imageThis download contains GPO templates, .admx and .adml files, for Application Virtualization (App-V), User Experience Virtualization (UE-V), and Microsoft BitLocker Administration and Monitoring (MBAM). Templates are divided by technology and version. Different templates support different Windows operating systems and different feature sets. For more information about supported GPO, see documentation specific to the MDOP technology.

These MDOP Group Policy Templates delivers .admx and .adml templates to manage policy across the enterprise for the following MDOP technologies:

  • App-V 5.0
  • App-V 5.0 SP1
  • App-V 5.0 SP2
  • App-V 5.0 SP3
  • App-V 5.1
  • MBAM 1.0
  • MBAM 1.0 R1
  • MBAM 2.0
  • MBAM 2.0 SP1
  • MBAM 2.5
  • MBAM 2.5 SP1
  • UE-V 1.0
  • UE-V 1.0 SP1
  • UE-V 2.0
  • UE-V 2.1
  • UE-V 2.1 SP1

Download it here:

imageCheck out the following click-through demos, guiding IT pros and IT enthusiasts through the latest Office features and functionality.

Office 365 Groups

Office 365 Security & Compliance

And several dozen others.  See the entire list at the link below.


Join us on July 17 & 18 for the live stream of the Microsoft Research Faculty Summit 2017: “The Edge of AI”!

The 18th annual Microsoft Research Faculty Summit in Redmond, WA on July 17 and 18, 2017 will consist of a variety of keynotes, talks, panels, and technologies focused on Artificial Intelligence (AI) research: The Edge of AI.

Microsoft AI researchers are striving to create intelligent machines that complement human reasoning and enrich human experiences and capabilities. At the core, is the ability to  harness the explosion of digital data and computational power with advanced algorithms that extend the ability for machines to learn, reason, sense and understand—enabling collaborative and natural interactions between machines and humans.

We are seeing widespread investments in AI which are advancing the state of the art in machine intelligence and perception, enabling computers to interpret what they see, to communicate in natural language, to answer complex questions, and to interact with their environment. In addition to technological advances, researchers and thought leaders need to be concerned with the ethics and societal impact of intelligent technologies.

The Microsoft Research Faculty Summit 2017 will bring together thought leaders and researchers from a broad range of disciplines including computer science, social sciences, human design and interactions, and policy. Together we will highlight some of the key challenges posed by artificial intelligence, and will identify the next generation of approaches, techniques, and tools that will be needed to develop AI to solve the world’s most pressing challenges.

Focus Areas

We will explore the following areas:

  • Machine learning – Developing and improving algorithms that help computers learn from data to create more advanced, intelligent computer systems.
  • Human language technologies – Linking language to the world through speech recognition, language modeling, language understanding, and dialog systems.
  • Perception and sensing – Creating computers and devices which understand what they see to enable tasks ranging from autonomous driving to analysis of medical images.
  • AI, people, and society – Examining the societal and individual impacts on the spread of intelligent technologies to formulate best practices for their design.
  • Systems, tools and platforms – Integrating intelligent technologies to create interactive tools such as chatbots that incorporate contextual data to augment and enrich human reasoning.
  • Integrative intelligence – Weaving together advances in AI from disciplines such as computer vision and human language technologies to create end-to-end systems that learn from data and experience.
  • Cyber-physical systems and robotics – Developing methods to ensure the integrity of drones, robots and other intelligent technologies that interact with the physical world.
  • Human AI collaboration – Harnessing research breakthroughs in artificial intelligence to design technologies that allow humans to interact with computers in novel, meaningful and productive ways.
  • Decisions and planning – Reasoning about future events to enable informed collaborations between humans and intelligent agents.

If you’re interested in watching the broadcasts, here’s the information:

To add any of the sessions to your calendar, visit the event page at:


We are very excited to announce an upcoming opportunity to ‘Ask Microsoft Anything’ (AMA) about Windows 10 management!

The AMA will take place on Tuesday, July 25th, 2017 from 9:00 AM to 10:00 AM Pacific Time in the Windows 10 management space.

If you aren’t familiar with the concept, an AMA is a live online question-and-answer event similar to a "YamJam" on Yammer or an "Ask Me Anything" on Reddit. The Windows 10 security AMA will give you the opportunity to connect with members of the Windows engineering and product teams, who will be on hand to answer your questions and listen to feedback about:

  • Modern management scenarios: traditional, hybrid, and cloud-based
  • Managing Windows devices with System Center Configuration Manager
  • Managing Windows devices with Microsoft Intune
  • Azure Active Directory
  • Group Policy
  • Microsoft Store for Business and application management

Don’t miss this opportunity. Add the event to your calendar. We hope to see you there!

Posted by: kurtsh | June 29, 2017

DOWNLOAD: Translator for Microsoft Edge

imageThis is worth installing… just in case you need it.  It’s a plugin for Microsoft Edge called “Translator”.

With Translator for Microsoft Edge, you can translate foreign language webpages and text selections for 50+ languages.


  • Look for the Microsoft Translator icon in the address bar when visiting a foreign-language webpage.
  • Click on the icon to instantly translate the webpage to your preferred language. You can also select text you want to translate and right-click to get in-line translations.

For a full list of supported languages, please visit

If the extension does not work after install, please restart Microsoft Edge. If the extension still is not working, please provide feedback through the Feedback Hub.

Get ready for a new way to deploy Windows 10, coming with the Fall Creators Update release.

Learn how to easily set up new PCs with a standard, corporate Windows image using Windows AutoPilot.

Windows AutoPilot, a suite of capabilities powered by cloud-based services, is designed to simplify deployment and management of new Windows 10 PC’s along with enhancements to Mobile Device Management and new Device Health features in Windows Analytics.

Traditionally, IT Pros spend a lot of time on building and customizing images that will later be deployed to devices with a perfectly good OS already installed on them.

Windows AutoPilot introduces a new approach:

  • From the users’ perspective, it only takes a few simple operations to make their device ready to use.
  • From the IT Pros’ perspective, the only interaction required from the end-user, is to connect to a network and to verify their credentials. Everything past that is automated.

Windows AutoPilot allows you to:

  • Automatically join devices to Azure Active Directory
  • Auto-enroll devices into MDM services, such as Intune (Requires an Azure AD Premium subscription)
  • Restrict the Administrator account creation
  • Create and auto-assign devices to configuration groups based on the devices’ profile
  • Customize OOBE content specific to the organization

In the video below, Principal PM Manager for Windows Enterprise and Security, Sidd Mantri, offers an overview of Windows Autopilot, a new cloud service from Microsoft that provides you with a zero-touch experience for deploying new Windows 10 devices to your organization. Sidd illustrates how you and hardware vendor can use Windows AutoPilot, to enable your users to easily setup new Windows 10 devices, and demonstrates the user’s set-up experience.

For more information on Windows Autopilot, visit the announcement page and the product page:

We’ve published a very exhaustive guide to tuning Windows Server 2016 that is available both online as well as a downloadable PDF.

imageWhen you run a server system in your organization, you might have business needs not met using default server settings. For example, you might need the lowest possible energy consumption, or the lowest possible latency, or the maximum possible throughput on your server. This guide provides a set of guidelines that you can use to tune the server settings in Windows Server 2016 and obtain incremental performance or energy efficiency gains, especially when the nature of the workload varies little over time.+

It is important that your tuning changes consider the hardware, the workload, the power budgets, and the performance goals of your server. This guide describes each setting and its potential effect to help you make an informed decision about its relevance to your system, workload, performance, and energy usage goals.

This guide organizes performance and tuning guidance for Windows Server 2016 across three tuning categories:

  • Performance tuning guidelines for Windows Server 2016
      • Server Hardware Tuning
          • Performance considerations
          • Power considerations
      • Server Role Tuning
          • Active Directory Server
          • File Server
          • Hyper-V Server
          • Windows Server Containers
          • Remote Desktop Services
          • Web Server
      • Server Subsystem Tuning
          • Cache and memory tuning
          • Network subsystem tuning
          • Software Defined Networking (SDN) tuning
          • Storage subsystem tuning
      • PowerShell tuning
          • Script authoring considerations
          • Module authoring considerations
      • Additional tuning resources

WARNING: Generating a downloadable version of this guide will produce a 200pg document.

Posted by: kurtsh | June 29, 2017

WHITEPAPER: VLSC User Guide to Online Services

imageThis user guide covers subscribing and activating Microsoft services for first-time users and for existing users.

It provides details on using the Microsoft Volume Licensing Service Center (VLSC) to reserve seats or add new services, view existing services, and change people’s roles.

The guide concludes with troubleshooting tips and where to get support for your services.

Table of Contents:

  • Who is this guide for?
  • Introduction
  • If you are subscribing to Microsoft services for the first time
  • If you are already using some Microsoft services
  • Reserve seats of add new services in the VLSC
  • Change a role in the VLSC
  • Assign seats and manage your services
  • Troubleshooting tips
  • Get help and support for your services
  • More information

Download the paper here:

imageUPDATE 6/29/17:
Guidance from support below updated with more recent content.


The recent outbreak known commonly as the Petya Ransomware, has been addressed by Microsoft in several areas.

The Microsoft Malware Protection Center (MMPC) wrote a really exhaustive article on the new Petya Ransomware on their blog.

The post covers:

  • Delivery and installation
  • Multiple lateral movement techniques
        • Lateral movement using credential theft and impersonation
        • Lateral movement using EternalBlue and EternalRomance
  • Encryption
  • Detection and investigation with Windows Defender Advanced Threat Protection
  • Protection against this new ransomware attack
  • Resources
  • Indicators of Compromise

If you’re interested in background on the malware, this is really good post to read:

    The Microsoft Security Response Center has written a post to address Petya, based on their own investigation.

    The MSRC talks about it’s origins, initial targets, what previous security patch addresses the vulnerability it leverages, and general guidance around the malware – including protection technologies to leverage in the future.

      The following was disseminated to our customers with Premier Support contracts.

      Microsoft’s antivirus software detects and protects against this ransomware. Our initial analysis found that the ransomware uses multiple techniques to spread, including ones which were addressed by a security update (MS17-010) previously provided for all platforms from Windows XP to Windows 10. We are continuing to investigate, and our support teams are fully mobilized and engaged globally to help any impacted customers.

      Windows Defender, System Center Endpoint Protection, and Forefront Endpoint Protection detect this threat family as Ransom:Win32/Petya. Ensure you have a definition version equal to or later than:

      • Threat definition version:
      • Version created on: 12:04:25 PM : Tuesday, June 27 2017 (Pacific Time)
      • Last Update: 12:04:25 PM : Tuesday, June 27 2017 (Pacific Time)

      In addition, the free Microsoft Safety Scanner is designed to detect this threat as well as many others. If you use a solution from an antivirus provider other than Microsoft, please check with that company.

      New guidance from the MMPC Blog
      On Tuesday June 27, 2017, the Microsoft Malware Protection Center (MMPC) released a detailed analysis of the Petya Ransomware attack in a new blog post:

      This MMPC blog provides the most cogent and detailed analysis available on how the malware works and guidance for network administrators and security professionals concerning how to mitigate against specific attack methods.

      New guidance from the MSRC Blog
      On Wednesday June 28, 2017, the Microsoft Security Response Center (MSRC) released a new blog post to provide additional insights and guidance customers can use to improve protections in the enterprise:

      Recommendations from the MSRC blog include:

      • If for some reason you cannot apply the update, a possible workaround to reduce the attack surface is to disable SMBv1 with the steps documented at Microsoft Knowledge Base Article 2696547.
      • Consider implementing techniques like network segmentation and least privileged accounts that will further limit the impact of these types of malware attacks.
      • For those using Windows 10, leverage capabilities like Device Guard to lock down devices and allow only trusted applications, effectively preventing malware from running.
      • Finally, consider leveraging Windows Defender Advanced Threat Protection, which automatically detects behaviors used by this new ransomware.

      New guidance from the Azure Security Center Blog
      On Wednesday June 28, 2017, the Microsoft Azure Security Center released a new blog discussing ​measures that Azure customers can take to prevent and detect Petya malware through Azure Security Center:

      In addition to the recommendations we included in our previous alert on Tuesday, we strongly recommend reviewing the information provided in these blogs for specific steps you can take to mitigate against Petya Ransomware.

      Additional Resources

      Regarding Information Consistency
      We strive to provide you with accurate information in static (this mail) and dynamic (web-based) content. Microsoft’s security content posted to the web is occasionally updated to reflect late-breaking information. If this results in an inconsistency between the information here and the information in Microsoft’s web-based security content, the information in Microsoft’s web-based security content is authoritative

        imageWhen a subscription to Office 365 expires, as an IT Professional, it’s important to understand what the implications are, i.e. what’s going to happen after the subscription lapses?

        The information I’m highlighting below is written documentation / material that is publically available online & accessible as a reference for yourself & for your organization.

        Note: This is simply the information I’ve collected from Microsoft online sources.  It may not be complete & may not represent all scenarios.

        The Online Services Terms is a reference similar to the old “Product Use Rights”, except it’s for cloud services.  It’s a monthly updated Word document that you can download (see below) and contains the latest terms of service.  (Think of stuff like “SLAs”, “Usage rights”, “Microsoft’s obligations”, “customer obligations”, etc.)


        Regarding the expiration of an Office 365 subscription, according to the Online Services Terms, there are 3 bullets that standout to me around the expiration/termination of an Office 365 subscription:

        • Page 4: Data Retention
          “Microsoft will retain Customer Data stored in the Online Service in a limited function account for 90 days after expiration or termination of Customer’s subscription so that Customer may extract the data. After the 90-day retention period ends, Microsoft will disable Customer’s account and delete the Customer Data.”
        • Page 10: Privacy
          “No more than 180 days after expiration or termination of Customer’s use of an Online Service, Microsoft will disable the account and delete Customer Data from the account.”
        • Page 14: Data Retention after Expiration or Termination
          “The expiration or termination of Customer’s Online Service subscription will not change Customer’s obligation to pay for hosting of Customer Data during any Extended Term.”

        From the Office support web site, there is an article that describes the states that a tenant goes through once an Office 365 subscription expires.

        According to the Office support site, deployed Office applications will be affected as well, as described below:


        « Newer Posts - Older Posts »