Saturday, January 19, 2019

My Business Books–2019

I didn’t get through as many books as I would have liked this year, even though I did a lot of travelling. To be honest, I found a of well recommended books were simply duds for me. I have them on the bookshelf to revisit at later stage when the learning may sink in. But here again are what I believe are the ‘must read’ business books, in order, adjusted for 2019.

You can follow all the books I read and want to read over at Goodreads where I have an account. You can also view my activity via:

https://www.goodreads.com/director_cia

or just follow me on Facebook:

www.facebook.com/ciaops

Here’s my current top business books in order:

1. The Art of War – Sun Tzu

The all time classic on strategy. As relevant today as it ever was. A very short read but very deep.

2. The Millionaire Fastlane – M.J. DeMarco

I love the brutal honesty of this book. It doesn’t mince words about what it takes to shift from a pay check to actually living the life you want.

3. The Tipping Point – Malcolm Gladwell

The world is all about not what you know but who you know. This book explains exactly how this works and how to use it to your advantage.

4. The Four Hour Work Week - Tim Ferriss

Many people believe this book is about shirking responsibility. It is in fact a blueprint for how to free up your time to do things you want and enjoy. It will challenge the way you look at your career.

5. Secrets of the Millionaire Mind: Mastering the Inner Game of Wealth - T. Harv Eker

The successful are defined by a different mindset. This mindset can be learned. It can be trained. This is a great book to show you how to do just that.

6. Talent is over rated: What Really Separates World-Class Performers from Everyone Else – Geoff Colvin

Demonstrates that the best comes from implementing a system. Having a system allows you to focus on the right thing and do that work that is required. If you want to take yourself to an elite level, beyond just good, then read this book.

7. Book Yourself Solid: The Fastest, Easiest, and Most Reliable System for Getting More Clients Than You Can Handle Even If You Hate Marketing and Selling - Michael Port, Tim Sanders

You can’t survive in business without a steady flow of customers. Selling to people is the wrong approach, you instead need to attract them to your business. This book helps you achieve exactly that.

8. Profit First: A Simple System To Transform Any Business From A Cash-Eating Monster To A Money-Making Machine - Mike Michalowicz

Business is about making a profit. This then gives you the freedom to do what you want with that profit. This book helps you focus on profit and setting up systems to make the most of the profit you generate.

9. Barking Up the Wrong Tree – Eric Barker

Conventional wisdom does not always apply and in some case can actually be detrimental. Challenging what is taken for granted should be in the play book of everyone who wants to achieve at the highest level. Important lessons can be learned in the strangest places and form the strangest people. Have an open mind and you might be surprised at what you have believed to be bad in fact turns out to get just what you need.

10. Unbeatable Mind: Forge Resiliency and Mental Toughness to Succeed at an Elite Level - Mark Divine

Another mindset book. Business is not always going to be easy or take the intended route. This is when you need to have the determination to see your plans through to success. This book shows you how to develop the mental toughness to make this happen.

11. The E-Myth – Michael Gerber

The classic on ‘procedurising’ your business and creating a structure that doesn’t need you to survive. The simple secrets inside this book can transform any business from hardship to joy.

12. Tools of Titans – Tim Ferriss

There are few books that take the learnings for so many exceptional people and puts them at your fingertips. This is one such book that packs a lot of business and life learnings between the covers.

13. Predictably irrational: The Hidden Forces that Shape our Decisions – Dan Ariley

Although we like to think logic and rationality rule our world emotion is by far the more powerful influence. Understand this in the context of business and you are well on your way to understanding why people make the decisions they do and how to best profit from them.

14. Extreme Ownership – Jocko Willink and Lief Babin

Moving beyond blame is tough. This book illustrates the ownership of the problem and the environment is a key to success in the military or in business. It is a path few will elect to take voluntarily, however more may do so after reading this.

15. Peak Performance: Elevate your game, avoid burnout and thrive with the science of success – Brad Stulberg

Success is largely about developing a winning system. This book show you how to approach that pragmatically. If you want to see results use this book to help you build the system.

16. Blink: The Power of Thinking Without Thinking – Malcolm Gladwell

The older you get the more experience you get. This experience is aggregated in your ‘gut feel’. Trusting your ‘gut’ may not appear rational but this book will help you understand why it is in fact your best option in many cases.

17. The Now Habit: A Strategic Program for Overcoming Procrastination and Enjoying Guilt-Free Play – Neil A. Fiore

Plenty of great productivity learnings in here that help you take action. It shows you how to focus on the right stuff in the right priority. Even if you are not a major procrastinator there is plenty in this book that you can take away.

I do need to dedicate more time to reading in 2019 but have struggled somewhat in 2018 due to the number of dud reads that appeared worthwhile. That’s the challenge of finding those real gems and hopefully my list give you some inspiration to try a few from my list.

Let me know what you think. Do these work for you? What’s your top business reads? I’d love to hear.

Live Write issues posting images to Blogger

Open Live Write is currently unable to post images to Blogger. An error 400 appears when posting. I’m not the only one having the issue as evidenced here:

https://github.com/OpenLiveWriter/OpenLiveWriter/issues/786

and on Google

https://productforums.google.com/forum/#!topic/blogger/nJbedfynH7o

Appears to be an issue with the Google side of things.

Hopefully, we can get someone to look at this so I won’t to keep using sign language here!

Thursday, January 17, 2019

CIAOPS Techwerks whiteboard training–Sydney 31 January


I’ll be hosting an all day focused, hands on, technical whiteboard training session on Microsoft Cloud technologies (Office 365, Microsoft 365, Azure, etc) in Sydney on Thursday January the 31st 2019. The course is limited to 15 people and there are still a few places available if you wish to attend.

The content of these events is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into Intune, security and PowerShell configuration and scripts, however that isn’t finalised until the day.

The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Sydney on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (director@ciaops.com) and I can let you know all the details as well as answer any questions you may have about the event.

I hope to see you there.

Tuesday, January 15, 2019

Using multiple authenticator apps with a single Microsoft 365 user account

One of the best ways to ensure an account is secure is to enable Multi Factor Authentication (MFA) for it. This means, the user logs in as normal with their username and password but before the login process is complete they must enter another form of verification. That form is typically via an SMS, Phone call or an authenticator application on their mobile device.

The best practice with Microsoft 365 is to use the Microsoft Authenticator app, which is available on both iOS and Android. Here’s an overview video:

The way that you set up MFA for a Microsoft 365 account is to login to the Microsoft 365 portal as an administrator and navigate to the Admin center.

image

Then do a search for MFA as shown above. One of the returned results should be Azure multi-factor authentication settings as shown, which you should select.

You should be aware that here you are configuring Multi-Factor Authentication for Office 365 which is a subset of all the features available in Azure Multi-Factor Authentication. You can see the feature comparison here:

MFA version feature comparison

All versions of Office 365 and Microsoft 365 come with Multi-Factor Authentication for Office 365 the more advanced Microsoft 365 plans, such as E3 and E5 come with Azure Multi-Factor Authentication. The discussion here is focused on Multi-Factor Authentication for Office 365 and this applies to all plans. 

image

After selection of that option, a notification should now appear from the right of the windows. Select the Manage multi-factor authentication link that appears as shown above.

image

This should take you to a list of your users as shown above. This will show the MFA status of each user. The above shows you that Alex Wilber currently has an Enforced setting, while everyone else has Disabled.

image

Select the user you want to enable on the right and then select the Enable link on the right as shown.

image

You should now see the above message. Select enable the multi-factor auth button to continue.

image

After a moment or two, you should receive confirmation that MFA is now enabled for the account as shown above. Select the close button to continue.

SNAGHTML1980450f

As shown above, you will now see that the status of that user is now Enforced. This means that they have yet to complete their MFA enrolment. Once they have, their status will change to Enabled.

image

After the user enters their login and password into the Office 365 tenant the next time they login, they will see the above message telling them they basically need to enrol in MFA.

image

They should now see a screen like that shown above. In this case we are going to use a Mobile app as a means of authentication so we select that option from the top box. In the, How do you want to use the mobile app? box select Use verification code. This will request the user to end a unique code from the authenticator app to verify their identity during login. There is also the option to receive push notifications BUT if you are going to be using multiple authenticators then best practice is not to do this, and I’ll detail why further down when I talk about the scenarios where this multiple authenticator environment can be used. For now, select Use verification code and then the set up button underneath.

image

You’ll now see a QR code like shown above that you can use with your Microsoft Authenticator app. However, using this does come with limitations.

Firstly, this method doesn’t support third party authenticator like Google Authenticator or Lastpass Authenticator.

file

If you try to use those you’ll get an error like you see above and be unable to configure the third party authenticator.

file2 (002)

Secondly, if you try and use the same QR code on another device running a second Microsoft Authenticator app then you’ll see the above error, basically telling you that the QR code has been used before (which it has).

image

The trick to overcoming both of these limitations is to select the link Configure app without notifications to the right of the QR code as shown above.

image

When you do so, you’ll get a new QR, that looks very similar but has different wording a link.

You can now use this QR to set up multiple Microsoft Authenticator apps on different devices as well as third party authenticators. You may also want to take a screen shot of this QR code for future reference if you wish to set up or reconfigure authenticator devices in the future.

Some considerations here. All devices you now use with this QR code will configure the same identical sequence of rolling numbers for authentication. Thus, when you configure multiple devices this way you’ll see that the pin numbers will be identical on all devices and will change more or less at the same time. What you have effectively achieved here is a duplication of the MFA token for that user. Is that a good thing? Best practice is to only have ONE and only ONE authenticator per account but there are scenarios I will illustrate later where having a duplicate is acceptable. However, please remember, the more tokens you have for an account, the less secure it is.

image

Once you have used the QR with all the devices you wish to use, select Next and then Next. You’ll then be prompted to enter a verification code from any of the devices (as they all show the same code now anyway) to verify the account set up. Enter the code and continue.

image

You’ll then need to enter a phone number as a fall back option. Select the Next button when this is complete.

image

You’ll then see a single app password you can use if needed, but best practice is that you shouldn’t be using these so select the Done button.

image

Now when the user logs in to Microsoft 365, they’ll enter their login and password as before but then also be prompted for a code from an authenticator. If you have duplicated the authenticator as shown above, the code on the devices will be the same and thus all you need to access that account is any of the devices just configured.

image

So where might a duplicated authenticator make sense? Perhaps as an administrator of a tenant I move between different locations and devices. Or perhaps I want to have the same code for everyone using authenticators for access. Perhaps different people need to read me the code from an authenticator on their device. There are scenarios where duplicated authenticators may make sense, so it is an option if needed.

Duplicating authenticators is probably ok if there is only one user accessing the account, but what happens when multiple need to access the one account using MFA? They should use a unique authenticator as best practice I would suggest.

To set up multiple unique authenticators (rather than just duplicates), complete the above process but just for a SINGLE authenticator app. Again, it is recommended not to enable push notifications and just use a pin code entry. Once the single MFA has been configured for the account, login to that account using MFA. Select the user icon in the top right of the screen. That should display a menu like shown above. From this menu, select My account.

image

In the window that appears, locate the Security & privacy section and select the Manage security & privacy button.

image

Now select Additional security verification at the bottom as shown above.

image

This will display two additional options as shown. Select Update your phone numbers used for account security.

image

This should display the above options, where you can configure the MFA settings for the account. At the bottom of this screen you will see that there is already one Authenticator app, which is the initial one configured for the account. To add a second independent authenticator tied to this account select the Set up Authenticator app button as shown.

image

This should display the now familiar MFA configuration window as shown above. The default option will be for push notifications. This means that any time the account logs in a push notification will be send to ALL the authenticator apps configured to this account whether they have been set up as duplicates or separate authenticators. As mentioned previously, this option also only allows a single Microsoft Authenticator configuration and no third party options.

image

Thus, best practice is again to select the Configure apps without notifications link on the right to make more authenticator options available.

image

This will again give you a slightly different screen with a QR code to configure the authenticator device. Remember, here you are not duplicating the existing authenticator that was created initially, you are creating a separate independent authenticator app that is tied to the same user account.

image

When you have completed the configuration process for this authenticator you’ll again need to verify it as shown above.

image

When you return to the Additional security verification screen you will now see two authenticator apps at the bottom of the screen as shown above.

image

This might appear confusing, but in my example I configured two different authenticator apps independently on the same device (one Microsoft, one Google). If you configure authenticator apps on two different physical devices it should look more like the above where you can tell the difference between the devices. In my experience, if there is ever confusion or duplicates, the more recent configurations appear at the top of the list if you ever wish to delete one.

image

You may want to ensure that you DON’T select the option to Notify me through app, because doing so will send a push notification to all configured and supported apps for verification. If you have different people, all with their own authenticator app configured, on separate devices, you don’t want them all getting a notification when ANY one of them attempts to login to the account. Not only is it annoying, but any of the other devices can approve the login request, even though they didn’t initiate it. You can use the notification option for authentication if you wish BUT, use it with care and an understand of the risks it brings.

Screenshot_20190115-084113_Authenticator file1 (002)

The above shows you that I have configured authentication on two separate devices (Android on left, iPhone on right). Note how the time is the same on each device, along with the account it protects. You’ll also notice that one device is using the Google Authenticator while the other is using the Microsoft Authenticator, just to show you that you can mix and match authenticators as you please. These are two independent authenticators tied to the one account as I have just shown you how to configure. Thus, if I now try and login to the configurated account, I use the one user name, plus the one password and either of the two numbers on the authenticators I have configured on these devices.

Now, where does this multiple authenticators to a single Microsoft 365 account make sense? The most common scenario is for IT resellers who need to support multiple customer tenants with multiple technicians securely using MFA. A typical scenario would be to configure a single management account in each customer’s tenant that is a global administrator for the tenant. That account would have an initial MFA authenticator enabled during set up. Then, for each technician who needs access, each of their personal devices would also be enabled for MFA on that same single customer admin account using the process I detailed above. Thus, the admin login details would be shared amongst the technicians along with the password BUT each would use their own authenticator app to gain access to the customers management account. Thus, each technician use the same username and password to access the account but a unique MFA pin code that is generated on their own personal device and is unique to them.

In the event that a technician leaves, the IT reseller could merely remove that technician’s authenticator app from the customer’s admin account and probably change the password and re-share that updated password amongst the remaining technicians. In an environment with lots of tenants and technicians, manually doing this would be time consuming. I’d be confident that this process could be scripted using PowerShell but can’t say for sure until I look at that in more detail. Stay tuned. But at least you can have multiple technicians accessing multiple shared accounts with their own unique MFA authenticator app.

So there you have it. Yes, it is possible to have multiple authentication apps providing MFA to a single Microsoft 365 account. Yes, it is possible to achieve this with both Microsoft and third party authenticator apps. Yes, it is possible to have duplicate and independent authenticator configurations for one account. And finally, YES, it makes an account LESS SECURE by having multiple authenticator apps configured against a single account, so use with CARE and THINK before you implement.

Sunday, January 13, 2019

My Apps - 2019

I will happily admit that I am not a big app user. I have a number of keys apps that I use all the time and many that I test. However, the ones I test normally don;t last long and get deleted. I like to keep my devices as clean as possible rather than being filled with lots and lots of random apps.

To see what I was using at the beginning of last year check out the article:

My Apps – 2018

My most used apps on mobile devices over the last year were:

Podcast Addict – for all my podcasts. Easy to use, listen and update as well as working in the car thanks to Android auto.

Google Authenticator – used to provide two factor authentication for access to Google accounts as well as for Lastpass password manager.

Microsoft Authenticator – I use this for a number of select web sites as well as Office 365.

Android auto – connects to my daily drive to provide the ability to listen to podcasts (via Podcast Addict) as well as use Waze for navigation.

OneNote – is a must on every device I own. Syncs all my notes to every device. Allows me to not only truly have my information everywhere I am but also capture information quickly and easily.

Office Lens – available on all platforms. Allows capturing of information such as documents, whiteboards, etc to OneNote. I have written about the importance of this app previously:

A mobile device must have

Tripview – One of the few apps that I have happily paid for. I use this to let me know the Sydney train schedule to help me get around when I need to negotiate the ‘real world’.

Audible – If I can’t read my Kindle then I can normally always listen. This app allows me to listen to my audio books where ever I am.

Amazon Kindle – If I don’t have access to my Kindle then I can still read my books. In my case that will most likely be on my iPad. I also use the Kindle app on the iPad when the ebook has a lot of images that sometime don’t display well or are too small for the Kindle device.

The following as currently only iOS:

Oak – For mindfulness, breathing and meditation

Rode Reporter – which I use for recording many of my presentations when I am out on the road.

Of course I have all the social media apps, such as Twitter, Linkedin and Facebook on my devices.

I also have all the Microsoft/Office 365 apps. The ones I use the most are probably To-Do, Outlook, SharePoint, OneDrive, Teams and Yammer, although Word and Excel also get used regularly. Just about every Microsoft Office 365 service has an app that you should have on your mobile device.

I’ve also added the Intune app to all my devices so they can be better managed.

I use the Microsoft Next Lock Screen on my Android device.

Some occasional ones I use include:

- Meetup

- Pocket

- Duolingo

The above are my used apps across my various mobile devices. I certainly use a wide variety of apps on my devices by prefer the desktop versions if available simply because my finger are too fat and my patience too short to be productive for long stints on mobile devices. My kingdom, my kingdom for a full keyboard and screen I cry.

Thursday, January 10, 2019

Become Microsoft 365 Certified with CIAOPS

image

I’m pleased to announce that I’m taking all of my experience as a Microsoft Certified Trainer and learnings with Microsoft 365 and creating a 7 week intensive study program dedicated to helping people pass the recently announced Microsoft MS-100 certification exam.

In broad strokes this exam covers:

- Design and Implement Microsoft 365 Services

- Manage User Identity and Roles

- Manage Access and Authentication

- Plan Office 365 Workloads and Applications

The CIAOPS program will provide 2 hours per week of presented content (lecture + lab) as well as additional content each will be expected to completed and submitted prior to the next week. In my experience, having 'required homework’ is the best way to ensure that you are learning the content. All the material will be available in a downloadable portable for access on demand (including presented content). Having the material on demand means that you can attend this course even if you can’t make the live sessions.

This program is limited to a maximum of 15 students and is filling fast, so if you want to take advantage of this round then please contact me via email (director@ciaops.com) to express your interest. The cost for anyone not in my CIAOPS Patron program is AU$399 inc GST for all the material.

You may want to read my thoughts on why I believe certification is becoming increasingly important with the cloud:

The benefits of certification

Stay tuned for more certification training programs like this that will be available from the CIAOPS.


Tuesday, January 8, 2019

Need to Know podcast–Episode 199

I speak with Program Manager Windows Defender ATP, Iaan Wiltshire, from Microsoft all about this security offering and how it fits into the market. We discuss what Defender ATP is and what it includes, so if you are keen to hear how Microsoft is integrating threat management from the desktop through to the cloud, listen along.

Brenton and I, of course, give you all the latest Microsoft Cloud news in this first episode for 2019. There is still lots happening so listen in to stay up to date.

Also, don't forget our invite to join us during the live recording of episode 200 on the 21st of January 2019. Just sign up at http://bit.ly/n2k200

Take a listen and let us know what you think -feedback@needtoknow.cloud

You can listen directly to this episode at:

https://ciaops.podbean.com/e/episode-199-iaan-wiltshire/

Subscribe via iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send us any feedback or suggestions you may have for the show.

Resources

Iaan.Wiltshire@microsoft.com

@contactbrenton

@directorcia

MSP risks for clients

Questions to ask your MSP

Report into MSP hacking

Discounted cyber security for your client

December updates video

Ignite 2019 - Sydney agenda

Contextualizing Attacker Activity within Session in Exchange Online

MyAnalytics, the fitness tracker for work is now more broadly available

Watch Microsoft Stream on the go

SharePoint Roadmap Pitstop: December 2018

Introducing new advanced security and compliance offerings for Microsoft 365

Evaluating Windows Defender ATP

Windows defender Test Ground

Microsoft Security Blog

Defender ATP Overview

Monday, January 7, 2019

Using PowerShell to download all my Office 365 scripts together

I really like GitHub but the problem is that it is really a developer not IT Pro style environment. That means there is no easy way (that I know of at least) to simply to copy every file in a repository to a directory on your local computer. Yes, you can do that with Visual Code like I do, but what if you just want a complete copy so you can run the scripts that I have created quickly and easily?

Have no fear, PowerShell to the rescue once again.

I have just created the following script:

https://github.com/directorcia/Office365/blob/master/o365-getrepo.ps1

which, when run, will basically grab every file in my Office 365 repository and download it to the directory you nominate in the variable at the top of the script.

image

So the process is to copy the above script into the PowerShell ISE. Modify the variable $DestinationPath to suit your environment and then simply run the script.

The great thing is that you can re-rerun the script at any time to grab the latest updates I have made in that repository.


Friday, January 4, 2019

My software and services 2019

startup-photos

Here’s last year’s post for comparison:

My software and services – 2018

All my PC’s are running the latest version of Windows 10 (1809) without any issues and none during the upgrade process either. I do have Windows 10 and Office Insider builds happening on an original Surface PC as a testbed. All Windows 10 Pro machines are directly joined to Azure AD and managed via Intune. All machines run no third party AV as Windows Defender is a far better option in my experience.

The WD Sentinel DX4000 Runs Windows Storage Server 2008 and I would really like to upgrade this to a newer version of Windows Server, but given an in place upgrade is risky, it will probably be replaced at some stage. However, for the time being it is till doing its job but I’m starting to get more and more issues connecting to it using the Windows 10 Pro machines that are purely Azure AD joined so I maybe forced to make a change soon. I am kind of hanging out till I get better broadband when the NBN rolls into my location (due any day they tell me). When that does happen I’m going to see whether I can shift my whole on Windows Storage Server infrastructure completely to Azure and access it all remotely. I’m kind of hesitant to shell out for new hardware that I don’t really need. Moving all or part of my environment to Azure is going to give much more experience in accomplishing this which is a good things as more and more businesses are looking to do exactly the same. If I can lift and shift to Azure and with all my workstations now directly Azure AD joined it should be a seamless experience, however I won’t know until I try it. Stay tuned here for progress.

My two main tenants are an Office 365 E5 demo and Microsoft 365 Business production environments. The Windows 10 Pro machines are Azure AD joined to the Microsoft 365 Business production domain.

I use all the major browsers:

- Edge – mainly for logging into my production tenant

- Firefox – used with demo tenants

- Chrome – mainly used for non Office/Microsoft 365 browsing. I log into the Chrome with my Google identity to sync extension, bookmarks, etc as well as login to Google properties like YouTube

- Internet Explorer – mainly for logging into my Office 365 E5 tenant and the Azure environment that is also connected to that

I also generally use in private sessions in all the browsers to move between different online identities as needed.

Services like SharePoint Online and OneDrive I use regularly both in the demo and production tenant. I have the OneDrive sync client installed, running and connected to various locations on my production tenant. I am looking forward to the up coming OneDrive sync client feature that well allow me to sync across different tenants with the one sync client. That will allow me to easily sync both my production and demo environments.

I used to have Skype for Business automatically load at start up but that has been replaced by Microsoft Teams which is now my main messaging application. All the CIAOPS Patron resources like the intranet, team, etc all reside in the Office 365 E5 demo tenant but I connect to it on my desktop normally via an Azure B2B guest account from my production tenant. Thus, I can admin the Patron resources in a browser if need be but I get the same experience on my desktop as any Patron would. Handy to know what works and doesn’t work with Microsoft Teams guest access.

I use Lastpass to keep my passwords and private information secure. It allows me to do things like generate and store unique passwords for each website that I sign up for. It is also available across all browsers on my machine (including Microsoft Edge). I also now also use Lastpass to store secure notes.

The extensions I run in all my browsers are:

- LastPass

The extensions I use in Chrome are:

- Windows 10 accounts (allows Single Sign In to Azure Ad identity)

- Windows Defender Browser protection

- Pushbullet which connects alerts from my Android phone to my desktop browser and allow me to share information easily between them.

- GetPocket which allows me to save and categorise websites URLs, which I then typically read at a later time. Has its own dedicated mobile that I can use on any device.

- The Great Suspender which puts unused tabs in Chrome to ‘sleep’ to save memory.

- Nosili which provides productivity enhancement thanks to background sounds. My favourite is rain.

- Timeline Support which integrates the browser history into Windows Timeline. Really, really handy across multiple machines.

I use the automation sites If This Then That and Zapier to automate many different tasks. A good example of one of these is automatically publishing to various social media sites. I am now using Microsoft Flow more and more for automation and I am still looking to dive deeper using things like Azure Functions in 2018. I also use Socialoomph to post precisely scheduled social media posts, however I am aiming to replace this totally with Microsoft Flow this year.

For my Office 365 and Azure email newsletters I use Mailchimp.

My preferred public social networks for business, in order are:

1. Twitter

2. Linkedin

3. Facebook

Google Plus, which I use for posting my blog announcements to is going away shortly, so that’ll be one less thing to worry about.

The Apowersoft software allows me to display both iOS and Android devices on my Windows desktop which is really handy for demonstrations and presentations.

I also use Yammer extensively but for more specialised roles and thus don’t consider it really a ‘public’ social network, more a private one.

I consume a lot of content from YouTube both for business and personal interest. I also also use YouTube extensively for my publicly available training video training.

Microsoft Office desktop software is still part of my everyday workday via applications such as Outlook, Word, Excel, PowerPoint, etc. I use the desktop version of Outlook on my Surface Pro 4 which lives on my desk but I only use Outlook Web App on my travelling Surface Pro 3 device. I could happily not use Outlook on the desktop any more I believe but I still use so I understand the experience for most users. However, I do see the day when Outlook on the desktop begins to lose its appeal.

One of the things I have just added to my desktop version of Outlook is a digital certificate that signs every email that I now send. This helps the receiver confirm that the message they have received is in fact from me and that it hasn’t been altered in any way. I need to spend some more time playing around with email certificates to understand what role they can play in enhancing email security. Add yet another item to the ‘to-do’ list.

The key application from the suite for me is OneNote. OneNote is my go to Swiss Army knife for just about everything digital. I use it to capture all sort of data. I even use it as a diary as I have detailed previous here:

One of the ways I use OneNote

The reason OneNote is key is because:

1. Just about everything I put in there us searchable

2. It is freely available across all platforms.

3. All my information is synced and accessible on all devices.

4. It is available on the web or offline if needed.

There are now two version of OneNote, the Windows store OneNote and OneNote 2016. Microsoft have confirmed that there will be no future upgrades to OneNote 2016 and in fact they are starting to remove it from Office 365 implementations. I fully understand support that move BUT the Windows store version of OneNote does not yet have nearly feature parity with OneNote 2016. I’d love to make the switch to only using one version but can’t until many of the features I use in OneNote 2016 appear in the Windows store version. C’mon Microsoft, let’s get them to feature parity please.

Another key service I use everyday along with Office 365 and OneNote is Azure. Typically, I use it for running up virtual machines that I test various things with but I also use it to backup my local data as well as that of other members of my family using Azure Backup.

Azure desktop backup

There is just so much that can be done with Azure and I pretty much use it everyday.

For a subset of my local data that I wish to remain secure I use Truecrypt to create encrypted volumes. All my Windows 10 machines run with full disk encryption thanks to Bitlocker, but stuff like financial and customer data I keep inside Truecrypt volumes for that extra layer of security. I understand that Truecrypt is no longer maintained and may have some very minor security flaws, but for how and why I use it, it is more than adequate.

To capture my desktop for my online training academy or my YouTube channel I use Camtasia. I use SnagIt to capture screen shots and add highlights and emphasis to these. Snagit allows me to capture complete screens or specific areas quickly and easily.

To compose and publish blog articles I use Open Live Writer.

The majority of images I get, like the one at the top of this article, I get from Pexels. Pickit is also another great option and I use the desktop app regularly.

For improved meeting management productivity I use Microsoft FindTime.

A major addition in 2018 was Visual Studio Code in which I do most of my PowerShell editing and publishing. The end result typically is my GitHub repository where you will find a range of scripts and other resources that I maintain regular. With Visual Studio Code I can edit publish and sync all my machines and my GitHub repository no matter where I am. Very handy.

Here are also a few of the other items I use regularly that are not for business:

Amazon Prime Video – only place to the latest The Grand Tour action. I also liked the Jack Ryan series and well as the Gymkana Files.

XBox Live Gold – access to all the online Xbox goodness.

Duolingo – language learning, Japanese and Italian at the moment

Tinycards – language and facts learning via flashcards. Also handy for certification exams.

So there you have it, the major software and services that I use regularly. I continue to search out additional software that will improve my productivity and I speak more about what I have changed in an upcoming article, so stay tuned. If you use something that you’ve found really handy, please let me know and I always keen to explore what works for others.


Thursday, January 3, 2019

Core Microsoft Cloud IT Professional Skills

pexels-photo-1216544

Last year I wrote an article about:

Core Professional Skills

which are still valid and I encourage you to go and read that article as well as this one.

For this article I want to focus on the more specific core skills for IT Professionals working with Microsoft Cloud Technologies such as Microsoft 365, Office 365 and Azure.

PowerShell

Being able to use PowerShell comfortably in today’s Microsoft Cloud landscape is mandatory I believe. There is so much that you can only do using PowerShell as well as it being the way to be more efficient when managing multiple environments. I am not saying however, that you need to become a developer or start using something like Visual Studio. As I often say, to be proficient in PowerShell you really only need two commands – Ctrl + C and Ctrl + V.

PowerShell allows you to easily take what others have created and run it or improve on it. I fully appreciate however, that getting up and running with PowerShell can be challenging, especially with so many services. With that in mind I wrote this article:

Microsoft Online PowerShell Setup/Update scripts

that will help you get up and running quickly. In fact you’ll find a whole swag of my scripts freely available at:

https://github.com/directorcia

Ensure you check back there regularly as I constant update and add more scripts.

The best way to become familiar with PowerShell is to use it! If you are doing things using the web interface, try replicating that task with a PowerShell script. Yes, it might take a little longer initially, but once you have the script you can re-use it over and over again. That’s one of the benefits of scripting.

PowerShell skills are not merely limited to the cloud, just about every Microsoft product support PowerShell in some form. That is a big differentiator when considering suppliers. For example, if you become a CIAOPS Patron, you get access to a best practices script that I have created and configures over 20 different items and services in a tenant to make it more secure and easier to use. You couldn’t do that easily with different vendors.

An investment in PowerShell as an IT Pro is simply a ‘must’ for anyone who wants to remain relevant in the Microsoft world going forward.

Identity

Understanding identity is something few IT Pros really have a good grip on in my experience, especially when it comes to the cloud. In short, there has to be a single master source of user identity somewhere in the environment. On prem, that was typically the domain controller. In the pure cloud that is Azure AD. However, things start to get complicated when you are talking about Azure AD Connect syncing and stuff like ADFS. This can place identity in multiple locations BUT the master is still in one place (on prem for both again). Now add to the mix things like Azure B2B and B2C, where is the master identity now? Further, add Azure AD Premium and enable attribute write back. Again, where is the master identity? Now add device management with the likes of Intune and you see pretty quickly how all of this stuff depends on identity. Get that wrong and stuff just doesn’t work.

You soon see that identity can involve a lot of moving parts very quickly. However, there are still basic principles that it conforms to, but in my experience few IT Pros seem to know these. Without these basic skills you are going to really end up chasing you tail when troubleshooting or potentially creating security holes during configuration.

Start with understanding the basic three Microsoft Cloud identity models – Cloud only, Synchronised, and Federated. Understand what the fundamental differences are between on premises AD and Azure AD (and there are plenty). Once you have a good grip on that start adding options like B2B, B2C, Azure AD Premium and so on.

Understanding how identity works in a hybrid and mobile world is critical for many aspects today and no more so than security. Spend the time and learn the basics and you’ll greatly reduce the chance of over sights or misunderstandings.

Use the stuff you sell

Another things that constantly amazes me is the number of IT Pros who DON’T use the services like Office 365 they actually sell to customers. Many still use on premises mail servers! Yes, there is an investment to be made coming up to speed with a range of new technologies but the best way to do this is to use them every day and learn in small increments. Simply ignoring them is merely kicking the can further down the road and making the mountain to eventually climb that much higher.

Sure, everything in Office 365 may not be relevant, but IT Pros should know something about everything on there. They should have some very basic idea of what the service does and how it could potentially help their customers. They don’t need to be an expert in it. If need be they can delegate that off to a partner who specialises in that particular service. Office 365 is now so large that most can’t, and shouldn’t do everything. However, they should always have the option to refer a colleague who can help if asked by a customer for anything they don’t know about because sooner or later the customer is going to ask what that service they have no idea about does. Not even knowing the basic of what it does looks really bad.

Some of the services in Office 365 you’ll probably need to play with and work out how they can benefit a business. This make it easier to sell and support customers. A recent good example I saw was a large Microsoft reseller business sending out surveys using the free version of Surveymonkey! Sure Surveymonkey can do the job but what about using Microsoft Forms and then integrating that with Microsoft Flow for automation, because the survey task doesn’t end with just collecting responses now does it? I’ve built a number of automated services in my business using Microsoft Flow, many of these I can sell to customers to also help streamline their business. What about things like Power BI and what it can do, etc, etc.

Every service in the Microsoft Cloud provides the potential to offer services around and therefore generate revenue. You don’t make money doing what everyone else does (i.e. migrating emails), that is a commodity market. You make money doing what few others can or want to do. The more work it takes to get into that area, the less competition there is and will be and higher the margins. That’s just simple business investment mathematics for you.

The opportunities inside the Microsoft Cloud of Office 365, Microsoft 365, Azure, etc are endless yet I see the majority of resellers doing almost next to nothing with these services themselves. Selling and supporting the stuff is so much easier when you actually use the stuff! Most partners also get the stuff from Microsoft for free. Go use it! NOW!

Become certified

For those that need some sort of syllabus to follow to learn the Microsoft Cloud I would suggest you consider completing the new certifications that are available for both Azure and Microsoft 365. I have written about

The benefits of certification

in the above article. It is not about getting a ‘bit of paper’ it is about using them as a focused way to learn the products, with the added benefit of being able to prove that you know your stuff.

I see that such certifications are going to become a real point of differentiation going forward. Office 365, Microsoft 365, Azure and the like are now common services that anyone and everyone can purchase and access. Thus, many believe they know what they are doing with these services but few really do. The only real way to get an independent verification of this knowledge is going to be via certifications.

I have been called into help so many customers with absolutely criminal Microsoft Cloud configurations done by some so-called ‘cloud guru’ who clearly had no idea at all of the products or what they were doing in any way shape or form. Many customers are becoming far more cautious about whom they trust their cloud services to, as they should be. They should really be asking questions about the experience and knowledge of those working with these systems. Ask yourself, how can you truly and honestly demonstrate your knowledge and experience with the Microsoft Cloud? If you can’t, then certifications maybe an option worth considering.

Above all else, I believe certifications provide a structured learning path and testing of your knowledge. You shouldn’t be afraid of failing a certification exam, you won’t die. Believe me you won’t. I haven’t and I’ve failed plenty of exams! See it as a way to confirmed your knowledge in a controlled environment. Personally, I’d rather find out that my knowledge wasn’t as strong as I thought in an exam rather than in the heat of battle. See certifications as a primary way to verify and expand your knowledge while reinforcing your commitment to professionalism in your chosen field.

Security starts at home

There is little doubt that IT security is now a big thing in the age of the cloud. Everyone is so dependent on IT systems today. No matter what the size of the business, IT security matters! Bad actors are smart operators. They know where Aladdin’s cave is typically located, inside an IT business. Why? Because inside an IT business is normally the keys to many, many other systems. If they can get in here, then the rewards can be enormous. That means IT Pros and IT businesses are big and enticing targets to crack.

If you are IT Pro, ask yourself whether you take security seriously. Are all your devices, phones, computers, files, etc encrypted at rest? Are you using MFA everywhere you can? Do you have good and unique passwords. Do you have alerting set up on your own environment? Have you reduced the surface area for attack as much as you can? Where is your documentation? What is your disaster recovery plan in case of internet outage, power outage, building inaccessibility, etc.

Unfortunately, my experience is that many IT Pros don’t have good best practices when it comes to security. They don’t follow industry best practices. They don’t have a good understanding of attacks and vulnerabilities and tend to give security best practices a low priority over getting the job done. For example, creating full admin accounts just to get something working or overriding security just to get a PowerShell script running. Yes, more security is painful, but that’s the idea. You want to make it as hard as you can for the bad actors.

Take a good hard look at all your systems and ask yourself if they are as secure as they could be. You’ll have to ask this question over and over again because the landscape is constantly changing. The price of security is eternal vigilance. Have you got things like Protection alerts enabled? What about Activity alerts? Activity auditing? Most importantly, do you have a checklist which you use to enable security? If you don’t, why don’t you? Do things randomly, get random results or in this case vulnerabilities.

Yes, security is hard. Yes, there are lots of options. But this is exactly what the bad actors exploit. They exploit the simple fact that people don’t want to put in the effort to be secure. That lack of effort sooner or later results in real financial loss.

The best way to sell security is to implement throughout your business. Ask yourself regularly, is this as secure as I can make it? Once you are serious about security other will see that and understand why they should also be. If they don’t, even after you have shown them, why should you continue to deal with them? Perhaps those businesses are not ones you should be associating with, because we are all only as secure as the weakest link in the chain and the closer you are to the vulnerable system the more financial damage your business is likely to feel when something inevitably happens.

Take responsibility for IT security seriously. Start with your own systems and be the example why others should be as well.

Write stuff down

Whether you use pen and paper, OneNote, a blog, or whatever, there is NO WAY you can keep all this stuff in your head! My number one destination for information is OneNote for many, many reasons. It doesn’t matter what you use. Just use something!

The benefit of maintaining a blog is that firstly it is available everywhere there is the Internet. Next, it may in fact help someone else. If you are reading this then you have benefited from what I post publicly. That’s the power of blogging. Adding to the aggregated knowledge of Microsoft Cloud services available for free is a good thing. Your unique experience and situation many one day turn out to help someone else in need. Pay it forward, as they say.

Another benefit of a blog is that you can point people to it to demonstrate your knowledge and dedication to your craft. Even if your destiny is not as a business owner, having a regularly updated blog stands you out from all the ‘wanna –be’s’ out there claiming to be IT Professionals. You don’t have to be more right that everyone else, you just need to show you are learning. True IT Professionals NEVER stop learning. They are not afraid to try and fail because that teaches them what not to do next time.

Learning is the one skill that once mastered will serve you no matter what changes happen in the industry, in your profession or in your life. You become better when you learn something. You become great when learning becomes part of your daily routine. Remember, most people in this game don’t actually have a structured learning system. They react, scramble around, do internet searches until something random puts out the fire. As they say, do random things and you get random results. Winners have systems. Be a winner, build a system.


True IT Professionals take a professional approach to their business and career. They are proud of the work they do and look to push themselves to improve. They are always looking to improve, invest in themselves and add value while helping others. They are humble enough to appreciate they need to continue to learn in this profession and welcome the challenge of developing their knowledge of the products and services that are available. They are always willing to help others and recognise those that help them. But most of all, they embrace the challenge that that IT profession provides them.

Adding Print to PDF in Word Quick Launch

image

One of the items that I always forget how to configure when working with a new profile is the Publish as PDF option you see here in the Quick Access Toolbar.

image

I find this to be really handy when trying to live the ‘paperless' office’ dream.

You can set the same Quick Access Toolbar options in all Microsoft Office documents.

Wednesday, January 2, 2019

My Gear 2019

You can take a look back at last year’s gear here:

My Gear 2018

there were/are some major changes happening with my assortment.

Pixel XL phone – still using this as a ‘secondary’ phone. It has all the Microsoft apps installed on it and is connected to my Office 365 demo account. Most importantly, it has the Microsoft Authenticator app for MFA access to my demo accounts in Office 365. Anther major app I use on this phone is OneNote for accessing all my notes.

I connect this phone in my car for navigation (Waze), Podcast (Podcast Addict) and have recently discovered I can also get Amazon Music there as well via the phone. An upcoming post will detail all the mobile apps I use on my devices for you.

This phone continues to perform all the tasks it needs to well and I have no plans to replace it in the near future.

Summary – No change, still in use every day.

Lumia 950 XL – This Windows Phone continues to work but is beginning to show it’s age and lack of support. My main use of this device is simply to make and receive calls, but of late I’m starting to get issues where this isn’t always happening for some reason. Now that may not be the phone, it may be the sim or the network, however I’m also getting more lock ups and random reboots. Nothing major, but painful when it happens. Would it continue to work as an acceptable phone only device? Sure, but is that really serving my purpose and providing the best benefit? I’m beginning to think not.

Thus, I think one of the changes I’ll need to make in 2019 is to finally retire this device and look at a replacement. Given that I already have a functioning Android phone my choice is probably going to be an iPhone. However, given the outrageous prices of iPhones I’m not looking forward to that day and am waiting for some sort of sale or discount offer to eventuate. I have also read that there will be new iPhones coming soon with better support for e-sims so maybe I’ll hold off until then. It is really just my aversion to paying THAT MUCH for a phone.

So sometime this year it will be bye, bye Windows phone and hello iPhone (as well as bye, bye many dollars unfortunately at the same time).

Summary – will probably be replaced by iPhone sometime in 2019 once I can bear the cost of doing it.

Surface 3 and 4 – Are both working well. I use the Surface Pro 3 as a travelling device and the Surface Pro 4 as my desktop. I am considering getting a new travelling device or maybe a new desktop device, say a Surface Pro 6, and using the Surface Pro 4 for travel. I considered maybe a Surface Go as a new travelling device but decided it would not be powerful for what I need.

Looking a Surface Pro 6 brings into question what specs? I certainly don’t need a lot of local storage any more so a 256 GB SSD is fine. That storage capacity then limits me to 8GB of RAM, which I think is also fine. The final choice is an i5 or i7 processor. Since I’m going for a cheaper device here I’d look at the i5 processor as it does everything I need.

Some things to remember about buying a Surface. You’ll also need to add a keyboard and a pen. Doing so brings the price of such a device up to around AU$2,000! However, the biggest drawback is that these current generation of Surface Pro devices only come with Windows Home! On a Pro device? So, I’d now have also factor in an upgrade to Windows Pro as well. Now, that isn’t a huge issue but all up that is lot to pay for a desktop that I kinda really don’t need given the other two are working fine.

If you also couple that with the desire to get a new iPhone, the costs of hardware for both of those devices combined is approaching AU$5,000 which is madness for things I don’t really need urgently. Thus, I am putting both of these on hold until there is a more burning need for them. If a I see a good deal appear for either of these devices I might jump in, but man, that’s a lotta dollars for computers eh?

Summary – considering a Surface Pro 6 to replace Surface Pro 3 but need a practical and rational reason to make immediate change.

iPad – One of the other reasons I was considering a Surface Go was as a pure writing device to totally replace the pen and notebooks that I have. I have wanted to go totally paperless for years but never found the right device. The Surface Go was a contender but once you added all the bits, it became too expensive and somewhat bulky.

I then decided to go with the bottom of the range iPad (WiFi only) and an Apple pencil which brought the total to around AU$500. The Apple pencil is a tad cumbersome and I would prefer something about half the size. I like that it is re-chargable, which the Surface pens aren’t, but that isn’t a huge issue. The Apple pencil does write well but I see no real difference to a Surface pen in that respect but the Surface pen wins on form factor if I was to make an ergonomic choice.

Another reason for the new iPad was my original iPad 2 is now no longer able to be upgraded to new versions of iOS and has become quite slow. So my thinking was to get a new personal iPad device and repurpose the older iPad for testing. The last thing I need to do before I can fully repurpose the older iPad is move the Google Authenticator app off it to another device. That is going to be a major pain that I have so far put off but will need to be done sooner rather than later.

I’m now using this new iPad for anything to do with writing, business and personal. This new device has probably had the biggest impact on the way I do things in the last 12 months.

Summary – new basic iPad is now a central part of my daily routine. Old iPad 2 soon to be repurposed for testing.

Ubiquiti – After having a consumer grade WiFi setup for ages, and after some connectivity issues (which turned out not to be the WiFi after all) I decided that my whole setup needed upgrading. My greatest concern was that the consumer gear firmware was not being upgraded and that would potentially increase my risk, so it was therefore time to upgrade.

After reading Troy Hunt’s post on Ubiquiti and watching his free online course as well, I decided that I wanted something similar. I thus invested in:

- Security Gateway

- UniFi Switch 8 (150W)

- UniFi nanoHD WiFi access point

- Cloud Key Gen2 Plus

I left my old router in place but disabled the WiFi access point and simply use it as a pass through now. I then connected it to the Security Gateway, connected everything else up behind the gateway and then configured it all from a web interface. Very, very impressed with the results. Super simple install. Easy to update the devices and great metrics on usage, devices and so on. Highly recommended.

One of the items that I am considering for 2019 will be a Ubiquiti camera like this:

G3 micro

Again, not really a must have but I can see benefits of having one of these device to monitor things when I’m not there.

In theory, the Australian high speed National Broadband Network (NBN) was supposed to be rolled out to my location in December 2018. I hope that it isn’t too far away so I can complete the final part of the upgrade of my infrastructure and finally get some real high speed connectivity in place. I can’t wait.

Summary – very happy with major upgrade of my networking systems to Ubiquiti gear, with potentially a camera to be added. Awaiting roll out of NBN to complete project.

Docking station – Initially, I though that the cause of my connectivity issues was my old consumer grade WiFi but it turns out that the network port in the my existing Kensington USB 3.0 Docking Station SD3500v was becoming flaky. Problem was the docking station drives a lot of things besides my wired networking, like multiple monitors. The temporary solution was to just unplug the wired connection and go wireless with the Surface Pro 4. The longer term solution is going to be buying a new docking station.

The replacement is going to be:

Kensington SD7000 Surface Pro Docking Station

Unfortunately, there doesn’t appear to any here in Australia at the moment, so I’ve also added that to the 2019 wish list as a priority.

Summary – Kensington SD3500v has flaky network port and will thus probably be replaced with Kensington SD7000.

WD Sentinel DX4000 – I’d also like to upgrade this device as the installed Windows Server 2008 R2 is going into end of life. I’d like to be install Azure File sync on any device and that means Windows Server 2012 R2 or better. I don’t think that it would be a good idea to do an in place upgrade of the equipment, so new infrastructure seems to be required.

Now if I go for a new on prem server, do I get something a bit bigger that can actually function like a ‘normal’ server so I can do more testing? Like I said, I’d really like the ability to install additional software on there but all these wants increase the price. Maybe, I just leave the existing server in place but get a new ‘front end’ box to do what I want?

I still rather undecided on what to do here. Again, the existing server is doing its job well and suits my needs, however having some additional flexibility would be nice, especially for testing hybrid configurations. For the time being I’ve decided to put this on the back burner but would like to do something in 2019.

Summary – on the back burner to upgrade or replace.

Fitbit – The old Fitbit recharging port on the unit has become so broken that the charging cable will no longer attach to it. The cost of replacement items is too high in my books and I really don’t want another watch as I like my analogue one. Having used a Fitbit for many years, I have a lot of accumulated data that I’d be forgoing if I went to another device. However, on the other hand, how often do I look at that data? Rarely, if I’m honest.

The most likely replacement is probably going to be the Oura ring, which I really like all the metrics around it. Now the challenge is I need to get my finger measured to find the right size. Oura does ship a sizing kit that allows you to check the size using plastic mock ups before you confirm but you still need to purchase the whole unit first.

Being a few hundred US$ doesn’t make this item cheap. Being that I also REALLY don’t need this item I’ve still in the due diligence phase, making sure that it is the best investment for my money as I know there are other devices out there. So again, probably something I’ll get in 2019 but no real rush as yet and as yet I’m not 100% sold given the cost.

Summary - Fitbit has died after a long and productive life and it looks like the Oura ring will be the replacement.

Amazon Kindle – In use every day, no change. One of the best devices I have ever invested in.

Xbox One S – Twelve months old now and use it mostly to watch videos on Amazon Prime or YouTube. Play the occasional game when the mood takes me. Makes for a good distraction when the need arises.

Summary – mainly used as a consumption device with some gaming. No change or updates expected in 2019.

My major hardware investments in 2018 where new Ubiquiti networking and a new basic iPad to replace all paper notebooks. On the cards for 2019 are probably a new iPhone, Oura ring and docking station. What also will probably eventuate is a G3 micro video camera, new on prem server and maybe a new Surface Pro.

Let’s see what 2019 brings.