End of synchronization for WSUS 3.0 SP2

by | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

On October 31, 2021, Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2) will no longer synchronize and download updates. 


WSUS is key to the Windows servicing process for many organizations. Whether being used standalone or as a component of other products, it provides a variety of useful features including automating the download and installation of Windows updates.


Extended support for WSUS 3.0 SP2 ended on January 14, 2020, in alignment with the end of support dates for Windows Server 2008 SP2 and Windows Server 2008 R2. It is, however, still possible to synchronize and download updates from Microsoft using WSUS 3.0 SP2.


WSUS relies on several different components for secure communication. The protocol that is used for a given connection depends on the capabilities of the associated components. If any component is out of date, or not properly configured, the communication might use an older, less secure protocol. Microsoft is transitioning all endpoints to the more secure TLS 1.2 cryptographic protocol. WSUS 3.0 SP2 does not support this newer protocol. As a result, any organizations still using WSUS 3.0 SP2 must migrate to a currently supported version of WSUS by October 31, 2021.


For guidance, see Deploy Windows Server Update Services.


 

Experiencing Data Latency issue in Azure Portal for Many Data Types – 05/20 – Resolved

by | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

Final Update: Thursday, 20 May 2021 12:25 UTC

We’ve confirmed that all systems are back to normal with no customer impact as of 05/20, 11:50 UTC. Our logs show the incident started on 05/20, 11:21 UTC and that during the 29 minutes that it took to resolve the issue some of the customers may have experienced data latency issue in China East 2 region.
  • Root Cause: The issue is because of sudden increase of the requests in one of our dependent service.
  • Incident Timeline: 29 Minutes – 05/20, 11:21 UTC through 05/20, 11:50 UTC.
We understand that customers rely on Application Insights as a critical service and apologize for any impact this incident caused.

-Srikanth

Microsoft Identity Platform community call – April 2021

Microsoft Identity Platform community call – April 2021

by | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

EventHubBlockDiagram.png


 


Call Summary:


This month’s in-depth topic:  Get Change notifications delivered via Azure Event HubsBrief introduction to Graph change notification (webhooks) and Change notifications delivered via Azure Event hubs.   Microsoft Program Manager presenters – George Juma and Kalyan Krishna.  This session was delivered and recorded on April 15, 2021.  Live and in chat Q&A throughout call. 


 


 


In-depth topic:


Get Change notifications delivered via Azure Event Hubs


 


A new Microsoft Graph platform capability gives developers using change notification features in Microsoft Graph the option to get change notifications delivered to their applications more quickly and at scale using Azure Event hub.   With Microsoft Graph, changes (in data in Microsoft Graph) are tracked with webhooks, a.k.a., change notifications.   Presently you get change notifications via a API REST end-point exposed on the internet. 


 


Azure Event Hub is a real-time events ingestion and distribution service built for scale.  Ideal for high throughput (no dropped notifications due to timeouts), no public URL (security), no missed notifications if temporally off-line.    Operationally, Microsoft Graph Change Tracking places notifications in Event Hub and your app retrieves messages from Event Hub rather than from publicly exposed end points on the internet.   You need not poll for changes, change notifications are pushed to your app.  You need only subscribe to notifications.     


 


In the end-to-end demo, the presenter steps through app registration, provisioning of an Azure Event Hub, an Azure Storage and a container, add a Shared Access Policy, create an Azure Key Vault (secure connection strings), add subscription connection string and IDs of resources to the app.    


 


Resources:


 



 


Actions:  



 


Stay connected:



 

Microsoft Graph community call – May 2021

Microsoft Graph community call – May 2021

by | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

TitleSlideThumbnail.png


 


This month’s community call features presentations on Application Consent Deep Dive (demystifying permissions and consent when accessing Microsoft Graph) and on Considerations for Creating Online Meetings (Integration into Outlook or into other 3rd party experiences).  Q&A in this call after demos, at end and in chat.  The call was hosted by Brian T. Jackett (Microsoft) | @BrianTJackett. Microsoft Presenters were Philippe Signoret and Fabian Williams.  Recorded on May 4, 2021.


 


Topics:


App Consent Deep Dive – demystifying permissions and consent when accessing Microsoft Graph.  Most Graph permissions allow access to lots of data.  Learn how apps and services access Microsoft Graph resources – application permissions and delegated permissions, requesting permissions, granting permissions, and restricting data access scope.  General concepts – direct access, access on behalf of user, app and user authorizations, permission types, service principals, consents and more.


 


Considerations for creating Online Meetings – Based on specific meeting requirements, create an Online Meeting through the Calendar Events API or through the Cloud Communications API (Teams).  Step through 7 questions to ask yourself to decide when to use what method.  The decision is largely based on the need for a rich integrated Microsoft client (Outlook/Teams) experience vs 3rd party application integration including Microsoft chat integration.       


 


 


Actions:



 


Resources:


From demos:



From Q&A



 


General Resources: 



 


Stay Connected:



 

Microsoft Endpoint Manager and Delivery Optimization

Microsoft Endpoint Manager and Delivery Optimization

by | May 20, 2021 | Technology

This article is contributed. See the original author and article here.

Microsoft Endpoint Manager and Delivery Optimization



 


Hello everyone! I´m Stefan Röll, Customer Engineer at Microsoft Germany for Microsoft Endpoint Manager. In my last Delivery Optimization Blog, I wrote about how you can test Delivery Optimization in your Organization. After many discussions with customers, I have noticed that it is not always clear when Delivery Optimization can be used, so I made a couple of tests and here are my results.


 


TL;DR


Delivery Optimization can be used to optimize setup and update downloads for various products. However, it is important to understand in which scenarios it can be used to optimize traffic. The table below will give you a quick overview. For more details continue reading.


 


What is Delivery Optimization?


Delivery Optimization (DO) is a service that consists of multiple components. It has the goal to minimize the traffic that is downloaded from internet to your internal network by caching and sharing content internally.


The Delivery Optimization service is hosted in the cloud and the Delivery Optimization downloader on Windows 10 uses information provided by the cloud service to find peers in the local network.


However, the Delivery Optimization Downloader can also be used to download Content without seeking for Peers or without contacting the cloud service.


For example, in VPN scenarios the Delivery Optimization Downloader is still downloading the content, but not sharing content with peers.  When a different download method like Background Intelligent Transfer Service (BITS) is used, the download will never be optimized via Delivery Optimization.


 


What is Microsoft Connected Cache?


Microsoft Connected Cache (MCC) is an extra component that you can install in your company network. It provides an additional caching source inside your network for your clients to have even better caching results. Right now, the MCC is only available as an additional component on Configuration Manager (ConfigMgr) Distribution Points but might be available as standalone container in the future.


The challenge with MCC is that clients need to find this caching server. In a ConfigMgr environment it can be automatically configured via the Boundary Group configuration.  If you don’t use ConfigMgr, you can manually configure the MCC to be used by clients via Group Policy or Configuration profiles in Intune.


However, these entries are always static and not ideal for roaming clients. But the solution to this is already here. For Windows 10 2004 and above you can configure an DHCP Option to provide the clients the nearest MCC.


 


Which content can I download over Delivery Optimization?


Now the things can get a little difficult. It is always important to remember which downloader is used for content – DO or BITS.


ConfigMgr uses BITS by default but can be forced to use DO in some scenarios.


Windows Update in Windows 10 uses DO by default – every content that is downloaded via the Windows Update agent can be optimized via DO.  Office Click2Run (2019 + 365) can use DO since version 1912 for the installation. Office Updates work with DO for quite a while now.  Unfortunately, not everything works with MCC yet, so let’s get into the details:


 


 



















































Product



Workload managed via Intune



Workload managed via ConfigMgr



Microsoft Updates



DO + MCC

DO 1



Windows 10 Upgrades



DO + MCC

DO (via Servicing) 1



Office 365 Installs



DO + MCC

DO + MCC (via CDN) 2



Office 365 Updates



DO + MCC

DO not supported  3



Store and Store for Business Installs/Updates



DO + MCC

DO + MCC 4



Intune Win32 Apps



DO + MCC

N/A

Microsoft Edge Updates



DO not supported 5



DO 6



Defender Definition Updates



DO + MCC

DO (via MECM) / DO + MCC (via WU)  7



All tests were performed on Win 10 20H2 19042.928 and ConfigMgr 2103 5.00.9049.1010 in May 2021


 


 


1) Microsoft Updates and Upgrades via ConfigMgr


For Microsoft Updates and Upgrades, DO can only be used if you enable ‘download delta content’ in the Client settings and the content is not available on internal DPs. See my other Blog post for details.


 


2) O365 Installs via ConfigMgr


Office 365 Installs can only be optimized via DO in ConfigMgr if the Content is downloaded from the Content Delivery Network (CDN) and not from internal Distribution Points. See my other Blog post for details.


 


3) O365 Updates via ConfigMgr


When you deploy O365 Updates over ConfigMgr, DO will never be used. The current implementation of the Delta Downloader does not support O365 content.


 


4) Store and Store for Business Installs and Updates via ConfigMgr


Microsoft Store Apps deployed via ConfigMgr use DO + MMC when deployed in Online mode. Offline Apps (where the content is stored on your local DPs) cannot use DO + MCC.


 


Picture1.png


 


5) Microsoft Edge Updates via Intune


If you don´t mange Microsoft Edge Updates via ConfigMgr, the internal Updater from Microsoft Edge is used. Unfortunately, this Updater doesn’t support DO.


 


6) Microsoft Edge Updates via ConfigMgr


If you use ConfigMgr to Update Microsoft Edge you need to disable automatic Updates inside Edge. Updates for Microsoft Edge are deployed as regular Microsoft Updates via ConfigMgr and therefore DO can only be used if you enable ‘download delta content’ in the Client settings and when the content is not available on internal DPs.


 


7) Defender Definition Updates via ConfigMgr


If you manage Defender Definition Updates via ConfigMgr, it depends on which Update Source you configured if DO can be use. If you configure ‘Microsoft Update’ as source, DO+MCC can be used. But keep in mind that you might need to reduce the File Size cached by DO via Group Policy or Configuration profiles in Intune. If you configure ‘Configuration Manager’ as source, DO can only be used if you enable ‘download delta content’ in the Client settings and the content is not available on internal DPs.


 


 


Summary


When you manage your Clients over Intune, DO and MCC can be used for almost all scenarios without complex configuration. If you manage your Clients with ConfigMgr, you need to know in which situations DO + MCC can be used.


I hope my blog helps you to understand the behavior a bit better.


 


Happy Caching!


 


Stefan Röll


Customer Engineer – Microsoft Germany


 


 


Resources: 


Stay current while minimizing network traffic: The power of Delivery Optimization


https://myignite.techcommunity.microsoft.com/sessions/81680?source=sessions


Delivery Optimization reference


https://docs.microsoft.com/en-us/windows/deployment/update/waas-delivery-optimization-reference


Delivery Optimization and Office 365 ProPlus


https://docs.microsoft.com/en-us/deployoffice/delivery-optimization


Optimize Windows 10 update delivery with Configuration Manager


https://docs.microsoft.com/en-us/configmgr/sum/deploy-use/optimize-windows-10-update-delivery


Microsoft Connected Cache in Configuration Manager


https://docs.microsoft.com/en-us/configmgr/core/plan-design/hierarchy/microsoft-connected-cache


Modern Content Distribution: Microsoft Endpoint Manager and Connected Cache


https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/modern-content-distribution-microsoft-endpoint-manager-and/ba-p/1148669


 


Disclaimer:


This posting is provided “AS IS” with no warranties and confers no rights