olastrom.com

Tag: Modern workplace

  • Moving to cloud native

    Moving to cloud native

    Let’s imagine for a second that you are a large, global organization and you are managing the fleet of PCs.

    In a traditional setup you probably have a Configuration Manager server and probably a bunch of distribution points.

    On top of this, you each month must distribute security updates to all your global device estate. And make sure your golden image is patched. Not only this, you also need to maintain your infrastructure, keeping Configuration Manager up to date, the server it runs on and also all those distribution points. Not to forget troubleshooting when a distribution point stops and a region +8 hours from your time zone can’t PXE-boot computers.

    You have all heard the marketing pitch because cloud native is the future. But if we instead take an approach to discuss this from a business and operations perspective, we can find some other interesting angles.

    Background

    What I do in my professional life is mostly to advise and help customer moving to a cloud native platform for device management. I’ve been working with Microsoft Intune since 2013, so I’ve seen all the itterations of the platform. I’ve also seen what works and what didn’t work.

    Back in 2013, going cloud native was not a thing, even though Windows 8 acutally supported MDM enrollment. Back then we were more talking full management or light management. Intune was the light managed way doing things since there were simply not yet feature parity.

    Windows 10 brought a whole lot of new benefits to cloud. You could now argue that you could make the shift to Intune only and onboard using the new cool Windows Autopilot.

    Fast forward to 2025 and Windows 11. We now have feature parity in MDM polices vs GPOs (even if it’s not a 1:1 translation), and moving to the cloud is something everyone is talking about. Not everyone has moved, but from what you hear peers, customers and people within the community everyone is looking at “how should we do the transition”.

    Moving to cloud native is not only a “keeping up with the IT landscape”. It can also be a huge cost save for a lot of organizations. No more servers, no more imageing, no more maintaining images. It’s simply just more streamlined.

    Common pitfalls

    There are A LOT of pitfalls out there when it comes to moving to Intune. I thought I would cover a few which I tend to see more often. Not all of these are technical. Because to be 100% honest, the technology isn’t the biggest issue here.

    Doing things like we have always done

    Moving to cloud native means doing things in a new way. I’ve seen way to many attempts at moving to cloud native which fails because you don’t embrace change. An Entra ID/Intune managed device is not exactly the same as a Active Directory/ConfigMgr managed device. Gone are the days of imaging and GPupdate, we now have Windows Autopilot and syncing with Intune.

    Cloud native will mean that we will have to do things different, and it’s not bad. Just different. Many things we have done for the last 30 years with managing devices (yes, the first version of ConfigMgr called SMS 1.0 was release over 30 years ago in 1994).

    We need to embrace change and adopt the new ways of working. If we don’t do that, we will never reach all the way. This is where many project fails.

    Doing everything at once

    The cloud journey looks very different for all companies, even though we want to accomplish the same things. But doing big shift actually impacts user productivity and we need to be smart of what changes we introduce.

    Looking at Sweden, a lot of companies are combining their Windows 11 migrations project with a Cloud Native project. This is a great idea since we are doing a big shift in the client anyway. However, time is running out for Windows 10, so today we need to prioritize whats actually important.

    But splitting the cloud journey into smaller pieaces could be easier for many, but we can run a lot of these projects in parallel.

    Migrating everything

    Think about all your GPOs. You have built that over a larger number of years, probably mostly adding to it and never really done a cleanup. A lot of these policies might been configured for Windows 7, and operating system which was released in 2009. You probably don’t need to migrate those settings to your brand new Windows 11 platform since a lot does not apply in the cloud and many are even depricated.

    There is really no point in walking through each and everyone of your old setting, trying to find the Intune equalent for it. A much better idea is to look at what you had, implement either the Microsoft Security Baseline or the Open Intune Baseline. Then go look at your old environment or your security requirements and look for what is missing and what makes sense. There is a GPO analytics tool in Intune, but for experience I would say that starting over is a much better idea since you will leave all your Windows 7 and Windows XP settings behind!

    Setting the bar way to high

    One of the most common things I see when working with customers who are moving from ConfigMgr is like I mentioned, we don’t embrace change. But one more things is thinking that we need to make it perfect in our first Proof of Concept or Pilot, which isn’t really a realistic approach. You need to start somewhere, so find your minimum viable product (MVP). What do we need to have inplace to do a successfull pilot. What I’ve seen with the more successfull projects I’ve been involed in, this has been the MVP:

    • Windows Autopilot for onboarding
    • Security baseline
    • Wi-Fi
    • VPN
    • Base applications (the crucial ones for your pilot group)
    • Compliance policies

    One more thing to keep in mind when moving towards a cloud native client is that your pilot and initial rollout might not need to suite 100% of your users. You will have some more cumbersome scenarios like dependency on on-premises or problematic applications. Don’t let this stop you, instead have them in a later phase of your project. Put them on hold, just like you would do with Windows feature updates. Once you have completed your first scenario, move on to the next!

    Moving all extisting devices

    This is a controversial one. Eventhough it’s nice to have all your devices as cloud native, but the only way to migrate devices from hybrid to cloud native in a supported way is by resetting the device. And this might not be the most productive way of making this shift, since it means actuall downtime for the end-user.

    Microsoft recommends to keep hybrid devices in hybrid until they needs to be reinstalled or replaced. Since we can still move to a 100% Intune managed environment with hybrid devices, this could for larger organizations be a more cost efficient way of making the shift to Intune. Re-installting thousands of devices is time consuming.
    I’m not saying that you shouldn’t make the hard cut and re-install all your devices, but be aware of that there are alternatives eventhough it’s not a pure cloude native solution for all your exisiting devices going down this route.

    What’s your first action?

    But where should you get started? Well, making sure you have co-management/cloud attach enabled in Configuration Manager is a great first step, to enable the shift of workloads to the cloud.

    I would also recommend to start looking at setting up a small proof of concept or pilot in Intune, onboarding a few devices with the base applications and a first version of security baseline (use the Microsoft one or Open Intune Baseline mentioned earlier in the post). Register a few devices for Windows Autopilot manually and enroll them.

    Don’t make it to hard on your self, start small with the “simple” scenarios and let them test it. But set a strategy for this and make sure to track your progress and create a project of this. It’s a hard project to pull of as a line activity since there are a lot of moving parts, redesigning and new ways of working while you need to keep the light on for your production environment.

  • Hide the shutdown button in Windows 365 after update to Win 11 24h2

    Hide the shutdown button in Windows 365 after update to Win 11 24h2

    Some of you might have noticed that when updating a Windows 365 Cloud PC to Windows 11 24H2, the shutdown button appears out of nowhere in the start menu, which can cause some weird behavior for the end-users.

    Shutting down the Cloud PC isn’t really anything you should be bothered with. Restarting, yes, but if you do a shutdown, it will boot back up again within a few minutes.

    With the Windows 11 24H2 update to Windows 365, if you upgrade from an earlier Windows 11 version, this registry value will be reset.

    While I still encourage you to provide feedback to Microsoft, the fix for this problem is fairly simple!

    There are two ways we could go about addressing this. We could either create a configuration using the Settings Catalog or use proactive remediation. We will get the same result in the end, so it depends on how you like to do it. I will show you both ways in this blog post, and how you can configure it.

    Settings catalog

    In Microsoft Intune, head into Devices > Windows > Configuration and create a new configuration profile by clicking “+ Create“. Select Settings catalog as the profile type and click create.

    Give the profile a good name which makes sense in your environment.

    Search for “Start” and find “Hide Shutdown” in the list, then check the checkbox next to it. Close the fly-out.

    Make sure to enable the setting before moving to the next step.

    In my case, I will skip scope tags and move straight to Assignments, where I select “All devices” and filter out Windows 365 with a filter.

    Last step is to review and create the policy. And then you just need to wait for the policy to apply.

    Proactive remediation

    The scripts

    The easiest way to deploy a scripted solution for this is to use remediation, since then we can also get feedback on how many devices had this issue. We can have it continuously checking or just run once.

    But in order to set up a remediation, we need a detection and a remediation script (you could run everything in the detection script, but you won’t get any feedback if you want to run it more than once).

    You can find the scripts either on my GitHub repository or just copy them from here.

    Detection script

    # Created by Ola Ström, olastrom.com
# Date: 2025-01-21
# Version: 1.0

# PowerShell script to update the registry value

# Define the registry path and value
$registryPath = "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown"
$valueName = "value"

# Check the current value
$currentValue = (Get-ItemProperty -Path $registryPath -Name $valueName).$valueName

# Check the value and set the appropriate exit code
if ($currentValue -eq 1) {
    Write-Output "Registry value is set to 1."
    exit 0
} else {
    Write-Output "Registry value is not set to 1."
    exit 1
}

    Remediation script

    # Created by Ola Ström, olastrom.com
# Date: 2025-01-21
# Version: 1.0

# PowerShell script to update the registry value
$registryPath = "HKLM:\SOFTWARE\Microsoft\PolicyManager\default\Start\HideShutDown"
$registryName = "value"
$registryValue = 1

# Set the registry value
Set-ItemProperty -Path $registryPath -Name $registryName -Value $registryValue

Write-Output "Registry value updated successfully."

    Intune part

    In Microsoft Intune, navigate to Devices > Scirpts and remediations.

    Select “+ Create” in the ribbon and give your remedation a good name, then press next.

    Now we will add the detection and remediation scripts, which you need to save as PowerShell scripts on your device to upload to Microsoft Intune. Change the “Run script in 64-bit PowerShell” to yes, but leave all the other options at their default values and press next.

    On the Assignment tab, select your target group. I’m using “All devices” with a filter for Windows 365.

    On this step, you also set the schedule by pressing on the text “Daily”, which is the default value. You can then choose if you want it to run once, hourly, or daily.

    When you have selected your schedule, press next to review your settings before pressing create.

    And now we wait until the remedation runs…

    Monitoring the remediation

    You can follow up the progress of your remediation by checking the device status on the remediation you just created.

    In this view, you can follow up on individual devices and see how many devices were affected.

    If the script detects that the value is set to anything other than “1”, it will run the script to fix it, and you can see here if the issue was fixed or not. This is not dependent on whether the script runs on a schedule or just once; you will still get feedback if any issues were found.

    What happens on the Cloud PC?

    Both ways will give the same end result for the end-user: the shutdown button will disappear, removing the option to shut down the Cloud PC (which is good).

    Take aways

    I’m not saying that one way or the other is the correct way; it’s just different ways to address the problem. Both of them have advantages, where the settings catalog will set the value and always keep it that way, and the remediation will check if the value is incorrect and change it if needed.

    You can also reuse this script for other registry entries you would like to change, so feel free to reuse it!

  • 5 things you didn’t know you could do in Microsoft Intune

    5 things you didn’t know you could do in Microsoft Intune

    I thought I would share a few things you might not know that you are able to do in Intune, small things that might not be related to device management itself but you might not be aware off!

    As all of you know, Microsoft Intune is constantly changing, there are news and updates each week. This means that some of these things might change in the future, who knows!

    But let’s kick it off. Here are 5 things you didnt know you could do in Intune.

    Change language and region

    You have probably seen the settings icon in the top of the Intune portal, this is where you can access the portal settings.

    When you click the settings icon, you will be taken to the Portal settings pane of Microsoft Intune.

    As you can see, there are a lot of different things you can modify and control. E.g. if you have multiple directories or subscriptions you can change which your default is. This is also where you enable darkmode (if you are like me and prefer darkmode). But I though we would focus on the language settings.

    If we navigate to the “Language + region” pane, we can select which language we want the portal to be in. This settings is not a global setting, this only affect my session. Like many others, I prefer to use the English version of MS Intune (the translations in Swedish are a bit wild some times), but I still want my regional format to be Swedish. I can easily select my preferences here and just hit apply and it will refresh the session with a new language for me.

    If you are familiar with Azure or Entra, this works the same way!

    Modify the left side menu

    We probably all know and love the left side navigation menu, this is where we can select if we want to access devices or apps for example.

    But did you know you can customize this menu?

    If you navigate to “All services“, you will see a table of all the available services within Microsoft Intune, and if you look closely you will notice that there is a small star next to each service.

    By default today, all is marked except for “Surface Management Portal” and if you want easy access to that you can simply just star that one too and it will show up in the navigation menu.

    But let’s say I’m only interested in seeing devices, apps and groups, I can simply just mark them with a star and they will be the only one displayed in the navigation menu alongside with reports which we cannot remove.

    One other neat feature is that you can rearrange the order of the navigation menu by simply dragging the headings around if you want to sort the differently.

    Easily change between accounts

    If you are using multiple accounts in Microsoft Intune, there is a simple way to just change which account you are using. If you have ever worked in the Azure portal, this is the same functionality.

    Simply click your profile picture in the top right corner and sign in with a diffetent user. When you have signed in with an additional user, you can easily just switch by selecting that account.

    Access the PIM portal

    For most administrational roles, you use Microsoft Entra Priviledge Identity Management, or simply PIM, to grant the priviledged role that you will use in order for your account not to have that role all the time.

    This can be setup in many different ways, and you can even PIM Intune roles if you use group feature.

    However, you don’t need to go through the Entra portal to access your PIM roles. Simply navigate to Tenant Administration > Microsoft Entra Privileged Identity Management and you will reach the same portal.

    From here, you can simply activate your roles, or approve other requests.

    Shortcut to the Entra portal

    Last but not least, when we are on the topic of Microsoft Entra. Did you know that there is a shortcut to the Entra portal in Intune?

    Just navigate to All services in the navigation menu, and under “Other consoles” you will find Microsoft Entra.

    When you click that link, a new tab will open with the Entra portal!

  • Tip of the week – Push to unmute

    We have all been there. You are in a meeting, saying something smart, and everyone is just silent. Until someone says those dreadful words:

    “Hey Ola, I think you are on mute”

    I think you all know that feeling and you have to repeat yourself again, maybe losing your flow a little bit.

    Staying on mute while not talking in a Teams meeting is (or should be) the common practice for everyone to avoid unwanted background noises in meetings. But this also creates the need to remember to unmute when it’s your turn to speak. And we all know that “finding” the unmute button is sometimes hard…

    During January, a new shortcut was added which gives you the possibility to push down Ctrl + Spacebar (Windows) or Option + Spacebar (Mac) when you talk, and when you release the keys you will go back on mute again! To be honest, this might be my new favorite feature in Teams!

    This feature is on by default in Teams, but you can turn it of if you like by going to Teams Settings > Privacy and unchecking the Keyboard shortcut to unmute.

  • 7 things I learned working from home in 2021

    7 things I learned working from home in 2021

    This is somewhat of a forgotten post that got left behind in 2021, but I thought I would share this with you.

    Since 2021 has been somewhat of a semi-weird year, where we started seeing a way back to the offices but also faced new trends and buzzwords. My favorite ones during 2021 were “hybrid work” and “digital fabric”, both heavily used in the Microsoft world.

    I’m coming at this from a millennial’s perspective, maybe going back to my posts about being a millennial in the workplace.

    1. Hybrid meetings are here to stay

    Since we are seeing more people going back to offices, but in a more flexible way, hybrid meetings are here to stay! Hybrid means you will have people remote and in the room.

    This comes with a lot of new challenges and a “do’s and don’ts” worthy of a blog post of its own. But it´s clear that some things will be challenging in this and I would say it comes down to culture and good meeting manners. But also the fact that you need a Teams-link in every meeting and you most likely can’t do an old school whiteboard session like you are used to, because most of our conference rooms are that fancy yet.

    Having people remotely connected means that if there is a lot of people in the room, you can’t whisper things to your college since this will most likely be picked up by the mics in the room and you won’t hear the person actually speaking.

    Another thing that might be on the list of things you didn’t think of is if someone brought “fika”/pastry to the meeting for those in the room. This is fairly common in Sweden and is usually delivered in some kind of paper bag made for bread. So it makes A LOT of noise. This is a BIG problem if you join through Teams since all you will hear is that bag.

    Do have your pastry, even though I will be jealous, but please get rid of the bag before the meeting!

    2. Being at an office

    I’ve felt this before, but the pandemic and “the return to offices” has confirmed this and made my belief even stronger. If I’m going to an office I’m going there with a purpose. Not just because “that’s where I go to work”. This is a very personal thing, and I know a lot of people who prefer working from an office. But we are now seeing a shift in the “standard approach” and you are no longer the weird exception wanting to work remotely. If I look at the people I interact with daily, they are not based in the same part of Sweden as me anyway, so I won’t meet them at an office.

    There is a point of showing up and having social interaction, but if I want to get stuff done I’m way more productive at home. However, going in for meetings and workshops is extremely valuable, but then again I’m going to the office with a purpose.

    I keep coming back to this, some of my first posts touched upon this. During my time at Microsoft the phrase “work is not a place, it’s something you do” was something that was really pushed out. I think this is still relevant, and the pandemic has shown this.

    However, I’ve picked up kind of a new take on that quote which is “The endpoint is the new workplace, and the workplace is hybrid”. I will come back to this in 2022!

    3. Corporate life revolves around an office

    One thing I think was pretty clear when we were seeing the light at the end of the tunnel of the pandemic was that everyone got REALLY excited about going back to offices again. I was excited too, this meant that you could meet people again and do things face to face, which is important and meaningful. However, as I stated in the second point, this whole thing “business as usual” at the office and going there every day is not for me but I respect that people feel the need for this.

    The standard has always been that you show up at an office to work, working remotely has always been the exception. If you are the kind of person who thrives at an office, that’s great! But if you are the kind of person like me, whose stress is reduced significantly by not having to show up at an office every day, that should be okay going forward.

    The two years we have spent working remotely show that we can be just as productive and creative in a remote setup. Since not everyone is the same, we should in the future embrace that we are all different with different needs. Not everyone feels great about being at an office 5 days a week.

    Also, the coffee is usually better at home and the line to the microwave is a lot shorter.

    4. Hangout on Teams

    In my world, I’m really bad at small talk in general and I have always preferred chat over talk. I’m the generation that if I call you, it’s probably urgent (or I’m driving).

    However, working from home missing daily social interaction from others other than my girlfriend and dog have actually gotten me to value to call people or just connect to social team hangouts. I’m not always the person driving the discussion in larger groups, but I enjoy the company and listening in.

    I’ve actually increased the number of 1:1 calls I have with colleges discussing work and other stuff. I usually call people with a purpose, but I’ve caught myself calling people just to small talk. Big learning for Ola!

    5. I miss traveling for work

    I had a really intense period in a previous role traveling A LOT. I actually never counted the number of travel days I had per year, but I easily spent 3-4 days traveling per week during some periods.

    I was so done with traveling for work, and I wanted to settle for something more predictable being more in the same place all the time.

    Now I’ve reached a point where I actually miss traveling for work. Maybe not 4 days per week, but the occasional longer trip to see a customer or just attend a conference.

    I really miss that and I want to do more of that when we get more into a controlled Covid situation.

    6. I’m not used to people anymore

    I don’t consider myself as an introverted person, my conclusion is that I’m somewhere in between introvert and extrovert.

    But this whole thing with only meeting people through Teams has made meeting people IRL something that I get really exhausted by. It really drains my energy.

    We had a 1,5-day gathering with all the people who work at Advania Knowledge Factory and I basically needed a day to recover from just meeting people.

    Getting back to not being exhausted after meeting people several days in a row will take some time getting used to.

    7. Learn to stop working

    This is probably what I’m really bad at during the weekdays, but I try really hard NOT to be in front of the computer on the weekends.

    My typical day starts at around 9:00 am, most meetings tend to start then. I work until about 12:00 where I have lunch and take my dog for a walk, hopefully being back until 13:00 where after lunch meetings usually start.

    Then I’m stuck behind the computer until about 18:00 or something like that when it’s time to start cooking dinner. I might not do actually work that late, it usually involves catching up on tech news and community stuff.

    There is always one more email to reply to, one more blog post to read, and one more tweet to re-tweet. But learning when to stop is key and this is something I need to improve in 2022 to actually keep me sane. One thing that I’ve promised myself to actually start using is the virtual commute in Viva Insights. This is a really cool feature and the days when I’ve used it I’m more disconnected from work and can focus on other stuff. If you haven’t tried it yet, I really recommend you do!

  • Trying to understand Windows 365

    Trying to understand Windows 365

    You know, devices and new stuff are always fun. But what if you would provide a kick-ass, safe, Windows experience on any device without having to invest in infrastructure or administrative work? To semi-quote on of my all-time favourite TV-show: “Haaaave you met W365” (it’s supposed to be Ted, not W365).

    Have You Met Ted GIFs | Tenor

    I remember hearing about the new Windows Virtual Desktop at Ignite 2018 and thinking “Wow, this is sooo cool! Finally, someone simplified the complexity of VDI solutions a little!”

    It was not perfect, but it had potential! Up until then Azure hadn’t really provided any good solutions for Windows 10 based clients. You could run Windows clients if you imported an image, but it was far from great. It was more for playing around with Windows.

    Windows Virtual Desktop later became Azure Virtual Desktop, but it required a decent amount of work to set up initially. Don’t get me wrong, it’s super awesome given the flexibility it provides you could run anything on it. But it comes with a big challenge, especially if you are not familiar with VDIs. It requires a decent amount of configuration before you can get going. The Azure Virtual Desktop is however GREAT for scenarios where users don’t need a dedicated machine, their session can run in a host pool to make the most out of your Azure resources!

    Windows 365 enters the stage

    Microsoft announced Windows 365 during the summer 2021 (I remember noticing it during my summer vacation). I had a really hard time positioning this compared to the AVD solution, when should I pick what?

    But finally, the coin dropped for me. Windows 365 is for when you just need a virtual computer with no super specific needs (since the configurations are a set list). Like for instance you have a consultant working in your company who already has their own device which they can run a Windows 365 machine on, instead of you having to source and ship a physical device.

    Current sizing of Windows 365

    It also has the quite nice feature of being simple to assign and setup since you assign a provisioning policy and a license to the end user, and you are good to go! This is truly VDI made for the masses if you ask me.

    Of course, there are things you need to setup if you are running this in an enterprise, such as the network connectivity and on-premises domain connection (yes you sadly still need an on-premises AD and hybrid join for this in the enterprise setup, but AAD only is coming). You would also need to setup management profiles in Microsoft Intune or just reuse the ones you have for your physical machines. In Microsoft Intune, the Cloud PC is just a computer amongst all the others, but model will be Cloud PC instead of e.g. Surface Laptop.

    Coming from a device management background, I also really love that you manage everything from the Microsoft Endpoint Management portal, no other fancy tools needed or a need to find your way around the Azure portal!

    Who should use a Cloud PC?

    So, who is the Windows 365 Cloud PC for really? Saying everyone is not the wrong answer, but when you face reality and leave the marketing slides behind, you will notice that most of your users don’t need this. But some absolutely do, and those are in this case the interesting users.

    In the perfect of worlds, you could easily “only” have Cloud PCs and let your users use whatever device they want to access those. In an enterprise scenario, with a lot of history, which would not be feasible. At least not for your FTEs to start with unless you provide them with more lightweight devices and provide a beefier Cloud PC to do their work on.

    In the scenarios I mostly have seen and discussed, there is one main use case we are discussing, and that is consultants who already has a computer (or device for that matter) and instead of providing them with a 5-year-old computer which got put in the spare pile you give them a virtual machine which they can access from their PC. This scenario is also valid for providing consultants with a more basic PC and “beef” it up using a powerful Cloud PC.

    One thing I find useful is that you can run either Windows 10 or Windows 11 on it, you select the image yourself. This means that you could potentially have your physical machine on Windows 10 but run your virtual machine with Windows 11. This could be beneficial in a transition period from Windows 10 to 11 if you want to do some application testing without needing to re-install computers.

    I’ll keep exploring Windows 365, and I’m really hoping Ignite will bring more cool stuff around for it!

  • A millennial in the workplace – Covid-19 edition

    A millennial in the workplace – Covid-19 edition

    I’ve been struggling quite a lot with how to write this post to make it relevant and adding something to the discussion. I also really want it to be inspiring and not only my opinions and personal thoughts.

    The whole Covid-19 has really made me think about remote work and how the “new world” will look post Covid-19. It’s a hard topic to be concreate about since we are in the middle of the change.

    I’m positioning this as a part two of the “A millennial in the workplace” post from 2019.

    Oh, and the picture to this article is our new Chief Sunbathing Officer who takes her new role very serious.

    Work is changing

    Let’s face it, the work life is changing and a lot more sudden than most were expecting it to. The Covid-19 pandemic really challenged everyone to push their digital transformation in a much higher speed than some might have intended to. But also, the perception of remote work.

    Looking at this year’s Microsoft Ignite, the common dominator was remote work for the workplace area.

    When suddenly everyone had to start to work remotely, it wasn’t impossible anymore and we adopted to this situation. Even a lot of areas where it was deemed “not suitable” to work remotely suddenly were left without a choice and managed the situation.

    We are still not seeing the end of this, so a lot of things will still change!

    So where does this put us?

    One thing which tends to pop-up when this is discussed is “when we go back to normal people will be expected to come back to the office”. But what if this is the new normal? Or at least partially a new normal.

    Working from home has in my experience often been viewed as something you only do with special reasons, and often with approval from management. Now when Covid-19 is putting everyone in a situation where remote work is kind of then new normal, I’m strongly hoping to see a shift in the culture and mindset around this.

    One thing I tend to hear often is the argument that “the employees are not feeling well since they are isolated”, and I completely understand that. Working from home/remotely put new constraints on the social aspect of things, the natural interaction by the coffee machine does not exist in the same way. However, there are also people who feel stressed over the fact that they are expected to show up at an office at a given time every day based on “that’s how it’s always been”. So why adopt everything based on the people who like the office? That doesn’t really cut it in 2020 to be honest and the new policy Microsoft put out regarding their new remote work policy is spot on where “Offer as much flexibility as possible” is somewhat of the message of it. You can read more about it in this brilliant article or go straight to the source.

    The world is changing, and we had a shift about one hundred years ago where the eight-hour workday was enforced. After World War II most of the industrialized world had 40 hour works weeks. In Sweden, the 40-hour work week we see today were introduced in the 1950’s and introduced in the labour law in the 1970’s. (Of course, there are more to this from a legal and union perspective, but let’s leave all that). That was 50 years ago.

    Choosing where to work

    What is the point I’m grasping at?

    What I’m getting at is that there will be a before and after Covid-19. We have now proven that remote work is something that works, and we are still productive. So why do we feel the need to enforce everyone to go back to the office?

    I’m not saying that we should remove all offices and have everyone working from home. However, it should be up to each one to be trusted in choosing to work where they are the most productive. That could be the office but just as well from home. Or a combination which I believe strongly in based on choosing the office as a workplace and not the expectation “to show up”. Given that we all have a job to do, we are trusted in much more sensitive and important things than where we choose to do our job.

    This will put more trust in the employer and increase the sense of being trusted with that I can myself choose how I do my job. The old term “work is not a place, it something you do” fit very well into this context.

    Looking to myself and how I resonate around these things, I’m currently in a situation where I motivate why I go to the office rather than why do I work remotely.

    Work-life balance

    In my world, this comes down to one thing and that is work life balance. Even though I’m extremely passionate about what I do for a living, living is not only working in my world. There must be time for other things to relax and disconnect. There must be room for flexibility during my day, the sense of owning your own time.

    For me, work-life balance is about being able to control and own my own time. During Covid this has been a challenge to manage since working from home means that you never leave your workplace. But for me this is something I’ve learned to deal with. It also breaks up my workday into pieces giving me possibilities to do errands, go to the gym, walk the dog and such things during the day and work a little more focused during late afternoons. For me, late afternoons are where I’m the most productive while before lunch is a less productive period of the day (not to speak of 7:30 until 9:00).

    Conclusion

    To be honest, I don’t really know what the conclusion of this is since this is more my thoughts on the topic.

    The Covid-19 pandemic has proven that remote work is possible, and we are most likely seeing the new “normal”. There will for sure be a before and after Covid-19 and the work life will have to adopt to this.

    However, everyone is different. Some need to be at an office surrounded by other people or just can’t work from home. There is also the other group who are more productive remote and do not feel the need for an office in the same sense.

    You often see arguments that people need the office to perform and feel well as an argument that we need to get everyone back to the offices. But what about the other group of people who has been thriving during the last couple of months, where the trip to the office was a stressful moment. Are they less important or why are we expecting them to just adopt?

    I think the “Offer as much flexibility as possible” quote I mentioned in the middle of this post will play a key part even for companies which are not called Microsoft. People are now seeing that it’s possible to work remote and finding what is working for them. I think they key part as I view this, is to offer a flexibility where I as an employee is trusted with selecting where my office should be. If that is 100% at home, 100% at the office or a mix shouldn’t matter. Work is not a place, it’s something you do.

    This will be a cultural shift, not a technical shift. We have proven that our tools allow it, now we just need the corporate culture to allow it. For some, this change will happen fast while for others this will take time.

    However, my strong belief is this will be a key element for many companies to hire Millennials and GenZ going forward. Why should I join a company which requires me to come to an office, when the other offers me the flexibility to choose when I go to the office?

    These were my thoughts around this whole thing, what do you think?

  • While you were away…

    While you were away…

    Summer holidays are always fun, but it also means that I try to stay offline (at least form work stuff) to disconnect and recharge. Covid-19 is still around which means a lot of us will keep working remotely (and practicing social distancing) and this drives a lot of development in the modern workplace area.

    Except from the mandatory updates for the computer (and phone this time), there is some catching up to do. I´ve gathered some highlights of what was released during the summer:

    Some Teams updates with the long anticipated pop-out meeting feature: https://techcommunity.microsoft.com/t5/microsoft-teams-blog/what-s-new-in-microsoft-teams-july-2020/ba-p/1551561

    And of course, one of the most exciting device news this year. The Surface Duo is officially launched: https://blogs.windows.com/devices/2020/08/12/available-for-preorder-today-surface-duo-is-purpose-built-for-mobile-productivity/

    Support for Hybrid Azure AD join though VPN in Windows Autopilot: https://docs.microsoft.com/en-us/mem/autopilot/windows-autopilot-whats-new#new-in-windows-10-version-2004

    Preview in Intune for Android Enterprise corporate-owned devices with a work profile (COPE): https://techcommunity.microsoft.com/t5/intune-customer-success/intune-announcing-public-preview-for-android-enterprise/ba-p/1524325

    Microsoft Ignite will be an online experience which will take place 22nd to 24th of September: https://www.microsoft.com/en-us/ignite

    There has of course been a lot of other interesting news, but these are some of the highlights in my world!

  • The grey-area between work and private applications

    The grey-area between work and private applications

    (Originally published on LinkedIn)

    TLDR; Microsoft AppStore, consider making this available for your users to unlock their full potential.

    So, you have taken the leap over to Windows 10? (That’s awesome since support for Windows 7 ended 14th of January if you didn’t by additional extended support, I´m really hoping you did move).

    Windows 10 brings you a LOT of new features, services, ideas and challenges. One of those is the Microsoft Store which grants your users access to all kinds of apps and other things like themes and language packs.

    This is great, isn’t it?

    This is an interesting topic. On one hand you have the fear of more support and your users demanding support for things your IT department is not prepared nor staffed for. On the other hand, this is a hidden gem full of potential and users expecting things to work in a certain way. This post will cover that, but mostly on the end of “this is a great idea” rather than “lock that down, we don’t support that!”. I’m not in any way judging someone or saying “your decision is wrong”, more on the hand of giving the point of view from someone who was responsible for 35k clients and what I learned from that and form talking to customers, peers and friends who uses Windows 10 in a corporate setup.

    Disclaimer before I start. I will as usually oversimplify stuff (as the naive millennial I am), don’t care about network capacity and things like that. This will target an expected user behaviour and user expectations. Also, I’m aware that I’ve in some way or another discussed this with people who reads this and I’m not calling you out on any things mentioned in this in any shape or form, you inspired me to write this. I might also be neglecting any legal/licensing aspects of this.

    Microsoft Store – the difference between private and corporate

    But let’s start with the basics. What is Microsoft Store?

    Microsoft Store is a marketplace for applications, much like the AppStore/Google Play Store we know from our phone (I know MacOS also have this but I’m leaving that out for now). The store offers users to download applications to their machine from a trusted source (applications are checked by Microsoft before being published) and they can install these without privileged access (admin access). All applications are installed in a user-context and user A will never see user B’s applications. The risk or malicious code is extremely small.

    There is however one major thing to point out here, which is easily missed. There IS a distinction between your private sphere and your corporate sphere.

    If you download e.g. Spotify or Netflix, this application will be connected to your PERSONAL Microsoft account if you download it from the public part of the store. If you choose to download it without and account, it will still be connected to a “personal sphere”.

    BUT if you download an application from the business side of the store, this will be connected to your corporate account. To download things connected to your corporate account, you need to enable Microsoft Store for Business and this will give your users a new tab in the store called e.g. Contoso. Everything downloaded from this tab, will be connected to your organisation and you will have to obtain a license for it (free or paid). This requires your users to either sign in with their Azure AD account, you to enable hybrid join or the machine being only Azure AD joined.

    This means that Windows can keep track of what is private and what is corporate which means that you will only need to keep track of what YOU support.

    What if your employees are more productive if they listen to music? Should you block that on their computer? And what happens when you block e.g. Spotify on their corporate computer?

    Well, most information workers today have corporate issued smartphone… You didn’t restrict that app on those kinds of devices. So, your workers will consume that service, with a privately owned account, anyways on a corporate device…

    And to be honest, if you blocked this one their corporate phone, they would use their personal device instead (or even an old fashion radio).

    Enter the grey-area between work and personal life

    What does your user expect in the form of services, support and how to use their devices?

    User behaviour has shifted a lot since the dawn of device management. We are now entering 2020 and most people have some form of knowledge of how to use a computer or a phone. This means that the expectations are shifting and we at IT needs to adapt to this and understand that our users now know their way around a computing device (computer or phone). Concepts as internet, App-stores and browsers are not new, this has been around for about a decade (the Apple AppStore was released 12 years ago, in 2008). The next generation workforce is also entering the market, and now I’m talking about the Gen Z people who doesn’t know about the world without internet and computers. Millennials are entering their 30’s, time to move on and stop being scared of us.

    All this, and the fact that >80% of the population in Sweden have access to a smartphone, means that we need to expect more from our users today than we could 10-15 years ago. We can also expect that they know what services they need, e.g. Spotify might not be a corporate app but might be something that your users’ need to stay focused (and paying for them self). Simply put, we have more experienced users today and we need to meet their expectations, not limit them from reaching their full potential. Simply put, using a computer to perform tasks is not a new thing anymore.

    The use of such apps leaves a grey-area between what is work and what is personal. E.g. Spotify might be something your user is using to stay focused to do their work better, while paying for it as a personal service, and it’s not accessing any corporate data since its running in an isolated container (I’m intentionally leaving out network from this). Since this is a subscription service, purchased privately and consumed on personal devices, this won’t require any support from you and the user won’t expect it either. They application will also be “owned” by their personal account, not the corporate one.

    What do we support?

    One thing I’ve heard from several different customers/partners/peers is “What if they call and want support on application X, we must support whatever we allow on the device”.

    My usual answer to this is “Do you support Angry Birds on iPhone?”. The most common answer is no.

    Why? Well, it’s not a corporate app. Neither is Spotify, Netflix, WhatsApp, Messenger, Twitter is a corporate app. UNLESS you make it available in the Microsoft Store for Business.

    If you make it available in Microsoft Store for Business, that means that you as a company acquired a license for it and you actively made it available for the user. The same goes for applications from Apple AppStore (using VPP) and Managed Google Play. Any application you mark as a corporate approved application, you should expect your users to expect support on.

    What about everything else in the app-stores? Well simply tell your users that this is not an application approved for your company and they need to reach out to the application developer/vendor for support, its simply “not supported” by your organisation. Like I said earlier, you don’t support all +130 million applications in the iOS AppStore, do you?

    What does real life users expect?

    By talking to network of friends, customers, peers, and former co-workers. What do they say?

    Well it was a straightforward, non-statistical secured, answer:

    We do not expect IT to help us out with applications we obtain for “personal use”

    This means if they have problems with e.g. Spotify or any other applications which is not work relate nor sanctioned by/licensed by their employer, they won’t call IT. This is also something I can confirm as previously being the operations manager for the client platform in a global company, support for app-store apps is not a huge problem. And if you managed the expectations from your users in an effective way, you will be fine.

    Let’s face it, the way we use technology today is different from that it was 5-10 years ago. We need to adapt.

    The go-do…

    What’s the go-do from this? Well, I’m not saying that you should make this available for all users tomorrow but consider piloting this outside the comfort of IT and evaluate the outcome before deciding. This might be an appreciated addition to your offering towards your end-users.

    What are your thoughts? Do you see the app-stores on the different platforms as hidden potential or a potential support problem? Let me know in the comments.