Category: Modern Workplace

  • Key take-aways from Ignite 2020

    Key take-aways from Ignite 2020

    Ignite 2020 was a bit different from previous Ignite to say non the less. Instead of having an in-person event in New Orleans, the experience this year was a 100% digital.

    It was as always, a bit overwhelming with a lot of interesting sessions, but you didn’t have to walk between sessions. Oh, and the coffee was really good this year!

    Looking at what was covered from the modern workplace at Ignite this year there was one common theme. Remote working and the new normal that Covid-19 creates. There was a lot of talk about how the world has changed the playing field for remote work and that we might never go back completely to how it was before. Something that I find very intriguing since this is an areas I’m passionate about.

    If you would only watch two of the sessions from Ignite 2020, I would really recommend that you watch Satya Nadella’s keynote on Building Digital Resilience and Jared Spataro’s keynote on The Future of Work. Those two were really good!

    This was a year for refinements from device management. New options for what you can do during Windows Autopilot and Co-management/tenant attach. A lot of new things which will help a lot of companies on the road to transition from traditional management to modern management! If you want to geek out, here are all the Endpoint Manager related sessions, all the Teams sessions and all the Office 365 sessions.

    Microsoft Tunnel

    On of the things that really cought my eye on an early stage was Microsoft Tunnel, which is a Microsoft VPN solution without the need for any third party licenses. I think this will be very beneficial for scenarios where you are utilizing Microsoft solutions for VPN for Windows and don’t want to invest in additional services for your mobile devices.

    Microsoft Tunnel is in public preview and is available on iOS and Android. You can read all about it here.

    Microsoft Edge

    Microsoft has been pushing the new Edge for a while now, and for a good reason too!

    It’s a really good browser, built on Chromium but with Microsoft integrations. I’ve been using this browser since it first came out, and it’s really good now.

    Microsoft is pushing it even more now and was also highlighting the Internet Explorer compatibility mode.

    BUT the big thing for Ignite was Application Management for Edge on Windows 10 which brings the Application Protection Policy features from the mobile platforms to the desktop Edge browser. This means that you can manage just the application instead of the whole device. Additionally, Microsoft Edge will support the new Microsoft Endpoint Data Loss Prevention (DLP) service which will be launched in October from day one.

    There were a bunch of other improvements to Edge presented as well, you can read all about it here.

    Microsoft Teams

    If you think there were a lot of new improvements introduced for Microsoft Endpoint Manager, it was nothing compared to Microsoft Teams.

    It’s becoming increasingly clear that Microsoft Teams should not be considered a product, it’s a platform.

    There were so many new things ranging from power platform and low-code solution for automated workflows to improved meeting experiences and wellbeing.

    A few of the highlights that caught my attention were:

    • Breakout sessions
    • Custom layouts and new together scenes
    • Wellbeing and productivity insights
    • Improved first-line workers functionallity

    You can read more in details here.

  • What is Windows Autopilot – management edition

    What is Windows Autopilot – management edition

    There are A LOT of misconceptions what Windows Autopilot is. Today I will try to sort those misconceptions out.

    You have already heard a lot of different presentations about Windows Autopilot, why you should use it and why it’s so great. Because of that, I’ll leave most of those things out. This wont a technical post about what Windows Autopilot is, this will be more of the management edition of this.

    Windows Autopilot – the concept

    The basic theory behind Windows Autopilot is to streamline and take away time-consuming phases in the setup process of a corporate computer.

    In the “traditional world” you would need to be on the corporate network and press F12 on the computer to initiate the installation of your custom image, that your IT-guys built. This custom image of Windows contains all your customizations, drivers and settings are pushed through Group Policy Objects, also called GPO. Many companies requires the computer to be “known” before it’s installed and you do what is called a pre-stage where you create the computer account in the active directory (AD) and assign group memberships. This process can take from an hour up to a few hours based on your connection and size of image (it’s usually pretty big).

    In the world of Windows Autopilot, you take advantage of that the hardware manufacturer has already put a Windows 10 installation on the computer, with drivers installed from the factory (this is actually how computers are shipped even if you don’t use Windows Autopilot). Your vendor/partner/IT-department registers the computer hardware ID, which is unique to each computer, with your Microsoft tenant. Computer can also be joined to Azure AD groups based on this hardware ID.

    When the computer is launched the first time, the user will be greeted with “Welcome to Contoso” and then asked to sign in. When sign in is completed, the computer is registered in Microsoft Intune and settings and customizations are applied.

    This process is A LOT faster than traditional OS-deployment. The entire process and the computer are ready to use in 30-60 minutes (based on connectivity). All traffic is routed through the internet during setup and any connectivity to the corporate infrastructure can be routed through VPN if needed.

    If you do the math, you can deploy a whole lot of more computer for a lower cost using Windows Autopilot.

    Windows Autopilot – the reality

    This sounds pretty neat huh?

    But what is Windows Autopilot? Is it a completely new tool? Will it replace Microsoft Intune? What will my IT-technicians do, they spend 80% of the time installing computers today?

    Without getting to technical about this, Windows Autopilot is a new name on a bunch of things that has been around for a while. And some new features.

    Windows Autopilot is utilizing a lot of different technologies and should be viewed more as a workflow or a process rather than a technical feature. It combines the power of Azure AD, Microsoft Intune, and Microsoft Store for Business to provide a streamlined process for installing new computers. That’s about it.

    This means that Windows Autopilot is nothing else than an automated and standardized process of setting up computers for your company.

    However, from a technical point of view, there is a lot more things going on though. But this is the simple version.

    Key take-away

    The key take-away, and the thing to consider, around Windows Autopilot is if you need all the fancy switches and total customization you have with the traditional approach. Or would a lighter weight management do the trick for you? It probably will…

    There are of course some if’s and but’s around this, but in general there aren’t that much. Your users could get their computer delivered straight to them and set them up by login in, given that they have internet access at their location.

    There are options to prepare the computer for the user by having a technician do half the registration and setup to then re-seal the computer and ship it off to the user, if you want to minimize the amount of work being done by the end-user. This way, initial setup will be shorter for the end-user.

    If you view Windows Autopilot as an automated process to setup computers in your organization and not a technology, things get a lot easier. With that said, it won’t suite all your special situations for computers, but you will cover most cases for office-based work!

  • Why managed Android matters

    Why managed Android matters

    Looking at the Swedish market, most of the companies I meet are managing their devices. These devices are usually iOS/iPadOS devices since, let’s face it, iOS has been superior in the Mobile Device Management segment throughout the years since they have had more settings exposed to MDM than Android. This has however changed over the years and the difference is not at all the same as of let’s say 3-5 years ago.

    We can always discuss why platform A is better than platform B, but let’s not get into that. Everyone will have a separate opinion on this.

    Looking at where we are today, many companies I meet manage their iPhones and iPads but haven’t really gotten around to Android yet. It’s still in some sense viewed as a secondary platform and not something that is wanted (it’s one more platform to provide end-user support on for one thing).

    I fully respect this. However….

    Looking back at my previous posts about what tools people to expect to use in the workplace, we are seeing a lot of growing demand for Android devices.

    This could be out of personal preferences, the fact that the device is cheaper or the iPhone not being available in the market where the user lives. But this means that dodging the question of Android becomes harder and harder. And the later you get on top of Android, the harder the transition will be since Android is a lot different to manage compared to iOS/iPadOS.

    For Android, you have to options depending on your wants and needs. You have Work Profile and Device Owner.

    Management methods for Android

    You should AT ALL COST avoid using Device Administrator since this is a legacy protocol which will be decommissioned by Google.

    In this post I will not cover the dedicated devices method since this is meant for special adoptions and not regular end-users.

    Work Profile

    Work Profile is the most basic version of Android management and it has the least impact on already existing phones. Your users must download the Company Portal to enroll into Intune. This will create a separate “work sphere” where all corporate data will live.

    This is the easiest form of Android management and you can deploy applications, configurations, and compliance policies. The work data will be separated from the personal data, but there are some limitations around management. This is the easiest way to start managing your Android devices without too much user impact.

    Device Owner

    Device owner or fully managed is the full feathered version of Android management where Intune takes total control of the device. This is more like how the iOS devices would be in a supervised mode. This management method also enabled Google Zero Touch enrollment (or Samsung Knox) for easier user onboarding. But you can of course have your users scan a QR code on first launch.

    A huge benefit with this from a corporate perspective is that the user won’t need a Google account to enroll and download corporate applications. They can add a personal Google account, but it’s not needed to use it as a corporate device. Google accounts can otherwise be a hassle for less experienced user.

    Company-owned work enabled

    This version of Android management is when this blogpost is being written to officially launched, it’s still in preview.

    This is however a combination of Work Profile and Device owner management where you as an organization gains full control over the device (giving you more management capabilities) but corporate data and personal data is separated.

    This requires a device reset, just as device owner, but the user will get one corporate sphere and one personal sphere. The data is managed in the corporate sphere and left to the end users’ privacy in the personal sphere.

    In my view, this will be the more attractive version of Android management overall since you can have a separation between personal and corporate data.

    This method works extra smooth if you combine it with Google Zero Touch or Samsung Knox. If you don’t see a possibility to have this in place, you can of course have your users scan a QR code on first launch.

    Where should you start?

    Start small and start easy. If you have a lot of Android devices today, Work Profile is the best place to start. Having users reset their devices containing photos, apps etc. is not a popular thing to do. You could argue that it’s a corporate device and your users must comply, but this is not an effective way to build trust and getting the devices into management.

    If you have just a few devices and looking to introduce Android into your environment, Device owner or the new Corporate-owned work enabled method is the way to go. You will have fresh devices going in and the need for a reset doesn’t exist. Combine this with Google Zero Touch or Samsung Knox and you will have a killer user on-boarding experience!

    What are your thoughs on Android and where do you stand today? Comment below!

  • What is the difference between a user and a device?

    What is the difference between a user and a device?

    As I’m browsing through the Microsoft Q&A forum for Intune related question, there is one thing that I see which seems to be a quite common misconception. That misconception is the difference between what a user is and what a device is.

    It’s not that people don’t know the physical difference between what a user (a person) and a device (an object) is, it’s in the sense of how they differ in Intune management and the cloud world.

    Let’s try to sort this out, shall we?

    Definitions:
    • User noun – “A person who uses or operates something.”
    • Device noun – “A thing made or adapted for a particular purpose, especially a piece of mechanical or electronic equipment”

    Disclaimer: I’m trying to wright this extremely simple and basically assuming that the term user and device is not known.

    Who is the user?

    The user is the person who in your organization is consuming the services and using devices. Users are usually a 1:1 scenario, but you might also have service users and group users. Behind a user there is in most cases ONE person (the Microsoft license structure kind of assumes this as well).

    In an Intune context, the user is the person who uses the device. The user is in a the most common context tied to a specific device where the user is the primary user and owner of the device.

    A user might have multiple devices such as a computer, a phone, and a tablet.

    An Azure AD user

    What is the device?

    The device is the piece hardware which the services are consumed on. This can be a computer, tablet, or phone. The device must, in an Intune context, run any of the supported operating systems:

    • iOS
    • iPadOS
    • macOS
    • Windows 10
    • Android

    The device usually has one main user and owner, which is the one tied to the device in Intune and Azure AD.

    An Intune enrolled device

    What is the difference and why does it matter?

    But why does this all matter?

    The reason this is important is in how you in Intune would distribute configurations, compliance policies, applications and so on.

    When you distribute any of these in Intune, you get to select whether you want to assign this to users or devices. Without knowing the difference, knowing which option to select is hard.

    However, the item itself is never applied to the user. It is ALWAYS applied to the device. The assignment only decides on what devices to apply the item in question.

    If you assign to a device

    If you assign your e.g. configuration with a device centric approach, this means that the configuration will only follow that device. If the user uses another device, the configuration will not be present on the second device.

    If you assign to a user

    If you assign your e.g. configuration with a user centric approach, this means that the configuration will follow the user. If the user uses another device, the configuration will apply also to that device (given it’s applicable for the device type).

    The key take away

    It pretty much defines how your configurations, policies and applications are distributed and utilized.

    The conclusion of this is that, depending on what scenario you want to fulfill, you might have to assign things in different ways. There are also a few things that might make more sense in distributing in one way or another.

    One thing that is important to keep in mind around applications is however the fun topic of licensing. Depending on how you have licensed an application, you might have to distribute in a certain way. So that is something that is important to think about when purchasing applications.

  • The end of an era

    It has finally happened. The process of decommissioning the old trusty Internet Explorer has begun.

    Microsoft announced on the 17th of August that Micrsoft 365 will lose its support for Internet Explorer on August 17th, 2021. This is a quite tremendous change for many organizations, but it shouldn’t come as a surprise that Internet Explorer will be phased out eventually. Also, the “old” Edge will reach its end of life March 9th, 2021.

    M365_Edge_ProductTeams_0-1597603232572.png
    Image source: https://techcommunity.microsoft.com/t5/image/serverpage/image-id/212662i312B0747F33CC94E/image-size/large?v=1.0&px=999

    Back when Windows 10 launched, there were a lot of buzz around the new, improved, browser Edge. However, it never took of (I however really liked it). A lot of business systems where built back when Internet Explorer was the thing and not always have the effort been put into adopting it to modern web.

    With Windows 10, something called Enterprise Site Mode list was introduced, which was basically a XML list of sites where if you tried to go to them using Edge you would get redirected to Internet Explorer since that site was on your “not compatible” list for Edge.

    We used this to a limited extent at my previous employer, but Internet Explorer was the default browser since we had no clue what other systems would have issues if we transitioned to Edge (or Chrome for that matter).

    However, that was a few years ago and a lot has happened to Edge and there is a new Chromium (Chrome) based version out which is really good! And if you are a fan of the Chrome browser, but don’t want to have yet another browser installed to confuse your users, the new improved Edge is the way to go. It’s Chrome, but in a Microsoft shell (and you have Azure AD support without any extension).

    But what does this all mean?

    It means that it’s time to take the bull by its horn and start moving away from Internet Explorer as the default browser. The death of Internet Explorer is yet not announced in any shape or form but losing support for Microsoft 365 services is a major step in that direction.

    The first step you need to take is to change into modern browser as the default for all your users. Since I’m a Microsoft advocate, I would suggest looking at the new Edge if you haven’t done so yet.

    The new Edge comes for all supported Windows platforms, but also macOS, Android and iOS/iPadOS. You could have the same browser for all corporate web interactions on all platforms (and of course directing mobile devices traffic using Application Protection Policies).

    Also, deploying Microsoft Edge out to your clients is easy. If you are using Microsoft Intune to manage your devices, Edge for Windows is part of the “App type” to make it even easier to deploy.

    What is your default browser today and are you looking to shift to the new Microsoft Edge?

    Comment below!

  • While you were away…

    While you were away…

    Summer holidays are always fun, but it also means that I try to stay offline (at least form work stuff) to disconnect and recharge. Covid-19 is still around which means a lot of us will keep working remotely (and practicing social distancing) and this drives a lot of development in the modern workplace area.

    Except from the mandatory updates for the computer (and phone this time), there is some catching up to do. I´ve gathered some highlights of what was released during the summer:

    Some Teams updates with the long anticipated pop-out meeting feature: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-july-2020/ba-p/1551561

    And of course, one of the most exciting device news this year. The Surface Duo is officially launched: https://blogs.windows.com/devices/2020/08/12/available-for-preorder-today-surface-duo-is-purpose-built-for-mobile-productivity/

    Support for Hybrid Azure AD join though VPN in Windows Autopilot: https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-whats-new#new-in-windows-10-version-2004

    Preview in Intune for Android Enterprise corporate-owned devices with a work profile (COPE): https://techcommunity.microsoft.com/t5/intune-customer-success/intune-announcing-public-preview-for-android-enterprise/ba-p/1524325

    Microsoft Ignite will be an online experience which will take place 22nd to 24th of September: https://www.microsoft.com/en-us/ignite

    There has of course been a lot of other interesting news, but these are some of the highlights in my world!

  • The grey-area between work and private applications

    The grey-area between work and private applications

    (Originally published on LinkedIn)

    TLDR; Microsoft AppStore, consider making this available for your users to unlock their full potential.

    So, you have taken the leap over to Windows 10? (That’s awesome since support for Windows 7 ended 14th of January if you didn’t by additional extended support, I´m really hoping you did move).

    Windows 10 brings you a LOT of new features, services, ideas and challenges. One of those is the Microsoft Store which grants your users access to all kinds of apps and other things like themes and language packs.

    This is great, isn’t it?

    This is an interesting topic. On one hand you have the fear of more support and your users demanding support for things your IT department is not prepared nor staffed for. On the other hand, this is a hidden gem full of potential and users expecting things to work in a certain way. This post will cover that, but mostly on the end of “this is a great idea” rather than “lock that down, we don’t support that!”. I’m not in any way judging someone or saying “your decision is wrong”, more on the hand of giving the point of view from someone who was responsible for 35k clients and what I learned from that and form talking to customers, peers and friends who uses Windows 10 in a corporate setup.

    Disclaimer before I start. I will as usually oversimplify stuff (as the naive millennial I am), don’t care about network capacity and things like that. This will target an expected user behaviour and user expectations. Also, I’m aware that I’ve in some way or another discussed this with people who reads this and I’m not calling you out on any things mentioned in this in any shape or form, you inspired me to write this. I might also be neglecting any legal/licensing aspects of this.

    Microsoft Store – the difference between private and corporate

    But let’s start with the basics. What is Microsoft Store?

    Microsoft Store is a marketplace for applications, much like the AppStore/Google Play Store we know from our phone (I know MacOS also have this but I’m leaving that out for now). The store offers users to download applications to their machine from a trusted source (applications are checked by Microsoft before being published) and they can install these without privileged access (admin access). All applications are installed in a user-context and user A will never see user B’s applications. The risk or malicious code is extremely small.

    There is however one major thing to point out here, which is easily missed. There IS a distinction between your private sphere and your corporate sphere.

    If you download e.g. Spotify or Netflix, this application will be connected to your PERSONAL Microsoft account if you download it from the public part of the store. If you choose to download it without and account, it will still be connected to a “personal sphere”.

    BUT if you download an application from the business side of the store, this will be connected to your corporate account. To download things connected to your corporate account, you need to enable Microsoft Store for Business and this will give your users a new tab in the store called e.g. Contoso. Everything downloaded from this tab, will be connected to your organisation and you will have to obtain a license for it (free or paid). This requires your users to either sign in with their Azure AD account, you to enable hybrid join or the machine being only Azure AD joined.

    This means that Windows can keep track of what is private and what is corporate which means that you will only need to keep track of what YOU support.

    What if your employees are more productive if they listen to music? Should you block that on their computer? And what happens when you block e.g. Spotify on their corporate computer?

    Well, most information workers today have corporate issued smartphone… You didn’t restrict that app on those kinds of devices. So, your workers will consume that service, with a privately owned account, anyways on a corporate device…

    And to be honest, if you blocked this one their corporate phone, they would use their personal device instead (or even an old fashion radio).

    Enter the grey-area between work and personal life

    What does your user expect in the form of services, support and how to use their devices?

    User behaviour has shifted a lot since the dawn of device management. We are now entering 2020 and most people have some form of knowledge of how to use a computer or a phone. This means that the expectations are shifting and we at IT needs to adapt to this and understand that our users now know their way around a computing device (computer or phone). Concepts as internet, App-stores and browsers are not new, this has been around for about a decade (the Apple AppStore was released 12 years ago, in 2008). The next generation workforce is also entering the market, and now I’m talking about the Gen Z people who doesn’t know about the world without internet and computers. Millennials are entering their 30’s, time to move on and stop being scared of us.

    All this, and the fact that >80% of the population in Sweden have access to a smartphone, means that we need to expect more from our users today than we could 10-15 years ago. We can also expect that they know what services they need, e.g. Spotify might not be a corporate app but might be something that your users’ need to stay focused (and paying for them self). Simply put, we have more experienced users today and we need to meet their expectations, not limit them from reaching their full potential. Simply put, using a computer to perform tasks is not a new thing anymore.

    The use of such apps leaves a grey-area between what is work and what is personal. E.g. Spotify might be something your user is using to stay focused to do their work better, while paying for it as a personal service, and it’s not accessing any corporate data since its running in an isolated container (I’m intentionally leaving out network from this). Since this is a subscription service, purchased privately and consumed on personal devices, this won’t require any support from you and the user won’t expect it either. They application will also be “owned” by their personal account, not the corporate one.

    What do we support?

    One thing I’ve heard from several different customers/partners/peers is “What if they call and want support on application X, we must support whatever we allow on the device”.

    My usual answer to this is “Do you support Angry Birds on iPhone?”. The most common answer is no.

    Why? Well, it’s not a corporate app. Neither is Spotify, Netflix, WhatsApp, Messenger, Twitter is a corporate app. UNLESS you make it available in the Microsoft Store for Business.

    If you make it available in Microsoft Store for Business, that means that you as a company acquired a license for it and you actively made it available for the user. The same goes for applications from Apple AppStore (using VPP) and Managed Google Play. Any application you mark as a corporate approved application, you should expect your users to expect support on.

    What about everything else in the app-stores? Well simply tell your users that this is not an application approved for your company and they need to reach out to the application developer/vendor for support, its simply “not supported” by your organisation. Like I said earlier, you don’t support all +130 million applications in the iOS AppStore, do you?

    What does real life users expect?

    By talking to network of friends, customers, peers, and former co-workers. What do they say?

    Well it was a straightforward, non-statistical secured, answer:

    We do not expect IT to help us out with applications we obtain for “personal use”

    This means if they have problems with e.g. Spotify or any other applications which is not work relate nor sanctioned by/licensed by their employer, they won’t call IT. This is also something I can confirm as previously being the operations manager for the client platform in a global company, support for app-store apps is not a huge problem. And if you managed the expectations from your users in an effective way, you will be fine.

    Let’s face it, the way we use technology today is different from that it was 5-10 years ago. We need to adapt.

    The go-do…

    What’s the go-do from this? Well, I’m not saying that you should make this available for all users tomorrow but consider piloting this outside the comfort of IT and evaluate the outcome before deciding. This might be an appreciated addition to your offering towards your end-users.

    What are your thoughts? Do you see the app-stores on the different platforms as hidden potential or a potential support problem? Let me know in the comments.

  • Why should you care about your phones?

    Why should you care about your phones?

    (Originally published on LinkedIn)

    By now you have gone through several generations of different practices on how and why to manage your computers, through a Microsoft product such as #ConfigMgr or a third-party product like SpecOps. For Windows, managing the device is a standard procedure and most larger organizations have some sort of management.

    But what about your mobile devices such as your iPhones, iPads, and Samsung phones? Are those managed?

    Why should you manage your mobile devices?

    There are a lot of arguments why you should manage your mobile devices such as keeping an inventory, security, and ease of use.

    But why should you care? What’s in it for you?

    Knowing what devices you have in your organisation, who has them and if they are used are a few things that are increasingly important in a cloud-centric world. Devices are no longer only living on the corporate network, and the mobile devices never even made it there.

    Adding management to your mobile devices can provide you with many benefits:

    • You can keep track of what devices are used by whom
    • You can utilize a mobile device as a factor in multi authentication scenarios
    • Ease the access to corporate data for your end-users
    • Distribute software and settings (much like on Windows), making the user experience smoother.
    • Ensure that your corporate data is safe

    There are several other arguments for this as well.

    But to keep it short. You will gain control of what devices are used, by whom, in your organization. These devices are also most likely accessing corporate data, and it’s a clever idea to manage data on these devices (to minimize incidents).

    What’s in it for the user?

    So why would your users care about if their device is managed or not?

    A lot has happened since the iPhone was introduced back in 2007. The services available, the threat level, user behaviour and more. We have also gained a lot of possibilities during the last couple of years when it comes to mobile device management. There are constantly new settings being available to manage to make the end-user onboarding better. We can define email account, deploy corporate Wi-Fi credentials, install business-related apps and much more. But we can also enforce security measurements such as PIN-code and encryption.

    Lately, we are also able to set trust to a device, by registering it in Azure AD and by doing that claiming it to be trusted and not enforcing MFA each time it the end-user is trying to access the corporate sphere. Doing this will increase the user experience and at the same time ensure that you obtain a higher level of security since you know what device your data is accessed from.

    One other important thing in this for the end-user is that you can now remotely assist the user in case they lose their device PIN or need some other help. For some platforms, there are even remote tools through e.g. TeamViewer so that your support team can see what the user is seeing.

    So why should you care?

    Since the behaviour of the workforce is changing. The term “mobile-first” isn’t applicable anymore, but if you look at what devices people are using, they spend a lot of time with their smartphones. So why wouldn’t you secure this device and make it member of your IT environment? There is a lot of hidden potentials here, where you can provide a valuable experience throughout the whole life cycle of the device (from onboarding to decommissioning).

    Especially if you look at the younger generations of your workforce, they are more heavily dependent on their mobile device and if you are not on top of this on an early stage you will have a lot of catching up to do.

    And just to be clear, I’m not suggesting that you manage your mobile devices as you do with your on-prem computers. Adopt to what the mobile device management world looks like and protect the right things (data and identity), having the device locked down and not useful from an end-user point of view will only make your end-users find ways around it and you are back to square one.

    What are your thoughts on this? Leave a comment!

  • Evergreen – the road to stay current

    Evergreen – the road to stay current

    (Originally published on LinkedIn)

    I´ve touched on this in an earlier article, but it’s worth coming back to.

    When we talk about Evergreen, we often get stuck in talking about Microsoft products (Office, Windows, Config Manager), but “Evergreen” is larger than that.

    Keeping applications up to date is a challenge we struggle with like everyone else. There is basically always a newer version of our VPN client at any given time and the one we have in production does not support the latest Windows 10 feature release (this has for real been the case since we got started with servicing Windows). This is not the only one, there are several other examples of applications which are hard to keep up with.

    You might argue that we don’t need EVERY version of our VPN client, and that is true. We need the one compatible with our back end and the latest Windows version.

    But there are other applications which are working in the Evergreen context.

    In our IT environment, we have several other applications which have a lifecycle much like Windows or Office, but sometimes with an even higher pace.

    Two examples of these are Google Chrome and Adobe Creative Cloud. However, we don’t give them close to as much love as we do to the Microsoft application even though many have a crazy high penetration of Google Chrome usage without it being the default browser. Google updates Chrome every 6 weeks, that’s about 8-9 times a year. So, wanting to keep up with this and testing every release is a huge effort.

    One could also argue that a lot of web-based services are also evergreen, since they are constantly updated, a little bit at the time. Sometime smaller changes, sometimes bigger (like when Facebook changed their design a few years back and everyone went crazy). But taking this to a desktop world is where the new challenges lays for the corporate world.

    This is a vast area of improvement, realizing that the Evergreen spans outside the soft and cosy Microsoft bubble.

    My point is not to make a big complex process for every little application, but to take the evergreen concept with a bit more ease since the idea around this is not new, it’s been around quite some time for at least browsers.

    This might be a little bit over simplified, but for many of the applications you don’t need a big testing process for every update of e.g. the Windows 10 version or Office 365 release. Of course, for business-critical applications and applications with a lot of customizations/integrations, this is a good idea, but that can’t be most of your applications. By optimizing and prioritizing what applications you need to do application testing for, you will minimize the effort in moving between versions in an evergreen world. Think of it as application verification rather than application testing, since you want to make sure the application still works (which it most likely will).

    We could also twist it a bit. Your users are using a smartphone, let’s say an iPhone. Apps for that iPhone which comes from the store are updated on a regular basis, and you don’t really control when Microsoft wants you to update Outlook to a later version on the phone. But it still works even after being updated. Of course, there aren’t as many integrations toward mobile apps as for desktop apps, but I want to highlight the mindset in this.

    However, this also puts a great demands on the ISV, and you need to put more clear demands on your ISV’s to commit to this process when discussing and dealing with line-of-business applications.

    The world has changed, and we need to adapt to this, even if we think it’s scary and will give us a lot of extra work.

    And to loop back to a previous post again, to navigate the evergreen jungle, Desktop Analytics should definitely be your best friend in this since it can provide you really good insights about applications, drivers and much more!

    I hope this article inspired you to start looking into how you can get moving with the Evergreen concept within your organization, and feel free to leave a comment or send me a DM if you want to discuss this further!

  • Dare to break old habits in 2020

    Dare to break old habits in 2020

    (Originally published on LinkedIn)

    We all love email, don’t we? It’s such a fast and efficient way to communicate. You can just write your short message in the subject line and the person you send it to will see straight away what you wanted to ask…

    Okay, there might be some irony in that part.

    Emails are great, but not in communicating “one too few” in 2020, there are so many other great tools. We also have a new generation of workers showing up which don’t really get the whole email thing. We also have this whole thing with crowded inboxes. I’ve met people who have over 10 000 unread emails, and I bet you have too, so how would your email even be found or noticed in that case?

    So, what can we use instead?

    What if there were a tool which is based on chat, much like text messaging. Were you could easily share documents and you keep all conversation history? Oh, and group chats to include more people would be awesome!

    In fact, there are several tools which does this such as Microsoft Teams, Slack or Google Hangouts. But since I’m a strong Microsoft advocate, I’ll focus this article on the Microsoft product Teams.

    What is Teams?

    There is a lot of buzz around Teams, and have been for quite some time now and if you are not looking into it yet it’s time to get started since Skype for Business is going end of life in 2021.

    But what is Teams and how can you make use of it?

    Teams is a collaboration platform in the aspect of “one to one – one to few – one to many”, and keeping it focused to your team (virtual or organizational) and not your complete organization, but of course based on size and such. Teams is not a new social intranet; this is where Yammer comes into play if we speak Microsoft terms.

    Teams is heavily centralized around conversations and collaboration in different context. Conversations can either be private in chats or more public in a team where everyone in the team can participate (private channels are coming as well as presented at Ignite during Q1 of 2020).

    Collaboration can also take different shapes and forms in Teams. But to set the expectations right, Teams is based on SharePoint Online and shares the same access principles and collaboration feature set as SharePoint Online.

    Teams shouldn’t be looked upon as “yet another place” to look for news and updates, it should be considered as the hub where you keep track of things. The more conversation you move to Teams from especially email, the easier the transition will be. Also, this is your one stop shop for calls, meetings and chats which means this should be a part of your daily workflow!

    And yes, Teams is so much more than what I just wrote. But it’s an easy place to start and an effective way in to using the platform!

    So why should you care?

    Even if we all love sending email, it’s not an efficient way of communicating since we all know that feeling after a few days of and you have 200 new emails where most of it is “for your knowledge” or just irrelevant. There is also a significant risk that you miss something important and you will need at least a day to go through it all.

    Teams can help you gain more transparency and faster collaboration. You also get the benefit of traceability of all discussions you have had either in personal chats or larger forums, and its SEARCHABLE.

    Looking at the trend and buzz around Teams, it’s here to stay and is a more modern way to communicate. Emails will still have its place in the world, but not as we use it today. There is also a whole new generation out there who doesn’t really understand why one would use email to communicate since it’s not efficient.

    Let’s break the old habit in 2020 and send less email and more instant messages! It doesn’t have to be Teams since this is more a behaviour than a product. I promise you, both you and your users will find it more pleasing to get less emails!