olastrom.com

Category: Digital Transformation

  • The grey-area between work and private applications

    The grey-area between work and private applications

    (Originally published on LinkedIn)

    TLDR; Microsoft AppStore, consider making this available for your users to unlock their full potential.

    So, you have taken the leap over to Windows 10? (That’s awesome since support for Windows 7 ended 14th of January if you didn’t by additional extended support, I´m really hoping you did move).

    Windows 10 brings you a LOT of new features, services, ideas and challenges. One of those is the Microsoft Store which grants your users access to all kinds of apps and other things like themes and language packs.

    This is great, isn’t it?

    This is an interesting topic. On one hand you have the fear of more support and your users demanding support for things your IT department is not prepared nor staffed for. On the other hand, this is a hidden gem full of potential and users expecting things to work in a certain way. This post will cover that, but mostly on the end of “this is a great idea” rather than “lock that down, we don’t support that!”. I’m not in any way judging someone or saying “your decision is wrong”, more on the hand of giving the point of view from someone who was responsible for 35k clients and what I learned from that and form talking to customers, peers and friends who uses Windows 10 in a corporate setup.

    Disclaimer before I start. I will as usually oversimplify stuff (as the naive millennial I am), don’t care about network capacity and things like that. This will target an expected user behaviour and user expectations. Also, I’m aware that I’ve in some way or another discussed this with people who reads this and I’m not calling you out on any things mentioned in this in any shape or form, you inspired me to write this. I might also be neglecting any legal/licensing aspects of this.

    Microsoft Store – the difference between private and corporate

    But let’s start with the basics. What is Microsoft Store?

    Microsoft Store is a marketplace for applications, much like the AppStore/Google Play Store we know from our phone (I know MacOS also have this but I’m leaving that out for now). The store offers users to download applications to their machine from a trusted source (applications are checked by Microsoft before being published) and they can install these without privileged access (admin access). All applications are installed in a user-context and user A will never see user B’s applications. The risk or malicious code is extremely small.

    There is however one major thing to point out here, which is easily missed. There IS a distinction between your private sphere and your corporate sphere.

    If you download e.g. Spotify or Netflix, this application will be connected to your PERSONAL Microsoft account if you download it from the public part of the store. If you choose to download it without and account, it will still be connected to a “personal sphere”.

    BUT if you download an application from the business side of the store, this will be connected to your corporate account. To download things connected to your corporate account, you need to enable Microsoft Store for Business and this will give your users a new tab in the store called e.g. Contoso. Everything downloaded from this tab, will be connected to your organisation and you will have to obtain a license for it (free or paid). This requires your users to either sign in with their Azure AD account, you to enable hybrid join or the machine being only Azure AD joined.

    This means that Windows can keep track of what is private and what is corporate which means that you will only need to keep track of what YOU support.

    What if your employees are more productive if they listen to music? Should you block that on their computer? And what happens when you block e.g. Spotify on their corporate computer?

    Well, most information workers today have corporate issued smartphone… You didn’t restrict that app on those kinds of devices. So, your workers will consume that service, with a privately owned account, anyways on a corporate device…

    And to be honest, if you blocked this one their corporate phone, they would use their personal device instead (or even an old fashion radio).

    Enter the grey-area between work and personal life

    What does your user expect in the form of services, support and how to use their devices?

    User behaviour has shifted a lot since the dawn of device management. We are now entering 2020 and most people have some form of knowledge of how to use a computer or a phone. This means that the expectations are shifting and we at IT needs to adapt to this and understand that our users now know their way around a computing device (computer or phone). Concepts as internet, App-stores and browsers are not new, this has been around for about a decade (the Apple AppStore was released 12 years ago, in 2008). The next generation workforce is also entering the market, and now I’m talking about the Gen Z people who doesn’t know about the world without internet and computers. Millennials are entering their 30’s, time to move on and stop being scared of us.

    All this, and the fact that >80% of the population in Sweden have access to a smartphone, means that we need to expect more from our users today than we could 10-15 years ago. We can also expect that they know what services they need, e.g. Spotify might not be a corporate app but might be something that your users’ need to stay focused (and paying for them self). Simply put, we have more experienced users today and we need to meet their expectations, not limit them from reaching their full potential. Simply put, using a computer to perform tasks is not a new thing anymore.

    The use of such apps leaves a grey-area between what is work and what is personal. E.g. Spotify might be something your user is using to stay focused to do their work better, while paying for it as a personal service, and it’s not accessing any corporate data since its running in an isolated container (I’m intentionally leaving out network from this). Since this is a subscription service, purchased privately and consumed on personal devices, this won’t require any support from you and the user won’t expect it either. They application will also be “owned” by their personal account, not the corporate one.

    What do we support?

    One thing I’ve heard from several different customers/partners/peers is “What if they call and want support on application X, we must support whatever we allow on the device”.

    My usual answer to this is “Do you support Angry Birds on iPhone?”. The most common answer is no.

    Why? Well, it’s not a corporate app. Neither is Spotify, Netflix, WhatsApp, Messenger, Twitter is a corporate app. UNLESS you make it available in the Microsoft Store for Business.

    If you make it available in Microsoft Store for Business, that means that you as a company acquired a license for it and you actively made it available for the user. The same goes for applications from Apple AppStore (using VPP) and Managed Google Play. Any application you mark as a corporate approved application, you should expect your users to expect support on.

    What about everything else in the app-stores? Well simply tell your users that this is not an application approved for your company and they need to reach out to the application developer/vendor for support, its simply “not supported” by your organisation. Like I said earlier, you don’t support all +130 million applications in the iOS AppStore, do you?

    What does real life users expect?

    By talking to network of friends, customers, peers, and former co-workers. What do they say?

    Well it was a straightforward, non-statistical secured, answer:

    We do not expect IT to help us out with applications we obtain for “personal use”

    This means if they have problems with e.g. Spotify or any other applications which is not work relate nor sanctioned by/licensed by their employer, they won’t call IT. This is also something I can confirm as previously being the operations manager for the client platform in a global company, support for app-store apps is not a huge problem. And if you managed the expectations from your users in an effective way, you will be fine.

    Let’s face it, the way we use technology today is different from that it was 5-10 years ago. We need to adapt.

    The go-do…

    What’s the go-do from this? Well, I’m not saying that you should make this available for all users tomorrow but consider piloting this outside the comfort of IT and evaluate the outcome before deciding. This might be an appreciated addition to your offering towards your end-users.

    What are your thoughts? Do you see the app-stores on the different platforms as hidden potential or a potential support problem? Let me know in the comments.

  • Dare to break old habits in 2020

    Dare to break old habits in 2020

    (Originally published on LinkedIn)

    We all love email, don’t we? It’s such a fast and efficient way to communicate. You can just write your short message in the subject line and the person you send it to will see straight away what you wanted to ask…

    Okay, there might be some irony in that part.

    Emails are great, but not in communicating “one too few” in 2020, there are so many other great tools. We also have a new generation of workers showing up which don’t really get the whole email thing. We also have this whole thing with crowded inboxes. I’ve met people who have over 10 000 unread emails, and I bet you have too, so how would your email even be found or noticed in that case?

    So, what can we use instead?

    What if there were a tool which is based on chat, much like text messaging. Were you could easily share documents and you keep all conversation history? Oh, and group chats to include more people would be awesome!

    In fact, there are several tools which does this such as Microsoft Teams, Slack or Google Hangouts. But since I’m a strong Microsoft advocate, I’ll focus this article on the Microsoft product Teams.

    What is Teams?

    There is a lot of buzz around Teams, and have been for quite some time now and if you are not looking into it yet it’s time to get started since Skype for Business is going end of life in 2021.

    But what is Teams and how can you make use of it?

    Teams is a collaboration platform in the aspect of “one to one – one to few – one to many”, and keeping it focused to your team (virtual or organizational) and not your complete organization, but of course based on size and such. Teams is not a new social intranet; this is where Yammer comes into play if we speak Microsoft terms.

    Teams is heavily centralized around conversations and collaboration in different context. Conversations can either be private in chats or more public in a team where everyone in the team can participate (private channels are coming as well as presented at Ignite during Q1 of 2020).

    Collaboration can also take different shapes and forms in Teams. But to set the expectations right, Teams is based on SharePoint Online and shares the same access principles and collaboration feature set as SharePoint Online.

    Teams shouldn’t be looked upon as “yet another place” to look for news and updates, it should be considered as the hub where you keep track of things. The more conversation you move to Teams from especially email, the easier the transition will be. Also, this is your one stop shop for calls, meetings and chats which means this should be a part of your daily workflow!

    And yes, Teams is so much more than what I just wrote. But it’s an easy place to start and an effective way in to using the platform!

    So why should you care?

    Even if we all love sending email, it’s not an efficient way of communicating since we all know that feeling after a few days of and you have 200 new emails where most of it is “for your knowledge” or just irrelevant. There is also a significant risk that you miss something important and you will need at least a day to go through it all.

    Teams can help you gain more transparency and faster collaboration. You also get the benefit of traceability of all discussions you have had either in personal chats or larger forums, and its SEARCHABLE.

    Looking at the trend and buzz around Teams, it’s here to stay and is a more modern way to communicate. Emails will still have its place in the world, but not as we use it today. There is also a whole new generation out there who doesn’t really understand why one would use email to communicate since it’s not efficient.

    Let’s break the old habit in 2020 and send less email and more instant messages! It doesn’t have to be Teams since this is more a behaviour than a product. I promise you, both you and your users will find it more pleasing to get less emails!

  • Redundant systems

    Redundant systems

    (Originally published on LinkedIn)

    Okay, so you are shifting to Microsoft 365. That’s great! It includes a lot of things that are useful, and a lot of services you already have from another vendor. You might even have the same service from multiple vendors.

    Let me put some context to this.

    Your users need a phone conference system, so you go and buy this from vendor A which require a specific license. Vendor A isn’t that great on videoconferencing or does not do it at all. So, you reach out to vendor B and buy a video conferencing system to use in your meeting rooms. The licenses for this system were pretty expensive, so you decide to also go to vendor C and buy a more cost-efficient system which can be used from a user’s computer and you put a lot of time into getting the system from vendor B and C to work together. These two systems also have the possibility to do phone conferencing. It never gets a 100% smooth, but your users settle in for this, hey it’s corporate IT.

    Then comes Microsoft Teams and does all these three things you bought separate products for, but you add this to the mix as well since Teams is the future and all users have a license for it. The three old ones are still there, and everyone is confused when to use what.

    Does this sound familiar?

    This doesn’t just go for Teams and meeting platforms. This can be applied to any service you provide to your users. You have one or two solutions, then comes the new product that you and your users want, and you just add it to the mix without decommissioning the old solutions. Hey, your users still love the old one then why remove it?

    We have been there and still are

    When we started our journey towards Microsoft Teams as a collaboration platform, we had a lot of solutions doing parts of the things Teams does. We had one solution for chat (Skype), two-three for video conferencing and at least two for phone/online meetings to name a few.

    Having several solutions that do the same thing is not a wanted state for several reasons:

    • You will have to pay multiple licenses for the same thing
    • Your users will get confused when to use what
    • Your users will get frustrated when they can’t use solution A to connect to solution B
    • Life cycle management for several products is a hassle

    But just throwing out that expensive video conferencing system you installed in your board room is probably not something you wish to do since you will have to replace it with something just as expensive. So, saving parts which can be integrated into one solution is the way you want to go.

    Our trickiest one to close is our old online meeting platform, which people are fond of. When we introduced online meetings through Skype, people were missing some features which they had really liked in the old setup. At the same time, we had a change in user behaviour where users were connecting to the meetings through their computers instead of dialling in which had an impact on the network resulting in poor call quality. This gave Skype a bad reputation internally and everyone wanted the old, quite expensive solution which “worked” were you often called in with your phone for audio. Eventually, we have reached a state where the trust is high in Teams and functionality is good which have made the shift a lot easier. This also gave EVERYONE the possibility to host online meetings, not only the ones who had an expensive separate license.

    Remember to retire old services

    This doesn’t only apply for Teams and Microsoft 365, this can be applied to anything. In a big corporate IT environment, it can be hard to close services which have been loved and heavily used by the users. It’s important to put in the effort with making the users aware of WHY you are transitioning into a new service. Letting the service die by itself is never a clever idea, you will gain a lot by putting the effort in to decommission something (and it will be cheaper). Even if we might act like it sometime, we never replace/change services just because we like new shiny things. There is ALWAYS a business case behind every major change, and the goal is always to improve the service even if the road there might be bumpy.

    If you can optimize and simplify your environment by decommissioning redundant services, get on it!

  • Increasing device flexibility

    Increasing device flexibility

    (Originally posted on LinkedIn)

    Let’s dig into hardware, since this is an important part of the workplace services.

    In the old world, IT centrally basically dictated what computer to buy (you had a handful to choose from) and the ones available probably didn’t really fit your needs but it was the closest you could get.

    Okay, not THAT extreme, but I hope you get the point.

    Limiting the selection of computers (and a set specification of these) are great in some sense:

    • Standardized range of models
    • No “surprises” for the support team
    • Easy for end-user to pick a device
    • Life cycle management becomes easier
    • Centrally decided which models and specifications to use = no discussion

    There is also a bit of a flaw in this setup. There is no room for flexibility and user needs. You will get stuck with something which is what you needed, but not completely.

    Let’s start with an example

    You have this range of computers to choose from:

    • Computer A – Small lightweight laptop, great for travel but not powerful
    • Computer B – Standard laptop, fairly mobile, fairly powerful.
    • Computer C – Powerful and large workstation, lots of power, lots of memory.
    • Computer D – Executive top model. Pretty powerful and slim design. Expensive.

    For a user who travels a lot and needs a powerful computer. Are any of these a good fit?

    Taking a new approach

    As part of the transition from one hardware vendor to another, we decided to change this approach and offer a broader range an even having models which overlapped. All of them could be specified to the users need. In this context, range means certified for our custom image.

    This also meant that we offered a more complex setup, potentially offering about 15 computers towards our end-users. This is where Local IT comes into play for an important part. Creating the custom range for THEIR site. For us, Local IT are the ones providing the user with hardware, which should be fit for purpose for the end-users need.

    Just because we centrally offer 15 models doesn’t mean that all 15 should be offered to the end-user on all sites. Most sites actually ended up offering just a few models BUT could get that special machine which just a few users per site needs and the possibility to upgrade the processor, RAM and the hard drive size without making it a non-standard device.

    New challenges for central IT

    Having this broad offer created new challenges for us as central IT. How do we explain to local IT when to pick what computer, especially when models might overlap? This is something which we hadn’t dealt with before in the same way and this also positioned us in a different place.

    We are becoming an enabler rather than a provider.

    Positioning us as enablers doesn’t just apply for hardware, this could be said about a lot of our new services. But this is where we need to go since we operate on business demands and not on what we think is interesting. We enable the business to succeed and to do that we need to understand and meet their demands. Once again, understanding each local business need is very hard as a central organization and we need the local IT staff to help the user to navigate the jungle we are creating by adopting a more flexible environment where we no longer dictate what devices can be used.

    The conclusion

    So how do we tackle this? We have only found one effective way and that is information. Information about the services and information about the hardware so that a good decision can be made as close to the end-user as possible.

    However, we are not making things easier for ourselves right now. We are about to enable Windows and Mac managed from Intune. How should we position that and why should one be picked over the other or the traditional custom Windows PC? We are working hard on creating good service descriptions right now to assist in making this decision together with the end-user. Defining what you can do, but also what you cannot do, with each service becomes increasingly important to make this decision.

    Since the modern workplace puts more focus on the user, the approach to what device the end-user consumes the services on must change. We cannot be a “Windows only” environment anymore. Different people have diverse needs and if we want to keep being an attractive employer, what device you can use is not something IT can afford dictate. You need to meet the end-user on their grounds and provide tools they are comfortable and used to work with since they will bring their own work style.

    Today we are doing this shift with our devices. Who knows, tomorrow it might be the applications.

  • A millennial in the workplace

    A millennial in the workplace

    (Originally posted on LinkedIn)

    This post will be a bit different. This will not be a post about how we are enhancing our digital workplace. This article is about me and my experience, a millennial in the workplace. As a fairly young on a quite senior role as a Solution Architect in a quite senior organization, these are things I think about daily.

    The thought behind this article is to shed some light on how one of those scary millennial’s thinks about the digital workplace. We are still quite scary, even though many of us have hit our 30’s. Millennial’s, also called Generation Y, are born in the early/mid-’80s to the early/mid-’90s.

    Disclaimer: I might generalize a bit regarding millennials. (A bit = a lot). Also, I’m known to be quite naive (in a good way if you ask me). Last important part, these are my opinions and not everything is backed up by data.

    But what do we know about millennial’s?

    • We believe our self to be entitled
    • We were raised with computers, but we know of a world before the internet
    • We believe in a flat corporate culture
    • Work-life balance is important to us
    • We look for meaning full jobs
    • We don’t by diamondswe buy avocado toast

    Okay, there are a lot of things we can say about the millennial’s, some good and some bad. It’s a term which is being thrown around a lot. But I will focus this article of my experience as a millennial in the workplace.

    The start of it all

    Being part of the generation called millennial’s, at least in my school in a small town in Sweden, we got our first experience with computers in school in the 4th or 5th grade. We had one or two computers in our classroom which we had turns researching basically. Moving up to 6th to 9th grade we had more computers in some classrooms, but still not one each and not used in every class. During this time, we had one or two computers at home (my mom worked within IT). Collaboration on this stage was sitting a group in front of the computer, one typing and the rest telling that person what to type.

    Heading into high school (Swedish “gymnasium”), this is where computers took off. I attended more of an innovative school where all the students got a computer. Stationary, but still a computer. This was so cool back then; we were the only school in my city where everyone GOT their computer. Collaborating on the same document didn’t happen here, everyone wrote their piece, and someone had to put it all together in the end. This was in 2003.

    Heading to college in 2007, things had changed. Laptops were cheap, and the ultra-book made its entry (those small ones). This is also the time I shifted from PC to Mac (and claimed I would NEVER go back). Around 2007, this is when Facebook took off in Sweden and cloud services started to pop up. We used Google Docs a lot for collaborative work and you got used to co-creating documents and presentations. It was easy working on big assignments in a large group where everyone could write their part simultaneously.

    First workplace experience

    Getting my first job in 2011, you expected that “wow, a place where they actually can put some effort into getting really good tools and collaborating”. Imagine the confusion when you don’t find those tools and realizing that “wow, I had better tools in college on a budget”. This is where shadow IT is born on a grassroots level and unsanctioned apps MIGHT be used, there are no tools and you have the mindset from college that “if no one gives it to me, I´ll find one myself”.

    Jump forward to the present time. I today have Microsoft 365 for seamless collaboration at my fingertips. I have great hardware (a computer and a phone I like). I´m back at where I was during college, but with more mature tools. But I´m still not pleased, it can always be improved.

    What is the end goal I´m looking for, the ripe avocado of my dreams?

    The perfect digital workplace

    Gaining 8 years of experience from various kinds of workplaces and IT environments, I’ve noticed a few things that are important to me and my digital workplace. Some might be traits of my generation; some might just be personal preferences.

    A few things I picked up along the way

    • Always have two phones to separate work from personal life (work-life balance). For me, this is the only true way to disconnect from work.
    • Don’t have more stuff than you can fit in your daily bag and always bring the computer with you home. Who knows, you decide to work from home or a coffee shop tomorrow. Just because I´m leaving the office doesn’t mean the workday is over. Work is not a place, it’s something I do.
    • Please do manage my devices, but also let me control it myself and personalize it to be my own. Getting corporate settings and software which is a hassle to manually install is awesome, but I want to be able to make the device MY device. (Read my article on managed devices here)
    • IT Security is important. Multi-Factor authentication and strong passwords should be standard in ALL corporations and it’s not hard. My phone is always in an arm’s reach, not hard to verify my identity. Just do it!
    • Good hardware is important. It lasts longer and you take better care of things you like. Good hardware = fit for purpose.
    • Corporate issued bags are NOT my thing. I get a personal bag and pay for it myself since its “not in the corporate web shop”.
    • Get good peripherals. A good wireless mouse is important and a good headset for all those Teams calls you will make all over the place (from multiple devices). A noise-cancelling microphone is key for a good meeting.
    • Cloud services are here to stay. It doesn’t matter if it is Microsoft, Google, or anyone else. This is key to successful collaborative work and personal productivity. Access your work anywhere and share it with colleges.
    • Stay current. I expect to use the same version of Windows/Office/[insert application or OS here] at work as I do at home. Time to market is a real thing even within “Internal IT”. (You can read more about it here)
    • People in my generation know their way around a computer, they have always been there. All of us might not be computer engineers, but we know what we like and how to use it. Corporate IT often adds a layer of frustration by locking key features, creating bumps in the workflow, and not reaching that full potential productivity.
    • If something is weird, question it! (This might just be me)
    • Dare to be disruptive and challenge old principles. You will never progress or grow as a person or organization if you don’t try new things. (Read our story)
    • Be yourself and stay true to yourself. For me, this is my most valuable learning of all. Be smart and own your personal brand!
    • No computer is complete without at least one sticker

    “Always be yourself. Unless you can be Batman. Then always be Batman.”

    Unknown

    What is the conclusion of this?

    What is the perfect digital workplace? I would say it’s very personal and most definitely differ from person to person, much like everything else. I´m not saying I´m expecting my employer to give me the devices of my dreams, what I´m getting at is that I´m expecting tools that can make me productive and gives me the possibility to work in the way I prefer. If I´m able to be productive I can do a better job. “Empower every person and organization on the planet to achieve more” might be the mission of Microsoft, but it makes sense for everyone providing workplace services.

    As you can see from the links I’ve added throughout the text to my own article, this isn’t just a vision from some parts. We are making many of these things reality which shows that this isn’t just some dream state for a millennial. This can be done for real.

    My goal is not to make my digital workplace better. My goal is to make everyone’s digital workplace better. Everyone deserves a great digital place to work.

  • Staying current in the new world

    Staying current in the new world

    (Originally published on LinkedIn)

    In this post, I´ll keep covering our digital transformation. If you haven’t read the previous part, you can the first part here and the second here. This is the story of how we left a legacy workplace in 2018 and started to build for the future.

    One thing I’ve noticed that you often come across when you working bigger changes, and especially moving to new technology, is variations of the phrase “yeah we don´t do it like that here, it would never work”.

    If you have never tried it and you don’t really know what it is/means, how can you be so sure that it will not work?

    I quite often play the “hey I´m a millennial”-card when discussing change (it works surprisingly well), especially when I talk about things that might be a bit naive and oversimplified. But it´s an effective way to push forward and skip over some of those road bumps which you tend to get stuck on.

    We now live in a world which is ever changing when it comes to the workplace. You can update the Office suite every month and Windows feature updates are released every six months. This is quite different from the past.

    So how did we decide to navigate this?

    The first step we took was to accept that this is what the world looks like now. No matter how much we complain by the coffee machine, this is the reality now.

    The second step is to sell this to the organization, especially key stakeholders such as application owners and senior management. This is the tricky part since this is not so much technology as politics.

    Instead of seeing each upgrade as a project itself, we built a process to support this flow of an evergreen world. This means that once we have finished the last step in the process, it’s time to start over again. Our process contains the following steps (imagine this as a circle):

    1. Inform stakeholders that new release is coming in 2-3 weeks.
    2. Release update to first evaluation group (ring 0) to clear any compatibility issues in the environment.
    3. Release update to second evaluation group (ring 1) which contains application testers for business-critical applications, to give them as much time as possible to evaluate.
    4. Release update to third evaluation group (ring 2) which contains application testers for important business applications which are not deemed critical but still would like to evaluate on an early stage.
    5. Release update to the first pilot group for broad deployment (ring 3) to make sure that deployment works on a global scale. This step is estimated to happen 2-3 month after the Windows 10 feature upgrade is released, but it also depends on the outcome of the previous steps.
    6. Release update to broad production (ring 4).

    During this entire process, we are monitoring the deployments and keeping track that nothing breaks. If an application is identified as problematic, the computers can simply be rolled back to the previous version of Windows 10 and that application will be put on an exclusion list (basically be put in ring 5) until the application owner has taken action on the application. This has however not yet happened.

    Does this process work in the real world?

    Yes. We ran through this but at a slightly higher pace when moving from Windows 10 1709/1803 to Windows 10 1809. To our knowledge, we did not have any major incidents where we broke an end user’s computer. We upgraded roughly 18 000 computers in a matter of a few weeks.

    We did have errors though, and a lot of them during the first week. But all errors were indicating that users were not able to run the upgrade (it was blocked). This was also expected based on the earlier test we had run with the earlier rings, but nothing we couldn’t handle. Everyone was confident in the servicing, and all errors were either “solved by them self” or fixed by our technicians in bulk or case by case.

    After our first major Windows as a Service experience, we still trust the servicing. We were even more confident after the upgrade that the Windows as a Service process works.

    BUT, having static rings as we do today is far from ideal. Until we have better tools (such as Microsoft Desktop Analytics) to create dynamic rings, this is our approach. We will spend some time fine-tuning the setup and move to dynamic rings once we have the tools.

    The outcome

    • Users had the update as available for 21 days, after that the installation was mandatory
    • We upgraded roughly 18 000 computers in about a month
    • No major application compatibility issues
    • Branch Cache took about 50-60% of the workload
    • No reported network disturbances during this time caused by SCCM

    Bonus learning

    One thing we realized quite early on was that the phrase “application testing” scares people, especially management. Testing is expensive and time-consuming is a general feeling and causes unwanted friction when you want to speed up the pace. Therefore, we decided to rephrase it. We were not aiming to do “application testing” in ring 1 and 2, we are aiming to do “application verification“. This minor change in the wording changed the dialogue a lot and people became less scared of the flow we set up. Verification is less scary then testing.

  • Deploying the future

    Deploying the future

    (Originally published on LinkedIn)

    This is the second part of a series about the digital transformation journey we are doing at Sandvik. You can find the first part here, Leaving legacy in 2018.

    When I joined Sandvik back in 2017 we were right in the middle of upgrading our Configuration Manager environment from SCCM 2007 to SCCM Current Branch. This was a huge project in which we invested a lot of money and time into with our delivery partner.

    We finally pulled through. Everyone involved in the project did a huge effort to get us there, from the SCCM delivery team/technicians to local IT. This was our first step towards the future for our clients and this meant we could start working on Windows 10.

    Configuration Manager and deploying applications were however still somewhat of a struggle for us. Every other time we did a large deployment we had to deploy in waves, spend a lot of time and effort into not “killing” the slower sites which often meant deploying on weird hours and asking users to leave their machines on during the night at the office. It happened more than one time that we had to pull the plug on deployments since we were consuming all the bandwidth in the network for some sites, even the bigger ones. We did have a peer-to-peer solution, but it was not spread out to all sites and machines.

    We had to fix this.

    Since we had moved to SCCM CB a lot of new opportunists opened up (maybe not from day one though) which meant that we actually had tools in our toolbox to solve this in a new way, such as Branch Cache and Peer Cache (which in them self are not new functions).

    We decided to start with Branch Cache since our biggest problem was application distribution. We piloted the Branch Cache at a few sites to see if we actually could gain something from this, and the results were really promising so we started deploying this throughout our whole environment, starting with the most prioritized sites without local distribution points and then over to all sites. When Branch Cache was widely deployed, we scaled down our 1E Nomad solution and eventually removed it.

    We managed to do the following bigger things without causing network interference and seeing Branch Cache being utilized.

    • Deploy Office 365 ProPlus update to > 25 000 computers
    • Deploy Windows 10 feature update to > 18 000 computers

    And then we had the one we are most proud of to date. We deployed Teams to > 25 000 users, with utilization in Branch Cache of 70%. This is our best number so far for applications, and then we are not yet using phased deployments in Config Manager.

    Our next step right now is to get Peer Cache out on a few sites, especially sites with bad connections to the closest distribution point. The reason we want to get Peer Cache out in the environment is to ease PxE installation on our smaller/remote sites. In parallel to this, we are also investigating how we could utilize LEDBAT for the traffic between our SCCM servers. This, however, requires that our SCCM servers are running at least Windows Server 2016 and we are not completely there yet. But there is still a lot of time left during 2019!

    The take away from this

    The biggest takeaway, Branch Cache works, and it works really well. If you have not yet started to investigate Branch Cache, I would advise you to do so. This has saved us a lot of headache and time since we can now deploy with great confidence that we will not disturb our critical business systems with our traffic which might not be as critical. The fact that we have managed to reduce the WAN traffic with up to 70% for larger deployments has improved the trust of other teams that we can deploy things in a disturbance-free way.

    I also want to point out that our team of technicians and architects has done tremendous work making this possible.

  • Leaving legacy in 2018

    Leaving legacy in 2018

    (Originally posted on LinkedIn)

    Imagine that you run the workplace area for a global industrial company, which is a very traditional industry when it comes to IT and the workplace (low risk taking). This company is running the almost 10-year-old Windows 7 and Config Manager 2007. The ambition level is to “keep the light on”, we can’t move too fast.

    Your first thought is probably not that this company is striving to be innovative in the workplace area.

    Now, imagine that said company has made the move over to Windows 10 for the majority of its PCs and is keeping up to date with Configuration Manager current branch, deploying the latest update with a two week delay from release. Said company has also positioned itself to be a front runner (high risk taking) and is eager to adopt emerging technology.

    How long do you think this shift took?

    What if I told you that we shifted this around in two years, moving from a legacy environment to a aggressive, front running, position where everything is kept up to date. Would you believe me?

    We actually did this shift, in about two years’ time. Migrating over 18 000 clients during 2018 with little technical friction, this on a global level. We still have PCs left to migrate, but the majority of the remaining machines are up for replacement during 2019.

    Doing this, we saw these things happen:

    • Over 99,6% application compatibility for Windows 10
    • Start-up time reduced from an average of 130 seconds to 20 seconds
    • People WANTED to move to Windows 10

    Before we closed 2018, we also piloted Windows 10 servicing with 1803 for about 700 computers. This was somewhat of a bumpy ride, hitting some hard blockers such as anti-virus and VPN clients not liking the upgrade. But this was expected, these are problematic applications. The installation it self, work really well on the client which could run the update (since we were in the middle of replacing our anti-virus and only consultants got the VPN issue not everyone in the pilot was affected).

    Right before the Christmas holidays 2019, we made the 1809 upgrade available for our early rings.

    So where did we close 2018?

    • Deployed over 18 000 Windows 10 clients, globally
    • Upgraded around 700 clients to 1803
    • Made the 1809 upgrade available for 100 clients
    • On top of this, we upgraded Config Manager three times

    If we manged to move from legacy to front runner in 2 years, imagine where we will be in 2 years from now.

    “Change has never been this fast and will never be this slow again” – Graeme Wood

    What this all comes down to is building trust. Building trust in the organization and building trust in an ever-changing world.