Eric Kraus


Dev Tools For All

Microsoft is executing on its vision of continually bringing the best of Microsoft to other platforms (not just Windows).  Today is an important day in that journey.  Several announcements were made today at Microsoft Connect () related to developer tools / platform.  Here is a brief summary:

.NET / Visual Studio

Read More …

Microsoft BYOD and Mobile Device Management

LOTS of recent announcements on Microsoft mobile device management strategy are worthy of an aggregated post.

EMM Game-Changing Announcement #1


Intune-managed Office mobile apps that enable your workforce to securely access corporate information using the apps they know and love while preventing data leakage. This is achieved by managing/restricting actions such as copy/cut/paste/save-as and interaction/”open in” between apps in your managed app ecosystem.

Mobile Application Management for iOS and Android devices that enable you to keep corporate apps and content separate from user’s personal apps and data. This feature empowers IT to apply policy to the corporate content while staying clear of the user’s personal content. Microsoft is building containers for Windows devices that will be released as a part of Windows 10, and we have worked to drive consistent APIs across the containers being delivered across Windows, iOS, and Android devices.

App wrapping capabilities that help secure your existing line-of-business applications and integrate them into your managed app ecosystem without further development or code changes. Using the Intune wrapper your line-of-business applications will be able to participate in the same managed app ecosystem as the Office mobile apps and securely share content and data with those Office mobile apps. No wrapper from any other EMM vendor can do this.

Managed browser, PDF viewer, AV player, and Image viewer apps for Intune that allow users to securely view content on their devices within the managed app ecosystem.

Grant conditional access to corporate resources, including access to Exchange e-mail and OneDrive for Business documents. This access is based on device enrollment and compliance policies set by the administrator. This is also something that no other EMM solution can deliver.

Bulk enrollment of devices using Apple Configurator or a service account, simplifying administration and enabling policies and applications to be deployed at a scale (you can read more about this here).


EMM Game-Changing Announcement #2


Device Settings Management Exchange administrators can define configuration policies that are applied to Windows, iOS and Android devices and regularly review compliance reports for all the devices accessing corporate e-mail. There are more than 100 additional settings that can be configured over and above EAS.

  • Advanced passcode/pin settings
  • Device encryption
  • Jailbreak detection

Conditional Access to Office 365 Data Exchange administrators can define and apply conditional access policies for access to Exchange Online and SharePoint Online. Corporate e-mail and file-sync do not flow to the mobile device unless the policies required in the conditional access policy are met. If for any reason the device becomes non-compliant, e-mail and file sync are stopped until the device is compliant once again. This significantly increases the level of protection of corporate data on mobile devices.

Selective Wipe of Office 365 Data If a mobile device is lost/stolen, or if an individual leaves the organization, IT professionals can wipe the Office 365 corporate data from devices while keeping any personal data intact.

Integrated Administration within Office 365 Exchange administrators can set policies directly from within the Office 365 administration portal via an easy to use interface with wizard-based set up. Office 365 administrators will see a rich device compliance dashboard that shows exactly what devices are being managed and the settings that have been applied, as well as which devices are/not compliant


Introducing built-in mobile device management for Office 365


These new MDM capabilities, set to roll out in the first quarter of 2015, will help you manage access to Office 365 data across a diverse range of phones and tablets, including iOS, Android and Windows Phone devices, so you can:

Help secure and manage corporate resources—Apply security policies on devices that connect to Office 365 to ensure that Office 365 corporate email and documents are synchronized only on phones and tablets that are managed by your company.

Apply mobile device settings—Set and manage security policies such as device level pin lock and jailbreak detection on devices to help prevent unauthorized users from accessing corporate email and data when a device is lost or stolen.

Perform a selective wipe of Office 365 data—Remove Office 365 corporate data from a device when an employee leaves your organization, while leaving their personal data, photos and apps intact.

Preserve Office 365 productivity experience—Unlike third-party MDM solutions that have replaced productivity apps with restrictive all-in-one apps for corporate email, calendars and documents, MDM for Office 365 is built directly into the productivity apps your employees know and love. You can set access policies to help secure company data while keeping employees productive.

Manage policies with ease—Administer mobile device policies directly from within the Office 365 administration portal, through an easy to use interface with wizard-based set up. View reports on which devices are connected to Office 365 and identify devices that have been blocked due to non-compliance.

Bye Bye Reader

If you haven’t heard, Google (“do no evil”) is shutting down Google Reader, among other apps on July 1.  Speaking for many colleagues, Google Reader was an integral part of my social and news gathering process.  I have SEVERAL apps (mobile, traditional, etc.) that use Google Reader as the aggregation back end and it begs the question, what is my alternative.

Until I find the next best thing, I am compiling a list of alternatives that I will begin evaluating and sharing feedback here.  Also worth noting, I am not including “desktop” applications in my search.  FeedDemon is probably one of the best here for Windows.


NOTE: My search started out great, but due to an overwhelming amount of people looking for alternatives, most of these sites are not working appropriately any more.  Check back in the next day or so.


News Blur –

Limitations in free account (only 64 sites is not going to cut it for me). However, I haven’t hit that limit yet and have found the site very intuitive and gives me a near Google Reader experience. Haven’t found any apps that support this (Windows specifically). For now, this is my tool.


Feedly –

Great – only that it is Firefox add-in, iOS/Android only.  Seems to be VERY popular on Twitter as an alternative.  When I load the add-in, it still asks me for a Google account.  It appears to be importing my feeds, which is ok now…but after Google Reader goes away, curious what the experience will be like.  The interface is slick and appears to offer me a comparable experience.  No Windows apps, but for others this won’t be as much of a problem.



Good Noows –

Simple, slick user interface.  Allows for Google Reader OPML import.  Several options to customize the layout of the page.  Good list of sources to pick from.  Doesn’t appear to have any mobile app support, but the browser experience on my Surface is not bad.


Q. Sensei Feedbooster –

Could not create an account. Navigating the site was awkward.  Seemed like I was logged in, but couldn’t click on anything, could not login, manage feeds, etc.


The Old Reader –

Looks promising. However, (no surprise) they are throttling their imports.  It also appears that they do not support tagging.


Netvibes –

Looks great – but pricing seems outrageous.   Logged in with Facebook and am working on adding content.  Doesn’t appear to be a Google Reader or OPML import feature.  It seems overly complex in comparison to Google Reader.  There appears to be an API, but my guess is that not many apps will support this.

Consumerization of IT at Microsoft

At Microsoft, we have been supporting “Consumerization of IT” long before it was hot industry trend. Our internal IT department (MSIT) has always had a strategic goal of enabling the workforce and not inhibiting it. Employees are empowered to use devices that increase their productivity, including devices running Windows and even devices running non-Windows software.

However, Microsoft sees Consumerization of IT as more than just devices. Here are a few additional challenges MSIT frequently evaluates:

  • Devices (Phones, Tablets, Slates, Netbooks, etc.)
  • Identity (Corporate, Live, OpenID, etc.)
  • Social Media
      -Internal (OfficeTalk, //mysites, SharePoint, Lync, etc.)
    -External (Facebook, Twitter, Skype, blogs, etc.)
  • Cloud Services (SkyDrive, LiveMesh, Google+, Mozy, etc.)
  • Application and Media Marketplace (Zune, iTunes, Amazon)
  • Rich Media (YouTube, Hulu, Netflix, etc.)

With consumerization planning, organizations need to weigh Business Value against Risk Mitigation.


Business Value at Microsoft

Hardware – Microsoft has a 3 tier model for classifying user hardware. MSIT Standard, MSIT supported consumer, Self-hosted consumer devices.

Support – The global helpdesk is tiered much like hardware is. Standard hardware has full support from MSIT, whereas supported consumer products are supported by an offsite third party.  Self-hosted devices have no MSIT support.

Mobile – Microsoft recognizes the EAS (Exchange ActiveSync) logo certification process in determining which devices should be allowed to connect.  Line-of-business applications are supported and identity is handled through an intranet portal.

External Sites – Microsoft supports social media and encourages employees to use sites appropriately through regular training and awareness.  Very few sites are blocked at Microsoft and employees are allowed to connect with other employees, partners and customers through these mediums while at work.

Rich Media – Microsoft does not block rich media as it has become an effective way of distributing information.

Productivity – Enabling Anywhere, Anytime, Any Device mindset enables user to be productive in new ways.

Risk Mitigation by MSIT

Data – Blurring the line between business and personal data is risky.  Microsoft invested a great deal of time defining policies around data security (within IT and within the user population).

Procurement – Based on the tiered model of support, the Procurement department prepares hardware from the standard list as it would normally.  In the case of supported consumer devices, MSIT may work with third-parties to purchase these devices.  Self-hosted devices are purchased by the end user.

Provisioning – Microsoft manages both standard and supported devices under tools such as System Center – Configuration Manager. At this time, consumer devices are unmanaged and are the sole responsibility of the end user.

Software – Some applications are known to be problematic (e.g. peer-to-peer sharing software). Those software packages are among the few that are blocked from running on managed devices.

Management – Both standard and supported devices are domain joined and grant CorpNet (intranet) access. Self-hosted devices are not managed by MSIT.  However, there is limited connectivity to CorpNet available for these devices.

Support – Because all standard MSIT devices include a TPM chip, those devices in addition to supported consumer devices that also have a TPM chip, are allowed to configure DirectAccess. Consumer devices that do not meet these requirements must connect through Exchange ActiveSync.

Training – Microsoft has developed training modules on effective use of public social media tools.  Microsoft employees are also required to participate in regular training around disclosures and confidentiality.


As a Microsoft employee, I am able to choose the right device to do my job most effectively.  As a user, there is little thought I need to invest when it comes to how I connect a device to do my job.  The experience is seamless.  More than ever Microsoft is making investments in supporting multiple platforms, heterogeneous environments, and enabling users with a word-class software experience.