The US Central Marketing Organization (USCMO) here at Microsoft is putting on a new and improved webcast and I wanted to put them up for those who wish to view them.  Each webcast will stream live with interactive Q&A and will be made available on demand.  These webcasts run for about 30-60 minutes.  Please feel free to register at any time.

Protect Your Business Against Online Fraud
http://aka.ms/protectblog
January 20, 2015
In recent years the online fraud epidemic has become a reality.  Is your business secure?

Social in the Enterprise
http://aka.ms/enterpriseblog
January 21, 2015
FOX Business Network anchor Maria Bartiromo, the first journalist ever to report live from the floor of the NY Stock Exchange, shares why a good social strategy is crucial. Social networking expert and best-selling author Gary Vaynerchuk shares the secrets to social success in the enterprise. Charlene Li, renowned author and leadership and social consultant, provides concrete recommendations for how organizations can build effective networks to become leaders in the digital era. Andy Sernovitz, leader of the word of mouth movement, explains how building internal communities increases productivity and effectiveness. And host Alex Bradley, Microsoft Office, presents new, innovative social solutions. 

Windows Server 2003 Migration: Hardware Modernization
http://aka.ms/WS03blog
January 22, 2015
With the Pending End of Support in July 2015, organizations must understand their rationale for migration from WS03.  This is not just a support issue but importantly an opportunity to enlist the power and flexibility of modern infrastructures running platforms like Windows Server 2012 and Azure.  Migrating simply sets your infrastructure up to harness you Enterprise Cloud strategy both on and off premise.  You want to make sure that you hardware keeps pace with these dynamic technologies.  This webcast covers some of the most important aspects of upgrading the workloads on modern hardware.

It’s a New Year, Be Ready to Adapt
http://aka.ms/adaptblog
January 22, 2015
It’s a new year, be ready to adapt. Every New Year brings both the promise and the challenge of a quickly changing business environment. Staying ahead of the curve! Whether it’s your customers’ needs, security risks or compliance that require instant access to the data that will support good decisions.

HIPAA Compliant Cloud Solutions with Microsoft BAA
http://aka.ms/BAAblog
January 23, 2015
Join us for this important webcast on January 23rd at 11:00AM PST to learn about Microsoft’s HIPAA Business Associate Agreement (BAA). This discussion will help you to better understand how healthcare organizations with a Microsoft BAA can move toward a contemporary plan for using Microsoft’s cloud services. This webcast will show how the Microsoft BAA provides healthcare organizations with the opportunity to use cloud solutions to improve patient outcomes while maintaining compliance with the privacy and security regulations that are outlined in HIPAA.

Announcing the Enterprise Cloud Suite
http://aka.ms/suiteblog
January 26, 2015
With Enterprise Cloud Suite (ECS), Microsoft is now able to offer a comprehensive solution to customers that provides:
• End-to-End Productivity: provide users with tools to collaborate and stay in sync anytime, anywhere
• Data Protection: enable strong authentication, encryption and access controls across devices
• Device Management: manage devices and applications across PCs, smartphones and tablets
• Unified IT environment: leverage existing investments for identity and device management across on-premises software and cloud services
• Pricing: ECS provides the best pricing through built-in suite discounts vs. buying components separately

Get a fresh start in 2015 with new Windows devices
http://aka.ms/windeviceblog
January 28, 2015
Celebrate the New Year and get more productive in 2015 with the latest technology powered by Windows 8.1. Whether you’re looking for laptops, 2-in-1 devices, or tablets, there is definitely a lot to choose from. Join us on January 28th to check out a broad range of Windows 8.1 devices and special offers. In the meantime, visit the Windows for Business (http://www.microsoft.com/en-us/windows/enterprise/default.aspx) website to stay up to date!

Need fast AND affordable? Why not try SQL Server?
http://aka.ms/SQLserverblog
January 29, 2015
Why did RSI Retail Solutions, Lifetime Products, and Havas Media migrate to SQL Server? SQL Server runs mission critical workloads, provides top-of-the-line security features, and enables customers to leverage existing assets and knowledge base – without costing a fortune. By switching or adding new workloads to SQL Server 2014, you can improve your data platform performance and your bottom line on your terms.  Join Marcello Benati, Microsoft Solution Specialist, to learn how to easily migrate existing and new mission-critical workloads to SQL Server 2014.

Mobile Productivity in the Modern Workplace
http://aka.ms/mobileblog
February 4, 2015
Mobility is changing our personal and professional lives.  People are bringing their personal devices and apps to work. Employees expect more dynamic work environments to take advantage of mobile capabilities and work from anywhere. Apps, including productivity tools, need to work well on mobile devices and in the business scenarios these devices are used. To get work done from anywhere, mobile devices with basic services, like email, aren’t enough. In this webcast you will learn how Microsoft provides the richest productivity solution across any device, for any type of worker, in a secure, enterprise-grade way.

Windows Server 2003: Most Common Application Migration Concerns
http://aka.ms/commonblog
February 5, 2015
Build your migration plan - do it yourself, collaboration with a partner, or use a service.  Find out about your options whether moving your applications to the cloud or keeping in your infrastructure. 

Enabling Customer Insights Using Business Analytics
http://aka.ms/customerblog
February 12, 2015
Business analytics is about capturing that information in real-time and empowering people to put it to use, by combining data in new ways, to generate new insights. Hear from Pier 1 on how they use business analytics to drive their business.

Windows Server 2003: Security Risk and Remediation
http://aka.ms/remeblog
February 18, 2015
With Windows Server 2003 support ending on July 14, 2015,  many organizations find themselves in the situation where legacy, mission critical workloads and applications are running on a soon to be unsupported platform. Some organizations may be considering alternate security strategies – like ring-fencing their existing Windows Server 2003 servers –as a way to delay migration. This webinar examines the viability of common risk remediation tactics for Windows Server 2003-- and makes the case for migration is ultimately the best option.

The Connected Workforce
http://aka.ms/connectedblog
February 18, 2015
The world has become a giant network, with people connecting in new ways using social and mobile technologies. Has your company adapted to this networked world? By delivering seamless social experiences across familiar work applications on an enterprise-grade platform, Microsoft helps over 400,000 companies worldwide engage, inform and connect employees. During this webcast you will learn how Microsoft can help your company connect, inform, and engage employees using enterprise social technologies.

Hello, my name is Mayank Sharma and I am a Technical Advisor here at Microsoft. In this blog, I will discuss FIPS compliance with Bitlocker. Microsoft's solution for completely encrypting data inside laptops, desktops and removable drives. So let’s get started...

FIPS stands for Federal Information Processing Standard and is United States Government standards that provide a benchmark for implementing cryptographic software. It basically means that if a software is approved by one of the labs that do the testing for FIPS compliance, the software meets the government standard for cryptography. Thus can be commonly used by US Federal government and organizations around the world. There is a lot that can be written about FIPS. Better I route you to the following link:

FIPS Compliance
http://technet.microsoft.com/en-us/library/cc180745.aspx

To enable FIPS on a computer, i.e. tell it you have to be complaint with the government policies, we need to alter the following group policy

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

The name of the policy is following:

System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing

Now that we know what FIPS is and what it does, let’s focus our attention back on Bitlocker, Microsoft’s security solution for protecting data across laptops and desktops. Bitlocker uses multifactor authentication to ensure Bitlocker encrypted drive(s) will always remain in good hands. To accomplish this task, it uses multiple protectors to protect a volume. While some are ‘primary’ protectors which will be used most of the times, namely TPM, TPM and PIN, Password etc., some will be used when Bitlocker senses something has changed and goes in a lockdown mode. During a lockdown mode, it will ask user to prove that user is genuine. Examples of protectors include recovery password, recovery key, Data recovery agent, etc.

Now here comes the tricky part. Whether or not Bitlocker is FIPS complaint is decided by if one of the cryptographic keys that protector is using is indeed FIPS compliant. Password protectors for the operating system drive/fixed data drive are not complaint with FIPS specification, so does the recovery password until Windows 8.  The below article discusses this in more detail:

The recovery password for Windows BitLocker is not available when FIPS
compliant policy is set in Windows Vista, Windows Server 2008, Windows 7
and Windows Server 2008 R2
http://support.microsoft.com/kb/947249

Let’s say there is a ‘happy go lucky’ organization that uses TPM+PIN protectors to authenticate the OS drive of user’s laptop running Windows 7 and storing recovery passwords in MBAM database. If a user gets locked out, Helpdesk will provide the information of recovery password to the user to unlock the machine. This is the happy ending of the story until one day FIPS were to be mandatorily implemented.

a. Will this happy go lucky Organization be FIPS complaint? No, as it is using recovery password as a protector which is not FIPS complaint.
b. Does this means while infrastructure needs to be rebuilt from scratch? Of course not!

Steps to make this environment FIPS complaint;

Step 1:

We need to get rid of the recovery password which is making the infrastructure non FIPS complaint. First thing would be to delete the associated recovery password with this Windows 7 machine. Run the following from an elevated command prompt:

manage-bde -protectors -get c:

This lists all the protectors

Volume C: [OSDisk]
All Key Protectors

    TPM And PIN:
      ID: {161941A3-8CB3-439C-8FC6-1642D0C97C8D}
      PCR Validation Profile:
        0, 2, 4, 11

    Numerical Password:
      ID: {C6DF1E74-467F-4BE8-9C59-C9A9F345B9A0}
      Password:
        017666-710820-610731-029986-330385-020009-303017-612733

Note the ID of the Numerical password protector and to delete it run the following command:

manage-bde -protectors -delete c: -id {C6DF1E74-467F-4BE8-9C59-C9A9F345B9A0}

This will delete the recovery password protector.

Step 2:

Now, imagine if the user forgot the PIN or because of any other reasons gets locked out. We should need to have a way to break back into machine. So we need to add some protectors that will help us in lockdown situations. Fortunately, we still have a choice to make here. We can add any of the two protectors which are FIPS compliant.

a. Data recovery agent

How to use Bitlocker Data Recovery Agent to unlock Bitlocker Protected Drives
http://blogs.technet.com/b/askcore/archive/2010/10/11/how-to-use-bitlocker-data-recovery-agent-to-unlock-bitlocker-protected-drives.aspx

b. Add a recovery key to the volume, this is as simple as running the command where e: is the destination drive where you want to store the .BEK file.

manage-bde -protectors -add c: -rk e:

Just save this file in a safe place.  If a machine gets locks out, copy it over to a USB drive.  More information can be found  here:

What is a BitLocker recovery key?
http://Windows.microsoft.com/en-in/Windows7/what-is-a-bitlocker-recovery-key

Step 3:

Though not mandatory, once we will enable the group policy for FIPS, it will not allow creation of FIPS. We can additionally disable the creation of any more recovery passwords. Just disable the policy like I did below under Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption.

As "Password" is not a FIPS complaint protectors, you cannot use it with fixed data drive either. We can either use a smart card protector or a DRA… And happy go lucky should be happy again!

As stated above, this is specifically meant for Windows 7/Vista and Windows Server 2008/2008R2. Had the company been proactive in moving along to a newer version of Windows (i.e. Windows 8/8.1, Windows Server 2012/2012R2), it would not have any effect on them. The recovery password is FIPS compliant for Windows 8 and above operating systems.

So this is pretty much it. Keep your machines encrypted until next time.

I thank Himanshu Singh for taking time out to go through this blog.

Mayank Sharma
Technical Advisor
Windows Deployment Services

Hi my name is Scott McArthur and I want to call out a recently published KB article:

Surface Pro 3 doesn't hibernate after four hours in connected standby
http://support2.microsoft.com/kb/2998588

If you are deploying an image to Surface Pro 3, you are missing out on the feature where after 4 hours in Connected Standby the device will hibernate. This is a key feature related to battery life so I would recommend that all Enterprise customers install KB2955769 and incorporate these PowerCfg commands into your deployment.

If you use Microsoft Deployment Toolkit 2013 for your deployments this is super easy. Here are the steps

1. Under Packages, import KB2955769

2. Create PowerCfg_Sp3.batthat contains the following commands:

REM sets CS battery saver time-out to four hours:
powercfg /setdcvalueindex SCHEME_CURRENT e73a048d-bf27-4f12-9731-8b2076e8891f 7398e821-3937-4469-b07b-33eb785aaca1 14400
powercfg /setacvalueindex SCHEME_CURRENT e73a048d-bf27-4f12-9731-8b2076e8891f 7398e821-3937-4469-b07b-33eb785aaca1 14400

REM sets CS battery saver trip point to 100:
powercfg /setdcvalueindex SCHEME_CURRENT e73a048d-bf27-4f12-9731-8b2076e8891f 1e133d45-a325-48da-8769-14ae6dc1170b 100
powercfg /setacvalueindex SCHEME_CURRENT e73a048d-bf27-4f12-9731-8b2076e8891f 1e133d45-a325-48da-8769-14ae6dc1170b 100

REM sets the CS battery saver action to hibernate:
powercfg /setdcvalueindex SCHEME_CURRENT e73a048d-bf27-4f12-9731-8b2076e8891f c10ce532-2eb1-4b3c-b3fe-374623cdcf07 001
powercfg /setacvalueindex SCHEME_CURRENT e73a048d-bf27-4f12-9731-8b2076e8891f c10ce532-2eb1-4b3c-b3fe-374623cdcf07 001

powercfg /setactive SCHEME_CURRENT

3. Save PowerCfg_Sp3.bat to your Deploymentshare\Scriptsfolder

4. Open up the task sequence you use to deploy Windows and add a custom task in the state restore phase called PowerCfg-SP3

5. In the properties of this task sequence step, edit the following:

6. Click the Options tab and add conditional for “Task Sequence variable model equals Surface Pro 3”

Note:This ensures this only runs on Surface Pro 3 devices using the model variable

Hope this helps with your Surface deployments and keep eye on this blog for more tips and tricks for Surface

Scott McArthur
Senior Support Escalation Engineer

This is a cross post from William Keener’s Support Diagnostics and Automated Solutions blog that we wanted to add to our site.  It relates to Bing and instant answers about Microsoft Products/Technologies/Support issues and here on the AskCore site, we are all about getting this type of information out there.  Any comments made should be made on the originating post so it can be properly seen, heard, or answered.

-------------------------------------------------------------

Using Bing for technical instant answers and automated solutions
http://blogs.msdn.com/b/williamk/archive/2014/10/31/using-bing-for-technical-instant-answers-and-automated-solutions.aspx

Bing has been providing factual instant answers (and translation instant answers) for some time now, but recently they added "technical" instant answers for questions about Microsoft products and technologies or technical support issues. My previous team built the content management system that our internal content delivery teams are now using to add technical instant answers to Bing. Here's an example technical instant answer for the "Cortana" search term: 

Now that I'm working on support diagnostics and automated solutions again, I have been working with the Bing and content delivery teams to get some instant answers created with links to some of our automated solutions.

And I'm happy to announce that the first one is live! So you can now search for "Windows Update Troubleshooter" (or a variety of related terms and error messages) and the first result will be a technical instant answer with a link to download and run our automated troubleshooter to fix problems with Windows Update.

When you click the link in step 3, you will be prompted to open (or run) or save the troubleshooter.

Just click Open (or Run) to launch the troubleshooter.

The content delivery teams will be constantly adding more technical instant answers, and we hope to have more live with automated solutions soon!

Note that technical instant answers are also available in the Bing app on Windows Phone. To see the phone experience, tap Search and then type or say "cortana" on your Windows Phone. Then click the "See More" link at the bottom of the second result (after the ad - "Meet Cortana on Windows Phone 8.1") and swipe left or right to view the content on each of the tabs.