Tomorrow I will be joining a group of international community rock stars at the very first edition of the Lowlands Unite event in the Netherlands.
This full day event has two tracks: one for EMS / ECM and one for Azure / OMS / System Center. I will be presenting in the first track.
Topic for my session will be Microsoft Advanced Threat Analytics (ATA). This is the session abstract:
Nowadays the topic of cyber-security has moved from IT and the datacenter to the highest levels of the boardroom. Attacks and threats have evolved significantly and have grown substantially in frequency and severity. Research shows attackers reside within a network undetected for months and stay below the radar of the IT security department. In many of those attacks, attackers compromise user credentials and use legitimate IT tools rather than malware to reach their objectives. In this session, we deep dive into Microsoft’s security product addition to the EMS Suite: Advanced Threat Analytics (ATA) . ATA helps to uncover and identify security breaches before any damage is actually caused. Learn how to design and implement ATA and see it in action using some real world examples.
Interested? It is not too late to join – registrations for this free event are still open!
More details can be found here.
Hope to see you there!
Topic will be Advanced Threat Analytics (aka ATA). During the session I will cover the product architecture, how to design and setup an ATA infrastructure, and of course show the product in action during some live demos.
Before wrapping up the session my fellow MVP and SCUG member Kenny Buntinx will also talk about Windows Defender Advanced Threat Protection (aka ATP) which is a related Microsoft security product which also helps to detect, investigate, and respond to advanced and targeted attacks.
Interested in getting to know these 2 products? Registration is still open!
More details here.
ITDevConnections – Session Debrief – The right steps to the right upgrade path from ConfigMgr 2012 and Server 2008
As promised a quick debrief on our ITDevConnections session about upgrading your Configuration Manager infrastructure and all related components.
Here are a couple of articles and tools we brought up:
- For updating the content source locations there are tools and scripts available on Technet Gallery. An good tool is the ConfigMgr Content Source Update Tool from Nickolaj Andersen.
- When upgrading to SQL 2014 or SQL 2016 make sure to look at KB3196320 to avoid performance issues and slow consoles. This was also published on the ConfigMgr Team blog.
- Automate fixing boot images : Building new boot images with the hotfix for WinPe based on 10.0.10586
- For Windows 10 support remember KB3095113 for WSUS 4.0.
Thank you for attending the session and make sure to leave feedback!
Until next time.
This edition I have the following things on the agenda:
- Holy Hybrid – Extending Your ConfigMgr Capabilities into the Cloud
- The Right Steps to the Right Upgrade Path from ConfigMgr 2012 and Windows Server 2008
- The New ConfigMgr Servicing Model in Depth
- Workshop: How You Can Digitally Transform Any Organization
For the pre-conference workshop I will be teaming up with fellow MVP’s Peter Daalmans and Kenny Buntinx. The breakout sessions I will be delivering with Kenny as well.
If you are attending make sure to stop by one of our sessions and say hi!
The mail announcing that I have been awarded the 2016 Microsoft MVP Award just came in!
I am looking forward to my third year as an Enterprise Mobility MVP. It is truly an honor to be part of this great community – thanks again to all of you who have been very supportive in the past twelve months!
Time to celebrate!
When running Configuration Manager current branch 1606 you might run into a situation where you cannot modify the language configuration of a site. The option is simply greyed out, preventing you from adding any client or server languages.
The reason to why this is happening can be found in the ConfigMgrSetupWizard.log (hat tip to fellow MVP Roger Zander for pointing this out). Here we see an entry indicating that setup detected that client piloting is enabled for the site and as a result the modify language configuration option will be disabled.
So if we want to make any language modifications we need to promote the pre-production client to production first. This can be done in the administration workspace in the updates and servicing node.
Once the previous step is completed we can run the Setup Wizard again and in Site Maintenance the modify language configuration option is no longer greyed out. Adding client and server languages is possible.
Conclusion: you cannot change the language settings as long as the pre-production package has not been promoted.
The underlying reason for this is that we cannot apply language pack MSP files for the newer client to an older client version. When in piloting mode the new binaries have been updated everywhere, except for the client folder for production. Adding new client language packs would copy the newer language pack MSP files from cd.latest to the client folder that still has an older client version. These language pack files are not compatible with that older client – and as a result would be deleted.
Hope it helps!
Time for another feature highlight in Configuration Manager Current Branch (CB) 1606. For this post we will focus on the pre-release feature consent which is required as of update 1606.
As you will learn later in this post this just requires you to tick one single checkbox but before doing so there are some important things (and consequences) to take into account.
What are pre-release features?
As stated by Microsoft : Pre-release features are included in the product for early testing in a production environment, but should not be considered production ready. Also – according to the docs - there is no guarantee these features will be stamped production ready – there is a chance they never evolve beyond the pre-release state.
In the updates and servicing node the feature type column will indicate whether a feature is pre-release or not.
Note 1: yes – I did also notice the anomaly with the Conditional Access for Managed PC’s feature. Not sure why the name indicates pre-release and the feature type says release.
Note 2: the Windows Store for Business Integration feature is listed as a release feature but you cannot enable it. Bottom line: it behaves like a pre-release feature so you can only enable it if you have giving consent to pre-release features.
How to give consent to use pre-release features?
Giving consent is done through the hierarchy settings as shown in the screenshot below.
Important: this is a one time action which cannot be undone. Once enabled the entire section of the dialog box is greyed out – you can not uncheck the box.
Once you have given consent you can enable pre-release features in 1606 from within the Updates and Servicing node. For future releases this can then also be done through the wizard when you are actually installing the update
What happens if we do not give consent?
When installing an update in the future, the pre-release features will be visible in the Updates and Servicing Wizard but will be greyed out. They cannot be enabled.
Once the update is installed the pre-release features will be visible as well – but we cannot turn them on until consent has been given in the hierarchy settings. This is shown in the screenshot below.
That’s it for this feature highlight – up to you to decide whether or not to enable this in your production environments.
Until next time!