Friday, July 29, 2016

Vacation time! (2016)

Today my vacation is starting for the next coming weeks. During my vacation there will be no new blogposts as you can guess :) So enjoy yourself (I will do also) and expect a lot of new information and knowledge later this year. There will be lot to write and share about upcoming and already available Microsoft products:

-Windows 10 AE
-System Center 2016
-Microsoft Intune & Azure
-Enterprise Mobility Suite
-Windows Server 2016
-Windows 10 Mobile

I hope to attend the following events too:
-Microsoft Ignite (September 26-30)

-Experts Live (November 22th)

Thanks for visiting my blog and see you later!
It's vacation time now!

Wednesday, July 27, 2016

System Center 2016 and Windows Server 2016 release date

It was known already that both System Center 2016 and Windows Server 2016 were released in Q3 this year. On several blogposts now it's mentioned that both solutions will be launched at the Microsoft Ignite conference in late September. Let's have a look at some highlights of both solutions:

System Center 2016 aims to ease the deployment, configuration, management and monitoring of your virtualized, software-defined datacenter and hybrid cloud infrastructure built on Windows Server 2016. A key goal of System Center 2016 is to improve the performance and the usability of System Center components to enhance your operational experience.

Highlights of System Center 2016 include:
-Support for new Windows Server 2016 technologies, including lifecycle management for Nano server-based hosts and virtual machines, Storage Spaces Direct, and shielded virtual machines;
-Performance and usability improvements, including all the update rollups since System Center 2012 R2, improved UNIX and Linux monitoring, and ability to tune management packs and alerts;
-Native integrations with Microsoft Operations Management Suite to give you expanded analytics, data correlation, orchestration, archival, and hybrid management capabilities.

Windows Server 2016 is the cloud-ready operating system that delivers new layers of security and Azure-inspired innovation for the applications and infrastructure that power your business.

Highlights of Windows Server 2016 include:
-Increase security and reduce business risk with multiple layers of protection built into the operating system.
-Evolve your datacenter to save money and gain flexibility with software-defined datacenter technologies inspired by Microsoft Azure.
-Innovate faster with an application platform optimized for the applications you run today, as well as the cloud-native apps of tomorrow.

Just great to have new functionality coming soon!

Used sources:
System Center 2016 to launch in September
What’s new in System Center 2016 Technical Preview 5
Windows Server 2016 new Current Branch for Business servicing option

Tuesday, July 26, 2016

Now Available: Update 1606 for ConfigMgr Current Branch

Last week (July 22th) the following ConfigMgr version is released: Update 1606 for ConfigMgr Current Branch. With this update new update functionality in ConfigMgr Current Branch can be used finally. No need to install servicepacks or cumulative updates anymore. Just make sure there's a recent back-up and install this version.

This update includes the following improvements:
-Windows Information Protection (formerly EDP)

-Windows Defender Advanced Threat Protection
-Windows Store for Business Integration
-Windows Hello for Business

We’ve also added a number of popular User Voice items, including:
-The addition of content status links in the admin console
-The option of list view for applications in the Software Center
-The ability to select multiple updates and simultaneously install them with the new Install Selected Updates button in the Software Center

For more details and to view the full list of new features in this update check out our documentation on TechNet.

Just great a new version is available now!

Source: ConfigMgr Team Blog

Tuesday, July 19, 2016

How to implement Azure RemoteApp (ARA) for business (part 3)

In an earlier blogpost I explained Azure RemoteApp (ARA) functionality and to publish native and virtual (App-V) applications. Now the story continues with some other device experiences. Therefore I installed the Remote Desktop client on a Windows 10 Mobile, Android phone and iPad 3 device. Let's have a look again.

ARA can be used on a variety off devices. Sounds like a cool scenario to use Windows applications on multiple devices.

On a Windows 10 Mobile you need to install Remote Desktop client and logon. As easy as that. All applications published can be started within a RDP session.

On iOS (iPad) you need to install Remote Desktop client and logon. As easy as that. All applications published can be started within a RDP session.

Besides of the Azure RemoteApp RDP client and Windows 10 Remote Desktop client, you can use the Windows Azure RemoteApp website as well. That's the third option I found to access published applications.

Hope there will be still some development on ARA policies (you won't want to use "Save as" on the RDS host within applications), publish specific applications to users and/or groups, and ugly logon screen during logon.

Hope you like my posts so far on ARA functionality!

Check earlier blogposts:
Azure RemoteApp Part 1 and Part 2

Thursday, July 14, 2016

How to implement Azure RemoteApp (ARA) for business (part 2)

In an earlier blogpost I explained Azure RemoteApp (ARA) functionality and to setup a virtual machine. Now the story continues with a new ARA collection, build on the virtual machine template created earlier. After that applications are published to make them available.

Steps to take:
Create a new ARA collection. You can choose between:
-Cloud based: Create and manage RemoteApp collections running in Windows Azure.
-Hybrid based: Create a hybrid deployment of RemoteApp that uses VNet to connect to your on-premise infrastructure.

The virtual machine template created earlier must be available now.

Choose the new template created and continue. As you can see it's not that hard to create a new collection. This will take even more time now, so be patience again ;)

When done choose "Configure user access" and "Publish RemoteApp programs" to make them available to end users.

Both native and virtual (App-V) applications will be published now. Just select the ones to publish to end users.

Once the applications have been published and user access has been configured, you can then download the Azure RemoteApp RDP client (or use the Windows 10 Remote Desktop client instead).

After you have been authenticated, you will see your published applications (both native and virtual applications) assigned and published to the user. You can then begin to test virtual application behavior in Azure RemoteApp.
They will be added to the local start menu automatically, which is very cool if you ask me :-) Applications are integrated seamless, where you cannot seen if they are installed locally, or added by ARA. No locally installed App-V client is needed as well.

Check the Roadmap too:
-What's coming in Azure RemoteApp
And remember: with added value like the "Ability to publish individual applications to specific users" it will be even better :-)

Wednesday, July 13, 2016

How to implement Azure RemoteApp (ARA) for business (part 1)

For a customer environment it was needed to offer applications to local devices, without using a local infrastructure. Because Microsoft Cloud is the way to go, I was thinking about Azure RemoteApp (ARA). Let's have a look at the solution and how to implement it for offering applications. It is not that hard to setup.

ARA helps employees stay productive anywhere, and on a variety of devices (Windows, Mac OS X, iOS, or Android). Your company’s applications run on Windows Server in the Azure cloud, where they’re easier to scale and update. Employees simply install Remote Desktop clients on their (Internet-connected) PC, Mac, tablet, or phone and then access applications as if they were running locally. Sounds easy isn't it?

Pro's and cons:
-ARA is available in the old Azure portal only (for now). It will be available in the new Azure portal later this year.
-Applications within a single collection can be offered to specific users or groups only. Not possible to divide them to different users or groups. This will be available in the new Azure portal later.
-Deploying virtual (App-V) applications within ARA isn't supported by Microsoft. It is working, but not a recommended option. This will be supported in future in the new Azure portal.
-Deploying virtual (App-V) applications within ARA is supported in hybrid collections only. When using cloud collections this isn't the case. It is working, but not a recommended option.

Steps to take:
-Open the Azure portal, go to virtual machines and create a new "Windows Server Remote Desktop Session Host" from template. Choose the configuration wanted and wait for it to complete.
-The applications needed can be installed native or may be virtual (App-V) as well. Make sure the App-V Client for Remote Desktop Services is installed too, when App-V packages are used.
-To register App-V packages for later usage, use the following command(s): Microsoft TechNet. Don't start them yet, otherwise delete data in the local VFS Folder (%LOCALAPPDATA%\Microsoft\AppV\Client\VFS) for sure.

When ready start ValidateRemoteAppImage.ps1 on the desktop. This script will check for errors and start Sysprep afterwards. The virtual machine will be stopped afterwards.

Choose to capture the virtual machine afterwards (Capture button).

Go to RemoteApp now and "Add a new template image". The virtual machine captured before must be available now. This will take some time, so be patience ;)

That's it for now. In a next blogpost I will continue creating a new ARA collection, and publish some applications.

Check weblinks:
-Using App-V apps in Azure RemoteApp
-Create a Azure RemoteApp image based on an Azure virtual machine
-Capture an image of an Azure Windows virtual machine created with the classic deployment model
-App-V: On App-V Applications Hosted in Azure RemoteApp

Update 14-7: Change on virtual (App-V) applications. Thanks to @ArjanVroege and @fberson for comments.

Thursday, July 7, 2016

Lessons learned from WMUG and SCUG last month (part 2)

Last month (June 2016) I went to both Windows Management User Group (WMUG) and System Center User Group (SCUG). Both with great sessions and speakers. On WMUG both Mirko Colemberg and Mike Terrill were speaking. On SCUG I listen to Pieter Wigleven, Stefan van der Wiele, Mirko Colemberg and Peter Daalmans. Let's have a look at some notes taken.
SCUG #1 (Pieter Wigleven)
-Windows 10 enrollment options: Join devices to Azure AD, Password reset, Require multi-factor, Sync settings, Application proxy
-Apps like Twitter (for example) can be installed automatically
-Windows Information Protection policies within Intune standalone (AKA Enterprise Data Protection)
-Edition upgrade policy Pro > Enterprise (or the other way around) with a provisioning package

-Wi-Fi profile and Defender block (within Intune policy)
-Use (access panel) for additional apps (with SSO support)
-Deploy Line-Of-Business (LOB) apps via Microsoft Business store
-Add x86 software to Microsoft Business store (future usage)

-When using BitLocker encryption policies, the recovery password will be kept in Azure too.
-No Direct Access support in Azure till now, but Auto-VPN instead.

SCUG #2 (Mirko Colemberg)
-Session on Microsoft Advanced Threat Analytics (ATA) and Windows Defender Advanced Threat Protection (ATP)
-Story (ATA): 200+ days. That's the average amount of time that attackers reside within your network until they are detected, gathering classified data and information, waiting to strike at just the right moment. Microsoft ATA helps you identify breaches and threats using behavioral analysis and provides a clear, actionable report on a simple attack timeline.

-Story (ATP): Protecting our enterprise customers has never been more challenging. Security threats are increasingly brazen and highly sophisticated. A new Windows 10 service that helps our customers to detect, investigate and respond to targeted and advanced attacks on their network.
-Source: Microsoft ATA & Microsoft ATP
-Microsoft ATA is only for information, not for protection. Maybe it will be combined with Defender in future.
-Windows Defender ATP policies will be in SCCM (next build), but is not in Intune available at the moment.

SCUG #3 (Peter Daalmans)
-Start with ConfigMgr 1511 during clean install or upgrade. Don't use build 1602 for this. Possible but not recommended!
-Since ConfigMgr Technical Preview (1511) there was an update every month (with new features)! Very good job Microsoft.
-New ConfigMgr Current Branch builds needs to be installed within a year, to be supported. No LTSB version available.
-Use the service connection tool for new ConfigMgr builds, when in offline mode or behind a proxy. Cool stuff! >
-After 1602 it's not possible to upgrade or install newer builds directly. It will break ConfigMgr and missing features!

More on Servicing here: Promote the ConfigMgr client in Current Branch (1602)

More about WMUG and SCUG sessions HERE.

Tuesday, July 5, 2016

Remote configuration failed on WSUS Server (part 3)

Another post on the error message "Remote configuration failed on WSUS Server" with ConfigMgr and WSUS. This time the error message came back multiple times, so software updates cannot be synchronized anymore. Both solution mentioned on my other blogposts weren't working here:
- Remote configuration failed on WSUS Server (part 1)
- Remote configuration failed on WSUS Server (part 2)

When looking in Site and System status the following is seen: WSUS Synchronization failed. Message: WSUS server not configured. Please refer to WCM.log for configuration error details..

When looking in WCM.log: Remote configuration failed on WSUS Server.
When looking in wsyncmgr.log: Sync failed. Will retry in 60 minutes

The solution for this is not that hard. Open WSUS console first. You will see that WSUS isn't working at the moment. "Reset Server Node" isn't helping here.
Open Server Manager > IIS Manager > Application Pools. You will see that Wsuspool is stopped. Starting the pool will solve the issue temporary. Don't start it yet, but configure it first!

Just open Advanced settings on Wsuspool instead, and change the memory value there. This is needed to make sure the same error will not come back after a few days.

Change the Private Memory Limit to 4GB (4000000 KB). The default value is 1843200 KB here. After that Application Pool must be started manually. When things are okay now, WSUS is working again.

Happy with this easy solution!

Source: Microsoft

Monday, July 4, 2016

Lessons learned from WMUG and SCUG last month (part 1)

Last month (June 2016) I went to both Windows Management User Group (WMUG) and System Center User Group (SCUG). Both with great sessions and speakers. On WMUG both Mirko Colemberg and Mike Terrill were speaking. On SCUG I listen to Pieter Wigleven, Stefan van der Wiele, Mirko Colemberg and Peter Daalmans. Let's have a look at some notes taken.

WMUG #1 (Mirko Colemberg)
-Integrate Windows Store for Business (WSfB) in ConfigMgr 1605TP or 1606 directly. Just advertise them within ConfigMgr directly.
-Assign to users or user groups? Also for user groups! (WSfB)
-Wsreset.exe = reset the store (when it's malfunction)
-You can drawback apps too! Then the user cannot open the app anymore.
-Block Windows 10 Public Store using Microsoft Intune (but still allow the business store) > Microsoft
-Integration in MS Intune available, all apps are visible there too! Just advertise them within MS Intune directly.
-Use for creating LOB apps yourself.
-Some Windows 10 apps are for Mobile usage only, others for Desktops usage.
-Apps can be used online and (sometimes) offline. It depends..
-Use PowerShell for adding APPX packages, not the CM or Intune wizard.

More on WSfB here: Using the new Windows Store for Business for apps on Windows devices

WMUG #2 (Mike Terrill)
-Using Resource Explorer to watch BIOS and UEFI information on Dell, HP and Lenovo systems.
-For Windows 10 Redstone you need ConfigMgr Current Branch, not 2012 (R2) anymore (because not supported)
-Using 1507 (RTM) or 1511 boot images? Hotfix needed for 1511, so better use the 1507 bits.
-Upgrade BIOS versions during task sequence possible! Need to test this myself first, and report later.
-Download package content > task sequence working directory (for reference packages)
-Dell systems: Use Dell Client Configuration Utility > Download
-HP systems: Use HP BIOS Configuration Utility > Download
-Lenovo systems: Use BIOS Deployment Guide > Download
-New dynamic variables available within ConfigMgr builds
-Using 1E’s Free Tools > Download

More on UEFI here: Choosing between BIOS (Legacy) or UEFI during deployment

Stay tuned for more information in a next blogpost!