All right, it’s time for some more mandatory fun!

Chad here again kicking off 2017 and ready with another MFA mailbag. In the last couple months, I’ve been having a lot of conversations with customers around Azure MFA Server licenses requirements, billing, and split configurations. In this mailbag, I’ve taken some of these “What if.” and “How does this work?” questions that you implementers can get stuck on and will hopefully provide the answers you need to get started on your deployment. Also our team has really grown lately and some of these faces are going to join in on our blogging efforts. Check back on Fridays for a new posts.

Question 1:

I know when I use the text message option of Azure MFA, I get a 6 digit code texted to me. How long is that code good for? Can I change the length of the code and the length time the code is valid?

Answer 1:

When using Azure MFA Server, the default timeout is 5 minutes. There is no UX to configure it. It can be configured via a registry key setting.

When using (cloud-based) Azure MFA, the timeout is 3 minutes; this is not configurable. The length of the code (6 digits) is not configurable.

Questions 2:

Does the downloadable MFA SDK used for Azure MFA Server supports texting and calling to international numbers? Is there any additional cost associated with doing so?

Answer 2:

Yes, the downloadable SDKs supports both texting & phone calls to international calls. However, users may incur charges for receiving or replying to international calls and texts depending on the terms of their cellular plan and carrier.

Question 3:

Can you explain to me about how billing works for Azure MFA Server?

Answer 3:

There are several options for billing:

1. Per-User Consumption: Create a per-user MFA Provider in an Azure subscription. MFA Server reports the number of users marked as Enabled to our cloud service. The cloud service reports the number of users to the Commerce system to bill the Azure subscription for the number of users enabled.
2. Per-Authentication Consumption: Create a per-authentication MFA provider in an Azure subscription. The cloud service reports the number of verification requests that have occurred daily to the Commerce system to bill the Azure subscription.
3. License: Purchase standalone MFA, Azure AD Premium and/or EMS licenses. MFA Server reports the number of users marked as Enabled to the cloud service. The customer needs enough licenses to cover the number of users enabled. While we encourage licenses to be assigned to AAD users, the MFA system only looks at the total count of users enabled for MFA.

You can mix options 1 and 3 by creating a per-user MFA Provider in an Azure subscription that is linked to your Azure AD tenant that has your MFA, AAD Premium and/or EMS licenses. The Azure subscription will only be billed for the number of users enabled for MFA that exceed the number of licenses owned. For more information, please visit our Multi-Factor Authentication Pricing documentation. For more information, please visit our Multi-Factor Authentication Pricing documentation.

Question 4:

I want to understand if there are charges for failed authentications? Also, can I use a hybrid model with some users set as pay per user per month and others set up to pay per authentication?

Answer 4:

The only way to do a hybrid where some are per-user and other are per-authentication would be to have two separate MFA Providers that are used with two different environments or user groups. Another option would be to use Azure MFA (cloud) and a MFA Provider that is configured per auth. Azure MFA today only works for cloud-based resources and when using AD FS 2016. For per-authentication billing, we bill for each authentication attempt, including failed attempts.

Question 5:

Can my organization switch between per-user and per-authentication consumption billing models at any time?

Answer 5:

If you are using an Azure MFA Provider that is linked to your Azure AD tenant, you can safely delete the current provider and recreate it with the other usage model as long as you link the new one to that same Azure AD tenant. There are only issues deleting and recreating MFA Providers that aren’t linked to an Azure AD tenant.

And that finishes up your Azure MFA FAQ’s for the week! We hope you took away something new or had an “ah ha” moment Keep the feedback coming to the GTP Team.

For any questions you can reach us at
AskAzureADBlog@microsoft.com, the Microsoft Forums and on Twitter @AzureAD, @MarkMorow and @Alex_A_Simons

Chad Hasbrook, Mark Morowczynski, Shawn Bishop, Todd Gugler

This Week on Windows, we’re bringing you new releases including The Girl on the Train and Sherlock, Season 4, talking all about CES 2017 and we’re showing you how to get the most out of our favorite digital assistant, Cortana.

Here’s a recap of what happened at CES 2017:

Whether you’re looking for a new gaming PC, interested in 2-in-1 convertibles or thinking about a ThinkPad, we’ve got the latest Windows 10 tech ready to rock – check these out.

First off was the HP Sprout Pro– the second-generation all-in-one PC with its unique HD resolution projector, touch mat and 2d/3d cameras that make it easier than ever to capture a 3D image.

Lenovo ThinkPad X1 Yoga

From laptops to tablets, Lenovo’s new ThinkPad devices are thinner and lighter than ever before and offer more performance power.

Toshiba got in on the convertible game with its debut of the new Portégé X20W 2-in-1, featuring a 360-degree dual-action hinge while taking advantage of the best of Windows 10, including multi-directional microphones to support Cortana.

MSI launched a brand-new lineup of VR-ready gaming devices powered by Windows 10, the latest Intel 7th generation CPUs and NVIDIA GeForce GTX 10 GPUs. With Windows 10, these devices have your personal digital assistant, Cortana, built-in, are equipped with the Xbox app and Direct X12 and can take advantage of Xbox Play Anywhere.

Dell introduced the Dell Canvas– a horizontal smart workspace with touch, totem and pen capabilities –  a 13-inch 2-in-1; a new Inspiron gaming line, a wireless charging 2-in-1 for the ultimate “no wires” experience and way more.

LG’s new Gram laptops are built to deliver superior portability in ultra-lightweight designs with near-edgeless touch screens to unlock experiences like Windows Ink and built-in finger print readers to take advantage of Windows Hello.

Samsung opened a new world of gaming with their first-ever gaming PC powered by Windows 10 — the Samsung Notebook Odyssey — and showed off the recently updated Samsung Notebook 9 15′.

And rounding things out – literally – we have the curved-screen Acer Predator 21X gaming laptop. The Predator features the latest 7th generation Intel Core i7-7820hk processor and Tobii eye-tracking technology, making it the ultimate PC for gaming enthusiasts.

Here’s what’s new in the Windows Store this week:

Forza Horizon 3 Rockstar Energy Car Pack

The new year has arrived and Forza is celebrating 2017 in the best way we know – with amazing cars ready to hit the open roads in the Forza Horizon 3 Rockstar Car Pack ($6.99)!  This pack features everything from classic Japanese power to a Ford trophy truck that’s ready to conquer anything Australia can throw at it. Then there’s the awesome BMW i8, making its production car videogame debut here in Forza Horizon 3.

The Girl on the Train

Reeling from a messy divorce, Rachel (Emily Blunt) is obsessed with the seemingly perfect couple whose home she passes every day on the train…until she witnesses something shocking one day that draws her deeper and deeper into their world. The Girl on the Train ($14.99) is available now in the Movies & TV section of the Windows Store, two full weeks before Blu-ray and DVD.

Countdown Collection

We’re counting down to the New Year with a collection in the Windows Store*! For a limited time, save up to 30% on the hottest games, get apps, software and chart-topping music, find movies as low as $8.99, today’s hit TV shows up to 50% off and more.

New Year, New You Collection

The New Year offers a clean slate and fresh motivation for self-improvement, and our New Year, New You Collection brings together the tools you need to make the most of your life in the months ahead. Find popular apps in the collection including ToDoist, 7-Minute Workout Challenge and more.

Sherlock, Season 4

Britain’s most legendary detective makes his highly-anticipated return to Baker Street, ready to take on remarkable cases and face new foes, while his friends John and Mary Watson prepare for their greatest challenge yet: parenthood. Watch the Sherlock ($19.99 HD, $13.99 SD for Season 4) season premiere, “The Six Thatchers,” available now in the Movies & TV section of the Windows Store.

Have a great weekend!

*Available through Jan. 9, 2017, on Windows 10 devices in the US, UK, Canada, France, Germany, Spain, Italy, Mexico, Brazil, and Australia. Offers and content varies by market. Limited availability; offers may change at any time.

The post This Week on Windows: CES, Forza Horizon 3, Cortana tips and more appeared first on Windows Experience Blog.

Thecurrent branch (version 1610) of System Center Configuration Manager now supports macOS Sierra(v10.12).macOS Sierrasupport requires that Configuration Manager Mac clients have a minimum client version of 5.0.8466.1. You can download the latest Mac client for System Center Configuration Manager here.

Note: The version of theMac client agent displayed in the Mac preference pane may be different than the version collected by hardware inventory and displayed in the Configuration Manager Console.

For more information about how to upgrade the Configuration Manager Mac client, refer to the How to upgrade clients on Mac computers in System Center Configuration Manager topic.

An update to System Center Endpoint Protection (SCEP) for Mac which includes support for macOS Sierra is also available on the Volume Licensing Service Center (VLSC) https://www.microsoft.com/Licensing/servicecenter. The required version is 4.5.27.1.

Additional resources:

• Whats New in System Center Configuration Manager
• Get Ready for System Center Configuration Manager
• Start Using System Center Configuration Manager
• Upgrade to System Center Configuration Manager
• Technical Documentation for System Center Configuration Manager
• Download an evaluation version of System Center Configuration Manager
• System Center Configuration Manager Forums
• System Center Configuration Manager Support
• Report an issue
• Provide suggestions
• Download the Configuration Manager Support Center

We hope everyone had a great vacation and a very happy New Year!

We’re excited to be back and while we have a few exciting updates on the way, here are a few things that you might have missed.

Patterns & Controls Tutorials

Fly out menus. Dialogue boxes. Buttons. Check, check and check. Learn how to add all of these controls and patterns to your UWP apps, and spruce up your UI for 2017.

Tell us what you want to see on our blog!

Our blog team wants to create the content that you want to read. Sounds simple, right? Do you want more tutorials? More code samples? Guest blogs? Whatever you want more of, let us know. We’ll do our best to use your feedback to inform our future blog content.

New Ch9 Show on Gaming

Don’t miss Stacey Haffner, our very own .NET Program Manager, in her new Ch9 show all about gaming and UWP game development.

Typescript Tutorial for C# Developers

Jesse Liberty has a new video tutorial about Typescript for C# devs.

He says that, “TypeScript brings object-oriented programming to JavaScript, giving developers a scalable, feature-rich language that compiles into super clean code. While TypeScript is traditionally taught from the perspective of JavaScript, C# is a great entry point, since it features some of the same constructs, abstractions and syntax.”

Check it out below.

The best automated e-mail response of the break:

And that’s it! Have a great weekend and we’ll see you next week.

Download Visual Studio to get started.

The Windows team would love to hear your feedback. Please keep the feedback coming using our Windows Developer UserVoice site. If you have a direct bug, please use the Windows Feedback tool built directly into Windows 10.

The post ICYMI – What happened over vacation? appeared first on Building Apps for Windows.

Deploying multi-tier line of business (LOB) applications as virtual machines in Azure is a combination of:

• What you already know, which is how to configure the servers and the overall application in your local datacenter.

• What you might not already know, which is how to adapt and design the application for the networking, storage, and compute elements of Azure infrastructure services.

To help with what you might not already know, you can step through a design methodology that incorporates the following:

1. Resource groups
2. Connectivity
3. Storage
4. Identity
5. Security
6. Virtual machines

To understand this design methodology and use it for your own LOB application, see the Design and Build an LOB application in Azure IaaS video and slide deck of the November 2016 webinar for the Cloud Adoption Advisory Board (CAAB).

The webinar video has the following sections:

• Definitions and assumptions (starts at 3:12)
• Design process (starts at 8:05)
• Design example (starts at 38:50)
• Build with Azure PowerShell (starts at 50:30)

The result of the design process, which incorporates Azure Patterns and Practices recommendations and best practices, is a table of virtual machines and their Azure infrastructure-specific settings. Here is an example:

After you have determined the table entries, it’s much easier to build out the elements and get all the Azure infrastructure settings correct. For example, here is how you might use the table and a PowerShell command block to create a virtual network and its subnets:

Additionally, here is how you might use the table and a PowerShell command block to create a virtual machine:

The slide deck has the following appendices that were not covered in the webinar:

• PowerShell command blocks  Each slide is a fill-in-the-blanks set of Azure PowerShell commands to build an element of Azure infrastructure services.
• Design your naming conventions  Tips for determining how to name your Azure infrastructure elements.

Use this design methodology for accelerated and successful deployments of LOB applications hosted in Azure infrastructure services.

Today’s post, co-authored by Michael Richtberg, VP at SoftNAS, who heavily contributed in describing much of the technical details discussed in this document.

What if you could take advantage of the unlimited flexibility offered by an Azure cloud hosted infrastructure without changing your applications or your data?  Would you consider a move that can keep up with your business, as needs change and your demands grow, without the strain of rearchitecting your own capital intensive data centers?  Consider the flexibility and scale of Microsoft Azure on-demand resources, that no single organization could possibly afford, that allows you to tap into virtually unlimited adaptability… anywhere in the world!

IT organizations need the freedom to make the best choices for their business. Demands on enterprise storage capacities continue to grow at an increasing rate. Access to storing more data and enabling more applications and users, regardless of access requirements, are essential. With ultra-easy consumption, pay-as-you-grow pricing and no architectural limits on growth, the appeal of the consumption model of public cloud is rising.

SoftNAS Cloud® is a software only enterprise storage virtual appliance solution that can replace traditional on-premise storage options for applications that typically require NFS, SMB/CIFS/SMB, iSCSI, and Apple File Protocol (AFP). Microsoft has partnered with SoftNAS to enable an easy transition to Azure for customers that need storage capacities ranging from terabytes to many petabytes.

How Does SoftNAS Cloud Work?

Unlike traditional storage that you pick from a list of SKUs and then wait for it to arrive, SoftNAS Cloud running on Azure, takes less than an hour to configure. There are four fundamental steps that all occur via the Azure Portal:

• Creating the Virtual Storage Appliance– The Azure search function locates the SoftNAS Cloud image and then walks you through selecting an “instance type” for the virtual controller. Options instantly show up on the workflow in the portal for picking an appropriate compute capacity for loading the SoftNAS Cloud image. Azure instance types provide the vital physical ingredients that allow different degrees of performance like RAM and local SSD for caching, networking, and CPU. Here’s a video for details.
  
• Attaching the Storage Account– Using the flexible options for storage performance and capacity types available on Azure, users can attach the appropriate media provisioned from an Azure storage account. The options range from all flash to cool blob (object) storage types. See more on using Azure block storage or for adding Blob (object) storage.
  
• High Availability– Using Azure Availability Sets, SoftNAS Cloud enables two instances that communicate via a virtual IP address to the workloads. The Availability Set architecture ensures that the two virtual machines running SoftNAS Cloud are not part of the same affinity group. For more information on setting up high availability, please see this video.
  
• Final steps: Confirm the configuration, purchase and push the setup to deployment. In less than an hour, the NAS storage solution has been created and ready to use. Configuring the volumes
  and LUNs occurs via the SoftNAS StorageCenter™ web console. Here’s a video for an overview of the SoftNAS StorageCenter and more information on configuring pools and volumes.

The resulting configuration leverages the Azure infrastructure that can now service workloads using standard storage protocol interfaces that can adjust over time to match business requirements. SoftNAS Cloud utilizes the Azure block and/or object storage accounts as a storage pool much like traditional storage systems use disk drives.

SoftNAS Cloud and Azure make a great combination for increasing the native Azure file services capacity beyond the 5TB limit available today. Because SoftNAS Cloud is a software only means of creating the storage system, customers have the flexibility to choose from a wide range of Azure compute instances to meet varying performance demands. SoftNAS Cloud leverages these combinations to provide flexible cost and performance storage solutions that are often difficult or impossible to obtain using conventional on-premises options. If you are unsure of your future demands, you simply add-on capacity as your needs change.

Thinking you might be taking a step backwards by shifting your storage and applications to the cloud? SoftNAS Cloud includes all the enterprise features expected from an on-premises network storage solution. This includes these advanced capabilities:

If Azure already provides storage, why do I need SoftNAS Cloud?

Indeed, Azure provides various storage options, but these may not help fill all the needs customers have for making the shift to a public cloud hosted infrastructure. Here are some reasons why and how SoftNAS Cloud complements these Azure offerings:

Ideal Uses Cases

The use cases for software-based virtual storage appliances hosted on Azure span many segments. At the end of the day, all computing resources require and use storage. For unstructured data with ever increasing file sizes, examples of ideal uses include:

• Archive and record retention
• User file sharing
• Video/media storage
• User file directories
• Source code repository
• Medical records
• Legal documents
• Energy Industry data
• Big Data
• Genomics

Hybrid storage for extending on-premises capacities to Azure using standard mountable NAS protocol connected over a VPN WAN connection is also a common use case. Use the existing data center infrastructure and expand to an Azure hosted storage option with ease. SoftNAS Cloud provides on premises to cloud capabilities for replication or expansion.

When to Think About Using

In summary, SoftNAS Cloud fits customer needs for the following scenarios when considering Azure: 

• SoftNAS Cloud extends native capabilities of Azure for CIFS/SMB, NFS, AFP, iSCSI storage. 
• For use cases where applications need large file capacity (up to many petabytes) and need an easy way to move them to Azure. 
• You are ready to move from traditional on-premises storage to an elastic public model but don’t want the expense of re-engineering the data services.
• Need a flexible storage model that can service different roles ranging from high performance all flash to capacity oriented Cool Blob.

How to Get Started:

You can get started with SoftNAS Cloud on Azure in multiple ways via the Azure Marketplace:

1. Free Azure Test Drive: Get started in under 10 minutes using the Azure Test Drive. This option allows you to quickly try SoftNAS Cloud without having to install or configure anything. The SoftNAS Cloud instance loads automatically, connects the Azure storage account and pre-provisions multiple storage volumes/LUN using NFS, CIFS/SMB, and iSCSI. No Credit card or Azure Subscription required but the environment is available for 1 hour from the time you enter the test drive.  
2. Free 30-Day Trial:  You can also try the SoftNAS 30 day Free-Trial on your Azure subscription.  This will allow you to install, configure and use SoftNAS Cloud as if you were running in a production environment. This allows you to explore the product for multiple weeks; but, it will require an Azure subscription. 
3. Purchase: You can purchase SoftNAS Cloud on the Azure Marketplace. We offer an Express Edition for 1TB of capacity, a Standard Edition for 20TB of capacity. Discounted larger deployments up to many petabytes, are available via a BYOL (Bring Your Own License) obtained by contacting the SoftNAS Sales team or an authorized reselling partner.

You can also find additional helpful information via these resources:

• SoftNAS Video Tutorial
• User Reference guide
• Contact SoftNAS support

You can also learn more about SoftNAS Cloud at our YouTube channel.

Azure Security Center now offers full support for Windows Server 2016. Today, the Azure Monitoring Agent, which is used by Security Center to collect security metadata from virtual machines, is compatible with Windows Server 2008 R2 and newer versions, including Windows Server 2016, as well as most popular Linux distros (see complete list).

Security Center leverages this metadata to identify security issues, such as missing system updates and vulnerable OS configurations, and applies behavioral analysis to detect malicious activity, such as an attacker executing code or attempts to persist on a compromised VM.

To enable these protections:

• Launch Security Center from the Azure portal
• Turn on data collection (if you have not done so already) to automatically provision the Monitoring Agent on all supported VMs
• Start the 90-Day free trial to enable behavioral analysis and other advanced threat detections

In our first release of the new year, we’ve included a lot of great pull request features.  Let’s take a lap around them to see how they can help improve your workflow.

My Pull Requests

One of the big features in the latest release is the new, personalized account page, which includes a new “My Pull Requests” view.  The experience is just like the existing project scoped PR view, but provides a single place to see all of your PRs, in all projects and repos in the account.  For developers working in multiple projects and/or repos, this view makes it significantly easier to keep track of all of your PRs.

The next feature coming to the My PRs view is the addition of the PRs assigned to the teams that you’re a member of – a feature we plan to make available in the next release.

Highlight updated PRs

In the My PRs view (and in the existing PR hub), you’ll notice another new feature – highlights about what’s new in your PRs.  At a glance, you can see which PRs have updates, as well as what’s changed – whether it’s a new comment, votes from reviewers, or newly pushed changes.

Once you open a PR with updates, the Overview will highlight the changes that have occurred since you last viewed the PR.  In the example below, you can see the new vote from Mateo, and the update to the comment on Program.cs.

View diffs of the latest code changes

When a PR has new code changes since you last viewed it, the overview will provide a link to see the diff between the latest changes and the code as you last saw it.

Clicking on the link will take you to the Files view where you can see how the code has changed while you’ve been away.  In the screenshot below, notice the “Comparing 6 to 8”, which indicates that this is a diff between pull request updates.  The list of changed files and the code diffs are scoped to just those files with changes since you’ve last viewed the PR.  This feature is really useful to see how the author has responded comments you’ve left on a PR.

Email notifications

Staying up to date on all of your PRs can be tough – email notifications can make that easier, especially when they’re automatically configured for you.  In the latest release, we have a preview of a new “out-of-the-box notifications” feature, which includes notifications for your PR changes.  This feature is great for ensuring that all of the reviewers on your PRs know that you’ve asked them to review your changes – and it will help you know when your input is needed by others.

Currently, these default notifications only work for individual reviewers – teams and groups added to reviews won’t receive emails yet.  We know this is a painpoint, and we’re working hard to improve that in an upcoming release.  In the meantime, you might try configuring team notifications manually so PRs don’t fall through the cracks.

Attachments

One of the most frequently asked for PR features has been to allow images on the clipboard to be pasted into comments – screenshots of UI changes are number one scenario.  With the addition of attachments, we’re now able to support images pasted from the clipboard.

You can also attach other file types that are rendered as links in the comments.  Here’s an example of a Word doc being dragged into a comment.

The next feature for attachments will be to allow files to be attached to the PR description when you’re creating the PR.  As a workaround, you can edit the description after the PR is created to add your screenshots and other attachments like test plans, specs, etc.

Merge conflict details

For PRs with conflicts, we’ve made it easier to identify which files have conflicts.  When you have a PR with conflicts, the list of conflicting files and the type of conflicts will be shown in the PR overview.

Merge strategy policy

Some teams care a lot about how their PRs should be merged into the target branch.  Some want to see the merge commits so they see the history of the intermediate commits, while others want a clean history graph and choose to squash.  Until now, the choice to merge or squash was a user option, and could be changed on each PR.  With the new merge strategy policy, teams can configure how PRs should be merged for each branch.

Exclude paths from required reviewer policies

Teams using the required reviewers policy sometimes find that not all items in a given folder need review signoff from a specific team.  To accommodate this, we’ve enabled path exclusions when configuring policies.  Simply add a “!” prefix on the paths you want to exclude from the policy.  The example below shows how you might configure all files to require signoff from someone in the Contributors group, except for changes to the docs folder.

The next few releases will contain more great PR features, so stay tuned.  And if there is something we’re missing, don’t hesitate to submit ideas on the Team Services UserVoice site.

Happy coding!

All organizations, regardless of size and industry, have data that they consider sensitive. Data Loss Prevention (DLP) is an important capability for protecting this information from getting into the wrong hands. We are always looking to enhance the DLP solution in Office 365 to help meet this organizational need. Today, we are pleased to announce a single management experience for DLP policy creation and reporting across Exchange Online, SharePoint Online and OneDrive for Business. In addition, we are introducing enhancements to the DLP data delivered via the Management Activity API.

Unified policy creation

To date, IT admins have managed DLP for Exchange Online via the Exchange admin center (EAC), while managing DLP for SharePoint Online and OneDrive for Business from the Office 365 Security and Compliance Center. Now admins can create a single DLP policy in the Office 365 Security and Compliance Center that covers Exchange Online, SharePoint Online and OneDrive for Business. The unified DLP platform allows organizations to manage multiple workloads from a single management experience, reducing the time required to set up and maintain security and compliance within your organization.

Apply a single policy to protect across Exchange Online, SharePoint Online and OneDrive for Business.

These changes do not impact any existing policies created via the EAC, and you will still be able to create new email DLP policies in the EAC. However, we recommend you check out the new DLP management experience in the Office 365 Security and Compliance Center, as this is where you’ll see new capabilities show up in the future.

Unified reporting

Along with unified policy creation, we also now provide a single location to view reports for your DLP policies across Exchange Online, SharePoint Online and OneDrive for Business. This makes it easier to understand the business impact of your DLP polices and uncover actions that violate policies across multiple workloads.

Report that shows DLP policies matches from Exchange Online, SharePoint Online and OneDrive for Business.

DLP events in the Activity Management API

Lastly, based on customer feedback, we are providing additional details for DLP events published via the Activity Management API. The Activity Management API enables organizations to connect DLP event data from Office 365 with third-party tools, such as a security information and event management (SIEM) system. Now event details provided via the Activity Management API will contain the same data as the alerts generated in Office 365 to notify IT admins when a DLP event occurs. This data requires separate permissions in Azure AD called, “Read DLP policy events including detected sensitive data,” which an admin can grant. To learn more, check out the API schema reference.

What’s next?

We will continue to invest in DLP and are currently working on new functionality—such as the ability to create custom sensitive types for unified DLP polices and a simplified DLP administrative experience. If you want to learn more about the investments we are making, watch sessions from Microsoft Ignite around our DLP investment areas and how to customize and tune DLP.

The post Unifying Data Loss Prevention in Office 365 appeared first on Office Blogs.

We’ve talked about how you can get started with Windows Hello– today, we’re going to show you how you can add multiple accounts to the same Windows 10 PC, and set it up so anyone you share it with can login to their own account using their own face or fingerprint with Windows Hello.

To get started, launch the Windows Settings menu (or simply type Windows key + I):

Type in the search box ‘’Family’’ or “Other people,’’ or go to Accounts > Family & other people.

Add a family member or friend

Select “Add a family member” or “Add someone else to this PC based on your needs.” Type in their Microsoft account email address.

Have them login with their new account

Sign out from your account and ask the other person to sign in back with their own account. They will be prompted to setup a new profile, including the setup of Windows Hello with their own face or fingerprint sign-in.

All set! Now every time each of you will show your face or touch/swipe your finger you will get uniquely recognized and you will get access to your own PC profile.

Have a great week!

The post Windows 10 Tip: How to set up multiple profiles with Windows Hello appeared first on Windows Experience Blog.

Hello Windows Insiders!

Today we are excited to be releasing Windows 10 Insider Preview Build 15002 for PC to Windows Insiders in the Fast ring. This is a BIG update so please take time to look through all of the new changes we detail below.

What’s new in Build 15002

Microsoft Edge Updates

The Microsoft Edge Team has lots of new features to share, focused on making it easier than ever to keep track of your tabs and pick up where you left off, as well as a few other surprises!

Tab preview bar: It’s easy to lose track of what’s in your tabs, especially when you have many tabs from the same site, with similar titles and icons. Tab preview bar allows you to easily glance at a visual preview of every tab you have open without leaving your page. You can scroll through the list with touch, mouse wheel, or a touchpad. Just click the chevron icon next to your tabs to get started. Give it a try and let us know what you think!

Set these tabs aside: We often hear that it’s a headache to keep all your tabs organized, and to pick up where you left off. Sometimes you just need to set everything aside and start from a clean slate. We’ve added two new buttons next to your tabs in Microsoft Edge to help you quickly manage all your tabs without losing your flow.

Jump List for Microsoft Edge: You can now launch a new window or new InPrivate window for Microsoft Edge straight from its Taskbar icon. Simply right-click or swipe up on the Microsoft Edge icon in the Taskbar, and pick the task you want!

Component UI: This release introduces a new UWP architecture for Microsoft Edge’s multi-process model, including a new visual tree and new input model. These changes will help improve stability and input responsiveness and make the browser UI more resilient to slow or hung web page content. Be on the lookout for any issues with tab launches and activation or input (including keyboard, mouse, or touch) and share feedback in the Feedback Hub if you have problems!

Flash Click-to-Run: Microsoft Edge will now block untrusted Flash content is now blocked by default until the user explicitly chooses to play it. This means better security, stability, and performance for you, while preserving the option to run Flash when you choose. You can learn more about this change on the Microsoft Edge Dev Blog: Extending User Control of Adobe Flash with Click-to-Run. We will be evolving this experience in upcoming flights to make the option to run Flash content more contextually obvious.

Web Payments: Microsoft Edge now has preview support for the new Payment Request API, which allows sites to make checkout easier using the payment and shipping preferences stored in your Microsoft Wallet. This is currently in a preview state for developers and will not process payment information until a future flight. You can learn more about Payment Request on the Microsoft Edge Dev Blog.

For a complete list of all the changes in Microsoft Edge, visit the Microsoft Edge changelog.

Start and Shell Improvements

Tile Folders in Start: As part of our ongoing effort to converge experiences across devices, and to address your feedback, we’re excited to let you know that with today’s build you will now be able to group your Start tiles into folders. Tile folders are a way for you to organize and personal your tiles in Start, and we’re happy to now bring this to Windows 10 PCs. To get started, drag and drop a tile on top of another tile in Start to create a folder.

Updated Windows Share experience: We have redesigned the Windows sharing experience to be more app-focused and integrated with where you are sharing from. The new Windows Share experience will pop-up the new share flyout within the app you are sharing from and give you a list of applications you can share to. This list changes based on your usage.

The WIN + H hotkey, used in the old Windows share experience, has been removed.

Capture a region of your screen: OneNote 2016’s popular screenshot feature is now built into Windows 10! You can use Win + Shift + S to capture a region of your screen and copy it to the clipboard for pasting into OneNote for Windows 10 or any other app. Please note that this feature replaces the one in OneNote 2016.

Improved high-DPI support for desktop apps: Continuing from our work with Build 14986, Build 15002 brings more goodness in the way of high-DPI support. First, much like we did with Microsoft Management Console (MMC), we’ve updated Performance Monitor (Perfmon) to now be more crisp on high-DPI PCs. Second, while we’ve enabled these improvements by default for some Windows desktop apps, you can now enable them yourself for other GDI-based applications, too! To do this, you’ll need to find the application’s .exe file, right-click on it, and select Properties. Go to the Compatibility tab, and turn on System (Enhanced) DPI scaling, and click OK. This setting overrides the way that applications handle DPI scaling (which sometimes uses bitmap stretching and can result in applications rendering blurry) and forces them to be scaled by Windows. The setting that was previously labeled Disable display scaling on high DPI settings is now referred to as Application scaling. This works only for apps that use GDI.

Smooth Window Resize: One of the things we’ve heard from Windows Insiders is that the animation when resizing windows isn’t always smooth. We’ve taken that feedback, and Insiders should see improved performance and smoothness when resizing GDI-based Desktop applications (such as File Explorer, Task Manager, and Notepad) and UWP apps (such as Groove Music and Outlook Mail). In addition to this work, we’ve also updated our code so that when rapidly resizing UWP apps, the window frame background will be transparent as the app adjusts, rather than a flat base color.

Desktop Icon Placement and Scaling Improvements: We’ve heard from you that sometimes desktop icons aren’t scaled or arranged as expected, particularly after docking/undocking your device, working with monitors that have different DPI, or projecting your monitor. We want users to feel that desktop icons are stable, scaled properly, and move predictably when changing monitor configurations, so we’ve made changes to how this logic works in order to address your feedback. Now when you change your multi-monitor configuration, dock/undock your device, project your display, add or remove monitors, or otherwise make changes that affect the icon scaling, you should see an improvement in how the system adjusts the layout of your desktop icons. Try it out and let us know how it goes!

Simplified and faster VPN access: A much requested feature from our VPN users, we’ve updated the Network flyout so that after selecting a VPN, you can now click connect from within the flyout rather needing to open VPN Settings. We appreciate the feedback and look forward to what you have to share next! If you encounter any issues, you can still connect to VPN from the VPN Settings (and please log feedback letting us know about it!)

Improved sign-in dialog for apps: We have improved the app sign-in experience for users with multiple accounts. The new sign-in dialog shows your available Microsoft, Work, or School accounts and gives you the ability to add new accounts to Windows.

Lunar Calendar support for the Taskbar: Those of you who follow the Simplified or Traditional Chinese lunar calendar can now use the taskbar calendar to quickly check the lunar date alongside the current Gregorian date. Special holidays are called out in accent-colored text. Go to Settings>Time & Language>Date & Time to pick which additional calendar you’d like to see. Thanks to everyone who sent in feedback requesting this!

Improving our notification experience for app developers and everyone: App developers are increasingly facing scenarios within their applications where they require more flexibility to organize notifications to provide the desired user experience. That flexibility is changing with Build 14993! To provide a more relevant and crafted experience to Windows users, we will now provide app developers a way to create custom subgroups for their notifications in Action Center. Also, to address issues where notifications might have the wrong time stamp (for example, if your PC was asleep when you received a cross-device notification from your phone), we’re enabling app developers to override the notification timestamp. If you’re an app developer, please check out the Tiles and Toasts blog for coming posts about how you can leverage these new features.

Windows Ink Improvements

We have updated the Windows Ink pen, pencil and highlighter control to now visually indicate which color is selected. You can try this out now in the Windows Ink Workspace. Other apps can take advantage of this with future updates of the Windows 10 Creators Update SDK.

In addition, thanks to your feedback, we’ve added point erase to the Windows Ink Workspace’s Sketchpad and Screen Sketch. This means that now you have the option of deleting your whole ink stroke or erasing only pieces of it. You can select your desired option by tapping the eraser icon, where you’ll find new options to switch between eraser types.

We’ve also updated our taskbar logic, so that if you have the Windows Ink Workspace icon on your taskbar, it displays the taskbar of every monitor. Clicking it launches the Windows Ink Workspace on that monitor.

More Cortana improvements

Easier discovery of Cortana’s app-specific commands: Many of our awesome app developers have been adding commands for Cortana to help you get where you need to go even faster—for example directly launching radio stations, playing movies, or searching for recipes. For apps that support these commands, we will now bubble up suggested commands as you type the app name in Cortana. Clicking a particular suggestion launches the app with that command. Once you know the command, you can also trigger it by simply saying it to Cortana. Not sure which apps have added this feature? Check out this handy Store collection: Better with Cortana! Once you’ve downloaded an app, you’ll need to launch it once. Wait a few hours, and everything will be all good to go.

More recurrence options for Reminders: We’ve heard your feedback, and with this build of Windows we’ve added a new option to set recurring time-based Cortana Reminders for “Every Month” or “Every Year” —great for bill payment or anniversary reminders!

Keyboard shortcut change for invoking Cortana: The keyboard shortcut to invoke Cortana in listening mode is changing to WIN + C. This shortcut will be off by default. If you’d like to use it now, head to Cortana’s settings and you’ll find a new option to enable it. WIN + Shift + C will be used to open the App Charms menu, seen in the title bar of Windows 8 apps.

Accessibility Improvements

A more inclusive experience out of the box: The Windows Out-Of-Box-Experience (OOBE) Team has been working to reimagine how people set up their PCs for the first time. Our goal is to make this simpler and more accessible so every person powering on their new PC can independently set it up. While we have made numerous improvements in past releases to achieve this goal, we now want to take it to the next level where people can listen and respond to Cortana verbally (when asked questions*) to further simplify and make the setup process more accessible to even more people.

This new experience is still a work in progress, so there are some places that still include the older OOBE pages and Cortana is unable to help you get your PC fully set up. We plan to continue to do more work on this so stay tuned! While you can’t access the Feedback Hub during OOBE, please take a moment once you’ve reached the desktop to complete the Quest and log feedback in the Feedback Hub.

*Works for languages that support Cortana. For languages that don’t support Cortana, you will still get the new experience without the speech capabilities.  

Note: We are working on making Installation media (ISOs) available for Build 15002 in the next week for Windows Insiders to more easily try out this experience.

Narrator support for WinPE and WinRE: This build also now supports the use with Narrator from WinPE for installing Windows as well as troubleshooting options with WinRE. When we make the ISOs available for this build, you’ll be able to try this out by building a bootable USB drive or other bootable media and using the ISO files. After booting into WinPE, wait 15-20 seconds and then use the keyboard shortcut CTRL + WIN + Enter to launch Narrator. You will need to restart Narrator to use it after any reboot during the install process.

NOTE: Not all audio devices are supported. USB headsets are the recommended option for audio, since the full Windows audio drivers for the PC are not available in WinPE/WinRE. Built-in speakers may also work on some PC’s but if you do not hear Narrator announce that it is starting, try connecting a USB headset and restarting Narrator. Narrator Touch is not supported during OS install.

Braille support in Windows: Not too long ago, we mentioned Braille support was coming to Windows. That work is starting to appear in builds, and you will find a new button that offers the ability to download support for braille via Settings > Ease of Access > Narrator. While this button is present, the feature doesn’t work yet so hold off on giving it a try for now. We’ll let you know in a future post when braille can be used.

Narrator users please take note that the Narrator keyboard shortcut is changing: To help reduce accidental launch of Windows Narrator, we have updated the hotkeys to be more intentional from WIN + Enter to Ctrl + WIN + Enter.

Narrator Improvements: We’ve made several improvements to Narrator for navigation when using Scan mode. You can now navigate to headings of a specific level by typing the number of the heading level you want e.g. 1 for the next heading level 1. Add shift for the previous heading.  In addition, Narrator’s Scan Mode now allows you to press Home and End to move to the start and end of a line of text respectively when pressed. Finally, when in Scan Mode you can press Ctrl + Home and Ctrl + End to move to the start or end of the web page or other content you are reading.

Improved legibility for UWP apps in high contrast: As part of the Windows 10 Anniversary Update, we improved the legibility of many websites viewed in high contrast by showing an opaque layer behind the text. We recognize that similar to the state of websites on the Internet, many UWP apps have not been tailored to present an optimal experience for users who need increased contrast.  So, we’re taking a similar approach to improve how UWP apps look in high contrast. We’ve updated the XAML framework to now display an opaque layer behind the text and coerce semi-transparent UI to be fully opaque. This addresses the most common issues in apps like in the before/after screenshot below. These adjustments are applied by default in high contrast and apply to *all* XAML Store applications that run on Build 15002 and higher, whether they explicitly target this build (with the SDK) or not. However, applications that render their own text on something such as a SurfaceImageSource do not receive the automatic adjustment from the framework. If you find any issues with this work, please log them here, and as always, you can reach out to @MSFTEnable on Twitter at any time about accessibility problems and requests you have for accessibility in Windows.

In addition, we’ve updated Windows Ink to now support a rich color range experience when using your device in high contrast. Try it out in Sketchpad today and let us know what you think!

Windows Defender Improvements

We continue to make improvements to the new Windows Defender app in Windows 10. Improvements in this build include:

• New options to run quick, advanced, or full scans.
• Device performance and health scans give you a report on your PC’s health.
• Family options has visual improvements and links you to great content/applications on the web to set up a family or view device information.
• Settings pages to change configuration on the app or learn more about it
• General bug fixes and improvements.

Additionally, we are introducing Refresh Windows on-demand in Windows Defender. If your PC is running slow, crashes or is unable to update your Windows, this option may help you. This option starts fresh by reinstalling and updating Windows, which will remove most of your apps but keep your personal files and some Windows settings. For more details – see this forum post.

Settings Improvements

Helping you find the setting you need in Settings: One of our ongoing goals has been to make Settings easier and faster to navigate. Previous updates towards this have included improved Settings search, and adding icons uniquely associated with each Settings category. Based on feedback, we’ve made a few more design tweaks with this build:

• Settings pages now contain additional information on the right or bottom (depending on the window size) providing links to support, feedback, and any other related settings if available.
• Since our System Settings list was getting quite long, we’ve moved app related settings out of System into a new category called Apps.
• You will notice that the header on the landing page of each Settings category will now stay in place as you pan the page.

Updated device settings: The new device settings experience combines the Bluetooth and Connected devices pages to offer a single place to manage your devices/peripherals.  Bluetooth accessories, wireless docks, Xbox Wireless controllers, and media devices can all now be discovered and managed from the same place using the same familiar UI on both the desktop and mobile.  We’ve also listened to your feedback and added the ability to disconnect and reconnect your Bluetooth audio devices directly from this Settings page. Try out the new page and let us know what you think through the Feedback Hub!

New Display Settings options: Based on feedback of the most commonly used settings, we have updated the Display Settings. In the refreshed display page, numerous changes have been made to make the page clearer and easier to use, including now being able to change resolution straight from the main Display Settings page.

Lower Blue Light: Windows can now automatically lower the amount of blue light emitted from your PC at night. Settings to turn this functionality on or off and use a local sunset and sunrise or custom schedule are in Settings -> System -> Display. If you need to quickly override the schedule or always want manual control, you can enable this quick action in Settings->Notifications & actions. Use this capability for a couple nights and send us feedback through the Feedback Hub, we’d love to know what you think!

New per app Surface Dial settings: App developers have the option of providing custom tools for the Surface Dial when using it within their app. In addition to this, Windows Insiders with Surface Dials will now be able to customize the default tool set for individual apps starting with this build. Setup the keyboard shortcuts most meaningful for specific apps – like Ctrl + Delete in Word 2016, or CTRL + Tab in Sticky Notes. Head to Settings > Devices > Wheel today to try it out and share your thoughts! We’ve also updated the custom tool creator to now enable you to set keyboard shortcuts that include a number of common symbols.

Windows Personalization now supports recent colors: We understand how important colors are for personalizing your Windows experience, and that sometimes it takes a few tries to find the perfect one to match your background. Sometimes you pick a new color, close Settings, only to discover that the color you picked wasn’t quite what you were looking for. We have a solution! With Build 15002, we’ve added a new “recent colors” section to Settings > Personalization > Colors, so you can easily pick between the colors you’ve decided on in the past.

Windows Theme Management in Settings: As we’ve mentioned in the past, one of our ongoing efforts is to consolidate Settings and Control panel, and we use your feedback to prioritize the convergence into Settings. We’re happy to unveil the next piece of this project: Management of themes has now moved out of Control panel and in to the Settings app. It can be found, along with all your other familiar personalization options, under Settings > Personalization. Pick one of your recent themes, or create and save custom new ones. How would you like to see Settings evolve next? Let us know in the Feedback Hub!

Improved Cross-Device Experiences Settings: With the Anniversary Update, we added the ability for app developers to create cross device experiences. Users could enable or disable this feature for their account via Settings > Privacy > General “Let apps on my other devices open apps and continue experiences on this device”. With Build 15002, we’ve moved this setting to its own page – a new entry under Settings > System, called “Cross-device experiences”, and we’ve added a new dropdown to allow you to switch between My Devices or Everyone. If you’re interested in learning more about experiences an example experience that app developers can create with this, check out this blog post.

Metered Ethernet Connection Support: Based on your feedback, we’ve added the “Set as metered connection” option to the Ethernet (LAN) connections in Settings > Network & Internet > Ethernet. Just like mobile broadband and Wi-Fi connections, this option helps you to restrict background data usage from some applications and gives you more control over how data is used over the Ethernet connection.

Improving your precision touchpad experience:

Adjusting the volume control experience: When assigning three or four-finger swipes to control volume, the volume control UI will now appear as you’re changing the volume. We have also fine-tuned the gesture, so it now takes less swipes to adjust the volume by a significant amount

Polishing the Touchpad Settings page: Based on user feedback, we have made some UI improvements to the new touchpad settings page, including creating two new groups for three and four finger swipes, updating search terms to make them more discoverable, providing more flexibility to control how taps work, and fixing an issue where Touchpad Settings wasn’t showing an icon next to the name.

BSOD is now GSOD

In an effort to more easily distinguish Windows Insider reports vs the reports of those on production builds, we’ve updated the bugcheck page (blue screen) to be green. Released versions of Windows 10 will continue to have the classic blue color, including the final release of the Windows 10 Creators Update.

Quick Virtual Machine Creation in Hyper-V

Hyper-V Manager has a new page that makes it faster and easier to create virtual machines. Just open Hyper-V Manager and click ‘Quick Create’. The simple wizard will help you set up a VM in just a few clicks. After the virtual machine has been created, the confirmation page will allow you to connect to it or enter advanced settings.

This is still a work-in-progress and we would love to hear what you think. Next time you need a VM, please give it a try and send us your feedback!

Improving your update experience

We’ve already made a number of updates based on the feedback you’ve shared with us and today we’re happy to let you know there are some more headed your way:

• We’ve added an option that will enable you to pause updates on your computer for up to 35 days. To pause your machine, go to the Advanced options page of Windows Update Settings. This capability will be available on Professional, Education, and Enterprise editions of Windows.
• We’ve added an option that will now allow you to decide whether or not to include driver updates when you update Windows. This capability will be available on Professional, Education, and Enterprise editions of Windows.
• We’ve added a new icon to the Windows Update Settings page to make easier to see your update status at a glance. This update status and experience is consistent with the experience you’ll find in the new Windows Defender dashboard.

• We’ve made some improvements to our logic to better detect if the PC’s display is actively being used for something, such as projecting, and avoid attempting to restart.
• Windows Insiders with the Home edition of Windows will now also be able to leverage the increased 18 hour max window for Active Hours.

Windows Information Protection improvements for business customers

Placing Work Files on Removable Drives: Some enterprise customers have found that saving Work files to a removable drive would prevent them from accessing the files on a different device due to encryption. We’ve added a prompt to let you choose what you want to do in this case, which should make it easier to transfer work files to a removable drive:

• When copying Windows Information Protection (WIP) encrypted files to a removable drive, we now ask if you want to keep your files as Work, convert them to Personal, or cancel the copy operation.
• When saving Windows Information Protection (WIP) encrypted files to a removable drive, we now ask if you want to keep your files as Work, convert them as Personal, or save to a different location.

Open Dialog for Work Files in Personal Apps: We protect companies using Windows Information Protection (WIP) by displaying a warning message when opening work files in un-allowed applications (in other words, applications that are not on the whitelist of approved apps that can be used in an enterprise setting). When opening WIP files in un-allowed applications, we now inform the customer that the file is a work file and cannot be converted to personal in un-allowed applications.

You can read more about Windows Information Protection in Windows 10 here.

Power usage experiments on select Windows 10 devices

We are running experiments on a small set of Insider devices to evaluate an upcoming Windows 10 Creators Update feature which helps improve Windows battery life. Depending on the experiment configuration, you may see one or more applications reported as “throttled” in the task manager (see insert). The experiment should have no noticeable impact on your user experience and we look forward to hearing your feedback. Please share your experience with us through the feedback hub (under “Power” category & subcategory “throttled Applications”). In support of this experiment, some of you will also see a new power slider in the battery flyout; we’re still experimenting with these power modes that this slider sets. Stay tuned for more updates mid- February 2017.

Input Method Editor (IME) Improvements

Improved access to Microsoft Pinyin IME settings when using the language bar: We’ve heard your feedback – with Build 14986 it was going to be easier to access the appropriate settings with the IME mode indicator. This week we’re happy to announce that the same will be true for those who prefer the language bar, as we’ve updated the settings icon to now directly open IME settings.

New settings page for Microsoft Pinyin IME: To go alongside with the new customization options we’re adding for the IME, we’ve revamped the Microsoft Pinyin settings page – now divided into 5 categories so you can more easily find what you’re looking for. Have a look through the new settings and setup your IME experience the way that feels best to you!

Hotkeys for the Microsoft Pinyin IME: We’ve added some new features to improve the keyboard experience when using the IME. Including candidate window switch keys configuration, Chinese/English punctuation switch, default punctuation mode, Full/half width switch, default full/half width mode, Simplified/Traditional Chinese output switch and 2nd/3rd candidate submission. Learn about this new option in Microsoft Pinyin settings > Keys. We’ve also added a new hot key to open the emoji panel (Ctrl +  Shift + B), so you can open it directly without having to first have the candidate window visible.

Roaming self-learned phrases: In the last build flighted to Insiders we mentioned that the Microsoft Pinyin IME now supports imported and exporting self-learned phrases. This week, we’re happy to announce the natural extension of that work: If you have an MSA connected to your device, your self-learned phrases will now roam between all of your MSA connected PCs.

The Microsoft Pinyin IME emoji panel gets a redesign, new predictive emoji, and stickers: Since their conception, emoji have become an important tool for quickly convey thoughts. Along with our new keyboard shortcut (CTRL + Shift + B), we’ve updated the look of our emoji panel to make it easier to find the emoji, kaomoji and symbols you’re looking for. We’ve also added a totally new section: Stickers! The stickers tab will appear for apps that support sticker input. In addition, based on the words you type, we will now bubble up suggested emoji and stickers. Simply type something and then click on the face icon in the candidate pane (or use the new hotkey, tap the thought bubble, and the emoji predictions will be presented to you.

Making it easier to type complex input faster: Since there isn’t any pinyin starting with U or V, previously the Microsoft Pinyin IME would primarily just give English suggestions in that case, Knowing that about how pinyin is written, we’ve taken the opportunity to add two new modes: U-mode and V-mode. U-mode can now be used for advanced input features, like inputting complex characters, and V-mode can be used to input content which normally is not easy/quick to type (for example, 2016年6月6日”, “十三时三十分”, or “壹仟贰佰叁拾肆”). Try these new modes out today and let us know what you think! Once you start typing “u” or “v” with the IME on, a tip will appear displaying all the available options.

Name input mode: Since most names are not commonly used words, it can be difficult to type with the IME because the correct candidate will appear far down the list (or not at all). In order to solve this problem, we’re introducing a new name input mode for the Microsoft Pinyin IME. When you enter name input mode, instead of your normal candidate predictions, all candidates will be from a dictionary of names, thus making it more likely you’ll find the one you want. Press the “;” key (in double pinyin mode, press “Shift +;” key combination) and then press the “r” key to enter the name input mode. Name input mode can be disabled or enabled in the Microsoft Pinyin settings page.

Custom double pinyin schemes: Double pinyin is a method for creating shortcuts that speed up typing. With Build 14993, Microsoft Pinyin IME users can now add, edit, or delete custom double pinyin schemes, so you can create the one that feels best to you. To do this, go to the IME > General settings, and switch the pinyin style from Full to Double. You will then be presented with options for setting up the scheme of your choice.

Japanese Input Method Editor (IME) Improvements:

• When the IME is turned on or off (by you or an application), we will now display a large indication of the current mode in the center of the screen. This is to help be more aware of active mode and avoid unexpectedly typing in the wrong mode. This large indicator can be turned on or off in the IME Properties.

• We’ve changed the length of the composition string to now show 3 predictive candidates by default. This will not impact those who have previously adjusted the length. If you’d like to change the length, there is an option to do so on the IME’s Advanced Settings > Predictive Input page.
• We’ve changed the logic to show English words more frequently as predictive candidates so that IME users can input English words more easily if they choose to leave the IME on.

Windows Insider Program website updates

We are starting to update the Windows Insider Program website with new content, first starting with the landing page. We would love to hear your feedback on other changes that you would like up to plan for future updates at http://aka.ms/De57bq.

Other changes, improvements, and fixes for PC

• The 3D Builder app has been moved to the “Windows Accessories” folder on Start.
• We fixed an issue where the display brightness keys on some devices weren’t working as expected.
• We fixed an issue where the display may stay black after resuming from sleep if a USB display is connected.
• We fixed an issue where opening an app that uses the camera, such as the Camera app, would sometimes result in a bugcheck.
• We fixed a crash in the RPCSS service which in turn was resulting in some Insiders experiencing CRITICAL_PROCESS_DIED bugchecks on recent builds.
• We fixed an issue for touch keyboards sometimes requiring multiple clicks to invoke on non-touch PCs.
• We fixed an issue where Disk Cleanup would sometimes unexpectedly show 3.99TB worth of Windows Update Cleanup files.
• We’ve updated our logic so if the Microsoft Edge window is narrow and Cortana has a tip, Cortana will only appear as an icon in the address bar. If you expand the window, you’ll see the full suggestion as before.
• We’ve updated tooltips for the Microsoft Edge favorites bar to wrap around for longer website names rather than truncate.
• We fixed an issue where Touchpad settings page via Settings > Devices > Touchpad wasn’t displaying an icon next to its name in the navigation pane.
• We fixed an issue that may have resulted in a recent drop in Action Center reliability for Insiders.
• We’ve updated the Speaker Properties dialog to now allow you to configure Spatial Audio for different endpoints. If the current playback device has Spatial Audio enabled, the volume icon in the notification area will now indicate this.
• We’ve made some tweaks to the backend for how users connect to devices, such as Miracast displays and other PCs. Use the Connect UI (WIN+K) as you normally would, and file feedback if you encounter any issues.
• We’ve removed the rerouting of mspaint.exe to Paint 3D – appreciate everyone who’s shared feedback on the Paint 3D experience, please keep it coming.
• We fixed an issue Insiders may have experienced on recent builds where navigating to OneDrive folders could unexpectedly result in popup saying there had been a “Catastrophic Error”.
• We fixed an issue that could result in a Visual Studio crash when trying to open, add, or save a file.
• We fixed an issue resulting in some Insiders using PCs with certain older chipsets from seeing colored boxes in the place of text and various other UI in UWPs apps.
• When you use Miracast to a device that supports input (for example, an Actiontec Screenbeam or Miracast-enabled Windows 10 PC), you will now see a toast notification to help you enable input (touch, keyboard, etc) on that device.
• We fixed an issue where the Home and End keys were unexpectedly not working in certain Settings pages, for example “Apps & features”.
• Fixed an issue that could cause some progress indicators in UWP apps to appear to wobble or glitch.

Known issues for PC

• Opening Battery settings page via Settings > System > Battery will crash the Settings app.
• The option to enable the Virtual Touchpad is missing from the taskbar context menu.
• Cortana’s cross-device scenarios won’t work on this build (including notification mirroring, missed call, share photos, share directions, low battery, and find my phone).
• Some websites in Microsoft Edge may unexpectedly show “We can’t reach this page”. If you encounter this, please try accessing the site from an InPrivate tab.
• Dragging apps from the all apps list to pin on Start’s tile grid won’t work. For now, please right-click on the desired app in order to pin it.
• Using CTRL + C to copy in Command Prompt won’t work.
• When projecting to a secondary monitor, if you set the connection to “Extended”, Explorer.exe may start crashing in a loop. If this happens, turn off your PC, disconnect the secondary monitor, then restart your PC.
• The touch keyboard button may be unexpectedly missing from the taskbar. If this happens, open the taskbar context menu, and select “Show touch keyboard button”.
• You may see an error from Windows Hello saying “Couldn’t turn on the camera” on the lock screen.
• Brightness changes made via Settings > System > Display will unexpectedly revert after closing the Settings app. For now, please use either Action Center, power flyout or brightness keys to change the brightness
• The list of apps in the Surface Dial “Add an app” page via Settings > Devices > Wheel may unexpectedly be empty. If that happens, tap the “Browse for an app” button at the bottom of the screen to pick the desired app instead.
• Miracast sessions will fail to connect.
• The Netflix app may display a black screen rather than the expected video content. As a workaround, you can use Microsoft Edge to watch video content from Netflix.
• On certain hardware types (e.g.: Acer Aspire), the Netflix app crashes when starting a movie.
• 3rd party UWP apps would crash on devices if the DPI settings on the machine are >=150% (Generally people do this on high resolution devices – Surface book etc.)
• If you upgrade from Windows 8.1 directly to Build 15002, all your store apps are lost during upgrade process but you can go and re-download all the lost apps from the Store.
• When using Microsoft Edge with Narrator, you may hear “no item in view” or silence while tabbing or using other navigation commands. You can use Alt + Tab when this happens to move focus away from and back to the Edge browser. Narrator will then read as expected.
• Saying “Hey Cortana, play on ” doesn’t work immediately after installing the app. Wait 5 minutes for indexing to begin and try again.

Whew! Please enjoy this build—we certainly have been and we VERY MUCH look forward to hearing your feedback. We have lined up the team and the Customer Champs to be on high alert in Feedback Hub.

Thank you everyone and keep hustling,
Dona <3

The post Announcing Windows 10 Insider Preview Build 15002 for PC appeared first on Windows Experience Blog.

Ever since Microsoft and Citrix announced a significant reinvigoration to our long-standing partnership at Citrix Synergy in May, things have been very busy. At todays Citrix Summit event, Scott Guthrie (the EVP of Microsofts Cloud + Enterprise organization and my boss) and Kirill Tatarinov (Citrix CEO and President) shared an update on the status of this partnership and the integrated scenarios we are building together.

In this post Im going to provide some additional details on the work Microsoft is doing, as well as share some insight into the feedback I have personally heard from customers.

Customer Reaction

Active Directory, System Center Configuration Manager (ConfigMgr), Windows, and Citrix XenApp/Desktop are staples in many enterprise organizations. As more and more work is done on mobile devices, enterprises have sought out the best solutions for empowering this mobile productivity. What I have seen change dramatically over the last year is the high priority organizations place on finding comprehensive and integrated solutions which empower users across mobile devices in a way that is integrated with what theyve been doing on PCs for years. This is obviously no small task.

Since the announcements in May, and the increased collaboration between Microsoft and Citrix, I have met with hundreds of customers who want to know more about whats coming next in this partnership. Enterprises from all over the world have repeatedly emphasized that interoperable Microsoft and Citrix solutions will deliver the comprehensive and integrated capabilities they need. The interoperation between Citrix solutions like NetScaler and Intune & Azure AD, as well as Citrixs core offerings in XenApp and XenDesktop running on Azure, deliver incredible customer benefits.

Here is a list of benefits that customers regularly tell me they expect to see:

• Your users will be more productive

While some organizations may have already deployed an EMM solution, that solution has often acted as an island that does not integrate with the tools already in use. The integrated capabilities coming from Microsoft and Citrix will deliver consistent experience for users no matter what kind of device is being used (PC, tablet, phone, etc.) and independent of how the apps are being delivered (native or remote). Users simply authenticate and are then presented with everything they need to be productive. I have seen this Ah-ha moment occur in countless conversations.

• Corporate data will be more secure

Securing company data is one of the primary reasons why customers deploy Microsoft and Citrix solutions today. Whether it is verifying the user identity, setting security policies on PCs/mobile devices, hosting apps and desktops in the datacenter, or separating corporate things from personal things on all devices securing corporate data is one of the primary objectives for every enterprise. The integrated scenarios from Microsoft and Citrix will deliver a consistent set of management and security settings (that IT loves) that have been engineered into the solutions to help guide the user in very natural and unobtrusive ways (which end users love).

• IT will be more efficient

This depth of scenario-integration simplifies what IT must do to deliver a secure and user-friendly working experience. We have engineered these solutions to be used together this means IT does not have to cobble together disconnected solutions on their own or juggle multiple vendors (which adds time and reduces the number of things to purchase, deploy and maintain).

Update on Integration

In May, we shared details around four key areas where we are focusing our efforts. Below is a status update for each focus area with links to announcements made today by Citrix.

1) Accelerating the Move to the Cloud

In most customer conversations I have, I am told that deploying new solutions on-premises (rather than in the cloud) is becoming very rare. Organizations clearly see the value and agility that comes from moving to the public cloud and that move is accelerating. Kirill has also told me that in his customer conversations one of the top requests he gets is for Citrix to deliver hosted cloud services. Organizations want to move to a model where they do not have to deploy, manage, secure, and upgrade Citrix farms any longer instead, they want Citrix to do that for them. These customers want Citrix-as-a-Service. Today, Citrix provided further updates on their, Azure-hosted, XenApp Essentials and Xen Desktop Essentials offerings. I love this news! Citrix is delivering a solution that provides a common control plane (also hosted on Azure) that enables management of the Citrix solutions on-premises and in the cloud. You can move your hosted desktops/apps to Azure at your own pace with a single place and method to manage them.

2) Accelerating the Move to Office 365

Office 365 is one of the most-used Enterprise Cloud services in the world with more than 85M monthly active commercial users of Office 365. Organizations are moving their e-mail and collaboration to the cloud, and, increasingly, theyre also moving their voice and video conferencing with Skype for Business. Skype for Business has been optimized to be used in a Citrix XenApp/Desktop environment both on-premises and with the new Azure hosted Citrix services. This is available today and Citrix is the only desktop/app remoting solution for which Skype for Business optimization is available.

3) Accelerating the Move to Windows 10

Windows 10 is the most secure version of Windows we have ever released, and it is the most secure platform for business. Users and organizations are moving rapidly to Windows 10; there are more than 450M Windows 10 devices in use today. This movement to Windows 10 represents the fastest upgrade to a new version of Windows ever! AppDNA from Citrix is available today and provides a way to quickly and easily identify any applications that would have compatibility issues with Windows 10. This enables organizations to decrease their internal validation efforts and planning and start the upgrade process much sooner. A key part of that upgrade is Configuration Manager which is, by far, the preferred tool for managing Windows 10 it currently manages more than 99% of the Windows 10 devices in production in the Enterprise.

4) Further Empowering Users on Mobile Devices

Microsoft Enterprise Mobility + Security (EMS) has become the largest EMM offering in the market with more than 37,000 enterprise customers. As we expand capabilities for our joint customers, Citrix announced today that the work to have Citrix NetScaler seamlessly interoperate with Microsoft Intune is complete and generally available. NetScaler now validates that any device attempting to access on-premises resources is known and meets the enrollment/compliance requirements provided by Intune before allowing a VPN session to be established. You can learn more about this here.

In addition to all this: Today Citrix announced the availability of a tech preview for XenMobile Essentials, which was engineered to interoperate with and bring additional value to Microsoft EMS customers. To get all the benefits of XenApp and XenDesktop with XenMobile Essentials together in one package, Citrix also announced that the upcoming Workspace Essentials includes all of this.

Summary

We have been very, very busy J. Our customers have been clear with both Microsoft and Citrix: You need us to help accelerate your move to the mobile-first, cloud-first world. You also want to consume Cloud services that we keep secure and up-to-date so that you can focus on your business. You want these solutions to be engineered to be used together.

We hear you loud and clear. I think youll be thrilled with what weve built, and really excited about whats on the way.

Hey everyone! PFE Tim Beasley here coming to you live from the warm, cozy sands of Bora Bora…Pfft yeah. I wish! … No I’m in Missouri…where it’s miserably winter outside. But I digress, I am writing this post to hopefully shed some light on a bizarre issue I recently faced at one of my dedicated (DSE) customer sites. I’d like to consider myself one that’s experienced as I’ve been working with Microsoft technologies for over 25 years now. Yet, I for one have never encountered this particular situation, so sit back, grab some popcorn, and hold on…because this is about to get real people.

During one of my regular DSE visits to my client, I was following up with what occurred that caused a Severity A support case to be opened. While gathering information and details, I was told “We had static reverse DNS records vanish.” I was like…Say what? Huh?! How in the world do STATIC records just vanish without someone deleting them?! Needless to say, I had them walk me through every step they took from beginning to end…and not one mention of someone deleting static records. Yet they swore up and down (literally) that they bloody well vanished, which is why they had to restore the original reverse zone from backup.

Okay, I’ll be your huckleberry…

Scenario:

Imagine finding yourself as an IT administrator faced with over 50,000 reverse DNS records that are placed comfortably in one single, large, super zone. For example’s sake, let’s say it’s 10.in-addr.arpa which happens to be an AD-integrated zone. Normally this is totally fine and actually recommended to do from our standpoint as it’s easier to manage. (Here’s a blog post on how to consolidate multiple reverse DNS zones by “GOATEEPFE” Ashley McGlone, in case you’re interested.) However, a decision is made to break up that super zone into smaller reverse zones for reasons that are, well, whatever that reason may be.

There’s a maintenance window coming up, and you’re probably thinking…”Okay, let’s create some smaller AD-integrated zones of the larger one.” But being a safe IT admin, you want to make sure you have a rollback plan in the event something unexpected happens, as there’s a lot of applications/devices out there that rely on reverse DNS. What do you do? You want to take a backup of the existing super zone before you start? Good idea to be safe. Also, you think to yourself…”I’ll just create the smaller zones, and leave the big one too…that way I can simply delete the zones I create if something goes wrong in the event I need to revert my changes.” -The plot thickens…

Now it comes time for the actual work to be performed. New zones are created to match existing network blocks (let’s say 50 of them or so), and the original 10.in-addr.arpa super zone is left intact. You now watch some of the new zones start to get populated with reverse DNS records (PTRs) as registrations are renewed. You think this is a “mic drop moment”…and walk away exclaiming “SUCCESS! We did it! Pats on the back all around!” –What really happened in this particular case, is a little bomb just got triggered for devices and applications that rely on reverse DNS records, that just so happen to be statically configured…*gasp*

Shortly after you head home for the night, reports start coming in of some devices and applications aren’t working. (Imagine that.) Some initial investigation reveals that the devices/applications that are failing rely on reverse DNS records. Now what? Rollback plan! “Well, let’s undo what we did and go back to the original 10.in-addr.arpa zone that’s still there!” “Sounds good!” “Okay go!” You then begin to remove all the reverse DNS zones that were created, and a sigh of relief is had by all.

But wait, problems still exist! The same devices and apps still aren’t working? Say it isn’t so! The reverse zones were deleted from the environment, looking at the DNS management console you can see they are gone, AND you can see that the original zone is there. You undid what you originally did! You even have other machines working fine and able to do reverse lookups without a problem. What is going on here?! So why are those certain devices and apps not working as expected? You go look in the original reverse DNS zone of 10.in-addr.arpa…and the STATIC reverse DNS entries that correspond to the same devices/apps…are…gone. *gasp again*

Baffled beyond belief, you question why? “How is this happening? What do we do now?!” Okay calm down…you remember the backup of the original reverse zone you took initially? Lightbulb!“Let’s just restore the original zone file, cycle services, and the records will come back.” Believing you know the correct method of restoring an AD-integrated zone, you then stop the DNS server service on one of the DCs, copy the backup file to C:\Windows\System32\DNS of a DC, rename it accordingly to 10.in-addr.arpa.DNS and then start up the DNS server service again. You go look at the zone in the DNS management console and the records aren’t there. You hit refresh. Again…and again…still not there. ACK! Panic temporarily ensues, judgement is clouded and you cycle DNS services again a few more times. Records are still not there! However, event logs show 4004, 4013, and 4015. But quick research shows those can be safely ignored from some online posts. (hint: that’s not the correct method for restoring an AD-integrated zone…the correct method is near the bottom of this blog.)

Ready to call for help? Or do you savvy IT/DNS admins out there think you know the answer and what to do at this point? *grin* My customer ended up calling into support at this point and opening up a SEV A case as multiple services were impacted. After many hours on the phone, CSS was able to finally get the records that were stored in AD, along with the backup file, to repopulate the original zone file across the DNS servers. However, the damage was done. From what I gathered, some static entries were also tombstoned at some point in time as well. By the time everything was restored, my customer experienced over 42 hours of downtime for those reverse records, which meant some services were hindered. My customer was lucky it only impacted a certain number of applications, but it could have been much, much worse had they experienced an enterprise-wide DNS failure.

If you’ve read this much you’ve noticed I still haven’t revealed any answers yet. Hopefully you haven’t ever experienced anything like this…but if you do, keep reading to figure out how to avoid some panic. Or, if you’re just wanting the nitty gritty, skip to the bottom. Let’s get to it!

The initial mistake here is believing that the original zone file had to be broken up into smaller ones. Had they followed recommended practices, this entire debacle could have been avoided. Point is, if you have a large super zone for reverse DNS records…leave it alone! And if you have tons of reverse zones, look to consolidating them following this. But if you insist on breaking things up into smaller reverse zones, you should watch the way you do it, especially if static records are involved. Okay, off my soapbox now.

I took the liberty of picking my jaw up off the floor when the customer told me what happened and everything that they went through. I had them send me the original zone backup file they used as well thinking there might be something strange in it. So, I had the zone backup file, along with my trusty lab machine, and got to work. Here come the screenshots!

Now let’s examine some of the details here. After all, the devil is in the details right? Make note the original 10.in-addr.arpa zone is an AD-integrated zone. No problem there, but as we know zone records for AD-integrated zones are stored in various AD partitions depending on how they are configured.

• Default Domain partition : “All domain controllers in the Active Directory domain”
• DomainDNSZones partition (Application partition) : “All DNS servers in the Active Directory domain”
• ForestDNSZones partition (Application partition): “All DNS servers in the Active Directory forest”

Additionally the new reverse zones created are also AD-integrated. Again, no issue. Or, is it? It is when it comes to the recovery method mentioned in the scenario above…I’ll get to that shortly. Remember the entries that disappeared were STATIC entries. Meaning someone manually created them in the original reverse DNS zone, and static entries are always well…static. That said, there are multiple ways various types of records can mysteriously “poof” away, such as duplicate zone creations, misconfigured scavenging settings, etc. (read more here) but this little particular nugget appears to encompass something entirely different. And so, I followed their described steps my customer took during this unfortunate event in my lab:

Please note my customer’s environment is WS2008 R2, but I used WS2012 R2 in these screenshots, however I also did these same steps in my lab using WS2008 R2 and the results were exactly the same.

I began with creating a fresh 10.in-addr.arpa reverse zone that is AD-Integrated, set to replicate between all DCs in the DOMAIN (DomainDNSZones partition in AD), along with a few static entries:

Figure 1

And for good measure, here they are reflected in ADSIEdit:

Figure 2

Okay good. That’s done, no problem there. I can do reverse lookups and records resolve no problem. Next, I’ll simply do what my customer did, and create 3 reverse zones that correspond to the subnets of the static entries I created.

Figure 3

This is the point in the scenario where it became a “mic drop moment” and the IT crew left the building. All looks good right? At initial glance, you might think so. But let’s take a closer look…

In each of the “new” reverse zones I created, you will see empty zones illustrated in the below screenshot. Each one only contains an SOA and NS record…and that’s it. Oh, they will get populated with PTRs when clients start to re-register up, but until that happens, they’ll remain empty.

Figure 4

Now here comes the pain!

Check out what the original 10.in-addr.arpa zone file looks like in DNS manager after a refresh…

Figure 5

Where in the world did the static entries go?! Hmmm, what are those folders? Are they in those little subfolders that got created?? Let’s look…

Figure 6

Ahhh…what about in AD? Surely they are in there! Take a gander…

Figure 7

Hurray! There they are along with the new zones…but…how come the static entries aren’t in DNS Manager? Also, when testing reverse lookups now, things are failing! The static entries that were resolvable before, are now no longer able to be found by the system even though they are in the AD partition. Chaos ensues….

Figure 8

ROLLBACK TIME:

Okay, let’s undo what I did initially and simply delete the reverse zones, and try reverse lookups using nslookup again:

Figure 9

Figure 10

Still no dice. But the reverse zones I created earlier are gone, effectively undoing what I did before right? Or…is it?

Diving a little deeper into the situation here, let’s cycle the DNS server service just to kick it and see if that helps. Hmmm….nope. Same result, no reverse lookup resolution. Let’s check event logs…DING! A CLUE!

Figure 11

Thankfully we have our first insight as to what’s going on. Event 4010…The system can’t create a resource record for the missing static entries. Wicked. You might be wondering why? The new reverse zones are there that correspond to the static entries that were created. And, the static entries still exist in AD. However, this particular event error indicates that ADDS isn’t responding to requests from the DNS Server service. Some of you might have come across this little nugget when migrating the _msdcs zone during a domain upgrade…(sound familiar?).

However, in the situation above they witnessed events 4004, 4013, and 4015. More often than not, this indicates that the “preferred” or primary DNS server in TCP/IP properties of the NIC on the DNS server (or DC) is pointing to itself. Ultimately when services start, AD can’t start because it’s hung up waiting on DNS to start, and because AD isn’t running, DNS can’t load the zones from AD. Ugly cycle really and causes unnecessary delays… It’s a good practice to configure all DCs to use the PDC emulator as primary DNS server (at the very least another DC other than itself), and then itself as secondary to avoid that. This is why in my lab environments I never saw the same events my customer did, as I followed this old practice, which happens to streamline the DNS infrastructure and allows for easier troubleshooting (not to mention decommissions and additions to the infrastructure).  You will hear various ways that you should configure your DNS infrastructure, but I try to look at DNS with the KISS philosophy, because overly complicating things unnecessarily can turn into a quick mess.

Now, each of those subfolders in the original 10.in-addr.arpa zone are sometimes referred to as “delegated subfolders.” Take notice they got created the instant I configured the new reverse zones. They represent what servers have the authority or permission to create records. If you scroll back up and look at the figure that shows the contents of the subfolder, you’ll see a single NS record of the DNS server I used in the lab. Great! Now what? Well, what happens when we delete those delegated subfolders and cycle the DNS Server service? Hold on to your seats!

Figure 12

Look! The 4010 errors are clear…and…dun dun dunnnnnnnnnnnn!

Figure 13

The static entries are back (pulled from AD no less), reverse resolution is working again, and everything is hunky dory once more!

BUT WAIT! Hold the phone…this is not how the scenario above was described!!!

Exactly! This is how I came to resolving the problem in my lab environment, and frankly what my customer should have done to correctly rollback their environment too. What my customer ended up doing compounded the problem significantly. I’ll explain. When they deleted the 50 or so reverse zones from DNS, that’s all they did before trying to restore their original zone from a backup. No one bothered to look at the subfolders that got created when they built out the additional reverse DNS zones! Additionally, they could have also avoided this “big nasty” had they manually recreated the static entries in the new zones without deleting anything. But that would have required some due diligence and a thorough discovery first before making drastic changes. Hint Hint! Don’t let someone outside your org that doesn’t know the environment implement major config changes without knowing exactly what they are getting themselves into…Yes, I’m one who tells it like it is. J

When you have reverse DNS zones that are smaller, aka more specific to a smaller subnet, like a /24 vs. a /8 subnet…then the DNS server will process name resolution requests to those more granular zones vs. the larger one. Plus, the delegated subfolders that get created refer clients back to the specific nameserver(s) that manage those subzones. Notice that there was only one NS record in the subfolder above in Figure 6? This means that when those new reverse zones were created to break up the larger one, the DNS server would process lookup requests by the referrals from the delegated subzone record to the NS server listed there, then on to those newer, more specific zones. Once it got to the newer zones, as the static records weren’t there…then reverse lookup fails. Hopefully that makes sense to you all.

Feel free to lab it up on your own and test various scenarios. Watch how the simplest action can either save or wreck an environment. For example test this in your own labs…Create a static entry that is in the original 10.in-addr.arpa. Then manually create a newer reverse zone…and then go delete the delegated subfolder that was created in the 10.in-addr-arpa zone. Does name resolution for that entry still work? Yep, as it should…but what if you delete the newer reverse zone again? Reverse resolution now fails for that entry, AND…the static entry won’t show back up in the 10.in-addr-arpa zone within the DNS MMC! But it’s still there in the AD partition if it’s an AD-integrated zone! At this point however, the original static entry is now appears to be TOMBSTONED in AD…see?

Figure 14

Don’t let this fool you however, as it’s not actually AD tombstoned. The dNSTombstoned attribute means that the record was deleted from the DNS Management console MMC or simply scavenged, yet the object still exists in AD. However, DNS.EXE will no longer load the record. It’s basically giving the appearance the object was deleted from the MMC, but the reality is it was only hidden from DNS.EXE. If you see the “isDeleted” attribute containing information, then that means it’s actually tombstoned in AD.

You can also refer to this TechNet article which shows you how to track for deletion of DNS records for a more proactive approach to your environment and also quotes the following:

“When Active Directory deletes an object from the directory, it does not immediately remove the object from the database. Instead, Active Directory marks the object as deleted by setting the object’s isDeleted attribute to TRUE, stripping most of the attributes from the object, renaming the object, and then moving the object to a special container in the object’s naming context (NC) named CN=Deleted Objects. This object is called a tombstone and is used to replicate the object’s deletion throughout the Active Directory environment. Over time (default 60 days), the tombstone is removed and the object is truly gone from AD. DNS objects, however, have their own process of deletion – once the DNS zone is integrated in the Active Directory, all the DNS records become Active Directory objects but they get an attribute called “dNSTombstoned” attached to them.

A DNS record gets removed by either of the following methods:

• Scavenging
  
• Manual deletion
  
• When it gets a valid TTL update with TTL=0
  
• An LDAP delete command using interfaces such as ADSIEDIT or LDP
  

If the DNS record is getting deleted by any of the first 3 ways then the value of the dNSTombstoned attribute attached to it will become “TRUE”. In this scenario the records will still exist in Active Directory but DNS.exe will not load them in the MMC. This is because for DNS they are deleted, but for Active Directory they still exist as a valid AD object. We can still see them using ADSIEDIT. When the record is in this state in the Active Directory the value of dNSTombstoned can change to “FALSE” either when the host machine/DHCP sends an update for the record or by creating another record with the same name manually. When this happens, DNS.exe will start loading the record again in the MMC. If the DNS record is being deleted by the 4th method or if the record stays in the state of dNSTombstoned=TRUE for more than 7 days then it will be tombstoned (AD tombstoned) like any other AD object.”

I know what you’re probably thinking, I thought the same thing…”Can’t we just manually change the dNSTombstoned attribute back to ‘FALSE’ and it’ll reappear in the MMC?” Well for grins I tried it myself, and the answer is NO. To get it working again, the record must be either restored from backup, the machine/DHCP sends an update for the record, or the record must simply be manually recreated. Manually recreating the record triggers DNS to update the record attributes in AD. Only then will the value return as FALSE and show back up in the MMC of DNS Manager.

PRO TIP: If the DNS record is either “dNSTombstoned” or AD tombstoned (aka “isDeleted”), then you can use “repadmin /showobjmeta,”
which will show you the time/date that each attribute for the object was created, edited, or marked for deletion. This also shows the originating source DC of this change. Handy little command when troubleshooting.

This is starting to now look like what happened at my customer’s environment based on what information I could gather, as unfortunately I wasn’t directly involved.

Now let us skip to the “recover from the backup” part that was mentioned in the scenario. The method they chose for recovery was another mistake to try for an AD-integrated DNS zone. AD-integrated zones don’t pull the records from a file, they pull them from AD. Simply stopping the DNS Server service, placing a .DNS file inside the C:\Windows\System32\DNS directory and restarting the service will NOT work when you’re talking about AD-Integrated zones. Even running DNSCMD commands to add a zone with the /dsprimary flag ignores the files as well. What WILL work with an exported DNS file is creating a new zone using the DNS file as a standard primary zone…THEN converting it to an AD-Integrated zone afterwards.

Related to the scenario above, there were several recovery options that include but are not limited to:

• Delete the existing reverse zones from DNS and AD…all of them…restore the original backup file to a new standard primary zone, validate the records were all there, convert it to an AD-Integrated zone…and then wait for replication to complete. (In my lab with their backup file of the zone using WS2008 R2 it took roughly 37 seconds to replicate all 50k+ records with 2 DCs/DNS servers configured with minimal resources.) This depends on convergence time in your environment, server hardware, etc.
• Restore from a system-state backup using Directory Services Restore Mode if DNS is running on a domain controller. Unless of course there is no valid backup…hopefully that’s not reality for you.
• Manually recreate the missing static records in each of the new zones…this of course assumes you have the details of each missing record from the due diligence I hinted at earlier…which wasn’t the case…and it’s also time consuming.

CONCLUSION:

To sum things up, this unfortunate scenario that plagued my customer for well over 40 hours could have been avoided from the get-go. Again, if there’s a large super-zone there’s no need to break it up. However, if you’re facing a potential resume generating event, know this: at the heart of the issue lies delegated folders that get created automatically when you try and split up a larger zone into smaller ones. The creation of this delegation record and its affect is not at all obvious.  Most DNS admins are used to creating delegation so it’s odd that it shows up all its own.  Then quick course to resolution is to delete the subdomain, delete the delegation and reload the zone.

So, if you have decided to try and break up a super-zone and have issues…first verify that the delegated subfolders got created in the main AD-integrated zone after you added smaller AD-integrated zones. Delete the subdomains you created, delete all the delegated folders that got created, and reload the original zone. If some records are missing from DNS management console, then verify they exist in AD. If they do exist in AD, you might have to wait a bit for them to show back up in the DNS console. If they are missing entirely, then I would go down the road of using the backup file of the original zone. If you don’t have a backup file, you’re then limited to a Directory Services restore, or manually creating static records.

I hope that this blog post helps you all out there don’t fall into this trap…but if you do find yourself amongst your peers freaking out about vanishing static reverse DNS records, now you can calmly reply “I got this” and be the hero. Thanks for reading and have a blessed day!

Insider build 15002 is now available for Fast Ring windows insiders. In it, you’ll find a few improvements in Hyper-V for Windows 10 users:

• A new virtual machine Quick Create experience (work in progress).
• More aggressive memory allocation for starting virtual machines.  This is especially useful for anyone using emulators in Visual Studio or static memory virtual machines.

Check it out and send feedback!

Virtual machine Quick Create

Hyper-V Manager has a new single-page wizard that makes it faster and easier to create virtual machines.  You can access it through a new “Quick Create…” button (1).

Quick Create focuses on getting the guest operating system up and running.  It automatically creates virtual hardware necessary to run the guest operating system (2).  Including a virtual switch!  Since many desktop users see internet in the virtual machine as essential, we added the option to create an external switch (3) directly to the new virtual machine experience.

Quick Create is still under active development – try it out and please leave feedback!

Changes in memory allocation

Starting in build 15002, we changed how Hyper-V on Windows 10 allocates memory for starting virtual machines.

In the past, when you started a virtual machine, Hyper-V allocated memory very conservatively.  As an example, we maintained reserved memory for the Hyper-V host (root memory reserve) so even if task manager showed 2 GB free memory, Hyper-V wouldn’t use it for virtual machines.  Hyper-V also wouldn’t ask for applications to release unused memory (trim).  Conservative memory allocation makes sense in a hosting environment where not many applications run on the Hyper-V host and the ones that do are high priority – it doesn’t make much sense for Windows 10 and desktop virtualization.

Windows 10, you’re probably running several applications (web browsers, text editors, chat clients, etc) and most of them will reserve more memory than they’re actively using.  With these changes, Hyper-V starts allocating memory in small chunks (to give the operating system a chance to trim memory from other applications) and will use all available memory (no root reserve).  Which isn’t to say you’ll never run out of memory but now the amount of memory shown in task manager accurately reflects the amount available for starting virtual machines.

Note:  For people using Hyper-V with device emulators in Visual Studio – the emulator does have overhead so you will need at least 200MB more RAM available than the emulator you’re starting suggests (i.e. a 512MB emulator actually needs closer to 700MB available to start successfully).

I’ll post a follow up blog going into more nitty gritty details on this later.

Have fun making virtual machines!

Cheers,
Sarah

Want to see the latest feature updates,hear from other enterprise customers and get a peek into our roadmap? Then, the monthly OMS Log Analytics Customer Panel is a great meeting for you to join. This call is led by Satya Vel, one of our engineering leaders, and is an opportunity for you to hear directly from the product team and have your questions answered. If you are interested in participating, please browse to the survey link and provide your work email address. We will send you the meeting invitation. The email address that you provide will not be used for anything other than sending you the meeting invitation.

January is all about making resolutions and being an even better version of yourself in the new year. Since so many of us pledge to be more productive, we teamed up with Levo—the network for millennials in the workplace—to sponsor the “Mastering your productivity in 2017” survey. We polled 1,500 Levo community members and asked them about their productivity habits and challenges.*

Mastering your productivity in 2017—interactive survey results

What’s the #1 challenge to being productive? What’s most helpful when it comes to productivity? Are happiness and productivity related? We looked at all this and more. Explore the results from the survey in the interactive Power BI data visualizations to see what we discovered. Simply click the forward > or < back arrows at the bottom of the report to display results of a question and then click the different age filters to find out how attitudes about productivity change by age. (Since some respondents didn’t provide their age, we included a – filter to represent this group.) To clear the filters and see all responses, click the – button twice. Click the icons in the lower right-hand corner to share the report or view it in full screen. To see a larger version of this report, click here.

How can you achieve more this year?

Based on the survey results, here are five tech tips to help you work smarter in 2017:

#1—make your tech work for you (not against you)

Technology should help you be more productive instead of getting in the way. When information comes at you from every angle and every device, it’s distracting. It is not surprising that people under 30 found distractions—like social media—to be their #1 challenge to productivity.

Instead of letting distractions slow you down, let technology help keep you focused. Work can be overwhelming (especially with that overflowing post-holiday break inbox), but organizing and prioritizing go a long way. Don’t try to tackle everything at once—use the Focused Inbox in Outlook to separate your inbox into two tabs. Emails that matter most to you will be in your Focused tab, while the rest will be close by—but out of the way—in the Other tab. As you move email in or out of your Focused Inbox, Outlook becomes even better at knowing your priorities over time. This helps you manage the tasks that matter most and organize your time.

A clear inbox is great, but a clear mind is even better. Meditating daily can reduce stress and anxiety, and improve sleep and cognition—all of which can help you work smarter. With Meditation apps like Headspace, it’s easy to find time for a daily practice. Try making meditation a part of your day by blocking off time on your Outlook calendar.

#2—tally accomplishments, not just to-dos

Rethink how you use and incorporate to-do lists. To-do lists remain ubiquitous because they’re a simple and personal way to organize our thoughts. Ninety-two percent of survey respondents found that creating to-do lists is most helpful when it comes to being productive. But making a list for the sake of it won’t accomplish much. Prioritizing your to-dos can help you learn what you care about, what your purpose is and what you want to accomplish in your career or your life.

OneNote makes it easier than ever to keep track of your to-dos, projects and goals. By integrating your project list directly into your OneNote notebook using the “to-do” tag, Office makes it easy to keep your daily tasks, ongoing work and long-term goals all in one place.

#3—rise and grind

As saying goes, “The early bird gets the worm.” In fact, everyone claiming to be a “night owl” might just be fooling themselves. Believe it or not, 69 percent of respondents say their mornings are their most productive time of the day. We know it can be tough to get going in the morning, so try easing into the day by meeting over coffee. With the Starbucks for Outlook add-in, it’s easy to schedule meetings at your favorite Starbucks.

#4—lighten the lift

Having trouble getting started on the first drafts of your projects and presentations?

Conquer the blank canvas with QuickStarter—a new intelligent service that lets you go from the blank canvas to a great working outline in seconds. Just type your presentation topic into PowerPoint or Sway and watch the magic as QuickStarter brings your presentation to life by pulling in carefully curated outlines for any topic, including recommendations on information to include, categories to consider and associated images.**

Need help with your research paper?

Researcher in Word helps find reliable sources and incorporate content from the web right within your document. Plus, it properly formats citations, which means no more hours spent manually formatting the bibliography. Thanks to Editor, you now have your own digital writing assistant to help you with the finishing touches. Going beyond basic spelling and grammar checks, Editor uses machine learning and natural language processing to make suggestions to help you improve your writing—so you can spend less time reviewing and more time creating.

#5—perfect your productivity habits

Create better work habits with the help of Microsoft MyAnalytics for Office 365 Enterprise E5, which gives you the insights you need to focus on what matters most. Understand where you spend your time across people, meetings, email, focus time, after hours and adjust for higher impact. Gain insights into how you engage with your network to stay up to date on your most important relationships and priorities.

Why work on being more productive? Because becoming a more productive person can make you happier. Our research revealed that 93 percent of respondents feel that productivity is important to their happiness. A productive day is a happy day, which is why our goal is to give you the tools you need to make accomplishing your goals a little bit easier.

Notes:
*Survey of Levo community members conducted online, commissioned by Microsoft Office, 1,500 participants, October 2016, actual percent at +/- 2.3 percent at 99 percent confidence level.
**QuickStarter is available today in Sway on the web, in English within the U.S., U.K. and Canada. Education customers using Sway have a slightly modified version to meet the needs of educators. QuickStarter in PowerPoint on Windows desktop is coming to Insiders this winter and to Office 365 subscribers in 2017.

The post Survey—mastering your productivity in 2017 appeared first on Office Blogs.