Introducing the Surface Diagnostic Toolkit for Business

We’re pleased to announce the availability of the Microsoft Surface Diagnostic Toolkit for Business (SDT), designed to restore Surface devices to full productivity faster. Built with advanced diagnostics, logging, and repair capabilities, SDT enables IT admins to quickly resolve hardware, software, and firmware issues in Surface devices, beginning with Surface Pro 3 and later. The…


Using the Fully Qualified Domain Name for Remote Control in System Center Configuration Manager

Hello everyone, Jonathan Warnken here. I am a Premiere Field Engineer (PFE) for Microsoft. I primarily support Configuration Manager and today I want to talk about creating a custom console extension to allow the use of a Fully Qualified Domain Name (FQDN) when starting a remote-control session. If you work in a multi domain environment…


Remote Use of Local Accounts: LAPS Changes Everything

  Long overdue post revisiting the question about whether and when to block the use of local accounts, particularly for remote administration. Beginning in 2014 with our baselines for Windows 8.1 and Windows Server 2012R2, our security baselines have been blocking remote use of local accounts. Back then, Windows had yet to offer anything resembling…


First Steps in Hyper-V Research

Microsoft has put a lot of effort in Hyper-V security. Hyper-V, and the whole virtualization stack, runs at the core of many of our products: cloud computing, Windows Defender Application Guard, and technology built on top of Virtualization Based Security (VBS). Because Hyper-V is critical to so much of what we do, we want to…


Top stories for US partners the week of December 10

Find resources that help you build and sustain a profitable cloud business, connect with customers and prospects, and differentiate your business. Read previous issues of the newsletter and get real-time updates about partner-related news and information on our US Partner Community Twitter channel. Looking for partner training courses, community calls, and events? Refer to the…


SharePoint Online and OneDrive for Business Custom Sharing Controls

Today, we’re going to explore two relatively new sharing controls in SharePoint Online (and, by extension, OneDrive for Business).  The two options we’re going to look at are located inside the SharePoint Admin Center (https://<tenant>-admin.sharepoint.com) under Sharing: [toc] Overview To test both of these functions out (as well as how other users are affected), I’m…


Add legacyExchangeDN as x500 proxy address from a remote forest

The other day, on one of the forums, I came across an issue that I also had with one of my customers a few years ago.  In my customer’s instance, they had imported thousands of contacts into an externally trusted forest and deleted them in their primary forest (which then removed the objects from Office…


Updated Tool Roundup!

Hi! It’s a day ending in “y,” which means it’s a good day to update a script! Today, while on-site with a customer and running my AAD Connect Permissions script, I noticed that the logging output wasn’t as helpful as I wanted it to be. So, I’ve updated it with some bits for looking for…


Migrate-EOPSettings now does ATP!

ATP! ATP! At long last, I’ve made a first pass at updating the Migrate-EOPSettings script to now include settings for Advanced Threat Protection.  I’ve had several customers moving their instances from commercial EOP to Office 365 GCC, and while my Migrate EOP script would capture just about everything, it came to my attention that we…