Category: Office365

Last updated by at .

Microsoft Whiteboard

IT Pros – Check out the Microsoft Whiteboard App

A couple of days ago Microsoft announced that the Microsoft Whiteboard App is now generally available (GA). Obviously this is not just an IT Pro app, it can be used by anyone running Windows 10. The Microsoft Whiteboard App is designed to help you collaborate with others in real time using inking and replace physical whiteboards. Microsoft Whiteboard allows you to share and invite others to collaborate on a whiteboard over the web. It is not only available as an app on Windows 10, it is also available on the Surface Hub.

I started to use the Microsoft Whiteboard app heavily. Instead of using OneNote to draw during presentations and workshops, I now use the Whiteboard App. It helps me quickly to draw some technical drawings and do my interactive workshops.

The Microsoft Whiteboard

Microsoft New Whiteboard

The Microsoft Whiteboard provides you an unlimited whiteboard canvas. You can use a pen, like the Surface Pen, or you can just use your fingers to draw and edit stuff. You have different digital pens and drawing tools available. Form here you just can get started with what every you want to draw, note or plan.

Insert things into the Whiteboard

Microsoft Whiteboard Insert Pictures

You can not only draw and write on the canvas, you can also add different type of files like Images from your PC, Bing or take a picture directly from the whiteboard. You can also add text notes, which you easily can move around.

Microsoft Whiteboard Ink to Shape

Microsoft Whiteboard Ink to Shape

If you want to have some extended features, you can open up the settings and you have some other cool options for inking. Ink to shape basically recognizes what type of shape you want to draw and does automatically convert to the right shape. Even cooler is the Ink to table feature, which lets you quickly draw a table. This makes it easy to draw and quickly get to where you want to go.

Whiteboard Sharing

Microsoft Whiteboard Sharing

I already mentioned that you use the whiteboard to collaborate. You have two ways of sharing it, you can invite people from your Office 365 or Microsoft Account, or you can just simply share a web sharing link, to allow others to join your whiteboard over the web. You will be able to see in real time what the others are drawing.

I hope this gives you a quick overview about the Microsoft Whiteboard app, let me know what you think. You can get the Microsoft Whiteboard from the Microsoft Store for free.



Thomas Maurer Speaking at Experts Live

Speaking at Experts Live Europe 2018 in Prague

You must have heard about the awesome conference in the heart of Europe, called Experts Live Europe. Today, I am honored and proud to announce that I will be speaking at Experts Live Europe 2018 in Prague at October 24.-26. Since the first European edition back in 2013, I have presented several sessions at each event previously hosted in Bern, Basel and Berlin. I will speak about my favorite topic Azure Stack and will also present another session about Windows Server. The timing of Experts Live Europe is great this year (October), which allows me and other speakers to present the latest updates learned and shared at Microsoft Ignite (September).

I am also excited about the new location. After Bern and Basel in Switzerland, and two years in Berlin, Germany, Experts Live Europe comes to the beautiful city of Prague.

My Sessions at Experts Live Europe 2018

I am proud to present two sessions to cover topics like Azure, Azure Stack, Windows Server and Hyper-V.

Azure Stack - Your Cloud Your Datacenter

Microsoft released Azure Stack as an Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate a Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experience during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP).

Windows Server 2019 - The Next Generation of Software-Defined Datacenter

Join this session for the best of Windows Server 2019, about the new innovation and improvements of Windows Server. Learn how Microsoft enhances the SDDC feature like Hyper-V, Storage and Networking and get the most out of the new Azure Hybrid Integration and Container features. You’ll get an overview about the new, exciting improvements that are in Windows Server and how they’ll improve your day-to-day job.   In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations in Windows Server 2019 and the Semi-Annual Channel including: ○ Windows Server Containers ○ Azure Integration ○ Hyper-V features ○ Storage ○ Networking ○ Security ○ Windows Server Containers And more!

Besides 2 days of break out sessions, you will also have one extra day with three great technical workshops about Cloud Security, Workplace and Automation.

About Experts Live Europe

Experts Live Europe is one of Europe’s largest community conferences with a focus on Microsoft cloud, datacenter and workplace management. Top experts from around the world present discussion panels, ask-the-experts sessions and breakout sessions and cover the latest products, technologies and solutions. It’s the time of the year to learn, network, share and make valuable connections.

 

Experts Live VIP Party in the Cloud

The famous Speakers & Sponsors VIP Party of Experts Live Europe will take place on Wednesday, October 24th. This is a great opportunity to network with our speakers and sponsors in a fun and easy-going setting. Tickets for the VIP Party are limited due to location capacity, so if you don’t want to miss out, make sure you register fast!
The VIP Party will take place in Cloud9 Sky Bar & Lounge, at the rooftop of the Hilton hotel in Prague. The Sky Bar is famous for its stunning panorama views of the city, the signature cocktails, the rooftop terrace and the vibrant atmosphere.

It still takes a couple of months until October, but I am already very excited for another Experts Live Conference. I really hope to see you there, so make sure you get a ticket as soon as possible!



Windows Users with PowerShell

Manage Local Windows User with PowerShell

Awhile ago Microsoft added a new PowerShell module to manage local Windows user accounts. This post should quickly show you how easily you can for example use PowerShell to create a new Windows User account, remove a Windows user account or modify windows users and groups with PowerShell.

List Windows User accounts with PowerShell

The most simple one is obviously to list Windows users or groups, using the PowerShell Get- commands.

List all local Windows Users:

List all local Windows Groups:

Create new Windows User account using PowerShell

There are three different account types you can add to Windows 10:

The following part describes how you can add them to your Windows system using PowerShell

To create a new Windows User account you can simply use the following command:

If you want to see that password you can also use this method, to create a new Windows User:

Create a new Windows User account connected to a Microsoft Account using PowerShell

With Windows 10 you have the opportunity to login using Microsoft Accounts, for example with outlook.com or hotmail.com email aliases. For that you can use the folloing command to create a new Windows User connected to a Microsoft Account. In this case you will not need to configure a password for the account, since this is connected to the Microsoft Account.

You can also add Azure Active Directory (Azure AD) accounts if your business is for example using Office 365. The following command adds an Azure AD account to the local Windows Users:

Remove Windows User account using PowerShell

You can also simply remove user accounts from Windows using PowerShell. The following command will delete the account:

Change password of a Windows User account using PowerShell

To change the password of a local Windows User account, you can use the Set-LocalUser cmdlet. This also has some other options as well, but one of the most common ones is to reset the password.

Rename a Windows User account using PowerShell

To rename a Windows User account with PowerShell, you can use the following command:

Add Windows User account to group using PowerShell

This command for example adds users to the Windows Administrator group:

I hope this gives you a quick overview how you can manage local Windows User accounts using PowerShell.



Altaro Webinar Journey to the Clouds

Webinar: Journey to the Clouds – Masterclass on Cloud Migration

Together with Altaro and my MVP colleagues Andy Syrewicze and Didier Van Hoye, I will be part of a free webinar called Journey to the Clouds- Masterclass on Cloud Migration. In this webinar we will dicsuss differnent cloud scenarios.

There are two options available depending on which time zone you are in.

  • Session 1: 2pm CEST – 5am PDT – 8am EDT
  • Session 2: 6pm CEST – 9am PDT – 12pm EDT

Join Webinar Journey to the Clouds

Want to migrate your datacenter into the cloud but unsure how to make the transition successfully? 3 Microsoft MVPs discuss your options in this upcoming panel webinar. Join Andy Syrewicze, Didier Van Hoye, and Thomas Maurer for a crash course on how you can plan your journey effectively and smoothly utilizing the exciting cloud technologies coming out of Microsoft.

Want to migrate your datacenter into the cloud but unsure how to make the transition successfully? 3 Microsoft MVPs discuss your options in this upcoming panel webinar.

Join Andy Syrewicze, Didier Van Hoye, and Thomas Maurer for a crash course on how you can plan your journey effectively and smoothly utilizing the exciting cloud technologies coming out of Microsoft including:

  • Windows Server 2019 and the Software-Defined Datacenter
  • New Management Experiences for Infrastructure with Windows Admin Center
  • Hosting an Enterprise Grade Cloud in your datacenter with Azure Stack
  • Taking your first steps into the public cloud with Azure IaaS

With cloud technologies improving exponentially migrating to a cloud-based model is a dilemma facing most organizations today. Cloud services such as Microsoft Azure, Azure Stack, and the software defined datacenter, offer numerous benefits but moving existing infrastructure into a cloud model is a challenging step.

 

Many IT Pros are justifiably wary of new platforms and cloud services are particularly worrisome involving core infrastructure elements hosted offsite. This is why some of the new technologies coming from Microsoft are so compelling as they are designed to help organizations make that transition slowly and at their own pace. This webinar covers both fully-serviced cloud offerings as well as smaller-scaled solutions that provide more accessible steps to realizing the benefits without fully committing.

 

After watching the experts discuss the details, you’ll see that the cloud doesn’t have to be an all or nothing discussion. The journey from on-prem to the cloud is different for every organization, as is the destination. This webinar will prepare you for your unique journey by revealing the available options and how to make the most out of them.

 

Join us for some insightful discussion, use-case examples, and tips for getting started with these new technologies. Sign up today.

 

We hope to see you there!



encrypted messages in Outlook.com

Encrypt Mails in Outlook.com (or Hotmail)

This is pretty cool! If you are an Office 365 Home or Office 365 Personal subscriber, Outlook.com (formerly known as hotmail.com or live.com) now includes encryption features that let you share your confidential and personal information while ensuring that your email message stays encrypted and doesn’t leave Office 365. This is useful when you don’t trust the recipient’s email provider to be secure.

So what does encrypt mean:

As an Outlook.com user with either an Office 365 Home or Office 365 Personal subscription, you’ll see the following:

  • Encrypt: Your message stays encrypted and doesn’t leave Office 365. Recipients with Outlook.com and Office 365 accounts can download attachments without encryption from Outlook.com, the Outlook mobile app, or the Mail app in Windows 10. If you’re using a different email client or other email accounts, you can use a temporary passcode to download the attachments from the Office 365 Message Encryption portal.
  • Encrypt and Prevent Forwarding: Your message stays encrypted within Office 365 and can’t be copied or forwarded. Microsoft Office attachments such as Word, Excel or PowerPoint files remain encrypted even after they’re downloaded. Other attachments, such as PDF files or image files can be downloaded without encryption.

If you want to know more about Encryption of Outlook.com E-Mails, check out the this support Page: Learn about encrypted messages in Outlook.com



Presenting ExpertsLive

Speaking about Azure Stack at Experts Live Switzerland 2018 in Bern

Today, I am proud to announce that I am speaking at the country event of Experts Live in Switzerland. Experts Live Switzerland 2018 will take place at the 3rd of May in the new Workspace Welle 7 in ​Bern Switzerland. Experts Live Switzerland is a one day event with 17 session in three parallel tracks focusing on Microsoft Cloud, Datacenter and Workplace Management topics, with Microsoft MVPs, speakers from Microsoft and other industry experts.

I was already speaking at Experts Live US 2018, Experts Live Australia 2017 and of course Experts Live Europe 2017. As always, I am really looking forward to this country event of the Experts Live conference series. It is always a lot of fun to listen to great sessions and meet friends.

Speaking at Experts Live Switzerland 2018

I am happy to give attendees an overview about Microsoft Azure Stack:

Azure Stack - Your Cloud Your Datacenter

Microsoft released Azure Stack as a Azure appliance for your datacenter. Learn what Azure Stack is, what challenges it solves, how you deploy, manage and operate a Azure Stack in your datacenter. Learn about the features and services you will get by offering Azure Stack to your customers and how you can build a true Hybrid Cloud experience. In this presentation Thomas Maurer (Microsoft MVP) will guide you through the highly anticipated innovations and experience during the Azure Stack Early Adaption Program and Azure Stack Technology Adoption Program (TAP).

The event is limited to only 180 attendees, so make sure you reserve you ticket right now! There will be a lot of other great sessions and a lot of experts from the Microsoft Cloud community.

Some more information about the conference:

  • 1 day event
  • In the heart of Switzerland (Bern)
  • 17 sessions
  • 3 parallel tracks
  • Top Community speakers
  • limited to 180 attendees
  • Partner booths in the expo hall
  • modern location
  • focusing on Microsoft Cloud Technology

 

 



Windows SpeculationControl PowerShell

Microsoft Guidance to protect against speculative execution side-channel vulnerabilities on Windows, Windows Server and Azure (Meltdown and Spectre)

Microsoft very quickly responded to the speculative execution side-channel vulnerabilities also called Meltdown and Spectre which affect many modern processors and operating systems, including chipsets from Intel, AMD, and ARM. Microsoft released some guidance how you should protect your devices against these vulnerabilities. The Microsoft Security Defense Team also published an article with guidance and more details on this: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities

In this blog post I tried to quickly summarize the information and link it to the right websites.

Summary

Microsoft is aware of detailed information that has been published about a new class of vulnerabilities referred to as speculative execution side-channel attacks. This industry-wide attack method takes advantage of out-of-order execution on many modern microprocessors and is not restricted to a single chip, hardware manufacturer, or software vendor. To be fully protected, updates are required at many layers of the computing stack and include software and hardware/firmware updates. Microsoft has collaborated closely with industry partners to develop and test mitigations to help provide protections for our customers. At the time of publication, Microsoft had not received any information to indicate that these vulnerabilities have been used to attack our customers.

Note This issue also affects other operating systems, such as Android, Chrome, iOS, and MacOS.

Warning

Microsoft addressed protect against speculative execution side-channel vulnerabilities in the latest Windows Updates. However, customers who only install the Windows January 2018 security updates will not receive the benefit of all known protections against the vulnerabilities. In addition to installing the January security updates, a processor microcode, or firmware, update is required. This should be available through your device manufacturer. Surface customers will receive a microcode update via Windows update.

Guidance for Windows Client

Customers should take the following actions to help protect against the vulnerabilities:

  1. Verify that you are running a supported antivirus application before you install OS or firmware updates. Contact the antivirus software vendor for compatibility information.
  2. Apply all available Windows operating system updates, including the January 2018 Windows security updates.
  3. Apply the applicable firmware update that is provided by the device manufacturer

Windows-based machines (physical or virtual) should install the Microsoft security updates that were released on January 3, 2018. See Microsoft Security Advisory ADV180002 for updates for the following versions of Windows.

Read full guidance for Windows Client here: Windows Client Guidance for IT Pros to protect against speculative execution side-channel vulnerabilities

Guidance for Windows Server

Customers should take the following actions to help protect against the vulnerabilities:

  1. Apply the Windows operating system update. For details on how to enable this update, see Microsoft Knowledge Base Article 4072699.
  2. Make necessary configuration changes to enable protection.
  3. Apply an applicable firmware update from the OEM device manufacturer.

Windows Servers-based machines (physical or virtual) should get the Windows security updates that were released on January 3, 2018, and are available from Windows Update.

  • Windows Server, version 1709 (Server Core Installation) KB4056892
  • Windows Server 2016 KB4056890
  • Windows Server 2012 R2 KB4056898
  • Windows Server 2012 Not available yet
  • Windows Server 2008 R2 KB4056897

Your server is at increased risk if it is in one of the following categories:

  • Hyper-V hosts
  • Remote Desktop Services Hosts (RDSH)
  • For physical hosts or virtual machines that are running untrusted code such as containers or untrusted extensions for database, untrusted web content or workloads that run code that is provided from external sources.

There for Microsoft posted some additional registry keys to mitigations on servers. Microsoft also added some extra registry keys if you are running older versions of Hyper-V.

Read the full guidance for Windows Server and the registry keys here: Windows Server guidance to protect against speculative execution side-channel vulnerabilities

Guidance for Virtual Machines running on Hyper-V

In addition to this guidance, the following steps are required to ensure that your virtual machines are protected from CVE-2017-5715 (branch target injection):

  1. Ensure guest virtual machines have access to the updated firmware. By default, virtual machines with a VM version below 8.0 will not have access to updated firmware capabilities required to mitigate CVE-2017-5715. Because VM version 8.0 is only available starting with Windows Server 2016, users of Windows Server 2012 R2 or earlier must modify a specific registry value on all machines in their cluster.
  2. Perform a cold boot of guest virtual machines.Virtual machines will not see the updated firmware capabilities until they go through a cold boot. This means the running VMs must completely power off before starting again. Rebooting from inside the guest operating system is not sufficient.
  3. Update the guest operating system as required. See guidance for Windows Server.

Read the full guidance for Guest Virtual Machines here: Protecting guest virtual machines from CVE-2017-5715 (branch target injection)

Guidance for Surface Devices

Microsoft will provide UEFI updates for the following devices:

  • Surface Pro 3
  • Surface Pro 4
  • Surface Book
  • Surface Studio
  • Surface Pro Model 1796
  • Surface Laptop
  • Surface Pro with LTE Advanced
  • Surface Book 2

The updates will be available for the above devices running Windows 10 Creators Update (OS version 15063) and Windows 10 Fall Creators Update (OS version 16299). You will be able to receive these updates through Windows Update or by visiting the Microsoft Download Center.

Read full guidance for Surface Devices here: Surface Guidance for Customers and Partners: Protect your devices against the recent chip-related security vulnerability

Guidance for Azure

Microsoft has already deployed mitigations across the majority of our cloud services and is accelerating efforts to complete the remainder.

However, I always recommend that you also patch your operating systems and applications to be protected against other vulnerabilities.

Impact to Enterprise Cloud Services

Microsoft is not aware of any attacks on the Microsoft Cloud customers which leverage these types of vulnerabilities. Microsoft employs a variety of detection capabilities to quickly respond to any malicious activity in our enterprise cloud services.

Most of the Azure infrastructure has already received mitigations against this class of vulnerability. An accelerated reboot is occurring for any remaining hosts. Customers can check the Azure Portal for additional details.

All other enterprise cloud services such as Office 365, Dynamics 365, and Enterprise Mobility + Security have mitigations against these types of vulnerabilities. Microsoft engineering is continuing to perform analysis across the environments to confirm further protection.

Read full guidance for Microsoft Azure here: Microsoft Cloud Protections Against Speculative Execution Side-Channel Vulnerabilities

Guidance for Azure Stack

Azure Stack customers should take the following actions to help protect the Azure Stack infrastructure against the vulnerabilities:

  1. Apply Azure Stack 1712 update. See the Azure Stack 1712 update release notes for instructions about how to apply this update to your Azure Stack integrated system.
  2. Install firmware updates from your Azure Stack OEM vendor after the Azure Stack 1712 update installation is completed. Refer to your OEM vendor website to download and apply the updates.
  3. Some variations of these vulnerabilities apply also to the virtual machines (VMs) that are running in the tenant space. Customers should continue to apply security best practices for their VM images, and apply all available operating system updates to the VM images that are running on Azure Stack. Contact the vendor of your operating systems for updates and instructions, as necessary. For Windows VM customers, guidance has now been published and is available in this Security Update Guide.

Read full guidance for Microsoft Azure Stack here: Azure Stack guidance to protect against the speculative execution side-channel vulnerabilities

Guidance for SQL Server

The following versions of Microsoft SQL Server are impacted by this issue when running on x86 and x64 processor systems:

  • SQL Server 2008
  • SQL Server 2008 R2
  • SQL Server 2012
  • SQL Server 2014
  • SQL Server 2016
  • SQL Server 2017

IA64-based versions of SQL Server 2008 are not believed to be affected.

Microsoft made a list of different SQL Server scenarios depending on the environment that SQL Server is running in and what functionality is being used. Microsoft recommends that you deploy fixes by using normal procedures to validate new binaries before deploying them to production environments.

You can finde the list for scenarios and recommendations here: SQL Server guidance to protect against speculative execution side-channel vulnerabilities

There is also a list of updates for SQL Server available:

 

  • 4057122 Description of the security update for SQL Server 2017 GDR: January 3, 2018
  • 4058562 Description of the security update for SQL Server 2017 CU3 RTM: January 3, 2018
  • 4058561 Description of the security update for SQL Server 2016 CU7 SP1: January 3, 2018
  • 4057118 Description of the security update for SQL Server 2016 GDR SP1: January 3, 2018
  • 4058559 Description of the security update for SQL Server 2016 CU: January 6, 2018
  • 4058560 Description of the security update for SQL Server 2016 GDR: January 6, 2018
  • 4057114 Description of the security update for SQL Server 2008 SP4 GDR: January 6, 2018
  • 4057113 Description of the security update for SQL Server 2008 SP3 R2 GDR: January 6, 2018

Read the full guidance for SQL Server here: SQL Server guidance to protect against speculative execution side-channel vulnerabilities

Verifying protections again speculative execution side-channel vulnerabilities

The Microsoft Security Response Center released a PowerShell Module on the PowerShell Gallery called SpeculationControl, which verifies if your system is protected or not.

You can find more here: Use PowerShell to verifying protections again peculative execution side-channel vulnerabilities CVE-2017-5754 (Meltdown) and CVE-2017-5715 (Spectre)

 

More information on how to mitigate speculative execution side-channel vulnerabilities can be found here: ADV180002 | Guidance to mitigate speculative execution side-channel vulnerabilities