Why do you want to join the ALM Rangers?

I have a passion and  for building great software and I want to help as many others as I can to do the same. Ideally, I want to join the Rangers because I want to surround myself with the best and brightest in this field. My goal is to learn as much as I can from the others, grow my career, and be able to contribute back to the community to help drive the best patterns and practices around ALM and enable others to stay on the cutting edge of ALM theory.

Who you are?

I have been working in the software industry for 12+ years now and I have spent the vast majority of that time working in and around the government space, both as a government employee and as a contractor. For the past 2 years I have been an Application Development Manager with Microsoft’s Premier Support for Developers. I started as a software engineer and worked through senior engineer to architect. Before joining Microsoft, most of my work has been based around the Microsoft technology stack and I have often been the voice to adopt tools such as TFS for our ALM needs.

Outside of work, I have a number of other activities to keep me busy. I enjoy biking, fencing, card magic, and music. I have played the piano for over 20 years and love attending different shows (the picture included is me at the first of 4 nights seeing Wagner’s Ring)

What makes you “tick”?

As I said above, when it comes to work, what makes me “tick” is a passion of building great software. I take the success of projects a lot more personally that I realistically should, so I obsess over them to produce the best product possible. As an architect, this meant smart, flexible design and from an ALM perspective, using the right set of tools and processes to build high quality software.

Where do you live?

I live in the Washington DC area.

What is the best Rangers project you worked with and why?

I have not worked on any projects yet, but I have taken advantage of a few different ones in the past. This include the branching guidance, planning guide, and more recently the migration of legacy release management assets to use the new vNext release system.

This post is part of an ongoing series of Rangers introductions. SeeRanger Index (Who is Who?)for more details.

Who you are

With a Consulting background for around 8 years, since 2014 I’m a Development Premier Field Engineer based in Lisbon, Portugal.

As a PFE, I have the opportunity to work with some of the biggest companies from all EMEA, focusing my work on ALM / DevOps, Agile Development, and Debugging / troubleshooting. I’m also a regular presence on some local .NET / Development Communities.

What makes you “tick”

My family is always #1, but after that, what puts a smile on my face is to be able to continue learning, growing, and most of all, help others to do the same.

It could be a customer, a co-worker, or just someone I’ve met on the Communities, I really believe that we are stronger together, and that we all have to gain with this attitude.

Where you live

I’m born and raised in sunny Lisbon, Portugal, and this is still the place I call home.

This post is part of an ongoing series of Rangers introductions. SeeRanger Index (Who is Who?)for more details.

It’s been a great couple of weeks for anyone interested in great security for solutions they host in Azure.

Last week we let you know about Azure Security Center going into general availability and how Azure Security Center can bring you the detection and response capabilities you need to protect your Azure workloads. We also let you know that this level of continuous security monitoring and alerting is most likely the best security solution offered by a public cloud service provider today.

Nice!

That was great news, but now for part 2 – Operations Management Suite-Security is now in General Availability and all of the good things in terms of threat detection that you have for your Azure workloads with Azure Security Center are now available in OMS Security.

OMS Security makes is possible easily assess your security posture for your on-premises or hybrid workloads. It’s a fantastic solution with a compelling interface that is both very easy to use and powerful at the same time. An example of this power is almost one of my favorite features – the ability to automate responses to specific detections using runbooks or webhooks.

Learn more by reading Microsoft brings together IT management and security for the hybrid cloud.

Some of the new security features included in OMS Security include:

• An enhanced Security dashboard
• A Threat Intelligence Map
• Security Configuration Baseline Assessment
• An Identity and Access Management dashboard
• Microsoft Advanced Threat Analytics integration
• Cisco ASA log ingestion
• Advanced threat detection engine

Sounds good? No! Sounds GREAT! For details on each of these new security features, check out Operations Management Suite expands to include security management, threat detection.

And as mentioned, OMS Security inherits much of the advanced threat detection you get with Azure Security Center – behavioral analysis, anomaly detection, machine learning based algorithms, multiple threat intelligence feeds, and more. For more information in OMS Security threat detection, check out Operations Management Suite (OMS) Adds Security Analytics to Power Threat Detection.

Enough of reading – let’s watch a movie! In this video Sarah Fender from the Azure Security Center team shows how OMS Security provides deep and actionable insights into the security of your hybrid cloud environments. Enjoy!

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

I have written on this subject before but it seems to come up from time to time, as it did again this week.  The Session (SPID) = –2 is just a place holder used by SQL Server to indicate that the DTC transaction is still active but there are no sessions enlisted/propagated into the transaction.

Here is how to reproduce the scenario.

1. Client creates and owns a DTC Transaction
2. Client connects to SQL Server, and enlists in the DTC transaction.
3. Connection does some work under the DTC transaction umbrella
4. Client disconnects (or enlists in NULL)

The current state of the DTC transaction is still active, the client has not committed and retains primary control over the the scope of the DTC transaction.

SQL Server is not allowed to abort or commit the transaction just because the connection(s) have been closed.  The client could have enlisted another resource manager (file system, another database server, etc.) and still be doing work.  When you query the SQL Server and it has an active DTC transaction (UOW) but no longer has a connection associated with the transaction the session id (SPID) reported is –2.

Now that I have described the scenario steps let’s step through how the DTC transaction flow works.

Client creates and owns a DTC transition
Using one of the provided DTC interfaces the client creates an ITransaction object.   Creating an ITransaction entails a connection to a DTC manager and the ITransactionDispenser->BeginTransaction call.  In .NET this can be provided by the TransactionScope object.

Client connects to SQL Server and enlists in the DTC transaction
The client establishes the connection to the SQL Server.  In ODBC SqlDriverConnect, in .NET SqlConnection.Open or such action. 

Now the client enlists/propagates the SQL Server connection into the DTC transaction.  There are various ways to accomplish this, in ODBC the SQLSetConnectAttr is used to bind the ITransaction to the connection.  This tells the SQL Server client to perform synchronization with the DTC manager(s) and SQL Server.

From the ITransaction the client driver uses the ITransactionExport interface to export a transaction cookie.   The cookie is a binary value indicating information about the transaction UOW as well as the DTC manager endpoint, which could be different than the DTC manager being used by the SQL Server instance.  The cookie is sent to SQL Server  (Trace Event = DTC::Enlist or DTC::Propagate when looking at XEvent information flow to the SQL Server.)

SQL Server can register with the DTC manager as a transaction resource manager.  SQL Server takes the cookie provided and leverages the ITransactionImport interface to import an ITransaction object representing the transaction.   At this juncture the client has a ITransaction with a reference to the transaction and SQL Server has an ITransaction with a reference to the same transaction.  SQL Server stores the ITransaction with a transaction object that you can now see in the various transaction DMV outputs.

Connection does some work
All transaction activity is properly associated with the DTC transaction entity.  At this juncture the client and SQL Server still have ITransaction references, the connection remains bound to the DTC transaction and the locks remain held on changed rows.

Client Disconnects
The client can disconnect the connection from SQL Server.  During the disconnect (or propagate into a NULL transaction) SQL Server unhooks the connection from the DTC transaction it is tracking.  The transaction object still remains in SQL Server’s transaction list because it is still active.  The DTC manager has not indicated an abort or commit.

This is the point in time that SQL Server does not have a session bound to the DTC transaction.  When you issue a DMV query SQL Server attempts to lookup the session associated with the transaction object.   If no session is found and this is a DTC transaction –2 is used to indicate an active DTC transaction without associated connections exists.

The client can do additional work and then issue the ITransaction->Commit or Abort.   The commit or abort is handled by the DTC manager, contacting all endpoints for the same ITransaction (UOW) and indicating to them the action to carry out.  SQL Server receives the commit or abort from the DTC manager and takes the appropriate steps to complete the request.   Once the request is complete SQL Server releases the ITransaction and any internal tracking structures.

You can trace the commit or aborts with additional DTC events such as Prepare, Prepared, Abort, Aborting, etc.

Bob Dorr – Principal Software Engineer SQL Server

Team Services

只有在您的帳號需要增加超過免費帳號的使用者人數和團隊服務，才要設定帳單。例如：當您想要增加超過五個需要基本存取的使用者或您的帳號已經用完每個月的免費建置時間來完成您的部署，就會需要設定帳單。學習更多有關 Team Services 的使用者與額外服務。

如果您是從Visual Studio Marketplace來購買您的 Team Services 帳號，Visual Studio Marketplace 將會在您第一次購買時幫助您開設帳單。

您會需要什麼來開設帳單？

Microsoft Azure 為您的 Team Services 帳號處理帳單，所以您將需要：

• Team Services 帳號所有者權限。如何找到帳號所有者？
• 一個 Azure 訂用帳戶用來設定帳單。您至少需要共同管理員的權限來連結這個訂用到您的 Team Services 帳號。

如果您沒有Azure 訂用帳戶，請到這裡註冊。或有 Azure 管理員新增您為一個 Azure 訂用帳戶的共同管理員。請確認您有使用與 Team Services 帳號所有者相同的 email。

您將會綁定這個訂用帳戶到您的 Team Services 帳號在 Azure 傳統入口網站或 Azure 入口網站。您設定這個連結之後，您就可以為更多使用者及團隊服務付款了，像是持續整合或效能測試。您的 Azure 訂用帳戶有所有必要的付款資訊，所以您不用分別為您的 Team Services 帳號設定這些。Azure 帳單如何運作？

如果您沒辦法取得您的 Azure 訂用帳戶，請與 Azure Support聯繫。

綁定 Azure 訂用帳戶到您的 Team Services 帳號來付款

您可以在 Azure 傳統入口網站或 Azure 入口網站按照以下的步驟，兩個入口網站都會給您相同的結果。

Azure 傳統入口網站

1. 用 Team Services 帳號所有者與 Azure 訂用帳戶共同管理員或更高的權限登入 Azure 傳統入口網站。
   如果您有瀏覽器的相關問題，請確定您使用支援的瀏覽器。

2. 到 Visual Studio Team Services，開始綁定您的帳號。

3. 到 LINK TO EXISTING選擇您的 Team Services 帳戶，如果您有多個帳號。
   為什麼我的選項看起來不一樣？
   如果您有多個訂用帳戶，您也可以選擇其中一個。
   

4. 完成綁定您的帳號。
   在 Azure 設定連結之後，您的 Team Services 帳號就會出現連結到您的 Azure 訂用帳戶。

下一步

• 支付更多基本存取權的使用者
• 支付更多團隊服務

Azure 入口網站

1. 用 Team Services 帳號所有者與 Azure 訂用帳戶共同管理員或更高的權限登入 Azure 入口網站。
   如果您有瀏覽器的相關問題，請確定您使用支援的瀏覽器。

2. 到 Browse> Team Services accounts選擇您的 Team Services 帳號。

3. 選擇您的 Azure 訂用帳戶。完成綁定您的帳號。
   在 Azure 設定連結之後，您的 Team Services 帳號就會出現連結到您的 Azure 訂用帳戶。

下一步

• 支付更多基本存取權的使用者
• 支付更多團隊服務

為您的 Team Services 帳號新增備用的帳單管理員

為了讓其他人也可以管理帳單或為您的 Team Services 帳號進行購買，新增一個共同管理員到連結您 Team Services 帳號的 Azure 訂用帳戶。

1. 以 Azure 訂用帳戶管理員的身份登入 Azure 傳統入口網站。
   您只可以透過 Azure 傳統入口網站新增訂用共同管理員。

2. 新增共同管理員到您的 Azure 訂用帳戶。

下一步

• 支付更多基本存取權的使用者
• 支付更多團隊服務

Q&A

Q：我要如何找到帳號所有者？

A：如果您至少要有基本存取權，您可以在您的帳號設定裡找到帳號所有者。

1. 登入您的 Team Services 帳號（https://{youraccount}.visualstudio.com）。
2. 到您的帳號控制面板。
   
3. 到您的帳號設定，即可找到帳號所有者。
   

Q：哪個 Azure 訂用帳戶可以連結到我的 Team Services 帳號和用來付帳？

A：您可以使用不屬於下列這幾個的 Azure 訂用帳戶：

• Azure 免費試用
• 免費 Azure AD 訂閱
• 從雲端解決方案提供者

如果您有其中一個的訂用帳戶，可以設定一個分開的隨用隨付 Azure 訂用帳戶。

重要：有些 Azure 訂用帳戶包含：

• Azure 點數的福利。然而，您不可以使用這些點數來支付 Team Services 上的購買。
• 預設的消費限制
  在您使用這些 Azure 訂用帳戶付款時，確定您無限期刪除此消費限制。以免當用的收費被延至下個月，所有這個訂用帳戶的資源都將被暫停，包含 Team Services 購買、Visual Studio Marketplace 購買與 Azure 資源。
  
  如果您有訂用帳戶的帳號管理員的權限，可以到 Azure 帳戶中心來移除消費限制：
  1. 登入 Azure 帳戶中心（帳戶>訂用帳戶）。
  2. 選擇您的 Azure 訂用帳戶。
  3. 無限期刪除您的消費限制。

Q：為什麼我的選項看起來不一樣？

A：您的選項可能長得不一樣因為：

• URL：這個清單只顯示您擁有的 Team Services 帳號。為什麼我沒看到任何帳號？
• Directory：您所選擇的 Team Services 帳號可能或可能沒有使用 Azure Active Directory（Azure AD）來控制存取與授權使用者。什麼是 directory？為什麼它連結到我的帳號？
• Subscription：只有在您有多個 Azure 訂用帳戶時才會出現。這些訂用帳戶也可以透過在 Azure 傳統入口網站的 Subscriptions 清單選擇 directory 來篩選：
  

Q：Azure 帳單是如何運作的？

A：當您連結您的 Team Services 帳號到 Azure 訂用帳戶時，您選擇一個您有共同管理員或更大權限的 Azure 訂用帳戶。如果您沒有 Azure 訂用帳戶，您也可以註冊一個新的或有 Azure 管理員將您新增為共同管理員到 Azure 訂用帳戶。

付款是設定用信用卡或在有些情況用發票。您的購買費用將會顯示在您每個月的 Azure 帳單上。

注意：您必須保持您的 Azure 訂用帳戶信譽良好。如果您的 Azure 訂用帳戶被取消或是不能使用，例如：因為付款的信用卡到期，任何用此 Azure 訂用帳戶購買的東西都將會在下個月的第一天關閉。為了避免失去您 Team Services 購買的存取權，請保持您的 Azure 訂用帳戶活躍且更新。

Q：我什麼時候要付款？

A：您只有在需要超過免費門檻的使用者或團隊服務才會被收費。您的費用在第一個月是按比例分配的，在這之後，您將會在每個月的第一天自動被收費。更多有關定價的資訊在這裡。

Q：為什麼我的第一筆帳單金額比我想像得還大？

A：您第一個月的帳單金額會依照使用天數計算，結合在下一個月的帳單之中，且付款都是在每月1號。

Q：我可以連結一個 Azure 訂用帳戶到多個 Team Services 帳號嗎？

A：可以，但您不能連結一個 Team Services 帳號到多個 Azure 訂用帳戶。

Q：為什麼不能連結我的 Team Services 帳號？

A：這可能是因為：

• 您並不是 Team Services 帳號所有者。
• 您並沒有至少共同管理員的權限在您想要連結的 Azure 訂用帳戶上。
• 如果您沒有看見任何 Team Services 帳號，您的帳號可能已經連結到其他 Azure 訂用帳戶。
• 如果您的 Team Services 帳號使用 Azure Active Directory（Azure AD）來授權使用者，您可能要選擇一個與連結到您 Team Services 帳號不同的 directory 在 Azure 入口網站。要選擇您 Team Services 帳號所用的 directory，打開 Azure 入口網站的 Subscriptions 清單：
  

Q：是否有付款限制，會讓我不能連結 Team Services 帳號到我的 Azure 訂用帳戶？

A：有，您在澳洲東部與南印度只可以連結帳號到有同一個地區付款地址的 Azure 訂用帳戶。

Q：為什麼我的 Team Services 帳號已經連結到一個 Azure 訂用帳戶了？

A：您的 Team Services 帳號可能手動地透過 Azure 或在從 Visual Studio Marketplace購買時，設定帳單到一個 Azure 訂用帳戶了。這個 Azure 訂用帳戶也將會用來支付您帳號之後所有的購買。

Q：我要如何停止付款？

A：以 Team Services 帳號所有者或 Azure 訂用帳戶至少共同管理員權限的身份登入 Azure 傳統入口網站或 Azure 入口網站。選擇您的 Team Services 帳號，將所有付費的使用者及團隊服務關閉。您的 Team Services 帳號與帳單將不會顯示任何更動直到下個月，這些更動才會生效。您還是會被收取您已使用的團隊服務費用。

Q：如果我取消我的 Azure 訂用帳戶會怎樣？

A：您的 Team Services 帳號會回到每個月的免費額度，但您將會保留任何付費使用者或持續整合代理程式直到下個月。您的帳號會保持連結到您的 Azure 訂用帳戶直到您斷開連結，或當訂用帳戶無法使用時自動斷開連結。

Q：我的信用卡過期會怎樣？

A：您的 Team Services 帳號會回到每個月的免費額度，但您將會保留任何付費使用者或持續整合代理程式直到下個月。您的 Azure 訂用帳戶最後會無法使用，要修復這個問題，要重新激活您的帳戶並恢復您的帳戶付款設定。

Q：我的訂用帳戶被停用會怎樣？

A：如果您是 Team Services 帳號所有者或 Azure 訂用帳戶管理員，可以在這裡檢查您的訂用帳戶狀態，然後試著修復您的訂用帳戶，這將會恢復您帳戶的支付設定。或者您也可以連結您的 Team Services 帳號到另一個 Azure 訂用帳戶。當您的訂用帳戶被停用，您的帳號會回到每個月的免費額度直到您的訂用帳戶被修復。

Q：如果斷開我的 Team Services 帳號連結會怎樣？

A：您的帳號下個月開始將會回到五個免費使用者的基本存取權限。

• 您還是要支付這個月的付費使用者與持續整合代理程式。
• 服務像是持續整合或效能測試將會立刻回到每月的免費額度。您將會要支付所有您已經使用的額度。
• 您的帳號將不再出現在 Azure 入口網站。

您可以隨時重新連結您的帳號到另一個 Azure 訂用帳戶。

Q：什麼是 directory？為什麼它連結到我的帳號？

A：Directory 使用 Azure Active Directory（Azure AD）幫助您授權使用者與控制雲端資產的存取。Directory 控制哪些人可以取得您 Team Services 帳號的存取權限。所有帳號的使用者必須在 directory 中來取得存取權限。如果沒有 directory，Team Services 帳號所有者承擔所有管理存取的責任。有了 directory ，directory 管理員控制誰可以加入 directory來取得存取。您的 Team Services 帳號被帳號所有者連結到一個 directory。瞭解更多有關您帳號的管理工作存取。

Q：哪裡可以檢查我的帳單或更新我的帳單細節在我的 Azure 訂用帳戶？

A：如果您是 Azure 帳號管理員，在 Azure 帳號入口網站查看您的訂用帳戶。

Q：我有其他有關 Azure 訂用帳戶與帳單的問題？

A：您可以到 Azure 計費與訂用帳戶常見問題 查看，或試試 Azure 支援。

Q：我要如何取得 Team Services 的幫助或支援？

A：您可以試試 Team Services 論壇或 Team Services 支援。

本文翻譯自 Set up billing to pay for more Visual Studio Team Services users and services

若對以上技術及產品有任何問題，很樂意為您服務! 請洽：台灣微軟開發工具服務窗口 – MSDNTW@microsoft.com / 02-3725-3888 #4922

このたび、Node.js Tools for Visual Studio (NTVS) の次期安定版である Node.js Tools 1.2 for Visual Studio (英語)のリリースが発表され、ダウンロードが開始されました。このバージョンでは Visual Studio 2015 (無料の Visual Studio Community エディションと Express for Web を含む) がサポートされます。

Node.js Tools for Visual Studioは、強力なコード補完、高度なデバッグとプロファイリング、単体テスト、クラウド展開、その他多数の機能によってアプリケーション開発のあらゆる段階をサポートし、エンタープライズ クラスの Node.js アプリケーションの開発がこれまで以上に簡単になるように設計されています。

v1.2 の新機能

Node.js v6.x (英語)のサポートと製品全体における多数のバグ修正に加えて、開発の生産性向上のために以下の機能強化が追加されました。

高速かつ的確になった ES6 IntelliSense

以前からパフォーマンスの問題を解消してほしいと考えていた方や、最新の JavaScript の優れた機能を利用したいという方に向けて、新しい ES6 IntelliSense エクスペリエンスを既定で有効化し、これまで以上に的確な結果が得られるようにしました。新しい ES6 IntelliSense エンジンでは型定義ファイルが利用されるため、高パフォーマンスの的確な IntelliSense が提供されるようになります。この機能は、主要な Node.js フレームワーク (Commander、Express、jQuery、Knockout など) に適用できます。

もちろん、特別な設定は不要です。新しい npm パッケージを追加すると、関連付けられている型定義がプロジェクトに自動的にダウンロードされます。それ以降、モジュールを ‘require’ する際には適切な補完候補が表示されます。

この新しい IntelliSense 機能が皆様のお役に立てば幸いです。なお、以前の静的分析エンジンとは大幅に異なるため、エクスペリエンスの開発は引き続き行い、その間はフォールバック オプションとして提供する予定です。

デバッグの信頼性向上

高度なデバッグは NTVS に不可欠な要素です。今回、ユーザーの皆様からご報告いただいた複数の問題を解決しました。ブレークポイントが適切に機能しない、全般的な不整合が見られるといった問題を修正しましたので、ぜひダウンロードしてお試しください。

パフォーマンスの向上

ハングやクラッシュは頭の痛い問題ですが、今回のリリースでこれらを解消しました。安定性とパフォーマンスを大幅に向上させ、以前のバージョンで発生したメモリ不足によるクラッシュを減少させました。また、プロジェクト システムの機能を強化し、プロジェクトの読み込み時間も短縮しました (特に [Add from Existing Code] を選択した場合)。

まだ問題が発生するようでしたら、GitHub までご報告 (英語)をお願いいたします。今後の更新に合わせて修正を行います。

単体テスト エクスペリエンスの強化

バグがないのに超したことはありませんが、ご存知のとおり人間は完璧ではありません。そこで便利なのが単体テストです。今回、@jcansdale (#989、英語) から提案された tape (英語)のサポートなど、単体テストのエクスペリエンスが強化されました。

お気に入りのテスト フレームワークのサポートを希望される場合は、フィードバックをお寄せください。NTVS の次回の更新内容として検討いたします。可能であれば、GitHub にプル リクエストを送信していただければ幸いです。

Node.js Tools 1.2 for Visual Studio の使用を開始するには

Visual Studioで Node.js アプリケーションの開発を行うには、まず Node.js Tools 1.2 for Visual Studioをダウンロードしてください。問題のご報告はこちら (英語)までお願いします。また、ご意見、ご感想、ご要望は、Gitter (英語)または Twitterにお寄せください。特にプルリクエスト (英語)の形でフィードバックをいただけますと幸いです。

最後に、コミュニティの皆様に心から感謝いたします。NTVS は無料のオープン ソース プロジェクトであり、皆様のサポートがなければ今回のリリースには至りませんでした。既に GitHub リポジトリ (英語)でご協力いただいている皆様に重ねてお礼申し上げると共に、このリンク先 (英語)で皆様からのご意見をお待ちしています。

今後の進化にもご期待ください!

Sara Itani (Node.js Tools 担当ソフトウェア エンジニア) @mousetrapsSara Itani は、優れた Node.js 開発者ツールの開発に取り組んでいます。当初は Node.js の有用性に懐疑的でしたが、その多様な可能性に気付いてからは、Visual Studio の機能を Node.js コミュニティを通じて積極的に世界中に広めています。今では彼女自身も、JavaScript のエキスパートがどんどん増えることを願っています。

In this post, we look at how we can leverage the Security and Audit solution in OMS and using log searches to retrieve records on user logon and object access security events that the Audit Collection Services (ACS) in OpsMgr reports on.

In ACS, there are 4 Usage related SSRS audit reports available out-of-the-box that allow the user to report on user logon and object access events that are occurring in their IT environment.

1. The Usage: Object Access Report,
2. The Usage: User Logon Report,
3. The Usage: Privileged Logon, and
4. The Usage: Sensitive Security Groups Changes

The Security and Audit solution in OMS Log Analytics however provides a comprehensive view into your organization’s IT security posture with built-in search queries for notable issues that require your attention.
Adding the Security and Audit solution to an OMS workspace will allow Windows security events, Windows application events, and Windows firewall logs to be collected using direct agents or MMA agents that the user enabled.
For further information, refer to Security and Audit solution in Log Analytics by Bill Anderson.

To retrieve and analyze the security events highlighted by these 4 ACS Audit Reports in OMS Log Analytics, the SQL query search conditions used in these reports can be used as the filter expressions in OMS log search queries against records collected by the Security and Audit solution.




Usage: Object Access Report:

The report shows all object access related audit events within a given date/time range by searching for security events 4656 and 4663 stored in the ACS database.
Running this report for a specific date/time range via the Reporting workspace in the OpsMgr Operations Console or the Reporting site will produce the following SSRS Report:

 


Here is an example of a 4656– A handle to an object was requested security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4656, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4656

 


Here is an example of a 4663– An attempt was made to access an object security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4663, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4663





The main part of the SQL query used in the RDL file of the Object Access Report is:

The search condition from this SQL Query can be used as the filter expression of OMS log searches against Security and Audit solution records like the following example:

• A search query to return all records of type SecurityEvent with EventID field containing 560 or 567 or 4656 or 4663, limiting the result to the Activity, Computer, TimeGenerated and EventData fields:
  
  Type=SecurityEvent EventID=560 OR EventID=567 OR EventID=4656 OR EventID=4663 | Select Computer, Activity, TimeGenerated, EventData
   
  Here is an example of what the records returned would look like when using this log search query:
  
  

Usage: User Logon Report

The report shows all user logon activities for a specific user, within a given date/time range by searching for security event 4624 stored in the ACS database.
The following figure shows the input parameters for this SSRS Report in the Reporting workspace in the OpsMgr Operations Console or the Reporting site:

 


Here is an example of a 4624 – An account was successfully logged on security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4624, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4624

  



The RDL file of the User Logon Report uses a Semantic Query, with the following filter condition:
Dv Alls with: All of (Event Id in 528, 540, 4624, Start Date on or after (prompted), End Date on or before (prompted), Any of (UPPER(Primary DomainUser) = UPPER(Parameter: DomainUser), UPPER(Target DomainUser) = UPPER(Parameter: DomainUser)))


The search condition from this SQL Query can be used as the filter expression of OMS log searches against Security and Audit solution records like the following example:

• A search query to return all records of type SecurityEvent with EventID field containing 528 or 540 or 4624, limiting the result to the Activity, Computer, TimeGenerated, IpAddress, AuthenticationPackageName, LogonProcessName, LogonTypeName and TargetAccount fields:
  
  Type=SecurityEvent EventID=528 OR EventID=540 OR EventID=4624 | Select TimeGenerated, Activity, Computer, IpAddress, AuthenticationPackageName, LogonProcessName, LogonTypeName, TargetAccount
  
  Here is an example of what the records returned would look like when using this log search query:
  
  

Usage: Privileged Logon Report

The report returns a list of privileged logon events occurring within a given date/time range by searching for security event 4672 stored in the ACS database.
Running this report for a specific date/time range via the Reporting workspace in the OpsMgr Operations Console or the Reporting site will produce the following SSRS Report:


 


Here is an example of a 4672– Special privileges assigned to new logon security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4672, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4672

 



The RDL file of the Privileged Logon Report uses a Semantic Query, with the following filter condition:
Dv Alls with: All of (Start Date on or after (prompted), End Date on or before (prompted), Any of (Event Id = 576, Event Id = 4672), Privileges does not contain “SeChangeNotifyPrivilege”)


The search condition from this SQL Query can be used as the filter expression of OMS log searches against Security and Audit solution records like the following example:

• A search query to return all records of type SecurityEvent with EventID field containing 576 or 4672, limiting the result to the Activity, Computer, TimeGenerated and EventData fields:
  
  Type=SecurityEvent EventID=576 OR EventID=4672 | Select TimeGenerated, Activity, Computer, SubjectAccount and PrivilegeList
  
  Note: As the PrivilegeList field is non-searchable in OMS, the exclusion of records containing “SeChangeNotifyPrivilege” can be done after exporting the all the records retrieved to Excel.
  
  Here is an example of what the records returned would look like when using this log search query:
  
   
   
  
  

Usage: Sensitive Security Groups Changes Report

The report returns information on sensitive security group changes within a given date/time range by searching for security events within the range of 4727 to 4735 or 4754 to 4758 or 4737 that are stored in the ACS database.
Running this report for a specific date/time range via the Reporting workspace in the OpsMgr Operations Console or the Reporting site will produce the following SSRS Report:

 


Here is an example of a 4735– A security-enabled local group was changed security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4735, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4735

  



The RDL file of the Sensitive Security Groups Changes Report uses a Semantic Query, with the following filter condition:
Dv Alls with: All of (Start Date on or after (prompted), End Date on or before (prompted). Any of (All of (Event Id >=631, Event Id <=639, Event Id=641, All of (Event Id >= 658, Event Id <= 662), All of (Event Id >= 4727, Event Id <= 4735), Event Id=4737. All of (Event Id >= 4754, Event Id <= 4758)))


The search condition from this SQL Query can be used as the filter expression of OMS log searches against Security and Audit solution records like the following example:

• A search query to return all records of type SecurityEvent with EventID field containing a value within the range of 4727 to 4735 or 4754 to 4758 or 631 to 639 or 658 to 662 or equals to 4737 or 641 , limiting the result to the Activity, GroupName, SubjectAccount, MemberName and TimeGenerated fields:
  
  Type=SecurityEvent EventID:[4727..4735] OR EventID=4737 OR EventID:[4754..4758] OR EventID:[631..639] OR EventID=641 OR EventID:[658..662] | EXTEND TargetUserName As GroupName | Select Activity, GroupName, SubjectAccount, MemberName, TimeGenerated
  
  Here is an example of what the records returned would look like when using this log search query:
  
  
  

 
 To view the complete mapping between all Audit Collection Services (ACS) SSRS reports and search queries used in OMS Log Analytics, refer to:
https://blogs.msdn.microsoft.com/wei_out_there_with_system_center/2016/07/25/mapping-acs-reports-to-oms-search-queries/

Disclaimer:
All information on this blog is provided on an as-is basis with no warranties and for informational purposes only. Use at your own risk. The opinions and views expressed in this blog are those of the author and do not necessarily state or reflect those of my employer.

I was having a interesting discussion with an academic today, the discussion was around the development of interesting projects for students. One of the biggest opportunities I can see from the academic community is the development of extensions for Visual Studio and VSTS.

About 9 months ago Microsoft launched the extensibility platform for Visual Studio Products

So is the Extensibility Platform – extensions?

Extensions are simple add-ons that can be used to customize and extend your DevOps experience with Team Services. They are written with standard technologies – HTML, JavaScript, CSS – and can be developed using your preferred dev tools. They utilize our RESTful API Library in order to easily interact with Team Services and applications/services. The Visual Studio Marketplace is where extensions are published, where they can be kept privately for you and your team or shared with the millions of developers currently using Team Services.

Ways to extend Team Services

There are two ways to integrate with Team Services:

• Utilize our RESTful API Library
• Create service hooks to be notified of important events
• Share and publicize in the Marketplace

• Integrate within the web experience
• Add new build tasks, dashboard widgets, and more
• Share and publicize in the Marketplace

To Allow extensions to be included in VSTS And Visual Studio we have a Marketplace for Team Services and developers have really been developing and contributing some amazing extensions

At present we have

• Over 200 publicly published extensions…
• Totalling over 110,000 acquisitions…
• Across ~25,000 Team Services accounts who have extensions installed!

With such a rich set of publishers and extensions coming to our marketplace,

I wanted to give some example of some of my favourite extensions

Personas

This extension allows you to create and define the applicable Personas for your project. You can then assign Personas to work items by tagging the work item with the applicable Persona and bring up their details right from the work item form.

See it in the Marketplace: https://marketplace.visualstudio.com/items?itemName=agile-extensions.personas

Product/Concept Vision

With this extension you can easily set a product vision and make sure it is visible to all team members as a dashboard widget or under the work hub!

See it in the Marketplace: https://marketplace.visualstudio.com/items?itemName=agile-extensions.product-vision

So if your looking to do an exciting project that will get you a some great references think about Visual Studio or VSTS. l be on the lookout for more specific extensions from and for the academic community  so if you’d like to see yours (or someone else’s) then let me know!

Happy coding!

In a recent post from his blog, Premier Developer Consultant Marius Rochon talks about problems with single SignOut.

Single Sign In relies on the token issuer holding on to a cookie, which tells it about the user identity after the first signin. The issuer can then respond to a request for token in whatever protocol it came in (WSFed, SAML, OpendIDConnect, etc.).

Continue reading on Marius’ blog…

Security and productivity are top priorities for every person, business and organization that uses Office 365. Yet, finding the right balance between the two—one that provides maximum security without compromising productivity and vice versa—can be a challenge. At Microsoft, we are committed to helping you achieve and maintain that balance.

We recently announced that we are extending Azure Rights Management to the Word, Excel and PowerPoint mobile apps for Android, providing full Office Mobile support for information rights management (IRM). As a result, you can now open, read and review rights-protected emails and Office documents on any device—whether it runs Windows, Mac, iOS or Android. We are also working on new features and enhancements to make IRM even better for Office 365 subscribers in the future.

For enterprises, the Microsoft Office 365 Enterprise E5 plan provides Advanced Threat Protection and Advanced Security Management to help organizations defend against malware, viruses and other attacks. In addition, we recently shared two new resources to help our enterprise customers take a systematic approach to security and information protection.

To continue increasing productivity for our subscribers, we’ve made several new improvements to Office 365. We added intelligent services to our Office apps, such as Researcher and Editor in Word. Researcher is a new service that helps you find and incorporate reliable sources and content in fewer steps, and Editor is a digital writing assistant that provides advanced proofing and editing. To help you work smarter on any device, we also extended two email efficiency features—Focused Inbox and @mentions—to our Outlook apps on every platform. Finally, we announced the rollout of modern SharePoint lists to SharePoint Online, along with one-click integration of PowerApps and Microsoft Flow, which gives you powerful new collaboration capabilities.

Office 365 provides outstanding productivity and exceptional security—all in one easy-to-use service.

Below is a roundup of some key news items from the last couple of weeks. Enjoy!

Microsoft’s current cloud business is bigger than most people realize—Learn how Office 365 is helping Microsoft take the lead in revenue among cloud services providers.

Kelly Services—putting nearly one million people to work every year, one great hire at a time—Find out how this leading temp agency is using Office 365 to increase productivity and engage customers in new ways.

Skype for Business voice conferencing comes to Australia—Discover how Office 365 users in Australia can join Skype for Business meetings from any device starting September 1, 2016.

Microsoft is introducing new features that will make its Office 365 apps smarter—Learn how Microsoft is adding intelligence to many Office 365 applications.

5 ways to boost your professionalism over email—Find out how small businesses can make every email a professional calling card.

The post Office 365 news roundup appeared first on Office Blogs.

Hey Azure Security Community!  Yuri Diogenes (CSI Enterprise Mobility and Azure Security team) here sharing with you some info we know you want to know about.

This week I had a great time recording an interview with Lex Thomas from Taste of Premier about how to leverage Azure Security Center and OMS Security for Incident Response. The Incident Response lifecycle that I used as example was extracted from our paper Microsoft Azure Security Response in the Cloud, which is also mentioned in the Incident Response section of our Azure Security Center Planning and Operations Guide.

In this interview I demonstrate how to use Azure Security Center Security Alerts to assist you in the following stages of the incident response:

• Stage 1 – Detect
• Stage 2 – Assess
• Stage 3 – Diagnose

I also explain how OMS Security and Audit Solution can be used in a hybrid environment where you need to perform further investigation regarding a potential attack, including the use of the Threat Intelligence capability. Watch the entire episode here or below:

Here are some useful links for you to learn more about OMS Security and Audit Solution, Azure Security Center and Azure Security in general:

• Visit Operations Management Suite page, and in the left navigation pane, click Security and Compliance for more information about OMS Security and Audit Solution.
• Visit Azure Security Center documentation page for more information about this cloud service.
• Visit Azure Security Information Site for more information about Azure Security capabilities in general.
• Pre-order our upcoming Azure Security Infrastructure book from Microsoft Press

Since we started supporting ARM functionality in April, we have had some great feedback. If you haven’t had a chance to check it out, take it for a spin!

As a result of moving to the New Portal, we have had a little bit of technical debt to clean up (click here to read more about that), and as such we are going to start enforcing some new rules regarding Resource Provider Types.

In the past, you may have been able to create either Event Hubs or Messaging resources in the following ways:

Figure 1 – Notice the “type” is “Microsoft.EventHub” and the “kind” is “Messaging”

Figure 2 – Notice the “type” is “Microsoft.ServiceBus” and the “kind” is “EventHub”

To make resource management more consistent moving forward, the “kind” field will be deprecated. So you will not be able to create a Messaging namespace with a Microsoft.EventHub/Namespaces type, or an Event Hub namespace with a Microsoft.ServiceBus/Namespaces type. Instead it will be inferred that when you create a Microsoft.EventHub type that you want an Event Hub namespace, and when you create a Microsoft.ServiceBus type that you want a Messaging namespace.

Here is what the changes will look like:

Figure 3 – Notice the “type” is “Microsoft.EventHub”, and there is no “kind” field.

Figure 4 – Notice the “type” is “Microsoft.ServiceBus”, and there is no “kind” field.

Existing templates with the properly corresponding “type”/”kind” values will continue to work, however templates with differing “type”/”kind” values will fail.

Our intention with this change is to make our ARM surface area more consistent and therefore easier to use for new customers. We understand that this will require a few changes for existing customers, so we are here to help! Please reach out to our customer support team here with any questions.

What do you think? Let us know in the comments.

-Shubha

ARM Resources

• Want to learn about deploying Service Bus and Event Hub resources using Azure Resource Manager templates? Refer to the article here.
• Want more template examples? Search using the Azure Quickstart Templates Gallery

We have been getting lot of customer requests for asking the steps to execute automated test on agent machine using vNext build.

This blogs will help you configure and execute an automates test on agent machine using vNext build.

1. Create a new Empty vNext build definition and add the following steps. The remainder of the article explain the configuration for each step.

2. Visual Studio Build: Configure the solution or project which need to be build. Configure the project which has the Test Methods. This task will compile the configured solution or project in the build agent folder.

3. Copy and Publish artifacts: Configure the task to copy the build artifact to build drop location. Artifact Type provide you option to copy the build artifact to a network share or store in the server. Select the value as File Share to configure the UNC path for the build drop. Artifact Type as Server will store in the TFS database. This configuration will consume space in database to store the build artifact.

4. Visual Studio Test Agent Deployment: This build task will deploy the vNext test agent on the configured machine. Mention the machine group name under Machine section. The test agent will get deployed to all the machines configured in the machine group. The user account should have local administrator privileges on these machines to install and configure the test agent. Also need to enable the WinRM Firewall settings on the agent machines.

By default, this task will download the latest test agent from the internet. However, you can specify the test agent installation media path, in case you have the test agent installed available. This should be a UNC path or relative path on the build agent machine. And the build service account should have privilege to access this folder contents.

To configure the test machines under the Machine groups, navigate to Test => Machines tab from TFS web access. Add a new machine group and configure the FQDN or IP address of the test agents machine. Provide the user account which has local administrator privileges on the test agent machine.

Under the Agent Configuration, provide the user credentials for the agent service account. The password field in this section is a plain text. However, you can create a build variable and store the user password as encrypted. This variable can be used in the Agent Deploy task.

To enable the WinRM Firewall settings on the test agent machine, open a Command Prompt in elevated mode and perform the command winrm quickconfig.

5. Run Functional Test: This is final task which executes the test cases on the test agent machine. Mention the Machine configured name and Build drop location path from where the test agent can pick the test binaries.

By Selecting the Test Assembly option in Test Selection, you can execute all the test cases in a test dll. However, the Test Filter Criteria will filter the criteria based on the parameter provided (Name=TestMethod1 or TestCategory=TestCategory1 or Owner=OwnerName).

In case you want to execute all the test case configured under a Test Plan or Test Suite, change the Test Selection option values to Test Plan. This would list the Test Plan and Test Suite configured for the specific Team Project and you can select the values.

Hope this helps!

Content: Sinjith Haridasan Reeja
Review: Chandra Sekhar Viswanadha

The hits just keep coming this week!

We’re happy to announce a new Microsoft Virtual Academy source titled Introduction to Azure Security Center

Here’s the description of the course headed by a stellar array of Azure Security Center PMs (Sarah Fender, Gilad Elyashar and Tomer Teller):

Looking to combat today’s enterprise security threats? Want to respond to and recover from security incidents more quickly? Learn how Azure Security Center helps you prevent, detect, and respond to threats with increased visibility and control over the security of your Azure resources. And see how Azure Security Center uses advanced analytics to identify attacks that might otherwise go undetected.

Join a team of experts for this Azure Security Center training, as they show you how to stay ahead of current and emerging threats. Explore cloud security policies that enable you to recommend and monitor security configurations, easy deployment of integrated Microsoft and partner security solutions, and real-time security alerts.

1 | Overview

Learn how to combat today’s threats. See how Microsoft defined a new approach to security and how Security Center, a new Azure service, can enable customers to protect, detect, and respond to threats.

Watch it now!

2 | Security Roles

Explore how the different roles responsible for cloud security are using Azure Security Center to meet their security management, monitoring, and incident response needs.

Watch it now!

3 | Prevention Deep Dive

See how Azure Security Center hardens cloud deployments by setting policies, monitoring the security state of virtual machines, virtual networks, databases, and applying security recommendations.

Watch it now!

4 | Detections Deep Dive

Get the inside scoop on how Azure Security Center detection algorithms use threat intelligence, behavioral analytics, and anomaly detection to identify threats and to help you respond and recover.

Watch it now!

We hope you enjoy the presentations and learn what you need to know to get a start with securing your assets in Azure. If you have questions, please ask below and we’ll get back to you quick!  

Thanks!

Tom

Tom Shinder
Program Manager, Azure Security
@tshinder | Facebook | LinkedIn | Email | Web | Bing me! | GOOG me!

You might not know that if you need to test a Microsoft web browser (Edge or Internet Explorer) different from the one you have available on your computer there are ready for you to use virtual machines that you can download from the Microsoft Modern.IE website. VMs are available for the following set of hyperadvisors:

• VirtualBox
• Vagrant
• HyperV (Windows)
• VPC (Windows)
• VMware (Windows, Mac)
• Parallels (Mac)

And following is the list of available Microsoft web browsers:

• IE8 on Win7
• IE9 on Win7
• IE10 on Win7
• IE11 on Win7
• IE11 on Win81
• Microsoft Edge on Win 10 Stable (14.14393)

皆さん、こんにちは。テクニカルエバンジェリスト戸倉彩です。

今回はWindows 10 Anniversary Updateの新機能として追加されたbashを、Visual Studio Codeのターミナルで呼び出す方法を紹介します。

過去に投稿した【Visual Studio Code 1.2以降】統合TerminalをコマンドプロンプトからPowerShellに変更する (Windows版) https://blogs.msdn.microsoft.com/ayatokura/2016/06/10/vscode_terminal_powershell/ を参考に、setting.jsonファイルを下記のとおり編集する。

“terminal.integrated.shell.windows”: “C:\windows\sysnative\bash.exe”

Have a nice Code♪

Here you will find news about Visual Studio Marketplace.

Please come back in a few days.

In this post, we look at how we can leverage the Security and Audit solution in OMS and using log searches to retrieve records on Dynamic Access Control (DAC) usage based on the audit events the Audit Collection Services (ACS) in OpsMgr collects and reports on.

In ACS, there are 3 new DAC SSRS reports available out-of-the-box that were included from System Center 2012 Service Pack 1 (SP1) onwards. OpsMgr provides ACS support for Dynamic Access Control as enabled by Windows Server 2012. ACS collects DAC related audit events from the relevant machines (file servers, domain controllers) and these reports enable auditors and compliance officers to report on the use of Dynamic Access Control in the IT environment.

1. The DAC: File Resource Property Changes Report,
2. The DAC: Central Access Policy For File Changes, and
3. The DAC: Object Attribute Changes

The Security and Audit solution in OMS Log Analytics however provides a comprehensive view into your organization’s IT security posture with built-in search queries for notable issues that require your attention.
Adding the Security and Audit solution to an OMS workspace will allow Windows security events, Windows application events, and Windows firewall logs to be collected using direct agents or MMA agents that the user enabled.
For further information, refer to Security and Audit solution in Log Analytics by Bill Anderson.

To retrieve and analyze the security events highlighted by these 3 ACS Audit Reports in OMS Log Analytics, the SQL query search conditions used in these reports can be used as the filter expressions in OMS log search queries against records collected by the Security and Audit solution.



DAC: File Resource Property Changes:

The report shows File Resource Property changes for Windows Server 2012, within a given date/time range by searching for security event 4911 stored in the ACS database.

Here is an example of a 4911 – Resource attributes of the object were changed security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4911, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4911

 
 


The main part of the SQL query used in the RDL file of the File Resource Property Changes Report is:

The search condition from this SQL Query can be used as the filter expression of OMS log searches against Security and Audit solution records like the following example:

• A search query to return all records of type SecurityEvent with EventID field containing 4911, limiting the result to the Activity, Computer, TimeGenerated, SubjectAccount and EventData fields:
  
  Type=SecurityEvent EventID=4911 | Select Computer, Activity, TimeGenerated, SubjectAccount, EventData
  

The report shows changes to the Central Access Policy that applies to a File Resource, within a given date/time range by searching for security event 4913 stored in the ACS database.

Here is an example of a 4913 – Central Access Policy on the object was changed security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 4913, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-4913

 

The main part of the SQL query used in the RDL file of the Central Access Policy For File Changes Report is:

• A search query to return all records of type SecurityEvent with EventID field containing 4913, limiting the result to the Activity, Computer, TimeGenerated, SubjectAccount and EventData fields:
  
  Type=SecurityEvent EventID=4913 | Select Computer, Activity, TimeGenerated, SubjectAccount, EventData
  

DAC: Object Attribute Changes Report

The report shows Object Attribute changes for Windows Server 2012, within a given date/time range by searching for security events 5136 or 5137 stored in the ACS database.

Here is an example of a 5136 – A directory service object was modified security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 5136, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-5136

 
 

Here is an example of a 5137 – A directory service object was created security event as shown at the Windows Security Auditing technical documentation on TechNet:
For more information about Event 5137, visit https://technet.microsoft.com/en-us/itpro/windows/keep-secure/event-5137

 



The main part of the SQL query used in the RDL file of the Object Attribute Changes Report is:

The search condition from this SQL Query can be used as the filter expression of OMS log searches against Security and Audit solution records like the following example:

• A search query to return all records of type SecurityEvent with EventID field containing 5136 or 5137, limiting the result to the Activity, Computer, TimeGenerated, SubjectAccount and EventData fields:
  
  Type=SecurityEvent EventID=5136 OR EventID=5137 | Select Computer, Activity, TimeGenerated, SubjectAccount, EventData
  
  

 
To view the complete mapping between all Audit Collection Services (ACS) SSRS reports and search queries used in OMS Log Analytics, refer to:
https://blogs.msdn.microsoft.com/wei_out_there_with_system_center/2016/07/25/mapping-acs-reports-to-oms-search-queries/

Disclaimer:
All information on this blog is provided on an as-is basis with no warranties and for informational purposes only. Use at your own risk. The opinions and views expressed in this blog are those of the author and do not necessarily state or reflect those of my employer.

Konference SQL Server Bootcamp 2016 je dvoudenní bezplatná vzdělávací konference určená pro databázové vývojáře, administrátory i BI specialisty, kde se na prakticky orientovaných přednáškách předních českých odborníků na SQL Server seznámíte nejen s novinkami v SQL Serveru 2016, ale i s best-practices z různých oblastí SQL Serveru.

Akce se koná 15. – 16. 8. 2016 v Brně na Fakultě informatiky Masarykovy univerzity (místnost A318). Kompletní program, seznam přednášejících i registraci najdete na webu Windows User Group.