Kurt Shintaku's Blog

Extended Security Updates are purchasable for Windows 7, Windows Server 2008 and Windows Server 2008 R2.  If you need them on systems before the January 14, 2020 end of life date, read the information below:

• HOWTO: Purchase, Install & Deploy Extended Security updates for Windows 7, Windows Server 2008, & Windows Server 2008 R2
  https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/How-to-get-Extended-Security-Updates-for-eligible-Windows/ba-p/917807
• HOWTO: Implement software update management and OS deployment using Configuration Manager for clients covered under the Extended Support
  https://techcommunity.microsoft.com/t5/Configuration-Manager-Blog/Extended-Security-Updates-and-Configuration-Manager/ba-p/825618

Additional resources:

• How to get ESU for Windows devices
• IT Pro FAQ about the end of support for Windows 7
• Windows 7 and Office 365 ProPlus support
• SQL Server 2008/R2 and Windows Server 2008/R2 ESU FAQs
• SQL Server 2008/2008 R2 ESU resource site
• Extended Security Updates and System Center Configuration Manager
• Lifecycle FAQ overview for all ESU offerings

Test your systems for security updates once ESU licenses have been purchased:

• Windows 7 SP1 test for ESU customers KB article
• Windows Server 2008 SP2 test for ESU customers KB article
• Windows Server 2008 R2 SP1 test for ESU customers KB article

Every so often this question comes along:

• “We need to install Office on a server to allow a server-side application to process Office documents."
• “We want to install Word on our server to take .DOC files and export them to Adobe Acrobat .PDF".”
• “Can we install Excel on a server to run macros to automate work on a server?”
• “We have a server-based application that requires the installation of Office to use the Office libraries. How do we install it?”

FYI using Office on servers is discouraged because the product isn’t designed for server-side processing with multiple CPUs & multiple simultaneous users / threads nor is it designed for secure, unattended operation.

From our documentation:

Microsoft does not currently recommend, and does not support, Automation of Microsoft Office applications from any unattended, non-interactive client application or component (including ASP, ASP.NET, DCOM, and NT Services), because Office may exhibit unstable behavior and/or deadlock when Office is run in this environment.

If you are building a solution that runs in a server-side context, you should try to use components that have been made safe for unattended execution. Or, you should try to find alternatives that allow at least part of the code to run client-side. If you use an Office application from a server-side solution, the application will lack many of the necessary capabilities to run successfully. Additionally, you will be taking risks with the stability of your overall solution.

…

Licensing Office for server-side use is also different. 

Current licensing guidelines prevent Office applications from being used on a server to service client requests, unless those clients themselves have licensed copies of Office. Using server-side Automation to provide Office functionality to unlicensed workstations is not covered by the End User License Agreement (EULA).

Details of the operational & licensing considerations are located here:

• Considerations for server-side Automation of Office
  https://support.microsoft.com/en-us/help/257757/considerations-for-server-side-automation-of-office

Everything you need to get started building responsive, mission-critical apps is contained within the Guide to NoSQL with Azure Cosmos DB: Create Scalable and Globally Distributed Web Applications. Learn how to use multimodel NoSQL database capabilities in the cloud, build your app, and then take it global. Find Azure Cosmos DB tutorials and practical examples, plus tips and tricks for getting the most out of Azure, including how to:

• Build, deploy, and manage highly responsive, mission-critical apps.
• Use distributed databases to scale globally and enable low latency.
• Set up multiple data models and popular APIs for accessing and querying data.
• Implement comprehensive service-level agreements for throughput, latency, consistency, and availability.
• Take advantage of data security best practices to detect, prevent, and respond to database breaches. 

Download the ebook here:

• DOWNLOAD: Guide to NoSQL with Azure Cosmos DB (.PDF, 205pgs)
  https://azure.microsoft.com/en-us/resources/guide-to-nosql-with-azure-cosmos-db/en-us/

We are excited to announce that Microsoft Defender Advanced Threat Protection (ATP) endpoint and detection response (EDR) capabilities for macOS devices are now generally available. We are extending Microsoft Defender ATP capabilities into non-Windows platforms in line with our commitment to build security solutions not just for Microsoft, but also from Microsoft. Customers can expect the same familiar investigation experience, the same solid backend, and the same consistent progression of features coupled with excellent performance that have historically been Microsoft Defender ATP’s signature.

Microsoft Defender ATP for Mac was designed and is continuously enhanced in collaboration with our customers. Getting customer feedback in our development process is critical to ensuring we create products our customers love. Our design partners, who influence our priorities, asked for competitive detection coverage with a unified investigation experience under strict performance requirements. With that in mind, the Microsoft Defender ATP team is now delivering core EDR functionality for macOS.
…

Read more at the announcement post here:

• MDATP BLOG: EDR capabilities for macOS have now arrived
  https://techcommunity.microsoft.com/t5/Microsoft-Defender-ATP/EDR-capabilities-for-macOS-have-now-arrived/ba-p/1047801

Automated Machine Learning empowers users of all skill sets to build and deploy models more efficiently and accurately, and it’s rooted in discoveries from Microsoft’s research labs.

Erez’s group is currently focused on AutoML, and if AutoML is something you’re interested in, this is the talk for you. In our conversation, Erez gives us a full breakdown of his AutoML philosophy, including how he defines “true AutoML” and his take on the AutoML space, its role and its importance. We also discuss in great detail the application of AutoML as a contributor to the end-to-end data science process, which Erez breaks down into 3 key areas; Featurization, Learner/Model Selection, and Tuning/Optimizing Hyperparameters. Finally, we discuss post-deployment AutoML use cases and other areas under the AutoML umbrella that are generating excitement.

Hear more in this episode of the TWIML Podcast episode:

• PODCAST: Automated Machine Learning with Erez Barak (43min)
  https://twimlai.com/twiml-talk-323-automated-machine-learning-with-erez-barak/

Azure AD entitlement management is now generally available—providing customers an important addition to Privileged Identity Management (PIM), Terms of use, and Access reviews to deliver core cloud-based Identity Governance capabilities.

From the announcement post:

Azure AD entitlement management is now generally available—providing customers an important addition to Privileged Identity Management (PIM), Terms of use, and Access reviews to deliver core cloud-based Identity Governance capabilities.

For a truly complete solution, most organizations need a way to govern employee and business partner access to resources at enterprise scale. Azure AD entitlement management removes barriers to internal and external collaboration by automating employee and partner access requests, approvals, auditing, and review for Office 365, for thousands of popular SaaS apps like Workday, Google Apps, and Salesforce.com as well as any line of business app.

With the rapid adoption of SaaS apps and cloud services by business units, many central IT teams don’t have the knowledge to know which access rights which users should have. They must delegate management of access approvals and review, for example, having someone in the sales department determine what access rights employees in the sales team needs while maintaining strong compliance and security policies.

…

Read more at the announcement post here:

• Azure Active Directory Identity Blog: Azure AD entitlement management is now generally available
  https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Azure-AD-entitlement-management-is-now-generally-available/ba-p/1022399

Today’s news is big: We’ve made it way easier to manage company acquisitions and mergers with the public preview of Azure AD Cloud Provisioning – Easily sync from multiple on-premise forests to one AAD Tenant!

From the announcement post:

Today we’ve got some amazingly cool news to share.

If you work in a large enterprise, you probably already know how big the challenges can be when your company makes an acquisition and you suddenly get asked to provide cloud identity services to an entirely new business group, usually one with their own set of Active Directory domains and forests.

If this is a challenge you face, I’m excited to let you know about the public preview of Azure AD Connect cloud provisioning!

With cloud provisioning, customers can easily provision identities from multiple disconnected AD forest to Azure AD. Azure AD Connect cloud provisioning moves the heavy lifting for provisioning from AD to Azure AD to the cloud with lightweight agents on-premises and provides the following benefits:

• Helps with provisioning from disconnected AD forests to Azure AD—Organizations may have disconnected AD forests due to mergers and acquisitions or remote office locations. Whatever the reason may be, cloud provisioning allows you to quickly integrate these multiple disconnected AD forests into an Azure AD tenant.
• Reduces on-premises footprint—The provisioning agent is a lightweight agent with the sync complexity (configuration and processing) in the cloud.
• Enterprise grade high availability—Multiple provisioning agents can be deployed to ensure high availability for provisioning especially for password hash sync.

…

Read more from the announcement post here:

• Azure Active Directory Identity Blog: Bring identities from disconnected ADs into Azure AD with just a few clicks!
  https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Bring-identities-from-disconnected-ADs-into-Azure-AD-with-just-a/ba-p/827835

Gartner has named Microsoft Security a Leader in five Magic Quadrants. This is exciting news that we believe speaks to the breadth and depth of our security offerings. Gartner places vendors as Leaders who demonstrate balanced progress and effort in all execution and vision categories. This means that Leaders not only have the people and capabilities to deliver strong solutions today, they also understand the market and have a strategy for meeting customer needs in the future. Microsoft was identified as a Leader in the following five security areas:

• Cloud Access Security Broker (CASB) solutions
• Access Management
• Enterprise Information Archiving
• Unified Endpoint Management (UEM) tools
• Endpoint Protection Platforms

For a review of all 5 Gartner Magic Quadrants, visit:

• Microsoft Security—a Leader in 5 Gartner Magic Quadrants
  https://www.microsoft.com/security/blog/2019/12/03/microsoft-security-leader-5-gartner-magic-quadrants/

Check out the new “SharePoint look book”, with more samples and designs to help you start building your next stunning site.

• INFO: SharePoint Look Book site
  http://aka.ms/sharepointlookbook 
  (https://lookbook.microsoft.com/)
• DOWNLOAD: SharePoint Look Book (.PDF)
  https://lookbook.microsoft.com/assets/SharePoint_lookbook_2019.pdf

Also, if you’re looking for how to get the most out of your SharePoint sites and pages, visit the SharePoint Design Guidance site for more information on how to design beautiful and performant sites, pages, and web parts with SharePoint in Office 365.

• INFO: SharePoint Design Guidance site
  http://aka.ms/spdesignguidance
  (https://spdesign.azurewebsites.net/)

If you’re interested in accessing Gartner’s Magic quadrant for Data Management Solutions for Analytics, we’ve made it available for you below.

Gartner has, once again, recognized Microsoft as a Leader in the Magic Quadrant for Data Management Solutions for Analytics (DMSA) for 2019. “Gartner defines DMSA as a complete software system that supports and manages data in one or more file management systems (usually databases). DMSAs include specific optimizations to support analytical processing. The breadth and scope of associated roles and skills is also expanding as organizations engage with new use cases. These use cases include supporting ongoing traditional, operational, logical, and context-independent data warehousing."

At Microsoft, we’ve championed a data platform evolution to make big data processing and analytics simpler and more accessible, helping you transform data into intelligent action. We do this through SQL Server 2017 and key Azure services such as Azure SQL Data Warehouse (a fully managed, Massively Parallel Processing, or MPP, cloud data warehouse) and Azure Databricks (an Apache Spark-based analytics platform). Start exploring our comprehensive portfolio of solutions for data warehousing, big data, and advanced analytics solutions.

Download the Gartner report here:

• Gartner names Microsoft a Leader in the 2019 Magic Quadrant for Data Management Solutions for Analytics (DMSA)
  https://info.microsoft.com/ww-landing-gartner-mq-dmsa-2018.html