Tips for maximum conference ROI

I have returned from presenting at another conference. You’ll find my presentations from the event embedded further down in this post or at my Docs.com.

I thought I’d also take a moment to share some techniques and tips I’d recommend you employ when attending a conference to ensure that you get the most from any conference.

1. Remember you are at the conference for business.

It is all well and good to take a step back and enjoy everything that a conference has to offer, the food, the drink, the location, the company, but remember it is all costing your business money. Thus, you should be asking yourself whether you are getting return on investment constantly. This may mean learning something new, meeting a new contact who can help your business, etc. but you need to ensure you GET something in return.

Don’t get caught in the trap of treating the whole event as a party. Don’t get caught in the trap of getting wiped out on the first night and then being unable to attend any of the sessions. Have fun, yes but always ask yourself, what return am I getting for my investment in time and money at the conference.

2. Have a plenty of business cards

Always ensure you have plenty of business cards before leaving for a conference. Every time you go anywhere near the conference venue ensure your pocket if full of business cards and you have an adequate supply elsewhere as a backup.

Don’t be shy handing out your business card as well as receiving cards from others. Every time your strike up a conversation with someone, make sure they leave that conversation with your card.

3. Carry a pen

As only fashioned as it seems having a pen ready and available is till the quickest way of writing notes and capturing information. In my case, I always ensure there is space to write on the back of my business card so I can write a URL or a note and give that to someone. If you don’t have a business card that allows this, carry some blanks cards just in case.

It is easy to say that you’ll send an email follow up, however jotting it down goes a long way to ensuring that you’ll follow through.

Also remember that battery power can be at a premium during conferences and you don’t want to be tethered to a wall and miss out on the hallway conversations. A pen is a great information recording device backup for your phone or tablet when it starts running low on juice.

4. Make yourself available for conversations

There is nothing wrong with waiting in a publically visible but off to the site location. Try and find an area that will accommodate at least one other person and is quieter than the middle of the conference throng.

By doing this you make it more enticing for someone to come up and have a chat with you, especially if they have been looking for a chance to do just that. Being immersed in the conference ‘mosh-pit’ is great and there is always something interesting happening but remember, you are looking to generate the most return for your business not listen to others pontificate constantly.

5. Convert business cards into Linkedin contacts asap

Whenever you get a chance, go through the business cards you have received so far in the day and connect with them on Linkedin. This is firstly a good backup in case you misplace their business card but it also give you deeper insight into that contact and their details thanks to Linkedin. It does likewise for your new contact but also indicates how keen and on the ball you are by making contact electronically shortly after meeting them.

6. Wear the uniform

Many people think that it is extremely boring to wear the same outfit to a conference every day. I purposely ensure I wear that same thing throughout the conference. One of the main things I ensure I do is wear a branded shirt. Why? People respond to consistency, the more consistent you are, in every aspect, the more comfort people derive. Also, if you wear the same thing you make it easier for people to identify you in the crowd if they are looking to seek you out to make contact.

Wearing the ‘uniform’ also reduces the decisions you need to make about packing for the event and dressing on the day. Personally, I don’t want to waste my precious decisions credits on working out what to wear each day, I simply don the uniform and get on with generating ROI for my business.

There are of course plenty more tips I could pass on but these hopefully should provide you some benefit next time you attend an event.

Let me know what you think works when you attend a conference. I’d love to hear.

Unleashing the Power of Azure

Unleashing the power of Azure to make on premise irrelevant – SMBITPro National Conference 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195773-6563-8190-0370-001714572934%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Is Windows 10 the last version resellers will ever install?

Is Windows 10 the last version resellers will ever install? – SMBITPro National Conference 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195773-6441-7890-9780-002121714420%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Want

The theme music clinches the deal.

Interesting how now even Microsoft hardware is cool eh?

Office 365 Nation wrap up

Well I am back (finally, phew) from Seattle and being part of Office 365 Nation hosted by the one and only Harry Brelsford.

First, a shout out to Harry and his staff for putting on another great event. Everything ran very smoothly and everyone I talked to had a great time.

Next, I also have to thank all the attendees that came to my sessions (even those I was a tad under the weather for). Also to those who made time to come up and chat or just say hello. This is what community is all about and the main reason I’ll endure over 24 hours or travel door to door to be in attendance. That also doesn’t cover all the great new contacts I made during the time.

To these and everyone else who helped make the trip worthwhile I say thanks.

I have posted all my presentations from the event up at my DOCS.com site (which also has plenty of other interesting free stuff from me), in the Presentations collection:

https://docs.com/ciaops

https://docs.com/ciaops/7775/presentations

Across the Isle

Across the Isle – Office 365 Nation 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195817-5442-1372-7770-000678446948%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Understanding Microsoft Cloud Identities

Understanding Microsoft Cloud identities – Office 365 Nation 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195817-5258-1123-6760-001997999724%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Office 365 security, privacy and compliance

Office 365 security, privacy and compliance – Office 365 Nation 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195817-5129-1561-2200-001922537313%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Office 365 Identity Management

Office 365 Identity Management – Office 365 Nation 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195817-4993-0293-6390-001510353638%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Riding the Big Data Wave with Excel and Power BI

Riding the big data wave with Excel and Power BI – Office 365 Nation 2015—Robert Crane Docs.com

https://docs.com/d/embed/D25195817-4913-1019-8790-000843845982%7eMd4186d87-61d5-259a-4d26-00a8bd86cfff

Configuring the Windows Web Server role and assigning a certificate

I’ve detailed the different Office 365 Identity options previously. I’ve also detailed how to install Azure AD Connect (which replaces both Azure AD Sync and DIRSYNC) and why it is necessary for both synchronised and federated Office 365 identities.

What I plan to cover in upcoming articles is how to establish federated identities (i.e. ADFS) for Office 365. I’ll break these down into a number of posts and then bring everything together as a single point of reference at the end.

This post will take you through the initial process of configuring the pre-requisites on the ADFS server. This means installing the Windows Server Web Server role and assigning a certificate to this Windows Web Server.

Prior to the steps here, I already have established a domain controller (DC) on the network. The local domain is called kumoalliance.com I have already successfully installed and configured Azure AD Connect on this DC. I am successfully synchronising user information from the local Active Directory (AD) to Office 365 via Azure AD Connect. I have also installed and configured the custom domain kumoalliance.com into my Office 365 tenant. This ensures that the UPN of the local AD matches those in Office 365. I have also assigned the appropriate Office 365 licenses for active users.

I have also added a separate member server (called CIAOPS365-ADFS) to this domain that will function as the ADFS server. I am now ready to configure the pre-requisites for ADFS which is the Windows Web Server role and an SSL certificate. The Web Server on this machine will be configured to respond to the URL https://adfs.kumoalliance.com for clients on the local network. Clients outside the domain (i.e. external) will use an ADFS proxy which will be configured later on after the ADFS server has been configured.

Launch the Server Manager Dashboard as shown above.

In the top right hand corner select the Manage menu item and then Add Roles and Features from the menu that appears.

This will launch the Add Roles and Feature Wizard as shown above.

Select Next to continue.

Ensure that Role based or feature based installation is selected, then select Next to continue.

Select the ADFS server name from the list of servers displayed. Typically, that should be the only server that appears. Select Next to continue.

Scroll down the list of roles until you locate Web Server (IIS) and select this.

This will pop up a dialog shown above. No configuration is required, so simply select the Add Features button to continue.

You’ll be return to the list of roles and you should now see that Web Server (IIS) is selected as shown above. Select Next to continue.

No additional options need to be made. Select Next to continue.

Select Next to continue.

No additional options need to be made. Select Next to continue.

Select the Install button.

The wizard will now install and configure Internet Information Services (IIS) on the server. This process should only take a few minutes and not require the server to be rebooted.

Ensure the installation process completed successfully then select the Close button to complete wizard.

In the top right of the Server Manager Dashboard you should see a message flag. if you select this you should receive confirmation that the Web Server role has been successfully installed.

In the Server Manager Dashboard, select the Tools option in the top right and then Internet Information Services (IIS) from the menu that appears.

Select the server name in the right pane. Then from the icons in the middle pane double click Server Certificates.

In the top of the right pane select Create Certificate Request.

Use the FQDN of the server (i.e. adfs.kumoalliance.com) as the Common name.

Complete the remaining fields with the information from the organisation. Select Next to continue.

Leave the Cryptographic service provider set to Microsoft RSA SChannel Cryptographic provider. However, ensure that the Bit length is set to 2048.

Select Next to continue.

Enter a file location to write the server key and select Finish to complete the process.

If you look at the file created you should see that it is simply a text file like that shown above.

You now need to take that certificate request information to your certificate provider and use it to request a certificate.

In this case I am using Digicert which allows me simply to copy and paste the text from the server certificate request directly into a web page, nominate which web server it came from (in this case IIS 8.0) and complete the certificate request.

In short order, you should receive confirmation that the certificate has been approved and in this case I am sent the certificate files as an attachment.

Copy the certificate files to the server and check to see that the files include a .CER file, which is the actual certificate.

Return to to the IIS Manager and in the top right now select Complete Certificate Request.

Provide the location to the certificate file received from the certificate authority in the first field.

For the friendly name enter the FQDN of the server (here adfs.kumoalliance.com).

Leave the certificate store as Personal and select OK.

When this process completes you should see the new certificate listed as shown above.

On the left hand pane of the IIS Manager, drill down and select Default Web Site.

Now on the right hand pane select the Bindings option towards the top.

Select the Add button in the top right of the dialog that appears.

Change the Type field to https.

Leave the Host name field blank.

In the SSL certificate area select the certificate that was added from the certificate authority (here, adfs.kumoalliance.com). Then select OK to complete the configuration.

You should now see an entry for https on port 443 displayed in the bindings as shown above.

Select the Close button.

You now need to create an entry in the DNS for the local domain so that requests to https://adfs.kumoalliance.com will be directed to the web server on this machine.

Open DNS management on the domain controller. navigate to the Forward Lookup Zones for the local domain (here kumoalliance.com).

Right mouse click on an empty location in the right panel and select he option to Add a new A record.

In the name field enter the first part of the common name you used when requesting the certificate (here adfs). The local domain will be appended to this name to create the FQDN of the server (here adfs.kumaolliance.com). This needs to generally match the common name on the certificate generated from the certificate authority.

Enter the IP address of the ADFS server on which IIS has just been installed. Then select Add Host button to complete the process.

To ensure everything is working as expected try and ping the FQDN of the ADFS server (here adfs.kuoalliance.com). You should receive a resolution to the IP address of the ADFS server, although the actual ping may time out due to firewall configurations. The important thing is that the name is resolved to the IP address of the ADFS server.

If that is successful, open up a web browser on the domain controller and navigate to the FQDN of the ADFS server (here https://adfs.kumoalliance.com) . Ensure you use https to verify that SSL and the certificate are operational. If they are you should be greeted with the default IIS web page as shown above.

If you then examine the certificate you should be able to verify that it is valid and issued by the certificate authority you used above.

Now that a secure Web Server has been configured on the ADFS machine, the next steps is to add the ADFS role to this same server. This will be the subject of an upcoming post so stay tuned.

Office 365 Identity options comparisons

Office 365 has three basic identity models that you can elect to implement. Each model uses a combination of Azure Active Directory for cloud based identity and Windows Server Active Directory for on-premises identity. The cloud only model for example, only uses Azure Active Directory (AD), while the synchronized identity model combines both Azure AD and Windows Server Active Directory, while the federated model solely uses on premises Windows Active Directory. Each has advantages and disadvantages which we’ll now cover.

The most basic identity model is the cloud only identity. This is where a users identity information is managed, maintained and mastered in Office 365. All changes need to be made to user information via the Office 365 admin web portal. The benefit of the cloud only model of identity is that no on-premises equipment or configuration is required and can therefore be accomplished anywhere access to Office 365 is available either via a browser or PowerShell. The disadvantage is that a user may require different credentials to login to their desktop, other cloud services and Office 365. This means, in essence, there is no single sign on (SSO) with the user having to remember the login for each service.

The next identity model is what is known as synchronised identity. Here user properties such as name, email address and so on are copied (or synced) from a local directory (typically Windows Active Directory) to Office 365. This is accomplished through the use of synchronisation software which today typically means Azure AD Connect.

There have been a number of iterations of this synchronization software which initially started life out as DIRSYNC. The problem with DIRSYNC was that although it could copy user object information it could not copy the users password from on-premises to Office 365. This meant that the password would have to be manually set in Office 365 to match the password on-premises. Thus, with DIRSYNC it was entirely possible for on-premises password to differ from Office 365 which was very confusing for users.

The next iteration of the synchronisation software was called Azure AD sync. This included all the features of its predecessor, DIRSYNC, but now incorporated the synchronisation of secure password hashes.

This meant that now not only was a users details synchronised from on-premises but so was an encrypted version of their password. With Azure AD sync in place users on-premises password was now automatically replicated in Office 365.

The current iteration of the synchronisation software is called Azure AD Connect and brings all the benefits of Azure AD Connect but with additional features to allow things like the integration across multiple Active Directory Forests, integration with other third party directories on premises as well as better integration into the cloud.

The synchronised model copies the users details and password hash to Office 365. It however, is not a bi-directional sync, Azure AD Connect (and the previous synchronisation tools) copies from on-premises to Office 365, over writing anything that may already exist there. They do not copy back from Office 365 to a local directory.

The synchronised model requires synchronisation software to be running on a server in the local network. Best practice is to run this synchronisation software on a member server but Azure AD Connect does support being installed on a domain controller while previous versions of sync tools did not.

See my previous articles on installing the various sync tools:

Azure AD Connect tools – the basics –https://blog.ciaops.com/2015/07/azure-ad-connect-toolthe-basics.html

Azure AD Sync Services tool – the basics –https://blog.ciaops.com/2015/06/azure-ad-sync-services-toolthe-basics.html

Windows Azure Active Directory Sync tool (DIRSYNC) – the basics – https://blog.ciaops.com/2013/10/windows-azure-active-directory-sync.html

The final identity model extends on the synchronisation model by adding Active Directory Federation Services (AD FS) to establish a trust between on premises AD and Office 365. This means that when a user requests an Office 365 services, Office 365 queries the local AD via AD FS to confirm the provided user credential. If the local AD confirms the identity a security token is passed back to Office 365 authenticating the user identity so that Office 365 can then allow the user access to the services.

A federated identity model requires the installation of an AD FS farm on premises, which is a role available on a Windows Server. This farm must be installed on member servers within the existing network. AD FS also requires third party certificates to be installed and maintained. Also, if the business requires users to roam outside the organisation and continue to access Office 365 it will also need to install a secure AD FS proxy farm to handle these external requests from outside its network.

Thus, if a user inside the network needs access to Office 365 services they are authenticated via the internal AD FS and the local AD. If an external user needs to access Office 365 services they do so via the AD FS proxy, which connects securely to the internal AD FS server and then to the local AD.

The challenge with federated identity is that the local AD, AD FS farm and AD FS proxy farm need to be available at all times to provide authentication. If they aren’t then no user login to Office 365 is possible because Office 365 can’t verify the identity of any users because it can’t access the local AD. Best practice is therefore to install these in a load balanced environment which means multiple servers.

The advantage that federated identity provides is that once users are logged on to their local AD they are not prompted again for separate Office 365 credentials. Because Office 365 has established a trust with the local AD, all Office 365 services are provided by credential pass through. This basically means a user isn’t prompted to access Office 365 because they have already logged into their local AD and Office 365 already trusts this. This provides users with a single sign in (SSO) experience.

Each of the models can easily be incorporated into any Office 365 but the most cost effective solution for environments with an existing AD infrastructure is the synchronised model as it generally does require the additional equipment that the federated model does.

You should therefore select the simplest Office 365 model for your needs. It is also possible to change between the models if required but getting it right up front can save a lot of extra configuration down the track. So plan your Office 365 identity requirements early and provide the best login experience for your users.

Connecting Cortana to Office 365

Using speech to interact with technology is not only cool but it can also be very productive. It is generally much quicker to record a voice message than write something down or send an email. With that in mind, and the enhanced abilities of Cortana we are seeing in Windows 10, it make sense for all this to connect up to Office 365 as well.

To start with you are going to need to have a Windows 10 machine and Cortana already configured on your machine.

An Office 365 administrator will need to login to the admin center and select Cortana from under the Service Setting on the menu on the left. They will then need to ensure that Manage access for Cortana on the right is set to On.

On a Windows 10 machine with Cortana already configured simply click into the search box to ‘wake up’ Cortana. Doing so should reveal something like you see above.

If you now select the second icon under the hamburger menu on the left (i.e. the one under the Home icon) you should a list of configuration options for Cortana as shown above.

From here select the Connected Accounts option.

At the moment the only option that is available is Office 365 so select this and set it to On.

You should now see the option as On.

To actually use Cortana with your Office 365 information you’ll need to configure your Office 365 account in both the native Windows 10 email and calendar apps. You do this simply by adding the account and selecting the Office 365 option as shown above.

With all this connected up Cortana has access to your appointments and will prompt you when meetings are scheduled. You’ll also be able to make appointments and do other helpful things all thanks to the wonders of Cortana.

The power and integration of Cortana will continue to grow in both Windows 10 and Office 365, so remember this is still early days. However, I see speech as key technology going forward that is going to make using technology much easier for the average user. So jump on board today, configure Office 365 with Cortana and prepare for the future.

Need to Know podcast–Episode 90

I’m joined again by Jeff Alexander from Microsoft to continue our discussions around Windows 10. Jeff is back from Seattle with all the latest news about the deployments and we dive deep into the Windows as a Service offering and differences it will bring. We also talk about Windows 10 Office apps and getting Windows 10 connected to Server 2012 R2.

If you missed the previous two episodes Jeff did then you will find them at:

Jeff Alexander on Windows 10 – Episode 1

and

Jeff Alexander on Windows 10 – Episode 2

You can listen to this episode at:

http://ciaops.podbean.com/e/episode-90-jeff-alexander/

or subscribe to this and all episodes in iTunes at:

https://itunes.apple.com/au/podcast/ciaops-need-to-know-podcasts/id406891445?mt=2

The podcast is also available on Stitcher at:

http://www.stitcher.com/podcast/ciaops/need-to-know-podcast?refid=stpr

Don’t forget to give the show a rating as well as send me any feedback or suggestions you may have for the show. I’m also on the hunt for some co-presenters so if you are interested on being a regular part of the show please contact me.

Resources

Windows as a Service – https://channel9.msdn.com/Events/Ignite/2015/BRK2322

Windows 10 Office apps – https://blogs.office.com/2015/07/29/office-mobile-apps-for-windows-10-are-here/

Join at Azure AD – https://blog.ciaops.com/2015/07/connect-windows-10-to-azure-ad.html

Jeff on Twitter – https://twitter.com/jeffa36

Jeff’s About.me page – https://about.me/jeffa36

Windows Insider program – http://insider.windows.com

Windows 10 uservoice – https://windows.uservoice.com/forums/265757-windows-feature-suggestions

Windows 10 Blog – http://blogs.windows.com