Month: May 2015

Dear Accountants: PowerPivot is your friend!

Posted on Updated on

…64bit version is a must have!

by: Mike Griffin

Intro by Avi: Power Pivot and Power BI tools can be used to transform BI for a wide array of industry verticals and vocations. But it is especially suitable to some roles; Accountants are probably at the top of that list! Our friend Mike here is a Financial Manager in the interesting vertical of Cruise Lines. And has a post for us describing just one of the ways they are using the Power BI tools, in this case to find needles in the haystack. Take it away Mike…

Accountants are NOT typically data GEEKS

Accounting related problems open doors to a different set of applications for PowerPivot and PowerQuery. Although it’s fair to say most accountants like numbers, an affinity for numbers does not always translate into a love for data – especially lots of data. This example illustrates how PowerPivot and PowerQuery can be used to help automate accounting related tasks that can be incredibly time consuming when a lot of data is involved.

The scenario I’m presenting is not sophisticated in terms of DAX formulas and is very simple from a data modeling point of view. However, it’s an incredibly useful application of the tools we use as PowerPivot enthusiasts that can save valuable time when closing the accounting period.

The Accounting Need: Remove needles from the hay stack

Use Power Pivot and Power BI to look for the proverbial needles in your data haystack
Use Power Pivot and Power BI to look for the proverbial needles in your data haystack

In this scenario, I need to reverse invoice specific journal entries that were originally posted as part of an automated process between an internal database and our accounting software. This entry is posted as a batch with thousands of other invoices (the original journal entry can’t just be reversed).

A data source is available with details at an invoice level that represent the batch total. However, this data source does not share the same names for the account details required to reverse the original journal entry and it is not data-model friendly.

The Goal:

  • · Extract 17 of the 118 columns available in the detailed data source with the invoice level detail.
  • · Map the 17 columns to the appropriate general ledger accounts in another table and add other details for the journal entry.
  • · Isolate a subset of the invoice level details based on another table with the specific invoices I need.

I’m working with three different tables:

  1. EntryAccounts” table that translates the column labels in my detailed data set into the appropriate journal entry details such as account number, department, etc. (see Step One below)
  2. BookingList” table that helps me extract the specific invoices I’m interested in from the detailed list of thousands. (see Step One below)
  3. RevDetail” table which is a detailed data set with all of the invoice specific information I need (the transformed version of this table is in Step Two below).

Step One:

Create a table that maps the appropriate columns from the data source to the general ledger accounts I want and a list of the specific invoices I want to isolate.

  • · Load each table into PowerPivot
Table One: EntryAccounts Table Two: BookingList
Accounting Detail for PowerPivot Invoice List
The Rev_Description column is a list of the column headers I’m interested in from the detailed data source with invoice specific details. The Invoice List table helps filter the list of thousands of invoices in my large detailed data set to the smaller subset I’m interested in.

Step Two:

I use PowerQuery to turn the detailed data source table with roughly six thousand rows and 118 columns into a three column data-model friendly format. I’ve “un-pivoted” the columns so I can create a relationship between what had been column headers to the unique row values in the Rev_Description column in the “Entry Accounts” table. Note: this step turns the table into over 85K rows in this case. (A tall and skinny table – lots of rows, fewer columns – is far more ideal shape for Power Pivot than short and squat).

This is the PowerQuery view of what becomes the “RevDetail” table in PowerPivot.

Table Three: RevDetail
Unpivot data with PowerQuery Steps to unpivot with PowerQuery
  • · Load the table into PowerQuery, un-pivot the data, & filter the attribute column for the columns I’m interested in. These columns are synonymous with specific account numbers on my “EntryAccounts” table.
  • · Remove unwanted columns and load this table into PowerPivot if using Excel 2010 (the query can be loaded directly into the PowerPivot data model in Excel 2013 – a very useful feature!)

Step Three:

Relate the invoice level data to the subset of invoices & appropriate accounting details.

Create Relationship - revised

  1. The Attribute column in the “RevDetail” table is related to the “Rev_Description” column in my “Entry Accounts” table. The Attribute column had been 17 different columns in the original data source.
  2. The Invoice column in the “RevDetail” table is related to the Booking column of my “Invoice List” table.

Step Four:

Create a pivot table that brings the data source, specific invoices of interest, and mapped accounting details “in line” for review and ready to scan with some VBA.

Flag data with PowerPivot Related

Create calculated columns to create filters for the pivot table output.

PowerPivot Output

I’ve pulled the appropriate details into a pivot table. The relationship between the RevDetail table and the BookingList table help me filter down to the invoices I care about. The relationship between the RevDetails table and the EntryAccounts table allow me to pull in the accounting related detail that is not in my detailed data source. From here, I use a little VBA that scans the pivot table and moves the data into a template that is designed to interface and upload with the specific accounting software being used.

Journal Entry with VBA and PowerPivot

The Result:

This process takes no more than ten minutes to gather and upload all required data, leading to a journal entry that can be uploaded to an accounting system. Creating these entries had taken 15 to 20 minutes per invoice prior to implementing PowerPivot as a tool to automate this process. This example was only isolating four invoices; the list is often longer. The time savings can be huge!


Our favorite SCCM 2012 R2 SP1 New features

Posted on Updated on

Written by , Posted May 28, 2015.

Microsoft announced the release of SCCM 2012 SP2 and SCCM 2012 R2 SP1. This service pack includes tons of new features. We covered the complete installation, now we decided to compile a list of our favorite SCCM 2012 R2 SP1 new features and we’ll be describing how to enable them and explain why they made the cut.

Preferred Management Points

Official description from Technet : Preferred management points enable a client to identify and prefer to communicate with a management point that is associated with its current network location or boundary. When configured, a client attempts to use a preferred management point from its assigned site before using a management point from its assigned site that is not configured as preferred.

Basically it means that you can assign your clients to a preferred management points like you did in the past for content (Distribution Points) using boundary groups. Cumulative Update 3 had a similar concept of Management Point affinity but it was not configurable using boundary groups.

Prior to CU3, if you wanted to assign clients to a specific management point, a primary sites or secondary sites were needed as Management Points are not site aware. Stand-alone MP in your hierarchy was just giving your clients new management point to be assign but they were not forced to use them.

This feature could means simplified hierarchy for many organisation.

To use Preferred Management Points:

  • Open the SCCM Console
  • Go to Administration / Site Configuration / Site
  • Click on Hierarchy Settings on the top ribbon

SCCM 2012 R2 SP1 new features

  • In the General Tab, select Clients prefer to use management points specified in boundary groups and click Ok

SCCM 2012 R2 SP1 new features

  • Go to Administration / Hierarchy Configuration / Boundary Groups
  • Create a new boundary group or select an existing one and select Properties
  • On the Reference tab
  • You’ll notice that the text has been modified to add Management Points to the list of site system servers
  • Click Add and select your desired management points

SCCM 2012 R2 SP1 new features

All clients in that specific boundary group will now be using the selected Management Point.

Task Sequence Retry

Task Sequence logic has been modified to have the ability to configure retry options for when a computer unexpectedly restarts during the Install Application or Install Software Updates steps.

If you’re heavily deploying computer using OSD, you certainly remember the list of software update which requires multiple restart that made your SCCM Task Sequence to fail . Prior to SCCM 2012 R2 SP1, the task sequence step does not retry and cannot suppress restarts so the software update installation fails if a restart occurs.

This is now fixed, here’s how to enable this feature:

  • Open the SCCM Console
  • Go to Software Library / Operating Systems / Task Sequences
  • Right-click your Task Sequence and select Edit
  • Go to the Install Software Update step
  • On the right pane, select the Options tab
  • Select Retry this step if the computer unexpectedly restarts and specify how many times to retry after a restart

SCCM 2012 R2 SP1 new features

Automatic Client Upgrade

You can now exclude servers from automatic client upgrade. This is self-explanatory and it’s a nice addition for upgrading your clients.

  • Open the SCCM Console
  • Go to Administration / Site Configuration / Site
  • Click on Hierarchy Settings on the top ribbon
  • On the Automatic Client Upgrade tab
  • A new check box Do not upgrade servers has been added to exclude servers

SCCM 2012 R2 SP1 new features

Deployment Verification

Did you ever deployed a required task sequence to the All Systems collection? I hope not, Deployment Verification will help avoid human mistakes by defining a risky OS deployment.

You define a maximum size of a collection to be displayed/hidden when creating Task Sequence deployments. This feature only applies to Operating System deployment and it’s not possible for Packages and Applications.

  • Open the SCCM Console
  • Go to Administration / Site Configuration / Site
  • Right-click your site and select Properties
  • You’ll have a new Deployment Verification tab
  • Select the value for your maximum collection size and the action you want to do on collection that contains site system servers

SCCM 2012 R2 SP1 new features

  • Go to Software Library / Operating Systems / Task Sequences
  • Right-click a Task Sequence and select Deploy
  • A warning will prompt saying that your deployment is a high risk deployment

SCCM 2012 R2 SP1 new features

  • On Select Collection screen, you’ll notice that some collections are hidden based on the settings you previously configured

SCCM 2012 R2 SP1 new features

Import Driver

In order to improve driver management, the Import Driver wizard  has a new validation phase and new filters were created to hide certains drivers.

  • Open the SCCM Console
  • Go to Software Library / Operating Systems / Drivers
  • Right-click Drivers and select Import Drivers
  • Enter your UNC path to your driver location and click Next
  • The new validation phase is in progress
    • Note that this is painfully slow. I’ve tested this in 3 environments and enumerating my drivers takes up to 5 minutes. There’s a Connect Bug filled for this, upvote it if you’re having the issue.

SCCM 2012 R2 SP1 new features

  • Once the validation phase is completed you see the new filters and new UI which is much more intuitive

SCCM 2012 R2 SP1 new features

When adding drivers to boot images, you have the same filters which allows to hide non storage/network drivers and hide drivers that do not match the architecture of the boot image.

The grid view gives a much more comprehensive view without having to click each drivers to see their details.

  • Open the SCCM Console
  • Go to Software Library / Operating Systems / Boot Images
  • Right-click your boot image and select Properties
  • You see the new UI which gives more details about drivers imported

SCCM 2012 R2 SP1 new features

  • Select the star icon to add new drivers to the boot image
  • You see the new filters and new UI which is much more intuitive

SCCM 2012 R2 SP1 new features

Configuration Manager and Microsoft Intune

There’s so many new functionalities and changes in SP1 that we will create a blog post just for that. In this post we decided to talk about the Compliance Policy feature.

In short, Compliance Policy is Desired Configuration Manager for mobile devices without remediation possibility. Yes, you could already do DCM for mobile before SP1 but Microsoft decided to implement it as a new feature in SP1. Maybe a long term plan is to remove all mobile platform from DCM but that’s just speculation.

A major difference of Compliance Policy compared to DCM is that you don’t need to create a Configuration Baseline in order to deploy it. You create the Compliance Policy and you deploy it. Simple as that.

To create a Compliance Policy :

  • Open the SCCM Console
  • Go to Assets and Compliance / Compliance Settings / Compliance Policies
  • Right-click Compliance Policies and select Create Compliance Policies

SCCM 2012 R2 SP1 new features

  • On the General tab, enter a Name, Description, severity for noncompliance and click Next

SCCM 2012 R2 SP1 new features

  • On the Supported Platforms, select the platform and click Next
    • For our post, we’ll create a policy for Windows Phone

SCCM 2012 R2 SP1 new features

  • On the Rules tab, select the desired rules and click Next
    • For now there’s not as much option as in DCM, we choose to create a policy for passwords

SCCM 2012 R2 SP1 new features

  • On the Summary tab, review your settings and click Next

SCCM 2012 R2 SP1 new features

  • Once created, the only step left is to deploy your policy. Right-click your policy and select Deploy

SCCM 2012 R2 SP1 new features

  • On the Deploy Compliance Policy window, select your users Collection to deploy the policy, the Alert settings, the Evaluation Schedule and click Ok

SCCM 2012 R2 SP1 new features

There still tons of new features that we’ve not covered in this blog post. We’re still playing with mobile devices features and we’ll certainly make a part 2 post covering thoses.

That’s it for now, what’s your favorite SP1 feature ?

Managing Azure Active Directory joined devices with Microsoft Intune

Posted on Updated on

If you haven’t already seen it, Alex Simons just published a great post on Azure AD Join and the benefits it provides. In this post, I’m going to look at how to join Microsoft Intune and the Enterprise Mobility Suite (EMS) to Azure AD to light up some amazing scenarios.

I can’t even count the number of times I’ve talked to customers about a future scenario where they can finally tell their mobile end users: “Here’s a stipend, now go to an electronics store and buy a device for work.” Another variation of that discussion is simply sending a factory-imaged device from your OEM directly to the end user, and then through the power of an AAD account, the device can be business-ready in minutes.

Neither of these dreams have ever come about – primarily because todays devices have needed to come on premises to get imaged and domain joined. Because of the necessity of this on-prem step, IT has often had to buy and provision devices for the end user so that they can be properly managed and secured.  This adds up to some real costs and real delays in getting the device to the end-user.

At long last, that future scenario is – finally! – nearly here. By joining a Windows 10 device to Azure AD it is extremely easy for end users to get the benefits of single sign-on, OS state roaming, and more (see the aforementioned blog post from Alex for more details).

Another new (and incredibly powerful) part of joining Azure AD is the ability to automatically enroll the device in Microsoft Intune. From my customer visits I’ve learned that device enrollment is the single largest challenge organizations have in bringing mobile devices under management. Microsoft has worked exhaustively to dramatically simplify this process, and there is some great work that we have done in this area around Azure AD join.

Imagine how this can work for you:  Through the power and simplicity of a highly secure Azure AD account, users can immediately get access to corporate resources and the applications they need to be productive, while IT can be assured that those devices are secured for access (through Azure AD) and policy (through Intune) from the first minute of business life. Customers can also optionally choose to upgrade from Pro to Enterprise by simply passing a key through Intune. This means easily adding additional management (as afforded by the Enterprise SKU) simply by passing this key – there isn’t even a need to reimage!

Additionally, key access controls (like conditional access to e-mail, and OneDrive through Intune enrollment, and compliance assessment) are all assured from the start of a device’s life! All the user has to do is enter their Azure AD account. It’s just that simple.

Here are two key scenarios that are going to simply the lives of many IT Pros:

  1. New device out-of-the-box:
    Open the box and log in with your Azure AD account. This triggers enrollment into Microsoft Intune. Check out this blog for step-by-step screenshots of the experience.
  2. BYOD device:
    When the user needs to access a corporate documents or resources, they can add a workplace account. Doing this triggers enrollment into Microsoft Intune. This blog post has step-by-step screenshots and instructions.

Getting all of this set up is easy:


In the Azure AD administrative experience you just need to define:

  • MDM Enrollment URL for Intune so that devices know how to reach the MDM service.
  • MDM terms of uses URL which is your customized disclaimer that our end users see prior to enrolling their device into management.
  • MDM compliance URL which is the Intune Portal where end users go to remediate if their device is blocked due to Conditional Access policies.

I know what you’re thinking: “When should I consider joining Windows 10 devices to Azure AD?

The answer is pretty simple: It comes down to choosing between Azure AD join + Microsoft Intune versus AD join + Group Policy + System Center Configuration Manager.

In Windows 10, the inbox management agent has been greatly enhanced to cover a myriad of new policy settings, but it will be a subset of what on-premises AD Group Policy provides today.

I really like the approach Windows 10 took to smartly implement key policy settings via the inbox agent – and we also think that, for most customers, it won’t be an all-or-nothing decision. Instead, I expect it to be a choice based on the elements like the department, the specific job function, and other criteria.

Here are a couple of key questions to see if a device is right for Azure AD join or not:

  1. Do you have devices that only run cloud apps or apps being exposed through the AAD App Proxy? If so Azure AD join is optimized for these types of apps.
  2. Is the Windows 10 MDM/Inbox agent functionality sufficient for managing the device and its apps? For example, the apps on a device do not require AD group policy for configuration settings. As you become more familiar with the capabilities built into the MDM channel in Windows 10, you’ll be able to make the call if those capabilities are sufficient.

If you answer “yes” to these questions – for either a subset or all of your devices – then you’re likely ready to deploy and gain the benefits of joining Windows 10 devices to Azure AD and Microsoft Intune.

You’ll definitely want to become increasingly familiar with the new management and enterprise capabilities of Windows 10 (which are all exposed via the MDM/Inbox agent). Some of the new capabilities like Enterprise Data Protection, Certificate management, Lockdown policies, and Device Guard are exposed are particularly noteworthy. For organizations that are moving entirely (or mostly) to the cloud, AAD + Intune is a fantastic solution.

Many of you will want to apply these new capabilities along with the SCCM capabilities you’re already using. We have built the MDM/Inbox agent to co-exist and interoperate with the SCCM agent on the same device for this purpose. I suspect this is how many Enterprise organizations will operate.

More to come in the next couple weeks

What are malware, viruses, Spyware, and cookies, and what differentiates them ?

Posted on Updated on

“Malware” is short for malicious software and used as a single term to refer to virus, spy ware, worm etc. Malware is designed to cause damage to a stand alone computer or a networked pc. So wherever a malware term is used it means a program which is designed to damage your computer it may be a virus, worm or Trojan.

Worms are malicious programs that make copies of themselves again and again on the local drive, network shares, etc. The only purpose of the worm is to reproduce itself again and again. It doesn’t harm any data/file on the computer. Unlike a virus, it does not need to attach itself to an existing program. Worms spread by exploiting vulnerabilities in operating systems

Examples of worm are: – W32.SillyFDC.BBY

Due to its replication nature it takes a lot of space in the hard drive and consumes more cpu uses which in turn makes the pc too slow also consumes more network bandwidth.

Virus is a program written to enter to your computer and damage/alter your files/data. A virus might corrupt or delete data on your computer. Viruses can also replicate themselves. A computer Virus is more dangerous than a computer worm as it makes changes or deletes your files while worms only replicates itself with out making changes to your files/data.

Examples of virus are: – W32.Sfc!mod

Viruses can enter to your computer as an attachment of images, greeting, or audio / video files. Viruses also enters through downloads on the Internet. They can be hidden in a free/trial softwares or other files that you download.

So before you download anything from internet be sure about it first. Almost all viruses are attached to an executable file, which means the virus may exist on your computer but it actually cannot infect your computer unless you run or open the malicious program. It is important to note that a virus cannot be spread without a human action, such as running an infected program to keep it going.

Virus is of different types which are as follows.

1) File viruses
2) Macro viruses
3) Master boot record viruses
4) Boot sector viruses
5) Multipartite viruses
6) Polymorphic viruses
7) Stealth viruses

File Virus:-This type of virus normally infects program files such as .exe, .com, .bat. Once this virus stays in memory it tries to infect all programs that load on to memory.

Macro Virus: – These type of virus infects word, excel, PowerPoint, access and other data files. Once infected repairing of these files is very much difficult.

Master boot record files: – MBR viruses are memory-resident viruses and copy itself to the first sector of a storage device which is used for partition tables or OS loading programs .A MBR virus will infect this particular area of Storage device instead of normal files. The easiest way to remove a MBR virus is to clean the MBR area,

Boot sector virus: – Boot sector virus infects the boot sector of a HDD or FDD. These are also memory resident in nature. As soon as the computer starts it gets infected from the boot sector.
Cleaning this type of virus is very difficult.

Multipartite virus: – A hybrid of Boot and Program/file viruses. They infect program files and when the infected program is executed, these viruses infect the boot record. When you boot the computer next time the virus from the boot record loads in memory and then start infecting other program files on disk

Polymorphic viruses: – A virus that can encrypt its code in different ways so that it appears differently in each infection. These viruses are more difficult to detect.

Stealth viruses: – These types of viruses use different kind of techniques to avoid detection. They either redirect the disk head to read another sector instead of the one in which they reside or they may alter the reading of the infected file’s size shown in the directory listing. For example, the Whale virus adds 9216 bytes to an infected file; then the virus subtracts the same number of bytes (9216) from the size given in the directory.

Trojans: – A Trojan horse is not a virus. It is a destructive program that looks as a genuine application. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users/programs access to your system, allowing confidential and personal information to be theft.

Example: – JS.Debeski.Trojan

Trojan horses are broken down in classification based on how they infect the systems and the damage caused by them. The seven main types of Trojan horses are:
• Remote Access Trojans
• Data Sending Trojans
• Destructive Trojans
• Proxy Trojans
• FTP Trojans
• security software disabler Trojans
• denial-of-service attack Trojans

Adware: – Generically adware is a software application in which advertising banners are displayed while any program is running. Adware can automatically get downloaded to your system while browsing any website and can be viewed through pop-up windows or through a bar that appears on a computer screen automatically. Adwares are used by companies for marketing purpose.

Spywares: – Spyware is a type of program that is installed with or without your permission on your personal computers to collect information about users, their computer or browsing habits tracks each and everything that you do without your knowledge and send it to remote user. It also can download other malicious programs from internet and install it on the computer.Spyware works like adware but is usually a separate program that is installed unknowingly when you install another freeware type program or application.

Spam: – Spamming is a method of flooding the Internet with copies of the same message. Most spams are commercial advertisements which are sent as an unwanted email to users. Spams are also known as Electronic junk mails or junk newsgroup postings. These spam mails are very annoying as it keeps coming every day and keeps your mailbox full.

Tracking cookies: – A cookie is a plain text file that is stored on your computer in a cookies folder and it stores data about your browsing session. Cookies are used by many websites to track visitor information A tracking cookie is a cookie which keeps tracks of all your browsing information and this is used by hackers and companies to know all your personal details like bank account details, your credit card information etc. which is dangerous .

Misleading applications: – Misleading applications misguide you about the security status of your computer and shows you that your computer is infected by some malware and you have to download the tool to remove the threat. As you download the tool it shows some threats in your computer and to remove it you have to buy the product for which it asks some personal information like credit card information etc. which is dangerous.

SEP Times in the City: A Helpful Symantec Endpoint Protection Analogy

Posted on Updated on

Quoted from a Symantec employee’s article. very nice read.


This is the eighth of an informal series on how to keep your enterprise environment secure using often-overlooked capabilities of Symantec Endpoint Protection (and the OS upon which it functions).

In the spirit of A Helpful LiveUpdate Administrator 2.x Analogy, here is an offbeat way to understand the various components that comprise the Symantec Endpoint Protection suite of security.

Wait, SEP is Not Just Antivirus?

AV alone is not enough against today’s sophisticated threats.  Symantec AntiVirus (an AV alone product) reached its end of life years ago.  Today’s SEP is a whole collection of security technologies that complement each other.  A flashy video introduction to each of the technologies:

Move Beyond Antivirus with Intelligent Security (3:05)

But, I am a crime fiction fan and like to image it differently….

Think of your Computer as a City.

Your computer has resources, pathways, people and cars running around, new stuff, old stuff, infrastructure, laws, onramps to the good old Information Superhighway.  There’s usually an Irish pub to be found in there, too (or at least vacation photos from one).  There’s work done in this place, and fun, and important business.  Some of it is frequently visited and kept shiny and new.  Some of its districts were built many years ago and are seldom visited.  Other regions became defunct and are no longer used for their original purpose but have not yet been knocked down.  Bad things happen in these places, even in broad daylight.

Is this a Walled City or Wide-Open?

A traditional Windows XP machine, freshly installed, is wide-open.  (The original releases of it were really not designed with security in mind.)  Think of it as on a plain with rivers, roads, hiking trails running into and out of it.  It’s easy for legitimate traffic and illegitimate to slip in and out.

Now install Network Threat Protection, SEP’s Firewall component.  This has thrown a big wall up around it, a control to ensure that connections are only made through approved points of entry.

Beyond Antivirus with NTP

A Ha! I’ve Heard a Story About A Trojan Horse and a Walled City.

You’re catching on to the analogy!

Who’s Keeping Watch inside the City?

The AntiVirus component is like the city’s police force.  There are patrols on watch, pouncing on any dangerous actor or illegal process as soon as it kicks off (Auto-Protect).   Hopefully the force is also carrying out raids on a suspicious premises and manhunts searching for suspicious activity (scheduled scans and manual scans).  This police department is briefed several times per day on the latest dodgy characters to watch for (new definitions) but they also have street sense that can tell when something’s not right, even without a specific mug shot (heuristics).

Of course, the most important cop in town is the Chief of Police (security admin of the computer).  There may be national laws that guide how the Chief can work (company policies and security configurations) but all reports and information should ultimately cross the Chief’s desk, prompting any necessary reactions.

What’s Stopping Bad Stuff from Coming into Town?

One of the most powerful tools is IPS.  Think of this as the (unfairly underrated) Postal Inspection Service: it inspects all the packets on the way into or out of the city and stops what it knows to be malicious before any harm is done.  PIS (and IPS) can work efficiently on a massive scale without interfering with legitimate traffic.  Not only that, it has the power to determine who sent the dangerous package so that it can be tracked down.

IPS is absolutely crucial.  It is the most effective defense against drive-by downloads.

Blocked by Symantec Endpoint Protection

Not all Security in a City belongs to the Police Force.

True.  Think of all the bouncers on duty at all the pubs, clubs, shops and bars.  SEP’s SONAR component  (also known as BASH and as Proactive Threat Protection) is similarly behavioral based.  It jumps into action whenever a process starts making trouble.  “I don’t care who you are, you’re not acting like that in here!”

It can also be an excellent source of intelligence about which residents of the city should be on the chief’s radar.

Using SEPM Alerts and Reports to Combat a Malware Outbreak

ADC?  Is that like FBI?

Well, it’s three letters.  Application and Device Control (ADC) is SEP’s optional component which lets the administrator create powerful custom policies for their environment.

For example: say there is a problem with hoodie-wearing skateboard kids hanging out in public squares.  Skateboarding is not a crime (the program that does not meet Symantec’s criteria for detection), but the Chief of police wants to block this.  It’s possible to put through a local ordinance (ADC policy) that will prevent that behavior from running within city limits.

All About Grayware

So Where’s the FBI in this Analogy?

In SEP 12.1 RU5 and above, it is possible for an administrator to remotely send in a special on-demand in-depth kind of scan called Power Eraser.  Like the FBI, this can identify malicious material that other components did not.

Starting Power Eraser analysis from Symantec Endpoint Protection Manager
Article URL: http://www.symantec.com/docs/HOWTO101778

What to do in an Emergency?

If there’s a cataclysmic event, it’s possible for the Chief to lock the city down.  Putting the National Guard or Army on the streets enforcing a strict curfew is an extreme measure, but it is sometimes done.   SEP offers the ability to take similar drastic action with System Lockdown.

How to utilize SEP 12.1 for Incident Response – PART 2

What about Download Insight?  And the Mail Plug-In Components?

These are speciailized divisions of the police force, whose duties focus them on one specific area.   Think of that as Special Branch watching the train station, questioning shady-looking newcomers to ensure they are not up to no-good.  (Download Insight scans certain executable file types when they arrive through particular portals, stepping in to block those who have a bad or unknown reputation)

Symantec Endpoint Protection 12: Insight

SEP’s mail plug-ins focus in on scanning the incoming email traffic.  They are a line of defense against mail-borne threats the same way that transit police maintain a presence only on the subway.

How about Private Investigators?

In certain instances it can be useful for third-party tools to be used to identify and bring down especially crafty adversaries.  Tools from Microsoft’s Sysinternals are an excellent example: they can provide a researcher with unbeatable insight into the murky depths of Windows Operating Systems.

Just like in countless books and movies, though, these third-parties can sometimes conflict with the official investigators.  It is a bad idea to attempt running more than one file-based scanning tool on a computer at one time, for instance.

Does all this Eliminate Crime?

There will be some level of crime even in a real-world walled city with a robust police force, FBI, border guards, bouncers and every other form of security personnel.  Incidents will occasionally happen.  The same is true of computers.

Cybercrime, like all crime, cannot ever completely be stamped out.  No matter what Symantec or any other security vendor does, there will be malware authors who will (for instance) send out mails with malicious “Financial Trojan” attachments designed to steal banking information.  These are sophisticated operations with their own QA departments who test that the newly-minted malware can evade the latest security products. Some of these new samples inevitably slip past defenses, for a short while at least.

What SEP (and real-world security) can do is reduce the risk.  A city defended only by a police force has a degree of security, but one protected by police, walls, and several agencies with specific focused missions is far safer.  The more components there are involved in the effort, the more effective it will be at preventing harm.  Use every protection you can!

Add or remove features to existing Endpoint Protection clients
Article URL: http://www.symantec.com/docs/TECH90936

The organized gangs of bad guys are unlikely to settle down and take up legitimate jobs, but ample defenses can prompt them move on to another town.

Back to the Real World: After Deploying All SEP Compoennts, What Else Can We Do?

  • Don’t be an easy target. Ultimately it is up to you to make sure that your doors and windows are locked, your valuables are secured, and that careless behavior does not make crime easy.  The computer equivalent is to keep computers patched, ensure passwords are unique and strong, and that employees are trained against the approaches that malware takes today.
  • Be familiar with what’s going on in the threat landscape.  To be aware of the your attackers’ tactics, techniques and trends, read sources of information like the annual Internet Security Threat Report, the monthly Symantec Intelligence Report and Symantec’s Security Response Blog.
  • Be familiar with what is going on in your environment.  The Symantec Endpoint Protection Manager (SEPM) is a fantastic source of intelligence about malicious and suspicious activity in your network.  Its reporting and alerting capabilities can inform administrators of suspicious files and infected computers in the network.  See Using SEPM Alerts and Reports to Combat a Malware Outbreak for examples.
  • Have a plan in place.  Respond to threats. If suspicious activity is seen, react to it!

Virus removal and troubleshooting on a network

  • Identify and submit undetected samples to Security Response.  There are approximately one million new malicious files created per day.  Security Response can build defenses against them once we have received a copy.   See Symantec Insider Tip: Successful Submissions for details, and be aware that new Rapid Release definitions are released approximately every hour in response to the latest known malicious files.  Definitely a good idea to implement these at your mail gateway!
  • Learn from incidents and developments so you do not get hit again.

The Day After: Necessary Steps after a Virus Outbreak


Many thanks for reading!  If you’d like to do some additional reading, this article’s title is a play on Gold Dagger Award winner Gene Kerrigan’s fantastic crime novel Dark Times in the City. Well worth tracking down!

SQL Server 2016 first public preview now available

Posted on Updated on

Three weeks ago at Microsoft Ignite, we announced SQL Server 2016, the next major release of Microsoft’s flagship database and analytics platform, as well key innovations in the release.  Today we are pleased to announce the first public Community Technology Preview (CTP2) for SQL Server 2016.  This public preview gives an early look into many of the capabilities in the release and allows early adopters to get engaged by testing the preview in their environments or via a virtual machine in Microsoft Azure.

SQL Server 2016 provides breakthrough performance for mission critical applications and deeper insights on your data across on-premises and cloud. Top capabilities for the release include: Always Encrypted – a new capability that protects data at rest and in motion, Stretch Database – new technology that lets you dynamically stretch your warm and cold transactional data to Microsoft Azure, enhancements to our industry-leading in-memory technologies for real-time analytics on top of breakthrough transactional performance and new in-database analytics with R integration.

Unique in this release of SQL Server, we are bringing capabilities to the cloud first in Microsoft Azure SQL Database such as Row-level security and Dynamic Data Masking and then bringing the capabilities, as well as the learnings from running these at hyper-scale in Microsoft Azure, back to SQL Server to deliver proven features at scale to our on-premises offering.  This means all our customers benefit from our investments and learnings in Azure.

Key Capabilities in SQL Server 2016 CTP2

Always Encrypted

Always Encrypted, based on technology from Microsoft Research, protects data at rest and in motion. With Always Encrypted, SQL Server can perform operations on encrypted data and best of all, the encryption key resides with the application in the customers trusted environment. Encryption and decryption of data happens transparently inside the application which minimizes the changes that have to be made to existing applications.

Stretch Database

This new technology allows you to dynamically stretch your warm and cold transactional data to Microsoft Azure, so your operational data is always at hand, no matter the size, and you benefit from the low cost of Azure.  You can use Always Encrypted with Stretch Database to extend data in a more secure manner for greater peace of mind.

Real-time Operational Analytics & In-Memory OLTP

For In-Memory OLTP, which customers today are using for up to 30x faster transactions, you will now be able to apply this tuned transaction performance technology to a significantly greater number of applications and benefit from increased concurrency.  With these enhancements, we introduce the unique capability to use our in-memory columnstore delivering 100X faster queries on top of in-memory OLTP to provide real-time operational analytics while accelerating transaction performance.

Additional capabilities in SQL Server 2016 CTP2 include:

  • PolyBase – More easily manage relational and non-relational data with the simplicity of T-SQL.
  • AlwaysOn Enhancements – Achieve even higher availability and performance of your secondaries, with up to 3 synchronous replicas, DTC support and round-robin load balancing of the secondaries.
  • Row Level Security– Enables customers to control access to data based on the characteristics of the user. Security is implemented inside the database, requiring no modifications to the application.
  • Dynamic Data Masking – Supports real-time obfuscation of data so data requesters do not get access to unauthorized data.  Helps protect sensitive data even when it is not encrypted.
  • Native JSON support – Allows easy parsing and storing of JSON and exporting relational data to JSON.
  • Temporal Database support – Tracks historical data changes with temporal database support.
  • Query Data Store – Acts as a flight data recorder for a database, giving full history of query execution so DBAs can pinpoint expensive/regressed queries and tune query performance.
  • MDS enhancements – Offer enhanced server management capabilities for Master Data Services.
  • Enhanced hybrid backup to Azure – Enables faster backups to Microsoft Azure and faster restores to SQL Server in Azure Virtual Machines.  Also, you can stage backups on-premises prior to uploading to Azure.

Ongoing preview updates – Coming soon!

New with SQL Server 2016, customers will have the opportunity to receive more frequent updates to their preview to help accelerate internal development and test efforts.  Instead of waiting for CTP3, customers can choose to download periodic updates to CTP2 gaining access to new capabilities and features as soon as they are available for testing.  More details will be shared when the first preview update is available.

Download SQL Server 2016 preview today!

Now that you have seen the many exciting capabilities included in SQL Server 2016 CTP2, be sure to download the preview or trial the preview using a virtual machine in Microsoft Azure and start evaluating the impact these new innovations can have for your business.  Also, be sure to share your feedback on the new SQL Server 2016 capabilities using Microsoft’s Connect tool.

As the foundation of our end-to-end data platform, with this release we continue to make it easier for customers to maximize their data dividends. With SQL Server 2016 you can capture, transform, and analyze any data, of any size, at any scale, in its native format —using the tools, languages and frameworks you know and want in a trusted environment on-premises and in the cloud.

利用 Azure CDN 發佈靜態網站 – Microsoft Azure 中文部落格

Posted on Updated on


在 Azure 上建立網站有相當多的選項。包括使用 Azure App Service Web Apps (舊名 Azure Websites )、Azure Cloud Service,甚至是直接使用 Azure Virtual Machine 皆能夠達到這些目的。當然這些方式都各有各的優缺點及優勢存在,而使用哪一個完全取決於使用者的需求。

若是您的服務只是一個靜態網站, 只有內容呈現,而無資料處理。此時使用 Azure App Service Web Apps (舊名 Azure Websites )、 或是 Azure Virtual Machine等雲端解決方案,就顯得有點浪費,因為您除了需要負擔較為昂貴的設備租用費用,還可能要面臨較為複雜的開發流程。因此本篇文章將介紹一個最 簡單的方式,使用 Azure Blob Storage 佈署一個靜態網站 ,(靜態網站可能包含 Flash、圖片、影片、Javascript、CSS 等常見元素),並且再透過 Azure CDN 來增加網站的承載負載能量。

1. 建立 Azure Storage Account 與佈署靜態網站

首 先我們需要建立一個 Azure Storage Account,並且此帳戶下建立許多 Public Blob 來存放靜態網站所需要的頁面和素材。這裡需要注意的是,在建立 Public Blob 時,命名方式可以使用較淺顯易懂的方式,能夠讓您整個網站的結構較為清晰且容易維護。


使用 Azure Storage BLOB 存放靜態網站的範例

您 可以依照上圖範例所示,開發者將網站的頁面 HTML、Javascript 放在名為 ”Page” 的 Public Blob 容器 (Container) 中,而將網站內部的內容例如 : 圖片、影片則放在名為 ”Contents” Public Blob 容器 (Container) 中,您也可以依照目前的網頁路徑規劃其他之置放方式。

透過 Azure 入口網站建立 Azure Storage Account


建立一個 Azure Storage Account


使用先前已經新增好的 Azure Storage 帳戶,在最下方工具列選取 ”管理存取金鑰”



儲存體帳戶名稱與主要存取金鑰為下個步驟中,使用免費工具 Azure Storage Explorer 所需要用到的資訊。

以 Azure Storage Explorer 建立 Public Blob 與上傳靜態網站的內容

下載免費的 Azure Storage Explorer 來幫助我們建立Table,您可以參閱此文件,裡面有詳細的使用說明以及載點。


透過 Azure Storage Explorer新增存放網站資料所需的 Public Blob


本篇範例將網站內容分成上圖結構,一共建立四個容器 ( container ),css 專門放置網頁所需的  CSS 檔案,film存放影片,image存放圖片,page 則存放網頁 html 。

建立存放網站內容所需的 Public Blob 之後,您就可以利用熟悉的編輯器來撰寫所需要的 html,並且裡面會用到的 CSS、Javascript、圖片、影片皆能夠透過存放到 Azure Storage Blob 上來進行使用


撰 寫完 HTML 之後,只需要將所有 html 以及網站所用到的所有資源 (CSS、Javascript、圖片、影片) 上傳到前幾個步驟建立的 public Blob 中各對應的容器 ( container ),即完成了靜態網站的佈署。您能夠透過類似以下的網址來連接到您的靜態網站 :


本範例網址為 :


倘若您需要使用公司或組織的 Domain Name,可依據此篇文章的方法,透過 DNS CNAME 的設定方式,將公司或組織的 Domain Name 對應到 Azure Storage blob 的 Domain Name。


透過上述步驟,就能夠將靜態網站佈署到 Azure Storage Blob上

2. 啟用 Azure CDN

佈署完畢靜態網站之後,有些使用者的網站可能為全球性的服務,也因此需要使用 CDN ( Content delivery network ),來將網站內容傳遞到世界各地。而在 Azure 上的託管服務中,Azure CDN 就能夠完成上述使用者的需求。

1. 建立 Azure CDN 服務


在新增 Azure CDN時,就能夠選擇先前發布靜態網站所使用的儲存體帳戶


這個設定動作只需要數秒就可以完成,並且也完成了 Azure CDN 服務的所有設定。但是 Azure CDN服務生效的時間至多需要一小時

以本篇範例來說「http://az763605.vo.msecnd.net/」就是我們用來存取 CDN 的端點,也因此我們也可以透過此網域名稱來進入我們的網站。


不過端點建立的設定無法立即使用,因為 Azure CDN 最多需要 60 分鐘才會生效,也因此在此之前若使用 CDN 網域進入網站只會得到狀態碼 400 (不正確的要求)。同樣地,倘若您需要使用公司或組織的 Domain Name,可以透過 DNS CNAME 的設定方式,將公司或組織的 Domain Name 對應到 Azure CDN 的 Domain Name。


Azure Storage 佈署靜態網站,Azure CDN 將網站內容發佈到包含台灣高雄以及世界各地的端點 (Pop node),以建立快取承載巨量存取並分散流量。透過上述兩個步驟,我們只需要經過簡單的開發流程,並且也省下許多成本,就能夠將網站成功的發佈到世界各 地去了。