's security update release. To help manage updates across your organization, bookmark these resources: Windows 11 update history and release notes Windows 10 update history and release notes Windows release health on Microsoft Learn (also available in the Microsoft 365 admin center) These pages are available in multiple languages and refer to each release by a unique KB number. IT admins may validate fixes and features in a preview release by leveraging the Windows Insider Program for Business or via the Microsoft Update Catalog. If you are a Microsoft Partner or registered commercial customer, you can also take advantage of the Security Update Validation Program (SUVP). It's a quality assurance testing program designed for the monthly security update release. As a SUVP partner, you can start testing these security updates three weeks prior to Update Tuesday and provide us with feedback regarding usability, bug reports, test reports, etc. For additional tips, read Ensuring a successful Windows quality update experience. Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...

Create, customize, and deploy your own portfolio website in minutes without installing any tools. All you need is a GitHub account and a few minutes to get started. We will use GitHub Codespaces and Blazor to build the website and Azure Static Web Apps or GitHub Pages to deploy it. You can find all these instructions and more in our GitHub Codespaces Repository. GitHub Codespaces Now, with GitHub Codespaces you can create your own portfolio website in minutes without any extra tools or lengthy environment setup! All you need is a GitHub account. Follow these instructions to create your free GitHub account. GitHub Codespaces is a development environment that is hosted in the cloud. This means that you can get started coding right away in your browser – we set everything up for you ahead of time! You do not need to worry about setting up the right coding editor or tools. .NET Portfolio Site with GitHub Codespaces With the .NET Blazor Portfolio Site project template, all you need to do is launch your Codespace then follow the README instructions to customize your website. The goal is to give you a template you can immediately utilize to create your own website through GitHub Codespaces. This template shows you how to build your website using Blazor. Blazor is a UI Framework that lets you build frontend web applications with C#. The template is within the GitHub Student Developer pack, but anyone can access and use it! Who is this for? Anyone looking to create a portfolio site, learn web development, or test out Codespaces. How much experience do you need? Zero. You decide how much you want to customize based on your experience, and time available. Tools needed: None. No need to install anything! All you need is a GitHub account and web browser. Prerequisites: None. This template includes your development environment and deployable web app for you to create your own site. Get Started with the .NET Portfolio Website Template Go to the template in GitHub: GitHub - education/codespaces-project-template-dotnet: Codespaces template for building a .NET project Click Use this template Create a copy of the repository in your GitHub account. You can keep the repository name the same or change it if you would like. At the top of the README, click on the Open in GitHub Codespaces button You should now be in a GitHub Codespace! Notice that it has the same layout as VS Code. Follow the readme on how to run a simple command to start up your website. In your terminal, you will need to run swa start. Congratulations! You just ran your portfolio website!! Next Steps: Customize and Deploy From here, you can continue to follow the instructions in the README to customize your portfolio website and deploy it! This project is built to be easily customizable. Each section of the site is a separate component, and your information needs to be set in only one spot. For each step, open the project in Codespaces, then you can make and commit your changes while within your Codespaces. To deploy your website, you can use Azure Static Web Apps or GitHub Pages. The README includes instructions for both deployment options. Learn More Check out our learning resources and coding curriculums to take these learnings to the next level! Learn to Program using C# Curriculum Build Web Applications with Blazor Curriculum Introduction to Web Development Projects How to Create Your Own Portfolio Website in Minutes with GitHub Codespaces and Blazor Continue reading...

Small and large businesses today need a productive and secure cloud virtualization space. Windows 365 Cloud PCs and Azure Virtual Desktop VDI resources are that! Whether your organization has already chosen a solution or not, quench your appetite for the latest best practices with this week’s selection. Start at the top for side-by-side comparisons of Azure Virtual Desktop and Windows 365 or jump right into the solution that fits your interest. Time to learn: 101 minutes [attachment=34612:name]READ Manage Cloud PCs and Virtual Desktops - Training Explore the differences between Azure Virtual Desktop and Windows 365 so you better understand how to configure and provision both solutions. Learn how to use Intune to manage Azure Virtual Desktops and Windows 365 cloud PCs. (18 mins) AVD + Windows 365 + MEM + Intune + ConfigMgr + Administrator + VM + Device Image + Provisioning + Resize [attachment=34613:name]WATCH Understanding Azure Virtual Desktop and Windows 365 for hybrid work How can Azure Virtual Desktop and Windows 365 Cloud PCs meet your organizational needs? Dive into the IT admin experience of each product and the choices you’ll need to make before, during, and after deployment. (21 mins) AVD + Windows 365 + VM + VDI + AADJ + HAADJ + Intune + SaaS [attachment=34614:name]WATCH Azure Virtual Desktop Essentials | Intro and Full Tour Take a tour of the essentials for Azure Virtual Desktop! See what it is, how it works, and your options for configuring the service as an administrator to meet your organization's needs. (7 mins) AVD + VM + Remote Apps + UX + Azure Monitor + Diagnostics + Azure AD + Security + Mac + iOS + Android [attachment=34615:name]READ Deploy Azure Virtual Desktop with the getting started feature Quickly deploy Azure Virtual Desktop with the getting started feature in the Azure portal. Review the prerequisites, deployment steps, connection guidance, the resources that are deployed, clean-up resources, and next steps in this official documentation. (24 mins) AVD + AD DS + UPN + ARM [attachment=34616:name]WATCH Windows 365, your Cloud PC | What it is, how it works, and how to set it up Visualize the end-user and IT experience with Windows 365. As a fully managed service, assign and configure Cloud PCs using familiar tools like Microsoft Intune. (14 mins) Cloud PC + Connection Speed + MEM + Azure AD + Provisioning Policies + Analytics + MFA + Security Baselines [attachment=34617:name]WATCH What's new and how to deploy Windows 365 Business Learn how to quickly create and enroll Windows 365 Business Cloud PCs into Intune for advanced device management. Learn about the various internal feedback channels to stay in touch. (17 mins) Cloud PC + SMB + MEM + AADJ + M365 Admin Center + Feedback Hope you enjoyed this latest installment of skilling snacks. Watch out for more thematic care packages weekly and let us know what you think in the comments below! Continue the conversation. Find best practices. Bookmark the Windows Tech Community and follow us @MSWindowsITPro on Twitter. Looking for support? Visit Windows on Microsoft Q&A. Continue reading...