Support Tip: Kernel extensions on Macs running Apple Silicon are unsupported (Macs with M1 chips)

by Contributed | Mar 26, 2021 | Technology

This article is contributed. See the original author and article here.

Kernel extensions are used to add features at the kernel-level and access parts of the OS that are inaccessible to regular programs. Currently, they are only supported by Intune for Intel-powered macOS devices.

Kernel extensions will not work on macOS devices with the Apple Silicon chip at the moment. We recommend you to only use system extensions for any macOS devices running 10.15 and later. Read Support Tip: Using system extensions instead of kernel extensions for macOS Catalina 10.15 in Intune to learn more.

If you are using the kernel extensions settings, consider excluding macOS devices with Apple Silicon chips from receiving the kernel extension profile, as these devices refuse to install a profile if the mobile device management (MDM) policy doesn’t have a bootstrap token escrowed. You can do this by adding a group of devices to the “Exclude groups” section in the “Assignments” step of creating a profile.

Example of the “Add groups” assignment option for macOS Extensions

For more information on system extensions in Intune:

• macOS extension settings in Microsoft Intune – Azure | Microsoft Docs


• Create macOS system and kernel extensions with Microsoft Intune – Azure | Microsoft Docs

Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.

HoloLens 2 Development Edition Financing is now available in the United States

by Contributed | Mar 26, 2021 | Technology

This article is contributed. See the original author and article here.

HoloLens 2 Development Edition Financing is now available in the United States 

We are excited to announce financing availability for HoloLens 2 Development Edition in the United States starting March 25, 2021. Financing in other regions is not available.
 
During your purchase experience via Microsoft Store, customers will have the option to get started with the financing process under the “add to cart” button.

Customers will have the option of financing at different lengths, from 18 to 36 months with each financing option to include 0% interest. 

Get started building mixed reality solutions

HoloLens 2 Development Edition comes with the following benefits:

1 Available in the US, Canada, Germany, France, the UK, Ireland, Ireland, Japan, Australia, New Zealand, Switzerland, and Italy

2 Based on Unity Pro price of $150 per month
3 Based on Pixyz Plugin annual price of $1,150 per year

HoloLens 2 Development Edition costs $3,500 and combines the capabilities of HoloLens 2 with Azure, Unity, and Pixyz to empower developers to build interactive experiences and render 3D holographic content with people, places, and things. The included Unity Pro and Pixyz Plugin 3-month trials provide developers a comprehensive toolset to create and deploy immersive and engaging mixed reality experiences. With an intuitive UI and toolset, rich interactivity, and true flexibility, Unity is the most versatile and widely used real-time 3D creative development platform for visualizing products and building interactive and virtual experiences.

With the recent announcement of Microsoft Mesh and the upcoming release of the Microsoft Mesh SDK, developers will be able to build even more immersive mixed reality applications that are multiuser and cross-platform with HoloLens 2 Development Edition. Learn more about the Microsoft Mesh building blocks by reading our recent blog post, Microsoft Mesh – A Technical Overview.

We look forward to seeing the mixed reality applications you build with your HoloLens 2 Development Edition. Learn how to design, develop, and distribute your apps by visiting mixed reality developer documentation. Stay up to date on the latest developer news by joining our mixed reality developer program.

Why Hyper-V Live Migrations Fail with 0x8009030E

by Contributed | Mar 26, 2021 | Technology

This article is contributed. See the original author and article here.

Hi everyone, my name is Tobias Kathein and I’m a Senior Engineer in Microsoft’s Customer Success Unit. Together with my colleagues Victor Zeilinger, Serge Gourraud and Rodrigo Sanchez from Customer Service & Support we’re going to discuss a real-world scenario in which a customer was unable to live migrate Virtual Machines in his newly set up Hyper-V environment.

In our scenario the customer was trying to initiate a Live Migration for a Virtual Machine from a remote system. This is quite a common scenario, that administrators open the Hyper-V Management console on an administrative Remote Desktop Services server and initiate the Live Migration of a VM between two Hyper-V hosts. The customer got doubts whether this is even opposed to work. Just to rule this one out upfront. Yes, it is opposed to work.

The customer was complaining that this isn’t working for him in his environment even though he set up the delegation correctly and enabled Kerberos as authentication protocol for Live Migrations. The issue wasn’t with a particular Virtual Machine, as all, even newly created VMs failed to be moved to another host. No matter if the Hyper-V Management console or the PowerShell Cmdlet Move-VM is used both fail. The error message returned is “No credentials are available in the security package (0x8009030E)”. The full error message including some additional details is shown below.

Even though the red error message in PowerShell looks a little bit fancier, it is the same error message that is returned telling us that there are no suitable credentials available. So, you can be assured the issue is not with the Hyper-V Management console nor with the Move-VM Cmdlet, because neither of them is working.

There are multiple reasons why Live Migrations fail with the message “No Credentials are available in the security package (0x8009030E).”

The most known cause of this issue is the absence a correct Kerberos Constrained Delegation. Either Kerberos Delegation is missing completely or for single services like in this case for CIFS or the Microsoft Virtual System Migration Service. Also don’t mix up the Microsoft Virtual System Migration Service with the Microsoft Virtual Console Service which can happen quite easily when using ADUC to configure Constrained Delegation as you can see below. The default column size doesn’t show what’s what.

Finding out which Kerberos Delegation entries have been configured is a little bit unclear in the ADUC. An easier way to verify all required entries are present is to run the following PowerShell command.

get-adcomputer -Identity [ComputerAccount goes here] -Properties msDS-AllowedToDelegateTo | select -ExpandProperty msDS-AllowedToDelegateTo

Starting Windows Server 2016 there is the need to select “Use any authentication protocol” when setting up the Kerberos Delegation, instead of “Use Kerberos only”. This is due to some changes made in the operating system that require protocol transition. Protocol transition is only possible if the above-mentioned option is selected. On systems older than Windows Server 2016 selecting “Use Kerberos only” is sufficient. If “Use any authentication protocol” was not selected, Live Migration initiated from remote hosts will fail.

The error message also appears when trying to move a VM and the account that is being used to initiate the Live Migration is member of the Protected Users group. Members of this group automatically have non-configurable protections applied to their accounts. Among other things the user’s credentials are not allowed to be passed along and therefore Live Migration will not work when initiated from a remote system.

Another possibility why Live Migrations fail with this error message is when the user account being used to initiate the Live Migration has the option “Account is sensitive and cannot be delegated” set to enabled. This is sometimes configured to avoid highly privileged accounts to ensure that the credentials of these accounts cannot be forwarded by a trusted application to another computer or service. However, accounts having configured this setting cannot be used to initiate a Live Migration between two Hyper-V from a third machine.

And that’s it. We hope to have shed some light on this topic and the posting was helpful for you. Thanks for reading and never stop live migrating.

Disclaimer
The sample scripts are not supported under any Microsoft standard support program or service. The sample scripts are provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of the sample scripts and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of the scripts be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use the sample scripts or documentation, even if Microsoft has been advised of the possibility of such damages.

[Guest Blog] Leveraging Dynamics 365 and HoloLens 2 to Assist Surgeons in Rural Uganda

by Contributed | Mar 26, 2021 | Technology

This article is contributed. See the original author and article here.

This guest blog was written by Katie Glerum, Global Health Program Manager at Mt Sinai Health Systems. At the recent Microsoft Ignite, Katie shared the inspiring story of how Mount Sinai Health System (MSHS) is using Microsoft technology to bridge the 7,000+ mile gap between MSHS in New York and their partners at the Kyabirwa Surgical Centre (KSC), an ambulatory surgical facility in rural, eastern Uganda. Her session with Payge Winfield received overwhelming interest and tons of questions from attendees eager to learn more about how Mt Sinai Hospital uses mixed reality to bridge the gap in providing critical care to patients in remote villages in Uganda, hence she is thrilled to follow up on those questions in this post. You can also watch her Microsoft Ignite session recording here. 

Thanks everyone for showing up to our session at Microsoft Ignite and asking excellent questions about how we at Mt Sinai Health System (MSHS) are using Dynamics 365 Remote Assist on HoloLens 2 in our facilities across New York and at the Kyabirwa Surgical Centre. For those who have not had a chance to read the full written story about our use case, please be sure to check out this link here: Microsoft Customer Story-From 7,000 miles apart, Mount Sinai and Ugandan surgeons work together in real time, bringing life-saving expertise to rural communities

I wanted to share some of the photos that I had previously shown during the session, just for context:

Some additional background for those who may have not seen the presentation (recording here): Uganda is included among the poorest 35% of the world’s population, which undergoes only 3.5% of all surgical procedures performed annually. This is due to a variety of factors including the fact that for every 500,000 Ugandans there are only three surgeons and one operating room.  

To help address this gap in care, MSHS built a self-sustainable facility in rural Uganda in partnership with the local community. We then leveraged Microsoft technologies to create clinical partnerships between the Ugandan surgeons and surgeons at MSHS, so that all may learn from each other. The comprehensive suite of Microsoft technologies powering these clinical partnerships include:

• Microsoft HoloLens 2 with Dynamics 365 Remote Assist, which allows for remote surgeons at MSHS to assist with surgery happening in Uganda, allowing surgeons in Uganda to work hands-free, with real time support from their colleagues at MSHS who can simultaneously view the live surgery via Microsoft Teams


• Microsoft Teams also serves an additional two purposes: (1) to connect a pathology microscope in Uganda with a MSHS pathologist in NYC, allowing them to perform specimen readings remotely; and (2) to facilitate remote training/assistance during endoscopic procedures


• Microsoft Azure allows us to store patient data securely on the cloud, making it easily accessible by both Ugandan and MSHS clinicians


• Microsoft Power BI provides analysis of patient data stored on the cloud, also making this easily accessible by both Ugandan and MSHS clinicians


• 17 Microsoft Surface Hubs that facilitate intercontinental collaboration and communication (15 in NYC, USA and 2 in Kyabirwa, Uganda)


• Office 365 is used for all our communication and collaboration needs


• Dynamics 365 Business Central powers all our ERP needs

Now to the unanswered questions that I couldn’t get to during the session because we ran out of time (and all of you had SO many awesome questions!) – These all tended to fall within the bulleted categories below. Several questions from folks overlapped, so I picked the most common question themes and hope that I have addressed all of the questions you might have:

Training and Implementation:

• What training is required to get your users up to speed?
  
  
  
  • The technology may be complicated, but the actual usage training is actually quite simple. All surgeons receive an initial two-hour training with the HoloLens 2 headset. This includes the MSHS surgeons, so they can better understand the experience of the Ugandan surgeons, who will be wearing the headset during surgery. Then the MSHS surgeons are trained to use Remote Assist to join sessions and use mixed reality 3D annotations as well.
  
  
  
  

• How are the surgeons using the Kyabirwa tenant with their own teams and Remote Assist licenses?
  
  
  
  • As the question references, this is all done on the KSC tenant, where the operating surgeon is located. The Dynamics 365 Remote Assist licenses are also part of the KSC tenant. This means that the meeting must be set up by someone on that tenant, which is simple because I, as the Global Health Program Manager for the Department of Surgery at MSHS, have an account on the KSC tenant as well. Once they’re let into the meeting as Guest users on the KSC tenant, the MSHS surgeons can annotate in 3D using Remote Assist.
  
  
  
  

• Are there any issues regarding the sterility of the device?
  
  
  
  • The device is viewed similarly to vision corrective glasses that a surgeon may be wearing. It does not require additional effort to maintain sterility. Of course, if an adjustment is required (if it is slipping or something), a surgical assistant in the operating theater will assist, so the surgeon maintains sterility.
  
  
  
  

User Experience:

• What frustrations have surgeons experienced using the HoloLens?
  
  
  
  • I passed this question on to Dr. Joseph Okello Damoi, the lead surgeon at Kyabirwa Surgical Centre and he had three main points of feedback on this which I am sharing in full transparency for your own consideration/evaluation:
    
    
    
    • Head Position: The operating surgeon must hold their head at a different angle than they would otherwise
    
    
    • Battery Life: The battery life doesn’t always last the entirety of a procedure and charging while in use has at times caused the device to overheat and turn off in the middle of a procedure
    
    
    • Accuracy of Drawings: The holographic drawings do a good job of illustrating a point, but precision can be improved
    
    
    
    
  
  
  
  

• Has anyone viewing the HoloLens perspective experienced motion sickness and gotten nauseated or dizzy?

This has not been an issue, and, honestly, I get car sick quite often, so am a good test for this! :)

Technical Concerns:

• How is technical support provided to users in rural locations?
  
  
  
  • We work with both SphereGen, a mixed reality company, and Tellistic, an East African Microsoft partner. With their powers combined, we have not had any issues receiving technical support. Software issues can be addressed remotely by SphereGen, while Tellistic ensures the device is properly configured, connected, and powered on the Ugandan side. At the moment, we ensure that there is representation from both SphereGen and Tellistic on all Remote Assist calls during surgery, in the event of technical difficulties.
  
  
  
  

• Are bandwidth limitations in rural areas a big challenge?
  
  
  
  • The answer is a definite yes! However, having anticipated these challenges, we dug and laid fiber optic cable from the closest city (Jinja, Uganda) underground, a total of seven miles to the facility. This has ensured stable internet connection with a consistent bandwidth of 40Mbps, of which 30Mbps is dedicated and reserved for theater operations including Remote Assist and Teams. Without this set up, the story would be very different.
  
  
  
  

• What do you do to mitigate potential connectivity loss during a procedure?
  
  
  
  • In addition to both the dedicated 30Mbps and ensuring that tech support is engaged and available throughout the entire procedure, we have handheld cameras available as backup should the HoloLens disconnect or fail to connect. In a recent procedure, we had to pivot to these cameras when the HoloLens overheated and forced itself to turn off. It doesn’t happen often, but it’s always good to have backup especially in a surgery!
  
  
  • Currently our internet fiber has no backup, so we are susceptible to a blackout should the cable get cut. However, we are in the process of setting up a wireless link (via microwave transmission) to give us the necessary backup.
  
  
  
  

If you have any additional questions, or would like to learn more about this project, or how to support our efforts, feel free to follow or message me on Twitter: katie glerum (@katieglerum) / Twitter

It is such an honor to be able to share this story. Thank you to Microsoft for the amazing platform, and thank you to my colleagues at Kyabirwa Surgical Centre for allowing me the privilege of assisting in, and sharing their story.

#MixedReality #HealthcareTech