Categories
Modern Workplace

Naming conventions

Ah the precious naming convention. Something that has historically been particularly important, and still is today but in a bit of a different way.

Lately this topic has come up in various situations, and I had started a post about this a few years ago talking about how we did it back then and the reasoning behind how we did back at my former employer. But then life happens and I’m now working in a completely different role.

How did we get here?

So, this whole topic has somewhat of a history. Naming conventions, or naming standards, have always been a hot topic with things almost viewed as you can do it in a correct way or a wrong way (this is extremely exaggerated). Naming things can be an art, where you compress things as much as possible to have as much information as possible in the name of things.

Let’s take computer names for an example, everyone has a standard for this and its roughly the same idea everywhere:

  • You want to identify in which country the device is [SE]
  • You want to identify which city, office, or business unit [STO]
  • Based on historical decisions, you want to separate laptop and desktop [L] / [D]
  • You throw in the word PC to identify it as a PC and not something else [PC]
  • You have a number sequence at the end [1234]

This would give you a computer name such as SESTOLPC1234.

Does this sound familiar? Many choices you made several years back are still present in the name since you haven’t managed to get rid of it due to different internal discussions never leading to a decision.

Same would go for your security groups and distribution groups, you have prefixes based on different objects. Same goes for your Intune profile names.

Does names matter?

So, the big question, does this really matter anymore? I would argue that it does, but not in the same way as it used to do.

At the end of the day, this is only a name. Having a diverse IT environment as workplaces are today, we can only control the naming of a subset of all devices (mainly Windows PCs). This means that your iPhones, iPads, Androids, and Macs won’t follow your naming convention since they simply do not support this fully.

The name is to help identify the device, but if you look at your inventory in e.g. Microsoft Intune, I would guess that most of your iPhones are called “iPhone” leaving your clueless anyway. All devices (except for shared) are connected to a user, so you are usually better of finding devices based on the user. The device also has a lot of meta data which is searchable, such as serial number, which is an effective way of finding the device since the device name is something that potentially changes during the lifecycle of a device.

Key take away

The naming of devices is maybe not as important as it used to be, but there might be scenarios where its useful. The most important thing to remember is that there are no right or wrongs, it’s all based upon the wants and needs of your organization and what makes sense to you. All the different device platforms in the office space supports this in different ways as well, so what is possible on your Windows device might not be possible on your Android devices.

What I usually do for Windows is to use a three-letter pre-fix and the serial number as a name. This pre-fix changes depending on the type of device. One setup could be like this:

  • OPC-1234567 where OPC stands for Office PC
  • SPC-1234567 where SPC stands for Shared PC
  • MTR-1234567 where MTR stands for Microsoft Teams Room
  • KIO-1234567 where KIO stands for Kiosk

Setting names like this is mostly to easily identify what flavour of a Windows device it is, but that would be even better to add as meta-data to the device or using e.g. scope-tags or device categories. There are many ways to add that information to the device, but using different pre-fixes are the simplest.

At the end of the day, device name is something that is more for convenience rather than functionality. Even if my computer is called “Olas computer” or “DESKTOP-Q2E3RE” it would be possible to add it to dynamic groups and find information about it.

Categories
Intune Modern Workplace

Once you go Mac…

I used to be an avid Mac user and major Apple fanboy back in like 2011-2013. Then I joined Microsoft and got to see the other side, the dark side… Somewhere in the hidden corners of the internet, I even have a blog post called “once you go Mac, you never go back” saying I would never use anything else then a Mac.

Jokes a side. Coming out of a more communications and media technology world from college, Apple and Macs was the best there was. Then the iPhone came along and changed the whole mobile device world.

I was a Mac user from around 2008 until 2017 even if in the later years I rarely used my personal Mac. Then the Surface Laptop was released and that’s what my personal laptop still is.
Now that I’m about 10 years older than in 2011 and I have a completely different approach to things. One is not better than the other, it totally depends on who will use it if it’s better or not.

This post will not cover HOW to configure, more discuss why and what.

macOS and management

So, how would you go at this?

Just like for mobile devices, there are a lot of different tools for managing macOS. As usual, my approach is Microsoft Intune, but for macOS specifically there might be other tools like Jamf Pro which has a lot more features (but also comes with a completely different price tag).

You know I’m all for making use of what you have and getting the most bang for your buck, so let’s talk about macOS and Microsoft Intune.

Setting the expectations right

One thing to keep in mind when it comes to managing macOS. The possibilities are not even close to what you can do on a Windows 10 machine, and what we can control comes down to what APIs Apple allows mobile device management tools to use. Setting up management for macOS and expecting the functionality of a domain joined computer, this is not what you will get.

The experience is more closely related to how you approach managing mobile device. You put a management layer on top of the experience. There basically three ways to view management of Mac’s:

  • Automated Device Enrollment
  • Device Enrollment
  • User enrolled

The two first ones are the most common ones while User enrolled is more for BYOD scenarios and gives less functionality and manageability. Both device-based methods are very similar, but the Automate Device Enrollment makes use of the Apple Automated Device Enrollment service, ADE (previously DEP), which will increase the possibilities for management and prohibit the user from removing the enrollment.

The experience to enroll macOS is more closely related to how you approach managing mobile device. You put a management layer on top of the experience. macOS utilizes what is called “User Approved enrollment” which means that the user must ALLWAYS approve the installation of management profiles, even is automated device enrollment is used. This will add extra steps to the enrollment process compared to mobile or Windows devices where this is automated in a higher degree.

If you are looking for a more deeply integrated management method, Jamf Pro is more where you need to head, but then we are talking additional licensing.

What to manage

Moving on to what you need to manage on the device. This is of course based on your organizational needs, both regarding configurations and security. There are however a few things that might be a good minimum, such as:

  • Wi-Fi settings
  • Encryption and FileVault (macOS equalent to Bitlocker)
  • PIN/Password
  • Endpoint protection
  • Application distribution
  • Compliance settings
  • SSO extension

There are a lot of more things we could potentially configure, but keeping it to a bare minimum, this is a great start and does not limit us from expanding this down the road.

One thing to use as a guiding principle is to think about what you NEED to manage and not configure settings just because you can. Is there a need to block let’s say Spotlight suggestions, or could this be useful for the user and resulting in a poorer end-user experience? This is important to keep in mind for all platforms, not only macOS to be honest. Don’t block just because you can, configure based on needs.

Why manage?

So why do you want to manage your Mac’s? That is the million-dollar question and something that you need to figure out before even starting. This doesn’t need to be super fancy or technical, just define the goal you have. This might be:

  • Ensure that all devices are secure
  • Get inventory of what devices are used
  • Provide your users with a better experience

Or you could have more defined demands coming from your organization regarding legal demands or security demands.

By managing your Mac’s, you will gain a better understanding of what devices are used within your organization and you can ensure that you provide your users with a good and secure platform. By managing the device, you can also provide settings such as Wi-Fi access automatically to the devices without the need for the end-user to know where to find the information. Same would go for applications. You will bring the platform closer to what you know and love when it comes to device management even though the expectations need to be separate from let’s say the Windows platform.

Categories
Modern Workplace

Dear 2020…

Wow, it’s already a new year. Even if 2020 was a weird year, it went by fast! And for those who wonder, the deer doesn’t have anything really to do with this post. It’s more of a pun… Deer 2020… Okay, I’ll show myself out….

A lot of things to look forward to in 2021, such as a vaccine against Covid-19, new Windows preview builds, new Teams features and much, much more.

The start of a new year is wonderful opportunity time to reflect on the past year, because even though 2020 was a weird year a lot of things happened. I’ve decided to split this one into different areas just to be able to sort out my thoughts a little bit.

Personal life

So personal life… This doesn’t really qualify into this blog usually. But since 2020 ment working from home all the time, personal life is an important part. Relaxing and disconnecting got even more important for me during 2020. I found something that allowed me to disconnect from work stuff and focus on something else which I haven’t really done the last couple of years. Like a lot of other people, I took up golf again during 2020. Not so much because of Covid-19 but more in the sense of this is something I’ve been playing since I was like 6 or 7 years old and I finally found the joy in it again.

Professional life

2020 was the strangest year in my professional life, as for everyone else. I started a new job just a few months before Covid-19 happened, went back to being a consultant again. Since I started right before the pandemic really took off, it’s been a little bit of a weird start for a new job since you haven’t been able to really meet your co-workers nor your customers physically. Strange times!

Also, regarding my professional life I’ve shifted over to this blog as a platform to share my experiences, findings, and learnings. I’ve tried to keep a consistent flow, but my inspiration went on isolation during the end of the year (I blame the darkness). I’m hoping that the lighter times which are coming, and the snow, will get me back on track!

Modern workplace life

This heading is weird, I know, but bear with me…

2020 was probably one of those years that forced a lot of companies and workplaces to jump forward in their thinking and implementation of workplace services. We all saw Teams skyrocket as a meeting platform, VPN usage was of the charts and collaborating digitally is the new black.

I’ve written a bunch of different blog posts about the modern workplace the last year, and also published some old LinkedIn articles.

During the last year, a lot have happened. We are working in a different way and everyone has gotten a taste of what working remote means, proving that we can do stuff while not at the office (hopefully killing that old face-time requirement). The term “work is not a place, it’s something you do” has definitely come into play!

I think the biggest impact for the modern workplace during 2020 was in fact the Covid-19 pandemic. This challenged a lot of companies to drive their adoption fast, or even in some cases get started. It has also put a bigger trust in that the end-user knows how to handle the tools provided and IT’s role in providing the correct information and education has become increasingly important.

During 2020 we saw a lot of great improvements to a lot of popular Microsoft products. One of the most obvious one for the modern workplace was Microsoft Teams. We got A LOT of new functionality during 2020, not only post Ignite, but as a steady stream of news. This really improved on an already great platform. Oh, and let’s not forget about the increase of Teams usage!

Intune also got its steady stream of updates and the “Corporate-owned devices with work profile” management method for Android finally saw the light of day (still in preview however). I think this will be a really nice add-on when released based on the user experience it provides for corporate devices.

One of the most exciting new things, which I still have not tried out, is Microsoft Tunnel. A simple VPN solution for mobile devices which doesn’t require large investments or changes in your infrastructure if you are using a Microsoft based VPN for you Windows devices today. It will be exciting to see this product go into general availability.

Going forward

I most likely forgot a lot of things that I should have included. But hey, it’s been a weird year!

Now let’s focus on what 2021 holds. This blog will keep on living and my focus will stay on the “softer” stuff around modern workplace and not the hardcore technical stuff.

Categories
Digital Transformation Modern Workplace

A millennial in the workplace – Covid-19 edition

I’ve been struggling quite a lot with how to write this post to make it relevant and adding something to the discussion. I also really want it to be inspiring and not only my opinions and personal thoughts.

The whole Covid-19 has really made me think about remote work and how the “new world” will look post Covid-19. It’s a hard topic to be concreate about since we are in the middle of the change.

I’m positioning this as a part two of the “A millennial in the workplace” post from 2019.

Oh, and the picture to this article is our new Chief Sunbathing Officer who takes her new role very serious.

Work is changing

Let’s face it, the work life is changing and a lot more sudden than most were expecting it to. The Covid-19 pandemic really challenged everyone to push their digital transformation in a much higher speed than some might have intended to. But also, the perception of remote work.

Looking at this year’s Microsoft Ignite, the common dominator was remote work for the workplace area.

When suddenly everyone had to start to work remotely, it wasn’t impossible anymore and we adopted to this situation. Even a lot of areas where it was deemed “not suitable” to work remotely suddenly were left without a choice and managed the situation.

We are still not seeing the end of this, so a lot of things will still change!

So where does this put us?

One thing which tends to pop-up when this is discussed is “when we go back to normal people will be expected to come back to the office”. But what if this is the new normal? Or at least partially a new normal.

Working from home has in my experience often been viewed as something you only do with special reasons, and often with approval from management. Now when Covid-19 is putting everyone in a situation where remote work is kind of then new normal, I’m strongly hoping to see a shift in the culture and mindset around this.

One thing I tend to hear often is the argument that “the employees are not feeling well since they are isolated”, and I completely understand that. Working from home/remotely put new constraints on the social aspect of things, the natural interaction by the coffee machine does not exist in the same way. However, there are also people who feel stressed over the fact that they are expected to show up at an office at a given time every day based on “that’s how it’s always been”. So why adopt everything based on the people who like the office? That doesn’t really cut it in 2020 to be honest and the new policy Microsoft put out regarding their new remote work policy is spot on where “Offer as much flexibility as possible” is somewhat of the message of it. You can read more about it in this brilliant article or go straight to the source.

The world is changing, and we had a shift about one hundred years ago where the eight-hour workday was enforced. After World War II most of the industrialized world had 40 hour works weeks. In Sweden, the 40-hour work week we see today were introduced in the 1950’s and introduced in the labour law in the 1970’s. (Of course, there are more to this from a legal and union perspective, but let’s leave all that). That was 50 years ago.

Choosing where to work

What is the point I’m grasping at?

What I’m getting at is that there will be a before and after Covid-19. We have now proven that remote work is something that works, and we are still productive. So why do we feel the need to enforce everyone to go back to the office?

I’m not saying that we should remove all offices and have everyone working from home. However, it should be up to each one to be trusted in choosing to work where they are the most productive. That could be the office but just as well from home. Or a combination which I believe strongly in based on choosing the office as a workplace and not the expectation “to show up”. Given that we all have a job to do, we are trusted in much more sensitive and important things than where we choose to do our job.

This will put more trust in the employer and increase the sense of being trusted with that I can myself choose how I do my job. The old term “work is not a place, it something you do” fit very well into this context.

Looking to myself and how I resonate around these things, I’m currently in a situation where I motivate why I go to the office rather than why do I work remotely.

Work-life balance

In my world, this comes down to one thing and that is work life balance. Even though I’m extremely passionate about what I do for a living, living is not only working in my world. There must be time for other things to relax and disconnect. There must be room for flexibility during my day, the sense of owning your own time.

For me, work-life balance is about being able to control and own my own time. During Covid this has been a challenge to manage since working from home means that you never leave your workplace. But for me this is something I’ve learned to deal with. It also breaks up my workday into pieces giving me possibilities to do errands, go to the gym, walk the dog and such things during the day and work a little more focused during late afternoons. For me, late afternoons are where I’m the most productive while before lunch is a less productive period of the day (not to speak of 7:30 until 9:00).

Conclusion

To be honest, I don’t really know what the conclusion of this is since this is more my thoughts on the topic.

The Covid-19 pandemic has proven that remote work is possible, and we are most likely seeing the new “normal”. There will for sure be a before and after Covid-19 and the work life will have to adopt to this.

However, everyone is different. Some need to be at an office surrounded by other people or just can’t work from home. There is also the other group who are more productive remote and do not feel the need for an office in the same sense.

You often see arguments that people need the office to perform and feel well as an argument that we need to get everyone back to the offices. But what about the other group of people who has been thriving during the last couple of months, where the trip to the office was a stressful moment. Are they less important or why are we expecting them to just adopt?

I think the “Offer as much flexibility as possible” quote I mentioned in the middle of this post will play a key part even for companies which are not called Microsoft. People are now seeing that it’s possible to work remote and finding what is working for them. I think they key part as I view this, is to offer a flexibility where I as an employee is trusted with selecting where my office should be. If that is 100% at home, 100% at the office or a mix shouldn’t matter. Work is not a place, it’s something you do.

This will be a cultural shift, not a technical shift. We have proven that our tools allow it, now we just need the corporate culture to allow it. For some, this change will happen fast while for others this will take time.

However, my strong belief is this will be a key element for many companies to hire Millennials and GenZ going forward. Why should I join a company which requires me to come to an office, when the other offers me the flexibility to choose when I go to the office?

These were my thoughts around this whole thing, what do you think?

Categories
Microsoft 365 Modern Workplace

Use your webcam!

We are about a year in to Covid-19 and remote work has been introduced to a whole lot more people. It has also proven that remote work is possible even for people who were really sceptic about the concept pre-covid.

One thing that has really blossomed during this pandemic is remote meetings, using tools such as Microsoft Teams. Many of you were pretty used to having online-meetings even before this pandemic, but not to the extent we see today.

Enhance your meetings

Given that you are by now probably quite used to online meetings, it’s time to take the next step in your meeting experience and turn on that webcam.

For some strange reason, it seems like we in IT are particular hesitant towards using the webcam during meetings. We are the ones that should lead by example, and we probably encourage others to use their webcam during meetings.

By turning on your webcam you will increase the experience not only for you, but for everyone in the meeting. The feeling of presence will increase and getting a face on whom ever is speaking is making it a lot easier to follow along and will decrease the interruptions.

What if your hair is not on point?

My hair is not on point either, but if you are dressed you are good to go! It’s okay to not be comfortable with how you look today, but imaging that you are at the office, then you would meet people non the less.

Also, we are all in the same situation at the moment.

But the room I’m sitting in is such a mess!

If you are using Teams (or Zoom for that matter) you can use custom backgrounds or just blur the background. It’s perfect for situations when your background is not on point. I regularly use it if I’m sitting at a café or such, to not get people walking behind me. One of my favourite background to use is however the Ollivianders store background from Harry Potter.

My point is…

What is the point I’m trying to get at?

Make the effort to show up to meetings using the webcam. I do that all the time. Sometimes I’m the only one with my webcam on, but I leave it on. It also makes others turn on their camera (without asking).

Let’s all make it a custom to turn on that webcam when we join a meeting to increase the experience for everyone!

Categories
Microsoft 365 Modern Workplace

The road to productivity

Since you read my blog, my guess is that you are in the Microsoft ecosystem. That could be running a Windows computer, using Microsoft 365, or administrating 35 000 devices in Microsoft Endpoint Manager.

But let’s talk about Microsoft 365, or Office 365 as we can also call it. Because this post will focus more on productivity tools rather than devices.

Transitioning to modern tools

My hope is that you are already today using the Office 365 suite, which could be Outlook, Word, Excel, and PowerPoint. I hope all of you are already made the transition over to Teams or have at least planned what your journey will look like moving away from Skype for Business. But Office 365 contains so much more than just these six usual suspects. Office 365 is a suite packed with a lot of different productivity and collaboration tools.

What you can access depends of course on what licenses you have bought, but you will have a tool for basically every situation.

File sharing – OneDrive for Business. Collaboration – SharePoint. Project management – Projects. Kanban boards – Planner. Corporate videos – Stream. Big all company meetings – Teams Live Event. Note taking – OneNote. Digital whiteboards – Whiteboard. Personal to-do lists – To Do.

You get the point. There are a lot of often unknown and unused potential in your Office 365 suite. Microsoft provides a bunch of modern tools which becomes disposable for you and your users when you adopt Office 365, providing you with modern tools from the same eco system.

Spread awareness

I way to often stumble across customers, friends and even co-workers who are not aware of the power of Office 365. Instead they turn to well-known consumer products, e.g. Trello or DropBox which lives completely outside the corporate sphere. Not only does corporate data live in a place you don’t control, the free-to-use service does usually only apply for consumer usage, which means that you could be asked to pay for a corporate license for your rouge users.

Historically, these have been quite common as a solution on the problem that the employer does not provide sufficient tools. But that is no longer the case if you have the Microsoft 365 services. The problem might be that your users does not know this yet. Or simply doesn’t care, that is absolutely a possibility as well.

Since you are already paying for the Office 365 suite and Microsoft 365 services, you should really encourage your users to do and use the right things. Spread awareness about all the great tools that they have at their disposal!

Conclusion

If you have spent the time and money to move to Office 365, make sure that you make the most out of it. You invested a lot in the transition, but that doesn’t mean that the work stops there. The Microsoft services are constantly evolving, and you need make sure you keep up in some way or another and keep deploying new tools and services to your users.

Another aspect of this is securing your corporate data. If you use tools within the product suite you have decided to work with, this applies not only to the Microsoft world, the data will live in a place which you control and govern. If you start using other services, especially consumer services, that data might not be yours anymore and you can’t apply retention policies and data leak prevention policies to that service nor data. This is a big problem when your corporate data lives on places it shouldn’t. However, that’s a completely different topic which I could dedicate a complete post to.

But I hope you get where I’m coming from and there are a few takeaways from this.

  1. Make the most of the productivity suite you have bought
  2. Don’t use consumer versions for corporate use
  3. Protect the data by keeping it within the corporate sphere

Given the development Microsoft have done with the Office 365 suite the last couple of years, most of the tools you need for productivity can be found there. Make sure you tell your users and make the most of the investment you have already made!

And to be clear, I’m not saying that you shouldn’t go buy other productivty tools. But before you do, make sure you don’t already have what your users are asking for within your exisiting tools.

Categories
Digital Transformation Modern Workplace

Providing a modern workplace

This is a topic I’ve covered in some earlier article from the aspect of how we did it at my former employer. This time my idea is to cover this in a broader and more generic sense.

Living in 2020, IT is more than ever a big part and an enormous influence on your work environment and how productive you are.

IT is shifting from being a “technical” topic to be more of an HR topic, since it influences so many parts of your employment, a poor IT experience will heavily influence how happy you are with your employer. However, IT are still the ones responsible for it.

From talking with friends, peers, former co-workers, and customers there are a few things that tends to come back when it comes to IT in bigger organizations. And that is the lack of trust in that end-users knows what tools they need to perform their work and expects to get tools that support them in their daily work. There are of course exceptions to this but speaking in general terms I’m guessing that you don’t ask IT what tools you need to do your job; you ask your peers. Well unless you work in IT, then I guess you would ask IT… You get the point!

Users has diverse needs

We need to start considering our computers and mobile devices as tools, not “toys” in lack of better words.

If you think about it, if you were left one day at work without a computer and/or mobile device, would you be productive? Probably not. This means that these are crucial tools for our work since you are doing your business through them. Giving you something that is not fit for purpose would eventually be a bad investment, or not the correct tool. Still, computers and mobile devices are rarely considered business critical from an IT Service Management perspective.

If you think about it, your company spends a lot of time finding the right machinery, servers etc. for your business needs, but what about that computer you spend your day in front of doing business? Was that selected based on what your needs are or where you given the “corporate computer”?

Trying to stick to a “one size fits all” setup is deemed to fail eventually in a modern workplace. I have different needs for my computer/phone than people working as e.g. a communications professional. Also, a manager has different needs than the peers in their team.

I’m not saying that you should buy all the shiny things people points at and don’t standardize. What I’m saying is be smart in what you are buying. You have a diverse team with diverse needs, make sure you can full fill them!

For whom are IT working?

One thing that is extremely important, but sometimes forgotten, is for WHOM IT exist.

IT does not exist to provide IT with work tasks. IT exists to enable the employees of the company with tools fit for their needs to do their job in the best feasible way.

This is something we shall never forget. This is important. This is the sole purpose of an IT department. To be a support function to the core business.

At the same time, end-users need to understand that there is reason behind why things are done in a certain way. If they don’t know, it’s time to tell them!

Set goals and visions

To combat this, listen to what your end-users wants and communicate with them. Set clear roadmaps and vision for where you should be in let’s say five years. This will give you a goal to work towards and a roadmap to share.

By listening to your end-users, I’m not saying that they should dictate your every move. Be coherent in what their pain-points are and strive to minimize them. Thas how you can add real value and build trust in the organization.

I far to often hear “those people at IT have no idea what they are doing”. That shouldn’t be true. We should be the best at providing the services for OUR users. We should be the ones knowing their needs and strive to meet them.

Categories
Microsoft 365 Modern Workplace

Key take-aways from Ignite 2020

Ignite 2020 was a bit different from previous Ignite to say non the less. Instead of having an in-person event in New Orleans, the experience this year was a 100% digital.

It was as always, a bit overwhelming with a lot of interesting sessions, but you didn’t have to walk between sessions. Oh, and the coffee was really good this year!

Looking at what was covered from the modern workplace at Ignite this year there was one common theme. Remote working and the new normal that Covid-19 creates. There was a lot of talk about how the world has changed the playing field for remote work and that we might never go back completely to how it was before. Something that I find very intriguing since this is an areas I’m passionate about.

If you would only watch two of the sessions from Ignite 2020, I would really recommend that you watch Satya Nadella’s keynote on Building Digital Resilience and Jared Spataro’s keynote on The Future of Work. Those two were really good!

This was a year for refinements from device management. New options for what you can do during Windows Autopilot and Co-management/tenant attach. A lot of new things which will help a lot of companies on the road to transition from traditional management to modern management! If you want to geek out, here are all the Endpoint Manager related sessions, all the Teams sessions and all the Office 365 sessions.

Microsoft Tunnel

On of the things that really cought my eye on an early stage was Microsoft Tunnel, which is a Microsoft VPN solution without the need for any third party licenses. I think this will be very beneficial for scenarios where you are utilizing Microsoft solutions for VPN for Windows and don’t want to invest in additional services for your mobile devices.

Microsoft Tunnel is in public preview and is available on iOS and Android. You can read all about it here.

Microsoft Edge

Microsoft has been pushing the new Edge for a while now, and for a good reason too!

It’s a really good browser, built on Chromium but with Microsoft integrations. I’ve been using this browser since it first came out, and it’s really good now.

Microsoft is pushing it even more now and was also highlighting the Internet Explorer compatibility mode.

BUT the big thing for Ignite was Application Management for Edge on Windows 10 which brings the Application Protection Policy features from the mobile platforms to the desktop Edge browser. This means that you can manage just the application instead of the whole device. Additionally, Microsoft Edge will support the new Microsoft Endpoint Data Loss Prevention (DLP) service which will be launched in October from day one.

There were a bunch of other improvements to Edge presented as well, you can read all about it here.

Microsoft Teams

If you think there were a lot of new improvements introduced for Microsoft Endpoint Manager, it was nothing compared to Microsoft Teams.

It’s becoming increasingly clear that Microsoft Teams should not be considered a product, it’s a platform.

There were so many new things ranging from power platform and low-code solution for automated workflows to improved meeting experiences and wellbeing.

A few of the highlights that caught my attention were:

  • Breakout sessions
  • Custom layouts and new together scenes
  • Wellbeing and productivity insights
  • Improved first-line workers functionallity

You can read more in details here.

Categories
Digital Transformation Modern Workplace

What is Windows Autopilot – management edition

There are A LOT of misconceptions what Windows Autopilot is. Today I will try to sort those misconceptions out.

You have already heard a lot of different presentations about Windows Autopilot, why you should use it and why it’s so great. Because of that, I’ll leave most of those things out. This wont a technical post about what Windows Autopilot is, this will be more of the management edition of this.

Windows Autopilot – the concept

The basic theory behind Windows Autopilot is to streamline and take away time-consuming phases in the setup process of a corporate computer.

In the “traditional world” you would need to be on the corporate network and press F12 on the computer to initiate the installation of your custom image, that your IT-guys built. This custom image of Windows contains all your customizations, drivers and settings are pushed through Group Policy Objects, also called GPO. Many companies requires the computer to be “known” before it’s installed and you do what is called a pre-stage where you create the computer account in the active directory (AD) and assign group memberships. This process can take from an hour up to a few hours based on your connection and size of image (it’s usually pretty big).

In the world of Windows Autopilot, you take advantage of that the hardware manufacturer has already put a Windows 10 installation on the computer, with drivers installed from the factory (this is actually how computers are shipped even if you don’t use Windows Autopilot). Your vendor/partner/IT-department registers the computer hardware ID, which is unique to each computer, with your Microsoft tenant. Computer can also be joined to Azure AD groups based on this hardware ID.

When the computer is launched the first time, the user will be greeted with “Welcome to Contoso” and then asked to sign in. When sign in is completed, the computer is registered in Microsoft Intune and settings and customizations are applied.

This process is A LOT faster than traditional OS-deployment. The entire process and the computer are ready to use in 30-60 minutes (based on connectivity). All traffic is routed through the internet during setup and any connectivity to the corporate infrastructure can be routed through VPN if needed.

If you do the math, you can deploy a whole lot of more computer for a lower cost using Windows Autopilot.

Windows Autopilot – the reality

This sounds pretty neat huh?

But what is Windows Autopilot? Is it a completely new tool? Will it replace Microsoft Intune? What will my IT-technicians do, they spend 80% of the time installing computers today?

Without getting to technical about this, Windows Autopilot is a new name on a bunch of things that has been around for a while. And some new features.

Windows Autopilot is utilizing a lot of different technologies and should be viewed more as a workflow or a process rather than a technical feature. It combines the power of Azure AD, Microsoft Intune, and Microsoft Store for Business to provide a streamlined process for installing new computers. That’s about it.

This means that Windows Autopilot is nothing else than an automated and standardized process of setting up computers for your company.

However, from a technical point of view, there is a lot more things going on though. But this is the simple version.

Key take-away

The key take-away, and the thing to consider, around Windows Autopilot is if you need all the fancy switches and total customization you have with the traditional approach. Or would a lighter weight management do the trick for you? It probably will…

There are of course some if’s and but’s around this, but in general there aren’t that much. Your users could get their computer delivered straight to them and set them up by login in, given that they have internet access at their location.

There are options to prepare the computer for the user by having a technician do half the registration and setup to then re-seal the computer and ship it off to the user, if you want to minimize the amount of work being done by the end-user. This way, initial setup will be shorter for the end-user.

If you view Windows Autopilot as an automated process to setup computers in your organization and not a technology, things get a lot easier. With that said, it won’t suite all your special situations for computers, but you will cover most cases for office-based work!

Categories
Intune Modern Workplace

Why managed Android matters

Looking at the Swedish market, most of the companies I meet are managing their devices. These devices are usually iOS/iPadOS devices since, let’s face it, iOS has been superior in the Mobile Device Management segment throughout the years since they have had more settings exposed to MDM than Android. This has however changed over the years and the difference is not at all the same as of let’s say 3-5 years ago.

We can always discuss why platform A is better than platform B, but let’s not get into that. Everyone will have a separate opinion on this.

Looking at where we are today, many companies I meet manage their iPhones and iPads but haven’t really gotten around to Android yet. It’s still in some sense viewed as a secondary platform and not something that is wanted (it’s one more platform to provide end-user support on for one thing).

I fully respect this. However….

Looking back at my previous posts about what tools people to expect to use in the workplace, we are seeing a lot of growing demand for Android devices.

This could be out of personal preferences, the fact that the device is cheaper or the iPhone not being available in the market where the user lives. But this means that dodging the question of Android becomes harder and harder. And the later you get on top of Android, the harder the transition will be since Android is a lot different to manage compared to iOS/iPadOS.

For Android, you have to options depending on your wants and needs. You have Work Profile and Device Owner.

Management methods for Android

You should AT ALL COST avoid using Device Administrator since this is a legacy protocol which will be decommissioned by Google.

In this post I will not cover the dedicated devices method since this is meant for special adoptions and not regular end-users.

Work Profile

Work Profile is the most basic version of Android management and it has the least impact on already existing phones. Your users must download the Company Portal to enroll into Intune. This will create a separate “work sphere” where all corporate data will live.

This is the easiest form of Android management and you can deploy applications, configurations, and compliance policies. The work data will be separated from the personal data, but there are some limitations around management. This is the easiest way to start managing your Android devices without too much user impact.

Device Owner

Device owner or fully managed is the full feathered version of Android management where Intune takes total control of the device. This is more like how the iOS devices would be in a supervised mode. This management method also enabled Google Zero Touch enrollment (or Samsung Knox) for easier user onboarding. But you can of course have your users scan a QR code on first launch.

A huge benefit with this from a corporate perspective is that the user won’t need a Google account to enroll and download corporate applications. They can add a personal Google account, but it’s not needed to use it as a corporate device. Google accounts can otherwise be a hassle for less experienced user.

Company-owned work enabled

This version of Android management is when this blogpost is being written to officially launched, it’s still in preview.

This is however a combination of Work Profile and Device owner management where you as an organization gains full control over the device (giving you more management capabilities) but corporate data and personal data is separated.

This requires a device reset, just as device owner, but the user will get one corporate sphere and one personal sphere. The data is managed in the corporate sphere and left to the end users’ privacy in the personal sphere.

In my view, this will be the more attractive version of Android management overall since you can have a separation between personal and corporate data.

This method works extra smooth if you combine it with Google Zero Touch or Samsung Knox. If you don’t see a possibility to have this in place, you can of course have your users scan a QR code on first launch.

Where should you start?

Start small and start easy. If you have a lot of Android devices today, Work Profile is the best place to start. Having users reset their devices containing photos, apps etc. is not a popular thing to do. You could argue that it’s a corporate device and your users must comply, but this is not an effective way to build trust and getting the devices into management.

If you have just a few devices and looking to introduce Android into your environment, Device owner or the new Corporate-owned work enabled method is the way to go. You will have fresh devices going in and the need for a reset doesn’t exist. Combine this with Google Zero Touch or Samsung Knox and you will have a killer user on-boarding experience!

What are your thoughs on Android and where do you stand today? Comment below!