Microsoft

Security Quality Rollup Confusion – Windows Updates

Posted on January 20, 2017 by Adam Fowler

Since October 2016, Microsoft have updated their Windows Updates model (for Windows 7, 8.1, Server 2008 R2 SP1 and Server 2012 R2) to a more cumulative approach. To their credit, they had this communicated months before it started, and the word got around long before the first patch rolled out.

At the time I talked to Tom Walat who was reviewing what people thought of this model. There’s been a bit of confusion and changes in the model, including a new one for February 2017 where Internet Explorer will be seperated and have it’s own rollup. If you manage WSUS, you need to be across these changes.

There’s a great detailed blogpost on TechNet about the history and changes, as well as this really useful table:

Windows Updates for 7 and 8.1 table for Feb 2017 (source)

Here;s the TLDR version which is still long, sorry;

Since October 2016 to January 2017, there has been two main update rollups – a Security Monthly Quality Rollup which contains ‘all the patches’. In WSUS, this will have a name like “January, 2017 Security Monthly Quality Rollup for Windows 7”. There is a separate rollup for Windows 7, 8, Server 2008 R2 and 2012 R2. These are cumulative – each Rollup includes all previous rollup patches, but nothing that’s before October 2016. This is the recommended package.

There’s also the similarly named Security Only Quality Update which has just been ‘all the security patches’. This will have a very similar name, e.g. “January, 2017 Security Only Quality Update for Windows 7” again having a separate update for each OS. These are not cumulative, and each needs to be installed seperately. These updates are only required if you’re not doing the monthly rollup for some reason (e.g. one of the updates breaks something in the rollup).

Those both included Internet Explorer, but as of February 2017 that will be it’s own separate set of updates. The IE update set will be cumulative – including all older updates in each new package.

That separate IE set of patches is the Cumulative Security Update for Internet Explorer will be cumulative like the Rollups, where you only need the latest one.

These are big changes and it’s worth getting your head around it all – the end goal is to have only monthly updates for anything older than Windows 10.

There may be future changes as to how this model works, so make sure you keep up to date with what Microsoft is doing in this space.

Remove Microsoft Account or Work Account

Posted on January 17, 2017March 19, 2021 by Adam Fowler

Update 19th March 2021:

Kevin Krouch has a great script you can run across your entire tenant to identify everyone who might have a Microsoft account. Once it’s run, you can run this to only see the ‘True’ results:

$results | where HasMSAccount -eq “True”

Microsoft have an updated article on how to resolve accounts that have both a Microsoft and Work or School account attached.

Original content:

If you’re using Office 365 and/or Azure, you may have run into this scenario. If you want detailed information about Microsoft Accounts vs Work or school accounts, read this comprehensive article.

For people who set up a Microsoft Account on a work email address, and then configured it for Office 365/Azure, you’d be used to seeing this screen every time you log in:

It’s necessary, but annoying when you’re signing in a lot. I’m not sure how long this has been around, but you can change the email address associated with your Microsoft account, and move it away from your work email address.

And you may notice, there’s that ‘Tired of seeing this?’ message. My brain blocked that out, so you can follow that link too :)

Atwork have a writeup on how to change the email address (the first link gives a 404 message, but you’re still in the right place to make the changes). I tested this on my own account, and within a few minutes I was no longer seeing the choice between Work or Personal when signing into Office 365/Azure services.

Combine that with ADFS or Azure AD Connect Pass-Through Authentication to make your Microsoft sign-ins a quicker process!

Microsoft StaffHub General Availability

Posted on January 16, 2017January 16, 2017 by Adam Fowler

Microsoft StaffHub has now globally been released (General Availability). StaffHub is a very simple web and smartphone app based scheduling system, primarily designed for shifts.

It lets admins set and modify member’s shifts, and gives simple day/week/month overviews. I quite like this simplistic approach, sometimes these solutions can be a bit overwhelming when it’s linked to several other Office 365 features that you haven’t used yet.

Microsoft StaffHub

I was honestly up and running with this in 5 minutes, including the tutorial. I’ve invited other staff members as part of adding them, and both web and smartphone views are clean and easy to read. The product itself doesn’t really do anything else – there’s chat options for the app, and file sharing, but it’s perfect for staff that don’t do much (or any) of their work on computers; or just staff that want to be able to see what shift they’re on quickly.

One point of confusion I noticed, was the invite it sends out to staff you invite only wants them to use the smartphone app, and that link won’t work from a browser. They’ll need to manually go to https://staffhub.office.com for the browser experience.

Microsoft have a great starter page along with video showing how it works. There doesn’t seem to be any integration with other systems – It’d be nice to be able to send shifts as calendar appointments and maybe we’ll see that in the future.

It’s part of the Office 365 suite, so if you already have a license you should be able to go to http://staffhub.ms/ and start playing.

Searching Multi-Valued Properties in PowerShell

Posted on January 12, 2017January 12, 2017 by Adam Fowler

I’ve been playing with Office 365 commands in PowerShell and had to do a search. Sounds simple, but depending on what you’re searching, some scenarios are less basic than others.

Everything in PowerShell is an object. Usually, a property in PowerShell has a single value, such as:

UserPrincipalName: [email protected]

which is one of the results from Get-MsolUser. However, another property is different:

AlternateEmailAddresses: {[email protected]}

Visually, the difference is just the {} braces that contain the value. These braces mean that the property has been built to contain multiple items, rather than a single item.

If I wanted to see a list of all UserPrincipalNames, I’d use this command:

Get-MsolUser -all | select UserPrincipalName

A nice list of UPNs would display on the screen. However, that same command against AlternateEmailAddress, all that comes up is a bunch of blank lines.

To make this work, we need to select the value and show all the expressions of each value:

get-msoluser -all | select @{Name=“AlternateEmailAddresses”;Expression={$_.AlternateEmailAddresses}}

To then search on those values with the ‘where’ command, you’d have to write it like this:

get-msoluser -all | select @{Name=“AlternateEmailAddresses”;Expression={$_.AlternateEmailAddresses}} | where {$_.AlternateEmailAddresses -like "*contoso*"}

The good news is, for a where search by itself, you can forget all that and go back to basics:

Get-MsolUser -all | Where AlternateEmailAddresses -like "*contoso*"

Because of this requirement on the Select command, it lead me down the wrong path for a bit. There’s other reading on how to list all the values of a multi-valued property

If you’re still lost and want to get started with PowerShell, try checking out this PowerShell Basics video

Welcome to 2017

Posted on January 4, 2017 by Adam Fowler

Welcome to 2017! I figured this was a great time to reflect over 2016, as well as looking forward to what 2017 holds.

Last year I wrote New Year 2016 Resolutions which is worth a rehash to see how I went:

1. Be more personal in what I do (selectively).
I did this a little, but can probably do it a little more. My last blog post in 2016 was an opinion piece, but I need to do more personal I believe.

2. Get less caught up in particular individuals or situations.
Mostly achieved :) It still happened a few times but I walked away quicker, continue working on this one too.

3. Be more positive
I think I did fairly well on this – I’ll still call someone out on it when I don’t agree, but overall I feel like I didn’t dwell on many negative things.

4. Get more involved in communities
Tick :) I was handed the Adelaide Windows User Group to run, and merged with Adelaide System Center User Community to become Adelaide Windows and System Center Community. I’ve also presented in the user group a few times, as well as another short presentation at itSMF. More presentations needed

5. Helping others
I always want to do this more, but I’ve tried to do this where possible. It’s been happening, which is great!

6. Do more writing
I did more but could have done more again. Will see how 2017 goes, I have a few external posts scheduled, and writing this post is a good start.

You can probably see a theme here – I worked towards what I wanted but felt I could have done more. What will 2017 hold for me then?

I’m off to a pretty good start. I was awarded the Microsoft MVP title in the area of Cloud and Datacenter Management! I can proudly display this logo now:

This category covers all these areas:

Azure Stack
Datacenter Management
PowerShell
Hyper-V
Storage
Networking
High Availability
Installation and Servicing
Enterprise Security
Group Policy
Windows Server for Small & Medium Business
Linux on Hyper-V
Chef/Puppet in Datacenter
Container Management
Linux in System Center/Operations Management Suite

This doesn’t mean I’m a pro at all of them either… don’t bother asking me about Chef/Puppet right now for example, as I’ve never had to use them in real life! If you want to know what a MVP is, have a look at Microsoft’s overview.

Who knows what this new title will bring, but it’s incredibly rewarding to be recognised at this level. I’m hoping to be able to visit Microsoft HQ as part of the MVP Global Summit later this year too :)

I’ve had a huge response to announcing my MVP title which has been very touching in itself; just people bothering to respond with a ‘congratulatons’ is a very nice feeling – thank you all who have!

Beyond that, I’m really going to be continuing on the points I set back at the start of 2016. Nothing’s really changed there, so I’ll continue down that path.

Right now, I aim to make the most of being an MVP and continuing to do what I do; there’s always lots more to learn, and plenty of opportunities to pass on those new skills and tips.

An area of focus for me will be Azure and Office 365 which is ever changing, and it’s where all the exciting new things are these days ;)

Looking forward to 2017 both work wise and family wise (and continuing to keep the balance between both) – bring it on!

Share this:

Share this:

Share this:

Share this:

Share this: