Export (0) Print
Expand All
Expand Minimize

Planning for Site Operations in Configuration Manager

Updated: July 14, 2014

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 R2 Configuration Manager

Use the information in the following sections to help you plan for site operations.

Enterprise solutions such as Configuration Manager must prepare for loss of critical data by planning for both backup and recovery operations. For Configuration Manager sites, this preparation ensures that sites and hierarchies are recovered with the least data loss and in the quickest possible time.

A Configuration Manager site contains a large amount of data, which is mostly stored in the site database. To ensure that you are correctly backing up your sites, schedule the Backup Site Server maintenance task for the central administration site and each primary site in your hierarchy. The Backup Site Server maintenance task creates a complete backup snapshot of your site and contains all the data necessary to perform recovery operations. You can also use your own method for backing up the site database. For example, you can create a site database backup as part of a SQL Server maintenance plan.

Depending on your Configuration Manager hierarchy, the requirement to back up a site to avoid data loss varies. For example, consider the following scenarios:

  • Central administration site with child primary sites: When you have a Configuration Manager hierarchy, the site can likely be recovered even when you do not have a site backup. Because database replication is used in the hierarchy, the data required for recovery can be retrieved from another site in the hierarchy. The benefit of restoring a site by using a backup is that only changes to the data since the last backup have to be retrieved from another site, which reduces the amount of data transferred over your network.

  • Stand-alone primary site: When you have a stand-alone primary site (no central administration site), you must have a Configuration Manager backup to avoid data loss.

  • Secondary sites: There is no backup and recovery support for secondary sites. You must reinstall the secondary site when it fails.

For more information about how to configure site backup or recover a site, see Backup and Recovery in Configuration Manager.

noteNote
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.

The following items are new since Configuration Manager 2007:

  • In System Center 2012 Configuration Manager, recovery is integrated in the Configuration Manager Setup Wizard. Configuration Manager 2007 used the Site Repair Wizard to recover sites.

  • You have the following options when running recovery in System Center 2012 Configuration Manager:

    Site Server

    • Recover the site server from a backup.

    • Reinstall the site server.

    Site Database

    • Recover the site database from a backup.

    • Create a new site database.

    • Use a site database that been manually recovered.

    • Skip database recovery.

  • System Center 2012 Configuration Manager database replication uses SQL Server to transfer data and merge changes made to the database of a site with the information stored in the database at other sites in the hierarchy. This enables all sites to share the same information.

    Recovery in System Center 2012 Configuration Manager uses database replication to retrieve global data that the failed site created before it failed. This process minimizes data loss even when no backup is available.

  • You can start an unattended site recovery by configuring an unattended installation script and then using the Setup command /script option.

The following item is new since System Center 2012 Configuration Manager:

  • Starting in Configuration Manager SP1, you can recover a secondary site by using the Recover Secondary Site action from the Sites node in the Configuration Manager console. During the recovery, the secondary site files are installed on the destination computer and then the secondary site data is reinitialized with data from the primary site. The secondary site that you recover must have the same FQDN, meet all secondary site prerequisites, and you must configure appropriate security rights for the secondary site.

    For more information about the Prerequisite Checker, see the Prerequisite Checker section in the Install Sites and Create a Hierarchy for Configuration Manager topic.

    For more information about secondary site security requirements, see the Install a Secondary Site section in the Install Sites and Create a Hierarchy for Configuration Manager topic.

The Backup Site Server maintenance task uses the Volume Shadow copy Service (VSS) to create the backup snapshot. VSS is essentially a framework which facilitates communication between applications, storage subsystems, and storage management applications (including backup applications) to define point-in-time copies of storage data. These point-in-time copies, or shadow copies, of site server and site database information are used to back up and restore Configuration Manager sites. By using VSS shadow copies, the Backup Site Server maintenance task can minimize off-line times for site servers. VSS must be running for the Backup Site Server maintenance task to finish successfully.

The Backup Site Server maintenance task includes the following information in the backup set:

  • The Configuration Manager site database files

    noteNote
    The Backup Site Server maintenance task does not support configuring an NTFS file system junction point to store the site database files.

  • The following Configuration Manager installation folders:

    • <ConfigMgrInstallationPath>\bin

    • <ConfigMgrInstallationPath>\inboxes

    • <ConfigMgrInstallationPath>\Logs

    • <ConfigMgrInstallationPath>\Data

    • <ConfigMgrInstallationPath>\srvacct

  • The ..\HKEY_LOCAL_MACHINE\Software\Microsoft\SMS registry key.

The Backup Site Server maintenance task creates a backup set that includes everything you need to restore your site server to a functional state. There are some Configuration Manager items not included in the site backup that you might want to back up outside of the normal process. The following sections provide information about items not backed up as part of the backup task.

WarningWarning
For more information about supplemental backup tasks, see the Supplemental Backup Tasks section in the Backup and Recovery in Configuration Manager topic.

Some Configuration Manager site systems contain site data that is easily recreated if the site fails and are not backed up during the site backup process. For example, you do not have to backup data from site systems such as distribution points and management points. The site server can easily reinstall these site systems if they fail.

When you create custom Configuration Manager reports in SQL Server Reporting Services, there are several items on the Reporting Services server that you must add to your backup set to recover the reports in the event of a failure on the server running Reporting Services.

The content library in Configuration Manager is the location where all content files are stored for software updates, applications, operating system deployment, and so on. The content library is located on the site server and each distribution point. The Backup Site Server maintenance task does not include a backup of the content library or the package source files. When a site server fails, the information about the content library files is restored to the site database, but you must restore the content library and package source files on the site server.

You do not have to back up the SQL Server master database. The Backup Site Server maintenance task backs up all of the required information for restoring the site database to SQL Server as part of the backup process. The original SQL Server master database is not required for restoring the site database on a new server that is hosting the SQL Server database.

The Backup Site Server maintenance task backs up logs located in the <ConfigMgrInstallationPath>\Logs folder, but some System Center 2012 Configuration Manager site systems write logs in other locations and are not backed up by the Backup Site Server maintenance task. Plan an alternative method to back up these log files, if it is required.

System Center 2012 Configuration Manager clients are not backed up as part of the site backup process for the following reasons:

  • To correctly back up a Configuration Manager client, the client services must be stopped. However, there is no reliable way to stop and start the client services. Stopping and starting the client services can potentially corrupt the data on the hard disk of the client or in the backup snapshot.

  • Clients are too numerous. It is neither practical nor beneficial to back up and restore the clients assigned to a site.

  • The effect of losing client data is relatively small.

When you use System Center Updates Publisher to create custom software updates, the updates are stored in the Updates Publisher database. Though many of these custom software updates might have been published to Windows Server Update Services, you typically want to have a backup of the Updates Publisher database that contains the source for the custom updates.

When the Backup Site Server maintenance task performs a site backup, critical site services must be stopped including:

  • SMS Executive service (SMS_Executive)

  • SMS Site Component Manager service (SMS_Site_Component_Manager)

If the Configuration Manager site server or site database server is being monitored by the monitoring agent on the System Center Operations Manager client, the backup process might generate false stop service alerts when critical Configuration Manager services are stopped for backup. To avoid this problem, configure the entire backup process to be monitored as a single transaction that is managed by using Operations Manager maintenance mode state management.

System Center 2012 Configuration Manager sites and hierarchies require regular maintenance and monitoring to provide services effectively and continuously. Regular maintenance ensures that the hardware, software, and the Configuration Manager database continue to function correctly and efficiently. Optimal performance greatly reduces the risk of failure.

While your Configuration Manager site and hierarchy perform the tasks that you schedule and configure, site components continually add data to the Configuration Manager database. As the amount of data grows, database performance and the free storage space in the database decline. You can configure site maintenance tasks to remove aged data that you no longer require.

Configuration Manager provides predefined maintenance tasks that you can use to maintain the health of the Configuration Manager database. Not all maintenance tasks are available at each site, by default, several are enabled while some are not, and all support a schedule that you can configure for when to run.

Most maintenance tasks periodically remove out-of-date data from the Configuration Manager database. Reducing the size of the database by removing unnecessary data improves the performance and the integrity of the database, which increases the efficiency of the site and hierarchy. Other tasks, such as Rebuild Indexes, help maintain the database efficiency, while some, such as the Backup Site Server task, help you prepare for disaster recovery.

ImportantImportant
When you plan the schedule of any task that deletes data, consider the use of that data across the hierarchy. When a task that deletes data runs at a site, the information is removed from the Configuration Manager database, and this change replicates to all sites in the hierarchy. This can affect other tasks that rely on that data. For example, at the central administration site, you might configure Discovery to run one time per month to identify non-client computers, and plan to install the Configuration Manager client to these computers within two weeks of their discovery. However, at one site in the hierarchy, an administrator configures the Delete Aged Discovery Data task to run every seven days with a result that seven days after non-client computers are discovered, they are deleted from the Configuration Manager database. Back at the central administration site, you prepare to push install the Configuration Manager client to these new computers on day 10. However, because the Delete Aged Discovery Data task has recently run and deleted data that is seven days or older, the recently discovered computers are no longer available in the database.

After you install a Configuration Manager site, review the available maintenance tasks and enable those tasks that your operations require. Review the default schedule of each task, and when necessary, modify the schedule to fine-tune the maintenance task to fit your hierarchy and environment. Although the default schedule of each task should suit most environments, monitor the performance of your sites and database and expect to fine-tune tasks to increase your deployments’ efficiency. Plan to periodically review the site and database performance and to reconfigure maintenance tasks and their schedules to maintain that efficiency.

To maintain your site, consider performing regular maintenance on a daily, weekly, and for some tasks, a more periodic schedule. Common maintenance can include both the built-in maintenance tasks and other tasks such as account maintenance to maintain compliance with your company policies.

Performing regular maintenance is important to ensure correct site operations. Maintain a maintenance log to document dates that maintenance was conducted, by whom, and any maintenance-related comments about the task conducted.

Use the following information as a guide to help you plan when to perform different maintenance tasks. Use these lists as a starting point, and add any additional tasks you might require.

Daily Tasks
The following are maintenance tasks you might consider performing on a daily basis:

  • Verify that predefined maintenance tasks that are scheduled to run daily are running successfully.

  • Check the Configuration Manager database status.

  • Check site server status.

  • Check Configuration Manager site system inboxes for file backlogs.

  • Check site systems status.

  • Check the operating system event logs on site systems.

  • Check the SQL Server error log on the site database computer.

  • Check system performance.

  • Check Configuration Manager alerts.

Weekly Tasks
The following are maintenance tasks you might consider performing on a weekly basis:

  • Verify that predefined maintenance tasks scheduled to run weekly are running successfully.

  • Delete unnecessary files from site systems.

  • Produce and distribute end-user reports if required.

  • Back up application, security, and system event logs and clear them.

  • Check the site database size and verify that there is enough available disk space on the site database server so that the site database can grow.

  • Perform SQL Server database maintenance on the site database according to your SQL Server maintenance plan.

  • Check available disk space on all site systems.

  • Run disk defragmentation tools on all site systems.

Periodic Tasks
Some tasks do not have to be performed during daily or weekly maintenance, but are important to ensure overall site health, and security and disaster recovery plans are up-to-date. The following are maintenance tasks that you might consider performing on a more periodic basis than the daily or weekly tasks:

  • Change accounts and passwords, if it is necessary, according to your security plan.

  • Review the maintenance plan to verify that scheduled maintenance tasks are scheduled correctly and effectively depending on configured site settings.

  • Review the Configuration Manager hierarchy design for any required changes.

  • Check network performance to ensure changes have not been made that affect site operations.

  • Verify that Active Directory settings affecting site operations have not changed. For example, verify that subnets assigned to Active Directory sites that are used as boundaries for Configuration Manager site have not changed.

  • Review your disaster recovery plan for any required changes.

  • Perform a site recovery according to the disaster recovery plan in a test lab by using a backup copy of the most recent backup created by the Backup Site Server maintenance task.

  • Check hardware for any errors or for available hardware updates.

  • Check the overall health of the site.

The following table lists the available maintenance tasks, at which site each task is available, and basic details about the task. For more information about each task and its available configurations, view the maintenance task Properties in the Configuration Manager console.

 

Key:

√ = By default, enabled

Ø = By default, not enabled

 

Maintenance task Central administration site Primary site Secondary site More information

Backup Site Server

Ø

Not available

Use this task to prepare for recovery of critical data by creating a backup of the critical information that you have to restore a site and the Configuration Manager database.

For more information, see Backup and Recovery in Configuration Manager.

Check Application Title with Inventory Information

Not available

Use this task to maintain consistency between software titles reported in software inventory and software titles in the Asset Intelligence catalog.

For more information, see Introduction to Asset Intelligence in Configuration Manager.

Clear Install Flag

Not available

Ø

Not available

Use this task to remove the installed flag for clients that do not submit a Heartbeat Discovery record during the Client Rediscovery period. The installed flag prevents automatic client push installation to a computer that might have an active Configuration Manager client.

For more information, see How to Prevent the Client Software from Installing on Specific Computers in Configuration Manager.

Delete Aged Application Request Data

Not available

Not available

Use this task to delete aged application requests from the database.

For more information about application requests, see Introduction to Application Management in Configuration Manager.

Delete Aged Client Operations

Not available

Use this task to delete aged data for Endpoint Protection client operations from the database. This data includes requests that an administrative user made for clients to run a scan or download updated definitions.

For more information about managing Endpoint Protection in Configuration Manager, see How to Manage Antimalware Policies and Firewall Settings for Endpoint Protection in Configuration Manager.

Delete Aged Client Presence History

Not available

For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:

Use this task to delete history information about the online status of clients, recorded by client notification, that is older than the specified time.

For more information about client notification, see Introduction to Client Deployment in Configuration Manager.

Delete Aged Collected Files

Not available

Not available

Use this task to delete aged information about collected files from the database. This task also deletes the collected files from the site server folder structure at the selected site. By default, the five most recent copies of collected files are stored on the site server in the Inboxes\sinv.box\FileCol directory.

For more information, see Planning for Software Inventory in Configuration Manager.

Delete Aged Computer Association Data

Not available

Not available

Use this task to delete aged Operating System Deployment computer association data from the database. This information is used as part of completing user state restores. For more information about computer associations, see Managing User State.

Delete Aged Delete Detection Data

Not available

Use this task to delete aged data from the database that has been created by Extraction Views. By default, Extraction Views are disabled and can only be enabled by use of the Configuration Manager SDK.

Unless Extraction Views are enabled, there is no data for this task to delete.

Delete Aged Device Wipe Record

Not available

Not available

Use this task to delete aged data about mobile device wipe actions from the database.

For information about managing mobile devices, see Determine How to Manage Mobile Devices in Configuration Manager.

Delete Aged Devices Managed by the Exchange Server Connector

Not available

Not available

Use this task to delete aged data about mobile devices that are managed by using the Exchange Server connector. This data is deleted according to the interval configured for the Ignore mobile devices that are inactive for more than (days) option on the Discovery tab of the Exchange Server connector properties.

For more information, see How to Manage Mobile Devices by Using Configuration Manager and Exchange.

Delete Aged Discovery Data

Not available

Not available

Use this task to delete aged discovery data from the database. This data can include records resulting from heartbeat discovery, network discovery, and Active Directory Domain Services discovery methods (System, User, and Group).

When this task runs at one site, it removes the data from the database at all sites in the hierarchy.

For information about Discovery, see Planning for Discovery in Configuration Manager.

Delete Aged Distribution Point Usage Data

Not available

Beginning with System Center 2012 R2 Configuration Manager, use this task to delete from the database aged data for distribution points that has been stored longer than a specified time.

Delete Aged Endpoint Protection Health Status History Data

Not available

Not available

Use this task to delete aged status information for Endpoint Protection from the database.

For more information about Endpoint Protection status information, see How to Monitor Endpoint Protection in Configuration Manager.

Delete Aged Enrolled Devices

Not available

Not available

Use this task to delete from the site database, aged data about mobile devices enrolled by Configuration Manager that have enrolled at a site but that have not reported any information to the site for a specified time.

ImportantImportant
This task does not delete data about mobile devices that are enrolled by Windows Intune. Instead, to delete aged data about mobile devices that are enrolled by Windows Intune, use the Delete Inactive Client Discovery Data and Delete Obsolete Client Discovery Data task.

For information about the operating systems of devices that are enrolled by Configuration Manager or by Windows Intune, see the Mobile Device Requirements section in the Supported Configurations for Configuration Manager topic.

Delete Aged Inventory History

Not available

Not available

Use this task to delete inventory data that has been stored longer than a specified time from the database.

For information about inventory history, see How to Use Resource Explorer to View Hardware Inventory in Configuration Manager.

Delete Aged Log Data

Use this task to delete aged log data that is used for troubleshooting from the database. This data is not related to Configuration Manager component operations.

ImportantImportant
By default, this task runs daily at each site. At a central administration site and primary sites, the task deletes data that is older than 30 days. When you use SQL Server Express at a secondary site, ensure that this task runs daily, and deletes data that has been inactive for 7 days.

Delete Aged Notification Task History

Not available

Not available

For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:

Use this task to delete information about client notification tasks from the site database when it has not been updated for a specified time.

For more information about client notification, see Introduction to Client Deployment in Configuration Manager.

Delete Aged Replication Summary Data

For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:

Use this task to delete aged replication summary data from the site database when it has not been updated for a specified time.

For more information, see the How to Monitor Database Replication Links and Replication Status section in the Monitor Configuration Manager Sites and Hierarchy topic.

Delete Aged Replication Tracking Data1

Use this task to delete aged data about database replication between Configuration Manager sites from the database.

For more information, see the How to Monitor Database Replication Links and Replication Status section in the Monitor Configuration Manager Sites and Hierarchy topic.

Delete Aged Software Metering Data

Not available

Not available

Use this task to delete aged data for software metering that has been stored longer than a specified time from the database.

For more information, see Maintenance Tasks for Software Metering in Configuration Manager.

Delete Aged Software Metering Summary Data

Not available

Not available

Use this task to delete aged summary data for software metering that has been stored longer than a specified time from the database.

For more information, see Maintenance Tasks for Software Metering in Configuration Manager.

Delete Aged Status Messages

Not available

Use this task to delete aged status message data as configured in status filter rules from the database.

For information, see Monitor System Status for Configuration Manager the section in the topic Monitor Configuration Manager Sites and Hierarchy.

Delete Aged Threat Data

Not available

Not available

Use this task to delete aged Endpoint Protection threat data that has been stored longer than a specified time from the database.

For information about Endpoint Protection, see Endpoint Protection in Configuration Manager.

Delete Aged Unknown Computers

Not available

Not available

For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:

Use this task to delete information about unknown computers from the site database when it has not been updated for a specified time.

For more information, see How to Manage Unknown Computer Deployments in Configuration Manager.

Delete Aged User Device Affinity Data

Not available

Not available

Use this task to delete aged User Device Affinity data from the database.

For more information, see How to Manage User Device Affinity in Configuration Manager.

Delete Inactive Client Discovery Data

Not available

Ø

Not available

Use this task to delete discovery data for inactive clients from the database. Clients are marked as inactive when the client is flagged as obsolete and by configurations made for Client status. This task operates only on resources that are Configuration Manager clients. It is different than the Delete Aged Discovery Data task which deletes any aged discovery data record. When this task runs at a site, it removes the data from the database at all sites in a hierarchy.

ImportantImportant
When enabled, configure this task to run at an interval greater than the Heartbeat Discovery schedule. This enables active clients to send a Heartbeat Discovery record to mark their client record as active so this task does not delete them.

For more information, see How to Configure Client Status in Configuration Manager.

Delete Obsolete Alerts

Not available

Use this task to delete expired alerts that have been stored longer than a specified time from the database.

For more information, see Planning for Alerts.

Delete Obsolete Client Discovery Data

Not available

Ø

Not available

Use this task to delete obsolete client records from the database. A record that is marked as obsolete has usually been replaced by a newer record for the same client. The newer record becomes the client’s current record.

ImportantImportant
When enabled, configure this task to run at an interval greater than the Heartbeat Discovery schedule. This enables the client to send a Heartbeat Discovery record that sets the obsolete status correctly.

For information about Discovery, see Planning for Discovery in Configuration Manager.

Delete Obsolete Forest Discovery Sites and Subnets

Not available

Use this task to delete data about Active Directory sites, subnets, and domains that have not been discovered by the Active Directory Forest Discovery method in the last 30 days. This removes the discovery data but does not affect boundaries created from this discovery data.

For more information, see Planning for Discovery in Configuration Manager.

Delete Unused Application Revisions

Not available

Not available

Use this task to delete application revisions that are no longer referenced.

For more information, see How to Manage Application Revisions in Configuration Manager.

Evaluate Collection Members

Not available

Not available

In Configuration Manager with no service pack, use this task to change how often collection membership is incrementally evaluated. Incremental evaluation updates a collection membership with only new or changed resources. For more information, see How to Manage Collections in Configuration Manager.

Beginning with Configuration Manager SP1, you configure the Collection Membership Evaluation as a site component. For information about site components, see Configuring Site Components in Configuration Manager.

Evaluate Provisioned AMT Computer Certificates

Not available

Not available

Use this task to check the validity period of the certificates issued to AMT-based computers.

For more information see, How to Manage AMT Provisioning Information in Configuration Manager.

Monitor Keys

Not available

Use this task to monitor the integrity of the Configuration Manager database primary keys. A primary key is a column or combination of columns that uniquely identify one row and distinguish it from any other row in a Microsoft SQL Server database table.

Rebuild Indexes

Ø

Ø

Ø

Use this task to rebuild the Configuration Manager database indexes. An index is a database structure that is created on a database table to speed up data retrieval. For example, searching an indexed column is often much faster than searching a column that is not indexed.

To improve performance, the Configuration Manager database indexes are frequently updated to remain synchronized with the constantly changing data stored in the database. This task creates indexes on database columns that are at least 50 percent unique, drops indexes on columns that are less than 50 percent unique, and rebuilds all existing indexes that meet the data uniqueness criteria.

Summarize Installed Software Data

Not available

Not available

Use this task to summarize the data for installed software from multiple records into one general record. Data summarization can compress the amount of data stored in the Configuration Manager database.

For more information, see Planning for Software Inventory in Configuration Manager.

Summarize Software Metering File Usage Data

Not available

Not available

Use this task to summarize the data from multiple records for software metering file usage into one general record. Data summarization can compress the amount of data stored in the Configuration Manager database.

You can use this task with the Summarize Software Metering Monthly Usage Data task to summarize software metering data, and to conserve disk space in the Configuration Manager database.

For more information, see Maintenance Tasks for Software Metering in Configuration Manager.

Summarize Software Metering Monthly Usage Data

Not available

Not available

Use this task to summarize the data from multiple records for software metering monthly usage into one general record. Data summarization can compress the amount of data stored in the Configuration Manager database.

You can use this task with the Summarize Software Metering File Usage Data task to summarize software metering data, and to conserve space in the Configuration Manager database.

For more information, see Maintenance Tasks for Software Metering in Configuration Manager.

Update Application Catalog Tables2

Not available

Not available

Use this task to synchronize the Application Catalog website database cache with the latest application information.

For more information, see Configuring the Application Catalog and Software Center in Configuration Manager.

1 When you change the configuration of this maintenance task, the configuration applies to each applicable site in the hierarchy.

2 When you change the configuration of this maintenance task, the configuration applies to all primary sites in the hierarchy.

System Center 2012 Configuration Manager generates alerts that you can use to monitor the status of objects as they perform a task. Alerts can indicate a completed task, an interim status of a task, or the failure of a task.

Alerts are listed in several places in the Configuration Manager console. A complete list of alerts is provided in the Monitoring workspace in the Alerts node. The most recent active alerts are displayed in the Overview of the workspace that they are associated with. For example, select Assets and Compliance to see a list of the most recent alerts listed in the Assets and Compliance Overview. The list of the most recent alerts is updated whenever a new alert is generated or the state of an alert has changed for that workspace.

For more information about managing alerts, see Configuring Alerts in Configuration Manager.

For more information about what you can do when an alert is generated, see Monitor Alerts in Configuration Manager.

-----
For additional resources, see Information and Support for Configuration Manager.

Tip: Use this query to find online documentation in the TechNet Library for System Center 2012 Configuration Manager. For instructions and examples, see Search the Configuration Manager Documentation Library.
-----
Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft