Tag Archives: Insider

Understand Windows Insider Program for Business options

The Windows Insider Program for Business provides features that help IT plan for and deploy GA builds when they arrive.

The Windows Insider Program, which Microsoft introduced in 2014, lets IT try out new features in the upcoming Windows release before Microsoft makes them generally available. Microsoft added the Windows Insider Program for Business in April 2018 to provide organizations with tools to better prepare for upcoming releases.

Windows Insider Program for Business

Microsoft designed the Windows Insider Program for Business specifically for organizations to deploy preview builds from Windows 10 and Windows Server to participating employees for testing before they are GA.

IT pros can register their domains with the service and control settings centrally rather than registering users or configuring machines individually. Individual users can also join the Windows Insider Program for Business on their own, independently of IT’s corporate-wide review.

Microsoft designed the Windows Insider Program for Business specifically for organizations to deploy preview builds from Windows 10 and Windows Server to participating employees for testing before they are GA.

The preview builds don’t replace the channel releases because IT doesn’t deploy the new builds across its organization. They’re simply earlier Windows 10 builds IT teams can use to prepare their organizations for the updates.

The Windows Insider Program for Business preview build releases make it possible for IT to implement new services and tools more quickly once the GA release is available. The previews also help IT ensure that Microsoft addressed data security and governance issues in advance of the release.

The Windows Insider Program for Business allows administrators, developers, testers and other users to see what effect a new release might have on their devices, applications and infrastructures. Microsoft includes the Feedback Hub for IT pros and users to submit reactions about their experiences, make requests for new features and identify issues such as application compatibility, security and performance problems.

Microsoft also offers the Windows Insider Lab for Enterprise, a test deployment for insiders who Microsoft specially selects to test new, experimental or prerelease enterprise security and privacy features. The lab provides insiders with a virtual test infrastructure that comes complete with typical enterprise technologies such as Windows Information Protection, Windows Defender Application Guard and Microsoft App-V.

Getting started with the insider program

Microsoft recommends organizations sign up for the Windows Insider Program for Business and dedicate at least a few devices to the program. IT pros must register their users with the service and set up the target devices to receive preview builds.

Microsoft also recommends that organizations use Azure Active Directory work accounts when registering with the service, whether an organization registers users individually or as part of a domain account. A domain registration makes it easier for IT to manage the participating devices and track feedback from users across the organization. Users that want to submit feedback on behalf of the organization must have a domain registration, as well.

IT can install and manage preview builds on individual devices or on the infrastructure and deploy the builds across multiple devices in the domain, including virtual machines. Using Group Policies, IT can also enable, disable, defer or pause preview installations and set the branch readiness levels, which determine when the preview builds are installed.

Microsoft’s three preview readiness branches

IT can configure devices so the preview builds install automatically or allow users to choose their own install schedules. With mobile device management tools such as Microsoft Intune, IT can take over the preview readiness branch settings, assigning each user one of three preview deployment branches.

Fast. Devices at the Fast level are the first to receive build and feature updates. This readiness level implies some risk because it is the least stable and some features might not work on certain devices. As a result, IT should only install Fast builds on secondary devices and limit these builds to a select group of users.

Slow. Devices at the Slow level receive updates after Microsoft applies user and organization feedback from the Fast build. These builds are more stable, but users don’t see them as early in the process compared to the Fast builds. The Slow level generally targets a broader set of users.

Release Preview. Devices at the Release Preview level are the last to receive preview builds, but these builds are the most stable. Users still get to see and test features in advance and can provide feedback, but they have a much smaller window between the preview build and the final release.

Is the Windows Insider Program for Business for everyone?

An organization that participates in the Windows Insider Program for Business must be able to commit the necessary resources to effectively take advantage of the program’s features. To meet this standard, organizations must ensure that they can dedicate the necessary hardware and infrastructure resources and choose users who have enough time to properly test the builds.

An organization’s decision to invest in these resources depends on its specific circumstances, but deploying a Windows update is seldom without a few hiccups. With the Windows Insider Program for Business, IT can avoid some of these issues.

These 3 New Features in Windows Server 2019 Could be Game Changers

A new Windows Server Insider Build has been posted and this one contains three exciting new features that could have a huge impact on future Windows Server users. This continues the march toward Windows Server 2019 with a new set of features intended to debut in that forthcoming release.

You can read the official notification for build 17723 here. If you’d like to get into the Windows Server Insider program and test these builds yourself, you can do that here. In the immediately previous build, I recommended that you install directly on hardware to test out the new Hyper-V features. This one would not benefit as much, but it’s good to keep up on in-place upgrades if you can.

Ongoing Testing Request

As Microsoft and I remind you with each new build, they are interested in gathering as much feedback as possible on two fronts:

  • In-place upgrade from WS2012R2 and/or WS2016
  • Compatibility with applications

If you find anything, use the Windows Server Insiders forums to report in.

Build 17723 Feature 1: Expansion of the System Insights Feature

System Insights was introduced with build 17692. This new feature provides a framework for Windows Server to gather data and analyze it for predictive purposes. We can use it for performance trending more easily than using Performance Monitor and related tools.

Build 17723 opens System Insights up to gathering data from any performance counter. It includes access to new features via PowerShell and Windows Admin Center.

Build 17723 Feature 2: Expanded Kubernetes Support

A container is simple to set up and tinker with. Directly managing them at even a small scale quickly becomes tedious. Managing containers in a public cloud can be even more difficult. Kubernetes is one option (known as a “container orchestrator“) for handling containers. Kubernetes can have a presence on a Windows Server installation for managing your on-premises containers. This build improves on Windows Server support for Kubernetes.

I do not use Kubernetes often, so I didn’t push this far. The official blog post announcing the new build includes links to guide you through configuring Kubernetes.

Build 17723 Feature 3: Low Extra Delay Background Transfer (LEDBAT)

LEDBAT is one of those features that we’ve all wanted for quite some time. With LEDBAT, you can place server-side traffic of your choosing into a box, so to speak, so that it must always take a backseat to any other traffic. It will use only whatever bandwidth is left over when nothing else needs to use the network.

While this would be a fun feature to test out and demo, Microsoft already has a fantastic article on the topic. It outlines the problem, gives some examples, explains why other approaches do not work, and demonstrates the feature in action.

Quick Introduction to System Insights

Let’s take a quick look at System Insights. Some of this comes from the official documentation page for System Insights.

Enabling the System Insights Data Gathering Feature

To begin, you need to enable the feature. You can do that with PowerShell:

You can also enable it in Server Manager’s Add Roles and Features Wizard:

When you check that box, it will prompt you to enable the management tools:

Adding the feature or its management tools does not require a reboot.

The management tools are not truly necessary on servers if you will be managing them remotely.

Enabling Windows Admin Center to Poll System Insights

Note: Everything that you see here was performed using the 17723 preview of WAC, which is available at the same location as the Windows Server Insiders download.

To use System Insights graphically, you can employ Windows Admin Center. If your WAC system is in gateway mode, it can pull data from remote systems. You must have the System Insights management tools installed on your WAC system using the above directions. Next, you must enable the plug-in within WAC.

First, access WAC’s settings by clicking the gear icon at the top right of its window:

At the left of the window, under the Gateway menu, choose Extensions:

Ensure that you are on the Available Extensions tab. Find and highlight System Insights. Click the Install button:

You will be prompted to confirm the installation. The plugin will then appear on the Installed Extensions tab.

Viewing System Insights in Windows Admin Center

Once you’ve done the above, Windows Admin Center will display a System Insights link for connected systems. Unfortunately, System Insights is a Windows Server 2019-only feature; the link will display for older operating systems but will not function:

Note: I apologize for the poor scaling of the Windows Admin Center screenshots. I’m getting them as small and focused as I can while maintaining legibility. An ongoing UX problem with Windows Admin Center is that it has been optimized to run full-screen on 4k displays and is horrifically disrespectful of screen real estate on anything less.

Built-In System Insights WAC Demonstration

Let’s start with a look at the insights that ship natively:

As for the error, I couldn’t find anything anywhere with more details. This is a preview, so maybe they’ll address that. We’ll see.

If you click on one of the items, you’ll be taken to a screen that shows a history and forecast chart for the specific item. On my 1680×1050 monitor, I could not do anything to get all of the items into a single screen. So, I’ve broken it down into three parts so that the individual components will scale better.

System Insights Overview Section

At the top of the page is just an overview that repeats what you saw in the table.

System Insights Forecast Section

Next, you have the aforementioned graphs. It takes up almost all of the screen and cannot be shortened vertically. Shrinking your window might cause it to become taller, though. Also, you cannot adjust the forecast term.

Poor UX design notwithstanding, these charts might come in handy. But, we still don’t know what sort of accuracy to expect. Looking at it with my own analytical mindset, I don’t know why it forecasts such a radical change in CPU usage. But, this system has not been collecting data for very long. We’ll see how it does with more information. I would also like to discover if it extends its forecast after collecting more data. A prediction spanning less than 10 days is not terribly useful.

System Insights History Section

Below the chart, you’ll find a listing of data gathering events. This will almost certainly require you to scroll if you want to see it. Fortunately, you probably won’t care about it often. I’m not sure why it’s not on a different tab or something.

System Insights PowerShell Module

The System Insights PowerShell module exposes several cmdlets:

You can use
Get-InsightsCapability to list a host’s installed Insight plugins and
Get-InsightsCapabilityResult to get a text readout that mirrors you saw in WAC:

The new part here should be of interest to systems software developers: you can build your own System Insights plugins and install them with Add-InsightsCapability. You can find details and guides on the official docs page.

Commentary on Build 17723

This release presents some exciting new features for Windows Server 2019 that I look forward to implementing.

Depending on how easy Microsoft makes it to build System Insights plugins, we could find ourselves with a wealth of performance forecasting modules in very short order. Enterprising systems admins might be able to architect their own. Even better, the WAC and PowerShell interfaces work better to view that data than most any other available tool. I still think the user experience in WAC needs a great deal of attention, but that concern is secondary to the capabilities.

Expanded support for Kubernetes shows Microsoft’s ongoing commitment not only to container technologies but to work with outside entities to improve their viability on Windows Server. I would have liked to see more information in the article detailing just what was improved.

I find the new LEDBAT technology to be quite intriguing. We’ll be able to use it to ensure that our critical server applications never become choked out without setting ham-handed restrictions on everything else. I feel that once the community gets hold of this, we’ll see many new applications that enhance our networking experiences.

If you read my commentary on build 17709, you’ll know that I tried out the new in-place upgrade and ran into some frustrating problems. This time, I upgraded from 17709 directly to 17723 without any issues at all. I didn’t need to change a single configuration item. It did tell me that I had to shut down running VMs, but it did that during the pre-flight when I had yet to commit any serious time to the attempt. I don’t know if Microsoft intentionally improved something in the upgrade cycle or if my luck just changed, but I won’t complain.

This post is part of a series on Windows Server 2019 builds leading up to the release in late 2018. Read more about the release here:

Windows Server 2019 Preview: What’s New and What’s Cool

Sneak peek: Windows Server 2019 Insider Preview Build 17666

What’s New in Windows Server 2019 Insider Preview Build 17692

Curious About Windows Server 2019? Here’s the Latest Features Added

SaaS activity alerts can mitigate manual misconfigurations

External threats can actually be the easier security issue to combat compared to the potential of an insider stealing data, which makes access management and awareness vital for IT.

More and more sensitive data is being stored in the cloud and improper access controls or limited visibility can lead to unintended data exposures or even insider theft. However, better SaaS activity alerts can help mitigate these issues.

BetterCloud CEO and founder David Politis spoke with SearchSecurity about the dangers of cloud misconfigurations and having too many admins, as well as how SaaS activity can be monitored automatically to avoid security breaches.

Editor’s note: This conversation has been edited for length and clarity.

You have said that it is functionally impossible to monitor SaaS activity manually, so what are the programmatic options for security?

David Politis: The most important thing we have is this framework that we recreated with our customers. The first step is centralizing all of the data that you have across these applications because data sprawl is one of the biggest issues.

David Politis, CEO and founder, BetterCloudDavid Politis

Once you’ve centralized that data, programmatically you have to go into all the different APIs that are available from these applications and you need to bring all the settings and the configuration and the entitlements and everything into a single place because part of the problem is going app by app. That’s not scalable.

Once you’ve centralized all of that, you need to be able to go and discover against that centralized repository of all the entitlements and settings you have, because once you centralize, what you’ll find is you have, depending on the size of your organization, millions — I’m not exaggerating — millions of data points that you’re having to report against or audit.

So you centralize then you do discovery and discovery means: Let me look at all my groups or email distribution lists that are set like this, or I have a rule in my organization where I need to be able to see all the files that are shared in this way. Now, still, that’s a massive data set and somehow you need that to be surfaced more real time because the changes in the settings and the entitlements are changing all the time. They’re literally changing every day, all day. People are working in these applications; they’re sharing files; they’re creating Slack channels; they’re adding folders in Dropbox; they’re doing X, Y, Z in Salesforce. It’s changing on a regular basis.

So after centralizing and being able to discover — that really helps you retroactively — then you need something that surfaces the insights on a more regular basis that says, ‘Hey, when we catch this needle in the haystack, surface that.’

The last step is you want to be able to do something about that because if you’re just surfacing data all day long, what we hear from IT is that they have this kind of fatigue of alerts, they have a fatigue of trying to put out fires all day long. And so there needs to be a system that not only brings all the data, centralizes it, makes it discoverable, surfaces insight and the items that need to get the exposures, the risk, and then ultimately be able to remediate that and take some kind of an action against that and enforce that.

What are the new features BetterCloud is introducing to enable SaaS activity monitoring?

Politis: The new service that we’re launching now, that we just started layering into the product, is our activity-based alerting. Basically, all the things that you and I just talked about the last 20 minutes, that’s all based on what I would call ‘state-based’ settings or configurations are entitlements — is a user set as an end user or an admin? Is this email distribution set to public or is it set to private? — that’s the state that is in.

We are now starting to do ‘activity-based’ monitoring and alerting and triggers for our workflows, and that is at a completely different level. If somebody just downloads 500 files in a matter of 30 minutes, that’s a next level deeper in terms of looking at user behavior and user activities within these platforms. Did somebody just create 100 users that are all super admin? Were there suspicious logins to this platform outside of the IP range?

So, you start getting more into the activity-based stuff, which is either a faster indicator of misconfigurations that are mistakes, or that’s actually a faster indication — and probably more likely, frankly — of malicious behavior. And so we really extended the platform to start looking at user behavior, user activity in these platforms.

The number one request I’ve gotten for the last year from customers is: I want to know when people are downloading files from Dropbox, Box, Slack, Salesforce [and/or] Google. File downloads has been the number one requested activity to monitor since I can’t even remember because as you can imagine, that starts to be a little bit more malicious. And that’s when IT can really be taken out of an organization.

I think the Uber/Waymo example is a great one. That is just someone at Waymo, at Google downloading a bunch of files out of Google Drive and leaving. Now, if you were looking at their activity in Google Drive, you would have noticed that they downloaded all the files from the confidential folder, and you can flag that, you could block, you could follow up with security.

It’s as it’s happening versus the states that things are in. File download is not a state the file has. So by looking at all the states of the file, you don’t know that it was downloaded 100 times by this person in a 30-minute window by seeing that someone successfully logged in, you don’t see that has 100 failed logins from 100 different IP addresses.

What platforms do you support with these SaaS activity alerts?

Politis: We have it fully integrated for Okta, Dropbox and Google. We’re layering it in for Box and Salesforce, so over the next couple months we’ll have the same functionality available across all the applications that we support.

And, this is actually an interesting indication because a lot of the SaaS platforms that we work with, five years ago, three years ago, they didn’t make this kind of activity streams available via their API. Now they’re making it available because how do companies protect themselves against this stuff? The only way is for the platforms themselves to make this information available via API, make this information available programmatically to their customers, to their partners. And so we’re taking advantage of that. Dropbox’s API that we’re using is a new API available for their enterprise customers for exactly this purpose, but their customers don’t know how to utilize that. What we’re doing is we’re doing that for the customer, we’re going out to the different SaaS platforms connecting to these activity streams, and then making sense of them. Otherwise, it’s just a stream of data.

But to that first part of the discussion: People keying in on this is what I’ve been waiting for, for many years. Because people have been [saying], ‘OK, I don’t see this problem in the news. And now it’s starting.’

I think it’s only the beginning. I think you’re going to see what I’m seeing with some of our really large organizations that these misconfigurations are going to come out more and more and more and the impact that they’re having on organizations is bigger than people know yet.

A smaller Windows Server Core Container with better Application Compatibility

In Windows Server Insider Preview Build 17074 released on Tuesday Jan 16, 2018, there are some exciting improvements to Windows Server containers that we’d like to share with you.  We’d love for you to test out the build, especially the Windows Server Core container image, and give us feedback!

Windows Server Core Container Base Image Size Reduced to 1.58GB!

You told us that the size of the Server Core container image affects your deployment times, takes too long to pull down and takes up too much space on your laptops and servers alike.  In our first Semi-Annual Channel release, Windows Server, version 1709, we made some great progress reducing the size by 60% and your excitement was noted.  We’ve continued to actively look for additional space savings while balancing application compatibility. It’s not easy but we are committed.

There are two main directions we looked at:

1)      Architecture optimization to reduce duplicate payloads

 We are always looking for way to optimize our architecture. In Windows Server, version 1709 along with the substantial reduction in Server Core container image, we also made some substantial reductions in the Nano Server container image (dropping it below 100MB).  In doing that work we identified that some of the same architecture could be leveraged with Server Core container. In partnership with other teams in Windows, we were able to implement changes in our build process to take advantage of those improvements.  The great part about this work is that you should not notice any differences in application compatibility or experiences other than a nice reduction in size and some performance improvements.

2)      Removing unused optional components

We looked at all the various roles, features and optional components available in Server Core and broke them down into a few buckets in terms of usage:  frequently in containers, rarely in containers, those that we don’t believe are being used and those that are not supported in containers.  We leveraged several data sources to help categorize this list. First, those of you that have telemetry enabled, thank you! That anonymized data is invaluable to these exercises. Second was publicly available dockerfiles/images and of course feedback from GitHub issues and forums.  Third, the roles or features that are not even supported in containers were easy to make a call and remove. Lastly, we also removed roles and features we do not see evidence of customers using.  We could do more in this space in the future but really need your feedback (telemetry is also very much appreciated) to help guide what can be removed or separated.

So, here are the numbers on Windows Server Core container size if you are curious:

  • 1.58GB, download size, 30% reduction from Windows Server, version 1709
  • 3.61GB, on disk size, 20% reduction from Windows Server, version 1709

MSMQ now installs in a Windows Server Core container

MSMQ has been one of the top asks we heard from you, and ranks very high on Windows Server User Voice here. In this release, we were able to partner with our Kernel team and make the change which was not trivial. We are happy to announce now it installs! And passed our in-house Application Compatibility test. Woohoo!

However, there are many different use cases and ways customers have used MSMQ. So please do try it out and let us know if it indeed works for you.

A Few Other Key App Compatibility Bug Fixes:

  • We fixed the issue reported on GitHub that services running in containers do not receive shutdown notification.

https://github.com/moby/moby/issues/25982

  • We fixed this issue reported on GitHub and User Voice related to BitLocker and FDVDenyWriteAccess policy: Users were not able to run basic Docker commands like Docker Pull.

https://github.com/Microsoft/Virtualization-Documentation/issues/530

https://github.com/Microsoft/Virtualization-Documentation/issues/355

https://windowsserver.uservoice.com/forums/304624-containers/suggestions/18544312-fix-docker-load-pull-build-issue-when-bitlocker-is

  • We fixed a few issues reported on GitHub related to mounting directories between hosts and containers.

https://github.com/moby/moby/issues/30556

https://github.com/git-for-windows/git/issues/1007

We are so excited and proud of what we have done so far to listen to your voice, continuously optimize Server Core container size and performance, and fix top application compatibility issues to make your Windows Container experience better and meet your business needs better. We love hearing how you are using Windows containers, and we know there is still plenty of opportunities ahead of us to make them even faster and better. Fun journey ahead of us!

Thank you.

Weijuan

Companies want explainable AI, vendors respond

Fed up with the bribery, insider trading, embezzlement and money laundering committed by white-collar criminals? What if there was an app that could help nab these crooks by using the same machine learning tools and geospatial data increasingly relied upon by police to predict where the next burglary, drug deal or assault might go down?  

Sam Lavigne, co-creator of the White Collar Crime Risk Zones app, was onstage at the recent Strata Data Conference in New York, claiming to be able to do just that.

“We used instances of financial malfeasance; density of nonprofit organizations, liquor stores, bars and clubs; and density of investment advisers,” a straight-faced Lavigne said to an audience of data experts who immediately got the dark humor.

For although the White Collar Crime Risk Zones app was indeed built — using historical data from the Financial Industry Regulatory Authority — its purpose is not to track white-collar crime, but to draw attention to the danger these kinds of applications, and the data they rely upon, present.   

Machine learning models are trained on data collected by humans, and so the models can produce results that are biased and unfair.

“This is particularly dangerous in the case of predictive policing because that data comes from police departments that, at times, could be accused of being systemically racist,” Lavigne told the audience. “And the risk here, of course, is that it produces a kind of feedback loop for over-policing communities of color.”

AI is only human

Machine models also rely on a definition for success and a penalty for failure, according to data scientist and author Cathy O’Neil, who gave a talk at the event on the shortcomings of mathematical models.

These, too, are written by humans — often data scientists — and the problem here is that, “not everyone agrees on what success looks like outside the confines of a game of chess or a baseball game,” O’Neil said.

Plus, machine learning algorithms operate in a so-called black box — so the inputs and outputs are known, but how or why an algorithm makes the recommendation it does is not clear.

Yet, despite all of this, machine learning recommendations are often presented and seen as objective truth, O’Neil said. And blind faith in their accuracy is already damaging  lives, as ProPublica uncovered in a recidivism algorithm that favored white criminals over black criminals and Gary Rubinstein discovered in a flawed teacher evaluation algorithm used to dismiss educators who scored poorly.

O’Neil has a name for algorithms like these: She calls them weapons of math destruction (see sidebar). “When we build algorithms — and I’m a data scientist, so I build algorithms — I am making a bunch of subjective decisions,” she said. “And when I present the results of those subjective decisions as objective, unbiased truth, I am lying.”

A call for explainable AI

The two presentations, part of the opening keynote series on the first day at Strata, were a warning cry to the data scientists who are helping build a more algorithmic society. The keynotes deviated in tone from the zealousness and passion often heard at artificial intelligence and machine learning events today, but O’Neil and Lavigne weren’t seen as wet blankets.

Despite the AI media frenzy, companies and governments are concerned about the machine learning black box. The EU’s General Data Protection Regulation, which takes effect next year, includes a right to explanation clause, or an explanation of how a model made a decision. Plus, heavily regulated industries are required to show that the models they’re using aren’t biased, according to Doug Henschen, analyst at Constellation Research Inc., based in Cupertino, Calif., and a Strata conference attendee.

Some in the industry are referring to this push to pry open the black box of machine learning as explainable AI — often truncated as XAI. Some are calling it FAT ML, or fairness, accountability and transparency in machine learning. Regardless of the acronym, the opaqueness associated with machine learning is a real issue for companies, which are making their reservations known to vendors, Henschen said. “That’s why you’re seeing a lot of [vendor] announcements around this idea of transparency,” he said.

He pointed to two product launches that were made the same week as the Strata conference: H2O.ai’s machine learning interpretability with its Driverless AI product, an enterprise platform that’s powered by Nvidia DGX Systems; and Microsoft’s next generation of Azure Machine Learning announcement, which includes an Azure Machine Learning Workbench.

Pulling back the covers

The two products provide different functionality, but both are directed at making machine learning models more transparent. One of the new features in the Azure Machine Learning Workbench is a model management service, which claims to give developers a view into the development lifecycle of a machine learning model from creator to source code to training data.

Model management is a significant pain point for companies, according to Matt Winkler, group program manager for machine learning at Microsoft. “And while we’ve got a lot of background in the software space for managing components, we don’t really have a lot of those capabilities in the data science, ML/AI space,” he said.

Microsoft’s model management service doesn’t pull back the covers on how machine learning models make decisions, but Winkler said it helps to lay the groundwork for doing so. “You can actually go in and debug why a decision got made,” he said. The service can be helpful to companies that have an obligation to explain how a decision gets made because it helps to expose “the methods, tools and frameworks being used,” he said.

H2O’s new features include techniques such as “surrogate models” that can help interpret the outcomes of machine learning models. “These are simple models of complex models,” said Patrick Hall, senior director of product at H2O.ai, based in Mountain View, Calif.

Many of the techniques are based on the work done in credit scoring, which uses models to automatically approve customers for credit cards or small loans. Credit lenders are required to provide explanations, often called reason codes, to customers if they’re turned down. H2O’s machine learning interpretability features aim to provide the same kind of insight into machine learning model predictions.

“They are ways to understand for one person, one customer, one patient, one row in the data set why the model made the decision it made,” Hall said.

But H2O’s new features don’t solve the transparency problem completely. Hall, for example, doesn’t recommend the product be used by regulated industries right now. “In machine learning interpretability, we provide approximate explanations for more exact models. And all of the regulation is based on linear models, so it’s based on exact explanations for approximate models,” he said. “I don’t want to say it wouldn’t work in regulated industries, but if I’m being honest, that’s a very high bar to hit.”

Hall, who is in favor of the regulations themselves, said H2O will continue to chip away at the transparency issue in machine learning, looking for and developing new techniques that can provide a level of interpretability capable of standing up to regulatory compliance.

“Personally, I don’t think it’s a good idea to turn black box models onto decisions that are going to affect people’s lives anyway,” he said. “It’s a recipe for letting people hide behind machine learning to make biased decisions.”

You Asked, We Listened: Fans Can Now Opt into the Xbox Insider Program

The Xbox Insider Program is growing, and with that growth comes exciting new opportunities. Alongside our continual efforts to hear all feedback shared by the Xbox Insider community, we’re now simplifying entry into the Xbox One Update Preview rings and partnering with 1st and 3rd party studios to provide Xbox Insiders with early access to Alpha and closed Beta playtests of Xbox Live-enabled games on both Xbox One and Windows 10 PCs. This means Xbox gamers will now be able to easily opt into the Xbox Insider program and gain earlier access to the latest system updates and flighted games!

Xbox One Update Preview Flights

As the Xbox Insider Program has evolved to enable new and better experiences, so have the Xbox One Update Preview rings. We previously increased the number of rings and changed the names of the rings that provide Xbox Insider community members with a preview of updates. These changes help the development team by providing more in-depth, critical testing data, which they use to then update and refine features based on fan feedback, ensuring optimal user experiences when system updates reach general availability.

One of our key goals since creating the Xbox Insider Program has been ensuring interested Xbox users can provide valuable feedback on system updates before they are broadly released. We’ve enjoyed seeing that you, our community, share that same goal. Many of you – especially in Ring 3 and Ring 4 – have expressed interest in the opportunity to share feedback earlier in the preview process. As a result of this feedback, starting today we’re better recognizing your participation and dedication by activating user-selected ring shifts – available for those who have reached certain Xbox Insider XP and tenure milestones – for fans to enroll in previously “closed” rings.

To clarify these changes, we’re renaming preview Ring 3 and Ring 4. Here’s more information on these Insider ring changes:

Xbox Insiders Image

With these updates, many new Xbox Insiders – previously limited to Ring 3 or Ring 4 – will be able to join the Xbox One Update Preview Beta and Delta groups, thereby expanding the types of updates and features they’ll be able to test right away.

One important note for users who select enrollment in the Delta group to be aware of: a portion of Delta Insiders will receive preview builds earlier than others, based on a random lottery process. This means that while all users in the Delta ring will receive new console updates prior to their official release, some Delta Insiders will receive updates before others. This process gives developers a better understanding of how different sets of users experience new features, when introduced.

In addition to changing how Xbox One Preview Update rings function, we’re also providing Xbox Insiders with more flexibility in how they receive updates. As you gain access to deeper Insider rings, you’ll still retain access to lower rings, too. This means if you’re concerned with bandwidth usage or the frequency of updates, you can simply move to a lower ring whenever you’d like. What’s more, those who own multiple consoles can enroll those consoles individually into any of the Insider rings for which they’re eligible using the same gamertag across each.

Here’s some detail on the average number of monthly updates per ring, combined with the rough average monthly bandwidth usage per ring:

Xbox Insiders Image

Game & App Flights

As we said earlier, the Xbox Insider Team is working closely with multiple 1st party and 3rd party game studios to bring you playtests of unreleased games. Recently we partnered with our friends at Rare and already thousands of gamers are sailing the Sea of Thieves across both Xbox One and Windows 10 PCs.  This spring, Paladins was initially available to Xbox Insiders with an XP level of 10 or higher, then Xbox Insiders with XP > level 5, before being released to all Xbox Insiders a few weeks before the game was generally available.

Along with games, Xbox Insiders can also get early access to unreleased Xbox console apps and updates, so keep checking the Xbox Insider Hub to see if new content opportunities are available to you!

Thank You

In closing, we simply want to say thank you to our Xbox Insiders for working closely with Team Xbox to build and improve not only the gaming experience on Xbox One but also multiple games and apps across PC and console. Not yet an Xbox Insider and interested in joining the program? It’s easy to get started!  Simply navigate to the Store on Xbox One,  search for the “Xbox Insider Hub,” download the app and get started testing new console updates, games and apps.

-The Xbox Insider Team