Kurt Shintaku's Blog

There’s a fascinating post written on “The Art of the Possible” blog around the topic of whether or not IT permits end users to create their own Microsoft Teams sites.

Here’s the intro:

Are you here looking for an answer to the question in the tile? If you are Microsoft partner helping our customer implement Teams or our customer in the process of implementing Teams, then it is likely this topic is being discussed. Almost every customer I work with asks me what other customers are doing about Teams provisioning? Are others allowing end users to create a new Team as and when they need or is there a review and approval process?

Few years back, this question was not even asked in large enterprises. In recent years, organizations have developed processes for provisioning SharePoint sites and file shares. This process usually included request from end user, followed by review and approval by IT prior to provisioning an additional content store. Then why this question now? What has changed that has prompted IT to even consider if end users should be allowed to create a new Team without any review and approval?

To understand this, lets understand why organizations have a process in place for provisioning:

…

Read more at the blog post:

• BLOG: Analysis: Who creates a new team in Microsoft Teams – End user or IT?
  https://blogs.msdn.microsoft.com/arbindo/2018/05/01/analysis-who-creates-a-new-team-in-microsoft-teams-end-user-or-it/

There’s an interesting debate between end users & IT pros orchestrated by the blog authors, BTW, that goes over this exact topic:

Enjoy hands-on learning on your schedule with our free, Self-paced Labs, and keep your cloud knowledge fresh.

There are 244 labs that you can execute online at no cost to you, complete with remote Virtual Machines, portal access, lab manuals, etc.

Here’s a sample:

• Getting Started with Azure Virtual Machines
• Advanced Azure Virtual Machine and Compute
• Manage, Secure, and Optimize migrated Azure workloads
• Monitor and Analyze Cloud Resources with Log Analytics and Application Insights
• Migrating assessed workloads with Azure Site Recovery
• Assessing on-premises VMware environments with Azure Migrate
• Building Intelligent Bot using Azure Web App Bot Service and Cosmos DB
• Microsoft Azure Administration for AWS Administrators
• …

Try out the labs here!

• TRAINING: Self-paced Hands-on Labs… online!https://www.microsoft.com/handsonlabs/SelfPacedLabs

Got a Surface Pro 3?  Have you updated the TPM module’s firmware?  Get ready for some big fun, if not. 

There’s a vulnerability in TPM that was reported a while ago that requires an update to the TPM chip firmware from 5.0.1089.2 to 5.62.3162.2.  Doing so is really laborious.

Because TPM touches certificates & the drive encryption, it’s a fairly involved & carefully orchestrated process that can take 30 minutes or more.  It involves:

1. Downloading & installing an Update tool to the local machine
2. Running the tool to format & create a bootable USB drive then unplug the drive
3. Suspend Bitlocker on your machine (Super critical step!)
4. Go into the UEFI boot menu of the Surface (Volume UP+Power)
1. Delete all Secure Boot Keys
2. Disable Secure Boot Control
3. Save the configuration
5. Reboot the computer (It will display a RED boot screen) then shut it down.
6. Plug in & boot up the bootable USB drive that was created (Volume DOWN+Power)
7. Update the TPM firmware using the steps from the booted USB key
8. Boot up Windows & verify that the TPM chip has been properly updates through TPM.MSC
9. Shutdown the PC & boot into the UEFI menu (Volume UP+Power)
10. Enable Secure Boot Control
11. Install Factory Default Keys
12. Resume Bitlocker
13. Reset Windows Hello for Business PIN by deleting the certificate container for Hello (certutil –deleteHelloContainer)

WHEW!
Not gonna lie – this isn’t for the light hearted.  I was very surprised that this process was what was required.

For detailed instructions, go to the following page:

• Surface Pro 3: Install and use the Surface Pro 3 Trusted Platform Module (TPM) update tool
  https://support.microsoft.com/en-US/help/4100374

NOT JUST FOR SURFACE DEVICES
While I described the hair-raising process that is required for Surface Pro 3s, this is technically required for ALL devices that have a TPM chip from what I understand – including Surface Pro 4, Surface Book, etc. although there are different less involved processes for those.

There are instructions available for this update for various hardware vendors including HP, Lenovo, Toshiba, Acer, Fujitsu, Panasonic, and others, on the Microsoft Support site so head on over there to see what the process is for your machine:

• Update your security processor (TPM) firmware
  https://support.microsoft.com/en-us/help/4096377/windows-10-update-security-processor-tpm-firmware#firmwareupdates

A few months ago Paul Bowden, a Software Development Engineer from Microsoft for Office Deployment & Manageability did a presentation on “Deployment & Management of Office 365 ProPlus on Mac”.

I’ve not seen this information elsewhere so I thought I’d post his presentation here:

1. Office for Mac Community links and sites for more info
2. Native applications on the Mac versions, sizes, and contents of each app
3. Benefits of deployment architecture
4. How to deploy the bits in the enterprise
1. Deploying Office with Jamf
5. Deployment source automation (cached vs ondemand)
6. Network endpoints
7. Activation and licensing
8. License storage & conversion
1. VL to O365 license conversion
9. Office for Mac update channels
10. Update cadence recommendations
11. Microsoft AutoUpdate (MAU)
12. MAU caching server
13. Roadmap
1. Today’s current deployment model of 4GB pagages
2. The future of Office update management
14. Deploying application settings
1. Comparisons with Office on PC/Windows

Grab the deck here:

• DOWNLOAD: Deployment & Management of Office 365 ProPlus on Mac
  https://1drv.ms/p/s!Ao0Dfn8MQdoArP4zWvo9SAuDu2p5TQ

[I’ve shared this before but it’s been updated a bit and is a worthwhile companion to the “Azure Strategic Implementation Guide”]

"Azure Onboarding Guide for IT Organizations”, is a popular document for our customers in IT and is usually a good resource to review top to bottom as a starting point to understanding the considerations to adopting Azure cloud services as an organization.

It covers:

1. Moving to the cloud
2. Managing security, compliance, and data privacy
3. Azure enterprise administration
4. Integrating Azure into the corporate network
5. Extending Active Directory to Azure
6. Operating Azure IaaS Services
7. Migrating existing services to Azure
8. Offering management for cloud-based services

(When you review it, you’ll notice that it’s more tactical as opposed to the eBook I shared earlier entitled, “Azure Strategy & Implementation Guide” making it a good guide for IT pros.)

• DOWNLOAD: "Azure Onboarding Guide for IT Organizations"
  https://azure.microsoft.com/mediahandler/files/resourcefiles/d8e7430c-8f62-4bbb-9ca2-f2bc877b48bd/Azure%20Onboarding%20Guide%20for%20IT%20Organizations.pdf

Gartner Group just published a analysis report on Microsoft Teams entitled, “Why Microsoft Teams Will Soon Be Just as Common as Outlook”. 

It is only available to Gartner customers & subscribers however the table of contents alone is a fascinating overview of questions that I’m sure many people have about Teams and it’s role in enterprise collaboration.

Taken from summary:

Microsoft Teams is playing an increasingly unifying and expanding role in Office 365. This report guides technical professionals on getting the most value out of Teams, analyzes Teams’ impact on the rest of Office 365, and assesses Teams’ strengths and weaknesses.

…

Download the report here if you are a Gartner subscriber:

• Gartner: “Why Microsoft Teams Will Soon Be Just as Common as Outlook”
  https://www.gartner.com/doc/3879669/microsoft-teams-soon-just-common

Our LinkedIn subsidiary announced that military spouses will be eligible to receive LinkedIn Premium upgrades, including access to the LinkedIn Learning library. (Many assets formerly from the acqusition of Lynda.com)

Faced with frequent moves and deployments, military spouses have a unique challenge when it comes to growing their careers – in fact, they are four times more likely to be unemployed than their civilian counterparts. In order to help set them up for success, re-skilling and re-training are key as well as identifying remote and flexible work options.

To help solve this pressing challenge, LinkedIn is expanding our military and veterans program to include military spouses through a new partnership with the U.S. Department of Defense’s Spouse Education and Career Opportunities program. Beginning this July, we’ll provide one year of LinkedIn Premium to every military spouse during each of their moves to new installations to help their career transitions, and once again upon conclusion of military service.

This will include free access to our online library of more than 12,000 LinkedIn Learning courses, including our newly-launched learning path designed to help military spouses succeed in flexible, freelance, or remote work opportunities. We’ll be working to foster this community through the DoD’s growing military spouse LinkedIn group, as well as directing employers to this community as a top source of talent.

Read the entire announcement here.

• ANNOUNCEMENT: Welcoming Military Spouses to LinkedIn’s Military and Veterans Program
  https://blog.linkedin.com/2018/june/11/welcoming-military-spouses-to-linkedins-military-and-veterans-program
• ANNOUNCEMENT: DoD Partners With LinkedIn, Offers Military Spouses Free Membership
  https://www.defense.gov/News/Article/Article/1554303/dod-partners-with-linkedin-offers-military-spouses-free-membership/

For details on how to enroll, check out the Spouce Education & Career Opportunities site on Millitary OneSource at:

• SECO – LinkedIn Premium
  https://myseco.militaryonesource.mil/portal/content/view/8256

Azure compliance offerings are based on various types of assurances, including formal certifications, attestations, validations, authorizations, and assessments produced by independent third-party auditing firms, as well as contractual amendments, self-assessments, and customer guidance documents produced by Microsoft.

Each offering description in this document provides an up to date scope statement indicating which Azure customer-facing services are in scope for the assessment, as well as links to downloadable resources to assist customers with their own compliance obligations. Azure compliance offerings are grouped into four segments: globally applicable, US government, industry specific, and region/country specific.

Download the paper here.

• WHITEPAPER: Overview of Microsoft Azure Compliance offerings (.PDF, 56pgs)
  https://gallery.technet.microsoft.com/Overview-of-Azure-c1be3942

Recently, I’ve received several requests to help a customer deploy “Windows Defender for the Enterprise”, provide great management & reporting, and otherwise displace their existing solution on their desktops & servers.

Here are a few articles online that help provide background on how to use & deploy Windows Defender in the Enterprise:

• Why Windows Defender Antivirus is the most deployed in the enterprise
  https://cloudblogs.microsoft.com/microsoftsecure/2018/03/22/why-windows-defender-antivirus-is-the-most-deployed-in-the-enterprise/
• Example scenario: Using System Center Endpoint Protection to protect computers from malware in System Center Configuration Manager
  https://docs.microsoft.com/en-us/sccm/protect/deploy-use/scenarios-endpoint-protection
• Evaluate Windows Defender Antivirus protection
  https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus

Here are some presentations from Microsoft Ignite that may also help people understand Windows Defender:

• Next Generation Malware Detection with Windows Defender
  https://channel9.msdn.com/events/Ignite/2015/BRK2327
• Protect your endpoints from malware threats with Windows Defender and System Center Endpoint Protection
  https://channel9.msdn.com/events/Ignite/2016/BRK2205
• Explore Windows Defender Instant Protection
  https://channel9.msdn.com/events/Ignite/2016/THR2195R

Announcing the Azure Active Directory password protection Ask Microsoft Anything (AMA)!

An AMA is a live online event similar to a “YamJam” on Yammer or an “Ask Me Anything” on Reddit. This AMA gives you the opportunity to connect with members of the product engineering team who will be on hand to answer your questions and listen to feedback.

Join the Azure Active Directory team on the Microsoft Tech Community to discuss the public preview of Azure AD Password Protection and Smart Lockout announced here. The AMA will begin on Thursday, June 28th at 9am PT in the Azure Active Directory AMA group. 

• DATE/TIME:
  June 28th, 2018 9-10AM PT
• ADD TO CALENDAR:
  https://aka.ms/aadama/invite
• LOCATION:
  https://aka.ms/aadama