Month: October 2024
Preventing backups of duplicate photos
Hi gurus,
I have a onedrive account that is synced to my phone and my personal laptop. OneDrive automatically backups all photos that I’ve taken on my phone.
Periodically, I will organise and move my photos from phone to my laptop to ‘free up’ phone storage – I will categorise the photos in folders in my laptop. In this case, do you know if onedrive will backup these same photos again – meaning I will backup the same photo twice – phone version + laptop version?
How can I get Onedrive to backup the laptop photos, but to detect that it is a duplicate of the phone photos, and keep only the laptop photos?
Thanks!
Hi gurus, I have a onedrive account that is synced to my phone and my personal laptop. OneDrive automatically backups all photos that I’ve taken on my phone. Periodically, I will organise and move my photos from phone to my laptop to ‘free up’ phone storage – I will categorise the photos in folders in my laptop. In this case, do you know if onedrive will backup these same photos again – meaning I will backup the same photo twice – phone version + laptop version? How can I get Onedrive to backup the laptop photos, but to detect that it is a duplicate of the phone photos, and keep only the laptop photos? Thanks! Read More
Why is “Add a location” still mostly useless in Outlook for macOS?
When setting up a meeting or appointment that is external to your organisation it is important to be able to include the details of the location. However, despite the functionality appearing to be in Outlook for macOS, almost since its initial release, the functionality of this part of the software is all but totally useless. Entering in the name of a venue or a contact’s name and it will, almost without fail, fail to find the venue or contact. We should be able to enter in the name of a venue or any address and if it can’t find it then we should be able to search for it in any one of the multiple supported mapping services. And, as for Outlook contacts not being found, that is just embarrassing.
This functionality took years for Microsoft to get working in the Windows version of Outlook (I haven’t yet tested it to see how much they’ve broken it in the “New Look” version on Windows). So, why is it still too difficult for them to add such a simple thing?
There aren’t many fundamental parts of information that make up a meeting or appointment and this is definitely one of them. THIS SHOULD NOT BE SO HARD!
When setting up a meeting or appointment that is external to your organisation it is important to be able to include the details of the location. However, despite the functionality appearing to be in Outlook for macOS, almost since its initial release, the functionality of this part of the software is all but totally useless. Entering in the name of a venue or a contact’s name and it will, almost without fail, fail to find the venue or contact. We should be able to enter in the name of a venue or any address and if it can’t find it then we should be able to search for it in any one of the multiple supported mapping services. And, as for Outlook contacts not being found, that is just embarrassing. This functionality took years for Microsoft to get working in the Windows version of Outlook (I haven’t yet tested it to see how much they’ve broken it in the “New Look” version on Windows). So, why is it still too difficult for them to add such a simple thing? There aren’t many fundamental parts of information that make up a meeting or appointment and this is definitely one of them. THIS SHOULD NOT BE SO HARD! Read More
Azure Devops Yaml syntax issues
Hi All, I am new to Yaml, and I am getting a syntax error with the Yaml file below. The error says “/azure-pipelines.yml (Line: 7, Col: 1): While parsing a block mapping, did not find expected key.” —–Yaml-trigger:- week1pool: Azure Pipelines- task: AzureCLI@2 displayName: ‘Running Pipeline Script’ inputs: azureSubscription: ‘MraoppingTest’ scriptType: ‘bash’ scriptLocation: ‘scriptPath’ scriptPath: ‘pipeline_script.sh’ Read More
Advanced Threat Analytics (ATA)
Still using Advanced Threat Analytics (ATA) but now that its at its end of support, what replaces it? I saw something about Azure Advanced Threat Protection but don’t see that anywhere in my Azure tenant. Did it get renamed? cancelled?
Still using Advanced Threat Analytics (ATA) but now that its at its end of support, what replaces it? I saw something about Azure Advanced Threat Protection but don’t see that anywhere in my Azure tenant. Did it get renamed? cancelled? Read More
Unable to authenticate in Copilot Studio despite configuring in azure AD & Copilot security settings
So as per the recommendations, I have done following :
1. I am already signed in to copilot studio using the intended user account
2. Here is the settings in the “Security” Section in Copilot studio
3. Here is the settings in AAD
4. However when I publish the bot, and try to interact with it, it keeps prompting me with the below screen (to enter access code to sign in). If I click “login” below, it asks me to copy a code. Then if I copy and put code into chat, it come back to below screen and it keeps prompting me same as below.
5. Also in Azure, I have ensured admin has consented following
Here is scope
Can you please advice what is it that I am missing? Why am i unable to login (not being prompted anywhere to enter credentials). It just keeps prompting me with that sign in
Hello guys,I intend to setup Copilot studio to give answers from the connected SharePoint Site using Generative AI. I followed the steps detailed in these two links for setting up manual authenticationhttps://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-end-user-authentication#authenticate-manually https://learn.microsoft.com/en-us/microsoft-copilot-studio/configuration-authentication-azure-adSo as per the recommendations, I have done following : -Setup app registration-grant admin consent to the app-copy the client id and secret (to paste into the chatbot configuration)-Published the chatbot after setting “manual authentication” (Requires sign in) Now when I try to interact with the chatbot (in chat window), it asks me to sign in. When I click “sign in”., it asks to copy a code. When I do that, it keeps showing the “please sign in” prompt over and over again, instead of letting me in.1. I am already signed in to copilot studio using the intended user account 2. Here is the settings in the “Security” Section in Copilot studio 3. Here is the settings in AAD 4. However when I publish the bot, and try to interact with it, it keeps prompting me with the below screen (to enter access code to sign in). If I click “login” below, it asks me to copy a code. Then if I copy and put code into chat, it come back to below screen and it keeps prompting me same as below.5. Also in Azure, I have ensured admin has consented following Here is scope Can you please advice what is it that I am missing? Why am i unable to login (not being prompted anywhere to enter credentials). It just keeps prompting me with that sign in Read More
New Planner has horrible favicon
Anyone notice the favicon.ico for the new Planner is only 48×48? Blurry as all hell. Never ever seen any of the webapps I use resort to such a low-resolution favicon. Because I installed Planner as a PWA, it stands out like a sore thumb.
Anyone notice the favicon.ico for the new Planner is only 48×48? Blurry as all hell. Never ever seen any of the webapps I use resort to such a low-resolution favicon. Because I installed Planner as a PWA, it stands out like a sore thumb. Read More
New Planner stuck in dark mode and can’t change per-plan backgrounds
Was changed to the new Planner today. I can’t figure out how to get it back to light mode. Used to be able to change it in the webapp, but I can’t see a feature for it.
Also, each plan used to have its own background. That feature seems to have disappeared as well.
Was changed to the new Planner today. I can’t figure out how to get it back to light mode. Used to be able to change it in the webapp, but I can’t see a feature for it. Also, each plan used to have its own background. That feature seems to have disappeared as well. Read More
Exchange Decommissioning Set-Remotemailbox command
Hi all,
I have a situation where someone was with a hybrid Exchange Server configuration was using scripts to provision accounts with Set-RemoteMailbox. Testing was being done with the recipient management using the exchange management and noticed mailboxes are being provisioned and working as expected without even running their set-remotemailbox commands and are curious if this is even needed anymore.
So I guess my question is, at this stage where .CleanupActiveDirectoryEMT.ps1 is the last thing to do, would set-remotemailbox still be necessary, and what would it be used for. I know usually you can just create an on-prem mailbox, synced and license, so I’m not sure if set-remotemailbox is required for new mailboxes or but I’m thinking it’s for managing mailboxes that were previously migrated.
Thanks for any input.
Hi all, I have a situation where someone was with a hybrid Exchange Server configuration was using scripts to provision accounts with Set-RemoteMailbox. Testing was being done with the recipient management using the exchange management and noticed mailboxes are being provisioned and working as expected without even running their set-remotemailbox commands and are curious if this is even needed anymore. So I guess my question is, at this stage where .CleanupActiveDirectoryEMT.ps1 is the last thing to do, would set-remotemailbox still be necessary, and what would it be used for. I know usually you can just create an on-prem mailbox, synced and license, so I’m not sure if set-remotemailbox is required for new mailboxes or but I’m thinking it’s for managing mailboxes that were previously migrated. Thanks for any input. Read More
New Low-Cost Log Options, Automation, AI & SIEM Migration | Microsoft Sentinel Updates
Streamline threat detection and response across diverse environments with Microsoft Sentinel, your cloud-native SIEM solution. With features like Auxiliary logs for low-cost storage and proactive data optimization recommendations, you can efficiently manage high volumes of security data without compromising on threat intelligence. Leverage built-in AI and automation to uncover hidden threats and reduce investigation time from days to minutes.
Rob Lefferts, CVP for Security Solutions at Microsoft, joins Jeremy Chapman to show how to migrate from existing SIEM solutions with built-in migration tools, ensuring seamless access to your security logs while maintaining investigative integrity.
Utilize analytics and auxiliary logs.
Use Analytics logs for high-value data with 90-day retention and Auxiliary logs for low-cost, long-term storage of high-volume data. See your storage options with Microsoft Sentinel.
Leverage automation to streamline threat detection.
Simplify your SIEM migration.
Import your logs as JSON, automatically map schemas, and translate rules from systems like Splunk — all in minutes. Get started.
Watch our video here:
QUICK LINKS:
00:00 — Microsoft Sentinel, modern Cloud SIEM
01:12 — Unified security operations platform
02:55 — Prioritize security updates
04:27 — Storage options
05:11 — Optimize data coverage and usage
06:17 — Protect against long-term persistent attacks
07:58 — Automation using auxiliary logs
08:59 — Manual effort
10:10 — Automation
12:07 — Migration
13:31 — Wrap up
Link References
Get started at https://aka.ms/MicrosoftSentinel
Find samples for the Playbook Logic App and the Function app at https://aka.ms/AuxLogsTIapp
Unfamiliar with Microsoft Mechanics?
As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast
Keep getting this insider knowledge, join us on social:
Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics
Video Transcript:
– The mechanisms you need to put in place to detect and respond to threats as an enterprise depend on how well you’re able to look across hundreds of thousands of devices, connected cloud services, on-prem systems, and identity providers at scale and correlate those signals happening across your organization to detect and pinpoint security events. And today, we’ll take a deeper look at how Microsoft Sentinel, our modern cloud SIEM, does just that. It’s designed to handle data ingestion at scale from your connected systems to identify security threats. And this now includes a new low-cost option for auxiliary logs to bring in previously unused high volume data from, for example, your firewall, which when combined with threat intelligence and automation, along with Security Copilot, can provide vital additional insights to discover and stop persistent attacks hidden in your network. And keep watching to the end because if you’re looking to migrate from your current SIEM solution, we’ll show you how we’ve made that simpler, too. And joining me today to go deeper on Microsoft Sentinel and our modern cloud-based SIEM is Security CVP Rob Lefferts. Welcome back to the show.
– Thanks, Jeremy. So happy to be back.
– Thanks so much for joining us today. You know, it’s been a while since we’ve actually taken a singular look at Microsoft Sentinel, so how should we think about this as part of our unified security operation solutions?
– Well, the SIEM is such a critical part of the SOC toolset. It’s like the central nervous system for all of the security data that comes in. In fact, let me show you what I mean. Here I have Microsoft Sentinel open with a view of all the connectors attached to this environment. Everything from multi-cloud services, firewalls, device sensors, identity and authentication systems, SaaS apps, and more. In fact, one huge advantage of Sentinel is the breadth of data it allows you to bring in from multiple cloud services and platforms, with hundreds of available connectors. Now, even though the data that comes in is often text-based and each unit of information might just be a few bytes in size, that all adds up and can quickly amount to terabytes of data. For example, if I drill into this connector alone, there are millions of events that have been recorded. Of course, in each data type and log that you see connected, there are often just a few properties available to thread all connected activities together. Like IP and host MAC addresses, URLs, processes, and usernames to name just a few. This information all needs to be mapped against intelligence and corresponding properties known about the latest threat actors and their tactics. And this is where Microsoft Sentinel shines. It detects threats by logging and finding the connections across all integrated systems, users, devices, services, and corresponding activities across your organization, and then helps you to investigate and visualize exactly what has happened. This is something that would be impossible to do manually at scale. You need a cloud native SIEM with built-in AI to do this.
– That’s right, and because threat actors, their tactics and, you know, the things they’re doing are constantly changing, it’s one of the reasons why I think everybody from an IT perspective, we’re always prioritizing getting those security updates and patches done as soon as possible, and really plugging those vulnerabilities and making sure that we log the related events.
– Yeah, it’s critical that you push those updates out when you’re closing known new vulnerabilities. Where a threat actor might breach your defenses and then try to get what they can before they’re detected, that’s like a quick grab and go theft. That said, another common tactic, and something we’re seeing much more, is well-funded state actors who will breach security systems and then hide in the network, waiting for the right time, that could be days or weeks, in what’s called a persistent threat, as they hide under the radar and slowly explore the network.
– Right, and it’s kind of like those movies we’ve all seen where you’ve got a government spy who might be sitting years, embedded into a country, and then waiting for that precise moment to attack.
– That’s right. And remember how I said that the SIEM makes sense of terabytes of lightly connected data? Well, these systems are designed to hold only so much information, often covering just a finite amount of time depending on the data type. So that persistent threat, our embedded spy, once they’ve breached our defenses, can often just wait until their initial entry and tracks have been deleted, which could be as little as a couple of weeks.
– That’s right, and the thing is here, you know, if they go undetected, there’s a good chance that that little hole they used initially, maybe weeks ago, to gain access, is still open and vulnerable. So, what are we doing about this?
– Well, it’s easy. It’s like science fiction. We’re giving you the ability to go further back in time, and without breaking the bank for storage. There are a couple of options, in fact, for storing the information logged from your systems. Analytics logs, which is where you spend the most time, and it brings in information from antivirus, authentications, threat intelligence and alerts. These stay active and in hot storage for 90 days. And a new option, auxiliary logs, for low cost, long-term storage, for high volume and low value data, like your firewall, which is available for up to 30 days.
– And selecting the right storage options, that’s going to help you ensure that you have all the data that you need, and now you can do that while keeping costs in check and without losing the ability to query.
– You can. And we go a step further in Microsoft Sentinel. In fact, we want to give you ways to save your money on things like storage so that you can prioritize your money for better protection, by giving you proactive recommendations to optimize both data coverage and usage to ensure you have what you need in place to detect and investigate threats. You can see how useful each data type is, and where you can save costs and make better use of data. For example, this is a business email compromise detection to find and contain phishing attacks. It has broad coverage for initial access and credential access, and there are others for adversary in the middle, credential harvest, human operated ransomware, and more.
– These are really great options, you know, for SecOps, and the extra data that you get with auxiliary logs is going to help you with those persistent attacks, like you mentioned, Rob, and because attackers won’t necessarily be able to outwait that lifecycle as they start to move laterally and trigger detections.
– That’s right. And it also makes it possible to trace these events all the way back to the initial breach. In fact, let me show you a long-term persistent attack. This is a multi-stage incident involving execution and lateral movement with ransomware on multiple endpoints. It’s really not good. In our case, thankfully, we can see that this attack was automatically disrupted, meaning that the attack has been contained. And in Microsoft Sentinel, as I dig in, down here in the tags, we see a couple of threat actors, Sangria Tempest and Storm 1113. This information was brought in using auxiliary logs together with automation that we built. These were high volume firewall logs that would normally not make it into analytics logs in order to control cost. And this is where auxiliary logs offers an affordable option, removing the barrier to bring this type of data in. And I’ll show you what we did in a moment. Now, I’ll introduce each threat actor in the activity log when we get there. Both are bad news, but when they work together, it’s even worse. Now let’s dig into the full details. The first thing I want to take a look at is the activity log. Here, we brought in more information directly from threat intelligence using lookups with host pair IP addresses. We can see that Sangria Tempest specializes in human operated ransomware attacks. We can see their tactics, techniques, and procedures, or TTPs. And if I scroll down, I can see Storm 1113 specializes in distributing malicious packages and payloads.
– So it sounds like Sangria Tempest, they might have built the back door and kind of the ransomware in the software itself. Then they worked with Storm 1113 to kind of get that package out and distribute it out to the people they wanted to attack.
– That sounds about right. It’s an effective collaboration, and not in a good way. So let’s dig into what the automation using auxiliary logs has uncovered. With all of these attempts, I can see that they’ve been trying to work their way into our environment several times, and also leaving several clues, with IPs and URLs, like these two here, from our threat intelligence mapping, with network patterns from our firewall logs. And here, we’ve used our auxiliary logs to find matching traffic from our firewall logs, which are usually too expensive and too vast to keep as analytics logs. I have one of these already set up for anomalous network patterns, and when I select it, you’ll see a summary query, and if I move over to Edit, I can edit the query text from here. You’ll also see that it’s set up to run every 20 minutes automatically. I can even preview the results right from here. That takes a second to run, and you see the details from the traffic logs. Now we have the information to start piecing everything together, which is kind of like finding a needle in a haystack, and we have found that needle. But before we move forward, let’s look at the effort that it would have taken. You’ll remember our suspicious URL called photoshop.adobe.shop. I’m going to copy that into my clipboard. And just to show you the connection, let me head over to Intel Explorer and Threat Intelligence. I’ll search for this URL, and we’ll see it has a high severity, was used by Storm 1113, and it resolves to this IP address, 173.255.204.62, that we saw before. Now I’ll copy that and go back into Intel Explorer and paste in the IP. And now I’ll go to the Resolutions tab and search for any matches. And I don’t see the Photoshop URL near the top of this list, but I do see another URL from our investigation, workable.uk.com. When I click into that and then go to the Summary tab, you might’ve expected Storm 1113 because we know that they’re linked to this IP, but it’s actually Sangria Tempest, our other threat actor, and they were using this IP address at the same time for around 10 days. So now we know for sure they are working together.
– And really, as you’ve shown, finding something like this manually would’ve taken a long time, so what do you do to solve for this?
– One word, automation. Otherwise you’re looking into potentially hundreds of URLs and IPs manually. So, back in Sentinel, I’m in the Automation blade and in the Active Playbooks tab, and we created a playbook called MDTI-Actor-Lookup. When I click into the Edit view, you’ll see that this is a logic app, and that we’ll pass through a function app to parse through our incident details and perform thousands of actions in a short period of time. You can see that it’s set up to look through IPs and URLs sourced from our auxiliary logs, and look them up against threat intelligence data, and when it finds matches, it adds the information to the activity log, then adds corresponding tags like we just saw. To do something that might have taken weeks now happens in just a few minutes. And we used Security Copilot here, too, with a prompt to summarize the writeups that I showed earlier about the matching threat actors, as well as update our incident with that information. Finally, to run all of this logic on a schedule, we built a function app to run this asynchronously on a schedule to collect the results of our logic app, and can process about 1,200 results in around 20 seconds. So it speeds things up exponentially. What would’ve taken days before, to do investigations and connect the right dots, has been reduced to just a couple of minutes by combining Copilot with our threat intelligence playbook. And if you want to test out this automation for yourself, you can find the samples for the playbook logic app and our function app at aka.ms/auxlogstiapp.
– Right, and like I said, the point of automation really is to make sure that things are a huge time saver that you program in, and also more accurate. And you can start with basic rules as you query your data, then use that data behind with more sophisticated logic. And this is really going to take the EDR solution to the next level, with more information and automation. So, anyone who’s watching right now and they’re using their own SIEM, how easy is it then to move from what they’ve got now to Microsoft Sentinel?
– You know, we’re getting this question a lot recently, and the good news is that we’ve made the migration simple to bring over your logs. Back in Sentinel, from the content hub, you just go to the SIEM Migration Wizard. It explains the prerequisites for analytic rule dependencies, data availability, and access requirements. Next, we give you the query you’ll need to run in order to migrate your content as JSON. I’ve got one of these ready to go, so I’ll drag in my JSON file. From there, the schema is automatically mapped, and you can see the mapping success column, and optionally, you can make changes to the mapping. Here, for example, we see a registry path without a match. This isn’t critical, so I’ll save changes and continue to rule configuration. Here too, we’ve translated the rules from your Splunk output to work with Sentinel. You can see how many are fully translated versus partially translated, and you can edit from here, or do that later in Sentinel. For now, I’ll just save changes. Then, I’m ready to review and migrate. And I’ll confirm. That takes a moment to run, but we’ll speed it up to save time. And once it’s complete, in Sentinel Analytics, you’ll see all of the new rules that we brought over from Splunk, and we just need to check and enable the rules, and that’s it.
– So now there are really no trade-offs in terms of your SIEM and the data that’s available to you in order to investigate attacks.
– And as we showed, you can leverage automation for detecting and responding to ongoing attacks. There’s easy access to insights, from extensive threat intelligence at your fingertips, GenAI is integrated into your automation flow with Security Copilot, all efficiently saving you more time and keeping you ahead of threats. And there’s a lot more to come, so watch this space.
– And I’m looking forward to seeing what’s next for Microsoft Sentinel, so for anyone who’s watching, what should they do to get started?
– Easy. You can learn more and get started at aka.ms/MicrosoftSentinel.
– It’s always fascinating having you on to really break down the latest threat tactics along with the detection response updates that we’re making, and we’ll keep bringing you updates around our XDR solutions, so be sure to subscribe to see them in action, and as always, thanks for joining us today, and goodbye for now.
Microsoft Tech Community – Latest Blogs –Read More
Power BI Extract Viva Goals Data – Suggestion
It would be great if we could query Viva Goals data using Power BI. This would enable much more flexible reporting of our organization performance and would enable a consistent user experience for our users using other Power BI dashboards.
It would be great if we could query Viva Goals data using Power BI. This would enable much more flexible reporting of our organization performance and would enable a consistent user experience for our users using other Power BI dashboards. Read More
Sensitivity Labels & External Sharing
Can anyone help, please? We’ve rolled out sensitivity labels for emails and we’re experiencing an issue with external recipients accessing downloaded attachments. In particular, when an encrypted email is sent externally (using a label which allows external access and giving Owner rights on the file), recipients can view the email body and open attachments but as soon as they download the attachment the downloaded file converts into an .xml file. We don’t have this issue with PDF files.
Can anyone help, please? We’ve rolled out sensitivity labels for emails and we’re experiencing an issue with external recipients accessing downloaded attachments. In particular, when an encrypted email is sent externally (using a label which allows external access and giving Owner rights on the file), recipients can view the email body and open attachments but as soon as they download the attachment the downloaded file converts into an .xml file. We don’t have this issue with PDF files. Read More
Excel tables not aligned after their pasted into a word document.
Help! I posted a 100-line Excel table into a Word document, and none of the columns are allied; every one is crooked. I called MS Office for support, and they suggested we try this system. Suggestions? Thank you in advance for your suggestions. Gary
Help! I posted a 100-line Excel table into a Word document, and none of the columns are allied; every one is crooked. I called MS Office for support, and they suggested we try this system. Suggestions? Thank you in advance for your suggestions. Gary Read More
Generate chart based on attached excel file
If attach an excel file into the copilot chat and request to generate a chart based on the file, the output is summary of the excel file instead of the requested chart.
If copy and paste the excel file content into the chat and then request to create a chart based on it -works.
Is that expected or a bug?
Thank you
If attach an excel file into the copilot chat and request to generate a chart based on the file, the output is summary of the excel file instead of the requested chart. If copy and paste the excel file content into the chat and then request to create a chart based on it -works.Is that expected or a bug?Thank you Read More
Windows Admin Center version 2410 is now in Public Preview!
Announcing Public Preview of Windows Admin Center v2410
Windows Admin Center provides a convenient method for IT admins to investigate and manage their Windows Servers. Over the last seven years, one of the top customer requests has been performance. With this release, we are ensuring that we deliver the solution that customers desire. This release marks a new era for Windows Admin Center as the platform for the future, bringing efficiency and convenience to you while bridging the gap in feature parity for virtual machine management.
This 2410 preview release builds on top of the latest modernized gateway Public Preview build that was released July 29th. This build comes with new additions to the virtual machines tool and bug fixes.
As always, thank you to our customers, partners, and fans. Your continued support of Windows Admin Center has been critical to its continued success.
A couple important notes on this preview version of Windows Admin Center:
This build is a preview version and is not recommended for installation in production environments.
This preview version cannot install side-by-side with the last GA release (version 2311) or any of the previous releases. Once you install this build and migrate your user data and environment configurations, you will not be able to go back.
Any users utilizing a high availability (HA) setup should not install this preview version with the intent to use HA. HA is not currently supported in our v2 backend implementation, nor in the 2410 public preview release.
What’s new in this build
Upgrade to .NET Core
The Windows Admin Center frontend user-interface (UI) is built on Angular, which is in turn built on our shell. The shell hosts all the core services and most of our UI components, our solutions like server and cluster manager, and, on top of that, every extension that you use for server management.
Our front end interacts with our backend, which is also known as our gateway. The gateway hosts our authorization structure, our PS services, our gateway plug-ins, and plays a critical role in every single experience that you use in Windows Admin Center.
In this release, we have upgraded our backend again, from the .NET Core 6 to .NET Core 8, bringing enhanced security and improved cryptography to our product. This also includes support for HTTP 2, reducing latency and enhancing the responsiveness of Windows Admin Center. Combined with improved performance, providing faster load times, you’ll be able to get your tasks done more quickly and efficiently.
Virtual machine tool update
We have heard your feedback and have improved the virtual machine (VM) tool experience! Our primary goal is to provide you with the list of VMs as soon as possible so you are empowered to efficiently carry out your administrative tasks. To make this easier, we’ve added a toggle in the top right corner of the Virtual machines tool that will allow you to switch between a “detailed” mode and a “light” mode.
Today, we invite you all to enable this feature, use the tool, and share your feedback.
Highlights:
The VM Power operations (e.g. start, pause etc.) now only update the VM selected without reloading the entire table, saving customers valuable time
To optimize responsiveness (e.g., clicking, hovering and scrolling), we have removed the runtime pipeline.
To prioritize loading the VM list first, certain operations are deferred until after the initial load (e.g., cluster node check)
To optimize performance, we have reduced the number of columns in the default view. Note that this can be toggled off using the “Detailed Mode” toggle to switch back to the previous experience
In default mode, we list the computer name of running Windows VMs and their operating system versions
Updated installer
While modernizing our gateway, we also made the installer more flexible by providing increased customization options including network access settings, selecting trusted hosts, providing a fully qualified domain name (FQDN) for your gateway machine, and more. For more details about the installer, read on to the Installing the 2410 public preview build section.
Data migration
To ensure that your user and environment data is transferred over, we have implemented a data migration flow so that you will seamlessly transition to the new build. All of your data will be copied over, except for 4 items that will require user intervention. For more details about the installer, read on to the Migrating your data section.
Settings update
As part of our gateway modernization effort, you may notice that your Windows Admin Center settings look a little bit different.
As we discussed in the 2211 Windows Admin Center release, we have deprecated the in-app update experience and have consequently removed the settings blade for Updates. Additionally, the Access and Shared Connections blades are now available on local gateway installations (also known as “desktop mode” in legacy gateway builds).
Multi-process, microservice based
This build also leverages microservice architecture. Prior to this upgrade, Windows Admin Center performed all tasks in a single process. With our new model, we start one process for Windows Admin Center on application startup that serves as a process manager. As you use Windows Admin Center, additional sub-processes are spun up to perform specific tasks.
Additionally, gateway plug-ins that are compatible with this build will also run their own collection of sub-processes under the Windows Admin Center service manager to perform their functions.
Changing from a monolithic service to a microservice model helps Windows Admin Center be more flexible, scalable, and resilient.
Kestrel HTTP web server
Previously, Windows Admin Center utilized Katana components, including a web server, on the backend. With this build, we’ve shifted to an ASP.NET Core Kestrel web server.
Kestrel is the recommended web server for ASP.NET Core applications. Kestrel is:
High performing: Kestrel is optimized to handle a large number of concurrent connections efficiently.
Lightweight: Optimized for running in resource-constrained environments, such as containers and edge devices.
Security hardened: Kestrel supports HTTPS and is hardened against web server vulnerabilities.
Additionally, Kestrel supports the HTTP/2 web protocol, where previously we had only supported HTTP1.1 with the Katana components. The upgrade from HTTP1.1 to HTTP/2 brings reduced latency to our application as well as increased responsiveness through enhanced features like multiplexing and server push.
Switching to a Kestrel web server will also allow for Windows Admin Center to potentially enable cross-platform support in the future.
How does this build impact my extension?
Gateway plug-in extensions will be impacted by the changes to this build. Windows Admin Center gateway plug-ins enable API communication from the UI of your tool or solution to a target node. Windows Admin Center hosts a gateway service that relays commands and scripts from gateway plug-ins to be executed on target nodes. The gateway service can be extended to include custom gateway plug-ins that support protocols other than the default ones (PowerShell and WMI).
Because gateway plug-ins communicate with Windows Admin Center’s backend to enable API communication, gateway plug-in code may include components written with the .NET framework version 4.6.2, which will not function with .NET Core. This code needs to be updated to use the .NET Core framework.
Additionally, we’ve modified the way plug-ins work with this build. Instead of developing a C# class which implements the IPlugIn interface from the Microsoft.ManagementExperience.FeatureInterfaces namespace to extend the gateway plug-in, extensions will now be written in the form of ASP.NET MVC controllers. These controllers have increased flexibility compared to the simple C# class and extensive documentation.
Learn more about gateway plug-in development in Windows Admin Center here.
What about my tool and/or solution extension?
Solution and tool extensions do not communicate with Windows Admin Center’s backend in-depth and should be minimally impacted by this build. We strongly recommend testing your extension to ensure it continues to run smoothly on the new backend.
Installing the 2410 public preview build
With the 2410 public preview, we’ve made changes to our installer to offer more flexibility to the user. When running the installer, you will be presented with two different installation modes: express setup and custom setup.
Express setup
The express setup option does not allow for the configuration of the following features:
Login authentication mode
Host access network names
Internal and external network ports
Certificate type and thumbprint
Endpoint FQDN
Trusted hosts mode
WinRM over HTTPS
If you would like to configure any of these features, please use the custom setup option instead.
When you select express setup, the installer will use the operating system of your machine to determine the port Windows Admin Center is accessible through. If you run the installer on a client machine, Windows Admin Center will be accessible through port 6600 and will use internal ports 6601-6610. If you run the installer on a server machine, Windows Admin Center will be accessible through port 443 and will use internal ports 6601-6610. The exception to this rule is if you have a previous version of Windows Admin Center installed—then the installer will pick up that port instead (6516 by default).
Custom setup
Selecting custom setup allows you to configure all Windows Admin Center setup options:
Network access – This page allows you to select how you will be using Windows Admin Center. You may choose to restrict Windows Admin Center access to other users by selecting localhost access only or allow remote access through machine name of FQDN.
Port numbers – This page allows you to select the ports that will be reserved for Windows Admin Center. Windows Admin Center uses one external port for its primary processes. Other processes use internal ports. There are two internal processes by default, but extensions may define their own services that will require port access. By default, the internal range is 10 ports.
Select TLS certificate – This page allows you to select Self-Signed certificates or an official TLS certificate that Windows Admin Center should use. Self-Signed certificates include Self-signed CA root certificates and TLS certificates that work with the latest Edge/Chrome browser.
Fully qualified domain name – This page allows you to provide a fully qualified domain name for network access. This name must match the name on the TLS certificate.
Trusted hosts – This page allows you to select which type of remote hosts you’d like to manage. You may choose to manage only trusted domain computers or allow access to non-domain joined machines.
WinRM over HTTPS – This page allows you to select whether to use HTTPS for WinRM communication. WinRM communicates over HTTP by default.
Troubleshooting installation
If your installation failed, or you’re having trouble opening Windows Admin Center after install, you may need to uninstall and reinstall. This can also happen if you have an older version of a Gateway v2 preview build installed, and you are trying to update to a newer version. To uninstall, follow the instructions in the Uninstalling and cleanup section of this document.
Migrating your data
Once you have installed the 2410 public preview, much of your transferable data is automatically copied over to the new build, reducing the time it takes for you to get started. However, there are four items that will require your input on:
Proxy credentials
WebSocket Origin configuration
Azure registration
Extensions
You will only have to do this once. Once your data is fully migrated, future releases of Windows Admin Center will have the seamless update experience you know and love.
Proxy credentials
Windows Admin Center will not be able to able access Azure services and the public extension feed without proper proxy credentials. If you have a proxy set up, then you will need to enter the proxy address, as well as the username and password to give Windows Admin Center access.
WebSocket Origin configuration
If you had previously configured WebSocket Origins, you can review and edit them here. To get you started, we have imported the WebSocket Origins list from your previous Windows Admin Center setup.
Azure registration
Windows Admin Center now requires additional redirect URLs to be configured with the Azure App Registration instance. This can only be done through the Azure Portal. Selecting the “Configure” button will programmatically update the Azure App Registration on your behalf. After it is registered, you may need to re-enable Azure login to Windows Admin Center.
You will need the elevated permissions on this Azure subscription to perform this re-registration.
Extensions
The extension feed for the 2410 public preview is not currently fully configured. You may notice missing extensions from this Windows Admin Center instance, including extensions not installed by default on install and ones you may have installed from your own feed or from external partners. As of right now, this page is read-only. We’re working with our internal and external partners to ensure that all extensions are compatible. These extensions should be available soon.
Review + complete
You will not be allowed to use Windows Admin Center unless you complete these steps.
Uninstalling the 2410 public preview build
To uninstall, perform one of the following actions:
In the Apps & Features page of your gateway machine settings, select Windows Admin Center (v2) Preview from the program list and then select uninstall.
Navigate to the folder where the Windows Admin Center (v2) is installed (default directory is C:ProgramDataMicrosoftWindowsStart MenuProgramsWindows Admin Center (v2)) and select “Uninstall Windows Admin Center (v2)”
Run C:Program FilesWindowsAdminCenterunins000.exe
Running the installer again will not result in an uninstall option at this time. To ensure your installation was removed successfully, check if a WindowsAdminCenter folder exists in C:ProgramData or C:Program Files. If it does not exist in either location, your application has been successfully uninstalled.
During the uninstallation process, everything put on the machine during installation will be removed, except for the Windows Admin Center (v2) .exe installer file.
FAQs
Q: Can you install the 2410 public preview build (Windows Admin Center (v2)) when you already have an existing build of Windows Admin Center installed?
A: No, you cannot install a v2 build of Windows Admin Center side-by-side with a legacy gateway build. Installing this preview build will prompt you to migrate your user data and configuration settings, and after this is complete, you will not be able to go back to a legacy build without fully uninstalling.
Q: Can I change the ports my Windows Admin Center installation is using after install?
A: Yes, In the Program Files for Windows Admin Center, we’ve included a PowerShell module called Microsoft.WindowsAdminCenter.Configuration.psm1. This module allows you to modify your Windows Admin Center configuration after installation and can be found in the PowerShellModules folder of your installation (C:Program FilesWindowsAdminCenterPowerShellModules by default).
To change the ports Windows Admin Center is using, run the following command:
Set-WACHttpsPort -Wacport <port> -ServicePortRangeStart <port> -ServicePortRangeEnd <port>
Q: Changing the ports is great, but can I change other configuration settings after install?
A: Yes! You may use the PowerShell module Microsoft.WindowsAdminCenter.Configuration.psm1 to change your configuration settings. It can be found in the PowerShellModules folder of your installation.
Known issues
The account for the PowerShell session in the PowerShell tool always defaults to the user signed into the Windows Admin Center gateway, even if different management credentials were specified when remoting to a connection.
The extension feed for this build has not been configured. Extensions not included in the Windows Admin Center installer (including external partner extensions) will not be available unless you add an extension feed. Even with an added feed, the following extensions do not currently function with the v2 build:
Dell OpenManage
Dell APEX Cloud Platform for Microsoft Azure
Lenovo XClarity Integrator
HPE OneView
HPE Server extension and HPE Azure Stack HCI extension
HPE Storage manager
Fujitsu ServerView RAID
Fujitsu Software Infrastructure Manager (ISM)
Fujitsu ServerView Health
Pure Storage FlashArray
The extension feed will be available in the generally available release and will include all extensions that are compatible with the 2410 preview build.
Other known issues include:
High availability configurations are not supported in this build.
Azure Arc status on the All Connections page may not successfully load if all connections are clusters.
When using the new Hyper-V preview mode feature in the Virtual Machines tool, inventory may load improperly when navigating between clusters and servers.
Download today!
We hope you enjoy this latest update of Windows Admin Center, the various new functionality in preview, and all the extensions now available.
As always, thanks for your ongoing support, adoption, and feedback. Your contributions through user feedback continue to be vital and valuable to us, helping us prioritize and sequence our investments.
Windows Admin Center is continuously evolving and growing as a tool and a platform, and we are beyond thrilled to have you part of our journey.
Thank you,
Windows Admin Center Team (@servermgmt)
Microsoft Tech Community – Latest Blogs –Read More
Unlocking data with AI and the Microsoft commercial marketplace
The Microsoft commercial marketplace is a powerful resource providing developers an efficient way to discover tools and models to power their AI projects. The “Unlock your data with AI solutions from the Microsoft commercial marketplace” article provides insights into discovering and deploying AI solutions through the marketplace, along with a sampling of AI-powered partner solutions that developers are putting to use today to help unlock data insights and accelerate AI solution development.
The Microsoft commercial marketplace is a powerful resource providing developers an efficient way to discover tools and models to power their AI projects. The “Unlock your data with AI solutions from the Microsoft commercial marketplace” article provides insights into discovering and deploying AI solutions through the marketplace, along with a sampling of AI-powered partner solutions that developers are putting to use today to help unlock data insights and accelerate AI solution development.
Read More
I can’t open my Onedrive “My Files” in 3 different browsers or Onedrive downloaded in computer
I’m using Business Account.
I can’t open “My Files” in Chrome, Edge, Firefox, and downloaded Onedrive app in computer, since 14 Oct 2024. However, I can open it in phone apps, but this does not help much, as most of work has to be done in computer.
I’ve tried re-login, re-open OneDrive, no success.
I need to use it everyday.
I’m using Business Account.I can’t open “My Files” in Chrome, Edge, Firefox, and downloaded Onedrive app in computer, since 14 Oct 2024. However, I can open it in phone apps, but this does not help much, as most of work has to be done in computer.I’ve tried re-login, re-open OneDrive, no success.I need to use it everyday. Read More
Start your nomination today: FY25 FastTrack Recognized Solution Architect submissions are now OPEN!
Hello Partners,
The Microsoft Business Industry & Copilot (BIC) engineering team confers the designation FastTrack Recognized Solution Architect (FTRSA) to practicing enterprise solution architects who consistently exhibit deep architecture expertise and create high-quality solutions for customers.
Why nominate:
Recognized architects’ profiles, and the partners they work for, are listed on the Microsoft Dynamics 365 and Power Platform architects’ websites.
Partners may indicate the number of recognized architects they have in their promotional materials and may direct prospective customers to the architects’ profile page.
Recognized architects get an e-badge to share on LinkedIn and other social media platforms and a gift package.
Recognized architects are provided direct communication channels with our product and leadership team
Continue reading on our partner news blog
Hello Partners,
The Microsoft Business Industry & Copilot (BIC) engineering team confers the designation FastTrack Recognized Solution Architect (FTRSA) to practicing enterprise solution architects who consistently exhibit deep architecture expertise and create high-quality solutions for customers.Why nominate:
Recognized architects’ profiles, and the partners they work for, are listed on the Microsoft Dynamics 365 and Power Platform architects’ websites.
Partners may indicate the number of recognized architects they have in their promotional materials and may direct prospective customers to the architects’ profile page.
Recognized architects get an e-badge to share on LinkedIn and other social media platforms and a gift package.
Recognized architects are provided direct communication channels with our product and leadership team
Continue reading on our partner news blog Read More
Really dumb question – Percentage increasedecreased calcualtion
I have a simple enough question but cant seem to work out how to get it right.
I cant to calculate the percentage increase (or decrease) between the 2 numbers in each row and put that into column E on the same row. I’m guessing put a formula in cell E1 and then cascade that formula down.
If there is a 0 in any of the cells e.g. rows 3 and 4 I want a NA or something like that in the calculation because there is no data available yet.
Please help.
ABCDE1FY24 Q1529FY24 Q11065 2FY24 Q2324FY24 Q2375 3FY24 Q3555FY24 Q30 4FY24 Q4868FY24 Q40
I have a simple enough question but cant seem to work out how to get it right. I cant to calculate the percentage increase (or decrease) between the 2 numbers in each row and put that into column E on the same row. I’m guessing put a formula in cell E1 and then cascade that formula down. If there is a 0 in any of the cells e.g. rows 3 and 4 I want a NA or something like that in the calculation because there is no data available yet. Please help. ABCDE1FY24 Q1529FY24 Q11065 2FY24 Q2324FY24 Q2375 3FY24 Q3555FY24 Q30 4FY24 Q4868FY24 Q40 Read More
FY25 FastTrack Recognized Solution Architect nominations now open!
Hello Partners,
The Microsoft Business Industry & Copilot (BIC) engineering team confers the designation FastTrack Recognized Solution Architect (FTRSA) to practicing enterprise solution architects who consistently exhibit deep architecture expertise and create high-quality solutions for customers.
Why nominate:
Recognized architects’ profiles, and the partners they work for, are listed on the Microsoft Dynamics 365 and Power Platform architects’ websites.
Partners may indicate the number of recognized architects they have in their promotional materials and may direct prospective customers to the architects’ profile page.
Recognized architects get an e-badge to share on LinkedIn and other social media platforms and a gift package.
Recognized architects are provided direct communication channels with our product and leadership teams.
Nomination and evaluation process:
Complete the nomination form within the nomination period: October 15, 2024 – February 3, 2025.
Once eligibility is confirmed, solution architects from the relevant engineering teams evaluate candidates based on the quantity and quality of their submissions.
Successful candidates from the initial evaluation will have the opportunity to interview with the BIC engineering teams. They are evaluated based on their technical and functional expertise, familiarity with current products, adherence to best practices, and complexity involved in customer implementations.
The evaluation process takes 8-12+weeks. Candidates are notified of the decision via email, along with next steps for accepted architects.
Nomination Link: http://aka.ms/FTRSANomination
Microsoft Tech Community – Latest Blogs –Read More
Copilot 365 plugins for Word / PowerPoint
Hi,
I’ve successfully created plugins for use with Copilot 365 in Teams and Outlook. However, they aren’t showing up in the list of plugins in Word Copilot (I only see “Web search” there). Is this a current limitation or something planned for a future update? Or is there already a way to use plugins in Word and PowerPoint?
I thought it was officially available because I saw it demonstrated in this video:
https://www.youtube.com/watch?v=I44RtBr01Lw&t=366s (minutes 6 to 7).
In the video, they mentioned it would be available by early Q3 of 2024, but we’re already in Q4.
Do you have any information on this? Thanks!
Hi, I’ve successfully created plugins for use with Copilot 365 in Teams and Outlook. However, they aren’t showing up in the list of plugins in Word Copilot (I only see “Web search” there). Is this a current limitation or something planned for a future update? Or is there already a way to use plugins in Word and PowerPoint? I thought it was officially available because I saw it demonstrated in this video:https://www.youtube.com/watch?v=I44RtBr01Lw&t=366s (minutes 6 to 7). In the video, they mentioned it would be available by early Q3 of 2024, but we’re already in Q4. Do you have any information on this? Thanks! Read More
