Categories
Digital Transformation Intune Windows 365

Back from vacation – what did we miss?

Like the swede I am, I’ve been off work for the last 4 weeks to get my summer vacation. I’ve actually done my best to try to stay away from IT stuff this summer, to disconnect and focus on other things (like golf and getting our house in order).

But the world of IT does not slow down just because of summer, so here is a summary of some of the highlights that I missed during my time off!

I got renewed as MVP

Okay, this I already knew before the summer. But I was awarded for my 2nd year as an MVP within Windows and Devices for IT. I’m truly honored to be awarded for yet another year and being part of such a cool community of awesome people!

Ola Ström | Most Valuable Professionals (microsoft.com)

I will be speaking at WPNinja Summit

I was picked to do two session at the WPNinja Summit in Baden, Switzerland, the 27th to 29th of September.

I will do one session about Windows 365 networks and one about how to do better deployments of Windows 365.

I’m really looking forward to this and I hope to see you all there!

Windows 365 Switch in public preview

At Microsoft Ignite 2022, Microsoft introduced three big new features coming to Windows 365. In May, Windows 365 Boot reached public preview as the first of the three. Now in August, the second and maybe my favorite, Windows 365 Switch reached public preview!

Windows 365 Switch lets you switch between your physical PC and your Cloud PC through the task viewer, just like the other desktops you can have. It’s a really cool feature and I will cover this in a blogpost the upcoming weeks!

You can read more about it in the official Microsoft blogpost found here: Windows 365 Switch now available in public preview – Microsoft Community Hub

Windows 365 Frontline released

This was actually announced before I left for summer vacation, but Windows 365 Frontline finally reached general availability!

For those of you not familiar with this concept, this is a different licensing modell designed for scenarios where the users are not using their device all the time, user who work in shift where you have users coming an going. The concept is that you buy one license, but you get three Cloud PCs but only one can be used at the time.

It sounds a little bit tricky, I know, but I covered this in an earlier blog post which you can have a look at.

Read more about it in the Microsoft blogpost: Windows 365 Frontline is now generally available | Windows IT Pro Blog (microsoft.com)

What’s new in Windows 365?

Windows 365 got some other great updates during the summer as well as Microsoft released a lot of new features in both July and August.

Some of the new features released was:

  • Move Cloud PC is now generally available
  • New setting to allow users to reprovision their own Cloud PC
  • Azure network connection (ANC) least privilege update
  • Provide feedback button for admins is now generally available
  • Windows 365 web client camera support (preview)
  • Group-based license support for Cloud PC resizing
  • Windows 365 app update notifications for users

You can read more in details here about the new features: What’s new in Windows 365 Enterprise | Microsoft Learn

Windows 11 23h2 release update

Microsoft released new information about the Windows 11 23h2 update coming later this year. It is currently scheduled to be released in Q4 and will be released as an enablement package. This means that there are no big changes coming to the code base of Windows 11, and you can keep doing you testing on Windows 11 22h2 if you are still transitioning over to Windows 11.

Microsoft also mentions a Windows 11 LTSC version in this update, which means that if you are waiting for that release, you can start preparing.

Windows client roadmap update: July 2023 – Microsoft Community Hub

What’s new in Intune?

As per usual, Microsoft Intune has gotten it’s weekly updates during the summer. I think the most impactful update was the fact that uninstalling applications as an end-user in Company Portal is FINNALLY available! I know this has been something a lot of IT Pros has been waiting for. There are also a lot of new stuff in the 2307 Service release.

Some highlights:

  • Uninstall Win32 and Microsoft store apps using the Windows Company Portal
  • Use the Turn off the Store application setting to disable end user access to Store apps, and allow managed Intune Store apps
  • New BitLocker profile for Intune’s endpoint security Disk encryption policy
  • Intune supports new Google Play Android Management API
  • Change to default settings when adding Windows PowerShell scripts
  • New settings available for the iOS/iPadOS web clip app type
  • Settings insight within Intune Security Baselines is generally available
  • Tamper protection support for Windows on Azure Virtual Desktop
  • Endpoint Privilege Management support to manage elevation rules for child processes

What’s new in Microsoft Intune | Microsoft Learn

Screen capture protection and watermark

During the summer Microsoft updated how you can enable screen captrue protection and watermarks for Windows 365 (and Azure Virtual Desktop).

Previously, you had to upload a custom ADMX template to enable these settings (or GPO), but they have now been made available in the built-in ADMX profile in Intune, making this setting much more accessible.

I will cover this more in a future blog post

Azure Virtual Desktop Watermarking Support – Microsoft Community Hub

Screen capture protection in Azure Virtual Desktop – Azure | Microsoft Learn

Microsoft Inspire 2023

During the summer, Microsoft also held their Inspire conference which is usually more targeted towards partners, but there was a lot of good stuff announced and shared during the conference.

Check out the main keynote here: Microsoft Inspire Keynote

Any also the rest of the sessions: Session catalog (microsoft.com)

Categories
Digital Transformation

Controlling your carbon footprint in Windows

As many probably know, Microsoft released a bigger update to Windows 11 with the March Patch-Tuesday release. This patch was more than just patches, this included also some new features like the Windows 365 app which reached GA earlier this year, video recording in the Snipping tool and some pretty cool AI features from Bing.

But one of the better new features is, according to me, the new energy recommendations to help you decrease your carbon footprint. This new feature is just a set of recommended settings to set for your computer to be more energy efficiant.

The end-user could implement these settings themselves, but let’s face it, no one outside the IT department would look for that in the settings.

Since Windows does not enforce the policies to be changed, someone needs to make an active decision here.

This is what my device looked like when just jumping into the settings. What options you see might vary depending on what device you are using, and you can even get recommendations on a Cloud PC. In this example, I’m using a desktop PC. As you can see I have two settings which are not in line with Microsoft recommendations, and one which is managed by Intune. If I had a laptop, there would have been more options for me such as screen brightness and battery optimization.

Here I can select if I want to apply all or just a subset of actions. If I click on apply all, all settings will be updated to the recommended value.

I can also now see, if I step back in the settings menu, that I have enabled all available settings.

Conclusion

Even if this is a small update, I think it’s a good and important one to adopt. You can of course look into having these defined within your environment, which will mean that users cannot change these settings themself if they would like for some reason.

This is a balance between enforcement and spreading awareness amongst users. There might be reasons for users needing increased brightness on their screen as an example. But looking at this from a sustainability perspective, this is a great place to start working with your computers around this even more.

If you want to know more about the settings which is a part of this, have a look at this Microsoft support page: Learn more about energy recommendations – Microsoft Support

Categories
Digital Transformation

7 things I learned working from home in 2021

This is somewhat of a forgotten post that got left behind in 2021, but I thought I would share this with you.

Since 2021 has been somewhat of a semi-weird year, where we started seeing a way back to the offices but also faced new trends and buzzwords. My favorite ones during 2021 were “hybrid work” and “digital fabric”, both heavily used in the Microsoft world.

I’m coming at this from a millennial’s perspective, maybe going back to my posts about being a millennial in the workplace.

1. Hybrid meetings are here to stay

Since we are seeing more people going back to offices, but in a more flexible way, hybrid meetings are here to stay! Hybrid means you will have people remote and in the room.

This comes with a lot of new challenges and a “do’s and don’ts” worthy of a blog post of its own. But it´s clear that some things will be challenging in this and I would say it comes down to culture and good meeting manners. But also the fact that you need a Teams-link in every meeting and you most likely can’t do an old school whiteboard session like you are used to, because most of our conference rooms are that fancy yet.

Having people remotely connected means that if there is a lot of people in the room, you can’t whisper things to your college since this will most likely be picked up by the mics in the room and you won’t hear the person actually speaking.

Another thing that might be on the list of things you didn’t think of is if someone brought “fika”/pastry to the meeting for those in the room. This is fairly common in Sweden and is usually delivered in some kind of paper bag made for bread. So it makes A LOT of noise. This is a BIG problem if you join through Teams since all you will hear is that bag.

Do have your pastry, even though I will be jealous, but please get rid of the bag before the meeting!

2. Being at an office

I’ve felt this before, but the pandemic and “the return to offices” has confirmed this and made my belief even stronger. If I’m going to an office I’m going there with a purpose. Not just because “that’s where I go to work”. This is a very personal thing, and I know a lot of people who prefer working from an office. But we are now seeing a shift in the “standard approach” and you are no longer the weird exception wanting to work remotely. If I look at the people I interact with daily, they are not based in the same part of Sweden as me anyway, so I won’t meet them at an office.

There is a point of showing up and having social interaction, but if I want to get stuff done I’m way more productive at home. However, going in for meetings and workshops is extremely valuable, but then again I’m going to the office with a purpose.

I keep coming back to this, some of my first posts touched upon this. During my time at Microsoft the phrase “work is not a place, it’s something you do” was something that was really pushed out. I think this is still relevant, and the pandemic has shown this.

However, I’ve picked up kind of a new take on that quote which is “The endpoint is the new workplace, and the workplace is hybrid”. I will come back to this in 2022!

3. Corporate life revolves around an office

One thing I think was pretty clear when we were seeing the light at the end of the tunnel of the pandemic was that everyone got REALLY excited about going back to offices again. I was excited too, this meant that you could meet people again and do things face to face, which is important and meaningful. However, as I stated in the second point, this whole thing “business as usual” at the office and going there every day is not for me but I respect that people feel the need for this.

The standard has always been that you show up at an office to work, working remotely has always been the exception. If you are the kind of person who thrives at an office, that’s great! But if you are the kind of person like me, whose stress is reduced significantly by not having to show up at an office every day, that should be okay going forward.

The two years we have spent working remotely show that we can be just as productive and creative in a remote setup. Since not everyone is the same, we should in the future embrace that we are all different with different needs. Not everyone feels great about being at an office 5 days a week.

Also, the coffee is usually better at home and the line to the microwave is a lot shorter.

4. Hangout on Teams

In my world, I’m really bad at small talk in general and I have always preferred chat over talk. I’m the generation that if I call you, it’s probably urgent (or I’m driving).

However, working from home missing daily social interaction from others other than my girlfriend and dog have actually gotten me to value to call people or just connect to social team hangouts. I’m not always the person driving the discussion in larger groups, but I enjoy the company and listening in.

I’ve actually increased the number of 1:1 calls I have with colleges discussing work and other stuff. I usually call people with a purpose, but I’ve caught myself calling people just to small talk. Big learning for Ola!

5. I miss traveling for work

I had a really intense period in a previous role traveling A LOT. I actually never counted the number of travel days I had per year, but I easily spent 3-4 days traveling per week during some periods.

I was so done with traveling for work, and I wanted to settle for something more predictable being more in the same place all the time.

Now I’ve reached a point where I actually miss traveling for work. Maybe not 4 days per week, but the occasional longer trip to see a customer or just attend a conference.

I really miss that and I want to do more of that when we get more into a controlled Covid situation.

6. I’m not used to people anymore

I don’t consider myself as an introverted person, my conclusion is that I’m somewhere in between introvert and extrovert.

But this whole thing with only meeting people through Teams has made meeting people IRL something that I get really exhausted by. It really drains my energy.

We had a 1,5-day gathering with all the people who work at Advania Knowledge Factory and I basically needed a day to recover from just meeting people.

Getting back to not being exhausted after meeting people several days in a row will take some time getting used to.

7. Learn to stop working

This is probably what I’m really bad at during the weekdays, but I try really hard NOT to be in front of the computer on the weekends.

My typical day starts at around 9:00 am, most meetings tend to start then. I work until about 12:00 where I have lunch and take my dog for a walk, hopefully being back until 13:00 where after lunch meetings usually start.

Then I’m stuck behind the computer until about 18:00 or something like that when it’s time to start cooking dinner. I might not do actually work that late, it usually involves catching up on tech news and community stuff.

There is always one more email to reply to, one more blog post to read, and one more tweet to re-tweet. But learning when to stop is key and this is something I need to improve in 2022 to actually keep me sane. One thing that I’ve promised myself to actually start using is the virtual commute in Viva Insights. This is a really cool feature and the days when I’ve used it I’m more disconnected from work and can focus on other stuff. If you haven’t tried it yet, I really recommend you do!

Categories
Digital Transformation Modern Workplace

A millennial in the workplace – Covid-19 edition

I’ve been struggling quite a lot with how to write this post to make it relevant and adding something to the discussion. I also really want it to be inspiring and not only my opinions and personal thoughts.

The whole Covid-19 has really made me think about remote work and how the “new world” will look post Covid-19. It’s a hard topic to be concreate about since we are in the middle of the change.

I’m positioning this as a part two of the “A millennial in the workplace” post from 2019.

Oh, and the picture to this article is our new Chief Sunbathing Officer who takes her new role very serious.

Work is changing

Let’s face it, the work life is changing and a lot more sudden than most were expecting it to. The Covid-19 pandemic really challenged everyone to push their digital transformation in a much higher speed than some might have intended to. But also, the perception of remote work.

Looking at this year’s Microsoft Ignite, the common dominator was remote work for the workplace area.

When suddenly everyone had to start to work remotely, it wasn’t impossible anymore and we adopted to this situation. Even a lot of areas where it was deemed “not suitable” to work remotely suddenly were left without a choice and managed the situation.

We are still not seeing the end of this, so a lot of things will still change!

So where does this put us?

One thing which tends to pop-up when this is discussed is “when we go back to normal people will be expected to come back to the office”. But what if this is the new normal? Or at least partially a new normal.

Working from home has in my experience often been viewed as something you only do with special reasons, and often with approval from management. Now when Covid-19 is putting everyone in a situation where remote work is kind of then new normal, I’m strongly hoping to see a shift in the culture and mindset around this.

One thing I tend to hear often is the argument that “the employees are not feeling well since they are isolated”, and I completely understand that. Working from home/remotely put new constraints on the social aspect of things, the natural interaction by the coffee machine does not exist in the same way. However, there are also people who feel stressed over the fact that they are expected to show up at an office at a given time every day based on “that’s how it’s always been”. So why adopt everything based on the people who like the office? That doesn’t really cut it in 2020 to be honest and the new policy Microsoft put out regarding their new remote work policy is spot on where “Offer as much flexibility as possible” is somewhat of the message of it. You can read more about it in this brilliant article or go straight to the source.

The world is changing, and we had a shift about one hundred years ago where the eight-hour workday was enforced. After World War II most of the industrialized world had 40 hour works weeks. In Sweden, the 40-hour work week we see today were introduced in the 1950’s and introduced in the labour law in the 1970’s. (Of course, there are more to this from a legal and union perspective, but let’s leave all that). That was 50 years ago.

Choosing where to work

What is the point I’m grasping at?

What I’m getting at is that there will be a before and after Covid-19. We have now proven that remote work is something that works, and we are still productive. So why do we feel the need to enforce everyone to go back to the office?

I’m not saying that we should remove all offices and have everyone working from home. However, it should be up to each one to be trusted in choosing to work where they are the most productive. That could be the office but just as well from home. Or a combination which I believe strongly in based on choosing the office as a workplace and not the expectation “to show up”. Given that we all have a job to do, we are trusted in much more sensitive and important things than where we choose to do our job.

This will put more trust in the employer and increase the sense of being trusted with that I can myself choose how I do my job. The old term “work is not a place, it something you do” fit very well into this context.

Looking to myself and how I resonate around these things, I’m currently in a situation where I motivate why I go to the office rather than why do I work remotely.

Work-life balance

In my world, this comes down to one thing and that is work life balance. Even though I’m extremely passionate about what I do for a living, living is not only working in my world. There must be time for other things to relax and disconnect. There must be room for flexibility during my day, the sense of owning your own time.

For me, work-life balance is about being able to control and own my own time. During Covid this has been a challenge to manage since working from home means that you never leave your workplace. But for me this is something I’ve learned to deal with. It also breaks up my workday into pieces giving me possibilities to do errands, go to the gym, walk the dog and such things during the day and work a little more focused during late afternoons. For me, late afternoons are where I’m the most productive while before lunch is a less productive period of the day (not to speak of 7:30 until 9:00).

Conclusion

To be honest, I don’t really know what the conclusion of this is since this is more my thoughts on the topic.

The Covid-19 pandemic has proven that remote work is possible, and we are most likely seeing the new “normal”. There will for sure be a before and after Covid-19 and the work life will have to adopt to this.

However, everyone is different. Some need to be at an office surrounded by other people or just can’t work from home. There is also the other group who are more productive remote and do not feel the need for an office in the same sense.

You often see arguments that people need the office to perform and feel well as an argument that we need to get everyone back to the offices. But what about the other group of people who has been thriving during the last couple of months, where the trip to the office was a stressful moment. Are they less important or why are we expecting them to just adopt?

I think the “Offer as much flexibility as possible” quote I mentioned in the middle of this post will play a key part even for companies which are not called Microsoft. People are now seeing that it’s possible to work remote and finding what is working for them. I think they key part as I view this, is to offer a flexibility where I as an employee is trusted with selecting where my office should be. If that is 100% at home, 100% at the office or a mix shouldn’t matter. Work is not a place, it’s something you do.

This will be a cultural shift, not a technical shift. We have proven that our tools allow it, now we just need the corporate culture to allow it. For some, this change will happen fast while for others this will take time.

However, my strong belief is this will be a key element for many companies to hire Millennials and GenZ going forward. Why should I join a company which requires me to come to an office, when the other offers me the flexibility to choose when I go to the office?

These were my thoughts around this whole thing, what do you think?

Categories
Digital Transformation Intune Tips & Tricks

Recovery in a world without OSD

One of the big issues I hear people talk about when it comes to utilizing an image- and OSD less approach is “What if the hard drive breaks and we need to reinstall the machine?”. This is based on that assumption that we need to create a custom image with the drivers and such for recovery purpose. Disks do break, so this is a real problem.

However…

You probably bought that computer from one of the big computer manufacturers out there meaning that they thought of this.

In this article I will post many bold and naive statements, which you might not agree with. I understand that, but we also need to challenge how we have done things for the last 15 years. I’m not saying this is the whole truth, but I want to challenge the way you operate!

Disk failure

What happens when a consumer computer breaks down? Your typical home user does not have a Windows Deployment Services server running in their home network.

Most of the big manufacturers provides you with a new, fresh image created for your computer from their website, often using their recovery tool. The process to obtain the recovery image is a bit different based on which manufacturer, but it’s an uncomplicated way to recover a broken machine without the need to creating custom images.

Making use of what has already been created (and probably covered by the support commitment) should make sense. If someone else that we know and trust already created this, why shouldn’t we utilize it?

At least Microsoft, Lenovo, Dell and HP offers this service in one way or another.

A second option to this, but less ideal, is to use a generic Windows 10 image downloaded from Microsoft (or your Microsoft Volume Licensing Service Centre). The device will be missing all drivers to start with, but that is usually addressed using either the Windows Update feature or the driver update tool for that particular vendor (which you should consider using anyways to keep your drivers up to date on all your machines).

Resetting the device

If you for some reason need to reset a computer, there is no need to use an external media source to re-install Windows 10. This is built into the operating system, just like on your phone.

In Windows 10, instead of injecting your custom image, you simply reset the computer. Depending on where you are coming at it from, you might have to do it in different approaches.

Microsoft have documented this process very well here, so I won’t dig into it further on a how-to level.

Conclusion

I’m going to make a bold statement that many of you might not agree with. But operating systems deployment and creating custom images are a thing of the past. It will still be around for years to come since change does not happen overnight, and most companies have invested heavily in this. But it will start to fade away as more and more companies dare to trust the OEMs that their images are good enough. This will not solve data-loss at all, but it will bring the device back up and running which is often just as important for the user. Creating a custom image is an artform, but soon that artform needs to evolve into something else. There is a shift happening and we need to find other approaches to the old problems when we use new tools.

Today, this will not fit all scenarios. But if you look at the big picture, this could probably cover 80-90% of your user-base. Heck, you could have your users replace disks them self and then recover the operating system (imagine that!).

I’ve tried this with several different types of machines and manufacturers, and it works really well. You can even reset a custom image using the built-in reset feature. The result, however, can be a bit strange if you have removed a lot of the built-in apps etc. But the machine will still work and the user might not notice (especially if you make sure to deploy the needed apps to the end-user using Intune).

Combine this with the power of Office 365 and the cloud for storing your documents and work and you will have a pretty sweet setup where the device isn’t that important anymore.

Do explore the different possibilities in using standardized recovery media, but I’m not saying it will solve all your problems but it will take away some headache and hours spent on creating and maintaining custom images.

Categories
Digital Transformation Modern Workplace

Providing a modern workplace

This is a topic I’ve covered in some earlier article from the aspect of how we did it at my former employer. This time my idea is to cover this in a broader and more generic sense.

Living in 2020, IT is more than ever a big part and an enormous influence on your work environment and how productive you are.

IT is shifting from being a “technical” topic to be more of an HR topic, since it influences so many parts of your employment, a poor IT experience will heavily influence how happy you are with your employer. However, IT are still the ones responsible for it.

From talking with friends, peers, former co-workers, and customers there are a few things that tends to come back when it comes to IT in bigger organizations. And that is the lack of trust in that end-users knows what tools they need to perform their work and expects to get tools that support them in their daily work. There are of course exceptions to this but speaking in general terms I’m guessing that you don’t ask IT what tools you need to do your job; you ask your peers. Well unless you work in IT, then I guess you would ask IT… You get the point!

Users has diverse needs

We need to start considering our computers and mobile devices as tools, not “toys” in lack of better words.

If you think about it, if you were left one day at work without a computer and/or mobile device, would you be productive? Probably not. This means that these are crucial tools for our work since you are doing your business through them. Giving you something that is not fit for purpose would eventually be a bad investment, or not the correct tool. Still, computers and mobile devices are rarely considered business critical from an IT Service Management perspective.

If you think about it, your company spends a lot of time finding the right machinery, servers etc. for your business needs, but what about that computer you spend your day in front of doing business? Was that selected based on what your needs are or where you given the “corporate computer”?

Trying to stick to a “one size fits all” setup is deemed to fail eventually in a modern workplace. I have different needs for my computer/phone than people working as e.g. a communications professional. Also, a manager has different needs than the peers in their team.

I’m not saying that you should buy all the shiny things people points at and don’t standardize. What I’m saying is be smart in what you are buying. You have a diverse team with diverse needs, make sure you can full fill them!

For whom are IT working?

One thing that is extremely important, but sometimes forgotten, is for WHOM IT exist.

IT does not exist to provide IT with work tasks. IT exists to enable the employees of the company with tools fit for their needs to do their job in the best feasible way.

This is something we shall never forget. This is important. This is the sole purpose of an IT department. To be a support function to the core business.

At the same time, end-users need to understand that there is reason behind why things are done in a certain way. If they don’t know, it’s time to tell them!

Set goals and visions

To combat this, listen to what your end-users wants and communicate with them. Set clear roadmaps and vision for where you should be in let’s say five years. This will give you a goal to work towards and a roadmap to share.

By listening to your end-users, I’m not saying that they should dictate your every move. Be coherent in what their pain-points are and strive to minimize them. Thas how you can add real value and build trust in the organization.

I far to often hear “those people at IT have no idea what they are doing”. That shouldn’t be true. We should be the best at providing the services for OUR users. We should be the ones knowing their needs and strive to meet them.

Categories
Digital Transformation Modern Workplace

What is Windows Autopilot – management edition

There are A LOT of misconceptions what Windows Autopilot is. Today I will try to sort those misconceptions out.

You have already heard a lot of different presentations about Windows Autopilot, why you should use it and why it’s so great. Because of that, I’ll leave most of those things out. This wont a technical post about what Windows Autopilot is, this will be more of the management edition of this.

Windows Autopilot – the concept

The basic theory behind Windows Autopilot is to streamline and take away time-consuming phases in the setup process of a corporate computer.

In the “traditional world” you would need to be on the corporate network and press F12 on the computer to initiate the installation of your custom image, that your IT-guys built. This custom image of Windows contains all your customizations, drivers and settings are pushed through Group Policy Objects, also called GPO. Many companies requires the computer to be “known” before it’s installed and you do what is called a pre-stage where you create the computer account in the active directory (AD) and assign group memberships. This process can take from an hour up to a few hours based on your connection and size of image (it’s usually pretty big).

In the world of Windows Autopilot, you take advantage of that the hardware manufacturer has already put a Windows 10 installation on the computer, with drivers installed from the factory (this is actually how computers are shipped even if you don’t use Windows Autopilot). Your vendor/partner/IT-department registers the computer hardware ID, which is unique to each computer, with your Microsoft tenant. Computer can also be joined to Azure AD groups based on this hardware ID.

When the computer is launched the first time, the user will be greeted with “Welcome to Contoso” and then asked to sign in. When sign in is completed, the computer is registered in Microsoft Intune and settings and customizations are applied.

This process is A LOT faster than traditional OS-deployment. The entire process and the computer are ready to use in 30-60 minutes (based on connectivity). All traffic is routed through the internet during setup and any connectivity to the corporate infrastructure can be routed through VPN if needed.

If you do the math, you can deploy a whole lot of more computer for a lower cost using Windows Autopilot.

Windows Autopilot – the reality

This sounds pretty neat huh?

But what is Windows Autopilot? Is it a completely new tool? Will it replace Microsoft Intune? What will my IT-technicians do, they spend 80% of the time installing computers today?

Without getting to technical about this, Windows Autopilot is a new name on a bunch of things that has been around for a while. And some new features.

Windows Autopilot is utilizing a lot of different technologies and should be viewed more as a workflow or a process rather than a technical feature. It combines the power of Azure AD, Microsoft Intune, and Microsoft Store for Business to provide a streamlined process for installing new computers. That’s about it.

This means that Windows Autopilot is nothing else than an automated and standardized process of setting up computers for your company.

However, from a technical point of view, there is a lot more things going on though. But this is the simple version.

Key take-away

The key take-away, and the thing to consider, around Windows Autopilot is if you need all the fancy switches and total customization you have with the traditional approach. Or would a lighter weight management do the trick for you? It probably will…

There are of course some if’s and but’s around this, but in general there aren’t that much. Your users could get their computer delivered straight to them and set them up by login in, given that they have internet access at their location.

There are options to prepare the computer for the user by having a technician do half the registration and setup to then re-seal the computer and ship it off to the user, if you want to minimize the amount of work being done by the end-user. This way, initial setup will be shorter for the end-user.

If you view Windows Autopilot as an automated process to setup computers in your organization and not a technology, things get a lot easier. With that said, it won’t suite all your special situations for computers, but you will cover most cases for office-based work!

Categories
Digital Transformation

Expectation management and communications

Before we get started, I’m in no way pretending to be a communications professional. These are just my experiences and learnings down the road.

Let’s face it, and we all know this. In general, we in IT are not great in end-user communication and expectation management. We live and breathe technology, and somewhere we sometimes forget that someone is supposed to use our fancy-best-of-breed-solution.

Okay, a bit over generalizing but if you have worked in IT, I think you might recognize this. We often forget about the end-user and we fail to tell them about all the wonderful things we do, but also what they can expect from us.

I will try to provide you with a high-level view, to help YOU take the decisions what to do and why, not really the HOW in this post.

Now that we have managed the expectations, let’s get into this.

Expectations management

Since you are reading this, I assume that you are in some way involved in the end-user service area and are either providing or helping to provide services to end users. You are operating in the layer where most users interact.

But what have you promised your end users? What are they buying from you? Do they know or are they just “paying the bill”? This is something that varies between organizations, depending on size, location, culture, and previous structures of the IT department.

But what are you selling to your end users? Are they just buy “a computer” or are there more services attached like deskside support and a helpdesk?

There are a lot of questions related to this, and hence one of the themes for this post.

What do your users THINK that they are buying and what are you delivering?

This is the most important part which is also the trickiest one. To set an expectation with your users (which are your customers) on what they will receive buying the service from you. It might be that you are the only one that are allowed to provide this service within you organization, or that you are the preferred one but they could operate it them self or turn to a third party to provide this.

None the less, making it clear for the end users on what to expect from your service is increasingly important. Especially since enabling new services is three clicks and a credit card away…

What value are you adding to the equation?

End-user communications

Enter end-user communications. This is a hard area and there is a reason that organizations hire communications professionals. They might not know all about fancy IT stuff (that’s not why they were hired), but you can make sure that they know all about getting your message out there!

From my experience by working in the end-user area, this is something that is super important but also, very often forgotten about. We tend to update something we consider as small, but it might have huge end-user impact. If we don’t successfully inform our users about this, we might cause unnecessary frustrations. Even though we need to adopt an Evergreen mindset, we need to make sure that our users know what’s going on. Keep them in the loop.

I’m no communications expert, but I’ve seen and delivered the outcome from projects where there were a lot of end-user communications and less communication. What do you think where the most successful, in the aspect of user adoption?

Yes, the projects where extensive end-user communications were performed.

However, you always need to adopt amount/channels/information to whomever is the target for the change. Some information might only be needed by your support people, other information might be of more value to your end-users.

The go-do / take away

So, what is the takeaway from this?

Try to define your services for your end-users possible and communicate these. A PDF hidden away on a SharePoint site will never be found, putting it on some sort of intranet site might be a better idea to clearly state to your end-users what they can expect by buying the service from you and what value you add to them.

This is of course something that varies between businesses, but defining services is a crucial step to set the expectations right with your users.

I would also really encourage you to reach out to your communications professionals within your business for advice and work together with them. They can really help you get you message out there, making sure that your end-users (customers) understand why things are happening and changing in the way they are. But don’t expect them to do your work for you. You will still need to put in the effort but getting their advice and/or input might change the success rate of your project.

Categories
Digital Transformation Modern Workplace

The end of an era

It has finally happened. The process of decommissioning the old trusty Internet Explorer has begun.

Microsoft announced on the 17th of August that Micrsoft 365 will lose its support for Internet Explorer on August 17th, 2021. This is a quite tremendous change for many organizations, but it shouldn’t come as a surprise that Internet Explorer will be phased out eventually. Also, the “old” Edge will reach its end of life March 9th, 2021.

M365_Edge_ProductTeams_0-1597603232572.png
Image source: https://techcommunity.microsoft.com/t5/image/serverpage/image-id/212662i312B0747F33CC94E/image-size/large?v=1.0&px=999

Back when Windows 10 launched, there were a lot of buzz around the new, improved, browser Edge. However, it never took of (I however really liked it). A lot of business systems where built back when Internet Explorer was the thing and not always have the effort been put into adopting it to modern web.

With Windows 10, something called Enterprise Site Mode list was introduced, which was basically a XML list of sites where if you tried to go to them using Edge you would get redirected to Internet Explorer since that site was on your “not compatible” list for Edge.

We used this to a limited extent at my previous employer, but Internet Explorer was the default browser since we had no clue what other systems would have issues if we transitioned to Edge (or Chrome for that matter).

However, that was a few years ago and a lot has happened to Edge and there is a new Chromium (Chrome) based version out which is really good! And if you are a fan of the Chrome browser, but don’t want to have yet another browser installed to confuse your users, the new improved Edge is the way to go. It’s Chrome, but in a Microsoft shell (and you have Azure AD support without any extension).

But what does this all mean?

It means that it’s time to take the bull by its horn and start moving away from Internet Explorer as the default browser. The death of Internet Explorer is yet not announced in any shape or form but losing support for Microsoft 365 services is a major step in that direction.

The first step you need to take is to change into modern browser as the default for all your users. Since I’m a Microsoft advocate, I would suggest looking at the new Edge if you haven’t done so yet.

The new Edge comes for all supported Windows platforms, but also macOS, Android and iOS/iPadOS. You could have the same browser for all corporate web interactions on all platforms (and of course directing mobile devices traffic using Application Protection Policies).

Also, deploying Microsoft Edge out to your clients is easy. If you are using Microsoft Intune to manage your devices, Edge for Windows is part of the “App type” to make it even easier to deploy.

What is your default browser today and are you looking to shift to the new Microsoft Edge?

Comment below!

Categories
Digital Transformation Modern Workplace

The grey-area between work and private applications

(Originally published on LinkedIn)

TLDR; Microsoft AppStore, consider making this available for your users to unlock their full potential.

So, you have taken the leap over to Windows 10? (That’s awesome since support for Windows 7 ended 14th of January if you didn’t by additional extended support, I´m really hoping you did move).

Windows 10 brings you a LOT of new features, services, ideas and challenges. One of those is the Microsoft Store which grants your users access to all kinds of apps and other things like themes and language packs.

This is great, isn’t it?

This is an interesting topic. On one hand you have the fear of more support and your users demanding support for things your IT department is not prepared nor staffed for. On the other hand, this is a hidden gem full of potential and users expecting things to work in a certain way. This post will cover that, but mostly on the end of “this is a great idea” rather than “lock that down, we don’t support that!”. I’m not in any way judging someone or saying “your decision is wrong”, more on the hand of giving the point of view from someone who was responsible for 35k clients and what I learned from that and form talking to customers, peers and friends who uses Windows 10 in a corporate setup.

Disclaimer before I start. I will as usually oversimplify stuff (as the naive millennial I am), don’t care about network capacity and things like that. This will target an expected user behaviour and user expectations. Also, I’m aware that I’ve in some way or another discussed this with people who reads this and I’m not calling you out on any things mentioned in this in any shape or form, you inspired me to write this. I might also be neglecting any legal/licensing aspects of this.

Microsoft Store – the difference between private and corporate

But let’s start with the basics. What is Microsoft Store?

Microsoft Store is a marketplace for applications, much like the AppStore/Google Play Store we know from our phone (I know MacOS also have this but I’m leaving that out for now). The store offers users to download applications to their machine from a trusted source (applications are checked by Microsoft before being published) and they can install these without privileged access (admin access). All applications are installed in a user-context and user A will never see user B’s applications. The risk or malicious code is extremely small.

There is however one major thing to point out here, which is easily missed. There IS a distinction between your private sphere and your corporate sphere.

If you download e.g. Spotify or Netflix, this application will be connected to your PERSONAL Microsoft account if you download it from the public part of the store. If you choose to download it without and account, it will still be connected to a “personal sphere”.

BUT if you download an application from the business side of the store, this will be connected to your corporate account. To download things connected to your corporate account, you need to enable Microsoft Store for Business and this will give your users a new tab in the store called e.g. Contoso. Everything downloaded from this tab, will be connected to your organisation and you will have to obtain a license for it (free or paid). This requires your users to either sign in with their Azure AD account, you to enable hybrid join or the machine being only Azure AD joined.

This means that Windows can keep track of what is private and what is corporate which means that you will only need to keep track of what YOU support.

What if your employees are more productive if they listen to music? Should you block that on their computer? And what happens when you block e.g. Spotify on their corporate computer?

Well, most information workers today have corporate issued smartphone… You didn’t restrict that app on those kinds of devices. So, your workers will consume that service, with a privately owned account, anyways on a corporate device…

And to be honest, if you blocked this one their corporate phone, they would use their personal device instead (or even an old fashion radio).

Enter the grey-area between work and personal life

What does your user expect in the form of services, support and how to use their devices?

User behaviour has shifted a lot since the dawn of device management. We are now entering 2020 and most people have some form of knowledge of how to use a computer or a phone. This means that the expectations are shifting and we at IT needs to adapt to this and understand that our users now know their way around a computing device (computer or phone). Concepts as internet, App-stores and browsers are not new, this has been around for about a decade (the Apple AppStore was released 12 years ago, in 2008). The next generation workforce is also entering the market, and now I’m talking about the Gen Z people who doesn’t know about the world without internet and computers. Millennials are entering their 30’s, time to move on and stop being scared of us.

All this, and the fact that >80% of the population in Sweden have access to a smartphone, means that we need to expect more from our users today than we could 10-15 years ago. We can also expect that they know what services they need, e.g. Spotify might not be a corporate app but might be something that your users’ need to stay focused (and paying for them self). Simply put, we have more experienced users today and we need to meet their expectations, not limit them from reaching their full potential. Simply put, using a computer to perform tasks is not a new thing anymore.

The use of such apps leaves a grey-area between what is work and what is personal. E.g. Spotify might be something your user is using to stay focused to do their work better, while paying for it as a personal service, and it’s not accessing any corporate data since its running in an isolated container (I’m intentionally leaving out network from this). Since this is a subscription service, purchased privately and consumed on personal devices, this won’t require any support from you and the user won’t expect it either. They application will also be “owned” by their personal account, not the corporate one.

What do we support?

One thing I’ve heard from several different customers/partners/peers is “What if they call and want support on application X, we must support whatever we allow on the device”.

My usual answer to this is “Do you support Angry Birds on iPhone?”. The most common answer is no.

Why? Well, it’s not a corporate app. Neither is Spotify, Netflix, WhatsApp, Messenger, Twitter is a corporate app. UNLESS you make it available in the Microsoft Store for Business.

If you make it available in Microsoft Store for Business, that means that you as a company acquired a license for it and you actively made it available for the user. The same goes for applications from Apple AppStore (using VPP) and Managed Google Play. Any application you mark as a corporate approved application, you should expect your users to expect support on.

What about everything else in the app-stores? Well simply tell your users that this is not an application approved for your company and they need to reach out to the application developer/vendor for support, its simply “not supported” by your organisation. Like I said earlier, you don’t support all +130 million applications in the iOS AppStore, do you?

What does real life users expect?

By talking to network of friends, customers, peers, and former co-workers. What do they say?

Well it was a straightforward, non-statistical secured, answer:

We do not expect IT to help us out with applications we obtain for “personal use”

This means if they have problems with e.g. Spotify or any other applications which is not work relate nor sanctioned by/licensed by their employer, they won’t call IT. This is also something I can confirm as previously being the operations manager for the client platform in a global company, support for app-store apps is not a huge problem. And if you managed the expectations from your users in an effective way, you will be fine.

Let’s face it, the way we use technology today is different from that it was 5-10 years ago. We need to adapt.

The go-do…

What’s the go-do from this? Well, I’m not saying that you should make this available for all users tomorrow but consider piloting this outside the comfort of IT and evaluate the outcome before deciding. This might be an appreciated addition to your offering towards your end-users.

What are your thoughts? Do you see the app-stores on the different platforms as hidden potential or a potential support problem? Let me know in the comments.