CIAOPS Techwerks 8–Adelaide October 24

bw-car-vehicle

I am happy to announce that Techwerks 8 will be held in Adelaide on Thursday the 24th of October. The course is limited to 15 people and you can sign up and reserve your place now! You reserve a place by completing this form:

http://bit.ly/ciaopsroi

or  sending me an email (director@ciaops.com) expressing your interest.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. A special part of this event will be sessions by MVP Amy Babinchak as well as some other surprise guests.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:




























Patron Level Price Inc GST
Gold Enterprise Free
Gold $ 33
Silver $ 99
Bronze $ 176
Non Patron $ 399


The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Adelaide on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (director@ciaops.com) or complete the form:

http://bit.ly/ciaopsroi

and I can let you know all the details as well as answer any questions you may have about the event.

I hope to see you there.

MVP for 2019-20

MVP_Logo_Horizontal_Preferred_Cyan300_RGB_300ppi

I’m proud to say that Microsoft has graciously awarded me as a Most Valued Professional (MVP) for 2019 in the Office Servers and Services category. This makes it now eight awards in a row for me, which is very special and honouring. I thank Microsoft for this special award and acknowledge the responsibilities it entails.

However, this award is not possible without members of the community out there who take the time to do things like read my blog, watch my YouTube channel, attend events where I speak and more. Thanks everyone.

I’m committed to continuing to provide more information and insight into the fantastic products and services Microsoft creates. I can’t wait each day to see what new stuff Microsoft has brought us and how it can be implemented for users. With the rapid development rate in the cloud I am always amazed at all the new stuff that becomes available but it is really great to have that challenge of staying current.

Having attended my first MVP Summit this  year I’m looking forward to next year’s one so I can again visit Redmond and learn from Microsoft and fellow MVPs. Being an MVP is being part of a unique community of very dedicated and smart people who truly love to share their knowledge. I aim to live up to the example they set and continue to improve and grow. I congratulate all those who were also awarded for this year and look forward to seeing you at the MVP Summit in 2020.

But again, I thank Microsoft for this honour and will work hard to live up top the expectations it sets again for 2019-20 so I can make it nine years ins 2020!

CIAOPS Techwerks 7–Melbourne August 16

bw-car-vehicle

I am happy to announce that Techwerks 7 will be held in Melbourne on Friday the 16th of August. The course is limited to 15 people and you can sign up and reserve your place now! You reserve a place by completing this form:

http://bit.ly/ciaopsroi

or  sending me an email (director@ciaops.com) expressing your interest.

The content of these all day face to face workshops is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into Intune, security and PowerShell configuration and scripts, however that isn’t finalised until the day.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:


Patron Level Price Inc GST
Gold Enterprise Free
Gold $ 33
Silver $ 99
Bronze $ 176
Non Patron $ 399


The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Melbourne on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (director@ciaops.com) or complete the form:

http://bit.ly/ciaopsroi

and I can let you know all the details as well as answer any questions you may have about the event.

I hope to see you there.

Register for upcoming CIAOPS events

blur-blurry-coffee-273222

I have a number of planning events coming soon, so now is the time to register your interest for these so you can be kept up to date on that event. You can do this via the Microsoft Form here:

http://bit.ly/ciaopsroi

Upcoming events that you can register for include:

1. Techwerks 7 in Melbourne on Friday the 16th of August 2019

2. Techwerks 8 in Adelaide on Thursday the 24th of October 2019

3. MS-100 online study group

I’ll be posting more information about all of these events soon but here’s that you can get the jump on everyone else and ensure you place when the events formally open for registration. You should check back regularly to see what CIAOPS events are coming.

I hope to see you there.

Key skills for an IT Professional

accuracy-action-active-433077

If you are an IT professional working in with Microsoft 365 then I would suggest the following are the top five skills that you need to have to be successful going forward. My pick, in order is:

1. PowerShell

2. Azure AD

3. Security

4. Intune

5. SharePoint

and here’s why:

PowerShell

PowerShell gives you the ability to script commands for both cloud and on premises Microsoft services. There are many things you can also only do using PowerShell, however more importantly, you can begin to automate what you do. This reduces the time it takes to complete processes as well as giving more consistent results. It also means that you can potentially offload these tasks to others who only need to know how to run the scripts you have created not understand what they entail.

I also find that understanding the PowerShell side of a process gives you a a much deeper understanding of that process and what is possible. I also think that having to do a bit of coding is a benefit to everyone. It helps you to think more logically, plan and structure what you want to achieve. You however don’t need to become a developer, it is easy to CTL-C and CTRL-V good scripts from various places and integrate them into your processes while making a few changes along the way. You can go as deep as you wish and create really amazing scripts that really make life in IT so much easier, while allowing you to do your job faster.

Remember, software will eat the world.

Azure AD

Identity is key to our modern world. You don’t get access to “stuff” until you prove who you are. Importantly, Azure AD is not the same a traditional on premises Active Directory. It is a subset, where the additional options can be added as needed. However, you need a good understanding of where a user’s primary identity is and how it is managed and secured in the cloud. Without this fundamental knowledge you are really going to struggle to understand things like modern device management and security.

All Microsoft services are underpinned by identity and Microsoft cloud services are underpinned by Azure AD. Thus, to administer, configure, troubleshoot these you need a good understanding of Azure AD.

Security

With so much of our assets now being digital, protecting them is paramount. We need to do this in a way that doesn’t inhibit productivity and that is a real challenge. Poor security to me indicates a fundamental lack of knowledge about the products in question. It also demonstrates a lack of discipline and consistency which are the hallmarks of your adversaries out there trying to gain access to systems you protect.

Security will never be an absolute and that makes it hard for many “IT types” to deal with who like to have a tangible end goal. There is not a finite end point with security, there is simply an ongoing challenge to stay one step ahead of the bad actors. Some see that as a burden while the true security professional sees it as a challenge. The protection of our future lies with good security and the challenges that brings. It therefore, will be a skill that will be in continuing high demand.

Intune

As mentioned, Azure AD doesn’t contain the same resources that on premises Active Directory did. The best example of this is probably Group Policy, which is something that Azure AD does not incorporate. To a large extent, that is now handled by Intune and this why it is such an important skill going forward for IT Professionals to become skilled with. It can also be implemented using things like PowerShell, which again goes to the point of how important this list of skills is across all Microsoft services today.

A key factor with Intune is its ability to configure mobile devices. This is something traditionally IT Professionals have not been able to do. However, with the growing numbers of mobile devices in use and their criticality to businesses of every size, it is now more important than ever to be able to easily configure and secure them directly from the Internet.

SharePoint

Most IT Professionals have some skill or familiarity with Exchange and emails which easily translates to services like Exchange Online. However, when it comes to files and folders in the cloud the service of choice is going to be SharePoint, for which there are a decided lack of skills even though SharePoint has been with us for many years now. As I have spoken about many, many time here, SharePoint is more than just simple storage, it is a collaboration system and needs to be approached in that manner to get the most from it. Not doing so results in lots of pain for both administrators and end users.


So there you have it. If I had to pick five skills in order that characterise a modern IT Professional, these would be they. You don’t need to be an elite ninja in each but likewise you can’t remain ignorant of them. if you work with Microsoft cloud technologies you should be familiar and comfortable with them all. If not, then you need to start investing some time and learning them because they will serve you well now and into the future.

A framework for file migrations to Microsoft 365

One of the major points of confusion and poor execution I still see today is the approach that many take to migrating files to Microsoft 365 and Office 365.

Many years ago I wrote a number of articles about this:

The classic SharePoint migration mistake

SharePoint Online – Pilers and Filers

SharePoint Online migration – Start up is key

and all of that is still valid and I recommend you read it, however the technology has moved on somewhat and it is now perhaps time for an update.

What I’ll cover here is a framework for migrating on premises data, typically on file servers in network shares, into the collaboration tools in Microsoft 365. And that’s the first point. You need to look at this across all the services Microsoft 365 provides you today. Not just SharePoint. Not just OneDrive. And not just Teams. Microsoft provides a range of services that you should consider in this file migration process.

Now many claim that because of all these options it is too complex and therefore you should just dump your data in one place. I can’t tell you how many times I’ve see exactly this, everything from a file server F: drive dumped into a single Document Library in SharePoint. Oh the pain.

image

The secret of success is to have a “system” and not do things randomly without thought. Thus, my framework is shown above. Now let me break down the pieces for you.

image

You firstly start with the source (on the left i.e. a file server drive) and the destinations (on the right, i.e. collaboration services in Microsoft 365).

image

The first step is to filter the source information and remove (yes I said DELETE) stuff that doesn’t make sense to move. Old and duplicate files are example but I have highlighted this in more depth in a previous article:

Data discovery done right

Thus, you should now have less data to move because you have thrown some away. If you haven’t then you are not being serious about this. You should also have a better idea about what data to archive, what is user data, what is common data and so on.

image

With the remaining good data you move (yes, I said move NOT copy) users personal data to their OneDrive. You actually get them to do that so firstly they get familiar with the new environment, they move only what they want to keep and you crowd source this task reducing the workload. We all know that some people will never ‘get around’ to moving their data, so after a suitable time period has elapsed you move it for them. The typically data that is moved in this process is anything on the desktop, home drive or in user profiles.

image

Next, is to identify the common data by function or location and move it to a Microsoft Team. In a typical on premises file server the existing shares you will find data stored in folders like F:\Finance and F:\Administration and so on. These top level shares are most likely going to be the name of the Team and the next level down folders to be the channels inside that Team. In many cases, users may also wish to ‘clean up’ the existing or ‘start fresh’, which is also fine. However, it is relatively easy to find the data that should go into a Microsoft Team and move it there.

image

The next data to move is common data that makes sense living in it’s own dedicated SharePoint Team site. Data that goes into stand alone SharePoint is data that does not require chat and conversations around it, Teams is where that data would live.

The best example here is probably Archive data. This is data the business want to keep ‘just in case’ but won’t be updated by users. Thus, you move the archive data as is, into it’s own designated SharePoint Team site, mark it as read only for everyone so they can use it as a starting point if they need to. The major advantage of moving the archive data to SharePoint is that it is now searchable using the tools in Microsoft 365.

Another good example of a stand alone SharePoint Team site would be an Extranet from which you want external parties to come and download data. Having a stand alone SharePoint Team site makes managing securities much easier.

image

The data that is now left is typically company wide data like policies, procedures, manuals, etc. This is then moved into the traditional ‘Intranet’ using a nice pretty SharePoint Communications Site. This Intranet is available to all and typically used to consume data i.e. get something, read something. New data for this Intranet comes from the output of the individual Microsoft Teams created earlier. For example, imagine the Finance team produces an annual budget. They do this creation inside their own Team and publish the finished result into the Intranet for everyone in the business to consume. I’ve covered this concept in greater detail in a previous article:

The layers of Office 365 collaboration

image

Now you have data all over the place inside Microsoft 365 as many will point out correctly. What’s missing is a consistent method of navigation between all these sources to make it easy for users to navigate. This is where SharePoint Hub Sites come in. You uses this to provide a consistent navigation over the top of all your data. To users this makes it all appear very logical and structured (even perhaps like their old file server) and yet provides the flexibility to be reconfigured at any stage and have those changes automatically applied across the whole structure thanks to SharePoint Hub sites.

image

The final layer is Yammer. This is for company wide communications such as water cooler chat (birthdays, sports, holidays), information on how to better use Microsoft 365, questions about the business, messages from CEO, suggestion boxes, what’s happening with the business or competition, sales, wins and so on.

Like the Intranet, Yammer is designed for corporate wide chat that doesn’t fit into any specific Team (which are arranged by function or location). I have detailed the importance of Yammer in a previous article:

Why Yammer is still relevant

image

Now that you have a linear framework that builds on top of itself, hopefully you have a better picture of where you can put data from a file server into Microsoft 365. Having a framework is great but more importantly is how to get users to also adapt to working in this way. My approach is to start with Yammer and OneDrive first as I have detailed previously:

Focus on the ‘Me’ services first

In short, if users get used to working with just files using OneDrive and then with just chat in Yammer, they will find it much easier to then move to Teams which is effectively files and chat combined. This thinking stems from:

The rule of three

I advocate to not over load people. This is because you need to:

Stop making your users feel stupid

You can have the greatest technology in the world but if no one uses it then it is pretty much wasted. that’s what I see with Microsoft 365. Not enough through and time is devoted to adoption and transformation. Most migrations are done as fast as possible to ‘close the ticket’ and move onto the next. The fallacy of that rushed approach is evident in failed adoption and user frustration.

So there you have it, a framework for migration of file data into the world of Microsoft 365. You can use this framework in whatever way makes sense to you. You can use all of it, none of it or as a basis for your own approach. However, the key message is to HAVE a process rather than something random. Remember, moving to a world of collaboration from a world of storage requires transformation not just migration!

Once you have the top level framework or process, you can then start developing individual frameworks and adoption processes for each piece. That is, one for OneDrive, one for Teams, One for Yammer and so on. Once you have these processes, next you can start automating them to improve reliability and allow you to scale. Without a system you can’t automate. Without automation your effectiveness and profitability continue to fall, so investing the time in a collaborate system is definitely worthwhile. It makes users happier and it makes IT more profitable! A win – win. That is what a move to Microsoft 365 should be all about!

CIAOPS Techwerks 6–Sydney June 6

bw-car-vehicle

CIAOPS Techwerks move to Sydney in June on Thursday the 6th. The course is limited to 15 people and you can now sign up and reserve your place. To do this just email me (director@ciaops.com) and I’ll add you to the list.

The content of these events is driven by the attendees. That means we cover exactly what people want to see and focus on doing hands on, real world scenarios. Attendees can vote on topics they’d like to see covered prior to the day and we continue to target exactly what the small group of attendees wants to see. Thus, this is an excellent way to get really deep into the technology and have all the questions you’ve been dying to know answered. Typically, the event produces a number of best practice take aways for each attendee. So far, the greatest votes are for deeper dives into Intune, security and PowerShell configuration and scripts, however that isn’t finalised until the day.

Recent testimonial – “I just wanted to say a big thank you to Robert for the Brisbane Techworks day. It is such a good format with each attendee asking what matters them and the whole interactive nature of the day. So much better than death by PowerPoint.” – Mike H.

The cost to attend is:

Patron level Price inc GST
Gold Enterprise Free
Gold $ 33
Silver $ 99
Bronze $ 176
Non Patron $ 399

The CIAOPS Techwerks events are run regularly in major Australian capital cities, so if you can’t make this one or you aren’t in Sydney on that date, stay tuned for more details and announcements soon. If you are interested in signing up please contact me via emails (director@ciaops.com) and I can let you know all the details as well as answer any questions you may have about the event.

I hope to see you there.

MSP Microsoft Partner MFA request

I’m not a Managed Service Provider (MSP) but there are lot of them inside the CIAOPS Patron community so I understand the challenges they have. Their role is typically to provide managed of customers technology, including things like Microsoft 365 and Azure. To perform that role they will typically need global administrator access to the clients tenant. They may need this access across multiple tenants.

Best practices is always to ensure you secure global administrator access via Multi Factor Authentication (MFA). This means, when you log into an account you’ll be prompted to verify your identity using a second factor like a code from an app on a mobile device. As I have detailed previously:

Using multiple authenticator apps with a single Microsoft 365 user account

you can have multiple ‘tokens’ to verify an account. If you want all of these tokens to be unique the current Azure AD arrangements are:

“Your users can now have up to five devices across the Authenticator app, software OATH tokens, and hardware OATH tokens.”

per – https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Hardware-OATH-tokens-in-Azure-MFA-in-the-cloud-are-now-available/ba-p/276466

That arrangement is generally fine if only one person is logging into an account but is a problems if you an MSP.

Why? Because you’ll typically have multiple technicians all needing to potentially manage a customers account. You want them to do this from a single global administrator account, however you want each technician to use a different token when they login. That way, if a technicians device gets lost or a technician leaves you merely revoke that one unique token. So, in the case where an MSP needs more than 5 tokens (say 1 for MSP and 4 for technicians) there is going to be an issue. For example what happens when you have 7 technicians say? Yes, there are ways around this but they are messy, cumbersome and inefficient as well as being more insecure I would suggest.

The ask here then is for the ability to increase the amount of tokens beyond 5 for a single account. I would suggest that perhaps the best way to accomplish this is only via a unique PowerShell command and not via the GUI. I also however suggest that a better idea would be to have a new unique global admin role in a tenant, say called “Partner Global Administrator”, that would allow more than 5 tokens. No other administrator could have this enabled, only this unique account. I would also suggest that this unique “Partner Global Administrator” also only be available in tenants that use CSP program from Microsoft. Thus, if the MSP is a CSP partner they will see this special role in the tenant. They then run a PowerShell script if needed and the number of tokens available on that account is increased up to say 20.

I also think that there is number of other benefits that a special “Partner Global Administrator” role could provide but for this request I want to stick to allowing the number security tokens be increased beyond 5.

I believe this request will help the many MSPs globally who manage a significant number of tenants for customers. Making it easier for MSPs to be secure and manage multiple customers more efficiently is a win for everyone.