by Contributed | Jun 24, 2021 | Technology
This article is contributed. See the original author and article here.
Update 2106 for the Technical Preview Branch of Microsoft Endpoint Configuration Manager has been released.
You can use Intune role-based access control (RBAC) when displaying the Client details page for tenant attached devices in the Microsoft Endpoint Manager admin center. When using Intune as the RBAC authority, a user with the Help Desk Operator role doesn’t need an assigned security role or additional permissions from Configuration Manager. Currently, the Help Desk Operator role can display only the Client details page without additional Configuration Manager permissions.
Screenshot of RBAC setting
For more information, see Intune role-based access control for tenant attach.
This preview release also includes:
Convert a CMG to virtual machine scale set – Starting in current branch version 2010, you could deploy the cloud management gateway (CMG) with a virtual machine scale set in Azure. This support was primarily to unblock customers with a Cloud Solution Provider (CSP) subscription. In this release, any customer with a CMG that uses the classic cloud service deployment can convert to a virtual machine scale set.
Implicit uninstall of applications – Many customers have lots of collections because for every application they need at least two collections: one for install and another for uninstall. This practice adds overhead of managing more collections and can reduce site performance for collection evaluation. Starting in this release, you can enable an application deployment to support implicit uninstall. If a device is in a collection, the application installs. Then when you remove the device from the collection, the application uninstalls.
Microsoft .NET requirements – Configuration Manager now requires Microsoft .NET Framework version 4.6.2 for site servers, specific site systems, clients, and the console. Before you run setup to install or update the site, first update .NET and restart the system. If possible in your environment, install the latest version of .NET version 4.8. For more information, see Microsoft .NET requirements.
Audit mode for potentially unwanted applications – An Audit option for potentially unwanted applications (PUA) was added in the Antimalware policy settings. Use PUA protection in audit mode to detect potentially unwanted applications without blocking them. PUA protection in audit mode is useful if your company is conducting an internal software security compliance check and you’d like to avoid any false positives.
External notifications – In a complex IT environment, you may have an automation system like Azure Logic Apps. Customers use these systems to define and control automated workflows to integrate multiple systems. You could integrate Configuration Manager into a separate automation system through the product’s SDK APIs. But this process can be complex and challenging for IT professionals without a software development background.
Starting in this release, you can enable the site to send notifications to an external system or application. This feature simplifies the process by using a web service-based method. You configure subscriptions to send these notifications. These notifications are in response to specific, defined events as they occur. For example, status message filter rules. When you set up this feature, the site opens a communication channel with the external system. That system can then start a complex workflow or action that doesn’t exist in Configuration Manager.
List additional third-party updates catalogs – To help you find custom catalogs that you can import for third-party software updates, there’s now a documentation page with links to catalog providers. Choose More Catalogs from the ribbon in the Third-party software update catalogs node. Selecting More Catalogs opens a link to a documentation page containing a list of additional third-party software update catalog providers.
Management insights rule for TLS/SSL software update points – Management insights has a new rule to detect if your software update points are configured to use TLS/SSL. To review the Configure software update points to use TLS/SSL rule, go to Administration > Management Insights > All Insights > Software Updates.
Renamed Co-management node to Cloud Attach – To better reflect the additional cloud services Configuration Manager offers, the Co-management node has been renamed to the Cloud Attach node. Other changes you may notice include the ribbon button being renamed from Configure Co-management to Configure Cloud Attach and the Co-management Configuration Wizard was renamed to Cloud Attach Configuration Wizard.
Improvements for managing automatic deployment rules – The following items were added to help you better manage your automatic deployment rules:
- Updated Product parameter for New-CMSoftwareUpdateAutoDeploymentRule cmdlet
- A script (available in community hub) to apply deployment package settings for automatic deployment rule
New prerequisite check for SQL Server 2012 – When you install or update the site, it now warns for the presence of SQL Server 2012. The support lifecycle for SQL Server 2012 ends on July 12, 2022. Plan to upgrade database servers in your environment, including SQL Server Express at secondary sites.
Console improvements
In this technical preview we’ve made the following improvements to the Configuration Manager console:
- Shortcuts to status messages were added to the Administrative Users node and the Accounts node. Select an account, then select Show Status Messages.
- You can now navigate to a collection from the Collections tab in the Devices node. Select View Collection from either the ribbon or the right-click menu in the tab.
- A Maintenance window column was added to the Collections tab in the Devices node.
- If a collection deletion fails due to scope assignment, the assigned users are displayed.
Client encryption uses AES-256 – Starting in this release, when you enable the site to Use encryption, the client uses the AES-256 algorithm. This setting requires clients to encrypt inventory data and state messages before it sends to the management point. For more information, see Plan for security – signing and encryption.
PowerShell release notes preview – These release notes summarize changes to the Configuration Manager PowerShell cmdlets in technical preview version 2106.
For more details and to view the full list of new features in this update, check out our Features in Configuration Manager technical preview version 2106 documentation.
Update 2106 for Technical Preview Branch is available in the Microsoft Endpoint Configuration Manager Technical Preview console. For new installations, the 2106 baseline version of Microsoft Endpoint Configuration Manager Technical Preview Branch is available on the Microsoft Evaluation Center. Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
We would love to hear your thoughts about the latest Technical Preview! Send us feedback about product issues directly from the console and continue to share and vote on ideas about new features in Configuration Manager.
Thanks,
The Configuration Manager team
Configuration Manager Resources:
Documentation for Configuration Manager Technical Previews
Try the Configuration Manager Technical Preview Branch
Documentation for Configuration Manager
Configuration Manager Forums
Configuration Manager Support
by Contributed | Jun 24, 2021 | Technology
This article is contributed. See the original author and article here.
Heya folks, Ned here again. Today I announced the new SMB over QUIC feature for Windows Server 2022 and Windows Insider at the Windows Server 2022, Best on Azure webinar. If you want to cut right to the chase, head to SMB over QUIC (PREVIEW) on Docs.
SMB over QUIC (Preview) offers an “SMB VPN” for telecommuters, mobile device users, and high security organizations. The server certificate creates a TLS 1.3-encrypted tunnel over the internet-friendly UDP port 443 instead of TCP/445. All SMB traffic, including authentication and authorization within the tunnel is never exposed to the network. Inside that tunnel, SMB behaves totally normally with all its usual capabilities.
Here’s a demo of turning on the SMB over QUIC feature & using it.
To learn more about SMB over QUIC, see demos, and try it out for yourself, head over SMB over QUIC (PREVIEW) on Docs!
– Ned “quick!” Pyle
by Contributed | Jun 24, 2021 | Technology
This article is contributed. See the original author and article here.
Windows Server Azure Edition is a special version of Windows Server built specifically to run either as an Azure IaaS VM in Azure or as a VM on an Azure Stack HCI cluster. Unlike the traditional Standard or Datacenter editions, you can’t install Azure Edition on bare metal hardware, run it under client or Windows Server Hyper-V, or run it on third party hypervisors or within 3rd party Clouds.
Aerial view of a Microsoft Azure datacenter
Whilst there are restrictions on where you can run it, Azure Edition comes with some unique benefits that aren’t available in the traditional “run anywhere” versions of Windows Server. For example, the most noteworthy feature of the Windows Server 2019 version of Azure Edition was that it supports hotpatching. Rather than requiring a reboot each month to complete update installation, hotpatching allows for most monthly updates to be applied without an operating system restart. With hotpatching enabled, you should only need to bounce a server to install cumulative updates that are released every quarter. The only exception to this quarterly cadence will be when an unplanned update is released that addresses a critical vulnerability and that update requires a reboot.
You can find out more about hotpatch for Azure Edition virtual machines at: https://docs.microsoft.com/en-us/azure/automanage/automanage-hotpatch?WT.mc_id=modinfra-33001-orthomas
This week Microsoft has announced that the Windows Server 2022 version of Azure edition is in public preview. In addition to hotpatching and all the new features of Windows Server 2022 such as Secured Core, TLS 1.3 by default, support 48 TB of RAM, 64 sockets and 2048 logical processors, Windows Server 2022 Azure Edition will also exclusively support SMB over QUIC and Azure Extended Network.
QUIC is an IETF-standardized protocol that replaces TCP with a web-oriented UDP mechanism that aims to improves performance and reduce congestion. Unlike TCP, QUIC is always encrypted and QUIC requires TLS 1.3 with certificate authentication. When enabled, a file server with SMB over QUIC functions in a similar manner to a normal SMB file server except that the TCP protocol is replaced by the QUIC. You can configure SMB over QUIC to allow remote file share access without a complicated VPN setup. It also allows you to dodge the problem that some ISPs that block port 445, something that plagued organizations that leveraged the original Azure File Shares.
Ned Pyle gave an overview of SMB over QUIC early last year and you can review his post here: https://techcommunity.microsoft.com/t5/itops-talk-blog/smb-over-quic-files-without-the-vpn/ba-p/1183449?WT.mc_id=modinfra-33001-orthomas
Azure Extended Network uses to running VMs to form a VXLAN portal for IP mobility between Azure and on-premises. VXLAN is a network virtualization technology that encapsulates layer 2 ethernet frames within layer 4 UDP datagrams. When Azure Extended Network is implemented, layer 2 frames can pass between Azure Edition hosts running on-premises in Azure Stack HCI and in the cloud on an Azure Virtual Network.
Windows Server 2022 Azure Edition has just been released in public preview and you can find out more about gaining access to it at: https://aka.ms/AutomanageWindowsServer
by Contributed | Jun 24, 2021 | Technology
This article is contributed. See the original author and article here.
Heya folks, Ned here again. Today I announced the new SMB compression feature for Windows Server 2022 and Windows Insider at the Windows Server 2022, Best on Azure webinar. A proper article will be on docs.microsoft.com in the next 24 hours or so, but I wanted you to get a taste here right away with a demo!
SMB compression allows an administrator, user, or application to request compression of files as they transfer over the network. This removes the need to first manually deflate a file with an application, copy it, then inflate on the destination computer. Compressed files will consume less network bandwidth and take less time to transfer, at the cost of slightly increased CPU usage during transfers. SMB compression is most effective on networks with less bandwidth, such as a client’s 1Gbs ethernet or or Wi-Fi network; a file transfer over an uncongested 100Gbs ethernet network between two servers with flash storage may be just as fast without SMB compression in practice, but will still create less congestion for other applications.
Here’s SMB compression in action!
You can try this out right now, get
Check back for the detailed article, shouldn’t be more than a day or two.
– Ned “smoosh it” Pyle
by Contributed | Jun 24, 2021 | Technology
This article is contributed. See the original author and article here.
Need to present a video to a group of people online, but when you play it on your computer and share your desktop, it’s laggy and dropping frames for others in a Microsoft Teams meeting, or maybe it’s missing the audio track?
In this remote and hybrid working tip, Jeremy Chapman from the Microsoft 365 team at Microsoft will show you a simple trick that will avoid those issues using web streaming along with PowerPoint Live as part of a Microsoft Teams presentation, so everyone can watch your video without lag or missing audio.
He’ll also explain what’s causing the lag or dropped frames when you share a video using desktop or window sharing and give you a step-by-step tutorial so can share videos the right way in your future presentations.
QUICK LINKS:
00:28 — Video playback challenges when sharing your desktop
01:24 — The solution using web streaming
01:58 — Using PowerPoint Live to share and synchronize video playback
02:22 — Demo: adding online videos using PowerPoint on the web
03:34 — Demo: Microsoft Teams meeting experience for the presenter and other participants
04:29 — Demo: Using PowerPoint desktop to add a video from your device
04:50 — Demo: Uploading a local PowerPoint file to enable web-based video streaming in a Teams meeting
05:39 — Closing thoughts and link to similar videos
Link References:
To find more videos in this series, go to https://aka.ms/WFHMechanics
Unfamiliar with Microsoft Mechanics?
We are Microsoft’s official video series for IT. You can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
Keep getting this insider knowledge, join us on social:
Video Transcript:
-So you need to present a video to a group of people online but when you play it on your computer and share it with your desktop, it’s laggy and dropping frames for everyone, or maybe it’s missing the audio track. Well in this remote working tip, I’ll show you a simple trick that will correct these issues so everyone can watch your video without any lag or any audio problems. And because this is Mechanics, I’m going to also explain what’s causing this lag and the drop frames and audio issues when you share a video from your desktop.
-So when you share your desktop with a video playing, you’re fighting a few challenges. First, the video itself is decoding on your screen. So whether that’s a local file or playing from the web, like YouTube or Microsoft Stream, then when you share the video from your desktop, it’s actually going up into the cloud and then sending it back down from the cloud to your audience’s devices, and there it needs to decode the video and they need to be able to watch it. So, as I talk you’re actually seeing the difference between what I’m seeing on the presenter’s machine and what your audience might be seeing with two different connection speeds.
-Now, all these encoding and decoding hops, along with your connection speeds for downloading and uploading and then re-downloading and the content itself contribute to the lag and the dropped frames. Now, I’ve been on a lot of calls even where people have gigabit upload and download speeds, and it’s still going to be problematic. So how do you then solve for this? Well, the key here is to eliminate the number of hops, and we’ll use web streaming for that. Like you’d get natively, for example, using YouTube or Netflix.
-Now these platforms also do something that’s called transcoding which means that they can elegantly drop to a lower resolution and then radically reduce the requirements on connection speeds, really, ultimately to minimize lag. So back to our meeting example, theoretically you could share a hyperlink out for your online video during a presentation, and just ask everyone to follow that link at the same time and watch it. And that would eliminate two hops, but that’s not a great solution.
-There’s a much better way to synchronously stream your content, and the trick here uses PowerPoint along with online video streaming for your video. So it accomplishes the same effect as asking everyone to stream from a link at the same time, all with the benefits of just having one hop. But importantly, you’re in control as the presenter of the timing and the experience. And you can do this with PowerPoint on the web or the PowerPoint desktop app.
-So I’ll start with PowerPoint on the web, and this works with online video and you just need to have the web URL for your video ready. In my presentation, I’ll click Insert, then Online Video. And you’ll see it works for links on YouTube, SlideShare, Vimeo, and even Stream videos. I’m going to paste in the YouTube URL first, and then I’ll hit Insert. And now I’ll stretch it, and fill the entire slide in my case. And you can test this out and everything looks like it’s working. So now I’ll create a new slide. And now I’m going to jump over to Microsoft Stream and I’m going to grab my next video URL. And this is great for internal company presentations, and you can upload your own locally stored videos to it if you have a streaming video that isn’t already hosted somewhere online.
-Next, just find your video. This one happens to have all company permissions so that everyone in my company can play it. Hit Share and then copy that direct link. Now, back in PowerPoint, I’ll follow the same steps from earlier. Click insert, then Online Video and I’ll paste in that URL from Stream, hit Insert again, and then stretch it to cover the full size of the slide, and then I’ll try it out.
-Okay, so let’s see how this works then when presenting in Microsoft Teams for an online meeting. So what I’m going to do now is join a meeting that’s already in progress. And I can see that Megan and Adele are already in my meeting. And I’m recording their experiences on their devices running Teams as well, like I did before. Adele is using Teams with a web client and Megan is using Teams with a desktop client. For my PC, I’m going to click into the share tray, scroll down to PowerPoint Live, and there’s the presentation I was just working on. So I’m going to select it. So when I get to the slides of the videos embedded, I can just hit the play button to start the video. And it works, and you’ll see the video play with Megan and Adele’s screens as well.
-Now everything is synchronized and there’s zero lag for either of them. And I can advance to my Stream video and it works in a very similar way. And I’m playing directly, in this case, from Microsoft Stream. But there is one more thing I want to show you in PowerPoint Rich Client, which is you can also insert videos that are stored on your local hard drive. So I’m going to go ahead and hit Insert, and then video in this device. I’m going to go ahead and choose All Hands and insert that, that’s an MP4 file.
-And now if I go over to Teams, what I can do here is I can actually just either go to my OneDrive and see my recently used presentation right here or I can actually upload it from my computer. Now I’m going to ahead and open that, the offline copy, and you’ll see depending on the file slide, this will take a few moments for it to upload. But when it’s up there, it’ll be streaming as well from the web so you’ve got the same streaming experience even though you’ve uploaded from a local copy of PowerPoint. And there it is.
-And just to be clear, all of these options are also playing audio so you have the full fidelity experience with video and audio streaming directly from the web. even like you see here, using the Rich Client and uploading that file as an offline file as part of the meeting. So the next time that you present a video from a Teams meeting, remember this trick using PowerPoint Live and Microsoft Teams to stream your video directly from the web.
-So that was just another remote and hybrid working tip to help you make your online presentations with video as accessible as possible regardless of your connection speeds or your audience’s connection. For more tips like this, be sure to check out our entire series at aka.ms/WFHMechanics. Subscribe to our channel if you haven’t yet. And as always, thanks so much for watching.
Recent Comments