Eric Kraus

technology

Microsoft BYOD and Mobile Device Management

LOTS of recent announcements on Microsoft mobile device management strategy are worthy of an aggregated post.

EMM Game-Changing Announcement #1

(source)

Intune-managed Office mobile apps that enable your workforce to securely access corporate information using the apps they know and love while preventing data leakage. This is achieved by managing/restricting actions such as copy/cut/paste/save-as and interaction/”open in” between apps in your managed app ecosystem.

Mobile Application Management for iOS and Android devices that enable you to keep corporate apps and content separate from user’s personal apps and data. This feature empowers IT to apply policy to the corporate content while staying clear of the user’s personal content. Microsoft is building containers for Windows devices that will be released as a part of Windows 10, and we have worked to drive consistent APIs across the containers being delivered across Windows, iOS, and Android devices.

App wrapping capabilities that help secure your existing line-of-business applications and integrate them into your managed app ecosystem without further development or code changes. Using the Intune wrapper your line-of-business applications will be able to participate in the same managed app ecosystem as the Office mobile apps and securely share content and data with those Office mobile apps. No wrapper from any other EMM vendor can do this.

Managed browser, PDF viewer, AV player, and Image viewer apps for Intune that allow users to securely view content on their devices within the managed app ecosystem.

Grant conditional access to corporate resources, including access to Exchange e-mail and OneDrive for Business documents. This access is based on device enrollment and compliance policies set by the administrator. This is also something that no other EMM solution can deliver.

Bulk enrollment of devices using Apple Configurator or a service account, simplifying administration and enabling policies and applications to be deployed at a scale (you can read more about this here).

 

EMM Game-Changing Announcement #2

(source)

Device Settings Management Exchange administrators can define configuration policies that are applied to Windows, iOS and Android devices and regularly review compliance reports for all the devices accessing corporate e-mail. There are more than 100 additional settings that can be configured over and above EAS.

  • Advanced passcode/pin settings
  • Device encryption
  • Jailbreak detection

Conditional Access to Office 365 Data Exchange administrators can define and apply conditional access policies for access to Exchange Online and SharePoint Online. Corporate e-mail and file-sync do not flow to the mobile device unless the policies required in the conditional access policy are met. If for any reason the device becomes non-compliant, e-mail and file sync are stopped until the device is compliant once again. This significantly increases the level of protection of corporate data on mobile devices.

Selective Wipe of Office 365 Data If a mobile device is lost/stolen, or if an individual leaves the organization, IT professionals can wipe the Office 365 corporate data from devices while keeping any personal data intact.

Integrated Administration within Office 365 Exchange administrators can set policies directly from within the Office 365 administration portal via an easy to use interface with wizard-based set up. Office 365 administrators will see a rich device compliance dashboard that shows exactly what devices are being managed and the settings that have been applied, as well as which devices are/not compliant

 

Introducing built-in mobile device management for Office 365

(source)

These new MDM capabilities, set to roll out in the first quarter of 2015, will help you manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices, so you can:

Help secure and manage corporate resources—Apply security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents are synchronized only on phones and tablets that are managed by your company.

Apply mobile device settings—Set and manage security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is lost or stolen.

Perform a selective wipe of Office 365 data—Remove Office 365 corporate data from a device when an employee leaves your organization, while leaving their personal data, photos and apps intact.

Preserve Office 365 productivity experience—Unlike third-party MDM solutions that have replaced productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love. You can set access policies to help secure company data while keeping employees productive.

Manage policies with ease—Administer mobile device policies directly from within the Office 365 administration portal, through an easy to use interface with wizard-based set up. View reports on which devices are connected to Office 365 and identify devices that have been blocked due to non-compliance.

Azure AD – Not Just a Directory in the Cloud

What is Azure AD?  At an architect level, Azure AD is a high-availability, geo-redundant, multi-tenanted, multi-tiered cloud service that has delivered 99.99% uptime for over a year now. We run it across 27 datacenters around the world. Azure AD has stateless gateways, front end servers, application servers, and sync servers in all of those data centers. Azure AD also has a distributed data tier that is at the heart of our high availability strategy. The data tier holds more than 500 million objects and is running across 13 data centers.   Azure AD Architecture

Figure 1. Azure Active Directory Architecture

 

It’s Not Just Another Directory to Manage

For starters, there are no costs for using Azure AD. The directory is a free resource. There is an additional Azure Active Directory Premium tier that is licensed separately and provides additional features such as company branding and self-service password reset. Azure AD offers many benefits, other than just typical “directory services”. When using a Microsoft cloud service like Office 365 or Microsoft CRM Online, the identities for those platforms are using Azure AD.  This comes with huge benefits because those platforms instantly benefit from the features within Azure AD.  For example, if you are an Office 365 user, you have access to thousands of other applications that integrate with Azure AD (assuming your organization leverages that SaaS vendor).  Users could also benefit from additional services like multi-factor authentication to Office 365, Azure Rights Management Service, for encrypting documents/emails and Self-Service Password Reset.

Single Sign On

Azure AD’s gallery of pre-integrated SaaS applications grows pretty much every week and it is now supporting over 2300 total apps! Also, Azure AD now provides integrated SAML support for over 50 applications, including all of the apps pictured below. Azure SaaS Apps

Figure 2. Azure AD SaaS SAML Integrated Apps

 

Multi-Factor Authentication

Azure Multi-Factor Authentication prevents unauthorized access to both on-premises and cloud applications by providing an additional level of authentication. Protect your business with security monitoring and alerts and machine learning-based reports that identify inconsistent access patterns to mitigate potential threats.

Self-Service Password Reset

Tasks such as resetting passwords and the creation and management of groups to your employees should be self-service. No sense paying a help desk resource to reset a password when that can be done by the user (possibly faster than placing a phone call).  Azure AD offers Self-service Password Change and Reset and Self-service Group Management with Azure Active Directory Premium.   For more information, see Azure Active Directory.

Azure Search

Azure Search is getting rolling and customers may have questions, or will have questions, about where it makes the most sense. First and foremost, doing Search is hard, and it can also be expensive. Azure Search is targeted at three core scenarios in this iteration:

Online retail/ecommerce

Most customers of ecommerce applications/sites will find products by using search first. Azure Search fits nicely into this space with its range of features including filtering, category counts (faceting), scoring, filters, sorting, paging and projection.

User generated/social content

There are many different flavors of user-generated content applications, but most share similar requirements when it comes to search. Examples of these kind of applications include recipe sites, photo sharing sites, user-contributed news sites and social network applications that have a Web and mobile presence. These applications deal with a large volume of documents, sometimes many millions, particularly when they allow users to comment and discuss on items. Geo-spatial data is often involved, related to location of people or things. Relevance tends to be driven by text statistics in addition to domain-specific aspects such as document freshness and author popularity.

Business applications

Users of line of business applications often navigate through their content using pre-defined menus and other structured access paths. However, when search is incorporated into these applications a lot of friction can be removed from general user interaction making it quicker and more efficient to retrieve this information.

Azure Search supports these scenarios from mobile devices to web sites and everything in between. A great introduction to using the cloud to provide app capabilities that used to be very hard in a quicker, easier fashion.

 

Check out the Azure Search blog post for more information/scenarios.

Windows 8.1 Sleep Study

Surface Pro 3

I recently purchased a Surface Pro 3 and have to say – I absolutely love it.  The marketing is spot on with this device, it truly is a laptop and tablet in one.  I am particularly impress with the battery life.  Last week, I did a few battery tests with very pleasing results.  The first test was with brightness at 100%.  I carried on a normal day of emails, Yammer posts, conference calls while writing notes, etc.  At 100%, I was able to work 5 hours before I needed to find some power.  The second test was with brightness at about 50%.  You may think 50% is pretty dark, but I was happy with the brightness and able to see just fine (after a little while I had forgotten that I was working under reduce brightness).  With the same type of ‘work’ activities on the device at 50%, I was able to work 7.5 hours before hitting the 5% critical mark.  During this second test, I actually worked the entire day without plugging the device in.  Awesome.

I won’t do a full review of the device since there are plenty of place you can read in depth evaluations…however, I will say that this really is a great work and personal device.

InstantGo

I wanted to share an interesting feature of Windows 8 that I found recently.  Related to the great battery life above, Windows 8 added a feature called ‘Connected Standby’ which is now ‘InstantGo’ in Windows 8.1.  You can read more about InstantGo here: http://blogs.windows.com/windows/b/windowsexperience/archive/2014/06/19/instantgo-a-better-way-to-sleep.aspx

Sleep Study

PCs that have Windows 8.1 and compatible hardware, also have a cool new feature called ‘Sleep Study’.  It’s a logging mechanism that monitors the battery drain during sleep.  You can then analyze what hardware components are causing wake/sleep drain of the battery.

Enabling Sleep Study

Enabling Sleep Study is easy.  Just fire up a command prompt with Administrative privileges

CommandPromptLaunch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Once you have the command prompt open, type powercfg /sleepstudy

 

CommandPromptResults

 

 

 

 

 

 

 

 

 

 

 

Your report will be created in a temporary location like C:\windows\system32\sleepstudy-report.html

Copy that file to the desktop (or different location other than C:\windows\system32 directory)

Open the file in Internet Explorer

 

Report

 

 

30 Days with Office 365 – Week 2 – Chromebook

For week 2, I’m working off of a Samsung Chromebook.

 

Let’s Get Right To It

Lync is a core tool for daily communication and collaboration.

My experimentation last week had a caveat with Lync; however, this week (on Chromebook) there’s no hiding behind the fact that Lync (desktop) app is critical to get work done.

  • Instant Message – OK – IMs come in as notifications in the top of the page.  After accepting an IM, it opens a new window in IE.  If you IM with a lot of people concurrently, it could be easy to lose the IM windows.  In Chrome, it’s a similar issue except for the fact that you can convert a window into a tab, so you can ‘collect’ them as tabs in a single window.  It helps a little, but still a pain for both platforms.  I would definitely prefer Lync (desktop) or Lync (modern) app on Windows.  If neither of those, I would want IE or Chrome WITH the browser plugin.
  • People Search – GREAT – The people search in “Outlook” or “People” apps of Office 365 return results insanely fast.  From there I can easily IM, email or schedule a meeting with someone.  Because this is so fast, it is one of the big reasons I prefer the browser experience over desktop
  • Conferencing – GOOD – I can join conferences via the browser with excellent feature parity.  On Windows, I can install the browser plugin and desktop share, join the Lync call (voice), etc.  With Chromebook, I’m definitely sunk.  Without the ability to install the plugin, I can’t desktop share or join the voice call.  I have to use my cell phone for this.
  • Desktop Share – BAD – non-existent without browser plugin or Lync on Windows.

Summary

  • Without Lync (desktop) installed…I felt hinder.  The browser would be good enough for a quick IM on the go…but not for full day of communication.
  • Notetaking was nearly seamless in the browser.  I am a huge handwritten note taker…which I missed.  If I don’t mind opening a laptop for every meeting, I can type my notes just fine.
  • Email and Yammer were the best and most seamless experience.  The only challenge I had was the lack of local storage.  Some times I would need to save a file locally to upload to another location (more on next line).
  • My biggest concern was the lack of local storage.  Yes, Google Drive was there…but all of the documents placed there would be indexed.  Regardless of the fact that people call it my “personal index” that is data crawled and stored…and give the sensitive of the content I work with…it’s not a viable option for me.
  • For the most part, Word, Excel and PowerPoint worked for my needs (creating, editing in the browser).  I had one proposal that needed some fine tune adjustments.  For that, I had to fall back on my Surface.  It was a 5% case.

Yammer Search in IE

Here’s a quick little tip to add a search provider for Yammer in IE.  It makes searching for a thread in Yammer SUPER fast.

Browse to Yammer and do a Search

Just do a search for “TEST”.  You can optionally search in a group if you want.

Yammer Search TEST

 

Copy the URL

for example:
https://www.yammer.com/<yournetwork.com>/#/Threads/Search?type=following&utf8=%E2%9C%93&search_group_name=Inbox&search_group=&search_inbox=0&search_startdate=&search_enddate=&search=TEST

 

Browse to IEInternals Blog

Configure a custom search provider – http://www.enhanceie.com/ie/searchbuilder.asp

Yammer Search Configure

 

Make sure it says  &search=TEST  in the URL.  Give the search provider a name and click Install

 

Make a search

Just type a search term in the address bar, then click the Yammer icon Twice

Yammer Search

In my example, I configured it to search within a group

Yammer Search Result

 

Other Browsers

For example, ou can do this in Chrome as well.  Follow the steps above to get the Search URL.

In Chrome browser Settings… Under Search, click Manage Search Engines

Make sure to follow browser specific instructions.  e.g. for Chrome, replace TEST with %s

Yammer Search Chrome Config

 

Search in Chrome

Type “yammer.com” to activate the search then type your search keyword.

Yammer Chrome Search

 

 

 

 

 

30 Days with Office 365 – Day 1

I’m kicking off 30 Days with Office 365 experiment with a Day 1 post on my Outlook experience today.  Being one of the more critical tools of my work day, I thought I’d start here and see how it goes.  I definitely wasn’t new to OWA (Outlook Web Access), and felt fairly confident I would be ok for awhile working via the browser.

Outlook

Pros

Login/Launch – I found the initial login/launch incredibly quick. The web page was responsive and I was in to my Inbox in seconds.

Touch Mode – On first login, the website asks me if I want to switch to desktop mode (instead of touch mode), and kindly asks me if I want to remember this setting.  Since I’m on a touch-enabled laptop, I decided to stick with desktop mode for the first day.

Creating/Replying/Deleting – Creating a new message and replying were fast as expected.  Same as with Outlook 2013, if I navigated away from a message (new or reply) a draft would be saved for me automatically.

Moving Messages – No issues moving messages into other folders.  Right-click exposed a context menu just like in Outlook 2013 and drag-and-drop worked as well.

Cons

 

Browser Tab – There wasn’t an easy way to open a second tab for things.  A fairly easy work-around, I simply created a second tab and navigated to the Calendar.

Threading – Every once and a while, this still throws me off.  Threading works as expected, but if you fork a message, the threading does not portray this like it does in Outlook 2013.  It just shows the messages in chronological order, which can give the impression that they were replies of one another, when in fact they just share the same subject.  There are some dots to the left of the threads, but without an authoritative answer, I’m only guess what they mean.

Signature – I am also missing the ability to store multiple signatures, but this is very minor and hasn’t been an issue for me.

Multiple Email – Since I’m in the context of one user account, I don’t have the ability to view/send email from multiple accounts like I would in Outlook 2013.  Easy work around was to have another tab open for my personal accounts.  I didn’t actually do this method, and found myself using my phone more for this scenario.

Calendar

Pros

Meeting Preview – With that out of the way, the Calendar functionality really is good.  The single click preview is awesome.

Meeting Preview

Single Pane – The general ability to do almost everything in a single window is really productive.

 

Cons

Personal Calendar – The biggest downfall for me was the inability to overlay personal calendars.  I have several calendars that I use and having multiple windows open for them is a bit of a hassle.  However, this won’t be the case with everyone and my phone still does an excellent job of aggregating appointments so I can see free/busy across all of them.

People

I will cover the “People” update under the Lync overview, Day 5

Tasks

Pros

Task Lists – Like Outlook 2013, Tasks are shown from Exchange, but can also be linked from SharePoint Online.  With that, the same great “merged” view of different task lists

Message Followup – I rely on Tasks a lot for following up on email requests and a simple right click allows me to set a follow up flag for emails.

Email Followup

 

Cons

I really couldn’t find any thing that didn’t work.

Search

The email search works as good as Outlook 2013.  However, the filters aren’t easily identifiable.  Here is a list of the filters that work:

From Searches the From field.
To Searches the To field.
Cc Searches the Cc field.
Bcc Searches the Bcc field.
Participants Searches the To, Cc, and Bcc fields.
Subject Searches the subject.
Body or Content Searches the message body.
Sent Searches the date sent. You can search for a specific date or a range of dates separated by two dots (..). You can also search for relative dates: Today, tomorrow, yesterday, this week, next month, last week, past month. You can search for the day of the week or month of the year.
Received Searches for the date received. You can use the same search terms as for Sent.
Category Searches the Category field.
Attachment Searches for the specified attachment by title. For example, attachment:letter.doc will find any message with an attachment named letter.doc.
Has Use has:flag to find items that are flagged.Use has:attachment to find items that have one or more attachments.

 

Touch Mode

I found Touch Mode great for tablet like scenarios (triaging email, quick responses, managing calendar, etc).  Though, I did have a little bit of trouble initially finding the option to switch back to desktop mode.

Touch Mode On Touch Mode Off
Touch Mode On  Touch Mode Off

Summary

All in all – it was a seamless transition for the day.  No challenges navigating or working with the Outlook in the browser.  I definitely did not experience any productivity loss, which was most important.  I don’t think I would have any issues converting over to Outlook (online) long-term, especially with the anticipated release of Office 365 Groups, which will integrate with Yammer.

Follow this on Storify: http://storify.com/erickraus/30-days-with-office-365

 

SharePoint Conference 2014 – Enterprise Social Sessions

I’m completely plagiarizing this from Christophe Fiessinger…stealing from an internal Yammer post.

Here is a list of Enterprise Social sessions from the recent SharePoint Conference.  See other posts on content from SPC2014:  Day 1  |  Day 2  |  Day 3  |  All Session Recordings (Channel 9)

Product 

Journey/Adoption

Developer

Executive track

Customers

Azure + Chef

Keeping the topic of Open Source going…I thought I’d share a bit of information on Microsoft’s partnership with Chef with Azure.

About 18 months ago, Opscode announced a strategic partnership with Microsoft Azure to support rich Chef integration:

Maximizing the power of public cloud platforms is best accomplished through the use of a dynamic, consistent automation engine. With Windows Azure and Opscode Chef, organizations can now make the most of all Windows Azure offers for Microsoft and Linux-based environments alike, delivering maximum flexibility and ease of use in bringing ideas to market and adapting to business change.

-Christopher Brown, CTO, Opscode

 

See it in Action

Below is a video of Ross Gardler (Senior Technical Evangelist from Microsoft Open Tech) doing a demo of building cloud resources in Azure with Chef cookbooks. Skip to 7:27

 

Resources