I’ve seen a few tweets and videos recently about using software to use a smartphone camera as a webcam. Why might you do that? Well, because many laptop webcams are a bit rubbish (like the one in my Apple MacBook) or poorly placed, giving an unflattering view from below.
Ultimately though, the Microsoft Surface Pro 6 that I use for work has a pretty decent webcam, and my Nokia 7 Plus was no better quality – all I was really gaining was a better camera position.
I do still have a challenge with lighting. My desk position means that I’m generally back-lit with a north-facing window to my left. Some fill-in light in front might help but I also wanted to adjust the settings on my webcam.
Microsoft Teams doesn’t let me do that – but the Camera app in Windows 10 does… as described at Ceofix, there is a “Pro mode” in the Windows 10 Camera app that allows the brightness to be adjusted. There are more options for still images (timer, zoom, white balance, sensitivity, shutter speed and brightness) but the brightness option for video let me tweak my settings a little.
The next challenge I had was with audio. Despite using the volume controls on the Surface Pro to knock the volume up to 100% whilst I was presenting over Teams earlier, everyone else on the call sounded very quiet. It turned out that 100% was not 100% – there is a Realtek Audio Console app on my PC which, as well as letting me adjust the speaker and microphone settings, including volume, balance, Dolby audio, sample rate and depth. Finding this revealed that my volume was actually no-where near 100% and I was quickly able to increase it to a level where I could hear my client and co-presenters!
Late in 2019, I got my hands on an Azure Sphere Starter Kit, which I’ve been intending to use for an IoT project, using some of the on-board sensors for temperature and potentially an external one for humidity…
Installing Visual Studio Code and the Azure Sphere SDK
Having obtained the kit, the next stop was Microsoft’s Getting Started with Azure Sphere page. I downloaded and installed Visual Studio Code (I don’t really need the whole Visual Studio 2019 application – though I later found that a lot of the advice on the Internet assumes that’s what you’re using…) and then immediately found that there are two versions of the Azure Sphere Software Development Kit (SDK). According to the Microsoft docs, either can be used with Visual Studio Code but I found the setup for the Azure Sphere SDK for Visual Studio failed when it can’t find Visual Studio (not really surprising) and so I used the Azure Sphere SDK for Windows.
Connecting the hardware
I plugged in the Avnet Azure Sphere Starter Kit, using the supplied USB cable, and watched as Windows installed drivers after which a virtual network interface was present and three COM ports appeared in Device Manager.
Setting up my dev environment
Installing Visual Studio Code and the Azure Sphere SDK was only the first part of getting ready to create code for the device. I needed to install the Azure Sphere extension (easily found in the Extensions Marketplace):
The Azure Sphere extension also installs two dependencies:
I also need to install CMake (in my case it was version 3.17.1). Not really knowing what I was doing, I followed the defaults but on reflection, I probably should have let CMake add its directory to the system %PATH% variable (I later uninstalled and reinstalled CMake to do this, but could just have added C:\Program Files\CMake\bin to the Path in the user environment variables).
The final installation was Ninja. Windows Defender SmartScreen blocked this app, but I was later able to work around that, by unblocking in the properties for ninja.exe:
I missed the point in the Microsoft documentation that said I needed to manually add Ninja to the %PATH% environment variable but I later went back and added the folder that I copied ninja.exe to (which, for me, was C:\Users\%username%\Tools).
After completing Multi-Factor Authentication (MFA) and confirming I wanted to allow Azure Sphere to use my account, I was logged in but with a warning that I don’t have access to any Azure Sphere tenants, so I created one:
azsphere tenant create --name "Mark Wilson"
Warning – more research required: I used a Microsoft Account, as per the Microsoft instructions, but am now concerned I should have used an Azure Active Directory (Organisational/Work or School) account (especially as Role Based Access Control is supported from Azure Sphere 19.10 onwards). As a device can only be claimed once and, once claimed, the device is permanently associated with the Azure Sphere tenant, I’m stuck with these settings now…
I then went ahead and claimed the device:
azsphere device claim
Connecting to Wi-Fi and updating the device operating system
I checked the current OS version on the device:
azsphere device show-deployment-status
As can be seen, not only is the OS out of date, but the device is not connected to a network, so I connected to Wi-Fi:
Now, with network connectivity in place, the device had a fighting chance of an OS update and according to the Microsoft documentation:
The Azure Sphere device checks for Azure Sphere OS and application updates each time it boots, when it initially connects to the internet, and at 24-hour intervals thereafter. If updates are available, download and installation could take as much as 15-20 minutes and might cause the device to restart.
I needed to use git to clone the Azure Sphere Samples Repo, so that meant installing git. Then, from the Terminal in Visual Studio Code, I ran git clone https://github.com/Azure/azure-sphere-samples.git.
I then opened the Samples\HelloWorld\HelloWorld_HighLevelApp folder in Visual Studio Code, ready to build and deploy the app.
Building and deploying the app
Having set up my dev environment, set up the device and downloaded some sample code, I followed the instructions in the Visual Studio Code Azure Sphere Extension to run the following in the Command Palette: Azure Sphere: Configure Settings (selecting High-Level Application) and CMake: Build.
I was then able to build and deploy the sample app to my Azure Sphere device, by starting a debug session (F5) .
and was rewarded with a blinking LED on the board!
I can also view the application status with azsphere device app show-status.
The next step is to get the app I really wanted to use working on the device, making use of some of the on-board sensors and then integrating this with some of the Azure services. I’m having trouble compiling that code at the moment, so that blog post may be a while longer…
For many organisations, particularly those at “enterprise” scale, Windows and Office have tended to be updated infrequently, usually as major projects with associated capital expenditure. Meanwhile, operational IT functions that manage “business as usual” often avoid change because that change brings risks around the introduction of new technology that may have consequential effects. This approach is becoming increasingly untenable in a world of regular updates to software sold on a subscription basis.
This post looks at the impact of regularly updating Windows and Office in an organisation and how we need to modify our approach to reflect the world of Windows as a Service and “evergreen” Office 365?
Why do we need to stay current?
A good question. After all, surely if Windows and Office are working as required then there’s no need to change anything, is there? Unfortunately, things aren’t that simple and there are benefits of remaining current for many business stakeholders:
For the CIO: improved management, performance, stability and support for the latest hardware.
For the CSO: enhanced security against modern threats and zero-day attacks.
For end users: access to the latest features and capabilities for better productivity and creativity.
Every Windows release evolves the operating system architecture to better defend against attacks – not just patching! And Windows and Office updates support new ways of working: inking, voice control, improved navigation, etc.
So, updates are good – right?
How often do I need to update?
We’re no longer in a world of 5+5 years (mainstream+extended) support. Microsoft has publicly stated its intention to ship two feature updates to Windows each year (in Spring and Autumn). The latest of these is Windows 10 1803 (also known as Redstone 4), which actually shipped in April. Expect the next one in/around September 2018 (1809). Internally to Microsoft, there are new builds daily; and even publicly there are “Insider” Preview builds for evaluation.
That means that we need to stop thinking about Windows feature updates as projects and start thinking about them as process – i.e. make updating Windows (and Office, and supporting infrastructure) part of the business as usual norm.
OK, but what if I don’t update?
Put simply, if you choose not to stay up-to-date, you’ll build up a problem for later. The point about having predictable releases is that it should help planning
But each release is only supported for 18 months. That means that you need to be thinking about getting users on n-2 releases updated before it gets too close to their end of support. Today, that means:
Running 1703, take action to update.
Running 1709, plan to update.
Running 1803, trailblazer!
We’re no longer looking at major updates every 3-5 years; instead an approach of continuous service improvement is required. This lessens the impact of each change.
So that’s Windows, what about Office?
For those using Office 365 ProPlus (i.e. licensing the latest versions of Office applications through an Office 365 subscription), Windows and Office updates are aligned (not to the day, but to the Spring and Autumn cadence):
So, keep Office updated in line with Windows and you should be in a good place. Build a process that gives confidence and trust to move the two at the same time… the traditional approach of deploying Windows and Office separately often comes down to testing and deployment processes.
What about my deployment tools? Will they support the latest updates?
According to Microsoft, there are more than 100 million devices managed with System Center Configuration Manager (SCCM) and SCCM also needs to be kept up-to-date to support upcoming releases.
SCCM releases are not every 6 months – they should be every 4 months or so – and the intention is to update SCCM to support the next version of Windows/Office ahead of when they become available:
Again, start to prepare as early as possible – and think of this as a process, not a project. Deploy first to a limited set of users, then push more broadly:
Why has Microsoft made us work this way?
The world has changed. With Office existing on multiple platforms and systems under constant threat of attack from those who wish to steal our data (and money) it’s become necessary to move from a major update every 3-5 years to a continuous plan to remain in shape and execute every few months – providing high levels of stability and access to the latest features/functionality.
Across Windows, Office, Azure and System Center Microsoft is continually improving security, reliability and performance whilst integrating cloud services to add functionality and to simplify the process of staying current.
How can I move from managing updates as a project to making it part of the process?
As mentioned previously, adopting Windows as a Service involves a cultural shift from periodic projects to a regular process.
Organisations need to be continually planning and preparing for the next update using Insider Preview to understand the impact of upcoming changes and the potential provided by new features, including any training needs.
Applications, devices and infrastructure can be tested using targeted pilot deployments and then, once the update is generally available and known to work in the environment, a broader deployment can be instigated:
Aim to deploy to users following the model below for each stage:
Plan and prepare: 1%.
Targeted deployment: 9%.
Broad deployment: 90%.
Remember, this is about feature updates, not a new version of Windows. The underlying architecture will evolve over time but Windows as a Service is about smaller, incremental change rather than the big step changes we’ve seen in the past.
But what about testing applications with each new release of Windows?
Of course, applications need to be tested against new releases – and there will be dependencies on support from other vendors too – but it’s important that the flow of releases should not be held up by application testing. If you test every application before updating Windows, it will be difficult to hit the rollout cadence. Instead, proactively assess which applications are used by the majority of users and address these first. Aim to move 80-90% of users to the latest release(s) and reactively address issues with the remaining apps (maybe using a succession of mini-pilots) but don’t stop the process because there are still a few apps to get ready!
You can also use alternative deployment methods (such as virtualised applications or published applications) to work around compatibility issues.
It’s worth noting that most Windows 7-compatible apps will be compatible with Windows 10. The same app development platform (UWP), driver servicing model, etc. are used. Some device drivers may not exist for Windows 10 but most do and availability through Windows Update has improved for drivers and firmware. BIOS support is getting better too.
In addition, there are around a million applications registered in the Ready For Windows database, which can be used for spot-checking ISVs’ Windows 10 support for each application and its prevalence in the wild.
New cloud-enabled capabilities to guide your Windows 10 deployment
Windows Analytics is a cloud-based set of services that collects information from within Windows and provides actionable information to proactively improve your Windows (and Office) environment.
Using Azure Log Analytics, Windows Analytics can advise on:
Readiness (Windows 10 Professional): planning and addressing actions for upgrade from Windows 7 and 8.1 as well as Windows 10 feature updates.
Compliance (Windows 10 Professional): for regular (monthly) updates.
Device health (Windows 10 Professional and Enterprise): assessing issues across estate (e.g. problematic device drivers).
OK, so I understand why I need to continuously update Windows, but how do I do it?
Microsoft recommends using a system of deployment rings (which might be implemented as groups in SCCM) to roll out to users in the 1% (Insider), 9% (Pilot) and 90% (Broad) deployments mentioned above. This approach allows for a consistent but controllable rollout.
Peer-to-peer download technologies are embedded in Windows that will minimise network usage and recent versions support express updates (only downloading deltas) whilst the impact on users can be minimised through scheduling.
When it comes to tools, there are a few options available:
Windows Update is the same service used by consumers to download updates at the rate governed by Microsoft.
Windows Update for Business is a version of Windows Update that allows an organisation to control their release schedule and set up deployment rings without any infrastructure.
Windows Software Update Services (WSUS) allows feature updates to be deployed when approved, and BranchCache can be used to minimise network impact.
Finally, SCCM can work with WSUS and offers Task Sequences, etc. to provide greater control over deployment.
What about the normal “Patch Tuesday” updates?
Twice-annual feature updates don’t replace the need to patch more regularly and Microsoft continues to release cumulative updates each month to resolve security and quality issues.
In effect, we should receive one feature update then five quality updates in each cycle:
Inspired by David Hughes (@DavidHughes) and Christian Payne (@Documentally), a few weeks ago, I ran a Twitter poll to see if anyone would be interested in a newsletter of some of the stuff I’ve been up to. The responses were mixed, but some went along the lines of “the email format doesn’t resonate with me” and “I like reading what you’ve been up to on your blog”. My blog has been falling by the wayside in recent months and I do want to write more, so I’ve decided to write a weekly (ish) newsletter here instead. In between, I’ll stick write the usual tech-inspired stuff but this will be more eclectic. Matt Ballantine (@ballantine70) does something similar with his weeknotes – but he must be incredibly disciplined to get them out every Friday. I spend Fridays trying to end my week.
So, here goes for issue 1. I’m still not sure what this thing should be called?
A week off
I’ve just had a week off work. I needed it. My previous blog post describes some of the challenges I’ve had lately and I really needed to decompress. After the initial weekend madness (just like every weekend), the first half of the week was spent at home, mostly sorting stuff out (more on that later), then a few days away with my family…
The weekend before…
My eldest son has started competing in the Central Cyclocross League and I’ve been joining in the novice races whilst he races in the Under 14s (both races take place on the same course at the same time).
I seriously considered not racing last week after a very hard practice lap but then my son instructed me to “put your numbers on and race your bike”. Oh, OK then!
I’m reasonably fit for long distance stuff (I recently completed the rather hilly inaugural Velo Birmingham 100 mile sportive) and my Caveman Conditioning (circuits) a couple of times a week help with general fitness but cyclocross is something else. Particularly when you’re using a mountain bike because your son is riding his CX bike (how inconsiderate!). I think it may be time for an n+1. Certainly if we do this again next season!
Unfortunately, being ignored in the LBS doesn’t leave a very good feeling. Being ignored on social media after sending the tweet even less so…
I don’t often wear a suit for work these days – but there are occasions where it’s still expected (first meetings, particular customers, etc.). I’ve been putting off buying a new suit for a while because a) there are two in the wardrobe that I really should slim down into b) I’d rather spend the money elsewhere. This week I gave in and bought something new.
I took one of my sons with me and he happily browsed the John Lewis technology department whilst I was suit shopping. He thinks I spent a lot of money though and suggested I get a blazer with some M&S trousers like his school uniform for a fraction of the price! Welcome to the world of work, son!
Whilst he was browsing the technology, I spotted this:
The Windows Premium collection appears to be Windows 10, running on a selection of higher-end PCs (Dell XPS 13, HP Spectre, etc.). First time I’d heard of it though…
I spent a good chunk of my week off working through an administration backlog at home. Ultimately that results in a lot of scanning (on my Canon ImageFormula P-215 desktop scanner), some shredding and a little bit of filing (for those few documents that I do retain in paper form).
Sure enough: open the PDF in MacOS Preview; delete the extra pages; save. Job done.
Karting, photography and train travel
My youngest son wanted to go to a friend’s go-karting party this week whilst my wife and eldest were heading down to Dorset for a few days. No problem, he could stay at home with me whilst I did some of my admin and then we’d follow on by train.
The karting inspired me to get my Nikon D700 out again. It may be big and heavy but I love the control of the DLSR experience and the results. I’ve tried some pro apps on my iPhone (like 645 Pro) but it’s just not the same!
Afterwards, the train journey to Dorset gave my son and I a mini-adventure (bus, train, tube, another train) to join the rest of the family – and with a Family and Friends railcard it was less than £30!
Last Friday was a gorgeous day – almost no wind and bright sunshine didn’t seem like late-October! My family took the chance to go for a walk along the South West Coastal Path from Swanage to Studland (for a pub lunch).
I was walking out on one of the groynes to take a picture of the boys, when I found that walking boot soles have almost no grip once they meet wet wood and, faced with the choice of falling face-first (or probably chest-first) onto a large wooden beam or throwing myself towards the sea, I chose the latter… managing to twist my ankle on the way, and then realising that my wallet and my iPhone were in my pockets.
I’m hoping that the phone will be covered on the household building and contents insurance – we have accidental damage cover and I’ll be making that call tomorrow… otherwise I could be getting an iPhone 8+ sooner than planned!
In the meantime, I’ve found out a lot about the water resistance of various Apple products:
My son fancied having a go on my Tacx Vortex trainer today, so we tried to get it working with Zwift for him.
Normally, I use the iOS app on my iPhone but, as that’s still drying out, it wasn’t an option. Zwift is currently available for Windows, MacOS and iOS but not (yet) Android so we went back to my original Windows PC-based setup with Zwift Mobile Link as a Bluetooth bridge. After spending a lot of time trying to get it working this afternoon with my son’s Android phone, it seems that I may need to update the firmware on my trainer for it to be recognised as a controllable trainer via the Android version of Zwift Mobile Link and Bluetooth LE (currently they only see it as a power meter and cadence sensor).
That’s about it for this week… let me know what you think of the whatever-this-is (newsletter? blog post? something else?) and I’ll think about writing another one next week.
On a recent consulting gig, I found myself advising a customer who was keen to deploy Microsoft DirectAccess (DA) in place of their legacy virtual private network (VPN) solution. As a DirectAccess user (who used Cisco AnyConnect VPN at my last place of work), I have to say the convenience of being always connected to the company network without any interaction on my part is awesome. I’m sure the IT guys like that they can always access my PC for management purposes too…
Now for the question of whether to use DA or a traditional VPN. Well, Microsoft MVP Richard Hicks (@RichardHicks) has written a fantastic blog post that goes through this in detail. Rather than paraphrasing, I’ll suggest that you go and read Richard’s post on DirectAccess vs. VPN.
Great response there from Richard, and then my colleague Steve Harwood (@steveeh) joined in, advising that Auto VPN still requires a VPN profile and infrastructure but gets initiated through either a Universal Windows Platform (UWP) or desktop app being started or stopped, meanwhile DirectAccess has other benefits from being always-on avoiding the need to expose management/compliance systems publicly.
So if the question is “should you deploy DirectAccess?”, the answer is “maybe”. It’s a Windows Enterprise-only solution but, if you have other clients in your enterprise, you might want to consider alternatives instead of or alongside DA.
“More than 63% of all network intrusions are due to compromised user credentials” [Microsoft]
The effects of cybercrime are tremendous, impacting a company’s financial standing, reputation and ultimately its ability to provide security of employment to its staff. Nevertheless, organisations can protect themselves. Mitigating the risks of cyber-attack can be achieved by applying people, process and technology to reduce the possibility of attack.
Fellow risual architect Tim Siddle (@tim_siddle) and I have published a white paper that looks at how Microsoft technology can be used to secure the modern productive enterprise. The tools we describe are part of Office 365, Enterprise Mobility + Security, or enterprise editions of Windows 10. Together they can replace many point solutions and provide a holistic view, drawing on Microsoft’s massive intelligent security graph.
One of my customers contacted me recently to ask about a challenge they had seen with Windows 10. After blocking untrusted fonts in Windows 10, they noticed that parts of the Office 365 portal were missing icons.
The issue is that Office 365 uses a font to display icons/glyphs (to improve the experience when scaling to adapt to different screen sizes). It appears some browsers are unable to display the embedded fonts when they are untrusted – including Internet Explorer according to one blog post that my colleague Gavin Morrison (@GavinMorrison) found – apparently Edge has no such issues (though I can think of many more issues that it does have…) – Chrome also seemed to work for me.
“Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.”
So, that appears to be the issue. What’s the fix?
It seems there are two workarounds – one includes excluding processes from the font blocking (but it’s no good excluding a browser – as the most likely attack vector for a malicious font would be via a website!) and the other includes installing the problematic font to %windir%\Fonts.
One of the locations that Thomas highlights is https://outlook.office365.com/owa/prem/16.0.772.13/resources/styles/fonts/office365icons.ttf but that results in an HTTP Error 404 now (not found). So I opened the Office 365 portal in my browser and started the Debugger. Then, I found the following line of code that gave me a clue:
I used that base location (up to and including the version number) with the tail end of the URI that Thomas had provided and was pleased to find that https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/styles/fonts/office365icons.ttf got me to an installable TrueType font file for the Office 365 fonts on Windows.
I expect the location to change again as the version number is updated but the method of tracking down the file should be repeatable.
Testing my theory
Testing on one of my PCs with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions set to 0x1000000000000 resulted in Internet Explorer loading the Office 365 portal without icons and Event ID 260 recorded in the Microsoft-Windows-Win32k/Operational log:
C:\Program Files (x86)\Internet Explorer\iexplore.exe attempted loading a font that is restricted by font loading policy. FontType: Memory FontPath:
After installing the Office 365 icons font (office365icons.ttf) and refreshing the page, I was able to view the icons:
Uninstalling the font locally and refreshing once more took me back to missing icons.
I then tidied up by setting the MitigationOptions registry key to 0x2000000000000 and restarting the PC, before removing the registry entry completely.
A collection of short posts that don’t justify their own blog post!
Fixing super-sized Windows desktop icons
Mostly, I don’t get on with track pads – there’s just something about them that I find awkward and before I know it the cursor is shooting off somewhere that I don’t want it to be, icons are being resized, or something equally annoying.
I recently found myself in a situation where an errant trackpad response to my hot hands hovering over it whilst typing had left me with super-sized desktop icons but I couldn’t work out how/why. Luckily this Lifehacker article helped me put things right – a simple Ctrl + mouse scroll got my icons back to the size they should be…
LastPass Multifactor Authentication
For many years, I’ve used LastPass as my Password Manager. I don’t normally reuse passwords and have gradually been increasing the complexity of my passwords but these days I don’t know the password for the majority of the sites I visit – LastPass fills it in for me. The one weakness in all of this though is my master password for LastPass. It’s a long and secure passphrase but what if it was compromised? Well, now I have multifactor authentication enabled for LastPass too. It’s really simple to set up (just a couple of minutes) and options include Google Authenticator as well as LastPass’ own Authenticator app.
MTP not working on Windows 10 anniversary update (1607)
My son has an Elephone P9000 smartphone, running Android Marshmallow. He was struggling to get it working with our family PC to import his pictures until I found this forum post that explains the process. It seems that, on the Windows 10 Anniversary Update (1607), the Media Transfer Protocol (MTP) driver needs to be manually installed:
Go to C:\Windows\INF
Type “wpdmtp.inf” in search bar provided to the right of the address bar in Windows.
Once you found it, just right click on it and select install. It will take a very few seconds.
I’m not massively into collecting and curating digital video content – I have some family movies, and I stream content from BBC iPlayer, Amazon Video, etc. – pretty normal stuff. Even so, there are times that I think I could use the tech available to me in a better way – and there are times when I find I can do something that I didn’t previously know about!
Today was one of those days, whilst I was studying for an exam and I wanted to watch some videos. I wanted to be able to watch the videos in the comfort of my living room instead of on a PC and I was sure there must be a way. I had copies on my Synology NAS but, somewhat frustratingly, the Plex media server wasn’t picking them up (and I wanted to be watching the videos, not playing with Plex!).
Then, when I right-clicked on a video file in Windows Explorer, I spotted an option to “Cast to Device” which included options for my Samsung TV and also my Bose speakers – though I think the choices will depend on the Digital Living Network Alliance (DLNA) devices that are available on the local network. I selected the TV and found I could create a playlist of videos to watch in the comfort of my sofa – and, even better, the TV remote can be used to pause/resume playback (the PC was in a different room).
Now I’m studying in comfort (well, maybe not – I gave up the sofa and lay on the floor with another PC to take notes!) and streaming media across the home network using Windows and DLNA.