Kurt Shintaku's Blog

This question came in today from another customer:

Q: We want to use a specific feature of the SharePoint Server 2010 Enterprise CAL however while we are covered companywide for Standard CALs, we only have a limited number of Enterprise CALs?  How can we constrict the usage of Enterprise CAL features on our SharePoint Server to ensure that our Enterprise feature usage isn’t out of license compliance?

I researched this a while ago and the answer basically was, there is no facility to restrict Enterprise CAL functionality usage on a SharePoint Server 2010 with Enterprise CAL functionality “turned on”.  If Enterprise features are enabled on a SharePoint Server 2010 install, every SharePoint site on the server has access to the Enterprise features, such as Forms Services, Excel Services, etc.

This means the answer was:  Spawn a new SharePoint Server.

It turns out that the answer hasn’t changed that much today.  Brian Edwards from Microsoft Consulting Services wrote a blog post that to a marginal degree goes over some techniques on how to identify what sites are using Enterprise features & how to restrict or control those features.

This is not a panacea at all but it’s a start for some that are looking for this:

• Mixing SharePoint Standard CALs and Enterprise CALs on the same farm
  http://blogs.msdn.com/b/bedwards/archive/2011/04/23/mixing-sharepoint-standard-cals-and-enterprise-cals-on-the-same-farm.aspx

I also discovered a tool out there that does some reporting of Enterprise feature usage.  I haven’t tried it obviously but apparently it’s free so…:

ECAL Tracker
Are you paying EXACTLY what you should be for your corporate SharePoint implementation?

ECAL Tracker is the only product that allows you to monitor and report on Enterprise SharePoint Services usage. Use ECAL Tracker to verify that you are paying for the appropriate number of Enterprise Client Access Licenses (ECALs).

Features

• Reveals who is using Enterprise Features and where the features are located within the Microsoft Office SharePoint Server (MOSS) farm.
• Detailed reports showing every use of an Enterprise Feature by user or by Feature with detailed date and time stamp information.
  • Reports are available in HTML, Excel, and PDF formats.
  • Report parameters allow you to select the Web application and reporting timeframe.
• Capable of analyzing all Web applications within a MOSS farm to determine where MOSS Enterprise Features have been implemented.

Advantages

• Gain a detailed understanding of where Enterprise Features have been deployed and who is using them.
• Validate your license agreement with Microsoft.
• Track usage to support audit, compliance or governance of Enterprise Feature access.
• Confirm that your staff is using Enterprise Features appropriately within the organization.

Benefits

• Contains and controls costs
• Provides auditable compliance and governance information
• Reduces software maintenance costs by eliminating dead code
• Eliminates erroneous usage of Enterprise Features and decisions based on inaccurate or old data
• Report results can be integrated into your existing reporting systems and dashboards

• LINK:  RDA ECAL Tracker
  http://www.rdacorp.com/services_solutions/Solutions/ECAL%20Tracker.html

Yup.  You read that right:  “Microsoft Lync leads UC voice market.”

OnWindows reports that the InfoTrack study recently run discovered several important things:

More than 50 per cent of US enterprises have conducted or plan to conduct trials on Microsoft Lync, and a significant per cent plan to implement the unified communications solution as their voice application.

In addition, according to a recent InfoTrack study, 87 per cent of US enterprises found the quality of Microsoft Lync Enterprise Voice to be as good as or better than traditional PBX systems.

Most companies enter a new market and have to prove that they are as good as the market leaders, but even before the trials, most enterprises expected Microsoft Lync to perform at least as well. During the trials, Microsoft in fact exceeded their expectations,” said Susan Hobart, programme director for InfoTrack for unified communications and co-leader of this study.

“One of the most important findings from this study is the high percentage of enterprises that expect to implement Lync Enterprise Voice companywide,” said Terry White, study co-leader and founder of the InfoTrack for unified communications programme.

Read more at:

• NEWS: OnWindows – Microsoft Lync leads UC voice market
  http://bit.ly/xtSyG8

This is not a new article – but it’s so important, I think it’s worth revisiting for folks just moving to Windows 7.

Are you still stuck in the caveman world of “I’ll just Ghost a template PC image for every hardware configuration I own and maintain these images for deployment everywhere”?  That went out with the 90’s folks.  The way desktops are deployed these days involve deploying a SINGLE basic OS image that’s as simple as possible for every desktop PC… then applying task sequences after the image is done to meet the needs of the target configuration.  Here are some of the task sequences that are implemented as part of the deployment process:

1. Validate that the target hardware can install the operating system
2. Capture user files and settings
3. Invoke an installation environment like the Windows Preinstallation Environment (Windows PE)
4. Customize the installation environment
5. Apply the operating system image
6. Apply drivers required by the hardware and connected devices
7. Apply software updates
8. Apply applications based on your selections
9. Join the computer to a domain
10. Reapply user files and settings
11. Configure additional attributes such as BitLocker™ Drive Encryption or server roles

Read more about how to accomplish this here:

• LINK: “Choosing an Image Strategy and Building Windows 7 System Images”
  http://technet.microsoft.com/en-us/library/ee956904(WS.10).aspx

Wow.  This kinda slipped under the radar.  We announced a bunch of new services and benefits as part of Software Assurance Planning Services.

• Desktop Deployment Planning Services 
  Providing Office 2010, Windows 7 deployment planning and Office 365 migration guidance.
• Developer Tools Deployment Planning Service [NEW]
  Providing Visual Studio Team Foundation & Team Studio planning services.
• Lync and Exchange Deployment Planning Service 
  Providing Lync Server 2010, Exchange Server 2010, & Exchange Online, Lync Online deployments as well as planning hybrid solution deployments (both online and off).
• Private Cloud Management and Virtualization Deployment Planning Service [NEW]
  Providing Windows Server Hyper-V, private cloud & management server deployment planning services.
• Public Cloud, Azure Deployment Planning Services [NEW]
  Providing Windows Azure & SQL Azure migration planning services.
• SharePoint Deployment Planning Services
  Provides SharePoint 2010 Deployment, Upgrade, and Internet Site planning as well as Office 365 migration guidance.
• SQL Server Deployment Planning Service [NEW]
  Providing application & database migration, BI & reporting analysis deployment & upgrading planning services.

Here’s a video on Software Assurance Planning Services for 2012:
http://www.microsoft.com/licensing/about-licensing/media/Software_Assurance_Planning_Services.asx

Here’s more information on the new Planning Services our Software Assurance web site:
http://www.microsoft.com/licensing/software-assurance/planning-services-overview.aspx

An overview of all new Software Assurance benefits for 2012 is available here:
http://download.microsoft.com/download/5/c/7/5c727885-ec15-4920-818b-4d140ec6c38a/What_is_New_with_SA_Benefits_FY12.pdf

The Solution Accelerators team is pleased to announce Microsoft Deployment Toolkit (MDT) 2012 RC1 is available for download on Connect now.

Download the MDT 2012 RC1 release now

New features and enhancements make large-scale desktop and server deployments smoother than ever!

Support for Configuration Manager 2012 RC2: This update provides support for Configuration Manager 2012 RC2 releases. MDT 2012 fully leverages the capabilities provided by Configuration Manager 2012 for OS deployment. The latest version of MDT offers new User-Driven Installation components and extensibility for Configuration Manager 2007 and 2012. Users now also have the ability to migrate MDT 2012 task sequences from Configuration Manager 2007 to Configuration Manager 2012.

Customize deployment questions: For System Center Configuration Manager customers, MDT 2012 provides an improved, extensible wizard and designer for customizing deployment questions.

Ease Lite Touch installation: The Microsoft Diagnostics and Recovery Toolkit (DaRT) is now integrated with Lite Touch Installation, providing remote control and diagnostics. New monitoring capabilities are available to check on the status of currently running deployments. LTI now has an improved deployment wizard user experience. Enhanced partitioning support ensures that deployments work regardless of the current structure.

Secure Deployments: MDT 2012 offers integration with the Microsoft Security Compliance Manager (SCM) tool to ensure a secure Windows deployment from the start.

Reliability and flexibility: Existing MDT users will find more reliability and flexibility with the many small enhancements and bug fixes and a smooth and simple upgrade process.

Support for Windows 8: The RC1 release of MDT 2012 provides support for deploying Windows 8 Consumer Preview in a lab environment.

Key Benefits:

• Full use of the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
• Improved Lite Touch user experience and functionality.
• A smooth and simple upgrade process for all existing MDT users.

New Features:

For System Center Configuration Manager customers:

• Support for Configuration Manager 2012 (while still supporting Configuration Manager 2007)
• New User-Driven Installation components for Configuration Manager 2007 and Configuration Manager 2012
  • Extensible wizard and designer, additional integration with Configuration Manager to deliver a more customized OS experience, support for more imaging scenarios, and an enhanced end-user deployment experience
• Ability to migrate MDT 2012 task sequences from Configuration Manager 2007 to Configuration Manager 2012

For Lite Touch Installation:

• Integration with the Microsoft Diagnostics and Recovery Toolkit (DaRT) for remote control and diagnostics
• New monitoring capabilities to see the progress of currently running deployments
• Support for deploying Windows to computers using UEFIAbility to deploy Windows 7 so that the computer will start from a new VHD file, "Deploy to VHD"
• Improved deployment wizard user experience

For all customers:

• Integration with configuration templates from the Security Compliance Manager Solution Accelerator, ensuring Windows is secure from the start
• A simple mechanism for running Windows PowerShell scripts during a deployment, with task sequence environment and logging integration
• Better partitioning support, creating the recommended partitioning structures on new computers and ensuring deployments work regardless of the current structure
• A smooth and simple upgrade process for all existing MDT users
• Many small enhancements and bug fixes

This is insane.  I’m sorry but I just have to say that.  We’re basically slashing prices on SQL Azure by ~50%.

Crazy.

To meet evolving customer needs across both ends of the database size spectrum, we are lowering the price of SQL Azure and introducing a 100MB database option.

Customers will realize 48% to 75% savings for databases larger than 1GB. The 100MB DB option enables customers to get started using SQL Azure at half of the previous price, while still providing the full range of features including: high availability, fault tolerance, self-management, elastic scale-out, on-premises connectivity, and full Service Level Agreement. Full details on our new pricing can be found here.

…

Read more here:
http://blogs.msdn.com/b/windowsazure/archive/2012/02/14/announcing-reduced-pricing-on-sql-azure-and-new-100mb-database-option.aspx

I got this question from a customer today:

Q: Why should we use Forefront’s Antivirus technologies on our PCs?  Isn’t that the same thing as Microsoft Security Essentials?

There’s a very significant difference between the two:

• Microsoft Security Essentials is the free antimalware service that provides real-time protection to consumers and small businesses to address the ongoing security needs of a genuine Windows PC, helping to protect it from viruses, spyware and other malicious threats.
• Forefront Endpoint Protection 2010 provides endpoint protection for business environments, including not only antimalware, but behavior monitoring and firewall management protections. Forefront Endpoint Protection also includes central deployment, configuration, and reporting features needed for ensuring protection is maintained across the enterprise. Both Forefront and Microsoft Security Essentials share the same Antimalware Protection Platform and provide comprehensive security protection to their users.

FOR CONSUMERS
For consumers and very small businesses needing protection from malicious software including Spyware, Viruses, Trojans and rootkits, Microsoft Security Essentials is a free, high-quality anti-malware service that efficiently addresses the ongoing security needs of a genuine Windows-based PC. Forefront Endpoint Protection 2010 provides endpoint protection for business environments, including not only antimalware, but behavior monitoring and firewall management protections. Forefront Endpoint Protection also includes central deployment, configuration, and reporting features needed for ensuring protection is maintained across the enterprise

FOR ENTERPRISES
Forefront Endpoint Protection, the next generation release of Forefront Client Security, simplifies and improves endpoint protection while greatly reducing infrastructure costs. Built on System Center Configuration Manager 2007, it will allow customers to use their existing client management infrastructure to deploy and manage endpoint protection. This shared infrastructure lowers ownership costs while providing improved visibility and control over endpoint management and security.

New key features included in FEP include:

• Integration with Configuration Manager. Single interface for managing and securing endpoints reduces complexity and improves troubleshooting and reporting insights.
• New Antivirus Engine. Highly accurate and efficient threat detection protects against the latest malware and rootkits with low false positive rate.
• New behavioral threat detection. Protection against “unknown” or “zero day” threats provided through behavior monitoring, emulation, and dynamic translation.
• Windows Firewall management. Ensures Windows Firewall is active and working properly on all endpoints, and allows administrators to more easily manage firewall protections across the enterprise.

FOREFRONT HOST INTRUSION PREVENTION
One of the big inclusions within Forefront Endpoint Protection is Host Intrusion Prevention capabilities.

Host intrusion prevention includes a wide variety of technologies that help prevent unwanted activity on endpoint and server operating systems. These protections are spread across the application, file system, and network layers. Forefront Endpoint Protection incorporates several Host Intrusion Prevention technologies.

• Application: Behavior monitoring
• File System: Antimalware (known threats) and Dynamic Translation and Emulation (unknown threats)
• Network: Windows firewall management

There is an additional vulnerability shielding technology, known as Network Inspection System (NIS), that is also in the Forefront Endpoint Protection 2010. Based on a similar technology found in Forefront Threat Management Gateway Web Protection Service, it is designed to protect endpoints against application-layer threats through signatures and a deep protocol and application analysis.

Forrester did a study of the benefits achieved by organizations using System Center Configuration Manager by deploying Forefront Endpoint Protection (FEP) 2010 and integrating their desktop management and security infrastructure.

Their study indicates a total Net Present Value (NPV) of almost $300k for a reference customer with 5000 seats.

Forrester interviewed eight FEP customers for this study.  Based on these interviews, we developed a composite organization with 5,000 endpoints, typically PCs running the Microsoft Windows operating system.  The composite organization has two security administrators and two desktop administrators and experiences approximately 200 malware incidents annually.  The financial analysis found that a composite organization experienced the risk-adjusted costs and benefits shown in Table 1.

Benefits.  The composite organization experienced the following benefits that represent those experienced by the interviewed companies.

• Reduction in labor effort for malware remediation of $36,153
• Reduction in labor effort for investigating malware alerts of $81,738.
• Reduction in labor effort for client administration of $112,207.
• Cost avoided by software maintenance fees of $134,041.

Click below to download the entire report:

• WHITEPAPER: Forrester Research study on the Total Economic Impact of Forefront Endpoint Protection 2010
  http://download.microsoft.com/download/A/F/3/AF3EB4CF-B683-4816-A107-DFAF508EB61A/TEI%20of%20Microsoft%20FEP2010%20FINAL.pdf

The Windows 8 Consumer Preview Product Guide for Business provides a detailed look at the many new and improved features in Windows 8.

The guide is designed as an accurate source of information that can help businesses understand how Windows 8 enables users to be ready and productive practically anywhere, allows for a personalized user experience, and provides IT with more secure, easy-to-manage intelligent infrastructure.

• DOWNLOAD: Windows 8 Consumer Preview Product Guide for Business
  http://www.microsoft.com/download/en/details.aspx?id=28970

Microsoft was a huge hit at LegalTech 2012 January 30-February 1, 2012. A full listing of the sessions presented during our Super Session is available on the “Featured Content for Law Firms” page on Microsoft.com.

Review the material there or click on one of the PowerPoint deck links below:

• BA Insight – Delivering Matter-Centric Search with Dashboards on SharePoint
• Brian Zeve – Looking Ahead at Technology
• Chinook Communications – How to Guide: Migrate Your IT Services to the Cloud
• Epona – Demonstration of DMSforLegal
• Gig Werks – SharePoint for Legal: Considerations in Information Architecture and the Leveraging of Third Party Products
• K2 – Streamlining the Onboarding of New Clients and Matters
• Litera – Do You Have Content Confidence?
• MacroView – MacroView DMF: Enabling SharePoint-based DM Solutions that Meet the Needs of Legal
• MetaVis – SharePoint as a DMS
• Microsoft – Success Factors for Legal Web Portals
• Microsoft LCA – Practical Practice Technologies: Constructing Seamless Legal Services
• Mimecast – Can We Trust the Cloud?
• Sword – Best of Breed v. the Single Platform
• Workshare – Streamlining Legal Document Management with SharePoint, Office 365, and Workshare Point