Despite the disruption of Axpergle (Angler), which dominated the landscape in early 2016, exploit kits as a whole continued to be a threat to PCs running unpatched software. Some of the most prominent threats, from malvertising to ransomware, used exploit kits to infect millions of computers worldwide in 2016.

The prevalence of exploit kits as an infection vector can be attributed to these factors: 1) they continue to use old but effective exploits while efficiently integrating new ones, 2) they are easily obtained from underground cybercriminal markets; and 3) there remains a significant number of machines that are potentially vulnerable because they run unpatched software.

Using up-to-date browser and software remains to be the most effective mitigation against exploit kits. Upgrading to the latest versions and enabling automatic updates means patches are applied as soon as they are released.

(Note: This blog post is the first in the 2016 threat landscape review series. In this blog series, we look back at how major areas in the threat landscape, including ransomware, macro malware, support scam malware, and unwanted software, have transformed over the past year. We will discuss trends that have emerged, as well as security solutions that tackle threats as they evolve.)

Meadgive gained ground as Axpergle is disrupted

In the first five months of 2016, Axpergle (also known as Angler exploit kit) infected around 100,000 machines monthly. However, sometime in June, the exploit kit vanished. Reports associated this development with the arrest of 50 hackers in Russia.

Axpergle is primarily associated with the delivery of the 32- and 64-bit versions of Bedep, a backdoor that also downloads more complex and more dangerous malware, such as the information stealers Ursnif and Fareit.

Figure 1. Monthly encounters by exploit kit family

The disappearance of Axpergle made way for other exploit kits as cybercriminals presumably looked for alternatives. The Neutrino exploit kit started dominating for around three months, but scaled down in September. Reports say that Neutrino operators went into “private” mode, choosing to cater to select cybercriminal groups.

A look at the year-long trend shows that Meadgive (also known as RIG exploit kit) filled the hole left by Axpergle and Neutrino (and Nuclear before them). By the end of 2016, while overall volume has gone down, most exploit kit activity can be attributed to Meadgive.

Meadgive has been around since March 2014. Attackers who use Meadgive typically inject a malicious script island into compromised websites. When the compromised site is accessed, the malicious script, which is usually obfuscated, loads the exploit. Recently, Meadgive has primarily used an exploit for the Adobe Flash vulnerability CVE-2015-8651 that executes a JavaScript file, which then downloads an encrypted PE file.

Even with the decreased activity, exploit kits continue to be a global threat, having been observed in more than 200 countries in 2016. They affect the following countries the most:

1. United States
2. Canada
3. Japan
4. United Kingdom
5. France
6. Italy
7. Germany
8. Taiwan
9. Spain
10. Republic of Korea

Figure 2. Geographic distribution of exploit kit encounters

Exploit kits in the ransomware trail

As exploit kits have become reliable means to deliver malware, it is not surprising that ransomware, currently the most prevalent malware, continue to use them as launch pads for infection.

Meadgive, for instance, is known for delivering one of the most active ransomware in 2016. As late as December 2016, we documented new Cerber ransomware versions being delivered through a Meadgive exploit kit campaign, on top of a concurrent spam campaign.

Neutrino, which temporarily dominated in 2016, is associated with another prominent ransomware family. Like Cerber, Locky also uses both exploit kits and spam email as vectors. With the decreased activity from Neutrino, we’re seeing Locky being distributed more and more through spam campaigns.

Top malware families associated with exploit kits

Integrating exploits at a slower rate

While exploit kits rely on exploits for patched vulnerabilities, they also continually update their arsenal with newer exploits in the hope of casting bigger nets. This also allows them to take advantage of the window of opportunity between the release of a security fix and the time it is actually applied by users. Notably, the rate with which exploit kits integrate exploits for newly disclosed vulnerabilities is lower than in previous years.

Of the major exploits used by kits in 2016, one is relatively old—an exploit for a Microsoft Internet Explorer bug that was disclosed and patched back in 2014 (CVE-2014-6332). Four major kits use an exploit for the Adobe Flash vulnerability CVE-2015-8651, which was patched back in 2015.

Three exploits disclosed in 2016 were seen in exploit kits, showing that operators still attempt continually improve their tools. One of these is a zero-day exploit for Adobe Flash (CVE-2016-1019) used by Pangimop at least five days before it was patched. However, this particular zero-day is a “degraded” exploit, which means that it worked only on older versions of Adobe Flash. The exploit did not affect the latest version of the software at the time, because Adobe previously introduced stronger exploit mitigation, which Microsoft helped build.

Major exploits used by exploit kits

We did not see exploit kits targeting Microsoft’s newest and most secure browser, Microsoft Edge, in 2016. Only a few days into the new year, however, SundownEK was updated to include an exploit for an old vulnerability that was patched a couple of months prior. Microsoft Edge applies patches automatically by default, rendering the exploit ineffective.

It was also SundownEK that integrated steganography in late 2016. Steganography, a technique that is not new but getting more popular with cybercriminals, hides information like malicious code or encryption keys in images.

Instead of loading the exploit directly from a landing page, SundownEK downloads an image that contains the exploit code. This method is employed to avoid detection.

Stopping exploit kits with updates and a secure platform

While we see a willingness among cybercriminals to switch from exploit kits to spam and other vectors, there is a clear desire to continue using kits. We see cybercriminals switch from one kit to another, replacing kits as they become unavailable. Meanwhile, exploit kit authors continue to keep their wares attractive to cybercriminals by incorporating new exploits.

Keeping browsers and other software up-to-date can counter the impact of exploit kits. Microsoft Edge is a secure browser that gets updated automatically by default. It also has multiple built-in defenses against exploit kits that attempt to download and install malware. These defenses include on-by-default sandboxing and state of the art exploit mitigation technologies. Additionally, Microsoft SmartScreen, which is used in both Microsoft Edge and Internet Explorer 11, blocks malicious pages, such as landing pages used by exploit kits.

At the same time, running a secure platform like Windows 10 enables users to benefit from advanced security features.

Windows Defender uses IExtensionValidation (IEV) in Microsoft Internet Explorer 11 to detect exploits used by exploit kits. Windows Defender can also detect the malware that exploit kits attempt to download and execute.

Windows 10 Enterprise includes Device Guard, which can lock down devices and provide kernel-level virtualization based security.

Windows Defender Advanced Threat Protection alerts security operation teams about suspicious activities, including exploitation of vulnerabilities and the presence of malware, allowing them to detect, investigate, and respond to attacks.

MMPC

Most mobile apps need to store data in the cloud, and Azure DocumentDB is an awesome cloud database for mobile apps. It has everything a mobile developer needs, a fully managed NoSQL database as a service that scales on demand, and can bring your data where your users go around the globe -- completely transparently to your application. Today we are excited to announce Azure DocumentDB SDK for Xamarin mobile platform, enabling mobile apps to interact directly with DocumentDB, without a middle-tier.

Here is what mobile developers get out of the box with DocumentDB:

• Rich queries over schemaless data. DocumentDB stores data as schemaless JSON documents in heterogeneous collections, and offers rich and fast queries without the need to worry about schema or indexes.
• Fast. Guaranteed. It takes only few milliseconds to read and write documents with DocumentDB. Developers can specify the throughput they need and DocumentDB will honor it with 99.99% SLA.
• Limitless Scale. Your DocumentDB collections will grow as your app grows. You can start with small data size and 100s requests per second and grow to arbitrarily large, 10s and 100s of millions requests per second throughput, and petabytes of data.
• Globally Distributed. Your mobile app users are on the go, often across the world. DocumentDB is a globally distributed database, and with just one click on a map it will bring the data wherever your users are.
• Built-in rich authorization. With DocumentDB you can easy to implement popular patterns like per-user data, or multi-user shared data without custom complex authorization code.
• Geo-spatial queries. Many mobile apps offer geo-contextual experiences today. With the first class support for geo-spatial types DocumentDB makes these experiences very easy to accomplish.
• Binary attachments. Your app data often includes binary blobs. Native support for attachments makes it easier to use DocumentDB as one-stop shop for your app data.

Let's build an app together!

Step #1. Get Started

It's easy to get started with DocumentDB, just go to Azure portal, create a new DocumentDB account,  go to the Quickstart tab, and download a Xamarin Forms todo list sample, already connected to your DocumentDB account. 

Or if you have an existing Xamarin app, you can just add this DocumentDB NuGet package. Today we support Xamarin.IOS, Xamarin.Android, as well as Xamarin Forms shared libraries.

Step #2. Work with data

Your data records are stored in DocumentDB as schemaless JSON documents in heterogeneous collections. You can store documents with different structures in the same collection.

In your Xamarin projects you can use language integtated queries over schemaless data:

Step #3. Add Users

Like many get started samples, the DocumentDB sample you downloaded above authenticates to the service using master key hardcoded in the app's code. This is of course not a good idea for an app you intend to run anywhere except your local emulator. If an attacker gets a hold of the master key, all the data across your DocumentDB account is compromised.

Instead we want our app to only have access to the records for the logged in user. DocumentDB allows developers to grant application read or read/write access to all documents in a collection, a set of documents, or a specific document, depending on the needs.

Here is for example, how to modify our todo list app into a multi-user todolist app, a complete version of the sample is available here: 

• Add Login to your app, using Facebook, Active Directory or any other provider.
• Create a DocumentDB UserItems collection with /userId as a partition key. Specifying partition key for your collection allows DocumentDB to scale infinitely as the number of our app users growth, while offering fast queries.
• Add DocumentDB Resource Token Broker, a simple Web API that authenticates the users and issues short lived tokens to the logged in users with access only to the documents within the user's partition. In this example we host Resource Token Broker in App Service.
• Modify the app to authenticate to Resource Token Broker with Facebook and request the resource tokens for the logged in Facebook user, then access users data in the UserItems collection.  

This diagram illustrates the solution. We are investigating eliminating the need for Resource Token Broker by supporting OAuth in DocumentDB first class, please upvote this uservoice item if you think it's a good idea!

Now if we want two users get access to the same todolist, we just add additional permissions to the access token in Resource Token Broker. You can find the complete sample here.

Step #4. Scale on demand.

DocumentDB is a managed database as a service. As your user base grows, you don't need to worry about provisioning VMs or increasing cores. All you need to tell DocumentDB is how many operations per second (throughput) your app needs. You can specify the throughput via portal Scale tab using a measure of throughput called Request Units per second (RUs). For example, a read operation on a 1KB document requires 1 RU. You can also add alerts for "Throughput" metric to monitor the traffic growth and programmatically change the throughput as alerts fire.

Step #5. Go Planet Scale!

As your app gains popularity, you may acquire users accross the globe. Or may be you just don't want to be caught of guard if a meteorite strkes the Azure data centers where you created your DocumentDB collection. Go to Azure portal, your DocumentDB account, and with a click on a map, make your data continuously replicate to any number of regions accross the world. This ensures your data is available whereever your users are, and you can add failover policies to be prepared for the rainy day.

We hope you find this blog and samples useful to take advantage of DocumentDB in your Xamarin application. Similar pattern can be used in Cordova apps using DocumentDB JavaScript SDK, as well as native iOS / Android apps using DocumentDB REST APIs.

As always, let us know how we are doing and what improvements you'd like to see going forward for DocumentDB through UserVoice, StackOverflow #azure-documentdb, or Twitter @DocumentDB.

We’ve been investing heavily over the last year in education software to drive a breakthrough in learning outcomes.  We’ve developed technology like Windows Ink in Windows 10, which enables students to write on their device as naturally as a piece of paper, delivering up to 36 percent better test scores in math and science. Office 365 delivers productivity for the modern classroom with powerful intelligence features to help students become better writers, presenters and data analysts, while empowering students and teachers to create, edit, share and grade assignments with OneNote. With OneNote Learning Tools, students can de-clutter screen views to aid concentration, helping those with learning challenges increase reading fluency by 30 percent and comprehension rate by 20 percent. Finally, combined with Power BI, Office 365 can showcase visible learning outcomes, bringing rich data to life through predictive analytics to help students be successful.

Despite these great advancements, we have lacked two important things to make it easy to deploy and use these tools: a simple tool for schools to setup and manage their devices and affordable, yet powerful Windows 10 PCs for students that enable better learning outcomes.

This week, we’re at the BETT conference in London to share several new developments as we prepare for back-to-school. Today, we are announcing Microsoft Intune for Education: a new cloud-based application and device management service that is built on the proven Microsoft Intune service, offering easy setup and management in shared learning environments. Also, in partnership with OEMs, we are delighted to announce that starting at just $189, Windows 10 PCs are available today from Acer, HP and Lenovo, with many devices featuring Windows Ink, touch support and with great designs that are perfect for the classroom.   Now Windows 10 devices offer the power, performance and security schools need at the same price as Chromebooks, with none of the compromises. Finally, we are launching a new update for Minecraft: Education Edition, with popular features requested by our community.

Intune for Education Helps Schools Easily Set-up and Manage Classroom Devices

In today’s classrooms, over 90 percent of schools use shared devices, with unique demands to set-up and manage these devices. And educators face more demands than ever before, with nearly 50 percent of teachers serving as their own tech support in their classrooms.

Specially designed for schools who want to put devices in classrooms and not touch them again for the rest of the school year, Intune for Education makes it easy for either IT admins, or teachers playing the role of IT in the classroom, to get up-and-running in minutes on Windows 10 devices and easily manage shared devices.

Simple Windows 10 Management: The express setup feature in Intune for Education makes it easy to set up default policies for all the devices and users in a class, school or district in a matter of minutes. Schools can customize over 150 granular settings, assign them to a student and apply them to hardware, apps, browsers, the start menu, Windows Defender and more.  These settings follow the user to any device when they sign in.

To manage just a few devices, admins or teachers can automatically enroll in Intune for Education by logging in with an Office 365 Education email account. When there are many devices to set up, they can use the “set up School PC” app to set up any number of Windows 10 devices.  The first time a teacher or student logs in to the new device, it is customized for their unique needs.

Easy application deployment: Intune for Education makes it easy to assign and deploy any combination of web apps or education apps from the Windows Store for Business.  Once apps are customized, they are available to users at their next login and follow them to any device, so students and teachers always see the apps they are supposed to see, and no apps they shouldn’t.

Integrated with Microsoft education software and services: Intune for Education and Windows 10 are engineered to integrate easily with other Microsoft cloud services including Office 365 Education. By integrating with School Data Sync, Intune for Education automatically creates groups based on school roster data, so apps and settings can be applied to students, teachers, devices, specific schools, or specific classes or sections with no additional work required. Any changes to the roster will be reflected automatically in the group.  For example, if a student is added to a photography class in the school roster, they will automatically be added to the group in Intune for Education and get the relevant apps. Intune for Education is perfectly suited for schools of any size that want a cloud-based solution to manage their Windows 10 devices. Because Intune for Education is based on Microsoft Intune, larger school districts or schools with large, full-time IT departments can take advantage of cross-platform support to manage iOS and Android devices and integration with System Center Configuration Manager, if they choose. Intune for Education will be available in preview in the coming weeks and broadly available this spring for $30 per device, and via volume licensing.

New Windows 10 Devices Offer Great Alternatives to Chromebooks

Over half of the students in the world still don’t have ready access to technology. Of those that do, many are using older, slower systems without the benefits of modern innovation and security. We want to help all students – all over the world – have affordable access to the latest technology, with security they can trust, and the latest innovations that can help them learn and achieve more.

We’ve seen great devices like the HP ProBook x360 11 Education Edition (starting at $289 with pen included) and the HP Stream 11 Pro G3 for Education (starting at $189) embraced by schools and this week at BETT we’ll showcase additional new devices, designed for education. These devices showcase the latest Windows 10 technology at prices competitive to Chromebooks, with the power, performance and security educators, students and families can count on from Windows.

Acer’s TravelMate Spin B118 Convertible Notebook is Made for the Classroom

The new 11.6-inch convertible notebook with a 360° hinge is sized for easy portability with a starting price of $299. It features four usage modes, Windows 10 Pro with a stylus to support Windows Ink, and a robust design made for the classroom that includes a pressure-resistant screen, shock-absorbent rubber bumper and spill-resistant keyboard. With up to 13 hours of battery life, students can easily power through a full day of school. Learn more about Acer’s announcements here.

Lenovo updates their Education Line of High-Value Windows 10 Devices

Computers in schools are put to heavy use, so Lenovo has improved the rugged, powerful and portable ThinkPad 11e series. Available in both clamshell or Yoga form-factors with Windows 10, ThinkPad 11e simplifies software and security management for educators and offers students notebooks that will last longer, even under the roughest handling. Engineered for education, ThinkPad 11e is focused on reliability and productivity, including military standard testing procedures and up to 11 hours’ battery life. The Yoga 11e comes with a pen and support for Windows Ink.

Lenovo N24 with pen support
Lenovo is pleased to announce a new Lenovo N24 featuring Windows 10 and newly added support for Windows Ink. We partnered with Lenovo to deliver this innovative device, designed for education. The N24 convertible notebook will offer an 11.6-inch IPS display with 360-degree screen rotation giving multimode capability, 10-point touch and an Active Pen with pen holder. The Lenovo N24 is expected to be available mid-2017.

The Lenovo N24 joins the currently available Lenovo N22 and N23 Yoga, powerful and durable notebooks built specifically for education at the affordable prices of $189 and $249, respectively. The Lenovo N23 is designed to meet the day-to-day needs of teachers and students with a ruggedized design and a 10-hour battery life. Learn more about Lenovo’s announcements here.

JP.IK Introduces new Windows 10 PC For Emerging Markets 

JP.IK – one of the world’s largest distributors of devices for education – is announcing the TURN T201 PC for Windows 10. Designed for students between 12 and 18 years old, TURN T201 is a 360-degree convertible PC featuring an active stylus pen with pen holder enabling Windows Ink.  It has preloaded Inspiring Knowledge Education Software, which enables teachers and students to work together, a Microlens that works as a microscope for science tasks and a Thermal Probe that detects temperature fluctuations. It also has a retractable handle, which makes it easier to carry around and less likely to be dropped. With Windows Hello, students and teachers will have quick and secure access. Learn more about JP.IK’s announcements here.

New Minecraft: Education Edition Update

Last year at BETT, we introduced Minecraft: Education Edition to the world. Since then, more than 75,000 students and educators from more than 100 countries have discovered how Minecraft facilitates learning through creation, exploration and teaching.

More Teacher Features: Today, we’re excited to launch the latest Minecraft: Education Edition update, offering a number of new features requested by our community, including Global Pause to take a quick break to transition to a new activity, accessibility features like text to speech for in-game chat, an updated user interface for managing in game settings, 256 world height for greater building capabilities, complete gameplay from the first night to The End dimension, and new “Minecraft mobs” and items including igloos and Polar Bears in snowy biomes. Minecraft: Education Edition is available at education.minecraft.net.

Expanding the Minecraft Community: I’m also happy to share we are expanding the Minecraft Mentor program to include 60 Global Minecraft Mentors representing 18 countries around the world. Minecraft Mentors are experienced guides to help educators with their Minecraft journey in education. Educators have also been asking for an easier way to upload and share Minecraft worlds with the community. To accommodate this, .mcworld files are now natively supported on the Microsoft docs.com platform, making it easier than ever to get started with Minecraft in the classroom.

We are continuing to invest more and more into technology that can help the next generation achieve more. It’s exciting to see the impact technology can have on their learning, the creativity it can inspire, and how it can connect students and educators all over the world. We have much more underway for students and educators and we look forward to sharing more details in the coming months.

Yusuf

The post Announcing Intune for Education & new Windows 10 PCs for school starting at $189 appeared first on Windows Experience Blog.

Building a successful online multiplayer game is а complex task that requires orchestrating a host of nitty-gritty details. All the major components must play well together, starting from game design, artwork, client implementation, and the servers running behind the scenes. Without that last one, modern mobile games literally could not exist.

Alex Shirov, CTO of Game Insight – one of the largest games companies in the world – shared their experience of moving their famous game to Microsoft Azure.

The server infrastructure of a mobile game is a very complicated aspect of the product – and vitally important. No matter how good an online game is judged by any other criteria, a poorly performing backend can reduce all your efforts to nothing.

In contrast to their newer products built on micro-services, 2020: My Country, one of Game Insight’s hits that was released in early 2013, implements a classic backend design. The services for the game relied on physical hardware, mainly because there was no other option to consider at the time the game was developed. Having dedicated physical hardware that you manage is very expensive. This includes upfront prices and administration costs. IaaS providers at the time offered an unreliable toolset, which simply did not satisfy the requirements for such a product. But things have changed since the first version of the game and it was time to reconsider the backend infrastructure.

At first glance, migrating the backend services behind an online multiplayer game that has been live for many years seems like a risky task and I won’t oversimplify it. However, cloud platforms such as Microsoft Azure make this process easier.

The backend of 2020: My Country was recently running on the following physical machines:

• A load balancer
• Three app server nodes (PHP, Redis)
• Five database nodes (MySQL). Each app server and database node had 24 cores and 32GB of memory.

With the flexibility that the cloud provides, Game Insight started with a lighter setup knowing they could scale out if they needed to. The new setup consisted of a:

• A load balancer
• Two app server nodes (Standard F4)
• Two database nodes (Standard DS4 v2)

All the nodes were created as Microsoft Azure Linux Virtual Machines located in a single subnet, backed by the default Azure DNS, and running on the latest OpenLogic CentOS images. They decided to go with a default OS image to avoid any further issues with out-of-the-box features like monitoring, updates and backup. All the required packages were installed using Ansible scripts. The setup process was straightforward. The administration console, being very easy to use, made the whole process of creating new instances a snap.

One of the major problems was migrating the existing data. Having about 2TB of data stored on their database servers, the data migration process went smoothly: the speed while copying data held stable at around 1 Gbit/s.

Game Insight was pleasantly surprised by the performance of the virtual machines mainly due to the fast 1TB SSDs. This enabled them to reduce the number of database nodes from five down to just two. The new database instances now serve 100% of the game’s traffic running at about 10–15% of CPU usage. Furthermore, adding just one additional app server (Standard F4) to the setup described above kept the app servers running at 25-35% of CPU usage.

Alex Shirov says “overall, we’re very satisfied with the new backend infrastructure for 2020: My Country. Not only is hosting our backend services on Microsoft Azure now considerably less expensive, it is much more flexible, allowing us to adjust server capacity to our current needs automatically, at nearly real time. Moreover, it’s much more reliable to have every logical tier failsafe with all the nodes automatically backed up and capable of being replaced immediately upon any kind of failure.”

Today, Game Insight has many titles in operation. Most of their games have been built using modern micro-services architecture, although some of the older titles still have a legacy architecture similar to 2020: My Country. In conclusion, Alex Shirov says “having had such a great experience migrating an existing project, we’re looking forward to bringing more to Microsoft Azure IaaS platform to benefit from the amazing out-of-the-box features like high availability, outstanding performance, automatic scaling and backups, and 24/7 monitoring.”

Cheers,
Guggs
@stevenguggs

Today’s post was written by Kirk Koenigsbauer, corporate vice president for the Office team.

Happy New Year from Office! We’re kicking off 2017 with updates to OneDrive, the Activity feed within the Office apps, StaffHub and more. Read on for the details.

OneDrive for Business updates

Today, we are announcing several enhancements to OneDrive for commercial customers. Now you can use the latest client to sync SharePoint Online team sites and OneDrive for Business shared folders, providing you with easy access to your shared documents. On the web, we have simplified the sharing experience, helping you better specify scope and duration for sharing permissions. OneDrive is also easier for IT to deploy and manage with the new OneDrive admin center and a standalone Mac client. Learn more about the details, availability and more in today’s OneDrive blog.

Easily access more of your shared files by syncing SharePoint Online team sites and OneDrive for Business shared folders.

Activity feed is now available for consumers

In April, we introduced an activity feed in Word, Excel and PowerPoint for documents stored on SharePoint or OneDrive for Business—one of many updates bringing the collaboration experience front and center within the Office apps. Now this experience is available for consumers who store their documents on OneDrive. This means all subscribers can now stay on top of changes to shared cloud documents by accessing a full history of changes, as well as easily opening or even reverting to a prior version as needed. Get started with the Activity feed in a few easy steps.

The Activity feed provides access to a full history of document changes, including prior versions.

Office Lens integration on Android

Office Lens is a pocket scanner for digitizing notes from whiteboards or blackboards, as well as capturing documents, business cards and more. Now we’ve started integrating its technology directly into the camera capture experience in Word and PowerPoint on Android. This means that directly from within Word and PowerPoint, you can capture, crop, straighten and enhance pictures of whiteboards. This can help students summarize classroom lecture notes and diagrams into a document, professionals capture diagram mockups into a presentation and more. In the future, we’ll expand this option to Excel and integrate additional Office Lens capabilities, such as document capture, Optical Character Recognition (making handwritten text within captured searchable) and more. Stay tuned!

Office Lens integration in Word and PowerPoint on Android helps you capture, crop, straighten and enhance pictures of whiteboards.

Announcing Office Insider for iPhone and iPad

The Office Insider program is now available for iPhone and iPad, building on the program’s expansion over the last year and more. Leveraging Apple’s TestFlight program, Office Insider for iPhone and iPad offers early access to builds of Word, Excel and PowerPoint at the Insider Fast level. This is best for Insiders who want to use the earliest preview builds—released more frequently—and who don’t mind a bit of risk using unsupported builds to identify issues and provide feedback to help make Office great. Apply for a spot in Office Insider for iPhone and iPad or learn more about the Office Insider program.

Microsoft StaffHub is generally available

Earlier this month, we announced the general availability of Microsoft StaffHub, a new app for Office 365 designed to help staff workers manage their workday. Managers can easily create and adjust shift schedules, which employees can access from their mobile device. Employees can also access documents, videos and other information directly within the app, as well as send quick messages to each other or to the entire work group. Microsoft StaffHub will soon integrate with Kronos (a leading workforce management solution). Stay tuned for more!

With Microsoft StaffHub, managers can easily create schedules, staff can easily view shift information and more.

Learn more about what’s new for Office 365 subscribers this month at: Office 2016 | Office for Mac | Office Mobile for Windows | Office for iPhone and iPad | Office on Android. If you’re an Office 365 Home or Personal customer, be sure to sign up for Office Insider to be the first to use the latest and greatest in Office productivity. Commercial customers on both Current Channel and Deferred Channel can also get early access to a fully supported build through First Release. This site explains more about when you can expect to receive the features announced today.

—Kirk Koenigsbauer

The post Office 365 news in January—updates to OneDrive, Activity feed and more appeared first on Office Blogs.

Welcome to our new Demo Tuesday series. Each week we will be highlighting a new product feature from the Hybrid Cloud Platform.

Server operating systems, including Microsoft Windows Server, have traditionally been all-inclusive. When you install it, you get everything you might possibly want, baked into the OS image. That made complete sense in an on-premises datacenter model. Today, with organizations having much larger-scale deployments, things have changed. Size, scalability, and security have become critically important. Many of you have been asking for a different optionsomething small, light, and optimized for todays larger scale, both on-premises and in the cloud. With Windows Server 2016, that something is here and its called Nano Server.

Nano Server is tiny

In the cloud, every gigabyte not used is money saved. So, rather than 13.2 GB, Nano Server has a ridiculously small disk footprint of 500 MB. Its a new installation option designed specifically to provide infrastructure services for the cloud. You get only what you need and nothing more. We call it just enough OS and its ideal for many cloud scenarios. Take a look:

Built of the cloud, for the cloud

Nano Server lets you build slimmed-down images tailored to specific workloads, like a compute host for Hyper-V, a DNS server, or for apps using containers. No bulky extras. No unnecessary processes. Its essential for cloud scalability and will help you achieve real benefits:

• Lower storage costs
• Less network traffic
• Smaller attack surface
• Easier to configure and manage
• Much faster boot times

Try it out for yourself in our virtual lab, and head to the Windows Server website for even more information.

In today’s digital workplace, the amount of content produced is growing exponentially, and working relationships change by the day. To maintain productivity in this environment, it’s essential that people can easily access and collaborate on team files in and outside their organizations from anywhere, on any device.

Today, we are excited to announce availability of several new capabilities in OneDrive for Business that make it easier than ever to sync, share and collaborate on all your files in Office 365.

Here’s a look at what’s new:

Sync all your files anywhere, anytime across PC and Mac

Organizations have been using the latest OneDrive client to reliably sync their OneDrive files to their PCs and Macs since its debut over a year ago. However, much of the team content they are collaborating on exists in SharePoint Online team sites and OneDrive folders shared by others.

Today, we are enhancing OneDrive with the ability to sync SharePoint Online team sites—including files used inside Microsoft Teams and OneDrive folders—shared by others across PC and Mac platforms. Now you can work with all your Office 365 files just as you would files stored on your PC or Mac—even when you are offline.

• Syncing SharePoint sites and OneDrive for Business shared folders—Making sure you have the information that is critical to you on every device no matter where you are is key to our customers. The ability to sync SharePoint Online team sites directly to OneDrive makes doing this easier and simpler for users. Additionally, you can now sync a OneDrive for Business shared folder. As always, we remain committed to providing the most reliable and performant sync experience for all your files.

• Standalone Mac client—We’ve seen a significant increase of adoption and interest for OneDrive in the Mac community. But we heard feedback that IT admins want to be able to deploy and manage the OneDrive Mac client outside of the App Store. Now you can with the new standalone client for Mac. The standalone client allows admins to control features like enabling sync status as well as visual overlays in Finder, adding a Finder shortcut for OneDrive, and the ability to set up OneDrive sync to run at sign in. This latest client also has built-in multi-language support. You can download the standalone client for Mac file here.

• Activity center—The activity center is now available in the latest OneDrive sync client for Windows and Mac—giving you detailed visibility to the most recent sync activity and status. Simply click the OneDrive icon in your system tray (PC) or Finder (Mac) to see your file sync status and activity.

If you are using our preview, the sync client will automatically update with these new capabilities including the new activity center. If you aren’t running the latest OneDrive sync client, or aren’t sure, read “Get started with the new OneDrive sync client in Windows” to learn more.

Below is newly updated guidance to help get you up to speed with the latest OneDrive sync client and admin center features and functionality.

• Transitioning from the previous OneDrive for Business sync client (Groove.exe).
• Enable users to sync SharePoint files with the new OneDrive sync client.
• Syncing SharePoint Online team sites.

Simplified file sharing in and outside your organization

Collaborating on content is predicated on successfully sharing content with others. The OneDrive team is committed to making this process as simple as possible even when the user is outside your managed organization.

• A new onboarding experience—For users who are new to OneDrive, our new onboarding experience will guide them through common activities like uploading documents, using the mobile app and collaborating with others.

• Simplified sharing options—When users share files they now see a simplified sharing experience that keeps them better informed on the scope of their sharing and explicitly calls out if the recipients are external to the organization. The sharing pane allows them to easily modify this, including the ability to set an expiration duration on anonymous guest links.

• Streamlined guest access—When external users attempt to access a shared file that requires authentication and don’t already have an Office 365 or Microsoft account, they will experience a much-simplified account setup process that gets them to these files more quickly.

Empowering administrators to manage with confidence

To help IT admins better manage sync and sharing capabilities, we are rolling out the new OneDrive admin center. The admin center controls how and from where a user will access the files in OneDrive—that is device, location and app.

Other new features include:

• Home—Admin center dashboard will soon show recent Office 365 Message Center posts and usage reporting related to OneDrive.
• Sharing—This section helps you gain control over how and with whom your users are sharing information. Includes controlling the use of external sharing and anonymous links, as well as limiting which external domains users can share with.
• Sync—You now can block syncing of specific file types and deny syncing to non-domain joined PCs.
• Storage—Where you can easily set default storage limits and document retention durations.
• Device access—This gives you control over how and from where a user can access their files. Includes allow/deny access from personal devices or specific networks as well as rich Mobile Application Management Intune policies for iOS and Android.
• Compliance—Offers quick links to the Office 365 Security and Compliance Center for key scenarios like auditing, data loss prevention, retention and eDiscovery.
• Notification—Ability to turn on/off various notifications for your tenant.

Once deployed to your tenant, all tenant and SharePoint admins will have permissions to access the OneDrive admin center at admin.onedrive.com. If you are ready for a deeper dive, check out our Microsoft Mechanics video on the admin center with Randy Wong from our product team.

OneDrive for Business customer momentum

Office 365 continues strong growth with over 85 million commercial monthly active users. Many of these customers are moving to OneDrive for Business from on-premises file shares and other cloud-based solutions to empower their employees to intelligently discover, share and collaborate on files.

Here’s what a some of our customers had to say:

Doug Lind, director of Windows Infrastructure, Telecom and End User Services at Polycom:

“We wanted to enable colleagues who aren’t in the same physical location to work closely together in a safe, controlled manner, so we brought in OneDrive for Business and SharePoint Online. We’re replacing a number of unsanctioned cloud-based file-sharing services and on-premises file shares with personal OneDrive for Business repositories where permissions and access are more visible.” —Read the full case study.

Tony Taylor, senior director of Infrastructure and Security at Land O’Lakes:

“Moving to OneDrive for Business gave us a more secure, managed place for document storage. We’re able to create policies to protect our data now that we have one standard solution that’s accessible to everyone.” —Read the full case study.

You can also check out the case study on how Contiki Travel uses OneDrive For Business to connect with their teams around the world. To learn how you can make the move to OneDrive for Business, leverage our Microsoft FastTrack service—which includes no-cost migration services from on-premises file shares, Google Drive and Box for eligible Office 365 customers.

Let us know what you think

As always, we want to hear from you and encourage your feedback on what is impacting you and your world. Please share your thoughts and ideas through UserVoice and the Microsoft Technical Community. Also, be sure to join us on Wednesday, February 1, 2017 from 9 a.m. to 10 a.m. PST / 5 p.m. to 6 p.m. GMT for an “Ask Microsoft Anything” (AMA) session on OneDrive for Business in the OneDrive AMA group. Add the event to your calendar. We hope to see you there!

—Stephen L. Rose, @stephenlrose, product manager for the OneDrive team

The post OneDrive brings new file collaboration and management features to the enterprise appeared first on Office Blogs.

Today, we are excited to announce the ‘Send-as’ and Send-on-behalf of feature for groups in Outlook, which brings you one step closer to turning your email into a great customer support solution.

With the new ‘Send as’ and ‘Send on behalf of’ feature members of the group can respond to conversations using the shared identity of the Group instead of their individual email identity – without losing the personal, individual touch. Because sometimes, that’s just what you need.

Like other groups in Outlook, members can read all messages sent to the group. But with this feature turned on, responses look like they come from the group rather than the individual.

Here’s what Send on Behalf and Send As look like from the recipient’s perspective.

If your business is looking for a lightweight, email-centric customer support solution, you’re in luck. This feature might be what you need. The consistent use of a single email address will help your customers develop recognition and trust—ensuring that your email messages are seen.

This feature is particularly helpful in scenarios where you want to set up a group to connect with external customers. Collective knowledge of group helps resolve those customer inquiries faster and everyone on the team benefits from shared knowledge of the Group.

Here are some example scenarios:

1. Support@Contoso.com can be set as group to receive all customer support inquiries. When your customers send email to this group, any member of the group could respond to inquiry in a timely fashion without disclosing their individual identity. Subsequent responses from the customer also go back to the group, keeping all information in one place and making it faster for support representatives to respond to new inquiries. Additionally, because all of the group conversation history is available, other team members will be able to see that specific customer emails have already been answered to.

The support team member would see the following:

The recipient (customer) would see the following:

2. Some organizations may also want to use ‘Send as’ or ‘Send on behalf of’ for an internal group. For example, if you want all expense reports sent to a Billing department alias rather than bombarding a specific person.

Billing@contoso.com can be set up as a group to receive all your organization’s billing inquiries. Individuals who work in the billing department and are a part of this group can respond back as the Billing department identity.

Sound like what your business needs? Learn how to turn it on.

Allow members to send as or send on behalf of an Office 365 Group – Admin help
Allow members to send email as an Office 365 Group

The Groups Team

Earlier today we also announced Intune for Education an administrative experience that is tailored for schools. We are incredibly excited to share these new experiences with you, and I want to share some of the philosophy and architecture behind the experience weve built.

It goes without saying that this is an exciting time for all of us working on and using Intune, Azure Active Directory Premium (AADP), and EMS. In addition to the work weve done with Intune for Education, we have been working on a new, integrated console for EMS that is built on the Azure console.

The work weve done here resets and redefines Enterprise Mobility.

I talk about these updates in great detail and show the console in this month’s edition of The Endpoint Zone.

An Integrated EMS Admin Experience

One area where Microsofts Enterprise Mobility vision has been most clearly articulated is convergence of identity management/protection, device and app management, security, data protection and productivity. A number of years ago, as we defined and started engineering what has come the Enterprise Mobility + Security (EMS), we had a perspective that the key scenarios Enterprise organizations would need were these:

• Managed mobile productivity
• Identity-driven security
• Data Protection

Delivering these three things has required us to build comprehensive end-to-end scenarios across a number of services Intune, Azure Active Directory, Azure Information Protection, Cloud App Security, and Office 365. The apps and backend services of these solutions are now in constant communication with each other as users access and use corporate data and apps. What we are delivering with this new EMS console is an integrated administrative experience that makes the end-to-end scenarios weve enabled far simpler, much more powerful, and even more flexible!

Here is an example of what I think is one of the most powerful scenarios that this new administrative console + integrated service infrastructure enables. Conditional Access enables IT to define the rules under which they will allow access to corporate data which EMS then enforces in real-time.

With an integrated EMS console, we can now bring together all the different areas where IT wants to define risk polices that govern access this allows you to define a complete and comprehensive set of rules. This is the new console experience for defining conditional access policies. Now you can define your access policies based on identity risk (e.g. is there anything suspicious about how an identity is being used), device risk (i.e. does the device meet your MDM policies), application risk (e.g. you could have different polices for a known/approved app vs. accessing through a browser), and location (i.e. apply different policies when on a corporate/known network vs. a public networks).

We will now evaluate in real-time the risk in each of those areas and only grant access to a service/application if the risk is within the constraints you define. These policies can be applied to 3,000+ SaaS apps as well as the applications you are hosting in your datacenter.

All of this means that you no longer have to go to one console to set identity policies, and then another console to set device/app policies. Its all together!

Additionally, not only is it all in one place, but the capabilities of the service are also deeply integrated. In the example noted above, the Intune, AADP, and Office 365 services are all working together to the deliver and enforce the policies you define.

Built on the Microsoft Graph

The way we architected this new experience is really interesting.

To the right is a simplified view of how this all comes together. The console itself calls through an authentication layer (AAD, of course) into what we call the Microsoft Graph. The Microsoft Graph then directs the call to the appropriate Microsoft service Exchange Online, OneDrive for Business, AAD, Intune, etc. You should think of the Microsoft Graph as effectively the Microsoft API. All of the services we are building at Microsoft are being built on the Microsoft Graph.

One of the especially cool things about the Microsoft Graph is that it is a single interface where all the Microsoft services can be reached through a set of REST APIs. Every object (user, group, device, etc.) and every policy can be reached through that API. It is really impressive how every object now has a URL that actions can be taken on/against via this command line. If you want to read more about Microsoft Graph go to: http://graph.microsoft.com.

Many of you have asked when Intune is going to have APIs. Well here it is! You can learn more about Microsoft Graph in the link above, and check out this documentation if you want to start learning about the specifics of working with Intune using Microsoft Graph.

Looking ahead, Ill be writing and talking about two different graphs from Microsoft and I want to make sure you understand the difference. Think of the Microsoft Graph discussed above as the management plane and API for Microsoft. Through the Microsoft Graph you have access to all the administrative capabilities. We have also been talking about the Microsoft Intelligent Security Graph. Think of this as the data plane for all of the telemetry and signal that comes back to Microsoft from the 200+ Global services that we operate this is something I spoke about at length at Ignite. We now offer all the intelligence from all the Microsoft services and pull them together with our machine learning and data analytics capabilities all to help protect your organization.

One last word on architecture: This new console is a built on top of a unified Intune/AAD infrastructure. One of the most important things we have done over the past year is completely aligning the Intune and AAD services. They now use common users, groups, and devices and this is a significant move for our users because of how dramatically it reduces complexity and enables new scenarios (like the conditional access experience above).

Microsoft Graph Gives You Incredible Flexibility

Many IT Professionals want to do everything from a command line and not through a console (how often do you still go to a command prompt? ) . With the integration of Intune and the other EMS components into Microsoft Graph, you can now have a command line for everything.

Since last September, weve been showing customers the new console and its integration with other Microsoft solutions. The customer reaction to the power of these command line capabilities (and the flexibility it brings) has been overwhelmingly positive. IT teams all over the world love these capabilities.

Over the 14 years I have worked on ConfigMgr, it has been common to see organizations create specialized administrative consoles or want to integrate specific features/scenarios of ConfigMgr into another administrative experience. Now, you can do that for any administrative tasks or to get data from any object in Intune, AADP and EMS. The way we have architected this is simple: Every call we make from the console is exposed via Graph.

A really interesting application of this that ties into what we announced today with Intune for Education. This is a specialized administrative experience that is tailored for schools where the individual(s) doing the administrative actions could be the computer science teacher or a principle. In this administrative experience, we simplified what is shown in the console, used descriptors like teachers and students, and really tailored the experience for this specific use. This is essentially a UI skin customized to a specific need, that makes calls to Microsoft Graph, which then calls to the Intune service. I encourage you to read the blog from the Official Windows Blog about Intune for Education, and check out this video showing just how simple and focused this experience is:

.

Existing Intune Customers will be Transitioned Over the Next Couple of Months

The new EMS Console is currently in public preview, and it will be fully released and generally available within the next couple months. New tenants (trial and paid) that are provisioned are automatically enabled to use the new console. We will be transitioning the 10,000s of existing Intune customers over the next several weeks. You will be notified in the existing Silverlight console when your tenant has access to the new console. If you dont want to wait until then you can create a new trial tenant here and start experimenting with the new console today! We cant wait to hear your feedback!!

If you want to see a few demos of the new integrated console, as well as some examples of what you can do via the command line through Microsoft Graph, I would encourage you to watch the 1701 edition of The EndPoint Zone linked above. This months edition of EPZ is entirely dedicated to the new console andz the Intune for Education console.

.

In Team Foundation Server 2017 we made a change to the default security support providers used by our IIS site for Windows Authentication. We didn’t anticipate this change attracting much notice, since we had ensured (through extensive testing) that there would not be any impact for existing TFS deployments and since we were making things simpler by taking away a little-used decision point during advanced configuration scenarios. We underestimated the detail-orientedness of our customers, however, and many people both noticed the change and mistakenly thought that they needed to react to it. The point of this blog post is to explain the change in a bit more detail and to reduce the confusion we mistakenly caused.

First, some backstory. The Microsoft Security Development Lifecycle was updated a while back to forbid explicit selection of the NTLM security support provider, due to various vulnerabilities in the protocol – see https://en.wikipedia.org/wiki/NT_LAN_Manager#Weakness_and_Vulnerabilities, for example. Instead, the SDL recommendation is to always use the Negotiate security support provider, which will attempt to use Kerberos, but will fall back to NTLM if Kerberos cannot be used. This same recommendation can be found in various other public documents. For example,  https://msdn.microsoft.com/en-us/library/windows/desktop/aa378749(v=vs.85).aspx has the following paragraph:

“Your application should not access the NTLM security package directly; instead, it should use the Negotiate security package. Negotiate allows your application to take advantage of more advanced security protocols if they are supported by the systems involved in the authentication. Currently, the Negotiate security package selects between Kerberos and NTLM. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication.”

TFS had been using NTLM as an explicit default setting for the Windows Authentication security support provider for a long time, but in TFS 2017 we decided to comply with the SDL recommendation here as part of an overall push to make TFS more secure by default. (Another part of this effort was the set of changes around recommending the use of HTTPS bindings and an effort to make doing so easier.) After a bunch of testing, we discovered that using only the Negotiate provider would negatively impact certain clients. When we added both the Negotiate and NTLM security support providers, however, we could not find any clients which worked with our old default settings (just NTLM) and failed with the updated settings (Negotiate and then NTLM, in that order).

As such, we decided not just to update the default setting, but also to remove the need for customers to make any decisions about the supported providers. If you want to use Kerberos, it should just work (so long as you have set things up properly outside of TFS). If you want to use NTLM, it should also just work.

The only real impact here is the desired one – some customers who are using machine accounts for their TFS service accounts and who are not using multiple application tiers or custom host names will start using Kerberos authentication, and thus get the benefits of its increased security, without even noticing. We do not expect there to be any other impacts.

If you have reason to believe that this change has negatively impacted you, report it at developercommunity.visualstudio.com and we will work with you to get it resolved.

Previous posts:

• On .NET with David Pine, PwdLess, Terraria.
• On .NET with Reed Copsey, Jr., Orchard Harvest, Ammy, Concurrency Visualizer, Eco
• On .NET with Glenn Versweyveld, Protobuf.NET, Arizona Sunshine

On .NET

We had no show last week, but we’ll have two this week.

On Wednesday at 9:00AM Pacific Time, Scott Hanselman will host a panel discussion on public speaking, with Kasey Uhlenhuth, Maria Naggaga Nakanwagi, Donovan Brown, and Mitch Muenster.

On Thursday at 9:00AM Pacific Time, Patrick Smacchia will be on the show to talk about the brand new version of ndepend.

Both shows will stream live on Channel 9. We’ll take questions on Gitter, on the dotnet/home channel and on Twitter. Please use the #onnet tag. It’s OK to start sending us questions in advance if you can’t do it live during the shows.

Package of the week: Adafruit Class Library for Windows IoT Core

Adafruit is a familiar brand for anyone involved in the maker movement. Entrepreneur extraordinaire and open source advocate Limor Fried built the success of the company on high quality tutorials and a line of open source and US-manufactured products.

Adafruit recently released the Adafruit Class Library for Windows IoT Core, a set of classes and associated tutorials for using some of their most popular products with Windows IoT Core, for example on a Raspberry Pi.

Here’s an example of an event handler that displays the altitude, longitude and latitude when a GPS HAT receives new coordinates:

Game of the week: Floor Plan

Floor Plan is a puzzle adventure game designed for virtual reality. In Floor Plan, players travel in an elevator in order to find items that can be used to solve various puzzles. You’ll meet a whole cast of cooky characters as you move between floors, each of which is designed with their own whimsical theme.

Floor Plan was created by Turbo Button using C# and Unity. It is available for Gear VR, Oculus Rift, and Daydream.

User group meeting of the week: Mocking – Making fun of unit tests using DI in Raleigh, NC

TRINUG holds a meeting on Wednesday, January 25 at 6:00PM in Raleigh, NC on mocking, and using dependency injection in tests.

.NET

• Open sourcing the VS Test platform by Brian Harry.
• .NET Core image processing by Bertrand Le Roy.
• Custom project templates using dotnet new by Muhammad Rehan Saeed.
• Creating .NET bindings for C libraries with ObjectiveSharpie by Miguel de Icaza.
• Project.json to MSBuild conversion guide by Nate McMaster.
• Working with Multiple .NET Core SDKs – both project.json and msbuild/csproj by Scott Hanselman.
• Exploring Intermediate Language (IL) with ReSharper and dotPeek by Maarten Balliauw.
• Essential MSBuild: A Build Engine Overview for .NET Tooling by Mark Michaelis.
• New code coverage highlighting in dotCover 2016.3 by Alexey Totin.
• Introduction to Akka.Cluster.Sharding in Akka.NET by Bartosz Sypytkowski.
• The .NET Core 2 Wave by Ed Charbeneau.

ASP.NET

• Error handling in ASP.NET Core by Dustin Moris Gorski.
• How to pass parameters to a view component by Andrew Lock.
• Defensive logging on ASP.NET Core by Gunnar Peipman.
• Inside compiled views in the Razor view engine by the ASP.NET Monsters.

F#

• F# for Azure Notebooks
• Security testing in the cloud with F# and Project Springfield
• ASP.NET Monsters #85: Suave Web Services
• F# Unit Test Simplified – Expecto with Visual Studio Code, by Tomr Prior
• Experimenting with data in F#, by Chris Alexander

New F# RFC: Implement IReadOnlyCollection<‘T> in list<‘T>

Check out F# Weekly for more great content from the F# community.

Xamarin

• Xamarin Beta Release: Cycle 9 RC builds by Adrian Murphy.
• Try the next major Xamarin release candidate by Joseph Hill.
• New Xamarin.Forms Pre-release 2.3.4.184-pre1: quality improvements, bindable picker by David Ortinau.
• Xamarin podcast: designing mobile apps by Pierce Boggan.
• What Xamarin developers ought to know to start 2017&How to build & ship an app in a week with Xamarin.Forms by James Montemagno.
• The Xamarin Show 13: MVVM Helpers by James Montemagno.
• You too can build Xamarin apps with F# by Greg Shackles.
• Xamarin Forms WebView advanced series, Xamarin Forms WebView bindable actions, &Xamarin Forms WebView executing JavaScript by Adam Pedley.
• Codemash and Xamarin.Forms by Jason Farrell.
• ReactiveUI v7.1.0 released by Geoffrey Huntley.
• Attached properties – what are they good for? by Matthew Soucoup.

UWP

• Announcing “UWPDesktop” NuGet package version 14393 by Vladimir Postel.
• Windows 10 development for beginners (free course) by Richard Hay.
• Dragging holograms with gaze and tapping them in place on a surface by Joost van Schaik.
• windows.updatetask – The hidden gem in UWP by Martin Suchan.
• Open tab items dynamically with UWP by Christian Nagel.

Games

• Unity Navigation – Part 2 by Stacey Haffner.
• Building a 3D game engine with .NET Core by Eric Mellino.
• (Unity) Live Session: localization Tools.
• Simple LODs in Unity – Unity 5.xx by James Arndt.
• Circle loading animation in Unity3D by Salus Games.

And this is it for this week!

Contribute to the week in .NET

As always, this weekly post couldn’t exist without community contributions, and I’d like to thank all those who sent links and tips. The F# section is provided by Phillip Carter, the gaming section by Stacey Haffner, and the Xamarin section by Dan Rigby, and the UWP section by Michael Crump.

You can participate too. Did you write a great blog post, or just read one? Do you want everyone to know about an amazing new contribution or a useful library? Did you make or play a great game built on .NET? We’d love to hear from you, and feature your contributions on future posts:

• Send an email to beleroy at Microsoft,
• comment on this gist
• Leave us a pointer in the comments section below.
• Send Stacey (@yecats131) tips on Twitter about .NET games.

This week’s post (and future posts) also contains news I first read on The ASP.NET Community Standup, on Weekly Xamarin, on F# weekly, and on Chris Alcock’s The Morning Brew.

We are very excited to announce the release of campaign APIs for the Windows Store. Using these REST APIs, media agencies can promote apps and manage their ad campaigns easily. ‘Promote your App’ is a feature within DevCenter that allows you to create ad campaigns for your apps to grow your audience and engage with them. Using ‘Promote your App,’ you can leverage advanced targeting capabilities and use our popular ad templates to advertise your apps among Windows users.

About the APIs

These APIs are open to media houses that wish to run promotions on behalf of their advertisers – developers, game studios, anyone with apps on the Windows Store. Developers or organizations that already have a DevCenter account can also use these APIs to create and manage their ad campaigns.

These APIs are a powerful way of accessing your ad campaigns – they allow for bulk operations and features such as sharing creatives and/or targeting templates across campaigns. For media agencies handling large volumes of advertising, the APIs allow for flexibility while creating campaigns as well as viewing reporting data.

Developers can continue to use the DevCenter dashboard as well. Any campaign created under a single account – whether through the dashboard or API will be accessible from either channel.

How to get started?

Media agencies that would like to know more and get access to the promotion APIs, please reach out to storepromotionsapi@microsoft.com to sign up.

App developers and organizations using DevCenter can follow the prerequisite steps listed here.

Detailed documentation for accessing these APIs along with code samples is available here.

Promote your apps using APIs and reach the fast growing pool of Windows audience, starting NOW!

The post Promote your App – Anywhere. Anytime. appeared first on Building Apps for Windows.

Visual Studio 2017 has brought big changes to extensibility that allow developers to install extensions to different instances and install dependencies. In support of multiple instances, a fast API was required that tools can use to find and launch VS and related tools, or to install extensions.

I previously published some samples, and now documentation for these APIs is available. The documentation is based on the runtime-callable wrapper (RCW) – the .NET interop assemblies– for the native configuration API. The main difference is that the native API will return an HRESULT while the RCW will throw a COMException where the ErrorCode will be the same HRESULT the native code would’ve returned.

If you have any feedback about the APIs, please feel free to leave comments below. Until we can update the documentation, I’d be happy to answer questions about the APIs below, or take a look at the samples for usage. Questions about the samples can also be asked in the Q&A section of the samples project site.

To make the new setup configuration APIs more accessible to developers, we have published the “VSSetup” PowerShell module on powershellgallery.com, making it quick and easy to install.

If you have Windows Management Framework (WMF) 5.0 or newer – installed with Windows 10 – or PowerShellGet for PowerShell 3.0 or 4.0, you can run the following from even an unelevated PowerShell host:

Install-Module VSSetup -Scope CurrentUser

You can also install for all users if you leave off the Scope parameter entirely. You can also download and extract a ZIP archive from our Releases page on the project page.

After installing, you can quickly enumerate all launchable instances you have installed.

Get-VSSetupInstance

If you want to enumerate all instances – even those requiring a reboot or otherwise not complete – you can pass -All.

Get-VSSetupInstance -All

The default display properties present the main information for which end users are probably most interested, but you can pipe the results to select * to see everything.

If you want to select specific instances – like the latest installed instance with the .NET Framework (desktop) workload – you can use Select-VSSetupInstance.

Get-VSSetupInstance | Select-VSSetupInstance -Latest -Require Microsoft.VisualStudio.Workload.ManagedDesktop

More examples are available in our README. You can log bugs and suggestions on the Issues page, and we are happy to consider pull requests. See CONTRIBUTING for developer notes. We appreciate your comments and contributions.

This post was co-authored by Mohit Chand, Principal SWE Lead, Microsoft IT.

We are going a step beyond the traditional methods of developing a data warehouse by adopting CI practices, which are more prevalent for API (.NET) based applications. It has been long pending for data warehouse teams to catch up on the modern software engineering practices. With the emergence of Visual Studio Online (VSTS) & SQL Server Data Tools (SSDT), spinning environments on the fly, deploying code across environments with maximum automation has become easy. We adopted these modern practices to boost engineering productivity in our Business Insights (DW) project. With the help of SSDT and VSTS, we were able to align DW deployment perfectly with the Agile releases (2 weeks sprint). In this blog I will elaborate a detailed approach on how to implement CI for your Data Warehouse. I will explain the life cycle of a business user story starting from code branching, pull-request-triggered-build, Azure resources and environment provisioning, schema deployment, seed data generation, daily-integration releases with automated tests, and approval based workflows to promote new code to higher environments.

DevOps

Why DevOps? In traditional development and operations model there is always a possibility of confusion and debate when the software doesn’t function as expected. Dev would claim the software working just fine in their respective environment and defend that as an Ops problem. Ops would indicate that Devs didn’t provide a production ready software, and it’s a Dev problem. How do we solve this? Wouldn’t it be a good idea for a single team takes care of development, testing, and operations?

We work closely with business and other stake holders to efficiently deliver better and faster results to customers. DevOps has enabled us to deliver faster with a better a connection with customers while simultaneously reducing our technical debt and risks.

DW Architecture

This Data Warehouse uses Azure technologies. Data arrives to the landing zone or staging area from different sources through Azure Data Factory. We use Azure Data Factory (ADF) jobs to massage and transform data into the warehouse. Once ready, the data is available to customers in the form of dimension and fact tables.

Tools/Technologies

This Modern Data Warehouse primarily uses Microsoft technologies to deliver the solution to customers -

• SQL Azure (PaaS)
• Azure Data Factory
• Azure Blob Storage
• SQL MDS 2016
• Visual Studio Team Services (VSTS)
• Agile and Kanban board
• Code branching (Git)
• Gated check-ins
• Automated Tests
• Build
• Release

Plan

In agile scrum, user story is the unit of implementation. Engineers pick up and deliver the user stories in any given sprint.

Code

Branching Strategy

With Agile code branching plays a critical role. There are various ways to do it including sprint branching, feature branching, story/bug branching, etc. In our case we adopted user story level branching. A contributor creates a branch from the “develop” branch against each story he/she picks up. It is the contributor’s responsibility to maintain this isolated branch and merge it by creating a “Pull Request” with the develop branch once the story is complete or ready for code review. A contributor is not allowed to merge his/her code with the main stream branch directly. It requires a minimum two code reviews to approve the code.

Story based branching enables developers to merge the code frequently with the main stream and avoid working a long time on the same branch. This significantly reduces the code integration issues. Another benefit is that developers can work more efficiently by having other developer’s code available more frequently. Code dependency wait time gets reduced, hence less blockers for developers.

Using VSTS, contributor creates a new branch:

Nomenclature followed is _

After creating the branch, the contributor publishes it to make it visible to everyone else on the team.

Once the branching is set the contributor is all set to start with the story and starts writing code to implement the functionality.

Code Review and Code Merge

Once the code is complete, the developer checks-in the code and creates a pull request using VSTS portal. To ensure a higher level of code quality, it’s imperative to have a gated check-in process in place. Each developer has to ensure the build is not broken when they check-in the code. The code needs to be reviewed and approved by at least two peers before it gets merged with the main stream. Without two code review approvals, it’s not possible to merge the code with the main stream code.

A pull request is created by the developer and submitted with appropriate comments and work items.

Build

As soon as the “Pull Request” is created by the contributor, the CI build automatically gets fired.

An email notification is received by all the reviewers, which updates them about the new “Pull Request” created by a contributor. The reviewers are now good to starts the code reviews.

Depending upon the quality of the code, the reviewer “Approves”, raise questions, or “Reject” the code.

Once all reviewers are done with code reviews, the lead developer merges the code with the main stream.

Test (Automation)

Ensuring high code quality across various environments could be challenging in a DW project because data might vary from environment to environment. We ensure that every new piece of code we write has automated test cases before creating a pull request. This not only prevented bug leaks to production, but it also ensured a higher quality of deliverables.

The diagram below depicts the overall test case execution results. As part of the deployment, we execute all of our test cases to ensure the integrity and quality of the end product.

Release & Deploy

Once the code is successfully merged with main stream code, a new build fires automatically. The Integration environment gets deployed once a day with the latest code.

The diagram below depicts three environments we manage for the Data Warehouse. We have “Integration”, “End User”, and “Production” environments. The integration environment is a continuous integration and deployment environment, which is provisioned and de-provisioned dynamically and managed as “Infra as a Code”. It is a scheduled process which run the following steps in sequence to “integrate” the check-ins happening daily.

• Build the new bits by getting the latest from the develop branch (includes integrated code scanning)
• Create a new Azure Resource Group and procure the SQL Instance
• Copy the “Seed Data” to the newly created SQL instance
• Execute any schema renaming
• Deploy the DACPAC to deploy new schema changes
• Scale-up the databases to execute the steps faster
• Copy code bits to build server
• Deploy additional SQL entities
• Run data sync jobs
• Execute test assemblies
• Deploy Azure Data Factories
• Decommission environment

Seed data to enable automated testing

Automated testing in a DW depends a lot on the availability of accurate data. Without data there will be numerous scenarios which cannot be tested. To solve this problem we use production copy of data as “seed data” during deployment. The diagram below depicts how we populate the seed data in our Daily Integration Environment (DIT). In cases where the data is pretty huge, a miniature DB, which contains subset of production data, can be used instead of copying the entire replica.

Step-1: Represents the production data with multiple schemas which we use to segregate data in our DW environments (e.g. staging, transformed data, etc.)

Step-2: Represents that data gets copied to Azure Geo Replica (Disaster Recovery copy).

Step-3: During release deployment we copy the geo replica to the newly procured DIT SQL server instance.

Step-4: Represents the availability of production equivalent copy of data. In addition, the DACPACK deployment happens to add the newly added schema and later our test automation suites runs to test the quality of our end product.

Deploying release to higher environments

Promoting the release from one environment to another is setup through an approval workflow and it is not allowed to deploy directly. In this scenario it is not possible to deploy directly to Production without the approval from pre-assigned stakeholders.

The approval workflow depicts the environment promotion. Once the required approvers approve the workflow the release gets promoted to next environment automatically.

Monitor

As DevOps the same team monitors the pre-prod and prod environments for any failures. We adopted the DRI (directly responsible individual) model and the DRI person proactively monitors and checks the system’s health and all the notifications. Issues, if any, are fixed on priority to ensure continued availability of application. We use out of the box ADF monitoring and notification along with a couple of custom monitoring tools. We also have multiple data quality checks implemented as automated reports that run daily in the production environment and report out data anomalies that can either be fixed as a bug in our processes or be traced back to the source systems quickly for getting fixed there.

It’s true that setting up CI for a data warehouse isn’t that simple, however, it’s worth every penny. We did face challenges of test case failures when we add new code during the sprints, however, the team has learned from those instances and now we ensure to update the existing test cases when new code is being added. We are continuously adding functional, build, and environment verification test cases to constantly increase the quality of the product. CI has enabled us to be truly agile and be super confident in our end product. We are able to prevent common bug leaks to production by having an automated test suite. We were able to eliminate the need of the test environment and eyeing to deploy directly in production in coming quarters. We strongly believe it’s possible!

One C# statement to create a Web App. One statement to create a SQL Server and another statement to create a SQL Database. One statement to create an Application Gateway, etc.

Beta 4 of the Azure Management Libraries for .NET is now available. Beta 4 adds support for the following Azure services and features:

https://github.com/Azure/azure-sdk-for-net/tree/Fluent

You can download Beta 4 from:

Last year, we announced a preview of the new, simplified Azure management libraries for .NET. Our goal is to improve the developer experience by providing a higher-level, object-oriented API, optimized for readability and writability. These libraries are built on the lower-level, request-response style auto generated clients and can run side-by-side with auto generated clients. Thank you for trying the libraries and providing us with plenty of useful feedback.

Create a Web App

You can create a Web app instance by using a define() … create() method chain.

var webApp = azure.WebApps()
    .Define(appName)
    .WithNewResourceGroup(rgName)
    .WithNewAppServicePlan(planName)
    .WithRegion(Region.US_WEST)
    .WithPricingTier(AppServicePricingTier.STANDARD_S1)
    .Create();

Create a SQL Database

You can create a SQL server instance by using another define() … create() method chain.

var sqlServer = azure.SqlServers.Define(sqlServerName)
    .WithRegion(Region.US_EAST)
    .WithNewResourceGroup(rgName)
    .WithAdministratorLogin(administratorLogin)
    .WithAdministratorPassword(administratorPassword)
    .WithNewFirewallRule(firewallRuleIpAddress)
    .WithNewFirewallRule(firewallRuleStartIpAddress, firewallRuleEndIpAddress)
    .Create();

Then, you can create a SQL database instance by using another define() … create() method chain.

var database = sqlServer.Databases.Define(databaseName)
    .Create();

Create an Application Gateway

You can create an application gateway instance by using another define() … create() method chain.

var applicationGateway = azure.ApplicationGateways().Define("myFirstAppGateway")
    .WithRegion(Region.US_EAST)
    .WithExistingResourceGroup(resourceGroup)
    // Request routing rule for HTTP from public 80 to public 8080
    .DefineRequestRoutingRule("HTTP-80-to-8080")
        .FromPublicFrontend()
        .FromFrontendHttpPort(80)
        .ToBackendHttpPort(8080)
        .ToBackendIpAddress("11.1.1.1")
        .ToBackendIpAddress("11.1.1.2")
        .ToBackendIpAddress("11.1.1.3")
        .ToBackendIpAddress("11.1.1.4")
        .Attach()
    .WithExistingPublicIpAddress(publicIpAddress)
    .Create();

Sample code

You can find plenty of sample code that illustrates management scenarios in Azure Virtual Machines, Virtual Machine Scale Sets, Storage, Networking, Resource Manager, SQL Database, App Service (Web Apps), Key Vault, Redis, CDN and Batch.

Give it a try

You can run the samples above or go straight to our GitHub repo. Give it a try and let us know what do you think (via e-mail or comments below), particularly -

• Usability and effectiveness of the new management libraries for .NET.
• What Azure services you would like to see supported soon?
• What additional scenarios should be illustrated as sample code?

Over the next few weeks, we will be adding support for more Azure services and applying finishing touches to the API.

Last October we released the preview of Azure Analysis Services, which is built on the proven analytics engine in Microsoft SQL Server Analysis Services. With Azure Analysis Services you can host semantic data models in the cloud. Users in your organization can then connect to your data models using tools like Excel, Power BI, and many others to create reports and perform ad-hoc data analysis.

We are excited to share with you that the preview of Azure Analysis Services is now available in 2 additional regions: North Central US and Brazil South.  This means that Azure Analysis Services is available in the following regions: Brazil South, Southeast Asia, North Europe, West Europe, West US, South Central US, North Central UA, East US 2 and West Central US.

New to Azure Analysis Services? Find out how you can try Azure Analysis Services or learn how to create your first data model.

I can’t believe we’re almost through the first month of 2017. I hope the new year is treating everyone well. We’ve got a lot in store for the Team Services extension ecosystem and we’re excited to continue growing our platform and bring you new experiences. This month I want to give a shout-out to two trending and highly rated extensions from Geek Learning. Check Geek Learning out over at http://geeklearning.io/

Yarn

See it in the Marketplace: https://marketplace.visualstudio.com/items?itemName=geeklearningio.gl-vsts-tasks-yarn

Looking for an npm alternative? Have you tried Facebook’s solution, Yarn? The folks over at Geek Learning have some great insight into why you may want to try Yarn and their Team Services extension. Check out their blog post for full details on Yarn and how it could benefit you: http://geeklearning.io/npm-install-drives-you-crazy-yarn-and-chill/This extension adds one new Build & Release task, Yarn. With this task, you can execute Yarn in whichever project directory you need using configurable parameters. The wonderful reviews for this extension speak to the amount of time you potentially can save in your build process. The task is added under the “Utility” category.

All you’ll need to do is configure the directory in which you want to execute Yarn and specify the arguments you want to append. The ‘Production Install’ checkbox appends the ‘–production’ argument. Full details can be found on Geek Learning Wiki for Yarn, https://github.com/geeklearningio/gl-vsts-tasks-yarn/wiki

Microsoft Azure Build and Release Tasks

See it in the Marketplace: https://marketplace.visualstudio.com/items?itemName=geeklearningio.gl-vsts-tasks-azure

This extension has really been trending over the last month and it’s not hard to see why. If you’re building and publishing your applications with Microsoft Azure you’ll definitely want to give this 4.5 star rated extension a look.

This extension is a small gold mine of tasks to use in your Build and Release definitions.

• Azure Web App Slots Swap: Swap two deployment slots of an Azure Web App
• Azure Web App Start: Start an Azure Web App, or one of its slot
• Azure Web App Stop: Stop an Azure Web App, or one of its slot
• Azure SQL Execute Query: Execute a SQL query on an Azure SQL Database
• Azure SQL Database Restore: Restore an Azure SQL Database to another Azure SQL Database on the same server using the latest point-in-time backup
• Azure SQL Database Incremental Deployment: Deploy an Azure SQL Database using multiple DACPAC and performing incremental deployments based on current Data-Tier Application version
• AzCopy: Copy blobs across Azure Storage accounts using AzCopy

For their public Wiki and code repository, check out their GitHub: https://github.com/geeklearningio/gl-vsts-tasks-azure/wiki

Are you using an extension you think should be featured here?

I’ll be on the lookout for extensions to feature in the future, so if you’d like to see yours (or someone else’s) here, then let me know on Twitter!

@JoeB_in_NC