Windows Server

Noticed a new button in taskbar: "focus", it opens this. Have they invented something new about clocks or why does it demand an update? Windows 11 is a joke. View the full article

Microsoft Defender for IoT has released the March 2025 Threat Intelligence package. The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file). Threat Intelligence updates reflect the combined impact of proprietary research and threat intelligence carried out by Microsoft security teams. Each package contains the latest CVEs (Common Vulnerabilities and Exposures), IOCs (Indicators of Compromise), and other indicators applicable to IoT/ICS/OT networks (published during the past month) researched and implemented by Microsoft Threat Intelligence Research - CPS. The CVE scores are aligned with the National Vulnerability Database (NVD). Starting with the August 2023 threat intelligence updates, CVSSv3 scores are shown if they are relevant; otherwise the CVSSv2 scores are shown. Guidance Customers are recommended to update their systems with the latest TI package in order to detect potential exposure risks and vulnerabilities in their networks and on their devices. Threat Intelligence packages are updated every month with the most up-to-date security information available, ensuring that Microsoft Defender for IoT can identify malicious actors and behaviors on devices. Update your system with the latest TI package The package is available for download from the Microsoft Defender for IoT portal (click Updates, then Download file), for more information, please review Update threat intelligence data | Microsoft Docs. MD5 Hash: 3b0522536f51a13701f172a5d2c435d5 For cloud connected sensors, Microsoft Defender for IoT can automatically update new threat intelligence packages following their release, click here for more information. View the full article

After a few minutes (can be instantly) windows will completely freeze and on occasion restart, but still frozen, requiring a shut down. View the full article

When i turn my PC on, I get a black screen and a spinning cursor. I have turned my computer off and on over 20 times now. I have tried to uninstall latest quality update and latest feature update in advanced options but still doesn't work. I have tried system restore and thay didn't work either. I have enabled safe mode but I run into a blue screen saying we encountered a problem. Tried to go into BIOS but not sure what to do there. I am lost on what to try next. I did download the latest nvidias graphics card driver or something like that the night before and it was fine and then this morning when I opened my computer I now can't get in. View the full article

Hi all, My dad has dozen of DVD movies and personal videos. Some of them already got scratched heavily. Fortunately, they are still working when connected to a DVD player. My dad asks me to take a backup of the DVDs on a digital storage on a computer or external hard drive. I tried the built-in Windows Media Player but it won't allow me ripping the DVD discs. Can some one recommend the best dvd ripping software that still works in 2025 on Windows 11? It seems most of the free ones no long work and no update for years. Thank you View the full article

i've noticed my windows setup looks a little different than what is shown in google images. i've confirmed my personalisation settings are ok. is there something i am missing? View the full article

Hi, We're using the latest version of Entra Connect. Is it common for it to do an Auto Update check every night? Lately we have got an alert that the sync service is down and then it recovers. The emails are 30 mins apart which I think is the default check time? It seems to do an AutoUpdate check and then the sync service will briefly stop, we get these errors and then it recovers. Azure AD Connect Upgrade - 904 Password Reset Services - 31034 It does seem to fix itself so more of an annoyance, but still curious if it is meant to check every night? View the full article

Today I am pleased to announce that we have enabled Windows 365 in Spain and Mexico. You can now deploy your Cloud PCs into Spain, in the Spain Central region and in Mexico, in the Mexico Central region. Within a provisioning policy if you select the European Union geography, you can then select Spain Central. This increases the number of regions available in the European Union region grouping to six. The Mexico Central region is available from within the new Mexico Geography. Whilst you can select each region specifically we always recommend you select the “Automatic” option to take advantage of more of the benefits the SaaS nature of Windows 365 provides now and in the future. Spain Central: Mexico Central: In the future we will be making some exciting improvements to the provisioning of Cloud PCs by simplifying the region and network selection within your provisioning policies. This expansion increases the number of Azure geographies that Windows 365 supports, giving you more choices for locating your Cloud PCs. This means you can place them closer to your user estate, reducing latency for users in these locations. We are committed to providing more choice and flexibility for your Cloud PCs by enabling new Azure regions over the coming years. This ongoing expansion demonstrates our dedication to evolving the service into a truly global service by growing into existing and new Azure geographies, ensuring you can provide the best service to your organization. Stay tuned for more updates as we continue to enhance Windows 365 and bring it to more locations worldwide. View the full article

I need help. Thanks. View the full article

Hello everyone! I'm new to this and recently tried to download an online video, but the 4K Video Downloader recommended by the search engine doesn't work at all on my computer. Whether it's installing or clicking the download button, the software interface flashes back or is unresponsive. My system is Windows 11 24H2 with the latest graphics drivers and Python environment installed. Anyone with similar experience? Or know of any alternative tools to recommend if 4k video downloader not working? Problem details and solutions tried. The software says “Unable to resolve video URL” or “Network connection failed”, but the web video plays normally;Browser ad blocker is turned off, try another browser (Chrome/Firefox);Reinstall the software and check “Disable all plug-ins”, but the problem persists;Checked the system log and found the error code: XXX (if I remember).Is it possible that the site's anti-downloading mechanism is causing the problem? Or does it require a specific configuration? I'm asking for your guidance! View the full article

Hey all, long-time lurker searching these threads for tech advice, now I need some more direct help! I have an incredibly slow Windows 11 bootup: 100-200 seconds on average for a Windows boot, plus 150-300 seconds for desktop. Has been getting steadily worse over the last couple of years and now it's pretty unbearable. View the full article

It's a simple concept, but 1 month using Windows 11 was enough to get this idea. As 11 is still a transition from what we had in Windows 10 to something more modern, a lot of old, classic or 'legacy' things ended up being hidden, taking twice as much work to access. And since I like the design of the new menu but miss the amount of items from the old menu, this might be a good interim solution. View the full article

I want to uninstall bing through the registry. One method shows that a key for explorer is needed in the path. Another shows that that a key for share is needed. What is the safe way to create these ? View the full article

On the lower left, can I remove the duplicate one, right below the separator? And ‘Devices and drives’ text, just give me a clean Local Disk look. View the full article

Pretty Odd Question But I Am Currently Stuck Without A Mouse For About 3 Quarters Of The Day Except At Night And The Keyboard I Bought Abt Half A Year Ago Has Number-pads Sold Separately. I Have Only Been Left With The Page Up/Down, End And Delete Key Along With The Usual Arrow Keys. View the full article

Exchange Online is imposing a new tenant-wide limit of 3,000 Dynamic Distribution Groups. Few tenants might be affected, but the question might be asked why Microsoft is limiting DDGs at this point. Is it a cunning plan to prompt people to use dynamic Microsoft 365 groups instead? Or are some tenants abusing DDGs in weird and wonderful ways? Who knows, but the limit applies from early April 2025. https://office365itpros.com/2025/03/10/dynamic-distribution-groups-limit/ View the full article

I am a newbie guitarist who has just started to learn fingerpicking skills systematically following a quality tutorial author on YouTube recently. Due to the unstable network, I often miss the live lessons. After communicating with the author himself, I have obtained his written authorization to allow the download of the relevant instructional videos. However, I am not familiar with the official YouTube download mechanism, and I don't know how to preserve the sound quality and subtitles of the videos. I would like to ask for the following help. Please recommended reliable and safe youtube to mp4 converter that works on Windows 11/10 PC. And what are the precautions for maintaining video picture/sound quality after download I look forward to your detailed guidance! If it's convenient, please share the specific software name and configuration parameters in a private message. Thanks in advance! View the full article

I operate a business that mostly depends on design by simulation relying on constant operation at very high CPU utilization of big multi-core PC's. And because of the high utilization, I seem to kill them on a fairly routine basis, 3 Dell 7820 Xeon Gold's in the last two years, which is worse than average, I probably kill one on average every 2nd year. We can talk about what's dying separately, it doesn't matter here, the issue at hand is DOWN TIME. View the full article

If you create a Notepad file which starts with .LOG, every time you launch it, it will log the current timestamp. View the full article

Simple scenario: VM --> vNIC --> vSwitch (external) --> physNIC --> physSwitch The vNIC assigned to the VM has MAC address aa:aa:aa:aa:aa:aa, the physical NIC (physNIC; the vSwitch of type external is connected to it) has bb:bb:bb:bb:bb:bb. What mechanism ensures that when the VM sends a network packet to the external network (the physical network connected to the physical switch physSwitch), the MAC address of its vNIC (aa:aa:aa:aa:aa:aa) is used, and not the MAC address of the physNIC (bb:bb:bb:bb:bb:bb)? In other words: what makes physSwitch "see" aa:aa:aa:aa:aa:aa when the VM communicates to an external endpoint? View the full article

Model Mondays is an intiative to help you build your knowledge of generative AI models through 5-minute news recaps and 15-minute model spotlights each week. Register and watch the livestream each Monday at 1:30pm ET https://aka.ms/model-mondays/rsvp Join the conversation on Discord each Friday at 1:30pm ET https://aka.ms/model-mondays/chat Catch up with replays, resources and more at any time on GitHub https://aka.ms/model-mondays The generative AI model landscape is getting increasingly crowded. It feels like there are new models being released daily, even before we've had time to understand what the existing set of models can do for us. There are over 1800 models today on the Azure AI Foundry model catalog - and over 1 million community-created model variants on the Hugging Face model hub. How do we deal with information overload, and combat decision fatigue in making model choices? This is where we hope Model Mondays can help! What are Model Mondays? Model Mondays is an 8-week power series where we cut through the noise and shine the spotlight on the most relevant models with the help of expert speakers and hands-on demos. Every Monday at 1:30pm ET we'll host a 30-minute livestream with a 5-min roundup of key news items from the previous week, followed by a 15-minute deep dive into a specific model or class of models. Register for the the next episode here. Have questions or want to share your own experiences or insights with those models? Join our #model-mondays channel on Discord where we will continue these conversations, wrapping up each week with a watercooler chat every Friday at 1:30pm ET. This is beginner-friendly and judgement-free zone where you can bring your questions or participate in show-and-tell demos! It's a chance for us to learn from each other and build on our collective knowledge. Join the #model-mondays channeon on Discord here What does the Spotlight cover? Generative AI models are rapidly expanding in scope not just in terms of model providers, but in terms of domain-specific tasks or model-related tooling to support efficient AI customization. The spotlight segment give you a 15-minute hands-on look at a specific model or class of models - helping you understand what it does, how it works, and when it is suitable for use. Our first season (8 episodes) will focus on model categories like reasoning models, visual generative AI, search & retrieval models, synthetic data generation models, forecasting models and more. We also look at model-driven tooling or open-source software that streamlines processes like fine-tuning, composability, testing and more. Our kickoff episode on March 10 will put the spotlight on the GitHub Model Marketplace and give you a chance to explore some of these models hands-on, with just a GitHub account. Along the way, you'll get to learn about some of the valuable features (like the prompt editor, model comparisons, and built-in code samples) that will get you from prompt to prototype within just a few minutes of exploration. What does the Roundup cover? The roundup segment provides a 5-minute news recap of key announcements from the previous week. Think of this as a "5 things to know" segment where you get a chance to learn about a new model or capability that is now available to you on the Azure AI Foundry model catalog. But wait, there's more. The Model Mondays Repo will have a dedicated page for each week's episode where we will collect a lot more links for all the interesting news and content that we heard about in the previous week, in the broader model ecosystem. We welcome your contributions. If you have a news item or project to share, let us know on Discord or add it to the relevant episode-specific issue in our repository. We'll review it and add it to the list if it meets the episode context. Be a part of the conversation! Watch Live on Microsoft Reactor – RSVP Now Join the AI community – Discord Office Hours every Friday – Join Here Get exclusive resources – Explore the GitHub Repo Don't fall behind! Jump in and level up your AI engineering skills with #ModelMondays View the full article

Did you know that you can now add user login to app deployed on Azure, with just Bicep code? No Portal, CLI, SDK, or app code needed! For those new to Bicep, it's an "infrastructure-as-code" language that can describe all the Azure resources, their connections, and role-based permissions. It's similar to Terraform, but it's Azure-specific and compiles down to ARM JSON files. We encourage developers to use infrastructure-as-code (IaC), since you can then reliably setup the same resource configuration, store your setup in version control, and even programmatically audit your IaC for security issues. Microsoft recently announced a Graph extension that can create Graph resources, like Entra application registrations and service principals. Along with that, it's now possible for Entra applications to be secured using a managed identity as a federated identity credential ("MI as FIC"), which are simpler to manage and create than client secrets and certificates. You never have to worry about an app breaking in production due to a secret or certificate suddenly expiring. Both Azure Container Apps and App Service offer a built-in authentication feature, and they've now extended that feature so that it can be configured with an Entra application using MI as FIC, in either the Portal, CLI, or Bicep. 👀 The Graph extension, MI-as-FIC, and built-in auth support for MI-as-FIC are all currently in "public preview", which means they are subject to change based on community feedback. When we put all those new features, we now have a 100% Bicep solution for configuring built-in authentication! I've put together minimal templates here, which you can deploy and test for yourself: containerapps-builtinauth-bicep appservice-builtinauth-bicep In the rest of this post, I'll walk through the steps of adding this Bicep configuration to an existing application, for the many developers that are not starting from scratch. Enable the Graph extension The Graph extension requires the "extensions" functionality of Bicep, which was introduced in Bicep version 0.30.3 in September 2024. Add a bicepconfig.json file to your infrastructure folder with these contents: { "experimentalFeaturesEnabled": { "extensibility": true }, "extensions": { "microsoftGraphV1": "br:mcr.microsoft.com/bicep/extensions/microsoftgraph/v1.0:0.1.8-preview" } } If you do get an error about extensions not being understood, you may need to upgrade your Bicep CLI (if using it directly) or the Azure Developer CLI (if you're using "azd" instead). Prepare for Bicep changes Normally, when we provision resources in Bicep, we try to configure everything at once. However, for built-in auth, we need a three-step process, due to the dependencies involved: Create the backend application (either Container Apps or App Service Webapp) with an associated user-assigned managed identity Create the app registration with a reference to the backend application's managed identity Configure the backend application to use built-in auth with that app registration 1) Create the backend app Start with your usual Bicep for creating your backend app. Create a user-assigned managed identity for the backend: resource identity 'Microsoft.ManagedIdentity/userAssignedIdentities@2023-01-31' = { name: 'backend-app-identity' location: location } Associate that identity with the backend. For example, for Container Apps: resource app 'Microsoft.App/containerApps@2022-03-01' = { identity: { type: 'UserAssigned' userAssignedIdentities: { '${identity.id}': {} } } Store the client ID of the identity as a secret on the backend. For App Service, store the client ID in an environment variable named OVERRIDE_USE_MI_FIC_ASSERTION_CLIENTID. It should look something like this: appSettings: { OVERRIDE_USE_MI_FIC_ASSERTION_CLIENTID: identity.properties.clientId } For Container Apps, store the client ID in a secret named override-use-mi-fic-assertion-client-id. The exact Bicep depends on whether you're using the Container Apps Bicep module directly, or using a wrapper module. It should look something like this: secrets: [ { name: 'override-use-mi-fic-assertion-client-id' value: acaIdentity.properties.clientId } ] 2) Create the app registration The next step is to create an Entra application registration, along with a federated identity credential based on a managed identity ID, and a service principal representing the Entra app. Put all of this in a appregistration.bicep file that uses the microsoftGraphV1 extension: extension microsoftGraphV1 param issuer string param clientAppName string param clientAppDisplayName string param clientAppScopes array = ['User.Read', 'offline_access', 'openid', 'profile'] param webAppEndpoint string param webAppIdentityId string param serviceManagementReference string = '' param cloudEnvironment string = environment().name param audiences object = { AzureCloud: { uri: 'api://AzureADTokenExchange' } AzureUSGovernment: { uri: 'api://AzureADTokenExchangeUSGov' } AzureChinaCloud: { uri: 'api://AzureADTokenExchangeChina' } } // Get the MS Graph Service Principal based on its application ID: var msGraphAppId = '00000003-0000-0000-c000-000000000000' resource msGraphSP 'Microsoft.Graph/servicePrincipals@v1.0' existing = { appId: msGraphAppId } var graphScopes = msGraphSP.oauth2PermissionScopes resource clientApp 'Microsoft.Graph/applications@v1.0' = { uniqueName: clientAppName displayName: clientAppDisplayName signInAudience: 'AzureADMyOrg' serviceManagementReference: empty(serviceManagementReference) ? null : serviceManagementReference web: { redirectUris: [ '${webAppEndpoint}/.auth/login/aad/callback' ] implicitGrantSettings: { enableIdTokenIssuance: true } } requiredResourceAccess: [ { resourceAppId: msGraphAppId resourceAccess: [ for (scope, i) in clientAppScopes: { id: filter(graphScopes, graphScopes => graphScopes.value == scope)[0].id type: 'Scope' } ] } ] resource clientAppFic 'federatedIdentityCredentials@v1.0' = { name: '${clientApp.uniqueName}/miAsFic' audiences: [ audiences[cloudEnvironment].uri ] issuer: issuer subject: webAppIdentityId } } resource clientSp 'Microsoft.Graph/servicePrincipals@v1.0' = { appId: clientApp.appId } output clientAppId string = clientApp.appId output clientSpId string = clientSp.id Let's look at a few interesting lines in that module: signInAudience: 'AzureADMyOrg': This restricts the sign-in to your own organization. It's not currently possible to fully set up Entra External ID in Bicep. Check out this project for External ID setup with the Graph SDK. In addition, the MI+FIC approach can only be used for workforce tenants, not CIAM tenants. redirectUris: This matches the redirect URI of the built-in auth feature, ".auth/login/aad/callback". There is no need to specify a localhost redirect URI, since built-in auth only works on the deployed app. implicitGrantSettings: { enableIdTokenIssuance: true }: Along with the requiredResourceAccess, this grants the Entra application the permissions needed to do a user login flow, which uses the OpenID Connect protocol (OIDC) on top of OAuth2. With that module saved, now you can reference it from main.bicep, passing in the required parameters: var issuer = '${environment().authentication.loginEndpoint}${tenant().tenantId}/v2.0' module registration 'appregistration.bicep' = { name: 'reg' scope: resourceGroup params: { clientAppName: '${prefix}-entra-client-app' clientAppDisplayName: 'MyWebsite Entra Client App' issuer: issuer webAppEndpoint: backend.outputs.uri webAppIdentityId: backend.outputs.identityPrincipalId } } The issuer URL is constructed based off your environment's login endpoint and tenant ID, so that should not require changing. However, you'll need to make sure the following parameters are set correctly: webAppEndpoint: The full endpoint for the deployed application, including "https" protocol. webAppIdentityId: The principal ID of the managed identity associated with the deployed application. 3) Configure built-in authentication For the third and final step, you need to configure built-in authentication for your backend application, with a reference to that Entra application registration. The Bicep for configuration is slightly different across Container Apps and App Service, but they share properties in common: redirectToProvider: The value of 'azureactivedirectory' tells built-in auth to use Entra ID to handle the user login unauthenticatedClientAction: The value of 'RedirectToLoginPage' tells built-in auth to direct any unauthenticated users to the login page. identityProviders/azureActiveDirectory: These settings contain the reference to the Entra application registration, issuer URL, and the name of the app setting storing the managed identity client ID. For App Service, that setting must be 'OVERRIDE_USE_MI_FIC_ASSERTION_CLIENTID'. For Container apps, that setting must be 'override-use-mi-fic-assertion-client-id'. tokenStore: Whether the built-in auth feature should store tokens in a persistent storage. This is only needed if your app needs to access the access tokens itself, but not needed for the login flow itself. App Service comes with its own token store, but for a Container Apps token store, you must pass in a Blob storage account. For App Service, save this module in a file named builtinauth.bicep: param appServiceName string param clientId string param issuer string param includeTokenStore bool = false resource appService 'Microsoft.Web/sites@2022-03-01' existing = { name: appServiceName } resource configAuth 'Microsoft.Web/sites/config@2022-03-01' = { parent: appService name: 'authsettingsV2' properties: { globalValidation: { requireAuthentication: true unauthenticatedClientAction: 'RedirectToLoginPage' redirectToProvider: 'azureactivedirectory' } identityProviders: { azureActiveDirectory: { enabled: true registration: { clientId: clientId clientSecretSettingName: 'OVERRIDE_USE_MI_FIC_ASSERTION_CLIENTID' openIdIssuer: issuer } validation: { defaultAuthorizationPolicy: { allowedApplications: [] } } } } login: { tokenStore: { enabled: includeTokenStore } } } } For Container Apps, save this module in a file named builtinauth.bicep: param containerAppName string param clientId string param issuer string // Only needed if using a token store: param includeTokenStore bool = false param blobContainerUri string = '' param appIdentityResourceId string = '' resource app 'Microsoft.App/containerApps@2023-05-01' existing = { name: containerAppName } resource auth 'Microsoft.App/containerApps/authConfigs@2024-10-02-preview' = { parent: app name: 'current' properties: { platform: { enabled: true } globalValidation: { redirectToProvider: 'azureactivedirectory' unauthenticatedClientAction: 'RedirectToLoginPage' } identityProviders: { azureActiveDirectory: { enabled: true registration: { clientId: clientId clientSecretSettingName: 'override-use-mi-fic-assertion-client-id' openIdIssuer: issuer } validation: { defaultAuthorizationPolicy: { allowedApplications: [] } } } } login: { tokenStore: { enabled: includeTokenStore azureBlobStorage: includeTokenStore ? { blobContainerUri: blobContainerUri managedIdentityResourceId: appIdentityResourceId } : {} } } } } With that module saved, reference it from main.bicep, passing in the required parameters: module builtinauth 'builtinauth.bicep' = { name: 'builtinauth' scope: resourceGroup params: { containerAppName: backend.outputs.name clientId: registration.outputs.clientAppId openIdIssuer: issuer includeTokenStore: false } } All together now For an example of making those changes to a project, check out this pull request where I added built-in auth to an existing Azure Container app. Or you can check out my minimal templates for built-in auth, for Container Apps or App Service. ⚠️ Keep in mind the current limitations to this approach (as of February 2025): When we run the app locally, it will not have a user login flow. That should be fine if you're only using user login to restrict access to the app, but will make development more difficult if you have features that rely on the details of logged in users, like their Entra ID. For local development, you would need to use the MSAL SDK in your language of choice, and you would need to secure the Entra application registration with either a secret or certificate, since your local server would not have a managed identity to use as the credential. If you are trying to use Entra External ID, you cannot yet configure everything needed using the Graph Bicep extension. You would need to set up External ID with either the Graph SDK, as we do in this project, or in the Portal. The Graph extension, MI-as-FIC, and built-in auth support for MI-as-FIC are all currently in "public preview", which means they are subject to change based on community feedback. This is a great solution if you are deploying apps for your organization and want to ensure that that only your organization user's can see them! You should never rely on "security by obscurity" - assuming that a public endpoint won't get accessed by unauthorized users. Always protect your endpoints, either with user login, private networks, or both. To a more secure future! 🔐 View the full article

I have a Dell G15 15.6" FHD 120Hz Gaming Laptop - Intel Core i7 16GB Memory - NVIDIA GeForce RTX 4060, WIN 11. Had it a few months, bought new. It used to detect my headphones when I plugged them in but now it doesn't, but if I restart the laptop it detects them with no issue. Headphones are the only thing I use for audio so usually its not an issue, unless they get pulled out accidently or when I put it away when I leave house, then when I return I have to remember to plug headphones in FIRST before I start up the laptop, which I never do. So this issue is a mild pain in my butt. Tried reinstalling drivers and made sure they are up to date from Dell site. The site has an auto-detect driver thingie that shows they are all up to date. Any ideas? View the full article

Recently, after upgrading to Windows 11, I found that the snipping tool that comes with Windows 11 is particularly unpleasant to use. Sometimes you can't find where to save the screenshot, and the editing function is very simple, even the basic cropping has to be handled by another software. As an office worker who often needs to make document records and meeting minutes, a smooth and good screenshot tool is really too important! Mainly hope to meet the following requirements: 1️⃣ operation is simple and fast (preferably can be customized shortcut keys) 2️⃣ support screenshot directly after editing labeling 3️⃣ save file path easy to modify 4️⃣ Doesn't take up too much system resources. If there is a video recording + screenshot function at the same time, it would be better! I'm currently using the free snipping tool as a temporary emergency, but it doesn't feel professional enough. Which is the best snipping tool for Windows 11 that you are using? Any hidden gems you'd recommend? View the full article

2024-09 Cumulative Update for Windows 11 Version 22H2 for x64-based Systems (KB5043076) It just won't install; apparently it has tried every day for a while. The error code is 0x800736b3. I am not a W11 expert by any stretch, and frankly not sure what to do. What is kind of weird is that another version(?) is available (same title, KB5043145). This home built PC originally had W10, and I upgraded years ago without any issues. View the full article