Unicorn companies are those that have reached $1B or more in valuation based on fundraising activities. Many popular names make this list, including Uber, Pinterest and Snapchat. Below are a few inspirational quotes from some these unicorn CEOs and founders.

Quotes from Unicorn CEOs

The bigger a company gets, the more people are involved in decisions, the slower decisions get made. Look, the whole theory of startups is that three motivated people can go and do something that every company can’t.

Garrett Camp, Uber

Read More …

Microsoft and Docker recently announced the expansion of their partnership, bringing Docker to Windows Server and Azure.

What is Docker?

There are a number of use cases that make Docker excited and valuable to organizations

• Automating the packaging and deployment of applications
• Creation of lightweight, private PaaS environments
• Automated testing and continuous integration/deployment
• Deploying and scaling web apps, databases and backend services

Read More …

LOTS of recent announcements on Microsoft mobile device management strategy are worthy of an aggregated post.

EMM Game-Changing Announcement #1

(source)

Intune-managed Office mobile apps that enable your workforce to securely access corporate information using the apps they know and love while preventing data leakage. This is achieved by managing/restricting actions such as copy/cut/paste/save-as and interaction/”open in” between apps in your managed app ecosystem.

Mobile Application Management for iOS and Android devices that enable you to keep corporate apps and content separate from user’s personal apps and data. This feature empowers IT to apply policy to the corporate content while staying clear of the user’s personal content. Microsoft is building containers for Windows devices that will be released as a part of Windows 10, and we have worked to drive consistent APIs across the containers being delivered across Windows, iOS, and Android devices.

App wrapping capabilities that help secure your existing line-of-business applications and integrate them into your managed app ecosystem without further development or code changes. Using the Intune wrapper your line-of-business applications will be able to participate in the same managed app ecosystem as the Office mobile apps and securely share content and data with those Office mobile apps. No wrapper from any other EMM vendor can do this.

Managed browser, PDF viewer, AV player, and Image viewer apps for Intune that allow users to securely view content on their devices within the managed app ecosystem.

Grant conditional access to corporate resources, including access to Exchange e-mail and OneDrive for Business documents. This access is based on device enrollment and compliance policies set by the administrator. This is also something that no other EMM solution can deliver.

Bulk enrollment of devices using Apple Configurator or a service account, simplifying administration and enabling policies and applications to be deployed at a scale (you can read more about this here).

EMM Game-Changing Announcement #2

(source)

Device Settings Management Exchange administrators can define configuration policies that are applied to Windows, iOS and Android devices and regularly review compliance reports for all the devices accessing corporate e-mail. There are more than 100 additional settings that can be configured over and above EAS.

• Advanced passcode/pin settings
• Device encryption
• Jailbreak detection

Conditional Access to Office 365 Data Exchange administrators can define and apply conditional access policies for access to Exchange Online and SharePoint Online. Corporate e-mail and file-sync do not flow to the mobile device unless the policies required in the conditional access policy are met. If for any reason the device becomes non-compliant, e-mail and file sync are stopped until the device is compliant once again. This significantly increases the level of protection of corporate data on mobile devices.

Selective Wipe of Office 365 Data If a mobile device is lost/stolen, or if an individual leaves the organization, IT professionals can wipe the Office 365 corporate data from devices while keeping any personal data intact.

Integrated Administration within Office 365 Exchange administrators can set policies directly from within the Office 365 administration portal via an easy to use interface with wizard-based set up. Office 365 administrators will see a rich device compliance dashboard that shows exactly what devices are being managed and the settings that have been applied, as well as which devices are/not compliant

Introducing built-in mobile device management for Office 365

(source)

These new MDM capabilities, set to roll out in the first quarter of 2015, will help you manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices, so you can:

Help secure and manage corporate resources—Apply security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents are synchronized only on phones and tablets that are managed by your company.

Apply mobile device settings—Set and manage security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is lost or stolen.

Perform a selective wipe of Office 365 data—Remove Office 365 corporate data from a device when an employee leaves your organization, while leaving their personal data, photos and apps intact.

Preserve Office 365 productivity experience—Unlike third-party MDM solutions that have replaced productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love. You can set access policies to help secure company data while keeping employees productive.

Manage policies with ease—Administer mobile device policies directly from within the Office 365 administration portal, through an easy to use interface with wizard-based set up. View reports on which devices are connected to Office 365 and identify devices that have been blocked due to non-compliance.

Ok, so maybe nothing is a bit of a stretch, but here is a different take on the traditional: “how do we manage devices?” challenge.

[dropcap]L[/dropcap]et’s start with a baseline understanding of what we do. A fairly neutral definition of IT is to provide organizations with access to information and tools to enable employees to make informed and timely decisions in the most efficient way possible – all at a justifiable cost. Fair enough? At the end of the day, employee productivity is about the creation and consumption of and decisions that surround information. In most cases, devices such as phones, tablets, PCs are just tools that give us the ability to create and interact with that information in order to make decisions for better of the business. That information is built from data generated in emails, meeting notes, reports, etc. etc. So, in summary, it should be fair to say, day-to-day business is all about data.

What’s the real problem?

Now to define the problem. How do you define a BYOD (“Bring Your Own Device”) effort? Is it an initiative to eliminate the cost of issuing employee devices? Is it allowing users to bring in any device from home with the premise that it is used for enhancing their productivity (making better/faster decisions)? Is it something ‘we have to do’ to appeal to a new generation of workforce? Or, is it simply, “all of the above” with a subtext, “how do we safely manage those devices?” Here lies the problem with any of those definitions: If the fundamental goal is to figure out how to manage all of today and tomorrow’s devices, it’s a losing proposition. Innovation is too great, and technology changes in a moment’s time. Besides, at the end of the day, how does that device ‘management’ help the business with access to their data?

Rarely in BYOD discussions do I spend a significant amount of time talking about data. Typically conversations are around MDM/MAM/Phone/OS strategy, etc. Rather, I see a need to change the conversation to “Data Management Strategy.” A focus on securing the data first and then offering a tiered approached of device management based on the end-user experience desired (more on this later). In the end, a data strategy first will have lowered the risk of accidental intellectual property loss in a manner that is device agnostic and allows room to scale.

A lesson from the music industry 

Take for example, digital rights managed (DRM) music. As a music lover, you want unlimited access to music. So you enter into a ‘contract’ with a company that licenses music (let’s say Xbox Music). In return for your monthly fee, a certificate is granted to you and the world of music is available to you. All of the music that you download can be played across multiple devices (tablets, phones, etc.) online or offline. The music file is what is managed, not the device, nor album art, or playlists, etc. Upon termination of our agreement, the certificate is removed from my device and access to play the music is revoked. The powerful benefit of this model is that Xbox Music knows very little of my machine therefore ‘wiping’ the device of all music isn’t required…the files just become obsolete.

Is it full proof? Like any system, it’s not 100% full proof. The system is not designed to be perfect, but rather protect against easy ways to exploit the system…mostly accidental loss and some intentional. Anyone seeking to be malicious, will probably succeed.

Build an ‘experience matrix’

In the world of security, user-experience is usually inversely proportional to protection. The more secure you want to make a system, the worse the experience gets for the user (think two-factor authentication). If organizations can protect their data first, managing devices becomes more of an experience discussion and security is determined by the level of experience desired. Microsoft (internally) offers a rich BYOD experience. MSIT has accomplished this by enabling employees with tools to protect the data first. A clear policy and mandatory training ensures employees understand how to secure the data. Then, MSIT publishes a support/management matrix for a wide category of devices. The matrix includes what experiences are enabled and what level of management is required to obtain that experience.

Recommendations for a Data Management (BYOD) Strategy

• Data classification. Protecting IP is important, but spending a million dollars over a year-long project to protect the holiday party catering menu, is not efficient. One size doesn’t fit all.
  
• Develop a matrix of experiences you want to offer with devices you will support. As much of this exercise is deciding what you will/won’t support as it is clearly documenting it for users to rationalize
  
• Build change into the strategy. One thing is for certain, by the time you implement a strategy, it will have new requirements. Build the strategy with agility in mind and answer question like:
  
  • What if iPads were no longer supported tomorrow?
    
  • What if WiFi is no longer free wherever you go?
    
  • Is the strategy flexible enough to support these and other situations?
    

On a frequent basis, I am asked by customers to explain “How Microsoft does….” with a wide variety of fill-in-the-blank technologies and scenarios.  I encourage similar request to first check out: “How Microsoft Does IT”.  However, I wanted to answer a popular request now with a current trend around “the cloud.”  Specifically, the Private and Hybrid Clouds.

Let’s first take a stab at defining these concepts.  Private means using resources that are dedicated to your organization, almost always on-premise.  Hybrid, as you may guess, combines on-premise infrastructure with shared infrastructure hosted by a provider.  There are definite trade-offs between these models – including: cost, control and capability.

The definition of “cloud” is more difficult because it depends on the company and the given pain points within IT.  However, most implementations share similar characteristics.  Most private clouds utilize resource pooling, self-service capabilities, elasticity and pay-by-use services that traditional infrastructure can not provide.

The general benefits of a private cloud include increased agility and responsiveness, reduced TCO, and increased business alignment and focus.  In addition, private clouds are more cost effective because of their ability to maintain higher workload densities and resource utilization.

Benefits

Microsoft’s Private Cloud offers four specific benefits.  They are All About The App, Cross-Platform Support, Best-in-Class Performance, Cloud on Your Terms.

All About the App

To an business user, it’s all about the App.  Most business users don’t care whether or not their application uses a “cloud” or a “rainbow” to access their data.  Just as long as it works, works well and works always.

Microsoft allows you to manage applications across the entire application lifecycle from design to deployment to upgrades and decommissioning.  System Center 2012 includes a new technology called Server Application Virtualization which allows organizations to simplify their deployment and management of server applications.

Cross-Platform Support

Microsoft understands that customer needs will vary.  Interoperability and cross-platform support from the metal on up is a core value of Microsoft’s Private Cloud.  Technologies supported include:

Hypervisor – Hyper-V, XenServer, VMware ESX/ESXi
Operating System – Windows, Linux: RedHat, SUSE, CentOS)
Application Development Framework – .NET, Java, PHP, Ruby, Python

Best-in-Class Performance

Virtualize applications like SharePoint, SQL Server, and Exchange on Hyper-V for best-in-class performance and scalability.  Test lab results show the scale of Microsoft’s Private Cloud solutions:

• 450,000 concurrent SharePoint 2010 users on 1 physical host (5 virtual guests)
• 80,000 OLTP users on 1 physical host (4 virtual SQL Server 2008 R2 guests)
• 20,000 Exchange 2010 mailboxes on 1 physical host (4 virtual guests)

Microsoft is recognized by Gartner as a top-right Magic Quadrant leader in x86 virtualization.

Cloud on Your Terms

Microsoft recognizes that many organizations have investments across on-premise infrastructure, private/hybrid and public clouds.  Microsoft’s Private Cloud offering includes the following common tools that work across all three infrastructure scenarios:

• management – System Center
• identity – Active Directory
• virtualization – Hyper-V
• development tools – Visual Studio / .NET

These common tools allow customers to move to the cloud as needed by the organization.  Whether the end goal is to move services to the public cloud or to simply become more mature with on-premise services, Microsoft’s Private Cloud offering enables customers to meet the needs of the business today with the option to adapt when the needs of the business change.

Cost

Microsoft’s Private Cloud solution is a cost effective solution for gaining maturity within your IT service offering.  In order to deliver the same level of cloud capability, VMware costs 4.8x as much as Microsoft.

Facts on Microsoft’s Private Cloud Infrastructure.

3,000 host servers (2500 clustered)
15,000 virtual guests

64 blade servers
128 processor sockets, 768 processor cores, 1536 logical processors
12 TB RAM, 16 x 10Gbps Ethernet, 32 x 8Gbps Fibre Channel

MSIT builds 300-400 VMs per month

Migration: MSIT migrated 200,000 configuration manager 2007 clients to 2012 in less than 90 days

Sources/Resources

Microsoft Private Cloud White Paper
http://download.microsoft.com/download/8/3/3/833189A4-87A3-4AE6-8E64-51F70E66EFFE/MicrosoftPrivateCloudWhitepaper.docx

System Center 2012 Capabilities and Feature
http://www.microsoft.com/en-us/server-cloud/system-center/default.aspx

How Microsoft IT Uses System Center Virtual Machine Manager to Manage the Private Cloud
http://technet.microsoft.com/en-us/edge/hh748210

How Microsoft IT Developed a Private Cloud Infrastructure
http://technet.microsoft.com/en-us/library/hh378174.aspx

At Microsoft, we have been supporting “Consumerization of IT” long before it was hot industry trend. Our internal IT department (MSIT) has always had a strategic goal of enabling the workforce and not inhibiting it. Employees are empowered to use devices that increase their productivity, including devices running Windows and even devices running non-Windows software.

However, Microsoft sees Consumerization of IT as more than just devices. Here are a few additional challenges MSIT frequently evaluates:

• Devices (Phones, Tablets, Slates, Netbooks, etc.)
• Identity (Corporate, Live, OpenID, etc.)
• Social Media
    -Internal (OfficeTalk, //mysites, SharePoint, Lync, etc.)
  -External (Facebook, Twitter, Skype, blogs, etc.)
• Cloud Services (SkyDrive, LiveMesh, Google+, Mozy, etc.)
• Application and Media Marketplace (Zune, iTunes, Amazon)
• Rich Media (YouTube, Hulu, Netflix, etc.)

With consumerization planning, organizations need to weigh Business Value against Risk Mitigation.

Business Value at Microsoft

Hardware – Microsoft has a 3 tier model for classifying user hardware. MSIT Standard, MSIT supported consumer, Self-hosted consumer devices.

Support – The global helpdesk is tiered much like hardware is. Standard hardware has full support from MSIT, whereas supported consumer products are supported by an offsite third party.  Self-hosted devices have no MSIT support.

Mobile – Microsoft recognizes the EAS (Exchange ActiveSync) logo certification process in determining which devices should be allowed to connect.  Line-of-business applications are supported and identity is handled through an intranet portal.

External Sites – Microsoft supports social media and encourages employees to use sites appropriately through regular training and awareness.  Very few sites are blocked at Microsoft and employees are allowed to connect with other employees, partners and customers through these mediums while at work.

Rich Media – Microsoft does not block rich media as it has become an effective way of distributing information.

Productivity – Enabling Anywhere, Anytime, Any Device mindset enables user to be productive in new ways.

Risk Mitigation by MSIT

Data – Blurring the line between business and personal data is risky.  Microsoft invested a great deal of time defining policies around data security (within IT and within the user population).

Procurement – Based on the tiered model of support, the Procurement department prepares hardware from the standard list as it would normally.  In the case of supported consumer devices, MSIT may work with third-parties to purchase these devices.  Self-hosted devices are purchased by the end user.

Provisioning – Microsoft manages both standard and supported devices under tools such as System Center – Configuration Manager. At this time, consumer devices are unmanaged and are the sole responsibility of the end user.

Software – Some applications are known to be problematic (e.g. peer-to-peer sharing software). Those software packages are among the few that are blocked from running on managed devices.

Management – Both standard and supported devices are domain joined and grant CorpNet (intranet) access. Self-hosted devices are not managed by MSIT.  However, there is limited connectivity to CorpNet available for these devices.

Support – Because all standard MSIT devices include a TPM chip, those devices in addition to supported consumer devices that also have a TPM chip, are allowed to configure DirectAccess. Consumer devices that do not meet these requirements must connect through Exchange ActiveSync.

Training – Microsoft has developed training modules on effective use of public social media tools.  Microsoft employees are also required to participate in regular training around disclosures and confidentiality.

Summary

As a Microsoft employee, I am able to choose the right device to do my job most effectively.  As a user, there is little thought I need to invest when it comes to how I connect a device to do my job.  The experience is seamless.  More than ever Microsoft is making investments in supporting multiple platforms, heterogeneous environments, and enabling users with a word-class software experience.