Microsoft

Blog Categories

Subscribe to RSS feed

Archives

Follow Microsoft Technologies on Pinterest

Ignite 2015 – Introducing Azure Service Fabric

Service Fabric is a state-of-the-art distributed system that allows developers to easily build and manage Internet scale services. Translation = this is the underlying system that powers Azure services such as: Azure SQL, Bing Cortana, Intune, Skype for Business, Event Hubs, PowerBI, and many other core infrastructure in Azure.

And Microsoft just released it to the public. WHOA!

Yesterday I went to a session presented by Gopal Kakivaya, Corporate Vice President, at Microsoft. He has been leading the implementation of the Azure Service Fabric for the last 5 years. Over that time, his team has worked to fine tune and perfect the concepts necessary to implement this service. Read the rest of this post »

Threat Resistance in Windows 10 – Ignite 2015

Enterprise and Personal Security Model revolves around:

  • Identity protection
  • Info protection
  • Threat resistance

Windows 10 addresses the threat resistance in the following three ways:

1. Windows Hello (will use fingerprints, facial recognition and biometrics.)
Unlocks your device with biometrics and gives access to your MS passport

2. EDP (Enterprise data protection)
Enrollments –> Data Ingress (everything gets protected at this file level) –> Data Genesis and Use –> Data Egress (RMS) –> Data Wipe

3. Device Guard

  • Enables Windows desktop to be locked down to only run trusted code
  • Resistant to tampering by an admin or malware
  • Requires special device configuration by either the OEM or IT

Exchange Hybrid – The Unspoken Limitations That You Should Know

During the inaugural Microsoft Ignite conference, I was selected to present a “community theater” session; my session was titled “Exchange Hybrid – The Unspoken Limitations That You Should Know”.

The idea around this session was the we should always know the capability of a technology before deploying it into production. The earlier we can identify any limitations, the earlier we can communicate them to our project sponsors and end users. In some cases, communication is the only workaround necessary for the limitation, in other cases there are existing workarounds that can be helpful; I have identified some of these workarounds in the presentation slide deck below.
Read the rest of this post »

HUGE Improvements Announced for SharePoint 2016 – Ignite 2015

Bill Baer today shared and announced some significant changes coming up in SharePoint 2016.

To quote him:

“SharePoint 2016 is the most durable version shipped till date.” (tweet this)

These announcements are very welcoming, not only from a IT admin perspective but also for the end user (file size, list threshold etc.) This might be the best SharePoint version to date.

TOPICS
• Management
• Reliability, performance, scale
• Insights and data
• Cloud accelerated experiences

Management
Convergence
Code base – took a cloud snapshot of SPO. Brought a lot of SPO investments back to on-premises (the one which couldn’t be brought will be covered by cloud accelerators.) Cloud down codebase based on SPO. Backported capabilities for on-premises differentiators

Hardware Reqs
Single – 16-24 memory; x64 processor; 80 GB disk
Farm – 12-16 GB RAM

Pre Requisites
OS
Windows Server 2012 R2, WS 2010

Services
.NET Framework 4.5.2
Windows Server App Fabric
Provides in memory distributed caching
MS Information Protection and Control Client
WCF Data Services – enables creation and consumption of services

Database– 64 bit of SQL 2014
Deployment – unchanged from SP 2013

NOTE: Standalone installations will no longer be supported (Single Server Farm does not include SQL Server Express)

Upgrade – Attach SP 2013 DB to SP 2016. (For SP 2010 scenarios -Upgrade 14.5 mode (SP 2010 mode) site collections to 15 mode)
Migration – Migrate content to SP 2016

NOTE: The services that don’t exist in SPO will be backported to SP 2016 like PerformancePoint

Identity
SAML authentication becomes a first class citizen (default). Normalizes on OAuth and JWT/SAML with WSFED
(Apps will trust Azure AD) (Moving away from windows identity and moving towards cloud based)

SMTP Connection Encryption
Supports sending mail to SMTP servers using STARTTLS connection encryption
No fallback support for unencrypted connections
SMTP can use non-default ports (no more relying on port 25 for mails)

Performance and Reliability

MinRole (Roles and services)
Four discrete roles –
• User services – Any requests coming from the end user will be handled here like sync client; onenote; user profile; page rendering; excel services; sandbox. code; project; subscription settings. These are optimized for low latency
• Robot Services (Application Services) – not end user initiated like provisioning; timer jobs; search. Optimized for high throughput
• Specialized Load – reserved for services that needed to be isolated from other services like 3rd party
• Caching Services – supports for distributed cache (load balances request from end user)

New Role Screen -Specify Server Role (in config wizard) like special load role (third party solutions); web front load role; search; application; distributed cache

NOTE: For automated deployments – use -IsLocalServerRole <RoleName> from PSConfig commandlets to assign role to a server
NOTE: Chose specialty load role for assigning multiple roles to a server

Role Enforcement and Health
Health rule will scan each server in the farm daily (except special load)

Central Administration
New columns in the “servers in farm”- Role; In Compliance (yes or no) with fix button (in cases where one server is assigned multiple roles

PATCHING
Zero downtime patching – 2 MSI’s per service and 1 MSI’s per language pack. Smaller update footprint.
You can install patches middle of day online w/o stopping services.

Boundaries (HUGE HUGE)
Content DB – probably sizing into TB’s
Site Collection per Content DB – 100,000 site collections per content DB
List threshold – well beyond 5000
File Size -10 GB and removed character restrictions
Indexed items – 2x increase in search scale to 500 million items

Performance
Download – byte range HTTP Gets
Upload – BITS specific block-based upload protocol
*Moving away from file sync
Fast site creation – simply copies site collections with SPSite. Copy from already created templated site collections. Mitigation of feature activation.

User profile service
Removed built in FIM service and supports external FIM service.

Durable Links (BIG)
Renaming or moving files in earlier versions broke the link. With SP 2016 links will use Resource ID based URL’s. URL remains intact with rename and move. Enables discrete Url on visibility. Moving between site collections or sites will not change the URL

Insights and Data
Real time telemetry – real user monitoring for Services, Actions, Usage, Engagement, Diagnostics

Compliance
Classification ID – complex query based on complex predicate. 51 classification ID’s OOB provided for SSN, license #, etc.
You can now use Azure RMS and eDiscovery for on-premises SharePoint.

Search Service Application
New application will provide support for Office Graph/Delve. Unifies on-premises and cloud indexes.

Extranet
Site publishing – leverages Office 365 Identity federation services

Team Sites
Hybrid scenarios – Be inclusive of both online and on-premises. e.g. when you follow documents online you should be able to see the same on-premises too.

I am sure you are as excited as I am to get your hands on this new, improved and well-designed version.

New Capabilities in Azure Storage – Ignite 2015

ignite main

New Design Patterns

  • Application Layer Encryption
  • Encrypt storage data in your apps – auto encrypt and decrypt prior to receiving and after receiving storage. Key vault service is integrated for users to send their keys.
  • Seamless integration – blobs (full blob upload)
  • Direct Data Access (enables clients to access storage directly) using delegated AuthZ
  • Shared access signature – Isolate containers, blobs, storage to set read/write permissions and set a time period for access, IP (address or range), Protocol (http or https)
  • Large Scale Append
  • New blob type called AppendBlob – Optimized for large scale logging scenarios
  • High Availability Apps

Read only access to secondary delivers 99.99% on reads (code needs to support a read only mode)

Premium Storage is available now

Coming Soon

  • Tech support now available for Azure Files
  • Storage support for new resource manager
  • Client Side encryption library
  • iOS Client Library

Next-Gen Information Protection Announcements – Ignite 2015

The following are my notes from the Next-Gen Information Protection announcements at Microsoft Ignite 2015.

Microsoft thinks about security in three ways:

  • Being pervasive
  • Transparent
  • People-centric

Pervasive – policy applied to data level (when its created inside the ecosystem)
so it goes with data across devices.

Unified compliance – running data through compliance center across email, SP, messaging, etc.

Pervasive -Admin goes to compliance center
Sets up files and links with security
User opens links received via email. Malicious links redirect user to a threat warning page blocking access. Read the rest of this post »

New SharePoint Online Migration API Announcement – Ignite 2015

The single biggest benefit of this new Migration PowerShell API is speed. Close to 5 times faster than CSOM calls. The new API was released today and is available for public consumption.

An Overview

  • Source – file share, SharePoint on-prem, potentially any other data source
  • Package – create package for the API to be able to accept it
  • Azure temporary holding storage – use power of Azure to bring content faster in MSFT network
  • SharePoint /OD4b final destination – timer job based import in a scalable way that will not hurt the service using back-end resources

Who is it for?
IT admin and developers Read the rest of this post »

Office 365 Groups Roadmap Announcement – Ignite 2015

ignite main

You will find some exciting announcements and investments, but before we discuss the future roadmap, let’s dive in to background and benefits of Groups.

The world has changed

Earlier – Information moves slowly. Fixed workforces; siloed teams. Believed in command and control
Now – information travels fast. Leverage the on demand; global talent pool. Always mobile, always moving. Collaborate easily, often and always. Grow up on social networks. They believe in Learn and adopt

The rise of dynamic teams
• Modern collaboration
• Intelligent fabric (office graph and Office 365 groups)
• Personalized insight

Benefits of Groups
1. Single Definition – Groups is definition of team.
2. Public by Default – Enable quick discovery of information in a simple way.
3. Sharing to Non Members –
4. Self Service – It works on demand.
5. Context & History – e.g. New member joining the team
6. Simple to manage

Groups works on Azure AD and works across Outlook, OD4B, OneNote, Calendar, Skype, Dynamics CRM, Delve, Yammer (future ~ 2016) Read the rest of this post »

Ignite 2015 – DevOps Strategy, Visual Studio Online Announcements

ignite mainFor my first session at Microsoft Ignite Conference 2015, I chose DevOps as a Strategy for Business Agility by Brian Harry, Microsoft Technical Fellow and he serves as the Product Unit Manager for Microsoft Team Foundation Server. I must say, it was a great choice.

Brian kicked off this amazing session with only a few, very short slides, explaining the benefits of DevOps and apologizing that the title was not completely accurate. Brian did discuss the strategy and why DevOps is extremely important, however he understood his audience was much more interested in all things Visual Studio Online and Team Foundation Server.

(If you want to know more about DevOps and how it can help transform your business, email me)

As head of the TFS team, Brian is in a unique position to share how he manages his team and runs his development life cycle. Read the rest of this post »

Fast Track your Office 365 Deployments with Centrify

This guest post comes courtesy of our partner, Centrify.

Whether you are an SMB with hundreds of users or a large enterprise with tens of thousands of users, when it comes to making Office 365 deployments to be effective, it must be scalable to on-board existing & add new O365 users quickly and thereafter enable easy access to all users anytime, anywhere, and on any device.

This leads into several challenges:

  1. User provisioning – do I as the IT admin have to manually add hundreds or thousands of my employee accounts, assign their licenses, and manage their roles and access controls within these cloud apps?
  2. Easy 1-click access – will I as the end user have to supply my login credentials every time I try to access Office 365 wherever I am?
  3. Secure mobile access – If I do find a Single Sign-on (SSO) solution, how can it protect all the devices on which I would access Office 365 from, in the wake of those devices’ theft or compromise?

Thanks to Identity-as-a-Service (IDaaS) solutions, IT and end users can experience:

  • Seamless integration with Active Directory and Office 365
  • Automatic user provisioning from Active Directory based upon roles & groups
  • Policy and role based access by location, time and device
  • Password-free secure login to any SaaS app from anywhere
  • Secure management and support for any mobile device
  • All through a single, centralized IT management console

Meet the Centrify IDaaS solution — built on Microsoft Azure.

Azure Centrify

Read the rest of this post »