User Profile
ChrisAtMaf
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Windows Server OSConfig and DSCv3
But it looks like on Windows that's still using PowerShell v2 and not v3. It seems it's using v3 for Linux, however. FYI 'PowerShell DSC 3.0' and 'Microsoft DSC 3.0' aren't the same thing (yes, it's confusing). PowerShell DSC 3.0 is what Machine Configuration uses for Linux, but it shares more in common with PowerShell DSC 2.0 (which is used by MC for Windows) than with Microsoft DSC 3.0 https://learn.microsoft.com/en-us/powershell/scripting/dsc/overview?view=powershell-7.588Views2likes1CommentRe: Report message add-in and Shared Mailboxes
Outlook New is much slower on older hardware and has incomplete support for key features (offline mode, PST, public folders etc). The inbuilt report button is not available across all clients supporting shared and delegate - it is not available on Outlook Classic.130Views0likes0CommentsRe: Report message add-in and Shared Mailboxes
Untrue - it is still unavailable for shared and delegate mailboxes in classic Outlook: The report button is present on shared and delegate mailboxes enabling end users to report emails. Now present on outlook for web, new outlook for windows, outlook for mac, outlook for android and outlook for iOS1.3KViews0likes2CommentsRe: Incomplete SPF record for O365?
'In certain scenarios, messages that are forwarded or relayed via Microsoft 365 are sent using a special relay pool, because the destination shouldn't consider Microsoft 365 as the actual sender... This address pool isn't published because it can change often, and it's not part of published SPF record for Microsoft 365. The forwarded or relayed message should meet one of the following criteria to avoid using the relay pool: The outbound sender is in an accepted domain. SPF passes when the message comes to Microsoft 365. DKIM on the sender domain passes when the message comes to Microsoft 365.' https://learn.microsoft.com/en-us/defender-office-365/outbound-spam-high-risk-delivery-pool-about?view=o365-worldwide#relay-pool121Views0likes0CommentsRe: Hyper-V Server 2022
How is anyone finding Azure Stack HCI? Am aware that it’s the recommended alternative - but the reviews are awful (and for me, credible as anyone who’s tried to use a new Microsoft product since they moved to Azure first and early releases can testify) - released too early, updates break basic functionality due to a lack of testing, slow, ignorant, terrible support). https://www.reddit.com/r/AZURE/comments/1cu3mtl/has_anyone_migrated_from_vmware_to_azure_stack_hci/ https://www.reddit.com/r/sysadmin/comments/1auuzmj/azure_stack_hci/ If it wasn’t for the Azure Hybrid Benefit, there’s no reason to move from Windows Server + Hyper-V role for me. Anyone happy with it?472Views0likes2CommentsRe: Hyper-V Server 2022
ZakGhani I’m not from Microsoft, but have seen one report of a rule not to update any legacy MMCs in Windows Server and that jives with my experience. However Windows Admin Center can manage Hyper-V and can be installed on Windows Server for free. It’s under active development so you could raise feedback about that if it doesn’t do what you want. Have you tried it?816Views0likes7CommentsRe: Hyper-V Server 2022
bmartindcs Great - glad you’re aware of that. In terms of your security concerns, I’m sure you’re aware that having roles and features ‘available to install’, is not the same as having them ‘installed by default’. To compare with other alternatives that you’ve suggested, Proxmox is also based on and uses the ‘standard’ Debian repositories for security updates - it is therefore similarly ‘vulnerable’ to additional feature installs as Windows Server Core + Hyper-V role, assuming that the hypervisor has access to those repos (which is necessary to keep patched) https://pve.proxmox.com/wiki/Package_Repositories#_repositories_in_proxmox_ve XCP-NG is better - it appears it uses dedicated repos with only the relevant packages enabled - but they still allow you to install packages from other repositories using the enablerepo switch in yum - so again, if you’re looking for a hypervisor which is ‘unable’ to have an increased attack surface, rather than having a reduced surface ‘by default’, that may not entirely fit the bill either. https://docs.xcp-ng.org/management/additional-packages/1.7KViews0likes1CommentRe: Hyper-V Server 2022
bmartindcs You’re saying that you wish Microsoft would just offer Windows Server Core w/ Hyper-V role as a ‘free’ license - but for the clients you mentioned, aren’t they licensed for this anyway? Earlier you said: ‘These users all own licenses of Windows Server’. So can’t you just deploy Server Core for them? https://www.microsoft.com/licensing/terms/productoffering/WindowsServerStandardDatacenterEssentials/OL#LicenseModel 'Standard edition permits use of one Running Instance of the server software in the Physical OSE on the Licensed Server (in addition to two Virtual OSEs), if the Physical OSE is used solely to host and manage the Virtual OSEs.'1.8KViews1like4CommentsRe: Microsoft 365 Business Basic in New Outlook
arj-2021-UK According to the article it might take until the middle of this month before you see the changes: When will I see the capability change in the new Outlook for Windows? We began rolling out these improvements on February 1st, 2024. They should reach all users by the middle of February.16KViews2likes0CommentsRe: Microsoft 365 Business Basic in New Outlook
Looks like Microsoft may have listened & relented - according to this blog post today, new Outlook will match the licensing behaviour of old Outlook from February 1st 2024 😄 https://techcommunity.microsoft.com/t5/outlook-blog/how-licensing-works-for-work-and-school-accounts-in-the-new/ba-p/404736119KViews3likes5CommentsRe: Why different broker apps for iOS and Android (not enrolled) when using app protection policies?
NT-DW Actually, after submitting the above, I think the article is correct. I have found the cause of the confusion: The 'Require approved client app' Conditional Access policy requires a broker app to perform device registration - on Android, this can be Microsoft Authenticator, or Microsoft Company Portal. The 'Require app protection policy', and the general Intune App Protection Policy feature require app protection functionality, which on Android is only built into the Company Portal app. In my testing, it seems that the 'Require approved client app' setting by itself can work on an Android device with Microsoft Authenticator installed. However the 'Require app protection policy' setting, and applying app protection policies in Intune, do require the Company Portal app on Android. This is slightly confusing since often the 'Require approved client app' setting (which can use Microsoft Authenticator or Company Portal on Android) is setup along with app protection policies (which can only use Company Portal on Android). But the current text in the article is actually correct, once you realise that a 'broker app' is not the same as 'app protection functionality'. Perhaps the 'Require app protection policy' section should be worded more clearly: 'The broker app can be Microsoft Authenticator for iOS. On Android the broker app must additionally support app protection functionality, so the only supported broker app for this policy is Microsoft Company Portal for Android devices.'18KViews0likes0CommentsRe: Hyper-V Server 2022
News from Ignite today: New benefit for Software Assurance customers Today we’re introducing a new Azure hybrid benefit for Windows Server customers. We heard your feedback that you want to adopt Azure Stack HCI, but you’re already locked into a Software Assurance contract for Windows Server Datacenter. That’s why, effective today, Enterprise Agreement customers with Software Assurance can exchange their existing licensed cores of Windows Server Datacenter to get Azure Stack HCI at no additional cost. This includes the right to run unlimited Azure Kubernetes Service and unlimited Windows Server guest workloads on the Azure Stack HCI cluster! See the licensing terms for full details. This new benefit dramatically reduces the cost of modernizing your Hyper-V environment to Azure Stack HCI. Activate the benefit directly from the Azure Portal on your cluster’s Configuration page https://techcommunity.microsoft.com/t5/azure-stack-blog/what-s-new-for-azure-arc-and-azure-stack-hci-at-microsoft-ignite/ba-p/3650949 Elden_Christensen This is good news, although note that this is for Enterprise Agreements. Are there any plans to extend this to other licensing models such as Open License and Open Value Subscription?5.4KViews2likes5CommentsRe: Hyper-V Server 2022
DavidYorkshire wrote: We are seeing this in other areas too - e.g.. the Office 365 Enterprise apps not being supported on Server 2022, which makes that OS largely useless as a terminal services session host - and the main alternative is AVD, which can only be run on Azure services. I thought Office 2021 LTSC is supported on Server 2022? https://www.microsoft.com/en-gb/microsoft-365/microsoft-365-and-office-resources?rtc=1#coreui-heading-kg69bnh4.6KViews0likes12CommentsRe: Hyper-V Server 2022
Hi SpenceFoxtrot, I'm not sure the Microsoft product terms allow you to do what you're describing, but at the end of the day that's between you and any Microsoft auditors. The only thing I'd suggest you might consider is that Disaster Recovery Rights under Software Assurance exist for a reason. Kind regards, Chris5.2KViews0likes1CommentRe: Hyper-V Server 2022
Hi AdamB2395, Going to have to stop replying to messages soon as it'll probably wind up everyone else subscribed to this thread (and I'm not an expert in Microsoft licensing, check with a reseller) but as far as I am aware, yes, you just 'say' that is what you are doing. I guess this is where it would be a good idea to formally document that decision so that you could demonstrate you had taken the product terms into account if you had a Microsoft auditor come knocking. So yes, if you failed over, I guess you could formally make that declaration. But bear in mind: You can't fail over from the primary server for the first 90 days after installing the product unless the primary server suffered permanent hardware failure or loss. You need to fail over all of the VMs on a given server to the backup server; the licenses are assigned to the physical server in its entirety, not the VMs itself, and you can't split them between two servers. Unless the backup server suffered permanent hardware failure or loss you would be ineligible to move services back to the original server for 90 days. If the primary or backup server had an intermittent or temporary hardware failure and failed back before 90 days had passed (which could happen automatically under some replication scenarios), you'd be in breach. I would investigate to see if you can disable any automatic failover functionality so that you know failover is always a manual process. All of this presumes you are using retail or volume licenses. OEM licenses of the kind you purchase 'with' hardware can't be reassigned between servers. I'm not paid to give you advice though, if you've got further questions probably best to ask a Microsoft reseller who is paid to get it right!5.2KViews0likes1CommentRe: Hyper-V Server 2022
Hi AdamB2395, If I understand the product terms correctly, it applies to replication situations within any hypervisor product, if the purpose of the replication is to temporarily run the 'backup' replicated virtual machine in the event of disaster recovery. In the general Microsoft product terms for all products there is this statement on 'License Assignment and Reassignment': 'Before Customer uses software under a License, it must assign that License to a device or user, as appropriate. Customer may reassign a License to another device or user, but not less than 90 days since the last reassignment of that same License, unless the reassignment is due to (i) permanent hardware failure or loss... (the other reasons are irrelevant here). Customer must remove the software or block access from the former device or to the former user. ' https://www.microsoft.com/licensing/terms/en-US/product/ForallSoftware/OVOVS There is nothing against creating a backup of a virtual machine that is never run (after all, that's just normal backup procedure) - but in order to run that backup on a separate piece of hardware, you either need to formally reassign the license to the new product - which involves removing the software or blocking access from the former device - and then you have to bear in mind the rules above that you can't transfer back for another 90 days, unless the reassignment is due to permanent hardware loss - or you could make your life simple and obtain Software Assurance to gain the Disaster Recovery Rights that I mentioned before. 'For each Instance of eligible server software Customer runs in a Physical OSE or Virtual OSE on a Licensed Server, it may temporarily run a backup Instance in a Physical OSE or Virtual OSE on... another one of its Servers dedicated to disaster recovery.' You could probably imagine a situation where you could 'live with' the license reassignment rights with a limited kind of replication (if your two servers were identical, and you were pretty sure that you would just leave your 'backup' server running in the event of a failover even if you repaired the old one - and it would get more complicated if your backup server itself failed) but it'd get needlessly complicated and it would only seem sensible to use the Disaster Recovery Rights as the cheapest and most sensible way to do what you want.5.2KViews0likes6CommentsRe: Hyper-V Server 2022
In terms of basic licensing costs, having reviewed the issues raised in this thread, in summary there are just a few broad scenarios under which losing access to the dedicated Hyper-V Server SKU is going to have an impact on licensing costs or cause other issues while the option to run Windows Server Core Standard or Datacenter with the Hyper-V role still exists. It will no longer be possible to install or upgrade to a later version of Hyper-V Server on the hypervisor host without paying the upgrade cost for the latest version of Windows Server Standard or Datacenter. So you will no longer be able to run Hyper-V Server 2022 when you only have guest OSE licenses purchased for Windows Server 2019 or below. It will no longer be possible to use Hyper-V Server in situations where none of the guest OSEs are running Windows Server - for example, running all-Linux, or BSD, or other non-Microsoft services, or all Windows client operating systems in VDE deployments. In certain edge cases such as embedded scenarios where it is desirable to set up a hypervisor on servers with small amounts of storage such that disk space is at a absolute premium. Some of the other scenarios people have raised: Would require additional licensing in order to be properly licensed in the first place (using a 'spare' Hyper-V Server for failing over Windows Guest OSEs, for example). Have an equivalent option under existing Windows Server licensing (using Windows Server Core with the Hyper-V role) with no additional licensing costs. Are not covered under the existing terms for Hyper-V Server anyway (using the Hyper-V Server for purposes other than those permitted in the EULA - i.e. to provide hardware virtualization services and run software to manage and service operating system environments on the licensed server). It seems that Microsoft need to make Azure Stack HCI more palatable for enthusiasts, SMBs and nonprofits - or they need to work harder to advertise the option of the perpetual 'Windows Server' model for smaller deployments and nonprofits where the current Azure Stack HCI license model is just too expensive to make it worthwhile and they may feel forced to carry out an (in some cases entirely unnecessary) move to an alternative hypervisor.5KViews0likes0CommentsRe: Hyper-V Server 2022
Hi AdamB2395, As GlenBarney1 pointed out and you later realised I am not a Microsoft employee and am also unhappy with the change. I would also have to agree with GlenBarney1 that according to my understanding of Microsoft’s licensing terms, your current setup is not sufficiently licensed. However there should be a cheaper way to get yourself licensed other than purchasing Windows Server license(s) for the backup server (even on your current setup) - purchasing Software Assurance for the existing Windows Server license(s) for your primary server. This would also give you ‘Disaster Recover Rights’ which is I think what you want: ‘For each Instance of eligible server software Customer runs in a Physical OSE or Virtual OSE on a Licensed Server, it may temporarily run a backup Instance in a Physical OSE or Virtual OSE on either, another one of its Servers dedicated to disaster recovery, or, for Instances of eligible software other than Windows Server, on Microsoft Azure Services, provided the backup Instance is managed by Azure Site Recovery to Azure. The License Terms for the software and the following limitations apply to Customer’s use of the backup Instance...’ ‘Permitted Use of Backup Instances The backup Instance can run only during the following exception periods: For brief periods of disaster recovery testing within one week every 90 days; During a disaster, while the production Server being recovered is down; and Around the time of a disaster, for a brief period, to assist in the transfer between the primary production server and the disaster recovery Server.’ ’Additional Permitted Use of Windows Server Other than backup instances run on Microsoft Azure Services, Windows Server License is not required for the disaster recovery Server if the following conditions are met: The Hyper-V role within Windows Server is used to replicate Virtual OSEs from the production Server at a primary site to a disaster recovery Server. The disaster recovery Server may be used only to: run hardware virtualization software, such as Hyper-V, provide hardware virtualization services, run software agents to manage the hardware virtualization software, serve as a destination for replication, receive replicated Virtual OSEs, test failover, await failover of the Virtual OSEs, and run disaster recovery workloads as described above. The disaster recovery Server may not be used as a production Server.’ It is worth noting again that I think you need this coverage to do disaster recovery using a replication server even under your existing setup, or if you switch to another hypervisor. You aren’t licensed to fail over and then fail back again in a short period of time to a second server without the second server being covered under this right, or having licenses of its own. So for you the removal of the ‘free’ Hyper-V Server SKU hasn’t really put you in any of a different situation than you were before. Hope this helps you plan. https://www.microsoft.com/licensing/terms/product/SoftwareAssuranceBenefits/all5KViews0likes8Comments
Recent Blog Articles
No content to show