Join us LIVE for the 200th episode of the podcast

To celebrate the upcoming 200th episode of the CIAOPS Need to Know podcast we are hosting a live event where you can join us on the show!

The date will be:

Monday the 21st of January 2019 at 4pm Sydney AU time

all you need to do to reserve your spot is complete this short form with your details:

We’ll then send you the information about joining use via Microsoft Teams on the day.

We look forward to hearing from our listeners and guest as we celebrate this milestone.

Need to Know podcast–Episode 196

I am joined by a familiar guest to many, previous co-host of the Need to Know podcast, Marc Kean, who shares with us what he has been up to lately and his career journey to now being a full time Microsoft employee. Listen along and you’ll get some insight into one of the technical job roles at Microsoft.

Of course Brenton and I also bring you up to date with the latest Microsoft cloud news including recent a Azure AD multi factor outage and how Microsoft is now more valuable than Apple! Listen on for full details.

Take a listen and let us know what you think –

You can listen directly to this episode at:

Subscribe via iTunes at:

The podcast is also available on Stitcher at:

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.





Marc’s blog

Azure AD MFA outage analysis – look for event on 19th November

Microsoft now more valuable than Apple

Microsoft helps create a secure modern workplace

New management for Microsoft Teams

Windows 1809 rollout continues

SharePoint customisation code will bite you

A very common thing I see when working with many businesses implementing collaboration solutions in Office 365, is their rigid desire to implement customisations via code to SharePoint immediately.

Many have a pre-conceived idea of what they believe an ‘intranet’ should be and operate. Thus, they want to force SharePoint to fit that model. The only way to achieve this typically is to use custom code on the site. They want lots of changes made to not only the look and feel but also the functionality prior to implementing it across the business.

I warn them strongly, that the more you customise with code the more it is likely to break and the more issues you will have down the track. A much better option, at least to start with, is to go with what Microsoft provides you out of the box. Only once you have exhausted all in the out of box options, then look at custom code. Then and only then, and when you do be prepared to continually maintain it.

As further evidence for this stance, if you take a look at this video from the recent Microsoft 2018 Ignite from 47:03

and listen to what Tracey Haun, Director, IT Collaboration and Privacy from Dupont says:

When we set up SharePoint we were so proud of ourselves for only customizing less than 5% of the environment and that less than 5% customization has come back to bite us time and time again. Every time we upgrade, every time we migrate we have to deal with these customizations. I just want to say that we were so rigid in the way that we in way we wanted to — and this is specifically around our records management and the way we classify the security classification of our sites, we were so rigid and so set in our ways on how we wanted to do that. So I highly recommend, if you are just getting started, go with the industry standard. Don’t force your business model into SharePoint. Let the it adapt to the Microsoft way.

Thus, if you want to make major changes to the way SharePoint Online works out of the box you firstly need to find a developer who is specifically experienced with SharePoint Online. Even after the job is complete, you are going to need to have someone on tap to maintain that code, because sooner or later it will break. Why? Because Microsoft makes changes and improvements to the underlying SharePoint base that will affect the code.

When that happens, and you won’t know when it will, the more you have used custom code the more catastrophic the failure of your site is going to be. If the site has become a critical part of your business, then it means that system will be down until a developer can be found to rectify the problems. That could be quite a while.

Putting your business in that situation, to me, is increasing your risk which is not something you want to do. Going with what Microsoft give you out of the box may not be “exactly” what you want but it is going to keep on working as SharePoint is updated, unlike custom code.

Of late, Microsoft has added many improvements to SharePoint and collaboration in Office 365, that really make me question why you would want custom code at all? Is it really worth the risk and costs involved?

So my STRONGEST advice when it comes to SharePoint is to use what you are given out of the box to it’s fullest. After that, if you still want changes, make sure you FULLY understand the indications and increased risk this places your business under.

I’m sure people would love desktop applications like Excel to do more but they generally don’t go making wholesale customisations via code. They tend to work with what they are given out of the box. So too, it should be with SharePoint.

Ignite 2018 sessions on YouTube

With Microsoft Ignite 2018 now over for 2018 I wanted to let people know that like last year:

Ignite 2017 sessions on YouTube

I’m maintaining a list of links directly to the sessions on Github.


The list is maintained at:

and I will be updating it throughout the year as I find links to new sessions.

Of course, if you have a link to a session that I don’t have up there yet, please send it along so I can add it and we can all benefit.

All the sessions are not there as yet. I add them when I find them and the update this file, so make sure you check back regularly to get the latest list.

Thanks again to Microsoft for doing this and uploading the sessions to YouTube. They are a great source of learning and allows people like me would couldn’t get to Ignite the ability to work through the content.

Enrolling an iOS device into Intune

Before you can actually enrol an iOS device into Intune you typically need to complete the following preliminary steps:

Add an Apple management certificate to Intune

Set up an iOS Intune device compliance policy

Set up an iOS Intune device configuration policy

With all this done, you can now actually configure the device to be managed by Intune.


We’ll be using a newly wiped and configured iPhone as shown above in this walk through.


Note here, that this phone has both Facetime and the Safari browser on the device and available. After the device has been enrolled in Intune they will both be removed as part of the configuration policies that gets applied.


To do Mobile Device Management (MDM) for the device with Intune the user will need to download the Company Portal app and then run it.


There will be a prompt for a user login. This will be the user’s Office 365 credentials typically.


The device will also need to be connected to the Internet so it can verify these credentials and continue.


The user will now be prompted to put the device under management by selecting the Begin as shown above.


The user will then receive notification about what putting a device under management will mean as seen above.

In this scenario, we are assuming it is a bring your own device (BYOD).


The user will be given further instructions and then be required to press the Continue button.


The process will now try and open the Microsoft Intune portal in a browser. The user will need to select Allow to continue.


They will now be taken to a screen and prompted to install a new management profile by selecting the Install button in the top right.

This profile is the one that will be controlled by Intune and provide security over company data on this device.


The user will need to select Install again to continue.


They will then receive a warning about a third party certificate being installed as shown. This a certificate from Intune so the user should select Install in the top right to continue.


The user will be prompted to confirm that they wish their phone to be enabled for remote management.

They should select Trust to continue.


The management profile will complete installation. To finish this process select Done in the top right corner.


The user will be taken back to the Intune Company Portal app, where they will be prompted to continue. They should also now see that the device is now managed.

Select the Continue option.


The device settings will be checked. This is effectively running the compliance policy from Intune over the device to ensure it can be enrolled and meets the requirements to be considered to have the appropriate settings enabled and configured.


The process should complete without warnings or errors. This then indicates that the device is compliant and now has the configuration policies applied to it from Intune.

Select Done to continue.


The user will now see the Apps menu of the Company Portal app as shown above. They can return and use some of the other functionality in the app at any time but for now, simply close the app.


If you now look closely at the home page of the enrolled device now above, you will see, per the Intune Configuration policies that have been applied, both Facetime and Safari are no longer available on the device.


If an administrator now looks in the Intune portal they will see the device that has just been enrolled.

Select it to get more details.


They should see a summary of the device as well as a number of controls for the device across the top on the right.


If they select the Device compliance option from the menu on the left they will see the compliance policies that have been applied to the device and their state.


If they select Device configuration, they’ll see all the configuration policies that have been applied to this device and their current state.

You can select any of these policies on the right to get more information.


When you do you’ll see all the settings that have been applied as part of that policy. Here, you’ll see the policies for Facetime and Safari have been successfully applied (i.e. to be made unavailable on the device).

So, that’s how you put an iOS device under management using Intune. Doing so give you greater control over what is done on the and also the ability to do things like remotely wipe that device if required. A future article will show you how these management task can be accomplished on the the device.

Posting code snippets to Microsoft Teams


If you want to post a snippet of code to Microsoft Teams go to the Conversations tab and then select the Format text icon as shown above.


From this expanded dialog box select the Code icon as shown.


This should display a new dialog like shown above.


If you select the options in the top right you will see a huge range of code selections displayed as shown.


In the above case, I have select PowerShell and you can see that it formats and colours the code snippet for me automatically making it much easier to read.


You can now post the result and that will be added to the Teams Conversations as shown above. You will see that it even automatically add line numbers, which is very handy.

Thus, if you are going to post code into Microsoft Teams Conversations, make sure you do it via the Format Text option so that it is formatted in a way that makes it more readable.

Update to SharePoint Online PowerShell module

Since the beginning of working with SharePoint Online with PowerShell you have had to download and install a stand alone MSI for access to the SharePoint Online cmdlets as I have detailed here:

Connecting PowerShell to SharePoint Online

Well no more! Yeah! Now you can install the module directly from PowerShell using the command:

Install-Module -Name Microsoft.Online.SharePoint.PowerShell

You should uninstall the old MSI version if you have it first.

Whee you run this command you should see the modules being installed like so:


and then you should be good to go.


This will make working with SharePoint Online via PowerShell so much easier!

The current version is 16.0.8212.0 and can be found here: