Brad Sams

Forum Replies Created

Viewing 30 posts - 1 through 30 (of 37 total)
  • Author
  • Brad Sams
    Brad Sams

    You can find an audio replay, here.

    Mary Jo Foley: 00:00 Hi, you’re listening to the MJFChat show. I am Mary Jo Foley, aka your community magnet. I am here to interview tech industry experts about various topics that you, our readers and listeners want to know about. So today’s MJF chat is going to be all about the windows subsystem for Linux WSL. and my special guest today is Microsoft program manager of WSL Craig Loewen. Welcome Craig and thank you so much for doing this. Chat with me.

    Craig Loewen: 00:37 Hi. Thanks for having me.

    Mary Jo Foley: 00:39 I’m excited. For people who don’t know, and if you don’t know what WSL is, I don’t know what rock you’ve been living under , but WSL is what lets developers run a Linux environment, including most command line tools, utilities and apps directly on Windows 10 and Windows Server. I remember when Microsoft first introduced WSL in Windows 10 in 2016 it was kind of more of an Linux interface at that point designed in partnership with Canonical. But Microsoft has been busy rearchitecting WSL with WSL 2 so that it actually will provide a Microsoft written Linux kernel running in a lightweight virtual machine that’s based on the subset of Hyper V. Some big changes are coming up, Craig.

    Craig Loewen: 01:31 Oh yes. Yeah. I am very excited.

    Mary Jo Foley: 01:34 And so our readers, because this chat got tons of reader questions, which I take as a good thing. It means it’s a very hot topic.

    Mary Jo Foley: 01:44 So I am just going to jump right in and read off some of these reader questions and let you take it from there.

    Craig Loewen: 01:52 Perfect. Sounds great. Okay.

    Mary Jo Foley: 01:54 So a reader Nunix who also goes by WSL Corsair, in the forums on Petri says, will it be possible in a future release or in some future release to attach additional VHDs and WSL 2 or beyond. And the reason he is asking this is he says WSL 2 is a perfect platform for learning Linux and attaching additional disks could help in quote playing with raid or even LVM functionalities.

    Craig Loewen: 02:28 Yes, that’s a great question. I’m familiar with Nuno so glad that we’re getting that up from him and we’re looking into that as a future request. It’s something that we’re definitely aware of. So as of today, if you have a virtual hard disk like an EXT 4 formatted hard disc on your machine, you can attach, you can mount that as a virtual hard disk and the ask there is to have a physical hard disc that you can also mount inside into WSL. We’re looking into the possibility of that.

    Mary Jo Foley: 03:01 Okay. So stay tuned. Basically might happen. Hopefully will happen. Cool. Okay. Another reader question. Ben, the builder asked will WSL to support native Docker and do you have any insight into whether we’ll be able to leverage WSL to for running Linux containers via Docker for windows natively versus using Moby VM?

    Craig Loewen: 03:31 That is a great question. Yes, we’re actually really excited to say that as you mentioned, WSL 2 includes a full Linux kernel. That means it has a hundred percent system called compatibility. So you can run the Linux version of Docker directly in WSL 2, right away. So when you install and run your Boone for instance, you can just install Docker the same way you would on a Linux machine and get access to that right away. So Linux containers, are really simplified with that process inside WCL too, which is really exciting.

    Mary Jo Foley: 04:02 Cool.

    Craig Loewen: 04:03 Even more exciting than that, we actually have also been communicating with the Docker desktop for Windows team. And so they are the team that’s responsible for that mobile Linux VM that was mentioned in the question. And very quickly how the architecture works for that is you download a Docker desktop for Windows, which is a .exe and has some other components.

    Craig Loewen: 04:26 And when you run that, it spins up a VM, like a virtual machine on your windows box. And that’s was for the past. While how, um, Linux containers on Windows worked with Docker desktop for windows. And what they’ve done is they’ve released a tech preview. They being the Docker desktop for windows team, they’ve released a tech preview that targets WSL 2 on the backend. So instead of having them, we’ll be Linux VM, it targets WSL too, and adds basically some WSL to distros to your machine, that where that make all your containers run. So your containers run inside there. And that’s really exciting because there’s tons of performance improvements with this architectural change, such as the startup time goes from 45 seconds to five seconds, much better CPU and memory allocation and way better network access. And so the Docker desktop for windows team was really excited and to start using WSL 2 and start releasing more tech previews with it.

    Mary Jo Foley: 05:28 Hmm. Very cool. You know what I missed, at the beginning of this chat and not asking you a little bit more about you and I’m going to ask you that now because now we’re going to get into some articles with, I’d like to hear Craig’s thoughts on dot, dot, dot. So before I ask you those questions, could you tell the listeners a little bit about how you came to be the program manager for WSL?

    Craig Loewen: 05:53 Yeah. So I went to the university of Waterloo, so I’m Canadian eh.

    Mary Jo Foley: 05:58 You hide it well though. I barely noticed.

    Craig Loewen: 05:58 I haven’t dropped any “ehs” yet. I had the opportunity to intern at Microsoft and so I had an internship two years ago or three years ago. And I worked with the Windows Console Team and the Windows subsystem for Linux team, which were pretty much the same thing at that point. And I came back for full time work. So now I live in Redmond, Washington and I work full time on the Windows Subsystem for Linux directly. So that’s kinda be my path on how to get there. My background is actually in robotics engineering, so I studied mechatronics, which sounds like a transformer. That’s been where what I studied at university, but now I do Windows Subsystems full time.

    Mary Jo Foley: 06:48 Very cool. Okay. So I wanted to ask you that before I ask you this next question, which is very much an opinion question. Reader Joseph Finney says, I’d be curious to hear Craig’s thoughts about an article from the founder of Basecamp on his attempt to return to Windows after 20 years because it now can have a Linux command line. So he’s talking about this article that got published on, from the founder of Basecamp and about just what he said, returning to windows after 20 years. And so Joseph says in that article, the author finds WSL too slow and limited for his needs as a Ruby on rails developer. So he ends up going back to the Mac. So he’s asking your opinion on this article and whether you’ve read it or not, I think you could still comment on, you know, the claim that it’s too slow and limited. Have you heard that from other people who’ve been testing it and using it?

    Craig Loewen: 07:52 Yeah, so I haven’t actually read that specific article, so I’ll just comment entirely on the claim of, Hey, WSL is slow and limited. Because actually that’s feedback that we have heard, especially from web developers. That’s the reason behind the Windows Subsystem for Linux 2, and that architecture. So if you’ve used WSL before, and you might’ve used it when, way back when, when was called bash on a boot tool on windows, a lot of changes have happened under the scenes, so or behind the scenes. And so what we’ve done is the, the previous architecture or the current widely available architecture of the windows house system for Linux users, a translation layer. And so what that means is you have actual Linux user space binary’s whenever they call into a system call, we translate that to the windows equivalent windows and T kernel system calls.

    Craig Loewen: 08:46 And then we, you know, whatever apply, we get back, we translate that back and send that back up to the Linux user space binaries. And so from a technical perspective, the application binary interface, everything runs under the same kernel at the end of the day. And that is a really cool solution. That is also a pretty challenging solution with lots of technical challenges behind it because obviously Linux and Windows are different and sometimes things were great and sometimes things are much more challenging to implement. For example, if you have a file open inside of a folder and I tried to rename that folder and Linux, that’s totally fine, I’ll let you do that in Windows. However, the choice there is it will say, Hey, you have a file open inside of this folder. You can’t do that. And on the windows subsystem for Linux team, how do we implement a solution for that that respects both scenarios?

    Craig Loewen: 09:40 That’s very challenging. So that’s why we’ve moved to the Windows subsystem for Linux, which has a change in architecture and we have changed from a translation layer to a virtualization based approach. And so with virtualization based approach, we have a full Linux kernel. We actually make a very lightweight utility virtual machine that spins up whenever you run your WSL 2 instance. And that thing is awesome. It spins up in about a second. It has the exact same user experience as WSL 2 and you still can access all your files and run your Windows executable straight from Bash, and has some really great performance improvements. And so the really the two big areas of feedback that we’re trying to address with WSL 2 was file system performance. So making things run faster and system called compatibility and WSL 2 runs way faster than WSL one. If you put everything into your Linux route file system, you can get about five times faster for things like get clone or see make. And if you’re doing really file intensive things like unzipping a tar ball, it can get up to like 20 times faster, which is significant. With the full Linux kernel, more things will run.

    Mary Jo Foley: 10:52 Nice. I’m going to add one of my own questions here and I feel like I should know the answer to this, but I do not yet I’ve been asked this a few times. So, given that you’re going to be running on a lightweight hypervisor with WSL 2, does that mean people will be able to run WSL to Windows 10 home or no?

    Craig Loewen: 11:14 Yes. So you will be able to run Windows WSL 2 on Windows 10 home. So what that means, so the kind of confusion there is a hyper V the hyper V optional component is not available on Windows 10 home.

    Mary Jo Foley: 11:28 I was wondering that, right.

    Craig Loewen: 11:30 So we are actually dependent on this optional component called the virtual machine platform optional component. So that enables the hyper V architecture on your machine. It actually enables the type one hypervisor on your machine and allows you to call into hyper V architecture API calls. But it is not the Hyper V optional component. It’s kind of a tricky answer of yes, you are able to do it on Windows 10 home. However you use the virtual machine platform optional component.

    Mary Jo Foley: 12:04 Okay, great. Thank you. Now we’re going to go to some questions from Twitter because we get a lot of those as well as people from the Petri forums, Adam Richmond on Twitter asked, are there any potential possibilities upcoming to produce a Red Hat enterprise Linux WSL distribution with Red Hat?

    Craig Loewen: 12:26 Yeah, so I saw that, I saw that question on Twitter and I also saw that Matt, who works on for Redhat, also commented and yeah, and the answer actually is right now, if you wanted, you could run any Linux distribution inside of the Windows subsystem for Linux. We added a feature in Windows Version 1903, which allows you to import any WSL distribution. And we also added an export feature so you can export any of your WSL distros. And so all all you need is a tar.gz File. So there’s my Canadian sneaking in, I’m sorry, tar.gz File. All you need is that, and it has the Linux user space binaries that you’d want to include and you can run in WSL dash dash import, and then import that as a WSL distro. And so what’s really actually exciting about that is, you can take any Docker container, you can export the Docker container, it’ll export as a tar.gz, and then you can import that directly into WSL. So we’ve actually seen some exciting community-driven tools. Like what Nuno who had a question earlier, he worked on one, we’re using Porter that has a command line to say, Hey, I want this Docker container as a WSL distro. So you could use Sento S or REL or fedora, via that means as well.

    Mary Jo Foley: 13:56 Yeah, I wonder, I wondered when I saw his question, if he was asking if, because of IBM taking over Red Hat and then thinking that might change the scenarios. I don’t know. But he didn’t say that. So I’m just, that’s just me projecting on that. Here we have to have at least one person with penguin in the name or it is not a Linux chat. So here’s cozy penguin on Twitter asking how fast is WSL compared to running a distribution on its own?

    Craig Loewen: 14:29 Right.

    Mary Jo Foley: 14:30 I don’t know how you really quantify that. But whatever. I’d like to hear what you say.

    Craig Loewen: 14:36 Yeah. So we already touched on WSL1 versus WSL 2. So let’s compare this to WCL 2, which is really the exciting part. I’m going to take my, my opinion of that question or my interpretation is they mean on, on the same machine with the same hardware. You know, if I ran bare metal Linux and then I ran the same distribution with the same workflow on the same hardware, what would the performance difference be? Sound fair?

    Mary Jo Foley: 15:02 Yup.

    Craig Loewen: 15:03 Right. So it’s about, it’s very similar. It’s about, I’d say, it depends on what you’re doing, but probably you’re going to have like a 5 to 10% performance difference, based on just the virtualization overhead, right? Where we have a virtual machine running. So bare metal Linux is going to be slightly faster.

    Craig Loewen: 15:25 Uh, so there’s actually a really cool, report done by the Phoronix team. So for Phoronix Labs, they do speed comparisons of different machines and different tooling sets. And they did a speed comparison of WSL 1one compared to WSL 2 compared to bare metal Linux. And they released the whole wide array of results that they found. And overall it’s quite similar. So it’s hard to quantify because it’s different for every case. But I would say it’s similar.

    Mary Jo Foley: 15:57 Okay. That’s good. Very good. Another Twitter question, Andre Medic, when will users be able to orchestrate Linux containers using WSL 2 on service fabric and Kubernetes clusters?

    Craig Loewen: 16:13 That’s a good question. That’s probably a feature request that we’d have to look into. So it would be on Azure taking in onto the service fabric to use WSL 2 to create containers, is that the ask there?

    Mary Jo Foley: 16:28 I think, well, here’s, he said, when will they be able to orchestrate Lenox containers using WSL to2on service fabric and Kubernetes clusters, right. So a few ways we could interpret that, I think.

    Craig Loewen: 16:39 Yeah. So if you’re using WCL and you’re interested in Kubernetes actually everything out there like runs out of the box. So you can install your cube CTL, um, or whatever other tools that you might want to use and still have access to that. And if you wanted to, you know, use your Kubernetes tools, you can just do it the Linux way in a WSL 2 distro, as well. Docker desktop for windows actually has Kubernetes support in it that works with the WSL 2 distros. So that’s another great way to get it set up. And service fabric, would have to check on the solutions there. For Kubernetes and orchestrating a bunch of containers. Yeah, there’s a lot of stuff that you can do already in WSL 2.

    Mary Jo Foley: 17:30 Nice. Okay, great. Now we’ve got a hypervisor question from Tony Morrow on Twitter. He said, are there any updates about having third party hypervisors installed and running WSL 2 at the same time? I currently use WSL one and VMware workstation for different tasks. I’ve seen that Microsoft says they’re investigating ways to help resolve the issue so that VMware and versions of virtual box prior to six might be able to run when WSL two is enabled. But he’s asking, is there anything, any further update beyond that?

    Craig : 18:06 Yes, great question. So one of the challenges with WCL 2 is when you enable a type one hypervisor, there are other third party VM applications that also require type one hypervisor, which is virtual box and VMware are really the popular ones and virtual box as of 6.0 0.0 which is what the question referenced, actually does include a support for the hyper V hypervisor as a fallback hypervisor. So we actually publish, public API APIs for the hypervisor and we’re working, with those companies like virtual box and VMware to help enable them so that there isn’t that breaking compatibility when you have both enabled. So there aren’t any updates specifically from me, but virtual box 6.0 0.0 does support the hyper V hypervisor as a fallback and, VMware has publicly announced that they are investigating using a hyper V as an alternate hypervisor. So I’d probably look more online. There’s a great post by Ben Armstrong on that.

    Mary Jo Foley: 19:14 Oh, nice. Okay, cool. A question from someone whose name on Twitter is ScamLikely, but I don’t actually think it’s a scam. His handle is Agent09 on Twitter. He asked, oftentimes using WSL alone is not enough. Utilizing a third party solution like X for 10 or another X server client becomes a necessity. Is there any talk among the WSL team about making devs lives easier by incorporating an integrated solution for Linux exclusive gooey dev apps?

    Craig Loewen: 19:57 Great question. So is there any talk among the team of how to make dev lives better? Of course, yes. And so for gooey apps, yes, we’re, we’re investigating that. That is certainly a feature request that we’ve heard often, which is to enable gooey applications inside of WSL 2, and we’re, we don’t have any updates on that, but we are looking into how to make that possible. So really the current solution is you have third party X service and you mentioned it like expert 10 and something like that. Um, and you can connect to your WSL 2 distro with that third partyX server to power some gooey applications. So we don’t really have any updates there, but it is certainly our radar. That’s definitely a feature that we’re interested in.

    Mary Jo Foley: 20:50 Okay, cool. Phil Hoffman on Twitter asks, will we continue to see improvements to the Linux slash windows shim El X, S S Alex Corp in the future? Or will this shift over to the Linux VM in WSL 2? Also? He has a two part question also. Are there any future plans to improve the small file performance for NTFS or other windows file system?

    Craig Loewen: 21:20 Okay, so two parts. So first part, um, when he talks about the Alex core or what he’s referencing WSL one. And so that’s the translation land that we talked about before. Okay.

    Mary Jo Foely: 21:32 That’s the translation layer. Okay. There we go.

    Craig Loewen: 21:34 Are there plans to improve that? Yes. UWe are still looking at improving WSL 1 as well. And we are the really, the, the question there as I interpreted as art, are you deprecating WSL one now that WSL 2 is there, is this totally gone and no, definitely not. We’re still iterating on user feedback. We think WSL 2 has a lot of great benefits that’s going to excite a lot of users. But we’re still, you know, we still have bug fixes that we’re releasing for WSL 1 and we’re still improving that. So that’s, that’s the answer for part one, part two. Are we looking at improving the windows NT file system? Is that correct?

    Mary Jo Foley: 22:18 He said any, any plans to improve the small file performance for NTFS.

    Craig Loewen: 22:25 So that’s not exactly my area of expertise on the NTFS. If he’s talking about it from a WSL 2 perspective of, Hey, if I’m accessing my windows files on my windows file system in WSL 2, that’s a piece of feedback that we have heard of the cross OS file system performance and WSL 2. We’re totally aware that, you know, we want to improve that experience there and we want to increase that file system performance. So for that use case.

    Mary Jo Foley: 22:58 Okay, great. Well that is the bulk of the questions. I spared you a few of the even more esoteric ones than the ones I’ve listed here. I saw some discussions around colors and shades of green and I’m like, you know what, I’m going to just leave those out. So anyway, thank you so much for doing this chat, Craig. It’s been really great and I know based on how many questions there were, it’s a big topic our readers and listeners are interested in. So thanks.

    Craig Loewen: 23:30 Thank you. It was awesome. I’m very glad that we can answer some questions.

    Mary Jo Foley: 23:34 Me too. And for everyone else who’s listening to this, all you MJFChat readers and listeners, we’re taking a break until the new year with MJF chat after this one. But we’re already lining up our guests for 2020. So after Christmas I’ll be posting information on Petri so you can see who I’m going to be chatting with to kick off the new year. And once you see that, you can submit your questions on Twitter for the guest. And the meantime, if you or someone you know might make a good guest for one of these chats, please do not hesitate to drop me a note. All my contact information is available on Thanks again.

    Brad Sams
    Brad Sams
    in reply to: Making the Windows command line cool again #625124

    You can find an audio replay of the conversation, here.

    Mary Jo Foley: <u>00:00</u> Hi, you’re listening to the M J F chat show. I am Mary Jo Foley, AKA your community Magnate and I am here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJFChat is going to be all about how Microsoft is working to make the windows command line cool again. My special guest today is Microsoft senior program manager, Rich Turner, welcome Rich and thank you so much for doing this chat with me.

    Rich Turner: <u>00:37</u> Hi Mary Jo. Thanks so much for inviting me. It’s always great fun to talk with you.

    Mary Jo Foley: <u>00:41</u> Yeah, same. It’s been too long. So, Rich has been at Microsoft like four years now. Is that right?

    Mary Jo Foley: <u>00:51</u> In this tour of duty? Yeah, this tour of duty.

    Rich Turner: <u>00:54</u> I actually was at Microsoft from 2003 2010 when I left and I went on to the real world and did real worldy things, running startups and all kinds of stuff, and I came back to Microsoft at the beginning of 2006. Having sent some flame mail to my now boss complaining about the state of the windows command line and what was Microsoft doing about it and so on and so on. And he said, come for lunch. And I came for lunch. Two weeks later, I’m interviewing, two weeks later I’m walking into NEO and thinking, well, here we go again. It’s been an amazing ride this last four or five years we’ve been doing incredible things that I’d, I’d never even have thought we’d have been alive to think about in my first tour of duty.

    Mary Jo Foley: <u>01:37</u> I don’t think you would have bet. Yeah, I know. I know, right? Yeah, exactly. It’s funny to think, just like a few years ago, if you said to someone, by the way, there’s going to be a Linux Kernel in Windows, they’d be like, what?

    Rich Turner: <u>01:56</u> Exactly. I know, it’s quite an amazing thing and it just goes to show just how much the company has changed. It’s so much more fun now than.

    Mary Jo Foley: <u>02:09</u> Yes, I agree. Yeah. And then this year at Build, back in the spring, Microsoft unveiled the Windows Terminal app, which also was kind of surprising to people. I remember thinking, Oh wow, I can’t believe they just did that. That’s very interesting.

    Rich Turner: <u>02:22</u> Yeah. Yeah. It’s interesting that the Terminal, has turned out to be one of the, one of the most popular, both open source projects, Microsoft and shipped recently. And also one of the most popular apps that we’ve shipped. So there’s who, who wants to just use the Terminal, they just want to install it from the store and they can go to the Windows Store and they can just click a button, download the Terminal, and a few seconds later they’re up and running with, a new fresh take on the Windows Command line user experience, which lane fairly neglected and unloved for many years until our team took it over and started working on it. So we’ve added a bunch of the features that the users have been asking for for years and years and years and that we’ve been asking for for years and which I actually asked my now boss in that, in that flame mail, when are you getting around to adding tabs to the terminal and so on.

    Rich Turner: <u>03:12</u> We finally be able to ship those things, which is incredibly exciting for us.

    Mary Jo Foley: <u>03:18</u> So yeah, I was going to say you’re a group does WSL and terminal, what else do you do in your group that you can talk about?

    Rich Turner: <u>03:27</u> So we own the, the interesting thing is the Terminal itself will, we’ll leave WSL to the side for just a second. WSL itself. Sorry, sorry. Windows Terminal itself is built out of many of the components that used to live deep within the windows console. They, when you, when you run CMD or you run PowerShell today or you run any command line application from Windows, it will pop up a command line UX on the screen. That thing that you see on screen is the same application whether you’re running PowerShell, CMD or whatever app you run.

    Rich Turner: <u>04:00</u> And that’s the thing that’s been in windows since NT 3.51. It was one of the very first apps I ever built for NT when they were building NT itself. It has had a few owners over the years and has had many people contribute to its code base over the years. But no one owned the code until about 2014 when they formed a new team here in our division to take over that code base. The console UI that you see on the screen there isn’t, isn’t just UI. It’s actually a monolithic application that provides the entire windows command line infrastructure. So when you build a command line app like a get or a node or Midnight Commander or whatever Windows command application you use, when you call an application to set foreground, sorry, call an API to set the foreground color to set the background color to output text to move the cursor to the given location.

    Rich Turner: <u>04:58</u> Every time you call one of those API APIs, your command line application is essentially making core across process to the terminal to which it’s attached to the console to which is attached. And the console provides the API server, so your application every, every time it tries to write to the screen, for example, is calling of a method exported by exposed by the Windows console and the Windows console then draws the thing on the screen and then returns back. And then the command application continues. This is a very different way compared a way of operation compared to most terminal applications, especially those built against the next platform, the Unix Linux platforms, which basically sit there and accept keyboard input in and then write text back just by emitting text to whatever’s on the other end. So with Windows Terminal we wanted to really overhaul things and really modernize things and we wanted to continue to support existing Windows Command line applications.

    Rich Turner: <u>06:02</u> So none of them had to change in any way. And we continue to do that by probably providing a API server, essentially that performs the functions requested by the terminal. And then also adopts a more Linux like behavior of being able to pause a stream of text and pull out to that stream of text. The, the VTE sequences, the character sequences that describe, how the text should be formatted, colored, where the cursor should be moved to clearing the screen and all those kinds of operations. They’re embedded as codes within the text, essentially in Linux and Unix. And we wants to adopt that world as well. So we essentially now do both things.

    Mary Jo Foley: <u>06:44</u> Okay. Well, so what, what provided the impetus for Microsoft to create the Terminal app? I mean, did people say we want a terminal app or did or did you have a specific audience who are trying to get to when you thought about creating this kind of a terminal app? I’m looking for a little historical thinking about how it came to be.

    Rich Turner: <u>06:59</u> Right. So, it’s interesting when you, when you look back through, especially through the two thousands, you look back at the world we were living in then when, everything had to gooey and in order to operate windows in particular, you use the GUI and you click buttons and you moved sliders and you click check boxes and so on to administer things, to change settings on things and so on. That was the world in which we lived, especially in the early half of the two thousands. But then the rapid growth in especially open source projects and especially cross platform or NIX platform, open source projects meant an awful lot more stuff was being done at the command line. If you think about things like Git, when Git came along, it was a purely command line application.

    Speaker 2: <u>07:54</u> It’s still today is a purely command line application, although you can get GUI from tens, essentially tools that integrate with and sit on top of get primarily things like Git came along and node came along and Python has been there obviously for years and PIP, it’s package manager and NPM being nodes package manager and all of these tools started merging and arriving, which were all command line tools and you think about Ruby and you think about the multitude of open source and cross-platform languages and tools and platforms and so on. An awful lot of them, the vast majority of them I’d say are command line applications and for those people wanting to use all those things, wanting to use, JavaScript magnifiers and JavaScript bundlers and all kinds of things like that. All of their work was done at the command line or an awful lot of their work was done at the command line and writing script files and batch files and, and instructions as to what to do, with the workflow, which resulted in the move to continuous integration, continuous deployment where one takes a codebase and every time I’d check in his mates that code base, it then runs through a series of workflows to check that the code is okay to NIXify it, to format it to common standards, to, to run a bunch of tests against the after building it and if all the tests pass and automatically deploy it into the cloud.

    Rich Turner: <u>09:24</u> That kind of stuff was becoming really prevalent by the, by the, 2010ish mark. Anybody on windows then goes, Hey, I’m going to try and use node and Python and Ruby and Git and so on and so on. And they using this command line interface, which was designed in 1989.

    Mary Jo Foley: <u>09:43</u> Yeah, exactly.

    Rich Turner: <u>09:44</u> It hasn’t changed much and has numerous frustrations and weaknesses, a lot of missing features. And it drove people nuts. It was a continual source of feedback from the community that they wanted a decent command line interface. And eventually it got to a point where even the likes of myself saying send flame mail to Microsoft. And luckily I just sent the flame mail at the point where they were literally forming the, or the team had just been formed and given the remit of overhauling the windows command line, modernizing it, enhancing it and making the windows command line a much, much nicer place to be for those people to work in that environment.

    Mary Jo Foley: <u>10:25</u> Okay. Which came first then the redo of the terminal app or WSL — or how are those two things connected?

    Rich Turner: <u>10:34</u> So they came about in parallel. Actually WSL is an interesting one because essentially what happened was at the very beginning of Windows 10, my now boss that I sent flame mail to had begun a process with a bunch of other people to create a User Voice forum to ask the community directly what they would like to see happen in various areas of technology. So in the Windows UI tech stack, what would you like to see as a UI developer in the windows command-line world? What would you like to see as a development user of that, of those tools and technologies? And we essentially allowed the community to send in feedback and use a voice, had a really good way of, of handling, upvoting and, you know, you originally they changed their voting policy later, but ultimately you had 10 votes and you could only spend 10 votes and until a feature was implemented, you didn’t get a vote back.

    Rich Turner: <u>11:31</u> So you have to spend your votes votes wisely. And it meant that people tended to apply votes to things that really mattered to them. As if you look at the, the list of things that people asked for with regard the command line. The number one thing was I want to be able to run this next application or tool on Windows. Number two was overhaul the console. I want to have someone to emoji. It’s too slow, yada, yada. So WSL was, was really born from that ask from the community of saying, you know, I want to be able to run Grep and Awk and Git and Node and then Pearl and Ruby and all of those things that they run on Linux on a daily basis. But I wanna be able to run those things on Windows.

    Rich Turner: <u>12:17</u> So we, we took a look of a bunch of options from doing something similar to Cygwin where we recompile a bunch of the new tools to run on Windows. Unfortunately, that approach is a very short lived one for what we wanted to achieve because we would have an endless long tail of things that we hadn’t yet recompiled to in 32. Trying to keep up with updates for all of those technologies would be extremely difficult. So that wasn’t really a, a comprehensive solution to the problem. Running a VM at the time with the VM technology that we had at the time wasn’t really feasible because booting up an entire VM took a lot of time, took a lot of memory and so on. So we said, what, what would happen if we could literally run or create a layer in NT that pretended to be Linux?

    Rich Turner: <u>13:07</u> Could we build enough of that to allow, next applications unmodified by Luke’s binary’s to run on Windows? And that’s essentially what we did. So we worked with a team in the Windows kernel based team here who’d be working on an Android runtime platform. Then we said, Hey, what would it take to actually extend that and run Linux? And they said, well, actually it would be not too much work. And then in huge inverted comments, we spent about eight, nine months or so putting, you know, implementing a few more of the Linux calls. And we started getting these Linux binaries to be able to light up and run on top of that Linux kernel layer on top of the NT Colonel to run those tools natively and unchanged as well, which is really important.

    Mary Jo Foley: <u>13:56</u> So does that mean that WSL came out of the work that Microsoft was doing on the Android bridge, the Astoria thing?

    Rich Turner: <u>14:05</u> Yes.

    Mary Jo Foley: <u>14:05</u> Oh good.

    Rich Turner: <u>14:05</u> It came from the team that built WSL was a story of team members.

    Mary Jo Foley: <u>14:12</u> Oh really, I don’t know if I knew that. Or maybe I knew it and forgot.

    Rich Turner: <u>14:14</u> The breadth of the landscape you cover, I’m not surprised. But yeah, the Astoria thing was, you know, was a very interesting project for Windows to try and run Android on top of Android apps on top of Windows. And so they’d implemented an awful lot of what we already needed. And we just said, Hey, just keep going. Just keep going, build a few syscalls, build a few more syscalls. And then things started running and then we got hello world in, you know, GCC compiled hello world to run. And then we got Java to run and we got Node to run. And each time we implemented a new syscall the, which are essentially the functions that Linux kernel exposes.

    Rich Turner: <u>14:54</u> Every time we added a new syscall or implement improve the implementation of a syscall suddenly would unlock 20 or 30 things sitting on top of it. And we just kept going like that until we announced WSL. And then we kept going with the community and said, Hey, let us know what’s not working. And then we’ll go and figure out which this calls are missing and we’ll try and implement those things. And that’s where WSL came from. So in parallel to that. Of course, if you’re running again WSL especially WCL 1 was primarily focused on the command line. We didn’t focus on running Linux GUI apps, although many eventually did end up working quite well on WSL one. But primarily focusing on the command line. So if we’re running these Linuxy command line things, then wouldn’t it be awesome if we had a command line user experience that actually was able to run them well, that was able to understand the stream of text coming back from these applications.

    Rich Turner: <u>15:49</u> When you type in a command and you get text output out from the tool you’re running, we need to be able to understand the embedded VT codes, the embedded virtual terminal codes that say turn the foreground color to red, turn the background color to blue image, emit this text, move the cursor to this location to have the screen, etc. So we then started adding an implementation of a VT posit to the Windows Console as it was, as it is, and will always remain built into windows itself. So that we could actually use many of the Linux command line tools which use VT and embed VT into their output text. So those two things basically evolved side by side. As WSL started running more things, we would start seeing more and more unexpected and unimplemented VT sequences. So we then go and implement those VT sequences, which let those tools run well.

    Rich Turner: <u>16:43</u> And then WSL would go and implement another syscall and that would unlock another tool which would emit another VT pattern we hadn’t necessarily seen. And so in partnership going back and forth on a very rapid cycle, especially during the Insiders program with the help of our amazing community, we were able to, to track down an implement the sort of the 80% case. Both of the 80% of all assist calls that Linux tools used as well as 80% of the VT sequences that, that the Terminal had to implement. And we ran like that for the good, for a good year or so to, to dramatically improve windows console’s ability to understand VT, also adding accessibility features as well to expose the console’s contents to screen readers and various other assistive technologies, which we found it to be incredibly important and which the community seems to agree and really appreciates that work, which is great.

    Rich Turner: <u>17:38</u> We have a great relationship with our accessibility folks and our accessibility community and we continue to do that work today in Terminal itself. In fact, in the last couple of releases we’ve reattached that accessibility engine, essentially it’s a Terminal as well. So that we have the same level of compatibility and support for assistive technologies across Windows Console and Windows Terminal. And of course we’re doing it all in the open as well. That was the other big thing about it was we didn’t want to have to build this thing in house with only us seeing the code and understanding how it worked. We wanted to work with the community and to be able to expose that code to the community. And have their assistance in helping us figure out where really wonky, really unusual VT sequences work in this particular way. If someone’s got experience, especially specializes in that area, then we want to be able to learn from them and, and to have them help contribute as well. And that’s certainly been born out to be the case.

    Mary Jo Foley: <u>18:35</u> So is the terminal app a UWP app?

    Rich Turner: <u>18:44</u> No, no, not at all. We’ve actually been relatively transparent about this but, for example, in many of the comments and issues around the Terminal of itself, so it’s good to talk about this from a higher level as well. Wen we first started selling the idea internally of building a Terminal, cause of course, remember, you know, Microsoft is a corporation, they want to know that when they’re going to spend developer dollars on, on, on hiring people and paying people to work on a project, they want to know there’s going to be a good return of the customer base and the users are going to appreciate the work. So that they need the work. And it’s important to them. So we had to go through a process of validating why we had to build a terminal and who, how many people it would impact.

    Rich Turner: <u>19:24</u> So one of the things we wanted to make sure was that when we built the Terminal that it was a good citizen in terms of the modern Windows App platform. We wanted to be able to show if you wanted to build a Terminal-like application, here’s how you might go about doing so. And here are some of the UX design choices and also here are some of the implementation details behind the scenes. So we wanted to build a the Terminal as a full UWP application. The challenge is the terminals have very unusual in compared to most Windows applications. Most applications in general. In fact, most applications don’t need to run elevated, don’t need to run with admin rights. Most windows applications these days, since Vista first plugged all of those Windows XP security holes most applications have now been modified and upgraded and updated to no longer depend upon an assumption that they’re able to go and touch and fiddle with whatever they want throughout the assistant, which makes it much safer, makes it much more reliable, etc.

    Rich Turner: <u>20:31</u> But for Command Line applications, you often do need to run a script that goes and modify some system wide setting or copy a file into a particular location on the hard drive that may be a protected area and so on and so on. So you need to be able to run many line tools elevated, which means the Terminal to which they’re attached needs to run elevated as well. So we avoid many, forms of security, vulnerability and weakness. So UWP applications are not allowed to run elevated. UWP applications are also not allowed to launch arbitrary external binaries, which terminal is, that’s basically what it does. The terminal fundamentally is very, very simple. It accepts keyboard input and squirts it out as characters to a listening application. And then it takes text emitted by that listing application and draws it on the screen.

    Rich Turner: <u>21:27</u> The terminal itself does very little in fact. In reality, it’s the command line application to which it’s attached that does all the work, like PowerShell, Bash, WSL, CMD etc., etc. So when we started building the Terminal, we figured out that we couldn’t actually use the, the full UWP platform quite in the way it was originally implemented. We’ve continued to work with that team. We’ve actually got work ongoing to help make it easier for us to actually build a UWP terminal in the long run. But for now, what we basically had to do was to create a Wind 32 standard windows desktop application host, in which we host a XAML Island, which is the technology that allows you to essentially integrate next modern, Wind UI XAML controls on top of the traditional Win 32 application.

    Rich Turner: <u>22:22</u> That’s all housed on top of the XAML Island, essentially. And so we build 90% of the Terminal itself has built a top on top of the XAML Island . The Terminal itself, the innards of the console and the terminal innards are all essentially stored in a set of DLLs and labs. And we then wrap those in a UWP control so that we have a Terminal control and we embed that Terminal control inside the Terminal app along with the wind new UI tap control that we worked in partnership with our friends. So essentially we are building the Terminal as, as most developers would. You start with an application you put in XAML Island if you’re gonna use them all UI. And then we have a tap control and a Windows Terminal Control. We build the application, a very modular fashion in that way.

    Rich Turner: <u>23:17</u> That means that when the platform eventually does evolve and is able to support our requirements in terms of being able to launch a binary launch, arbitrary binary and to run elevated, then we’ll be able to literally do very little work. Maybe maybe a week or so’s work, maybe a couple of weeks that devs are going to kill me for saying this. But a couple of weeks worth of work to simplify the app and pull away the Wind 32 stuff, leaving just the Wind UI stuff other than the modern application is left behind essentially.

    Mary Jo Foley: <u>23:50</u> So is the only way to get the app right now through the store or not? I know I’m asking all these like is it this or that, but it’s kind of both, right?

    Rich Turner: <u>24:00</u> It’s a little bit of both. Yeah. Primarily if you’re on Windows 10 and if you’re on Windows 10 1903 or above, we recommend that the majority of users, especially those who don’t want to delve into the innards of the console terminal, just go and grab it from the store and install it and you’re good. If you’re a developer who wants to work on the innards of the console or customize it to your needs, then you can go and get the code itself, you can, all of the code for the console is open source. So you can in the terminal that’s open source so you can build the whole thing yourself. You can modify it, tweak it as you wish. If you’d like to help us, uh, fix issues and round out features and add new features, then we’re happy to work with you on that as well.

    Rich Turner: <u>24:42</u> So if you want to do that, you can build your own and you can run the one that you build yourself alongside the one that you get from the store if you wish, which is sometimes useful if you are working on something and break the behavior behavior and you still need to be able to use a Terminal. You can run both side by side. But for those people who work in enterprises that block the Windows Store or if you’re working in an environment where you might want to run on Windows Server for example, um, your, you will basically have to go to a manual install scenario. For that scenario, you’ll need to go and get the build from the GitHub repo. Every build we publish to the store. We also publish to get up to manual install that stuff.

    Mary Jo Foley: <u>25:27</u> You just gave me the perfect segue to the next question by the way. So, one of our readers “Nunix” in the Forums. He said: I’m using WSL on both Windows 10 in the Insider Fast ring and Windows 2019 VNext I would like to ask, will we see one day Windows Terminal on Windows Server Core 2019. And he said, the reason I’m asking this is my go-to terminal on 2019 is Commander CMD installed with Chocolately.

    Rich Turner: <u>26:01</u> Yes. Okay. So I’m sorry, could you restate the beginning of his question?

    Mary Jo Foley: <u>26:08</u> So he said he’s using, yeah, he’s using WSL right now on Windows 10 and windows, Windows 2019 V next. So I think he’s meaning the Server insider builds, right? He said: I was wondering if I’m going to see windows Terminal, running on Windows Server Core 2019.

    Rich Turner: <u>26:30</u> So for the Server story, Server is moving more to a world where it’s genuinely recommended — and I’m talking as someone who used to run Server on every laptop and desktop I owned until about while really until Windows 7 came along and Hyper V and IIS 7 were available on Windows 7 and I no longer needed to run server. But I run Server on every machine I had for many, many years. The general, the general approach has been, to treat servers a largely headless environment these days and to do the work on Windows 10 and then to deploy your to server. However, we do know that there are many people who, especially those who work in network administration and says ops and dev ops and so on, they prefer to work on the platform that they’re going to be deploying applications to in production.

    Rich Turner: <u>27:25</u> We’ve totally understand that. So yes, you can actually get Windows Terminal to run on Windows Server today with a desktop experience pack if you install the correct Visual C plus plus a runtime. That’s the one dependency that we have. It’s a little bit tricky to find it right now and to install the correct VC runtime dependency. But once you’ve installed that, then you can manually download the Terminal Build from GitHub and then you can install that application on your machine and you can run the on server. There are a few hoops that you currently have to jump through that we’re working hard right now. Literally, I’ve got conversations this week with a couple of other teams to figure out a smoother path for all of this. But ultimately we do want you to be able to run this thing on Windows 10 or Windows Server with a desktop experience pack, so that you can run on the platform that makes most sense to you.

    Mary Jo Foley: <u>28:27</u> Okay. That’s good. So I have, I have one last question for you before we sign off. I’m not asking you to break any NDAs here. I’ll start with that. But any broad hints you can give us about what’s next for Terminal / WSL like just kind of like, in a general sense.

    Rich Turner: <u>28:49</u> Okay. So that’s one of the great things about the way that we’re running the Terminal project in particular. And it’s, is that because we’re doing everything in the open, we’re being very open and transparent about our future.

    Mary Jo Foley: <u>29:02</u> Okay.

    Rich Turner: <u>29:02</u> So for Terminal itself, we are literally the back end of November right now as we speak. Our goal is to get to what we call feature complete by the end of this year. In reality, because a lot of the team are disappearing for Christmas. We’re aiming to get to feature complete by about December 13th, Friday, December 13th. Because the we can off to where or disappearing to go various parts of the world. So we’re trying to get to feature complete this side of Christmas. After Christmas, we then switch into a mode of stabilizing, tuning, polishing, and really going to town on quality as opposed to building new features.

    Rich Turner: <u>29:52</u> For V1, we’ve actually published on our repo what the list of V1 features are that we’re aiming at. Right. We’d like to at least get the basics and the fundamentals of those features in this side of Christmas. And then from Christmas out until spring next year, we’re basically going to be focusing almost all of our time on quality, on polish, on fixing bugs, fixing perf issues, compatibility issues, making sure accessibility mechanism rocks, etc. And so we’d like to be able to get to call Terminal V 1 spring next year.

    Mary Jo Foley: <u>30:26</u> Okay.

    Rich Turner: <u>30:27</u> Calling it V1 in particular is important. And in particular for many enterprises that don’t allow their developers to use technology that is in a beta or non released form.

    Mary Jo Foley: <u>30:38</u> Right.

    Rich Turner: <u>30:40</u> So we want to be able to get the Terminal into really good shape where both we and the community sign off and say, yes, this is great.

    Rich Turner: <u>30:48</u> This has, you know, there are no major blocking security or reliability or perf issues, no major blocking compatibility and quality issues. We think this is a really good solid V one at that point we’ll call it the V one with help from our community as well. So we really need your feedback on that. But we really want to be able to call V one and say, right, we now feel confident that this is a V 1 quality product and the enterprises can trust this and rely upon this in a production enterprise environment. As we wind down through that process, there will be fewer and fewer bugs that we’ll be able to take later on later in the process. And as we pull developers off from quality work, or as they run out of quality workers, we start to fix it more and more issues.

    Rich Turner: <u>31:33</u> Would they then transition on to the features for after V 1 and we have a long list, long and growing list of features where you want to add for v-next. We’re looking at all kinds of things right now but including an extensibility mechanism so that you can writing, build extensions for Terminal that run inside and along the side terminal but without having to modify the guts of the Terminal itself. Which would be really exciting that we expect that to be really, really quite exciting in a similar kind of way to visual studio code with a huge raft of community driven and Microsoft provided extensions as well. We would hope to see as some of the things with the terminal. WSL they are working on WSL V2 right now. WSL V2 fundamentally changes the architecture of WSL to use some, some new container based virtual machine technology.

    Rich Turner: <u>32:31</u> Instead of having a layer at the top of the empty Kernel pretending to be Linux, we’ve actually run a, a lightweight VM that boots up in less than two seconds, upon which we then run all of your limits distros and they run with 100% limits compatibility cause they’re actually running on top of a Linux Kernel, which we ship in NT in Windows itself, which still blows my mind to say that that planning on shipping that again spring-ish next year.That will round out the first implementation of V2. And then after that they got a long, long list of procedures that are continuing to work on for WSL as well.

    Mary Jo Foley: <u>33:12</u> Cool. All right, well thank you again, Rich for doing this. This was super interesting. I feel way more caught up now on what’s going on in Terminal.

    Rich Turner: <u>33:22</u> Thanks so much for inviting us to talk and for sharing this information with the audience and let’s see if we can do this maybe more frequently.

    Mary Jo Foley: <u>33:28</u> I agree. I love this. I love that idea. And, and for everyone else who’s listening to this, all you MJF chat readers and listeners, we’re getting ready for our next chat right now. I’ll be posting that information on Petri very soon so you can see who I’m going to be chatting with and you can submit your questions through the forums. In the meantime, if you or someone you know might make a good guest for one of these MJFChats, please don’t hesitate to drop me a note. All my contact info is available on thanks again.

    • This reply was modified 2 months, 3 weeks ago by Brad Sams Brad Sams.
    • This reply was modified 2 months, 3 weeks ago by Brad Sams Brad Sams.
    • This reply was modified 2 months, 3 weeks ago by Mary Jo Foley Mary Jo Foley.
    • This reply was modified 2 months, 3 weeks ago by Mary Jo Foley Mary Jo Foley.
    • This reply was modified 2 months, 3 weeks ago by Mary Jo Foley Mary Jo Foley.
    Brad Sams
    Brad Sams

    You can find an audio replay, here.

    Mary Jo Foley: 00:00 Hi, you’re listening to the’s MJFChat show, I am Mary Jo Foley, AKA your community magnet and I’m here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJFChat is going to be all about evolving your mindset about the cloud. And my special guest is Tim Warner who is a Pluralsight author and Microsoft MVP for cloud and data center management. Welcome Tim and thank you so much for doing this chat with me.

    Tim Warner: 00:40 You’re welcome Mary Jo. Thanks for having me. It’s really an honor. I’ve been a fan of yours for many, many years.

    Mary Jo Foley: 00:46 Oh, thank you so much. So when you and I were talking back and forth about ideas for this chat, you observe that many customers think they should design their Azure migrations to mirror their on premises environments. But there is a huge fallacy. The idea that designing for the cloud requires some huge paradigm shift based on designing for on prem. So I know you have a lot of thoughts on this and a lot of practical guidance. So I’m excited. I’m actually excited to hear what you have to say about this. Sounds really cool. In addition, both Tim and I just got back from Microsoft ignite 2019 with 30,000 of our closest friends. So we have a lot to talk about from there too. Right? For sure. So I, I want to start out by talking about your central thesis. Why doesn’t designing for the cloud require a significant paradigm shift compared to designing from on prem and your view?

    Tim Warner: 01:45 I’ve been in the industry a little over 20 years and I’ve been a Microsoft specialist for just about that time. And I found, especially over the last handful of years where I’ve specialized even further in the Microsoft Azure cloud, that the people in the businesses that I work with who are considering a move to the cloud have a default posture of, well, we’ve always done our infrastructure this way on premises. We’ve been virtualized for a number of years. So just defacto, that must mean that we need to migrate these VMs in place, the so-called lift and shift scenario and to Azure and they tend to be surprised when I show them some of the platform as a service options available in Azure and they’re thinking, Whoa, you can do that. I had no idea. So the, the main thesis I always like to drive home is that the cloud does require a very different thought pattern or paradigm to use a $5 term. And the biggest point is that you can look at your Azure deployment as a Greenfield of opportunity. You definitely don’t, don’t feel constrained that you have to replicate your on premises infrastructure .

    Mary Jo Foley: 02:58 yeah. It’s kind of a combination of both of those things, right? It’s there are some things that are lessons you can take from what you’re doing on prem and bring them to the cloud, but not everything. Right?

    Tim Warner: 03:08 Yeah. You, you in many ways you get an opportunity to do over, I mean you might have your, your TCP IP internet work laid out a certain way and it’s painful in certain in certain ways. Perhaps because whoever did it, not you, you’re your predecessor, of course, another colleague, but what they did made some mistakes that you’re kind of stuck with and it’s freeing to be able to design from a Greenfield point of view in Azure. But then again, we don’t want to overcompensate. There’s the question of, I personally in my architects philosophy, keep the infrastructure in the cloud as simple as possible. The more complexity you add, that’s not absolutely necessary is going to exponentially increase your troubleshooting load. So just because you can deploy resources with a couple of mouse clicks doesn’t mean you necessarily should. It’s really crucial to have a clear picture of what your goals are.

    Mary Jo Foley: 04:05 That’s, that’s really good advice. I know I just saw you tweet this morning some architectural diagram about the cloud and I was like, wow, what is that?

    Tim Warner: 04:14 Yeah, I know. I tweeted out a Vizio drawing I put together. Whereas in my work as a Pluralsight author, I want to try to pack as much content in as condensed an area as possible. So I did a little crowdsourcing. I’m looking forward to hearing what folks have to say as far as things I might’ve missed. I tried to make the architecture as flexible as possible while at the same time as simple as possible.

    Mary Jo Foley: 04:41 Hmm. Hmm. Wow. If that was simple, I’m worried.

    Tim Warner: 04:44 it’s all relative isn’t it? I hear ya.

    Mary Jo Foley: 04:49 That’s true. So you know, there’s a challenge that not just IT Pros have, but we as reporters who cover the cloud have as well. And that is, there’s always constant change when it comes to the cloud, right? There’s always change in features and naming. Like, like last week at Ignite, so many products change names. I was trying to keep up, but there was this huge list and every day I was learning more new names. But there’s also changes in licensing and pricing and this is not just true of Azure, but I think all of the big clouds. So what do you tell IT pros? How do you, how do they kind of learn to love or at least to accept this constant change?

    Tim Warner: 05:30 Yeah, I think except as the key term, something that I hammer home with my students consulting clients, anybody else who will listen is that in order to be successful with any public cloud, like you said, it is a question of reaching a steady state of acceptance that it’s the environment is a shifting sand where you’re liable to see something new or different just about every time you log into the Azure for instance. And so but, but I also, I like to give comfort in that once you’ve attained your initial learning curve and you have the general lay of the land with for instance, Azure fundamentals, then you should be in an easier position. As you see these ebbs and flows and changes because you have a ground level familiarity and comfort with the environment, it’s a bit easier to adapt. Secondarily, I would recommend staying very close to, for instance, the Azure updates Page at so that you’re kept abreast of products as they move through private preview , public preview, and general availability. I’m still fan Mary Jo of RSS. I don’t know about you.

    Mary Jo Foley: 06:43 Me too. Huge.

    Tim Warner: 06:43 And that seems to be a forgotten technology. Yeah. And I strongly suggest developing an RSS feed series of these different sources, product team blogs. Because you know, there’s really no choice. You have to have an always learning orientation when you’re working in the public cloud.

    Mary Jo Foley: 07:02 It’s really true. Yeah. I use NewsBlur as my RSS reader and I would be so lost without having RSS feeds. I just, I don’t even know how people do it without it.

    Tim Warner: 07:12 I know, I know. Maybe they just scan Twitter. I don’t know.

    Mary Jo Foley: 07:17 I know, I know. Yeah, I didn’t, I didn’t know if you had any specific tips and tricks around this. So we talked about RSS feeds a little bit, but I mean, how else can you keep up with daily changes that are going on and also how much do you need to actually keep up with it? Because I’ll tell you why I’m asking that question is if you’ve subscribed to the Azure blog every day, there’s at least like eight, 10 new Azure announcements. And I at first tried to keep up with all of them and finally I just said, you know what, that’s going to drive me insane if I do that and I need to kind of pick and choose. So I do. Usually I do a quick scan in the morning and see what’s new and if there’s anything I really think I need to write about, but I, I just have kind of given up, of the idea that I’ll always be up to date.

    Tim Warner: 08:03 Yeah, that’s a, that’s a very good point. Thanks for reminding me about that. Yeah, certainly principally you want to keep an eye on the products that you’re actually using in Azure for instance, and within the Azure portal there’s a couple tools that are helpful in that regard. There’s a tool called resource health and service health where you could get a really just a filtered view of what’s happening on Microsoft side that could affect your particular services deployed in your particular regions. So I find those helpful. But then I guess I’ll edit what I recommended a few minutes ago. Looking at Azure updates and looking at product blags is fine, but first of course you need to run through the filter of what you’re using. And is there something that could change that in the Microsoft side that could affect your deployments positively or neutrally?

    Mary Jo Foley: 08:57 Hmm, that’s, that’s good. Right? Same, same idea. You have to have filters, right? You just can’t try to understand everything and keep up with everything. I don’t think. I also subscribe, I don’t know if you’ve ever seen this. There’s a weekly newsletter called the Azure weekly newsletter from Endjin and ai subscribe to that too. And they do a nice job of sending out a once weekly newsletter that gives you all the announcements in one place and you can kind of pick and choose from that too.

    Tim Warner: 09:24 You’re right. I also subscribe to Endjin’s Azure weekly, and I think to myself, wow, they’re investing quite a bit of time curating. It’s a comprehensive list of announcements that they put together. So I agree with you. That’s a great one to have. And there’s another weekly digest by an Azure MVP named Chris Pietschmann and I think he calls his digest Azure weekly as well.

    Mary Jo Foley: 09:48 Yes, I’ve seen his too. It’s also excellent.

    Tim Warner: 09:51 Yeah, it is. And there’s a third person, another Asher MVP named Mike Pfeiffer, who has a weekly bulletin, I think his is called Cloud Skills. And his is even more curated. So geez, between those three you’ve got nice coverage. It seems to me.

    Mary Jo Foley: 10:09 it’s true. Really true. Let’s talk about ignite a bit because this is another way I feel like people can try to keep up with all the changes by going to these conferences or if you can’t go at least watch the sessions that are recorded later, because they’re publicly available. You know, I get, I get this thing, and I think you do too, as an MVP, we get this thing before these kinds of shows called the book of news, right? And then Microsoft gives us this under NDA a couple days before either Build or Ignites start. And this year the book of news was about a hundred pages of announcements and many, many of them were Azure announcements. So you know, everybody’s like, Oh yeah, you have the book of news. So of course you know what happened. But I feel like still even with that, you need filters because there were so many things. But I think we both would agree. One of the biggest announcements at ignite around Azure was Azure Ark. I wonder if you could kind of put that in context for people because I tried to explain it as a lay person covering the industry, but I think you, well I’m positive you could do a much better job.

    Tim Warner: 11:18 Well try. Okay. So so putting this in context with that notion of the paradigm shift from on premises into the cloud. Um, right. So, you know, fundamentally I come back to the nest, the nest published a white paper that gives the essential characteristics of cloud computing and they talk about on demand, self service and resource cooling and elasticity.

    And in my experience, that’s what I think just about all businesses are looking for when they consider the cloud. How can we get some of this hyperscale, this easier management, this power and make it available to us with our infrastructure. And it’s the very few businesses indeed that can afford to do that in a private cloud. Now we have Azure stack, which is still expensive, but that could serve that need. And then there’s few businesses that can go cloud only and have all their infrastructure directly in the cloud.

    Tim Warner: 12:16 So hybrid is almost always the way that a business is gonna make their foray into the cloud. So Azure arc seems to fit into that pocket quite nicely where you can take the Azure deployment tools and the Azure resource manager API and models and extend that kind of instead of from on premises into the cloud. I’m thinking of the opposite, the cloud on premises and one of my to do items this week as a matter of fact, is to work through the tutorials at the Azure docs where you can onboard your on premises virtual machines and manage them seamlessly. And Azure right alongside your Azure native cloud VMs. So there is one huge value proposition, the ability to extend Azure services from the cloud in benefit, you know, get some of those amazing cloud characteristics in your existing on premises environment. Pretty powerful.

    Mary Jo Foley: 13:18 It is. I think it was kind of hard to stand understand because it also was presented in the midst of a lot of rebranding, like Azure stack becomes Azure Stack Hub and then they brought in Azure stack edge. And I think when, when they combine those two things together, it made it look a lot more complex than it really is. Yeah, I called it, I called it Microsoft’s hybrid two dot O play because I feel like Microsoft was already there, as you said, with Azure stack. But now they’re taking that a step further and trying to incorporate it so you can see all your resources wherever they are, even if they’re not in Azure or Azure Stack.

    Tim Warner: 13:55 Right, exactly. And I had that question right away about the relationship between Azure Arc and Azure Stack and I actually was able to find a unicorn at the conference. I found someone who makes his living deploying and working with Azure stack. So he was the perfect person to ask the question to. Yeah, I said isn’t Azure Arc robbing some of Azure Stacks business. And he said in his opinion, no, because number one Azure stack is a way to just bring Azure itself in a, say a disconnected scenario in a mineshaft or on a freighter ship in the middle of the ocean so that you didn’t see them as competing.

    Mary Jo Foley: 14:37 Huh. Interesting. Okay. Yeah, I kind of had that same thought too. I was like, okay, where does Azure Stack fit in now to all this? So that’s, that’s an interesting point. Now I know there’s another product that is near and dear to your heart. So much so they did a session about it called Azure Bastion. Right. And so I wrote about this when it was going into preview back earlier this year. And I used Mark Russinovich, who’s the chief technology officer of Azures description and I said, this is a service for secure access to your off internet VMs. That’s how he described Bastion. So I know, I know that you gave a whole session on this at ignite and I would like to hear how you think. Well, number one, what you think of the service. Number two, how you think this fits in with your initial thesis, which is how on prem and cloud management and peoples’ minds should or should not be different.

    Tim Warner: 15:33 Yeah, very much so. I would define Azure Bastion in an elevator pitch context as a managed jump box and a jump box being defined as a VM, probably a shared VM among several IT professionals where they can come in and one protected host instead of having worst case scenario, public IP addresses on your virtual machines. Talk about paradigm shift. Rule one never, unless it’s absolutely necessary, put a public IP on a VM running in Azure. It’s just asking for trouble right away. So we’ve got this drop in managed appliance that you, at this point you really don’t have any direct interaction with. It’s almost completely managed. The Bastion host will have a public IP address, but it’s very much screened. It’s just listening for traffic on the SSL port TCP 443 the idea is that your virtual machines don’t need any public IP, so you don’t need to horse around with a load balancer for instance to try to manage those virtual machines.

    Tim Warner: 16:40 The idea is as of today through the Azure portal, you just browse to your virtual machine, go to connect and there’s a separate tab there called Bastion. And if you haven’t deployed one you’ll be prompted to do so. And then you create a remote desktop session or a secure shell session directly in the browser. And that’s where we are right now. But I know it’s a near term milestone for their engineering team to support client apps. So cause that’s what we would expect. It seems to me is working IT professional. We don’t want to be tied to the Azure portal.

    Mary Jo Foley: 17:14 Right, right.

    Tim Warner: 17:16 That’s the, the the basic how to about Azure Bastion. A managed jump box.

    Mary Jo Foley: 17:21 Okay, nice.

    Tim Warner: 17:23 And that can solve a lot of problems speaking of paradigm shift because generally in my experience, again a business is afraid of missing something and their deployment and other words inadvertently exposing a virtual machine that they’ve got running in Azure to to bad actors.

    Tim Warner: 17:40 Maybe they’ve, they don’t know how to do a jump box or they they put a public IP on the VM. Like I mentioned before, that seems to be a trend seen with Azure as a whole. This, this trend toward rolling up separate products under a single name, front door would be an example or just selling these individual specific appliances like Azure Firewall or Bastion host that are meant to abstract a lot of that network and complexity that drives just about everybody up the while. I guess that’s the number one support issue that Microsoft gets, so Microsoft is trying to help I think in that regard.

    Mary Jo Foley: 18:21 That’s funny you brought that up because I had that same question is whether those kind of composite products that roll up a bunch of things into a single entity are actually performing as advertised or I think if I, if I were an IT pro, I might be worried about it over simplifying and over abstracting what I need to do and at to a level that I shouldn’t be trusting. How do you feel about that?

    Tim Warner: 18:46 It’s a valid point. I mean, number one, there’s a business that’s exerted the blood, sweat and tears to put up a geo distributed web application where they’ve individually deployed and configured. For instance, the Azure Content Delivery Network, Traffic Manager, Load Balancer, all of that kind of stuff where they know exactly what it is and how it works. And then they compare that wondering what am I missing or am I missing nothing? Did I Dodge a bullet by instead not doing, say front door where you just stepped through a wizard. And behind the scenes, Azure is putting out a CDN and a traffic manager profile, but it’s abstracted away most of the dials and switches. So my general guidance is if you’ve already got the, the knowledge capital or whatever the tech term is, where you’ve deployed the environment though those assets separately and it’s working fine.

    Tim Warner: 19:43 I guess there the question would just be a financial thing. Maybe on one hand could you save money and could you simplify administration by maybe going to something like Front Door or are you losing too much administrative flexibility to your point by allowing the composite product to abstract all of the dials and switches away. That’s just, I think it’s largely unknown. I haven’t read or heard much analysis on that question yet unfortunately.

    Mary Jo Foley: 20:13 Yeah, I was thinking it’s probably a matter of personal preference to some degree.

    Mary Jo Foley: 20:18 Yeah, definitely. If a business doesn’t have the knowledge to handle all those moving parts and they need almost a turnkey geo distributed app, Front Door is fantastic. Okay, cool. I have a personal question for you because you’ve given a lot of good advice for IT pros and some of it is applicable to me as somebody who covers the industry.One thing I have trouble keeping up with, and I’m curious how you do this is how do you keep up with which Azure product compares to which AWS product and which Google cloud product? Because I’m thinking in the case of like Google Anthos, those right and AWS Outpost. A lot of people said those things were very similar to Azure Ark. But then when you kind of drill down into the documentation, I’m like, but are they, so how do, how do you like compare and contrast? Like if somebody gives you got a question like, Oh, so what does Google have in this space? How do you, how do you keep up with that? Because I cannot keep up with it.

    Tim Warner: 21:19 Yeah. Well I have a good answer for Azure versus Amazon web services, but unfortunately it’s a tougher lift for Google cloud platform. And why do I say that? Because for whatever reason, I mean, as you know, Microsoft since Satya took over, has been so much more open and playing well with others and all of this, there’s in the Azure documentation library at least two very solid articles that are designed specifically for that question. In fact, one of them is called something like Amazon AWS service comparison. And the ducks team at Microsoft literally did a product by product table.

    Mary Jo Foley: 22:03 I saw that! So that was great.

    Tim Warner: 22:05 That was fantastic. Yep. So in that case it’s just control F type the product and there you go. There’s the answer. And then like I said, there’s a bunch of other stuff that’s Microsoft specifically curated for AWS professionals to help them in their learning curve. In terms of why I did see two or a elastic Beanstalk and all this over here, how does that relate to Azure? And they’ve answered that. However, there’s a complete absence of GCP and maybe there’s some political intrigue in the back of things that you may know more about than I do. But it’s kind of a void with GCP and Azure.

    Mary Jo Foley: 22:42 It is. It is. And a lot of times I feel like it’s not something you can even do an apples to apples comparison with. Right. Like Anthos to me is kind of like AKS for Azure, but it’s also sort of like Arc and there’s a lot of pieces to it. So it is sometimes almost impossible to even just do a side by side comparison.

    Tim Warner: 23:02 Yeah, that’s well said. Whereas Amazon and Azure so similar since Azure resource manager and almost is apples to apples. GCP I guess reminds me a little bit of Apple in terms of just doing their own thing and marching to the beat of their own drummers.

    Mary Jo Foley: 23:19 It’s true. It’s true. They, they, they do, they kinda came at the cloud from a different perspective and I feel like very different from AWS and Microsoft, which is just kind of interesting. Yep. All right. So, Tim, we are almost out of time. Anything else you want to suggest? We talked a lot on this show about resources, which I think is awesome because people ask me that all the time. But any, any other things like podcasts that we didn’t mention or even coursework? I know you do so much with Pluralsight. You can tote your own course if you want. Just things you would suggest for people who feel like I need to understand Azure a little better before I make the jump.

    Tim Warner: 23:59 Oh yeah. Yeah. I mean, of course I’m biased a bit because I am a teacher and so I come from an education perspective. But I mean, it’s crucial that you understand what you’re getting into. Especially if you’re, you know, an elder States person and you’ve done on premises data center work with a screwdriver in your hand for many years. I don’t want no stinking cloud. And then you realize that, you know, your boss says, well, you need to start looking at it. I would say number one, the Azure Docs are fantastic source of truth being open source.

    They’re, they’re very current and you can even edit them and submit changes yourself and associated with that, there’s two sites. One would be the Microsoft learn website. It’s forward slash learn. And the big feature there that I want listeners to understand is Microsoft has a sandbox environment to where you can work through these learning labs and actually gain real hands on experience using Microsoft subscriptions. And then from a, from another educational aspect from MS Learn, you can get to the Microsoft Pluralsight partnership courses and that’s what I contribute to as part of my full time job. There’s a bunch of free Azure courses that are mapped to the different job roles, architect, administrator, developer, etc. And I would say among those resources, you should be in a good position to attain your initial learning curve, get comfortable and get productive and Azure.

    Mary Jo Foley: 25:31 Nice, thanks. That’s, that’s fantastic. I didn’t realize you, you folks did a lot of free courses as well and I didn’t know that.

    Tim Warner: 25:37 Yeah, Pluralsight and Microsoft have been BFFs now for a couple of years and so we’re doing quite a bit of content that they make available through their website and those courses of which I don’t know how many hours. Of course it is, it’s free. You don’t, there’s no subscription associated with it.

    Mary Jo Foley: 25:55 All right, well Tim, we are now officially at a time, but thank you so much. This was fantastic. I can tell you’re a teacher because you made it really clear and very methodical in a good way, so thanks for doing that.

    Tim Warner: 26:07 That;s my goal. You’re welcome. And thank you Mary Jo.

    Mary Jo Foley: 26:10 So, for everyone else who’s listening, all you, MJFChat readers and listeners, we’re getting ready for our next chat right now. I’ll be posting that information on Petri and that will be your signal to send in any questions you might want to ask before we do the chat. All you have to do is go to the MJFchat area and the forums on and submit your questions right there. And in the meantime, if you or someone you know might make a good guest for an MJF chat, please do not hesitate to drop me a note. All my contact info is available on Thanks again!

    • This reply was modified 3 months ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: Windows 10 migration and management strategies #624417

    You can find an audio replay of the interview, here.

    Mary Jo Foley: 00:01 Hi, you’re listening to the MJFChat show. I am Mary Jo Foley, AKA your community magnet. I’m here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJFChat is going to be all about Windows 10 migration and management strategies. And my guest today is Aaron Suzuki, who is the founder and CEO of smart deploy. Hi Aaron. Thanks for coming to the chat. How are you?

    Aaron Suzuki: 00:37 Hello. Great to be here. I’m doing well. Doing very well.

    Mary Jo Foley: 00:41 Good. I wanted to talk to you now when we’re about three months out before the end of Windows 7 end of free support because I think this is high time for people who either are maybe in the midst of migrating from seven to some other operating system, possibly windows 10 possibly not, or some people who have not yet started and are kind of freaking out at this point thinking, uh oh is it too late? But yeah, and for those who haven’t heard, I don’t know how you haven’t at this point, January 14th, 2020 is the date after which Microsoft will no longer provide any more security updates for Windows & unless a company agrees to buy them either through extended support updates or in some other way. So that that means as you told me, Aaron in an email exchange we had, wWndows 10 is basically a strategic inflection point for it pros who manage the enterprise desktop.

    Aaron Suzuki: 01:44 Yeah. Tt’s not, it’s not unfair to say that. I think for a number of reasons. And you know the interesting thing is the date is January X for end of end of Windows 7 but is it really that is definitely the date today come November, will it be come December? Will it be? So, you know, this is something we saw with Windows XP and that carried on for a long, long time and much longer of course than Microsoft would like it to when it’s because customers were very unprepared or rather they were so entrenched that it was really unfair to kind of do that to them.

    And it put a lot of Microsoft business and reputation at risk. So I think this notion, the discussion, and I think you really teed it up well of saying, Hey, you can buy more support like planting that seed now, like, yes, there is this hard stop in January, but we’re going to keep making stuff and you can pay for that and it will cost you dearly because we don’t want you on that, but we’re not going to leave you hanging.

    Aaron Suzuki: 02:50 That’s sort of a new narrative, right? Compared to where we were all the now years ago when we migrated from XP. The idea of the fact that this is more, a more strategic time is in that wave. When we got into, you know, what I would consider this more modern versions of Windows 7, 8, 8 and 10, you know, there’s all kinds of new approaches. But, It’s worth rewinding back to that sort of XP migration time frame to look at what has happened. I mean a lot’s happened.

    Mary Jo Foley: 03:34 It’s true. That’s true. I know there’s so many other things that happen between then and now and it’s not fair. Like you’re implying to think it’s going to unroll the same way it did with XP, right?

    Aaron Suzuki: 03:49 That’s right. That’s exactly right. So we have to consider, you know, kind of the whats, whys and hows and there are, there are new ways to do this job and it kind of goes back to the really fundamental aspect of deployment, operating system deployment, operating system migration, which is an imaging question.

    Mary Jo Foley: 04:13 Exactly.

    Aaron Suzuki: 04:14 And that’s something that we do a lot of and as part of this landscape of PC management, which is, you know, sort of been grossly neglected. You know, there was just this great wave of products for a number of years and then everything came to a screeching halt because everyone focused on RMM and they focused on, you know, all of these other scenarios and then the cloud happened and, and so there was a lot of, not distraction, but I think just maybe the desktop, the PC stopped looking quite so shiny and it wasn’t the place that growth was happening was the perception. And validated by the market truthfully. But, you know, there are still half a billion or so of us that all use Windows PCs and we rely on them to get our work done.

    Mary Jo Foley: 05:02 That’s true.

    Aaron Suzuki: 05:02 So how does IT get this job done when, you know, it was the old way of doing it, sort of sector based and you get your, the exact make and model that you’re going to get 5,000 of from the manufacturer and you say, yeah, we’ll test this one, this looks good. Okay, we’ll keep a couple to build our image around and then we’ll take shipments and you know, you decide whether you’re going to have your MSP or your reseller image them and hand them to you kind of pre imaged or if you’re going to do them yourself. And you know, there’s sort of all of these questions about the way.

    Mary Jo Foley: 05:40 You brought up to me when we were first talking about doing this chat, you said, you know, a lot of these IT pros, they’re still in the stone ages when it comes to imaging, right?

    Mary Jo Foley: 05:49 Like they still think about it in the old ways, but there’s so many new variables, new tools, new approaches. And it’s not just the old way of here’s how you image it or have your OEM image it or have a reseller image it. Now you yourself can take much more of a hands on approach if you want. And it’s not so painful. Right?

    Aaron Suzuki: 06:10 That’s exactly right. And I think, I think that’s unfortunate because I think the innovations stalled there. There wasn’t this opportunity for IT people to look at it and say, Oh yeah, there are these new ways I’m gonna try it this before. I’m gonna try it that way. For a while there was so much pain, it was almost like a PTSD kind of moment I think. And the reason that we know installed that badly is that our support team talks to customers and their image names are still Dell Opta Plex 70 70 or Lenovo ThinkPad T 4 70 so we know that hardware based sector based imaging is still what a lot of people are doing, which is, you know, kind of it’s, it’s, it’s like that old blanket that is tattered and torn to pieces and you know, stains that won’t come out.

    Aaron Suzuki: 07:06 But it’s soft and you know, and it just gives you this comfort and there are warmer blankets and they’re, you know, easier to clean blankets. But boy that, that’s just my safe place. I feel like that’s, that’s so much of what’s going on and with good reason because these problems that you run into are incredibly time consuming and people don’t have time for that. IT teams, have all these demands and you’ve got to do more and automate everything. And why is this a problem? You know, there’s a lot of pressures. So you know, if you’re going to make a bet on something, it’s not going to be a bet that you’re going to risk, you know, investing, you know, lots of time in supporting one device. Like people don’t have time for that. So, so that’s, that’s where I think it’s worth it. You know, again, a strategic inflection point, you’ve been, you’ve been, you know, kind of waiting along in the trenches and continuing to have your, you know, T four 70 image and it works great for your T for seventies and maybe you will or won’t move to another manufacturer or model, but you’ve just accepted that I’ve got to create a new image for a new device.

    Aaron Suzuki: 08:15 Just take a second and look at what’s out there, right? There’s new image standards. You can use virtual machines to help in this process. There are all kinds of ways to go about this. You can start using more cloud services to reach remote workers and address BYO. And all these other things that are happening, but we’re still sort of hanging on to that old blanket that’s comfortable to us. So one thing a key consideration here is drivers.

    Mary Jo Foley: 08:51 Right? I was actually going to ask you about drivers actually. Let’s talk about non-sexy parts of this process, right? But ones that trip everyone up and driver management is one.

    Aaron Suzuki: 09:04 This is the crux, the very crux. So windows works and we know it works and it has its soft spots and deficiencies. And we know that you know, I am a believer that windows is kind of a miracle because there really aren’t many other organizations that have successfully gotten an operating system to run on so many different kinds of hardware.

    Aaron Suzuki: 09:26 And you might argue now very, very recent announcements. Maybe this is changing maybe or they’re going to have different versions of windows for different kinds of hardware. Okay. Maybe, maybe, but we’ve heard that story before too. We’re still in a place where we rely on windows to do work and IT does its job to help people do more work. And in the process, the expectations, IT has to do less work. How? Well there are all of these trade offs that happen in the job of migration, deployment, imaging and part of that is an inevitable process of preparing the image with a process called Sysprep and you can only Sysprep so many times. So how do you circumvent that? You create an image that has no memory or you create a reference computer that has no memory and better what better platform than a virtual machine.

    Aaron Suzuki: 10:22 And we’re constantly reminded that the whole universe is not aware of the power of virtualization and the whole universe is not sprinting to keep pace with the industry. A lot of IT people are in a battle for survival, right? In no inconsequential way. These are people who are just putting out fires and trying to prevent fires and get people working and keep people working. So to take that time to get ahead and evaluate this can can take some effort, but the virtual machine can preempt a lot of problems because it has so few drivers going back to this driver discussion, right?

    It doesn’t take as much. It doesn’t have all the bells and whistles, especially with a laptop or some of these modern devices. Moreover, these devices are starting to converge. Right? So look at your phone. You’ve got how many cameras now? The front facing camera, multiple back facing cameras and a GPS sensor and all of this stuff.

    Aaron Suzuki: 11:25 Well that’s all in our PCs now too. So we have, you know, a million Bluetooth things and all the specialties that do all this stuff. How do you get all that to go well, all those things take drivers. And so those have to be added at the right time and the right way or it doesn’t work so great.

    Mary Jo Foley: 11:46 We’re even seeing Microsoft in that same dilemma, right? With Windows 10 of these feature updates because every time they, the feature update, there are blockers for certain PCs that can’t take it. Inevitably their drivers, I mean is like whenever it’s the block I’m like, did you check your drivers? Because that is probably what it is.

    Aaron Suzuki: 12:04 You are speaking truth, this is the truth of it. And so, so that’s the other part of this whole Windows 10 consideration and discussion is this is not going to be, it is not exactly what it appears on the surface in terms of the promise of Windows 10 being this is the last windows operating system that we’re gonna make.

    Aaron Suzuki: 12:28 It’s the last one is the operating system you’re going to buy. It’s all windows 10 from here forward. That is not exactly how it is. It’s a lot more like, it’s always been that and so you have to keep pace with this as an IT person and how are you going to do that? It again goes back to having a very flexible starting point and realizing that your updates strategy might be re-imaging every so often, right?

    That might be part of this. And so part of this strategic inflection point of getting to Windows 10 or using Windows 10 if you’ve already started down this road as an opportunity to pivot into this other motive of Windows delivery in a sense is looking at it and saying all of our assumptions about the way this is going to work or may or may not be true.

    Aaron Suzuki: 13:22 And now that we know how this is going to work, let’s look at the way we’re doing it and ask ourselves if we can do it better and more efficiently. And it may mean insourcing versus outsourcing among other things.

    Mary Jo Foley: 13:37 Do you think it’s oversimplifying to think about management strategies on Windows 10 the way that many IT pros think about Windows 10 and office. And by that I mean the idea is touch the minimal number of times that you can a single desktop when you’re updating it. So does that apply for management along with something like office?

    Aaron Suzuki: 14:00 Yes, I think it does. And, and again, the question is how, so, you know, Office 365 is set up in such a way that that’s a possibility and how do you do more kind of self-service delegation to the end user button manage with policy so they don’t get themselves in trouble.

    Aaron Suzuki: 1421 And how do you capitalize on, you know, sort of better informed end users and workers coming into the workforce, kind of more adept digital natives, who are going to do that. But also with the sophistication of attacks going on and all these other things prevent them from getting themselves in trouble. Right? So there are good tools and you know, we make such tools and, and you know, Microsoft’s improving their tools.

    There’s a lot of good options around to be, to do that where some, some pieces of the picture are required. They’re mandatory, they get pushed down by policy. Some of them are self-service. I can go to the app store and choose these things and install them. Some of them are kind of IT hands off. There’s a category of capabilities that you can do on your own right there, there becomes too a very, very important compliance question in all of this, right?

    Aaron Suzuki: 15:18 That, that is increasingly inescapable. Now only the EU stuff. Um, but our own stuff, uh, here in North America and in regions beyond, and it varies by industry. You’ve got, you know, sort of in North America, the HIPAA stuff and the financial services industry has their own set of requirements.

    That becomes a part of this picture too. So it’s about thinking about, all right, how are we going to make this so that I can do all the things that the organization expects of me and do them really well without causing myself more headaches that are just gonna make my life and my users’ lives miserable. And then I get a bad review. And you know, everything is slipping and deteriorating, but it was supposed to be so much better. I mean, there’s so much to reconcile comes a really, really kind of painful problem.

    Mary Jo Foley: 16:15 So do you think we should be thinking about things? And when I say we, I mean IT pros that they, I should say they, they should be thinking this is the end of the era of things like Systems Center Config Manager and now we should just not be thinking about Group Policy and we should be thinking about automating everything, virtualizing everything or is that just can it be an add instead of an or?

    Aaron Suzuki: 16:41 I guess I would say I think it can be an and, and I moreover I think it can, it could be system centerish type tools, SmartDeployish type tools for a long time into the future. I mean part of it in the case of citizen center is you know, up to Microsoft and their discretion on the way that they take that. Yeah, we are betting on the desktop and we’ve always been bullish on the desktop.

    Aaron Suzuki: 17:05 And I think it’s even more important when you consider the way that the world is thinking about that Edge relative especially to the cloud. And you can see this on phones for example. So it is no, no secret that increasingly your service providers, whether it’s Google or , you know, whatever Facebook, they’re trying to push more of the work down to your handheld device so they don’t have to do as much in the data center.

    Those compute cycles are expensive. You’ve got all this storage right in your hand. We really have the same thing in end more on the desktop. Right. So how does become a part of the literal fabric of the future of computing? How does that get woven into the modern context? How is that managed in a way that allows it to exploit all of that capacity that is, you know, kind of an underutilized or completely unutilized.

    Aaron Suzuki: 18:10 It’s not unlike the kind of data center revolution we had with virtualization. Right? We’ve got these workloads that are very important, so we have to dedicate computers to them, but their average utilization is like 8%. Well, it sure would be nice to make more of that. We have a similar thing. I am an engineer and I use very high end CAD equipment, CAD software. I’m only using my computer 8 or 10 hours a day.

    What about the other 14 hours a day? And how does that turn into something that becomes ultra powerful to the organization but managed in a way that everyone’s still in compliance and I’m not making usability compromises, you know, and so on and so forth. So you were very, very bullish and progressive I think. And sticking with this and history has kind of proven this to be the case.

    Aaron Suzuki: 19:02 You know, we are, we’re always looking over our shoulder to see if something’s coming this way, right? Whether it’s, you know, surface pro X or um, you know, possibly a Windows 10 X kind of scenario that’s going to upend this. But I think that’s why those are out there as I think Microsoft is kind of testing the market with these different devices and operating systems in the same way to say what’s going to take here. Right? And this is their cut number three now. And it keeps going back. And I think part of the reason it keeps going back is because I like the notion of us versus them. I still consider myself an IT person and I like that you fall into that too. And maybe it’s more empathy than anything now that, that we’re all saying, no, this is a paradigm that I’m comfortable with.

    They understand I can move much, much faster on this. You know, because there’s been these waves historically where, you know, analysts, journalists and you know, no fault of yours. I don’t know necessarily where you stood in this a decade or so ago, Mary Jo, and industry itself, the, the organization’s all said Oh, PC’s dead. It’s all about the phone and then it was all about the tablet and then it’s over. You keep coming back. We keep high Tivity ultra powerful device.

    Mary Jo Foley: 20:24 Yeah. I like your focus on timing is good too because I feel like you actually co, well you didn’t coin this phrase, but you propose this phrase to me when we were talking, you said, you know what? I”t’s always never a great time to revisit your PC management strategy.” And I’m like, you know what, the whole timing thing is super interesting because you can always just keep putting this off and saying, you know, I’m going to wait to see what comes next and I’m waiting for the next wave and I’m gonna, I’m gonna wait to redo my management strategy for the desktop until I really figured out, is that desktop sticking around or what’s the desktop? Right. So what, when you say that to people, what do you mean specifically? Like is it just, you know, what, you can’t put this off forever or is there more to that?

    Aaron Suzuki: 21:07 No, it’s exactly that. You totally nailed it. And I chuckle because you know, lived, we’ve lived this for the last decade of, you know, Oh, it’s, you know, this is dead for this reason. It’s dead for that reason. You know, keeps dying, but we all use this. I joke, I’ve got, you know, lots of industry friends and all my buddies like, Oh you are, you’re dressing back yet. It’s like, well no, I mean we keep, we keep doing our research and not enough.

    Aaron Suzuki: 21:34 He’s like, it’s so funny, you know, everyone’s sitting around in my meetings, they’re all carrying Macs. I said, yeah, but what operating system is everyone running?

    Mary Jo Foley: 21:41 Right?

    Aaron Suzuki: 21:42 He just laughed. And so and so that’s part of this, right? You can keep putting it off, but what is the trade off? Right? The trade off is you’re calling our support team and saying, yeah, you know, 70 70 image is having this problem with your, with your solution. Okay, cool. That’s a tell right there. And it’s really just, Hey, get on. And you know, the business is growing like crazy and I think it’s because a lot of people are on board with this notion that, okay, thought it was going to die. I thought it was going to die. Again, hasn’t, we’re paying all this money to whomever to do it for us.

    Aaron Suzuki: 22:24 We know there are better tools. I was tasked with this, found it, it delivers on the promise. My brain’s exploding, you know, how do we get the rest of the way there and how do we bring other things into it? How do we use, you know, the 25 terabytes per user of cloud storage we have to to reach customers, you know, in far flung locations or you know how do we move this in alignment with the rest of the infrastructure that’s also evolving. And that’s a place where I think a lot of a lot of vendors are falling short.

    Mary Jo Foley: 22:57 Yeah. Yup. Is there, is it possible even to say, here’s the checklist I’d give it pros who are thinking about migrating when it comes to desktop management. I like to close out my chats with resources or checklists or things like that. Like kind of a call to action. You know, and I’m not sure if this is too broad a topic to do that with, but um, are there, is there anything like top three things that IT pro should think about when they’re thinking about actually taking on changing their management around desktops?

    Aaron Suzuki: 23:30 Yeah. I don’t know that there’s as much there. I mean they’re, there, there are many checklists like at a technical level, but I think the key strategic questions to ask yourself, if this is your job and there are lots of people for whom this is still your job, these are people also have probably many other jobs, right? Maybe you’re also like some database person or you have these other responsibilities, you know, manage active director or something. But you want to ask yourself, how are we going to buy devices in the future?

    Aaron Suzuki: 24:02 Do we want to, do we want to truly standardize? Is it really worth standardizing on manufacturer or manufacturer model? How often are we going to refresh? What, how is that going to play out? Where is our workforce? Is it still really highly centralized? Is it increasingly distributed? And if the answer is distributed, how are we going to reach them? Right. I think there’s a third kind of group of questions, which is how are people working? Right?

    Are they, are they continuing to require devices that are high powered, high functioning? And, and as a result of that, what is my job? Is my job just to, to kind of do, you know, be the first responder, you know, should I just have my crash kit and be ready to address problems or are we gonna try to, you know, bite the bullet and get ahead of this and put in a system that’s going to give people more tools and more ways to get at, cause they get themselves ahead to prevent fires themselves. You know, I think that that, that’s the kind of I dunno not ecosystem, it’s the Headspace maybe to get into to think about how to address this. It’s a hard environment.

    Mary Jo Foley: 25:24 Right. That’s great. Nice. Well thanks. That’s a perfect note to end this chat onI think Aaron’s, so I wanted to say thanks again for doing this fun. Really interesting. Yup. And all of you listeners to MJFChat, we’re getting ready for our next chat right now, so I’ll be posting that information on Petri and that will be your signal to send in any questions you might want to ask before we do the chat. All you have to do is go to the MJFChat area in forums on and submit your questions right there. And in the meantime, if you or someone you know might make a good guest for an MJF chat, please do not hesitate to drop me a note. My contact info is available on thanks again.

    • This reply was modified 3 months, 3 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: Modern management using MDM services and Intune #624229

    You can find an audio replay, here.

    Mary Jo Foley : <u>00:00</u> Hi, you’re listening to MJFChat show. I am Mary Jo Foley, AKA your community magnate. I’m here to interview tech industry experts about various topics that you are readers and listeners want to know about. Today’s MJFhat is going to be all about modern management using MDM services and Intune. My guest is Jeremy Moskowitz, a 15 year Microsoft MVP, founder and chief technology officer of and PolicyPak software. Welcome Jeremy.

    Jeremy: <u>00:41</u> Thank you. Thank you. Thank you.

    Mary Jo Foley : <u>00:42</u> Nice to have you on the chat.

    Jeremy: <u>00:44</u> I can’t believe we’re finally doing this, this is super exciting. I’m such a super fan, I’m bursting of a fanboy.

    Mary Jo Foley : <u>00:52</u> Aww, you know what, fave we ever met in person? That’s what I was thinking.

    Jeremy: <u>00:56</u> We met in person. You were like just hanging out with some pals and , I was just like, come on. I’m going to go by the bar and see who is there. Oh my gosh, it’s Mary Jo Foley. Woo.

    Mary Jo Foley : <u>01:07</u> You know what? I feel like I feel like I know you just cause I’ve seen your picture everywhere and I’m like, I know I’ve met this guy before. Right?

    Jeremy: <u>01:15</u> I have that kind of face. I have the face.

    Mary Jo Foley : <u>01:17</u> You do. Oh, and I forgot to mention too, for our listeners, Jeremy just recently published a book. Here’s the title. Get ready. “MDM: Fundamentals, Security and the Modern Desktop using Intune, Autopilot and Azure to Manage, Deploy and Secure Windows 10” . I hope the book is big enough for that title.

    Jeremy: <u>01:37</u> Yeah, yeah. I didn’t publish it. I wrote it. But, you know the Dummies guys, published it. So it’s not just a self publishted book, although I appreciate people who do self-published Amazon stuff. That’s amazing. But this is like a real publisher, you know, real quality editing pictures, screenshots. It’s like a real thing.

    Mary Jo Foley : <u>01:59</u> All right, that’s great. We’re going to just jump right in and get you talking about the subject, you know best. This is kind of a softball open ended question, but I also am interested to hear your answer. What makes device management modern in your view?

    Jeremy: <u>02:17</u> Yeah. That’s not a softball question, I think that’s like that questions legit. So what makes something modern? Well, I think, I think to make it modern, it would be, there’s a couple of different angles. I mean, honestly there’s no really one direct thing. But I think, I think the best way to describe like what modern would be is to kind of like reach over toward the end zone goals.

    Jeremy: <u>02:42</u> Right? So I think the end zone goals are the kinds of things like that would help us, open up new scenarios that don’t exist in traditional management. So the kinds of things that I think are the best kind of targets for modern goals would be to have less stinking servers. Right? Like that’s the first thing. Because if you ask any, you know, organization of any size, like how many servers do you have?

    They kinda like grumble into their armpit and say, “Oh, I have 8 billion servers.” And especially the things that are like the SCCM servers and active directory servers and so on. So like just like get getting that count reduced. It would be a primary goal, which in and of itself doesn’t, doesn’t really get anything toward the client, but it is kind of a gist of the goal.

    Jeremy: <u>03:32</u> The second thing would be more direct communication, right? So you’ve got your endpoints and you have a straighter line of sight to them, right? So if you take something like group policy, you just take something like SCCM, it’s at least one hop, maybe two, maybe 12, between the time you click, I want to make it happen. And the time that that client picks it up in modern management world, that’s not true at all.

    In modern management world they’re cloud joins are always on, always connected. They’re, you know, making nice to your MDM service of choice, which we’ll talk about. And then, communication is more direct. So then that that opens up, what I call the kind of new scenarios that you kinda can’t really get, without a lot of you know, grinding and, you know, teeth mashing.

    Jeremy: <u>04:19</u> So the kinds of things that you open up would be like new out of the box experiences and you know, you’ve heard of what autopilot is. And we can talk about that a little bit more down the lane. But you know, that kind of opens up a new out of box experience. And then also like remote wipe, right? So it’s like somebody leaves the company, somebody changes job roles. We’ve all heard about the ghost factory in the basement. Maybe there’s, maybe there’s a better way. So the goal for me, modern management is, you know, is trying to track track the kinds of ways that we’re working today that may be the same as what we’ve done in the past, but also new scenarios that are kind of enlightened and opened up only when you sort of have this kind of cloud connected thing that’s happening.

    Jeremy: <u>05:00</u> So that was kind of a complex answer to kind of a simple question.

    Mary Jo Foley : <u>05:03</u> No, it’s good. That was good. Then when you, when you talk about mobile devices, you don’t just mean iPhones and Android phones, right?

    Jeremy: <u>05:10</u> Yeah. In fact, for me, I’ve never even touched an Android phone. Like, like, wow, I’ve seen people use them on airplanes. I have never even typed on one.

    Mary Jo Foley : <u>05:19</u> Wait, what do you, what are you gonna do at Microsoft comes out with this new Duo phone?

    Jeremy: <u>05:26</u> I think it would have by it. I think I would check it out. I think it’s worth checking out.

    Mary Jo Foley : <u>05:31</u> But what you focus mostly on is managing windows devices, right? Yeah. Right. So for in the book, like some, somewhere in the introduction I say something to the effect of like Androids and iPhones and you know, all sorts of unusual devices are, are, are interesting and nifty and they actually, that is another aspect of what’s cool about modern management is that, um, all these, you know, kind of disparate style of devices can be, um, reasonably well managed under a single what they call pane of glass, which is not exactly accurate, but like when you pick your MDM tool of choice, which again, we can talk more about that.

    Jeremy: <u>06:06</u> The idea is that, you know, your iPhones, Androids, tablets and windows machines are all kind of joining the same universe. The MDM service lets you do so you can partition, you know, who can do what to what devices because they’re all kind of joined. In active directory land, that’s really that’s kind of hard. I mean, there are ways to sort of get your max in there. They’re sorta kind of ways to get your iPhones, if you like, really cram it hard. But it’s not, it’s not its goal. It’s like it wasn’t designed with that in mind. But this modern style method of saying, Oh, I’m going to have these, I’m going to have the end point itself has a little moving part. And that’s really what we’re the MDM engine lives.

    Jeremy: <u>06:50</u> That’s the thing that’s sort of the secret that like the big secret that nobody really talks about for some reason is that an all of these devices including really unusual devices like HoloLens and, probably these nifty devices that we haven’t seen yet that are, you know, on the, on the board for Microsoft, they’ll probably also have an MDM engine in them. And then that is what gives us the magic of being able to join an MDM service of our choice and being able to, you know, manage them from the cloud as opposed to our on prem services apps.

    Mary Jo Foley : <u>07:22</u> Some apps also have an MDM engine in them too. Right?

    Jeremy: <u>07:26</u> Well, so when we talk about apps, we’re typically talking about this other thing called MAM and MAM is sort of like, okay, the app has to be enlightened and it has to be coming from the manufacturer and it has to know about your rules.

    Jeremy: <u>07:43</u> And if then you do a copy or you try to do a paste, and then tries to like explode it, you know, or detonate the problem. But that’s technically, you know, that you can deliver a MAM directive over MDM, but the MDM kind of enginey/moving-party thing that’s in the iPhone operating system, the Android, that’s in the Surface, that’s it. You know, that that’s what’s in Windows and you know, that’s the guts of what’s in the device.

    Mary Jo Foley : <u>08:09</u> Gotcha. So maybe I should take a step back and have you talk a little bit about what is MDM and how is it different from group policy, which I think group policy is something probably many of the listeners and readers use and know a lot about.

    Jeremy: <u>08:25</u> Sure. Well I still spend a lot of time in group policy land and I just, you know, I think if I had to guess one of the questions of the people who are probably listening to this, because I get it a lot.

    Jeremy: <u>08:37</u> It’s like is group policy dead? Is it going away? Do I have to run to MDM land? And I’m going to just put it right out there and answer. No, it’s not dead. You don’t have to run to MDM land. You have a really, really long runway. Maybe forever. The way to think about this is, first of all, does Microsoft still use it internally?

    Oh yeah, they do. And second is, do they ship a product that currently has active directory? Oh, they do, then you’re probably, you’re fine. So until they turn those two lights off, then there’s nothing to worry about with regards to group policies extended lifetime out there. Now, that being said, it is true that Microsoft’s emphasis is in enlightening these new modern scenarios that you know, and they’re putting their resources into getting MDM, you know, more better.

    Jeremy: <u>09:30</u> But let’s do a quick compare and contrast. So group policy of course requires on-prem active directory.It has a, you know, its protocols are Kerberos and SMB to do the work. Group policy is pulled from a server and it has, you know, 39 categories of interesting material that you can download, stuff like admin templates and folder redirection and all the group policy preferences and also third party tools. Like you know, PolicyPack and other things that you can kind of tack onto your existing group policy.

    So we already know, you know, we kind of like got that pretty well. MDM on the other hand, again can be lots of different device types, which we already talked about. It has the MDM engine in the device. You don’t join, I don’t know, you call, you do what’s called enroll, so you enroll into an MDM service.

    Jeremy: <u>10:18</u> The ironic part is that you actually pick an MDM service of your choice. Now some people are confused about that. They’re like, Oh, is that, is that Azure? Is that Intune? What, what is that? So let’s actually clear that up. So Azure is the directory service. That’s simply the identity that says, who are you and what’s your computer trying to do on my network?

    Right? So it’s the thing that’s like getting you the lock and key about who you are in the first place. But then after that your machine goes backward and enrolls into an MDM service of your choice. Now keep using that same phrase of your choice because there, there is choices. Now I am an MVP in enterprise mobility for Microsoft, which means that I focused and you know, my doing my comings and goings and also the book in Intune.

    Jeremy: <u>11:07</u> But there are choices out there. There’s a VMware Workspace One, there’s Citrix, there is you know, mobile iron. There’s a bunch of cloud-based MDMs that you could use as your MDM of choice. And the thing is, and the here’s like the little dirty little secret that almost nobody kind of like talks about out loud. They’re all basically the same. And the reason why they’re all basically the same is that remember the engine in each of these devices is the engine and the devices. So what’s happening in the MDM service is you’re pushing the buttons and saying, I want to do the things that gets translated to a little piece of XML snippet code. It then downloads the device and the device is like, Oh, I’m trying to do something, I’ll do it. And so because of that, it doesn’t really matter which MDM service you use to perform the work because the work is all the same work.

    Jeremy: <u>12:00</u> Now there is some differentiation amongst the MDM services. Some try to have more clickety click things you can do. Some have some nifty what’s called sidecar extensions, where you can add more features that would not normally be part of the MDM engine, but technically the directives they’re delivering and the thing they’re talking to, it’s all lingua franca and they’re all kind of pushing the same buttons.

    Mary Jo Foley : <u>12:24</u> So, so you are a Microsoft MVP. So I expect you to kind of be favoring Intune when you’re giving people advice about MDM, but if you’re trying to be somewhat unbiased, what does Intune do that some of these others don’t?

    Jeremy: <u>12:41</u> Yes. I hope in my last answer, I was being as thoroughly unbiased as I could.

    Mary Jo Foley : <u>12:46</u> You were. You were even giving away secrets that Microsoft probably would not like out there.

    Mary Jo Foley : <u>12:51</u> Right? Right. Don’t tell everybody. Exactly. So, right, that’s where organizations that have MDM services can differentiate. There is a way to sort of like if we kind of look closely a Honda and a Toyota and like a Subaru. I mean come on, they’re all pretty close, but there’s some differentiation if you like squint a little bit. Same kind of idea. Okay. So in Intune land, like I said, they had this idea called the sidecar service. The sidecar service is a little, extra piece of running code that will hook into windows directly. It doesn’t hook into anything else. It will enable you to do things like install what’s called wind 32 apps. We all know what those are like the wind zips of the world, the Acrobat, you know, acrobats of the world, those kinds of things.

    Jeremy: <u>13:40</u> Where before, the idea of installing, you know, wind zip dot XC with slash install slash you know, directory ABC, that’s not a thing the MDM engine can do. OK. So they built it as a little sidecar engine and the other guys probably, you know, have, have a similar idea of that too. But I’m saying that that is where the differentiators can start to appear in these MDM guys.

    Mary Jo Foley : <u>14:07</u> Gotcha. Okay. So we’ve talked about MDM. We’ve talked about Intune and we’ve talked about Group Policy. Can you use MDM and Group Policy together or is it an “or” or is it an “and”.

    Jeremy: <u>14:21</u> It actually can be an “or” or an “and”. I haven’t had any coffee yet this morning, so that’s a bad sentence right there. But yeah, that’s hard. Yeah. Like Bill Clinton, tell me what is is, right.

    Jeremy: <u>14:36</u> So you can have a machine that is both what’s called MDM enrolled and also on prem joined. It has a really nifty, you get to use as a cocktail parties. I like to say in the book it’s called DJ Plus Plus. It’s pretty cool, right? DJ Plus Plus. So it means your domain joined but more, right. So you can get directives from both houses. So you can get a Group Policy directive if you want. And you can also get an MDM directive. Now my advice in the book and also like in real life would be, you know, you can do that, but you know, try to not get directives targeting the same thing. I’m going to make something up real quick. Let’s call it KillQuartana you don’t want to try to KillQuartana using Group Policy and KillQuartana you know, using MDM, that’s not good.

    Jeremy: <u>15:32</u> Now there is something in the MDM, moving part to try to negotiate that. It’s not on by default. You have to actually set it on and you can only set it in one direction, which is that you can only declare that MDM is going to win. If you don’t set it on, what happens instead is that the value becomes unknown. So you can’t know if you turn it on in one house and turn it off in another house. You can’t actually know what the state is going to be. Which is problematic for most people. So that is why they have this idea of like forcing MDM to win over Group Policy. But the point is, is like I would try to stay away from that, trying to poke the bear from two different, you know, ways.

    Mary Jo Foley : <u>16:15</u> Yeah.

    Jeremy: <u>16:16</u> That’s probably not in your best interest. So yes, you can do both. That’s how it works.

    Mary Jo Foley : <u>16:20</u> Okay, good. I remember, I think it was last year, Microsoft started talking about co-management. The idea of concurrently managing Windows 10 devices with Config Man and Intune, how does that fit in here with, you know, making a choice between MDM and Group pPlicy and existing tools and new tools.

    Jeremy: <u>16:41</u> Well, okay, that’s a pretty broad, so let me start off with what is co-management and what’s the like what’s the goal and all that stuff. Now, right there, there are people who are better suited to answer the parts about, SCCM than I am. I’m going to give it a shot. CauseI’m not purporting to be Mr.SCCM propeller head level. That’s my bailiwick. But that being said, the idea behind co-management is that you can marry up your SCCM to your Intune and then there’s, what’s this idea called workloads.

    Jeremy: <u>17:14</u> And the idea of a workload is there are different categories of functionality that you can achieve in either SCCM or Intune. Well, golly, if you want to do some and SCCM and some an Intune, there’s is nifty slider thing and you’re saying, instead of managing my updatesm my windows updates using SCCM that I used to do, I’m going to say goodbye to that and make Intune do it, but leave the other workloads, you know, working fine and SCCM. So on the one hand, it gives you the ability to sort of, you know, co-manage, use SCCM, the right tool for the right job and or Intune for the right tool for the right job, or at some point maybe cut the cord and say goodbye to SCCM. I think that’s what they’re going for there from a group policy perspective.

    Jeremy: <u>17:59</u> Like I said, I sort of had this idea of co policy management, right? So the idea that there is what we kind of talked about earlier of you know, who wins in Group Policy land and MDM land. So it’s sort of like you do sort of need to know, how to turn that on, how it reacts and sort of be smart about, what happens when you started rolling machines and you have group policy because something’s gonna win and you may not know what it is by default.

    Mary Jo Foley : <u>18:28</u> Okay. That helps. Thanks. Microsoft autopilot, the automatic provisioning service that they’re touting these days, how does MDM fit in with this and, or how should it fit in?

    Jeremy: <u>18:43</u> Sure. Let’s talk about the best case stories first.

    Jeremy: <u>18:48</u> Let’s go with like the brochure slicky brochure stuff first. So the idea is, you buy a palette of machines from Dell or Lenovo or your favorite vendor that that is participating. Okay. And you know, man, what a pain in the neck it is to take that pallet, take a perfectly beautiful operating system that’s already been provisioned on it by the manufacturer, which is probably the best it’s ever going to be. In the old day. You’d bring that pallet up in, in house, go to the ghost factory in the basement, smoke it, do some manual touching to that machine to get it ready for, you know, , Fred out in the field and then ship it over to him and, in a FedEx box. And then he opens it up and like, hopefully it works the first day, right? Like that’s the, that’s the old style.

    Mary Jo Foley : <u>19:34</u> Okay.

    Jeremy: <u>19:34</u> So what autopilot’s trying to do is try to like flip this whole pro, like take all of that and just say goodbye to all that. So now you buy a pallet of Dells or IBM’s or whatever it is from your participating vendor. They have magic purple fingers that go into your Azure tenant and will tell your Azure tenant, which in there called hardware IDs or a, you know, some kind of specialty hardware ID that signifies which of which machines we’re talking about so they know that they’re yours and not some other persons.

    So they go into your Azure and tell your Azure automatically these machines are are going to be shipped. Now once those ideas are in there, you can associate them with various groups. You can, you can know that ShipIt number one is for the sales team and because the sales team is all around the world but acts exactly the same, you can maybe drop ship those machines directly to the sales team and in there in their house or in Starbucks or whatever, they can open it up and magic occurs.

    Jeremy: <u>20:39</u> It automatically knows when windows is starting for the very first time to look up into the internet, look into brain, find your Azure tending to go, this machine belongs to you. Okay, so it now knows that you bought that machine specifically because of the hardware ID. And then the MDM stuff kicks in right after that. So the MDM stuff that would kick in would be like, you know, kill Quartana and do a desktop background and deploy this software and um, connect me to my one drive and all the stuff like that you would want to get to, to do. And there’s nothing for the user to do except sit there and wait for software to be installed and for the computer to be done, they just click, click next, next, next and you’ve got a machine that’s, that’s the dream. Right.

    Jeremy: <u>21:28</u> Does that dream ever match reality though? Well, there are some challenges with the dream. It does work as advertised.

    Mary Jo Foley : <u>21:37</u> Okay.

    Jeremy: <u>21:37</u> So in fairness, but there is a couple of known things that are challenges that I’m sure they’re working on kind of ironing out like the last mile problem. One of them is this idea of like, okay, let’s say you’ve got a machine that , you know, if you need to be domain joined plus plus if you need to be on prem domain joined and also,, MDM enrolled, you kind of have a little bit of a problem cause if you just drop ship it to Fred Fred’s house, Fred has no way to do, to do that domain join part because Fred can’t see the domain controller. So that’s, that’s problematic.

    Jeremy: <u>22:14</u> So that might be something that I have to iron out. Now as a stop gap measure, there’s this nifty idea called white glove, ooh white glove sounds pretty typical, right? So what does white glove, white glove is, this is my word, not Microsoft’s word, but I hope they use it. I call it an interception. Okay. So you imagine the football’s being thrown from the vendor before it gets to Fred. It goes to you. Okay. So the football gets to you, you crack it open. We know who it’s provision for already cause you’ve already married Fred’s ID to Fred and so on, like you know, the computer and then a couple things can happen. The first thing that can happen is that instead of having Fred wait for all that software to download, you just crack it open. You do the waiting for him, right?

    Jeremy: <u>22:53</u> Because the software might have been updated from the time that, you know, it could take awhile for office to install and all that stuff. So you could just like have that roll forward. And if you, intercept that computer, at a place where you can do the domain joined stuff, well then you’re able to do that and kind of, you know, move it onward to Fred. So this kinda gives you an advantage. But then you still have that that stopped. Nobody likes to have stopovers when they’re traveling.

    Mary Jo Foley : <u>23:20</u> Right.

    Jeremy: <u>23:21</u> But this is the, this is the stopover method and if that’s what you want to do, I suspect that over time this is something, I mean everybody knows that that domain join thing is problematic because you can’t see the domain controller. Who knows, maybe they’ll, maybe I’ll exercise that and work it out.

    Mary Jo Foley : <u>23:40</u> Hmm. Okay. So you’ve mentioned in a couple spots during our chat, updates and windows update. I’d like your take on how you think the Windows 10 servicing strategy is evolving and how you think it will impact or should impact IT Pro strategies around MDM.

    So I’m talking about you know, these feature updates that come out well twice a year I was going to give you months, but that’s changed over time. We used to be one month and now it’s a different month. Also just updates in general, you know, cumulative updates and all.

    Jeremy: <u>24:19</u> Well, I think what’s nice actually is I think they kind of got the memo that it’s been a pain in the neck for most people and they really backed off, which is good. I mean like I wasn’t sure, like I’m a, I’m a free thinker.

    Jeremy: <u>24:33</u> I think people tend to think problems through and they try to lead with having people’s general best, you know, best interests in mind. And so like when they sort of announced the servicing schedule, at first I was like, okay, wait, let’s see how bad it’s really going to be. And then like, okay, it turns out it wasn’t so good. Alright. So, so they really backed off on it. And just to set the stage for folks who kind of maybe didn’t get the memo and I hope I get this right and I’ll have it in front of me, but, you know, what happens, I think now is that, the big bang new features show up, you know, kind of in the fall and then kind of like, lots and lots of bugs and kind of like little low hanging fruit touch-ups show up in like March and like the spring.

    Mary Jo Foley : <u>25:17</u> It’s actually in reverse.

    Jeremy: <u>25:18</u> Thank you. I knew I’d get it wrong.

    Mary Jo Foley : <u>25:20</u> No, no, but you know, it’s been so confusing because it keeps changing.

    Jeremy: <u>25:25</u> And then one of them, one of them last 18 months, the other one last 18 months.

    Mary Jo Foley : <u>25:29</u> 18 months is the spring and 30 is the fall. So yeah, that keeps changing too.

    Jeremy: <u>25:38</u> You know this stuff right off your fingertips. Exactly right. So I think what’s good is that like this does give people who can kind of grok that schedule the ability to make decisions about how they want to you know, how they, how they want to articulate their updates. And I think it’s good for some people at your company to always be updating. I think like you don’t want to get caught on the hop to find out that your specialty scanner app just refuses to work properly. And that takes down your accounting department.

    Jeremy: <u>26:11</u> Like you should always have one guy who suffers like, sorry guys. And again, you’re the guy.

    Mary Jo Foley : <u>26:17</u> He’s the canary.

    Jeremy: <u>26:19</u> Yeah. And I go over this in excruciating detail in the book about like this idea of rings and how you can dictate a particular how you can articulate like 1% or your canaries and like 5% is your pilots and like 20% is your . Like I go into the strategy, you know that when I sat down and analyzed it and talked to folks at Microsoft and other MVPs and like what’s working, I kind of wrote it all down because like I can’t keep it all in my head and that’s why God invented paper.

    Mary Jo Foley : <u>26:49</u> So. Yep. That’s great. That’s actually a great recommendation because I know a lot of people I talk to are very confused still about how to do rings inside their company. They know they should be doing it, but they’re not exactly sure how to do that.

    Jeremy: <u>27:04</u> And there’s, and here’s the thing, I, the, one of the things that kind of caught me off guard as I was, as I was writing that part of the book was like, Hm, wait a minute. So a, there’s different vocabulary for the Office team, Windows Team, One Drive Team one drive team, and there’s another one in there. So like there are like four different things you need to keep track and they actually don’t have the same shared vocabulary.

    They actually have different, some of them have different schedules. Some of the same schedule. Yeah. Okay. So you know the advice there that’s in the MDM book actually can work retroactively for a group policy people as well because it really is the same. You’re actually manipulating the same piece of the operating system that you’re saying, which is kind of nifty.

    Jeremy: <u>27:46</u> This is actually another one of those secrets which is like people think Windows update for business or this whole idea of windows updating is this magical cloud driven service that will kind of like orchestrate when machines upgrade. It’s actually totally exactly not how it works. The way that like doesn’t seem like that’s how it will be. How it would work. Like Oh we will dictate when things update.

    No, not how it works at all. What’s happening instead is that you’re just telling your end point machines how long to wait before actually achieving an update. So it’s sorta like bulls in the bullpen and holding them back, holding back the reigns and then cutting the cord and bang, letting them go. So it’s much less elegant than like some magical orchestration that’s happening in the cloud. You just simply dictate to your client and points like, these machines have this amount of weight, this machines have this amount of weight and these, we should have this amount of weight.

    Jeremy: <u>28:41</u> And if you have no weight, well that means you’re getting it today. Right? So that would be your Canary people, so yup.

    Mary Jo Foley : <u>28:47</u> Exactly. All right. Now, now I’ve got a kind of a big question here. This is from one of our listeners, Rob.

    Jeremy: <u>28:55</u> Vague or big?

    Mary Jo Foley : <u>28:56</u> Big, Rob Copestick. So here’s his scenario. He said, I’m soon to be a manager at school that is moving to the cloud and reducing their on premises servers. Their vision is you use Office 365 and Azure AD but for the future I’d also like to move the client desktops and the laptops to a cloud managed service like Intune or similar. So my question is what is the basic infrastructure requirement to fully utilize cloud services like an MDM service? He’s actually asking, here I am, I want to get in, how do I start and how do I think about what I should do in a perfect world?

    Jeremy: <u>29:38</u> Right. That’s funny. I interpreted that a little bit differently than you did, which is good. We can talk about it. Like I interpreted as I want to go all in on the cloud.

    Mary Jo Foley : <u>29:47</u> I mean he’s like, I’m setting up from the beginning so I want to do it the right way.

    Jeremy: <u>29:51</u> Right. And I think that’s a really interesting perspective and not one that I think is common. So if you take a look at like a thousand companies, I don’t think it’s very common for a thousand companies or some percentage of those thousand companies to say like, screw it. We’re going to say goodbye to all of our, all of our on prem infrastructure and rebuild from the ground up as if it never happened, I think is common for a company that exists today or tomorrow to say like, screw it, we’re not going to build an on prem 80 domain controller.

    Jeremy: <u>30:23</u> Like that makes sense to me. Yeah. But I think it’s rare for a company to declare that they’re like, I’m outta here. Right. I don’t think that’s, that’s not super common, but it does happen. Okay. So with that in mind, the good news for him is like, yeah, you can do what I call parallel worlds here. You can literally, pretend you like have like two companies that are really running side by side that have no really no connection at all. I mean, if you really want to get out of the infrastructure business, and I do describe how to do this in the book. You can, you can take on-prem shares and make them into SharePoint, blobs basically. And then you can map a drive over to them and it’ll pretend in quack as if it were like a really like a SMB share, but it’s really happening over a SharePoint and one drive, which is pretty nifty.

    Jeremy: <u>31:13</u> So like that’s one, you know, one part of it. Then the other part is you might as well just like figure out a way to like get new machines and have a rolling upgrading, get rid of old laptops and smoke them and put new laptops in there and enroll them into MDM land. And don’t even don’t do that domain join plus plus thing, just like get them into MDM land. By the time you’re done, you know, you’re doing this rolling upgrade, you should be able to say goodbye to your on prem infrastructure provided you really have no, you know, requirements that are going to hold you back there. But again, not something I’d recommend for most people. Most people, I would say, you know, there’s, there’s value in running side by side or doing domain joined plus plus and, and so on and keeping group policy and on prem AD for various things.

    Jeremy: <u>31:59</u> If you want to go all in, I think you can do it, but, you know, be prepared for the bumps. And also remember, you’re while there are some companies that are doing it, you’re, you’re, you’re the, the, you’re moving West man, and as such, you’re gonna catch a catch a cold and they’re like it’s gonna be hard for you in some ways because some of these new styles, some of these new things,, have not, there’s some undiscovered country out there, so just be aware that, you know.

    Mary Jo Foley : <u>32:33</u> Does he need to worry about like any infrastructural components he needs to buy? Like he’s, he actually actually asked in the question about things like, do I need anything specific around a cat five network switches, routers, domain controllers. I mean, does he have to even worry about that if he wants to really kind of go Greenfield?

    Jeremy: <u>32:54</u> No, not really. I mean have nice fast wireless and there are some scenarios in autopilot, especially around signage that require, like if you want a digital signage to work with autopilot, that’s a thing you can do, which is pretty amazing. Like, Hey, I wanna not go to Duluth. I want to instead just drop ’em, drop a big old digital sign and have Joe the handyman, plug it in and do nothing. That’s a thing that’s supported in Autopilot. But in order to do that, you have to have hardware connections. So, other than that, you know, having good connectivity, hardwired and wireless.

    Mary Jo Foley : <u>33:33</u> You’re ready. Right.

    Jeremy: <u>33:39</u> Right.

    Mary Jo Foley : <u>33:39</u> All right, last question for you here. For people like Rob and others who are kind of just getting in here, what do you advise they do to learn about and keep current with what’s happening in MDM? You can recommend your own resources, but anything you want to suggest there?

    Jeremy: <u>33:59</u> Yeah, I will. Do you have show notes where you publish? We do. We were gonna publish a transcript. Yep. Okay, great. So, well there’s, I unfortunately, I don’t know what the name of the darn thing is, but there’s a, there’s a Twitter, group, I think that’s what they’re called, Twitter groups that have all the enterprise mobility MVPs that are constantly describing nifty tricks and updates and magic tricks that they’re doing. That’s a great resource I learned from the other guys too. They’re so smart.

    Jeremy: <u>34:31</u> They hurt my brain. There was way smarter than me, the other guys and gals that are on there. They are just like brilliant, super brilliant. So like I’m always learning from the other MVPs. So that’s a great resource. But again, I don’t have it directly in front of me, so I can’t exactly tell you what it is.

    Mary Jo Foley : <u>34:47</u> We can add it.

    Jeremy: <u>34:48</u> Yeah. And then, you know, like I said, following their blogs. The other one that’s really nifty is a Mike Niehaus. The guy who’s like Mr.Autopilot. Now Microsoft, he’s got this blog called, I think it’s called the OOF it’s like out of office blog or something.

    Mary Jo Foley : <u>35:04</u> I saw that too. I think he’s calling it out of office hours or something like that. Yeah, office hours.

    Jeremy: <u>35:09</u> I don’t know. Okay. I’m sure he’ll listen to this, but he is like maybe the most prolific person, I don’t know how he’s able to do his real job and his blog in excruciating detailed to like level 11 Ninja style.

    Mary Jo Foley : <u>35:24</u> I know.

    Jeremy: <u>35:24</u> And on his, not Microsoft blog about what’s happening in autopilot and so on. It’s like, it’s not fair. It’s like I want. So long story short, that’s another great one that I really like. It can’t hurt to pick up my book, which is the MDM fundaments book, which will give you a real good base hit experience about pretty much everything to try.

    If you are, you know, domain joined and want to do, you know, get some MDM love. Or if you’re like our friend with the question where you just want to wipe and start again, this will also help you. I kind of thought about that in mind. The other part about the book that is good is that it does not suggest you need any SCCM at all. Like I have, there’s no pre-recs at all to having SCCM to, to do anything at all.

    Jeremy: <u>36:16</u> So I don’t expect that you have that. Then that’s good because it’s a low barrier to entry. You know, and also in my GP answers training class, which is still mostly Group Policy stuff, it also has two big lectures on MDM as well to sort of get you, you know, killer in group policy and today land and forward-thinking about what’s happening tomorrow land as well. So that’s at my I do live training and also online training as well. Kinda think if there’s anything else that would, that’ll be helpful with, I think those are like my top ones. Like I said, the MVP list of Twitter. Mike Niehaus’ out of office stuff. My MDM book and you know, the group policy training with the side of MDM.

    Mary Jo Foley : <u>37:00</u> Great. Those are, those are all great. So thanks and thank you so much for doing this chat, Jeremy. It was really fun to reconnect with you and hear all the latest, so appreciate it.

    Jeremy: <u>37:10</u> This is great. Super fun for me too. Thank you.

    Mary Jo Foley : <u>37:12</u> Nice. And listeners, we’re gearing up for our next MJFChat right now. I’ll be posting the information on Petri and that will be your signal to send in any questions you might want to ask before we do the chat. All you have to do is go to the MJ FChat area in the forums on and submit your questions right there. In the meantime, if you or someone you know might make a good guest for an MJF chat, please don’t hesitate to drop me a note. My contact information is available on Petri. Thanks again.

    • This reply was modified 4 months ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams

    You can find the audio version of the podcast, here.

    Mary Jo Foley: 00:00 Hi, you’re listening to MJFChat show. I am Mary Jo Foley, AKA your community magnet. I’m here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJFChat is going to be all about what IT pros need to know about Dynamics 365 Business Central. And my guest today is Erik Hougaard, Microsoft Business Applications MVP. Thanks for joining me, Erik.

    Erik Hougaard: 00:39 You’re welcome.

    Mary Jo Foley: 00:40 I want to give a little introduction to what business central is, but I’m going to let you definitely do a lot more explaining beyond what I’m going to say. So let me do a little high level set here. When I think of Business Central, I think of it as an ERP system from Microsoft and the successor to Dynamics Nav, which quite a few years ago was called Navision.

    Mary Jo Foley: 01:05 It’s primarily targeted at small and midsize businesses and meant to help them manage their business. That’s why it’s an ERP system. I know you know a lot about this because you just finished writing a book about this, “All About Implementing Business Central, Your Field Guide for Dynamics 365 Business Central” is the name of it. So let’s start at a really high level and then zoom down into product specifics. Let’s talk about just dynamics in general, and kind of where Business Central fits in from your perspective and how Microsoft is evolving its Dynamics vision.

    Erik Hougaard: 01:48 So Dynamics kind of have been the label that Microsoft has put on all the business offerings. From my perspective, perhaps a bit more confusing than helping. So there was a bunch of applications that are all named Dynamics Business Central is of course one of them. The one that’s close to my heart. Business Central is just the next version of Nav. So Dynamics Nav, the last version we had that was Dynamic Nav 2018 instead of getting Dynamics Nav 2019, we’ve got Dynamic 365 business central. I think that the primary reason for the name change was the fact that this was now both a cloud offering and a on-premise offering. The dynamics moniker is kind of confusing because we used to have so briefly, Business Central was also known as Microsoft Dynamics 365 for finance and operation business edition, the longest products name you can imagine.

    Erik Hougaard: 03:05 And other products, the old Dynamics AX was known as Microsoft Dynamics 365 Business for Finance on operation enterprise edition. Two completely different products with almost the same name. On top of that, there are the other members of the dynamic family does the one that’s often just gets to use the just Dynamics, which is the, the Dynamic CRM product now called, Customer Experience Dynamics 365 for Customers Experience, which is the old CRM product. And the old CRM product has kind of been split into different areas. So hence the new naming scheme. Still also part of the Dynamics family, even though they’re from a technology perspective, none of these are really connected at the lower level. We have Dynamics GP, which is the great plains product. And we have Dynamics SL, which is the old Solomon product.

    Erik Hougaard: 04:19 No body talks about the last one ever. But GP is out there getting new versions and is still thriving. So the landscape is very confusing and for the longest time, people would just say Dynamics and you have to figure out, okay that guy used to be an AX guys, so he’s talking about it’s a price division and this guy girl was in a CRM. So that’s why she’s probably talking about CRM and so on. But now, especially when we would business sense or we don’t no longer say Dynamics, just say business central. The dynamics 365 for finance on operation business. Oh, sorry. Enterprise edition is now just called FNO, financing operation. So the Dynamics name is kind of taking a back seat suddenly.

    Mary Jo Foley: 05:18 Yeah. You know, it’s interesting because I was saying this to someone recently. I’ve covered Microsoft almost 30 years and of all the product lines at the company right now, the one I have the hardest time keeping up with is Dynamics. And I think part of the reason is because the names do keep changing and the licensing is changing and the pricing is changing. But Microsoft seems to want to kind of gloss over that because they always say, you know these are products for business decision makers and they don’t need to know all these things that you’re very obsessed with in terms of, you know, how we’re doing something in a product line and how we’re not doing it in this other product line. But I dunno, I talked to partners and I talked to people like you, and I’m glad to see, I’m not alone in being very confused.

    Erik Hougaard: 06:09 I understand that, but there are of course great integration between them. So When I’m inside Business Central, I can read and write data from the CRM product as if it was my own database. There are great ways of doing a integration. One of the more publicized ways is, well it has many names right now. It’s called the CDS, the common data service.

    Mary Jo Foley: 06:50 Let’s come hold on that one. Let’s hold, cause that’s a topic I’ve also been trying to make sure I understand. CDM CDs. So hold on to that thought. Let’s stay high level first. So you, you talked about the names. I know as of tomorrow, October 1st Microsoft’s changing yet again. Some things around the Dynamics 365 licensing. They’re doing away with some of the plans, quote unquote, that they have been selling and it seems like they’re moving from this one size fits all approach to more individual app based licensing. How does that affect business central? Does it at all?

    Erik Hougaard: 07:32 No, not really. It looks like our license model is more or less the same. They have recently added a new license side, which is a device license. So the foundation in Dynamics licensing now is basically Office 365.So, just like you, you get a license to run Office or Visio or any of these things, you also get Dynamics licenses through the same portal. That means of course, that uses our, what in in the technical terms are unnamed users, which is a change from when, when in in NAB where we worked with concurrent users. So you will license your system to 25 users and that will mean 25 concurrent users no matter how many people you created in the user table. Now it’s named users. That has been a challenge in certain scenarios like a point of sale, shop floors and stuff like that where you have a machine that will get operated by multiple people.

    Mary Jo Foley: 08:58 Sorry, does that mean that’s device model based?

    Erik Hougaard: 09:02 Exactly. So you can get a device license for, for Business Central for the point of sale market, which is actually quite big. Nobody really knows that. But one of the most successful add ons created for business centrals are actually point of sale systems.

    Mary Jo Foley: 09:27 Okay. Huh. I didn’t know that. Alright, interesting. One other high level question, when you think of who is Microsoft’s biggest set of competitors right now for business central, who do you consider to be in that group? I mean, whenever I think of who competes with Dynamics, I always think of Salesforce. But I know in the SMB space there may be some additional players too, right? Like maybe NetSuite is in there.

    Erik Hougaard: 10:01 Netsweet is certainly in there. Sometimes the Dynamics products also just competed with themselves, I guess the old IBM marketing model, right. But of course the offerings in the very low end, like a QuickBooks and stuff like that. We see them. It’s interesting because every big company usually starts out as being small. So when you’re just one or two people and you’re starting your new business these ERP, enterprise resource planning, might not be the right fit for a small business. So at some point you need to upgrade your ERP system, the system that basically controls your company. Of course QuickBooks and other offerings in that area will try to keep the customers because Hey, now they’re getting more users and more complicated. So now they are actually become very good customers or have so that they are trying to retain users on that level.

    Mary Jo Foley: 11:33 Yeah. That’s funny. It’s funny you say they compete mostly with themselves because for people who, listening to the chat who may not know the history, which Eric knows better than me, Microsoft bought all these, he was referencing earlier in the chat, all these different ERP and CRM companies, they bought exact and division. I’m Solomon. And then at one point, I forget how many years ago this was, everyone thought they were trying to kind of mix them all together and made it make a common platform, but continued to sell the four different lines. It was this thing called project green that Microsoft was trying. Yeah. Do you remember that?

    Erik Hougaard: 12:08 So Microsoft bought Navison in 2002. Navision Had two products. They had the product cultivation and the Axapta and those two turned into Nav and AX. My strange accent is because I’m actually Danish. But going back to that time in Denmark, just before Microsoft, bought Navision, Navision was actually the product of a merger between the old organization and a company called Danguard who created Acceptor. And Navision and Acceptor used to be the fierce competitors. Those were basically the two ERP offerings in Denmark. They had together, they had almost entire market, and you know, suddenly they emerge, and I could start making quotes from Ghostbusters and stuff like that, but it was really, really strange. But of course, the intention was to be attracted to getting bought by one of the big players and it turned out to be Microsoft.

    Mary Jo Foley: 13:28 Yeah.

    Erik Hougaard: 13:29 And then they bought Great Plains at the same time almost and project green started with, okay, let’s, let’s take all the things that we have, merge them together and create one product to rule them all. But it doesn’t really work that way. So in the end they could not create something that was better than the individual offerings, right. Because the different products cater to different types of customers. So different scenarios and I don’t think we see that very often now in the IT industry that the one solution to cover everything doesn’t really work anymore.

    Mary Jo Foley: 14:16 That’s right, that’s true.

    Erik Hougaard: 14:17 People are much more, they rather have the right solution for solving one problem. Then do integration and data exchanges and stuff like that. And rather, than trying to get one solution to all problems, it doesn’t exist.

    Mary Jo Foley: 14:36 That’s true. The old days, I think people did think that was a better idea, you know, just have one overarching solution. Then you could update the code base thing one time. I agree with you that people have, maybe they’ve become more sophisticated or the is, I don’t know.

    Mary Jo Foley: 15:27 But anyway, we were talking about the history, just the whole mess around that and, and such, but I think we’re good on that topic. Now I want to get a little more specific into Business Central. We know it’s an ERP suite. We know it’s mostly geared toward SMBs. I’m curious about some of the bigger parts that Microsoft is trying to work into the Dynamic Suite and how they apply or don’t to Business Central. So one of them is something that you raised at the start of the chat, which is the Common Data Model, Common Data Service. I wonder if you could explain that a little because I have a terrible time explaining it and um, whether and how it applies to business central.

    Erik Hougaard: 16:54 The easiest explanation is to give it a different label and call it a data warehouse.

    Mary Jo Foley: 17:01 Okay.

    Erik Hougaard: 17:02 So this common database that goes across certain offerings, you can use that to replicate data from one system to another. And you can use that to as a basis for creating reports that goes across systems and so on. Business Central is not a very active participant in the CDS.

    Mary Jo Foley: 17:35 Do you think it will be? Or is it not the right product for being part of that?

    Erik Hougaard: 17:42 I’m certain that it will be, but, but maybe reality has also caught up with the whole need to app actually replicate the data because if I power up Power BI today, I can grab data from Business Central and I can grow up data from CRM and I can grab data from a ton of the third party applications and Power BI will do the magic behind the scene without actually the need for this data warehouse concept. So all the things that we want to do, we can already do them without actually being I would say a first class member of the CDs.

    Mary Jo Foley: 18:35 Okay. Do you think at some point Microsoft will make changes to try to encourage more of the Business Central users to use CDs?

    Erik Hougaard: 18:46 Certainly, certainly because there’s a lot of, there’s a lot of intriguing options here that actually has nothing to do with your P or CRM, but has to do with the rest of the Microsoft stack. Meaning that when you in Excel to be able to just, Hey, I want to grab our employee list, I want to grab our items or if you are in Word and want to do a merge mail merge thing or if you’re in Outlook andyou need the email address of a certain customer and so on. So the CDs is, I think it’s a very interesting offering to enrich the rest of the ecosystem with all the knowledge because that’s one of the things that, that ERP systems has often been being looked down upon. That is it usually very close. So there’s lots of information inside the ERP system, but sometime it can be really hard to get to it. I think the CDs has the promise of liberating a lot of data and making it available broadly. I can see a lot of a neat solutions based on that.

    Mary Jo Foley: 20:14 What about Power Platform? You know, Power apps and flow and Power BI, do those have direct connections to Business Central the way they do some of the other Dynamics apps?

    Erik Hougaard: 20:25 Yeah. So the Power Platform is fully integrated with Business Central. Well Power BI is not only integrated that way, but actually inside Business Central we have power BI reports directly available. So when you start up, if you sign up for a trial version of business central, and first time you log in on the, the front screen there’s actually a report right in the face. So it’s really well integrated. Two or three years ago at Built they announced the Power BI embedded edition, which Microsoft is certainly using themselves a lot. So the fact that you can, you can embed power BI into our products that’s being heavily used now.

    Mary Jo Foley: 21:22 Okay, that’s good to know.

    Erik Hougaard: 21:24 The very neat thing about the power platform is that they have separated what they call the connectors out to be a kind of a common thing. So as long as there was a connector to a certain data source, that connector can be used both by Power BI and Power Apps and Flow. It just works. It’s really neat.

    Mary Jo Foley: 21:55 Hmm. Nice. Okay, that’s good to know about. Let’s delve into some of the topics you talk about in your new book about Business Central. I was looking through your table of contents and I saw one that was very interesting to me. It said, how do you customize Business Central the right way? And I assume that means there’s a wrong way too, what would you suggest to people thinking about that?

    Erik Hougaard: 22:22 That’s a loaded headline. Navs role to fame has been its ability to be customized. Any software can fit a company that is really operating textbook, but as soon as soon as somebody is doing something unusual, then they need software support to support unusual. That means customization somehow. And Nav, because the way Nav is constructed is actually that Nav at the lowest level is just a development environment. That was one compiler and all the development features and Nav is then actually written in itself. And so, so is Business Central is just a new version of nav. So we as consultants and developers, we had have the ability to change everything in Nav.You could say that it’s open source, but that’s really not the right term.

    Erik Hougaard: 23:37 Although there are actually now with this central moving to a lot of the stuff, are open source. But we change anything and we did, there are customers out there running Nav with a totally customized system that is so different from what Microsoft offers that, it’s hard to imagine. The problem with that is that it’s very very difficult to operate, right? Because if you have customized the system really, really heavily and then you need to apply all those customizations to a new version, which is expensive and takes time. And so a lot of customers have been stocked on old versions, you cannot take that concept into the cloud because when you’re in the cloud, you need to update regularly to just, you know, security fixes and competitive things and you need to keep all your cloud tenants more or less the same for you.

    Erik Hougaard: 24:44 You’re not really supporting 25 versions in the cloud. You need to support one or two. Right. So Microsoft came up with a new way of doing customizations in business central that would allow operating without breaking customizations. And the other way around would allow customization that will not break the base system. But there are some unique differences that you need to think about when, when you’re actually doing customization. You need to work with the system, not against the system. But the new development environment, which is now actually based on Visual Studio Code and it’s very modern compared to what we used to have is really really good. I have yet to see something that cannot be done in the new system that we can do in the old system of things, we should do because there are a lot of stuff that, that we did in the old versions that we shouldn’t do. In reality that was a bad mojo.That was not good.

    Erik Hougaard: 25:58 I guess it’s evolution. The book covers that. Also there’s a bunch of things that customers can do before actually turning to a developer and consultant and getting real customizations. The system is highly customizable just from a customer perspective.

    Mary Jo Foley: 26:31 Ah, interesting. Okay. Then you also have a chapter in there I saw about whether to deploy Business Central in the cloud or on prem. I wouldn’t have even, I guess I wouldn’t have even considered the possibility of putting Biz Central on prem only. But I guess there must be some reasons you still might want to do that.

    Erik Hougaard: 26:52 Well first of all it’s the same product, that’s quite unique. I don’t think there’s actually any other offering , I know of, where the cloud offering and the on prem offering is the same piece of software, the exact same bits that will power and an on-premise, is also what powers Microsoft’s cloud, which that’s quite unique. From a technical perspective, Microsoft offers the existing Nav installations that are running on prem have a operate path so they can just upgrade to Business Central on prem and continue to work the way they used to. And at some point they can move to the cloud when they’re ready, if they want and all that. But there are, there are still some scenarios where cloud is just not an option.

    Erik Hougaard: 27:54 Cloud needs connectivity. So there are still a lot of places where connectivity is not that great.

    Mary Jo Foley: 28:02 True.

    Erik Hougaard: 28:02 I know of several nav installations running on cruise ships. Just an interesting, interesting example, where there’s no connectivity. There’s also still people who believe that it’s safer for them to run the system offline.

    Mary Jo Foley: 28:31 They may have certain compliant requirements.

    Erik Hougaard: 28:31 Yeah. Yeah. There are certain things that we cannot do in the cloud, that we are allowed to do on premise installation. So when we’re running in the cloud, we are of course not administrators on Microsoft server in the cloud. So we have those certain things that we cannot do, from a technology perspective that we allow to do on-premise.

    Erik Hougaard: 29:09 Because Hey, we can, we can write a file to a server if we’re running on-prem, we cannot write a file to a server in Microsoft cloud because that’s not our disc system. And if so there are certain technical scenarios where, okay, on-premise actually smarter, but I think with the release in the spring, the April release, cloud became default. So cloud is default. What would be the reason to go on-prem? I think the question flipped at that point where people before they were thinking, okay, on-premise default, what could be the reason to go and into the cloud?

    Mary Jo Foley: 29:55 Yeah.I see.

    Erik Hougaard: 29:58 But these systems like one of the reasons that Office 365 rose to fame was the fact that exchange was becoming bigger and bigger and more and more complicated. So if you had a couple of hundred users, you will suddenly have 7, or 8 exchange servers running to cover the entire functionality. And they were really, really complicated. And if you have seven, eight servers, then you need to a guide to maintain them and all that. So with the pieces and it goes the same way that you have a bunch of things that need to be configured and kept running and so on. So it from purely from an IT Pro perspective, Hey, let somebody else handle this and I’ll just maintain my users and all that through the office admin, just like I basically maintain my exchange server that Microsoft is, is keeping running.

    Mary Jo Foley: 31:03 What, what about the wave two set of features that start rolling out in October for this next set of features coming to Dynamics 365? Is there anything specific or something you want to highlight? That’s about Business Central that people should be thinking about deploying over the next few months that they don’t have now.

    Erik Hougaard: 31:23 So, so Business Central wave two is interesting from a tech prospective that this is the first version where Microsoft has actually switched the development of the base product from the old development environment to this new one. But in the same time, they’re also actually, stop supporting the old windows clients are now the web client is declined. So from a tech basis, we’re getting rid of a lot of legacy staff and then it’s 100% full fueled by the new tech. That has been the biggest change in that we’ll see tomorrow in wave two. But an end user will not really see that because who cares? But compiler compiled the system from that aspect. What end users we’ll see tomorrow is a bunch of productivity changes, fixes, improvements. So the system is faster, the system is slicker, there are more keyboard shortcuts. The client experience has really been improved and, it’s just way more pleasant to work with. But, but from a feature perspective, looking at purely from the end user point of view, it’s not a big release. The effort from actual Microsoft’s side has really been on making this technology change.

    Mary Jo Foley: 33:16 Okay. So last question for you. What else, if anything that we haven’t talked about do you think is important for IT Pros specifically to know about Business Central?

    Erik Hougaard: 33:30 I think that the most important thing to know is a small website called AppSource. So, so the way it happened going back just a couple of years is that whenever you wanted something different in your system, you would contact me ‘oh Erik, I need the system to do this.’ And I would figure out if somebody else had a product that I could kind of use for that put onto the system or I would program that functionality and give it to the customer. Now we have AppSource and AppSource is basically as the noun suggest an app store for Business Central. It works just like on your phone. You click the marketplace and you scroll browse and then so that’s a nice app. You click on that, it will install it into your system and it’s there ready to go. If you don’t like it, you remove it again. So there’s a whole new way of getting features into your system, third party features, without all the hassle, without any technical operations. So on. And I really think that going forward, this will completely change the way that people look at their ERP system. Because, ‘Hey, I have a credit card processing feature in and I don’t like it. There’s another one in AppSource, let me try that out.’ That would never happen in the all old on prem world.

    Mary Jo Foley: 35:20 Right, right. The whole idea of using an app store to add things into ERP and CRM, it’s very different from like adding it onto your phone as a phone app. Right? I mean, at least conceptually it is different.

    Erik Hougaard: 35:33 People need to get the heads around that, that suddenly what they used to on the phone, they can actually now do in their business applications.

    Mary Jo Foley: 35:42 Right? Good point.

    Erik Hougaard: 35:45 So I think that’s the most, I really like it and what I’m doing and lots of other people are doing right now is of course that we’re either, it’s already there or we can only adding our IP to AppSource to make it available this way. This is only gonna accelerate just like the, the app store has done on, on most platforms.

    Mary Jo Foley: 36:16 Right, exactly. We won’t bring up the ones where it has not been great. Well thank you so much for doing this chat with me, Erik. I think it’s really great to have somebody who’s an expert on Business Central and Dynamics to join in and very much appreciated.

    Erik Hougaard: 36:32 Thanks for having me.

    Mary Jo Foley: 36:33 You’re welcome. So we’re gonna make this chat available very soon in audio form and the full transcript. Just go to and about. I’ll be posting the information on Petri and that will be your signal listeners to send in any questions you might want to ask before we do the chat. All you have to do is go to the MJFChat area in the forums on and submit your questions there. And in the meantime, if you or someone you know might be a good guest for an MJF chat, please do not hesitate to drop me a note. My contact information is available on Petri. Thanks again.

    • This reply was modified 4 months, 2 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: Learning to love the social spotlight (for IT pros) #623711

    You can find the audio playback, here.

    Mary Jo Foley: <u>00:00</u> Hi, you’re listening to MJFChat show. I am Mary Jo Foley, aka your community magnet. And I’m here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJFchat is going to be all about how it pros, introverts included, can learn to love the social spotlight. My guest today is Harjit Dhailwal, a senior, CIS admin and tech evangelists. Many of us call him Hoorge, which is his self appointed nickname. Welcome Hoorge.

    Harjit Dhaliwal: <u>00:43</u> Hi. Thank you.

    Mary Jo Foley: <u>00:45</u> Yeah, thanks for joining us on the chat today.

    Harjit Dhaliwal: <u>00:48</u> Yeah, no problem. This is a pleasure.

    Mary Jo Foley: <u>00:51</u> Thanks. Great. So I was trying to remember how I met you and I think it was maybe an Ignite or two ago and you were one of the community reporters and that’s how we first met in person. Is that how we met?

    Harjit Dhaliwal: <u>01:05</u> Yeah, I think, right? I think so. I know you and I have connected over Twitter and stuff like that over the years.

    Mary Jo Foley: <u>01:12</u> Yeah. Definitely.

    Harjit Dhaliwal: <u>01:13</u> Okay. Yeah, we have a few years ago I was one of the first batch of the community reporters at Ignite. I think there were like 10 of us, so I was busy doing that. But at that particular Ignite, I was also given a responsibility of managing the tweets for Ignite on the live show on day one. That’s where we met because you were planning to do a show as well on the big stage right. I did it again last year. I was also on stage last year as well.

    Mary Jo Foley: <u>02:02</u> I saw you there.

    Harjit Dhaliwal: <u>02:02</u> So hopefully maybe I might do that again this year. Who knows.

    Mary Jo Foley: <u>02:07</u> Oh nice nice. Yeah, I was thinking you would be the perfect person to talk about social because I’ve seen you in action at places like Ignite and , you always seem to be having fun yet networking and doing a lot of things like managing the Twitter account. So I thought you would be the perfect person to give us some tips and tricks.

    Harjit Dhaliwal: <u>02:27</u> Thank you.

    Mary Jo Foley: <u>02:29</u> Yeah. So before we even start though, I need to hear the story behind your name. Hoorge like where did that come from? Cause that’s kind of your social brand at least on Twitter, right?

    Harjit Dhaliwal: <u>02:41</u> Well it has to become a social brand and you know, and a lot of people are telling me, well a few of my friends are like, hey, why don’t you change it? You know, it sounds so weird and stuff like that. And part of me like says, yeah, okay, I’ll try to change it. Even though at @harjit it’s actually taken by someone was just holding that account, but is not using it.

    Mary Jo Foley: <u>03:02</u> Oh really? That’s too bad.

    Harjit Dhaliwal: <u>03:05</u> So the way it came about is that I was living in Montreal many, many years ago an, I was working at a pizza place and stuff like that. One of the guys who was working there and we became friends and he just had a hard time pronouncing my name, you know, every time he just kept mutilating it. And one day he says, you know what, I’m just going to call you Hooch. That’s what he said. Everyone once in a while he would come around and say “hey Hooch baby, Hooch baby”

    Harjit Dhaliwal: <u>03:41</u> No, I think it was around that time when I created my Twitter account. I’m like, what do I want? I want like sky dog or do I want this or that. I said, oh, just go with that. And then that stuck with me now.

    Mary Jo Foley: <u>03:52</u> Oh Nice. Nice. That’s a good beginning because it is hard sometimes if you have a certain name to get your own Twitter handle. I was lucky to get my own name, but that doesn’t always happen.

    Harjit Dhaliwal: <u>04:05</u> No. And I was, I’ve been trying to get the other name back, but it’s a tough process with Twitter. So I kinda gave up.

    Mary Jo Foley: <u>04:12</u> definitely, yeah.

    Harjit Dhaliwal: <u>04:16</u> I created with this handle that I have now that handle that I have now, I’ve got t-shirts.

    Mary Jo Foley: <u>04:21</u> Oh, you do? That’s nice. You can’t go back now, you gotta keep it.

    Harjit Dhaliwal: <u>04:21</u> Yeah yeah.

    Mary Jo Foley: <u>04:21</u> Okay. So now that we’ve got your name all figured out here, I thought it would be good to start out by saying why you think it’s important for it pros to try to build their own social presence and their brand. I mean, because if you’re an IT Pro, you know, many people are kind of like reporters. I feel like you’re content to kind of be behind the scenes and be doing your job without being out in the limelight. But why do you think they should not just sit back and instead should try to build up their personal brand?

    Harjit Dhaliwal: <u>05:05</u> I think for me, from what I see when people are doing it and with encouragement from someone like me is that it really opens up a the doors for networking. You really start, you know, knowing who’s who in the industry, they get to know who you are, your credibility starts building up. That may be something very small that you, I think if not valuable for the community at large, but you’ll be really, really surprised that something very simple that you do at your work or, you know, in your private life, people would actually, wow, I didn’t know that, that is exactly what I’ve been looking for. I could use this. And it’s like building friends. It’s friendship. It opens up doors for your, you know, career prospects, stuff like that too. So I feel like it’s a really strong networking beast. Every platform has different pros and cons to it.

    Harjit Dhaliwal: <u>06:07</u> You know, Facebook has a set in, you know. Yeah, yeah. I think that’s, that’s, that’s why it’s important. Even though the, you know, we have thousands and thousands of IT professionals and you know, around the world and stuff like that. But when you come to the social aspect of it, you know, it’s, it’s pretty small, you know, and you really know who’s who in the industry and you get to see them. It’s really a lot of fun. When you go to conferences or events and you’re running into each other like, oh, you are the one that I’ve been communicating with, or you know, things like that. Right? Like just how you and I met.

    Mary Jo Foley: <u>06:53</u> Yeah. No, I think, I think you’re right. Even if you feel like it’s outside your comfort zone, once you do it a few times and go up to people and say, Hey, I know you from Twitter, it gets less weird. Right?

    Harjit Dhaliwal: <u>07:07</u> It does. It does. I also feel like once if you started your own, you know, branding progress and things like that, you start, getting yourself out there, the whole celebrity factor that you feel like some people have out there that kind of diminishes. You’re feeling everybody, everybody’s equal. You’re still a human being. You have skillsets. I’ve got skillsets. I know it doesn’t matter whether you’re a Jeffery Snover or right, or whoever you are. At the end of the day, that just goes away and become a very normal environment.

    Mary Jo Foley: <u>07:50</u> yeah. I think you’re right. I grew up before social media was really a thing and I always think back how much easier it would have been on me to have had it in my life because I was super shy growing up and I didn’t have a lot of friends and I had trouble meeting people and I feel like wow, if, but if I had had Instagram and if I had had Twitter, you know, and even if I didn’t actively participate, I feel like I would have had a much easier time kind of breaking the ice.

    Harjit Dhaliwal: <u>08:19</u> Right, right, exactly. And Yeah.

    Mary Jo Foley: <u>08:24</u> Okay. Let’s think of somebody like an IT pro who has no real social presence out there. They might have a Twitter account, they might have a Facebook, they aren’t really active on them in the industry. If you were saying, here’s the first thing you should do, here’s the first step you should take. What would you say to the person?

    Mary Jo Foley: <u>08:44</u> So I would say the first thing you should do is definitely get an account on Twitter.

    Mary Jo Foley: <u>08:48</u> Right.

    Harjit Dhaliwal: <u>08:49</u> Set up your accounts. Don’t even go with Facebook and stuff like that. Just start with Twitter, it is really, really one of the best social platforms out there it’s very short. It’s sweet. There’s not really any drama associated with it. It’s very professional if it’s used, right? So start, with your account, create a profile, put your picture, all that stuff. I have a nice description too. Like what you do, who you are, what are your skill sets, things like that. And then next thing you do is you start following some people that interests you. You could follow me, someone could follow you, right? Or And things like that. And then you start looking at who they a following as well.

    Mary Jo Foley: <u>09:39</u> Right,

    Harjit Dhaliwal: <u>09:40</u> So you follow the key people and then you start looking at who they’re following, and who follows them. And you start building it that way. Like, Oh wow, you know, MJ is actually following this person and this person and this person, they must be something valuable too. They must provide something.

    Harjit Dhaliwal: <u>10:02</u> This person that she’s following shares a lot of stuff about Azure, which I’m really interested in or shows a lot about system center. Oh, this one does a lot of photography. Oh my God, that’s something I’m interested in, you just go on that way, you know, and you’ll start building slowly. Suppose you’re a consumer, right? You’re just consuming content out there and things like that. And then as you go along, you start, it’s always good to give back, you know, hey, I found this great article from whatever, post it out there and people will start saying okay, they are starting to post some interesting stuff that is worth following back.

    Mary Jo Foley: <u>10:49</u> Yeah. Okay. Yup.

    Harjit Dhaliwal: <u>10:50</u> That kind of a thing. So the way I kind of got into, the stuff is that, I started sharing a lot of information, especially at conferences and I wasn’t just doing it for myself. Well actually at first I was doing it for myself and then when I realized the impact that he was bringing to the community when people were stopping me and saying, wait, hey, you know, you were taking notes in that session and I really appreciate you tweeting the notes.

    Mary Jo Foley: <u>11:22</u> Yeah.

    Harjit Dhaliwal: <u>11:23</u> And I’m like, really? I was just doing it for myself and I was like, okay, this is working. People really want information, you know?

    Mary Jo Foley: <u>11:31</u> Yup. I know. I guess so that’s funny you do that because I also do that at conferences too.Instead of like live blogging it, a lot of times I’ll just pick out certain snippets from keynotes or conversations that I have people that are on the record and I’ll tweet them out. And at first I felt shy doing it. I was like, ah, this people are going to think I’m weird, right? Like it’s going to blow up their feed. And then they’re going to be like, Oh, who is she? I gotta shut her off. But instead it had the opposite effects and people really seem to like it. I’m surprised.

    Harjit Dhaliwal: <u>12:05</u> And then, and you know, you, because you’re giving them something that they, they, they missed out or they didn’t hear about or they’re like, oh really, they’re going to be doing this at this place or, you know, they’re getting the free gifts over at, at such and such a booth, you know, whatever.

    Mary Jo Foley: <u>12:20</u> Right. Yep. Great.

    Harjit Dhaliwal: <u>12:21</u> So the way I do what I do at conferences is, I basically when I go sessions and stuff like that, I take notes through Twitter. People are always surprised. Like, how do you take notes to Twitter? I’m like, I don’t bring a laptop. I don’t bring notepads. I don’t do any of that stuff. I just bring my phone and extra battery, because I am always draining my battery on my phone. So what I do is like, for example, like if you take, Ignite, right? Microsoft ignite, every session has a code.

    So BRK1234 whatever it is. Right? So you start and you’ll see a lot of speakers would encourage, hey, this is my Twitter handle. Please tweet, you know, any questions or things like that. My co speaker will monitor tweets, while the session is going on. And then, you use the Hashtag and you put a Hashtag in front of the code. That becomes your, your notes. So normally the, you are tagging stuff with that Hashtag you have other people in the sessions doing the same thing. Then when you come home and you do a search for that particular Hashtag and you’re getting everything that was discussed. Okay. So that’s your notes right there. And then you do whatever you want. That time I’m sitting in sessions and I miss out on stuff because I wasn’t paying attention. And then I’ll look, I’m like, oh my God, the speaker said such and such. Oh, I’m glad. So and so picked it up, you know.

    Mary Jo Foley: <u>14:02</u> Exactly, Yep. Or sometimes they, even if I’m at Ignite and I’m in a session that I’m like, ah, I dunno, I’m not really getting a lot out of this session and I suddenly see a Hashtag come up that’s more something I’m interested in. I’ll be like, where is this person? And then I’ll see the session like you said, and then I’ll be like, wait, it’s the room next to me and I just get up and try not to be rude.

    Harjit Dhaliwal: <u>14:24</u> Yeah you dash out and go to the other one.

    Mary Jo Foley: <u>14:24</u> Yeah. Exactly. So I’m always happy when people do that too. You know, I don’t want them to do every single word that somebody says, but if there’s something interesting like a fact, a product name, a code name for me especially.

    Harjit Dhaliwal: <u>14:38</u> yeah, something surprising. Right. You know, like, Oh wow, that’s this new announcement for something that’s coming up after the conference or something, you know?

    Mary Jo Foley: <u>14:49</u> Yup. Yup. Yup. I liked a lot. Do you use Instagram at all too for social branding and now you do?

    Harjit Dhaliwal: <u>14:57</u> Oh, yes. So I use Instagram mainly for my creative portfolio. I don’t post anything and everything like a lot of other people do, you know, like, yeah. Food and yeah, whatever. I’m very creative when it comes to my Instagram. I do a lot of creativity stuff. So I’ll capture some pictures and then I’ll use some apps to, you know, adjust the pictures or you know, create some, artistic output out of them. And then I’ll post that to my Instagram. So that is something like when I’m, in a group of likeminded people. You know, when we are talking, we’re sharing about oh, here’s my painting that I did. Or I’m like, Oh, here, look at my Instagram now. These are my creations.

    Mary Jo Foley: <u>15:47</u> Nice, Nice. I don’t follow you yet on Instagram, but do you want to share your Instagram name?

    Harjit Dhaliwal: <u>15:58</u> @harjit

    Mary Jo Foley: <u>16:02</u> Okay. Yeah. And one of those annoying. I don’t do any work. I only, I only do food and cat’s pretty much and beer .

    Harjit Dhaliwal: <u>16:13</u> I know some people that just focus on food and that’s what they do. And they build a brand that way. Some people just focus on black and white images and they do really, really well. So you can just pick something and stick with it. Right. And people just do sunrises and sunsets and you know, that’s okay, you know.

    Mary Jo Foley: <u>16:36</u> Yup. Yup. What about Linkedin? Do you use Linkedin for social at all?

    Harjit Dhaliwal: <u>16:41</u> Yes. Oh yes. I use Linkedin quite heavily. I never used to in the past, maybe let’s say maybe two, three years ago, you know, cause for me, Linkedin was very much a you know, professional portfolio, right? Where you work, where you went to school, you know, a small kind of that way. But what LinkedIn decided to do is that they started turning it into more of a social a tool and more like a Facebook .

    Harjit Dhaliwal: <u>17:14</u> Now you can start, uh, you know, creating articles which gets tagged to your profile on your, on Linkedin. You can do certifications and stuff like that and you know, those things will show up in your Linkedin. I post a lot of stuff that I post on Twitter as well. I posted some of those, not everything, but some of those in, in sort of my Linkedin wall and that gets shared out and things like that. So because some people don’t want to be on Facebook.

    Mary Jo Foley: <u>17:42</u> right.

    Harjit Dhaliwal: <u>17:43</u> So they’ll use Linkedin.

    Mary Jo Foley: <u>17:47</u> Even though it’s owned by Facebook, people feel more comfortable on Instagram.

    Harjit Dhaliwal: <u>17:51</u> Instagram is owned by Facebook. Yeah. Snapchat, you know, I’m on, I’m on everything, you name it.

    Mary Jo Foley: <u>17:59</u> Oh Wow. Are you really?

    Harjit Dhaliwal: <u>18:03</u> Yeah.

    Mary Jo Foley: <u>18:03</u> That’s a lot to manage. How do you, how do you manage all that? Because I’ve kind of picked three spots I’m on and that’s about it for me. I can’t do everything.

    Harjit Dhaliwal: <u>18:14</u> So snapchat, I use it occasionally with my kids, you know, cause that’s the platform that they are on. And this is really important to mention because I also volunteer with an exchange student organization and we’ve got students coming in from all over the world. Right. You know, we’d host families and things like that. So one of the issues that they face is that communication with these, with these exchange students, they don’t like emails. They will never check the emails, they can never get them on the phone. And they also usually don’t do Facebook. You may be able to get them through Facebook messenger. So you’re like, okay, how did we communicate with these students and say, hey, we got a meeting coming up, a mandatory meeting that’s on two weeks from now or whatever. Right. So I said, they are all on snapchat. Get on snapchat. Yeah, surely enough it started working. Snapchat is one of them. WHATSAPP is the other one that they use excessively. Right. So you have to use those tools full, you know, for the, for the right audience. Right. Instagram is for different type of a demographics and stuff. So that’s why I’m into everything, you know.

    Mary Jo Foley: <u>19:37</u> Right. I’m curious, do you think becoming a Microsoft MVP also is something people should aspire to if they want to build their social brand? Cause I know you’re, you’re an MVP, right? For configman?

    Harjit Dhaliwal: <u>19:51</u> yes. But I do configman, but my MVP is on the Windows.

    Mary Jo Foley: <u>20:01</u> Oh, okay. Gotcha. Let’s see. So do you think that is something that should kind of be your ultimate goal if you’re somebody who’s building your brand? Or do you think it’s not really necessary to think about becoming either an MVP or you know, somebody who’s speaking professionally on the circuit?

    Harjit Dhaliwal: <u>20:20</u> I think it all goes hand in hand. It is important. One is if you’re trying to become an MVP, which you should, I mean it really does open up a lot of opportunities. I found I’ve been really blessed with this. You know, I’ve, I’ve spoken at many events, conferences and I get companies will reach out to me too, try test Products and write about it, give them feedback. So many different things like that and you know, you get some freebies and whatnot, but in order to get to that point, you have to get your name out there. So people need to know who you are and what you’re contributing. Right. Cause that’s what MVP, it’s a community based thing, right? So if you’re not really contributing to the community, you don’t really have a blog post in a blog site. I mean you don’t have Twitter and stuff like that. You’re nobody, you’re not going to get there. So it kind of goes, you want to aspire to be an MVP, then you also got to try to be a social, you know, do some networking.

    Mary Jo Foley: <u>21:32</u> Social is the first step if you want to go further. Right?

    Harjit Dhaliwal: <u>21:38</u> Yes.

    Mary Jo Foley: <u>21:39</u> Yup.

    Harjit Dhaliwal: <u>21:40</u> And also at the end, once you get your MVP, now what, well the whole game is that you are supposed to help the community. How do you help the community then not actually doing oh, I have a social presence. It would be hard.

    Mary Jo Foley: <u>21:54</u> And it would be hard and maybe impossible. There’s another channel you have that I forgot to mention, which you do a podcast too, right?

    Harjit Dhaliwal: <u>22:05</u> Yeah. I’ve got 2. I have Video cast with my good friend that’s just called the Harjit and Prayer show. It’s basically, it started off with us making, kind of low, you know, like lighthearted. Making things lighthearted as 2 Indian typical Indians, you know, professionals. That’s how this show started. You know, we talk about technology and, and things like that and occasionally we will interview somebody or another and things like that. So I got that. And then I also do The PowerShell News Podcast with my other friend Mick Pletcher. And that’s just very much Powershell, focused. We also do a lot of interviews with key powershell professionals out there. You know, every now and then we’ll share like, you know, tips about what’s going on in the Powershell.

    Mary Jo Foley: <u>23:12</u> I do a podcast too, Windows Weekly every week, and I’ll tell you, I, I’m kind of an introvert at heart as I mentioned. So it was really scary for me to start doing a podcast. But I feel like if you’re somebody who’s nervous about public speaking, starting out with a podcast is kind of a good way to make yourself learn how to be more extroverted.

    Harjit Dhaliwal: <u>23:37</u> Yeah. The actually this is exactly what happened with a Hodgkin and players show. Those few shows were like so rigid. We didn’t know what we were doing and we were like trying to be, you know, the p’s and q’s and things like that. Like, oh, are we saying the right thing? Are we, we are we looking at the camera properly and things like that. So the first maybe, I dunno, five shows or whatever, but we were planning it do like, oh, you’re going to, we got to talk about this and this is why you’re going to say it is what I’m going to say. And then as we just went along and we just kind of gotten rid of all of that stuff, I would just just went with the flow. We just became very natural. We just like two people having a conversation and it became so easy. So you know, we will just, you know, banter back and forth with each other. What about this and what about that? Oh , yeah, that’s right. You know, it becomes easier.

    Mary Jo Foley: <u>24:35</u> It does. It does. I know the first few episodes for me, I was just thinking, I can’t do this. I can’t, like, it’s so not me. I can not do this. And then you start relaxing into it a little more and then it kind of becomes fun. Even though it’s work, it’s still, it’s still fun because there’s a lot of give and take and learning and opportunity to connect with people. Like you said, get guests on. Right. And it’s a great way, like if you’re intimidated to say, talk to Jeffrey Snover instead you go up to me, you say, Hey, I have a podcast about powershell. Would you ever be on?

    Harjit Dhaliwal: <u>25:07</u> Exactly. And we’d actually, we did talk to him about that and he is, he wants to get on our show.

    Mary Jo Foley: <u>25:15</u> Yeah, yeah. He’s a great guy. And you know, it does give you a nice opening to talk to people who otherwise you might be really intimidated to approach. So it’s, it’s kind of like, it’s almost like your calling card, right? Hey, I have a podcast, you know?

    Harjit Dhaliwal: <u>25:30</u> Right. I also have my own youtube channel and stuff like that. I’ve been wanting to do my own. Yeah. I’ve been wanting to do like I do, I have some videos and stuff like that, but I hadn’t, and one time I’m like, you know, I do want to do my own serious of something like, you know, something like that, whatever. I just I just don’t have the time or you know. Yeah. I was just like, ah, it’s okay, I’ll do it next week. And then on the other hand is also harder to do it alone.

    Harjit Dhaliwal: <u>26:01</u> You know, you ever think about what you’re gonna say next, what you’re gonna say next. So when you’re having a conversation like you and I are having, we both pick up on each other, you know, where one leaves off and one starts off and stuff like that. So if anybody that’s trying to start off with a podcast and stuff. Find a friend. Reach out to somebody you know, and say, hey, would you like try this with me? I think you and I have things in common and we both have the same skillset. Let’s do it.

    Mary Jo Foley: <u>26:30</u> Yup. I agree. I agree. It’s always easier to do it with a partner and somebody who will also spur you on to do it when you don’t really feel like doing it. We got to do this. Let’s take a step back again. So I’m sure a lot of people listening to this are saying, I will never do a podcast. I’m never going to go up to Jeffrey Snover over and say, Hey, Jeffrey. So say you’re, say you’re kind of one of these IT Pros who really doesn’t like to get out there that much, but feels like they need to. And you’re at an event like Ignite and there’s some networking receptions or meetups. What do you think they should do? Or do you have any suggestions for kind of how to break the ice or get into a conversation when you feel really not ready to jump out there?

    Harjit Dhaliwal: <u>27:20</u> Okay. At events and stuff. For example, at Microsoft ignite one of the key groups, the networking groups out there, it’s called the Krewe. I’m also part of that, that group. And I also managed aspect social. Really? Yeah. And that is really a group that you want to get into because everyone is super friendly. They actually pick up, the mindset of the mentor and mentee kind of the thing, you know. So when you’ll see people wearing, tshirts with the word the crew or stuff like that, just approach them and say, Hey, I’ve heard about you and you know, how do I sign up? Do you guys have any events coming up and things like that? So we always do. Usually it’s on a Sunday, before, Ignite and stuff like that. That is a great ice breaker. That’s how I met a lot of my friends that I’m very close to today that is what I actually kind of put me on the, on the map as well.

    Mary Jo Foley: <u>28:30</u> Oh, interesting. That’s interesting. Yeah. I get to go to a couple of events. It’s K, r, e, w, e, the Krewe, and they’re not supposed to let press in, but you know, I was like, guys, I’m not there to like do stories. I just want to meet more people and get to know more people and they let me come to their parties and events, which is great.

    Harjit Dhaliwal: <u>28:48</u> Right? And so what happens is once you hook up with one of these people, you know that the networking doors just open up because Dale connected with 20 other people from the Krewe as well. Right. So you’ll head to the expo hall or wherever the lunch area is and you’re like walking around with your tray and you’ll see someone calling you out and coming to come and sit with them. Okay. Stuff like that. Oh, you’ll run into like, wait, hey, I met this person on Sunday. Let me go and sit with them.

    Mary Jo Foley: <u>29:19</u> Yeah.

    Harjit Dhaliwal: <u>29:21</u> So it is just you really have to go and make an effort. I think right now, no one’s going to force you, but you still, you know, if you really want to have one to enjoy the conference or any events or stuff like that, that you have to make an effort.

    Mary Jo Foley: <u>29:42</u> Yup. I agree. It’s so not my nature to do that kind of things, but I, I even now do things like organizing meetups and it’s a lot of work, but you really do get to meet a lot of people who you would never meet otherwise when you kind of just take one little step like that and say or if you know, somebody is organizing a meetup to say, hey, if you need help, I’ll help you, you know?

    Harjit Dhaliwal: <u>30:04</u> Yeah.The other thing is that, um, I assume so, especially with Microsoft, they have a very good, mentor mentee program that the Microsoft Tech Community, has organized us for the last couple of years and stuff like that. That is another way for you to start building your friendships and building, some networking opportunities which will actually open up again even more channels. So I was connected with this very nice man from Alaska, John Welcome. He became my a mentee and you know, I was like, okay, you know, great. You know, this is through the program. And sure enough, we became very good friends and we still communicate almost on a daily basis now. One thing led to another where I find like sometimes the role of the mentor and mentee thing gets reversed. Sometimes. I’m his mentee and he’s my mentor because of the things that he’s doing.

    Harjit Dhaliwal: <u>31:09</u> Yeah. That is up beyond what I’m doing. So I’m learning from him as well, you know, things like that. So that’s another way of doing it. And when I go to conferences, when I know there are some new people that I lead up through social or whatsapp or things like that who are kind of I don’t know what to do, things like that. So I’ll say, listen, meet me on such and such today. Sign up for this a particular event, a social event, please come and I will introduce you to a bunch of people and then you can take it from there.

    Mary Jo Foley: <u>31:43</u> Yup. That’s good. That’s really good. Nice. All right. Any, any last tips or tricks we haven’t already shared that you want to make sure to mention on here or you feel like we kinda covered all our bases?

    Harjit Dhaliwal: <u>31:57</u> So attempts on tricks definitely started using Twitter. Twitter Is very, very powerful if you’re going to do any social, I would do Twitter, you know. Use which will actually help you segment your tweets. For example, you can do direct messages in one column. You can add a column for let’s say #MJFChat, hashtag whatever. We can even follow people, you know, you can have a column full of specific people that you really want to see what they post and stuff like that. So that will get you started in like correlating information that’s coming out on social, especially on Twitter. Hashtags are important, they’re basically search datas that are created. No one owns any hashtags. So some people say, but yeah, can I use a Hashtag? Yes, of course. Nobody owns it. It’s just created on the fly. You can create whatever you want. Right. Sometimes I’ll use a hashtag called MVP git just to see, just to track some stuff that I’m posting, you know, whatever.

    Harjit Dhaliwal: <u>33:20</u> So hashtags are important because what happens is if you’re using some common hashtags, for example, #ConfigManager, #SCCM, #Windows10 or whatever like that, right? You have other people who are also posting with those hashtags or they’re searching for information based on those hashtags. So if you trying to get out there, you’re like, hey, I only got five tweets, but I’ve got this really cool thing that I want to share about Config Manager. Post it and Hashtag right.

    Mary Jo Foley: <u>33:50</u> Yup. Yeah. I do that a lot. Like when is something I’m writing about and I want to make sure that people who are talking about it see it, like say there’s an Office 365 outage, right? I’ll Hashtag it Office 365 outage and just get it into the stream. So people will say, oh wait, she’s talking about the thing I was just talking about, you know, so that works.

    Harjit Dhaliwal: <u>34:11</u> Right? Exactly. Like patch Tuesday weeks and stuff. I’ll post stuff with the Hashtag #patchtuesday or #patching, something like that, you know, just to give people, Hey FYI this blah blah blah is causing issues fault Windows 10, something like that. I’ll give people a heads up and oh here’s the fix for that. The other thing I did is we didn’t talk about is, I’ll touch real quick is about Facebook, right? Facebook is also very powerful, right? So you’ve got your regular Facebook where you’re friends with your neighbors, your relatives and boyfriends, girlfriends, whatever it is, right? You’ve got all that regular stuff. Where the power of Facebook comes, is groups.

    Harjit Dhaliwal: <u>35:02</u> So I manage a very successful group called Tech Connect, Dechko and ECT. Okay. And basically what it is, is that it encompasses all aspects of technology, whether it’s SCCM or Powershell or Azure or analytics, whatever. It’s one place to stop. You know, if you need help with something that you ran into, or posted day and people give you the support you need. I post a lot of like articles and things like that that I see coming through. You’ve got a lot of groups like this, you have Powershell groups, you’ve got Congif Manager groups, you name it, they’re out there. Leverage these groups, use them, join them, and then start communicating with people in their right. And the next thing you’ll know, that person is also on Twitter and then you hook up on Twitter and oh, this person’s also going to this particular event you’re planning to go to.

    Mary Jo Foley: <u>36:13</u> Yeah, that’s, that’s a great tip. I always kind of gloss over Facebook because I feel like it’s more a place to connect with friends and family than it is work. But that’s totally not true. So good.

    Harjit Dhaliwal: <u>36:25</u> No, it’s not true. Yeah. So I don’t post anything workwise or professional wise, on my regular Facebook page. I do all of my stuff in groups. That is where I’m very active. I will share and help people out and stuff like that. So that is where the power of Facebook comes in. And the other thing, one thing I remind people, and this has been a topic that has come up very recently too, is that careful, especially on Facebook, when you’re posting stuff and you know. Sometimes you’ll see people post something and then you’ll find someone, you know, will go and like, or share that particular thing. Right. Keep in mind that every action, there’s a reaction to it, right? If you’re liking something that is really controversial and stuff like that, you know, it reflects back on you regardless whether you posted it or not.

    Mary Jo Foley: <u>37:36</u> That’s very true. Yep.

    Harjit Dhaliwal: <u>37:39</u> So just be careful of that. Yeah, I don’t like politics and things like that.

    Mary Jo Foley: <u>37:46</u> Yeah, I know , it’s kind of a up for discussion. Some people think it’s good to show your whole person on Twitter and Facebook and what you believe politically and not. I feel like people who are following me don’t care what I believe politically. They are following me for Microsoft coverage and that’s it.

    Harjit Dhaliwal: <u>38:02</u> Exactly, exactly. And that is where your brand comes in, right? This is where you’re talking about branding. That is where your credibility is. I’m going to follow this person regardless though what their political background is, what their religious background is, it doesn’t really matter because the stuff that they are doing, it is neutral. It is on target. It is exactly what we need. Technology!

    Mary Jo Foley: <u>38:30</u> Well that is the perfect place to end this chat. That’s like the perfect ending right there. Thank you again for doing this. This was really fun and really great.

    Harjit Dhaliwal: <u>38:41</u> All right, thank you. Thanks for having me on the show. Hopefully we will do another one soon.

    Mary Jo Foley: <u>38:45</u> Yes, let’s, let’s hope so, and for others who are out there, we’re going to be making this chat available very soon, both in audio form and as a full transcript on . In a couple of weeks we’ll be back with our next guest, so be sure to be watching for that as well. I’ll post the information on and that will be your signal listeners to send in any questions that you might have on the topic we’ll be discussing. All you have to do is go to the MJFChat area in the forums on Petri and submit your questions right there. So thanks again and see you soon!

    • This reply was modified 5 months ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams

    Mary Jo Foley:                 00:00                    Hi, you’re listening to’s MJFChat show. I am Mary Jo Foley, aka year community magnet. I’m here to interview tech industry experts about various topics that you, our readers and listeners want to know about. Today’s MJF chat is going to be all about how to build a disaster recovery survival kit for SQL server. My guest today is Dave Bermingham Technical Evangelists with sales technology and a Microsoft cloud data center, most valuable professional. Wow, that’s a mouthful. Thanks for joining us Dave.

    Dave Bermingham:         00:43                    Alright, thanks for having me Mary GJ.

    Mary Jo Foley:                 00:46                    So when you suggested this chat topic, you emailed me a good opening statement where you said failure per se is not really the problem. Downtime is the problem, but there are ways to prevent failures. So I wanted to kind of delve into that on this chat because you also mentioned that there are different things that IT Pros should be thinking about in terms of their needs and their budgets. So where do you like kickoff with people when they, when you say, I have an idea for you how to build a disaster recovery survival kit.

    Dave Bermingham:         01:22                    Yeah. So you generally start with what are your requirements in terms of recovery time objective, recovery point objective, and then we also look at the environment. Is this a on premise solution, physical servers, virtual machines or this a hybrid cloud situation or is that a pure cloud situation? And so once we kind of get the lay of the landscape, we review some of the standard options for high availability and disaster recovery to see where are they currently stand and where their liabilities might fall. And on premise, when you’re talking about disaster recovery, then you’re talking about, you know, where is my DR site, that’s something that I’m going to build another data center and manage that. Or am I going to leverage, maybe the cloud and build some hybrid cloud solution and have the cloud as the DR. Well, more and more these days I’m talking with customers that have bought a cloud into the cloud.

    Dave Bermingham:         02:34                    They’re all in and they’re there deploying, you know, either migrating their existing infrastructure to the cloud or they’re building new applications in the cloud. The cloud is a new paradigm to them. They, you know, the traditional HADR scenarios while still relevant they completely have a wrinkle. So where normally you might be building failover cluster instances and or you know, you’re doing some sort of, yeah, maybe you’re doing a BMR HA or whatever it might be on premise in the cloud, a lot of those traditional solutions are not available. So they’re really kind of reaching out and starting to understand what options they have. And you know, once they move all into the cloud.

    Mary Jo Foley:                 03:28                    I mean, this is kind of an open-ended and opening a question on my part, but is it actually saving them money if they think more about doing this in the cloud versus on premises?

    Dave Bermingham:         03:39                    Well, absolutely. The cloud infrastructure is so much more advanced than the vast majority of your typical customers that, you know, being able to deploy data centers. If you think about, you know, we look at Azure or AWS, well they have data centers across the world, so they have regional data centers, but then even within each region they are going to have multiple what they call availability zones.

    So in the east region you might have three different data centers that are on different flood plains and power grids to have that type of resiliency where normally, you know, the typical customer is not going to be able to have that access to that type of infrastructure. I mean even locally within the same data center, the resiliency of the physical server that’s hosting your virtual machine or your cloud image, the resiliency built into that is that the best, you can get.

    There’s triple redundancy at the storage layer. So just right out the gate by deploying even a single instance in the cloud, you’re going to have a really pretty robustsolution that’s going to give you typical SLA for a single instance is three nines of availability, which is not, not bad, but still in the most business critical solution, you’re gonna want to get to that four nines of availability, which is typically the entry level for what people will call highly available.

    Mary Jo Foley:                 05:25                    Right. And what about if you’re using, since we’re talking about to SQL server here, what if you’re using SQL server running on windows server versus Linux versus a hybrid configuration of the two, are there different considerations that people have to take into account when they’re building for that?

    Dave Bermingham:         05:45                    You know SQL server itself has two high availability and disaster recovery options. The first being SQL server cluster instance is, which has been around for quite some time since SQL version seven. And that model traditionally requires sort of shared storage device, which becomes problematic once you move to the cloud because they’re the major cloud providers don’t have a cluster where shared storage solution that lets you build failover cluster instances.

    So in those situations you’re going to have to use party options to enable that. So some sort of data replication solution that integrates with clustering and those solutions are available in the Azure marketplace, AWS marketplace. But then the other option would beSQL server always on availability groups. So the availability groups introduced in SQL 2012, I think that kind of a iteration or the next generation of database mirroring what it gives you additional advantages being able to group multiple databases in the same availability groups so you can scale them over together. It’s much more robust in terms of leveraging the failover clustering, core models. So it’s a more robust solution than database mirroring and that is certainly available if you’re deploying in the cloud. But one of the problems with that is for the full version, it requires the SQL server enterprise edition, which, you know, it can be an expensive proposition if you’re coming from on Prem and using SQL server standard so you have to kind of look at, look at the cost associated with that and weigh your options.

    Mary Jo Foley:                 07:48                    That’s good. Speaking of options, you know, we’ve talked quite a bit about Azure as being the destination for some of this high availability and disaster recovery solution, but there are also, as you mentioned, solutions available for AWS and Google. So when you’re talking to your customers, how do you go about comparing what’s out there? I mean, it’s not the case I would assume that just because you’re using SQL server means automatically you should think you have to use Azure.

    Dave Bermingham:         08:22                    Yeah, correct. There is, there’s a lot of customer that are on all three platforms and we talk to customers every day onleveraging these different platforms. All three of them have some similarities , and that being the ability to leverage multiple data centers for availability. In Google you have zones. In AWS you have, availability zones and regions and same with Azure availability zones and regions and all the cloud providers have similar service level agreements in that they will guarantee, you know, for single instance in a single region if they give you 99.9% availability of that single server, but if there’s a disaster and that reason’s offline, you’re offline, you don’t have any sort of resiliency or redundancy plan, you’re just, you’re just going to, you know, you get a little refund cause your SLA was exceeded.

    Dave Bermingham:         09:24                    But that’s probably not very important in the grand scheme of things. So you need to plan for some sort of redundancy resiliency that leverages the different availability zones. So for high availability, leveraging availability zones, which again, they are other data centers within the same region that enables you to do things like with synchronous replication. So whether you’re doing, the availability groups or synchronous replication or third party replication with synchronous and automatic fail over enabled, that gives you that high availability to recover from, you know, more typical type of failure scenarios. But also not only that, but for planned maintenance, just like any other data centers, at some point in time there’s going to be a need to reboot your server for some sort of update. Although you get notices and be notified when it’s going to happen, if you don’t have a very simple ability to move that workload to a standby server on a different, in the different region or different availability zone, then you’re gonna have to schedule that downtime.

    Dave Bermingham:         10:35                    And many people want to minimize that downtime as much as possible. So they all have a similar, you know, infrastructure zones, regions, I’d say. Azure goes look the beyond the typical, you know, AWS in a vague, you’d have some other options that are not quite available yet in one of them would be like Azure site recovery, which is you know, disaster recovery is a service that you can get within the Azure Data Center, which will actually replicate your entire instance from one region to another region of port disaster recovery. And in many scenarios that’s going to work just fine. There are some limitations with that in terms of the rate of change, can’t exceed 10 megabytes per second per disc. So you have to weigh it and see if it’s a good fit for you. But you know, they have options like that.

    Dave Bermingham:         11:33                    And they also have Azure a lot more storage options. So even the storage that you’re running your instances on, can be zone redundant or Geo redundant or GLN zone redundant. So they have a lot of options that will get your data at the storage layer off site into different locations. That’s the most important thing. Any disaster is data, obviously you need to be able to recovery so that the recovery point objective how much data have you lost and you’ve got another disaster and then recover time objective. How, you know, how much, how long will it take to get that instance back up and running. So there’s lots of options in Azure for replication of that data.

    Mary Jo Foley:                 12:27                    Do you, I don’t know if you can say this, I would think this is public information if it’s out there, but I know SQL server 2019 is close to release. Is there, is there gonna be anything new in there that would be of interest to people who are thinking about disaster recovery and high availability for SQL server?

    Dave Bermingham:         12:48                    I mean a lot of the same, it’s just they’re typically improving what’s already out there. So whether it’s an availability groups or being able to replicate from one availability group to another, that gives you some migration options that weren’t early when available early in earlier versions of SQL. And so really just a lot of improvements on existing technology. Nothing earth shattering new. And obviously Linux is running a SQL server on Linux is relatively new and that that opens up other unique possibilities and challenges as well along with availability.

    Mary Jo Foley:                 13:35                    Got It. So earlier in the chat you mentioned the SQL server always on availability groups. But then there are also, as you said, third party fail over clustering solutions that can be purpose built by customers who need to have mission critical SQL server databases running in the cloud. When you’re, when you’re talking to customers and your clients about this, how do you position these two things? Like if you, how do you say to them you should look at a option A or option B? Like what, what, what are the things you stack against each other when they’re trying to evaluate which of those two things is best for them?

    Dave Bermingham:         14:17                    Yeah. You know, as you mentioned earlier, I worked for SteelEye Technology, so we have solutions in that space, other third party options. So the customers, if I’m talking to them then they obviously have questions or needs in and are weighing their options. So always on availability groups is obviously great options. It’s available. SQL server courted by Microsoft. A lot of the customers that I’m talking with are concerned about the price of implementing SQL server enterprise edition. So that’s typically probably the number one consideration if they’re only buying SQL server enterprise for the availability options and nothing else, then they are taking a hard look at third party solution cause they can do similar, you know, have fill up across brands and you still stay with the SQL server standard that they issue.

    Dave Bermingham:         15:18                    So that’s majority of the customers I’m speaking with. So that’s easy. It’s black and white. Here’s the cost and you know, here’s the solution. I’ll try it out. That works for you. Great. Let’s move forward. There are some other things that especially when we’re talking about cloud migrations, they’ve probably run failover cluster instances on premise for many, many years. Now they’re moving to the cloud and all of a sudden you can’t build your filler cluster. So they’re looking at availability groups or legacy applications that aren’t certified yet for availability groups. It’s depending upon the version of SQL they’re going to, there have been other patients with distributed transactions and they have to be aware of applications using distributed transactions into this version of SQL support. What would I need to do? So there many times we’re much more comfortable because they’re already making a major change from on premise into the cloud. If they don’t also have to change their availability solution it gives them a just a little bit more comfort in knowing that they don’t have to go through a whole bunch of regression testing to make sure that everything works the way it’s supposed to work.

    Mary Jo Foley:                 16:34                    Got It. So any, any other resources you’d recommend to people who are either just getting started thinking about this or who have taken some steps but still would like more information?

    Dave Bermingham:         16:49                    Well, I’ll plug my blog here – I pretty much exclusively about failover clustering, high availability dash recovery. SQL server is one of my primary topics and cloud. So it’s kind of right in the wheelhouse. And then other than that, you know, Microsoft blogs and documentation of your Azure, AWS obviously the documentation, high visibility, there’s a lot of really good information. Anything that cloud is changing constantly. Every time I log in there’s a new option in a new feature or something in preview. So it’s really even myself has a hard time keeping the documentation up to date because there is always something new. So really the blogs and the following, you know, key people on Twitter or whatever your favorite social networking is. If you really want to stay in the loop and up to date, you know, prime the key people and make sure you keep track of all the latest technology.

    Mary Jo Foley:                 17:59                    That’s good advice for sure. I like, I love your blog title too. Clustering for mere mortals. I don’t know how you came up with that, but that’s great.

    Dave Bermingham:         18:08                    We give credit to a Elvin Christianson from Microsoft for that. When I think was Windows 2008 came out, I was a cultural MVP back then and they made so many improvements to Microsoft clustering. This is clustering for mere mortals and so I got his permission to grab it and use it for my blog.

    Mary Jo Foley:                 18:28                    Awesome.One last point I wanted to bring up because I think it’s something I know when I cover cloud outages, that matters to a lot of people is the whole idea of lessons learned right. After a huge outage happens or something disastrous happens, sometimes Microsoft publishes postmortems, sometimes they don’t. But what do you tell people about how to evaluate the lessons they can learn when things don’t go as planned? I mean, what, what are things that they should be thinking about taking away from something when it goes wrong?

    Dave Bermingham:         19:03                    Well, you said, my thought is Microsoft does a pretty good job of publishing postmortems and it comes to mind about this time last year there was that major outage and stuff central that is really some storm believe it or not.

    Mary Jo Foley:                 19:17                    Oh yeah, yeah, I remember that.

    Dave Bermingham:                           19:22                    Some people were offline for two, three days and the Microsoft had a really great in depth post-mortem they published, I actually heard about speak about it at Ignite, which was just weeks after that outage, you don’t have a good idea of what happened there. And you know, Microsoft has actually taken the steps. They mentioned steps that they were gonna take at Ignite last year. Some of those steps were in preview and including, you know, the synchronous replication, I mentioned earlier that they have, but before that last outage only Microsoft could flip the switch to say, you know why your DR Site is now active. Then you could do it, up at that point, you could not manually flip that switch and had to be by Microsoft. So they introduced into preview , right now the ability for the user to decide, you know what, I’ve been down long enough, I’m gonna make my VR site active. I know that there’s gonna be some data loss associated with asynchronous application, but I need to be online. I can’t wait for Microsoft to get things back up and running.

    Mary Jo Foley:                 20:36                    Oh, that’s cool. So that’s, is that already available now or something coming?

    Dave Bermingham:         20:40                    It’s in preview. You have to sign up for a preview, but if you sign up and you can try it out and make Microsoft good on our promises.

    Mary Jo Foley:                 20:53                    Yeah, that’s great. All right, well we are out of time and I just wanted to say thanks Dave for the really good, thorough job. I really appreciate you doing this, especially on your first day back to school for your kid.

    Dave Bermingham:         21:07                    Yeah, yeah, a quiet house. So it was easier. I appreciate you having me, Mary Jo.

    Mary Jo Foley:                 21:13                    Yeah, you’re welcome. For everybody else who’s listening right now, we’re going to make this chat available very soon, both in audio form and as a full transcript and in the interim and a couple of weeks we’ll be back with our next guest, so be sure to be watching for that. I’ll be posting the information on and then that will be your signal listeners to send in some questions. All you have to do is go to the MJFChat area in the forums and submit your questions right there. So thank you very much again, Dave, and thanks to all of you listeners.

    Brad Sams
    Brad Sams
    in reply to: can i get my old handle back? #623481

    Can you send me an email with the previous account info and I can dig in – [email protected] . com

    Brad Sams
    Brad Sams
    in reply to: James Haynes – Looking to get his old Username back #623480

    Let me see what I can dig up.

    Brad Sams
    Brad Sams
    in reply to: Security-hardening Windows Server #620769

    You can find an audio version of the conversation, here.

    Mary Jo Foley:                 00:00                   Hi, you’re listening to MJFChat show. I Am Mary Jo Foley, Aka your community magnet. I’m here to interview industry experts about various topics that you, our readers and listeners want to know about. Today’s MJFChat is going to be about security hardening windows server. My guest today is Orin Thomas, Microsoft principle cloud operations advocate. Thanks for joining us Orin.

    Orin Thomas:                   00:36                   Yeah. It’s great to be here.

    Mary Jo Foley:                 00:36                   It’s bright and early for you and it’s the end of our day here. Where are you located again?

    Orin Thomas:                   00:44                   I live in Melbourne, Australia. So at the moment it’s winter not that we get really big winters in Australia. No, I’m a about half a day ahead or 18 hours or something like that of the US so we get Monday morning earlier, but we get Friday afternoon faster as well.

    Orin Thomas:                   01:04                   Nice. I think I would go with your way of doing it. I really do. So we’re going to talk about windows server and as you noted, Windows Server ships in a mostly “mostly” secure configuration, but Microsoft does have to balance security with backwards compatibility. You have a bunch of ideas about things IT Pros can do to tighten the security of Windows Server deployment, things like hardening accounts and authorizations, secure administration and hardening Windows Server from its default deployment configuration.

    That was hard to say. But first before we get into all your good ideas, we asked some of the readers if they thought Windows Derver was secure from the get go. I want to read to you some of the things that we heard back through Twitter and various social channels. So Brian Reed said, is it secure out of the box? Yes. If it’s deployed standalone, maybe if it’s deployed in AD with careful GPO settings, nowhere domain and other GPO settings are a mess. Tthen somebody else, Paul Pryor said if you throw in some app locker rules and control user right assignments with GPO, and lockdown unused services, it’s ready to rock. But also be sure to use Windows Server core. What do you think of these kinds of comments? Do you agree that this is the way IT Pros should be thinking about Windows Server?

    Orin Thomas:                   02:40                   Yes and no. I think that one of the key things is with anything, how you configure something will determine how secure it is. Now when I agree with that statement that it’s mostly secure out of the box. There’s always a balance between backwards compatibility and compatibility with people’s environments and compatibility with people’s applications.

    You can actually take windows server far, far further. So there is two sets of third party guidance that are really worth looking at if you’re really into locking down Windows Server. So one of them is STIG which is a security technical implementation guide, which I think is published by the US military. And that’s basically a set of recommendations where they go through almost every setting that you can go and configure. And then also there’s the center for Internet security is also got a security hardening, set of guidelines for windows server.

    Orin Thomas:                   03:45                   So coming back to those comments, you can make windows server very hard when it comes to a domain deployment or a standalone deployment and there is much further that you can go than just for example, App Lock rules, App Lock is actually an older technology and we’ve actually got better technologies that are available for Windows Server where that sort of application white listing. Application white listing is an awesome way of approaching security.

    It Is enforced more at the hardware layer and that you’re verifying, you know, the integrity of the applicational, how you’re identifying the application at something a bit. App Lock is sort of an older technology. I think it’s almost a decade old or a bit older now, but you know, if you go with Windows Defender Application Control, you’ll actually get a much more robust control over what runs. But the, the trick with any hardening is I say it’s no point protecting a $1,000 diamond with a $20,000 safe. So you always have to be commensurate with how you harden your environment and you can go all out and go and apply every security recommendation that might be sitting in the STIG or in the center for Internet security benchmark.

    But it might be that nothing can run on your server. So you have to balance what your threat is against how locked down do you want to make the server. Windows Server can be very, very, very, very tightened and locked down. It’s very difficult to compromise if appropriately configured.

    Mary Jo Foley:                 05:25                   Hm. Do you think everybody should think of this, that way? In other words, do you think, you brought up the dollar analogy, but like should everyone want to lock it down to its maximum point or how do you gauge whether you should or shouldn’t do that?

    Orin Thomas:                   05:40                   One of the things that we see is a big challenge and we can see that just with the number of computer servers out there that are still running 2008 or 2008 R2. Take a lot of simple things that people can do, that they’re not doing before we start worrying about some of these really complicated things. Some of which I’ll talk about with you today.

    I mean the best thing that people can do for example, for their domain environment is just make sure that they’re running Windows Server 2019 on their domain controllers. You always want your domain controllers to be the most recent version of the operating system. And then you know, as a general guide, you want everything to be the most recent version. There’s going to be scenarios where you can’t do it for application compatibility reasons, but we also know that the vast majority of windows server workloads have file servers and then domain controllers and then infrastructure servers.

    Orin Thomas:                   06:38                   And then when it comes to application servers, they’re a bit further down the list in terms of common workloads. So if people just went and upgraded their domain controls and file servers, that’s a really simple thing without worrying about going into a whole set of checklists. And you know, let’s start with the, the easy, the low hanging fruit before we get to, you know, the more challenging bit of doing our application whitelisting where you have to know everything that’s running, which is a really great thing to do. But again, in terms of bang for your buck, you get on the lightest version.

    Mary Jo Foley:                 07:17                   Yup. Yup. That’s just like the get go, right? Like start there, move from there.

    Orin Thomas:                   07:22                   One thing that, um, you know, there is always a security argument, uh, the running the latest version. Why? Because it’s got all of, you know, the wisdom or everything that’s, you know, been dealt with before in theory. By the time the new version is released, all of that sort of baked into the operating system. You’re not sitting there going, well, I’ve got to go and apply all of these updates and that’ll certainly hardened us over, but we know much more when we were releasing a product today than we knew when we released an earlier version of a product.

    Mary Jo Foley:                 07:52                   Yep, that’s right. One of the readers on Petri, Ivan asked, whether these kind of guides or baselines should be applied to the majority of servers and then also asked,, security hardening. Here’s what he said. Security hardening is difficult to maintain operationally as it really should be done at the application OS network and identity layer. And this makes it very complex and leads to pitfalls of misconfiguration. So he’s asking are there actually practices to streamline this process? So I think these two things are related basically.

    Orin Thomas:                   08:34                   When you’re looking at a file server, that’s generally a bit easier. So if you can categorize servers or if you can categorize workloads, you’ve probably then got a general set of things that you can do. But depending on how far that you want to go on, again, this comes back to this thing I was saying. If people wanted to just do the basics, that’s not particularly complicated. You can go in and handcraft a security configuration, which is obviously fairly time-intensive, but most people aren’t anywhere near that. I mean most people security posture isn’t that great. I was once teaching some people that were responsible for information security for the Australian government and they were going out to government departments and they had a set of guidelines for how things should be configured.

    Orin Thomas:                   09:34                   And things were so far from where they were that even if they just got the basics right, they’d be doing a lot better than where you’re getting all the complex things right. There’s a tendency when we’re thinking about security for people to try and get everything perfect. It would be great if we were in that position, but most people actually need to get themselves just up to scratch before they start worrying about getting perfect. So it is difficult to maintain operationally. It’s a matter of making sure that you document everything, you work out what works. And one of the other things that you should never do is you should never start with one of these baselines.

    The security hardening guides and then turn everything on at once because you’ll do that. And what you’ll find is that suddenly things won’t work and you won’t know which particular security control you’ve implemented that might’ve caused the compatibility issue. So you need to be incremental about it. And obviously if you’re being incremental about it, you’re actually taking more time. Time is money, then you’ve got to come back to that. I’ve got a hardened commensurate with what my threat is. If you’re running the local kindergartens file server, that’s a very different threat model too. If you’re running , you know, authentication for a bank or something like that.

    Mary Jo Foley:                 10:55                   Yeah, for sure. So do you actually advocate that people do things like you do with windows updates in other words have rings and pilot testing the same way they do? Or is there another approach to doing that?

    Orin Thomas:                   11:10                   You should always cast an update before you put it into production. I was teaching some students once and one worked at an international merchant bank and he came back with something that I found to be completely fascinating and I don’t advocate this at all, but it’s a funny story. He said that they didn’t test updates before they put them into production.

    And I went, what’s the logic in that? And he said, well we worked out the number of personnel hours who were spending each month testing up those before putting them into production. But we also then worked out that with our ability to roll back, we going to spend less hours rolling back a problem, problematic, uptight than we were actually spending testing updates in production. So that worked out some sort of cost benefit analysis and said it’s costing US x dollars to test updates every month given the lack of, you know, absolutely show stopping updates that there are, it’s going to cost us a fraction of x to not test them. I don’t recommend that, but it is an interesting view on the process.

    Mary Jo Foley:                 12:23                   It is. That’s kind of a weird way of thinking, but I see where he’s coming from and thinking that.

    Orin Thomas:                   12:34                   I wouldn’t do it, but with what you’d get from a bunch of accountants who said, well, it’s costing us x dollars to test. We’re just better off having the occasional disaster because it will be cheaper than all of the testings.

    Mary Jo Foley:                 12:50                   Yikes. Yeah, exactly.

    Orin Thomas:                   12:52                   But again, different horses for different courses.

    Mary Jo Foley:                 12:55                   Exactly. I like that. W start when you’re advising it pros, how do you actually start talking to them about this beyond what we’ve already said here? I mean, do you actually have a checklist to say, go down the checklist, ere’s what you should do, a, B, c, d, and what, what are those? If you have those points?

    Orin Thomas:                   13:17                   So where I usually start is I’ll start with a set of easy wins and my, my first one is the, just make sure that you’ve upgraded your domain controllers and things like that. Then I start talking about, okay, let’s look at your virtualization fabric because this is one that people don’t think about so much. And with Windows Server 2016 and 2019, there’s a really cool thing called guarded fabrics and shielded VMs because what people haven’t sort of sat there and thought about is they’re sitting there worrying about demining dominance.

    When someone gets to mine, I’d be nexus in the mind, but by don’t think about virtualization dominance where someone actually gets control of the virtualization fabric. Because if you’re controlling all of your virtualization servers, you can just pick up any VM that’s running on that, export it, and then you’ve got access to the entire box.

    Orin Thomas:                   14:03                   It’s the ability of basically being able to scale, you know, in the old days of walking into a server room and taking a server out, if you can steal a VM, it’s sort of the same. So with windows as of 2016 and 2019 you have the ability to really lock down that virtualization fabric so that each virtualization host is running in a known, protected configuration. And then in each virtual machine that’s running on that host is fully encrypted. So that if someone did try to export it, all of that, they’re protected data that by can’t read. Cause one of the attacks that’s happened is that people have sort of gone, oh, I’m gonna go and mount the hard drive of all the virtual hard disk of that domain controller, get access to the active directory database running offline attack against. Then I’ve got complete access to the environment.

    Orin Thomas:                   14:51                   So one thing I talk to people about is think about the security virtualization fabric. Cause a lot of people are running everything virtualized. You’ve got to make sure that that’s hardened. The next one I talk about is obviously application whitelisting. Go and look at what applications you’re allowing to run on a server and then make sure that you’re only allowing unknown set of applications to run. For the most part, you’re only running a limited sort of workloads. And if you think about for example, we see all the time in the news ransomware, problems where a file servers become had a cryptolocker infection on it. Well there’s things such as windows defender, application guard, which will provide controlled folder access, which you can turn it on and one allow unauthorized processes to go and run on specific folders.

    Orin Thomas:                   15:44                   For example, a cryptolocker infection running against a path that hosts all of an organization’s files. So again, you could turn something like that on. And again, that requires that you have a more recent version of the operating system. Then things like securing your administration. A big recommendation is that you use what’s called a privileged access workstation.

    Now privileged access workstation is a specially configured computer that you only perform administration tasks from that specially configured computer and the things are locked down so that you can only do what you meant to do on it. It’s not your sort of your daily driver computer where you’re reading your email and surfing the web. It’s a completely locked down environment that’s got its own application. White listing rules applied and then you can figure your servers so that they can only be managed from one of these hardened workstations.

    Orin Thomas:                   16:40                   So what you’re trying to do is you’re trying to avoid this sort of attack or the sort of compromise where someone compromises administrator workstation. And through compromising that workstation, they then gain access to, you know, the production servers. And one of the things I tell people at conferences is you shouldn’t be doing admin tasks from the laptop that you take to a conference. You should actually be doing that from a very specifically hardened workstation, a privileged access workstation.

    Mary Jo Foley:                 17:09                   So this is a perfect time, I think to interrupt you for a moment with a question from another reader, Morbrosit asked best practices for allowing remote access using Powershell PS Exec.

    Orin Thomas:                   17:25                   So part of that would be to make sure that you’re locking down all of your servers, so that they can only be accessed from known host. You shouldn’t have it so that you can remotely powershell to your domain controllers from any computer on your network, you should say.

    Orin Thomas:                   17:44                   Right? I can only get in from the specifically hardened workstations and that will improve security. Security is about improvement. There’s no perfect solution. But what you can do as you can make it increasingly difficult for an attacker, for example, if they’ve compromised your network to move about that network.

    There’s a thing called assume breach, which is that you design your security around the idea that you’ve already been compromised and so that you’re trying to limit what an attacker could do if they, for example, compromised a specific machine. Okay. If they’ve compromised that machine, how would we limit what they could do from that machine that they’ve compromised?

    Mary Jo Foley:                 18:25                   That’s interesting. One other thing that may be partially related from Ivan. He was saying other than DFC, which I’m assuming is desired state configuration, which is difficult to implement and maintain. How else can we look at maintaining the security configuration throughout its lifetime?

    Orin Thomas:                   18:49                   So there is, I’m trying to remember, a security compliance toolkit. Now the security compliance toolkit is a sort of the newer version of an older tool that allows you to sort of go and check the security configuration of a server against a specific baseline. So one of the things that you can do is you can come up with these baselines and then run these tools to check how well a particular server meet set baseline. Now there’s a certain amount that you can do with DSC.

    There’s a certain amount that you can do with puppet and chef, but there’s sometimes there’s a lot of getting out and you know, walking when it comes to doing bits and pieces of this, of this configuration, and because each workload may be slightly different in what its requirements are, it may be that you have to handcraft a few of these things. So there’s no simple solution where you can just point a product at any workload and it’ll automatically configure. Understanding the workload and the requirements of that workload in terms of what you can and you can’t do.

    Mary Jo Foley:                 19:52                   Okay. Sorry, I interrupted you. Go forward. Go forward.

    Orin Thomas:                   19:58                   Okay. One of the other ones I was going to bring up one more when we were talking about Powershell. Of course there’s just enough administration which is a technology that really limits what can be done with power within a powershell session. So not only would you turn around and say, I’m going to limit where this session can come from, I can limit what can be done within the session. So for example, someone would log in with an account that has DNS permissioned and only DNS permissions.

    And one of the other things you want to do is you sort of want to d leverage administrator accounts. One of the other things that occurs out there is that people have these accounts that can go and do everything. And of course, if an account that can go into everything is compromised, that means that the attacker can go into everything.

    Orin Thomas:                   20:43                   Whereas if you have an account that’s really limited in what it can do, maybe all it can do is, you know, add some DNS records. If that account’s compromised, it really limits the scope of what an attacker can do. Locking down admin accounts within Windows Server 2016 and 2019, for example, a little thing that you can do is there’s a group called the protected users group and if you add an account to this user group, it lights up all of these little security fixtures. It just disables case logins.

    It disables NTLM for that account and it’ll improve the security of that account in a little way. More broadly, you’d might want to disable NTLM on your network if you can. Then you’ve got features like Credential Guard, which again, is sort of a mitigation to sort of a pass the hash attacks, to those at the texts that might work with mimic caps, which is a way of sort of going in and attacking cache credentials.

    Orin Thomas:                   21:49                   And then another one that’s a really easy win is a thing called local administrator password solution. And what LAPS does is it makes sure that there’s a unique local administrator account password on each computer that is enrolled within LAPS. One of the things that happens in a lot of environments is that there’s a common local admin password on every computer in the environment.

    And an attacker only needs to get that password once and then they can log on to any computer as an admin. And I’ve seen out in out in the real world where even people who are just standard normal, like accountants have you know, shoulder surfed when the it person’s come to do some work and logged in with the local admin account and they’ve written that account password down and then shared it so that when the IT people aren’t around and they want to do something to their machines, they just log in with a local admin account because it’s using a common password right across the organization. So if you’re using a local administrator password solution, you’ve got a unique password on each machine so that sort of thing cannot occur.

    Mary Jo Foley:                 23:02                   That’s a good one for sure. Okay.Let’s see. Any other kinda checklist items you think , you’ve already brought up a bunch of good ones, but any other checklist items that it might not readily occur to some people or things that sound really simple, but you see many people not doing them.

    Orin Thomas:                   23:23                   Network isolation’s fairly good. Again, that comes down to that idea I was talking about where your limiting who can or which hosts can open an admin connection. One the ones that is commonly recommended is for example, blocking critical servers from communicating in any way the Internet. The question is why does your domain controller need to be able to get to the Internet?

    And it probably doesn’t because if you’ve got your update process so that you’re deploying updates through something like windows server update services, then your deploying updates locally and there’s no need for that server to go and communicate directly with the Internet. Now again, it’s not a perfect solution, but what you’re doing is you’re stopping someone from signing onto that server and then maybe accessing tools or downloading tools from the internet that they shouldn’t.

    Orin Thomas:                   24:18                   And again that is sort of one way of sort of minimizing problems that can occur. So isolate things from communicating with things that they simply do not need to communicate with and you generally, your domain controllers are not going to need to communicate with the Internet. There’s a lot of organizations that are just like, oh, I’m not worried about anything occurring in terms of where someone might use a domain controller to access something remotely.

    Well generally they’re not going to need to as someone in one of the readers suggested running server core. And it’s really surprising when I go and ask people at conferences, I say how many people are running server core? And you’ll only see a fraction of the hands go up. And there’s still a perception that server core is a difficult thing to use with the new windows admin center and the functionality that’s coming into windows admin center server core is a much more easy thing to administer.

    Orin Thomas:                   25:21                   And for the most part, if you think again of what roles do servers generally host things like domain controllers and file servers. They certainly don’t need a Gilly on them. By putting server core on, you’re reducing your attack footprint. It’s very difficult for someone who gets onto that server to open a browser and download something. They can still do stuff through powershell and obviously the command line environment. But again, server core first in terms of deploying a server and then only not deploy server core if there’s a really, really good reason not to. And if you’re installing windows server, you already know that by default it tells you to go and deploy server core.

    Mary Jo Foley:                 26:04                   Right. I’m glad you brought up Windows Admin center known also as Project Honolulu because I think we should talk a little bit about that more because I feel like people have heard about it but maybe don’t quite understand how much that’s gonna make their life easier.

    Orin Thomas:                   26:23                   It is. One of the things is anybody who’s obviously running around on servers knows that the vast majority of the admin tools that you use to manage a server, in some cases 20 years old consoles that have been around in some form or another since sort of windows 2000.

    And we’ve seen things such as um, sort of some of the newer consoles like Active Directory Administrative Center, which probably came around in about Windows Server 2012 ish type time from, we’ve seen some consoles that have attempted to do something, but what windows admin center represents is it represents a concerted effort to put all of the graphical administration tools that you need for a server into sort of an easily updatable we interface. So any new feature of Windows Server isn’t going to get its own sort of MMC or Microsoft Management Consults snapping anymore.

    Orin Thomas:                   27:23                   It’s all going to be anything new. Any new functionality is going to be surfaced in Windows Admin Center or Powershell. One of the nice things about Windows Admin Center is when you do something, there is often a show me the powershell does this button that’ll actually give you the code that you could, if you just want it to run the code, you could go and use it.

    So it’s got add ins, it will automatically update the add ins. So for example, there’s a feature in Windows Server 2019 called storage migration service by which our good friend Ned Pyle is responsible for. When you install windows admin center to managed storage migration service, cause that’s the way that you manage it. If there’s any updates to storage migration services, functionality, windows admin center, we’ll automatically say, oh by the way, this module has got updated. You click on the update and then it’ll improve your console for you.

    Orin Thomas:                   28:17                   So going forward at the moment windows admin center is very in certain areas it of excellent tool like storage, migration services. That’s obviously how you go and manage it. There’s other things that you’d still go back in for example with Active Directory you’d go back and use active directory users and computers.

    Cause you can only do basic tasks in windows admin center at the moment. However, given the rapid iterations that are going on with it, it’s not unreasonable to assume that in a couple of years you will have moved away completely from using those Microsoft management consoles because all of the functionality that you need will be within windows admin center and that you can use that to centrally manage a lot of servers in the way that it’s really difficult to do with some of those older tools.

    Mary Jo Foley:                 29:05                   Okay. That’s good. Thanks for the shout out on that. I feel like we haven’t talked about that a lot on these MJFChats, but whenever I bring it up on Twitter, people are super excited like you said, because it’s revving all the time and there’s always new features being added.

    Orin Thomas:                   29:21                   It is. It’s one of those things that like when I’m doing ignite tour, it’s one of those, I do a little theater session on what’s new in windows server and it’s one of the things that I bring up and it’s like, you really should go and look at this. It’s really cool and it’s getting cooler all the time. I mean, I know now that I’m a Microsoft employee that a bit like blowing our own trumpet, but, even when a MVP, it’s a really, really, really cool feature. And I know that there’s a lot of people out there that are always sort of sitting there going, look, I can probably figure out the Powershell to do this, but it’s going to take me a while and I’ve only got a certain amount of time, so I’m just going to default to using a gooey tool.

    Orin Thomas:                   30:03                   This helps you in both ways. It allows you to do something through the Gooey so that you’ve still got those guard rails and stopping you from doing, you know, there’s also the worry when you’re using powershell that you might accidentally summon a demon or something like that by using the one command. So this is giving you the guard rails, but it’ll also show you the powershell so that if you did want to go in and script something, you’re going, oh, okay, well that’s what that looks like. I can then again, make that transition and start to do it from the command line. Should I say oh neat. But it’s, it can be installed just on your, on your workstation at, it has its own little mini web server. You can install it, you can use it to manage the stuff that’s running in the cloud or you can use it to manage a whole collection of servers.

    Orin Thomas:                   30:48                   So you only need to install it once or you can have different instances of it and then you just go and connect through. And the other thing it’s got is it’s got really good integration with Azure so that for example, things such as as your file sync, which is a really cool technology that allows you to basically start tearing your file servers and putting old data up to the cloud. Again, you can set all of that up from windows admin center just for with a couple of clicks because it goes and connects your Azure account to this particular instance. And then you can go and hook that in very easily.

    Mary Jo Foley:                 31:27                   Cool. Very cool. Sorry, I think I got a little off topic there,but still related. So before we close out, just to reiterate, any resources that you want to call out for people on the topic of hardening windows server.

    Orin Thomas:                   31:45                   So the big one I would call out is I recommend that people go and look at the center for Internet security baseline and also go and look for the security technical implementation guide or the STIGS. It’s worth reading through them. Now, some of them are very long, very complicated documents, but what you’ll see is you’ll see in some cases discussions about here’s a particular feature you might not have thought of or a registry setting that you might not have thought of.

    This is what it does. And then you can figure out whether or not that’s appropriate for you. Going through and looking at all of the features and all of the things and all the recommendations that exist within those baselines. And then thinking about them, you’ll actually learn a lot about the process rather than, you know, just looking at someone’s, this is the top 10 list of things that you can do. I mean it’d be great you did the top 10 but you probably want to go further. And I know that in my own education about all of the security features that are available, going through those very extensive baselines, I went, Oh wow, okay. I didn’t know that I could do that. Or oh okay, I understand why I could do that. Or I can understand what that, that would stop me from doing if I did it, I could turn that feature on. But it would cause all of these problems.

    Mary Jo Foley:                 33:06                   Hmm. Any Microsoft Learn courses or anything? Or any course that you would recommend and you can even include your own if you would like.

    Orin Thomas:                   33:16                   Well. So there is a Microsoft official curriculum course, which is I think it’s 744 which is hardening. I think it’s hardening a Windows Server Environment. And in my current, which is a Windows Server 2016 inside out and in the updated Windows Server 2019 inside out, which comes out early next year in the updated version, I’ve actually added an additional chapter on just hardening Windows Server so that one doesn’t come out until early next year. But again, this is a topic that people are really interested in. So it’s one of those ones that I’m covering there at the moment. We don’t at the moment have something on Microsoft Learn specifically about hardening Window Server, but our hope is, especially with the team on part of that, we’ll be able to get that sort of content in there at some stage.

    Mary Jo Foley:                 34:08                   Nice. All right, well we are out of time, but I just want to say thanks again for coming on and talking about this topic. I know it’s something a lot of our listeners and readers care a lot about, so thanks Orin for that. Thank you very much, and for all of you other regular listeners out there, we’re going to be back in a couple of weeks with our next guest, so be be sure to watch for that. I’ll be posting the information on and that will be your signal listeners to send in some questions. All you have to do is go to the MJF chat area in the forums on Petri and submit questions right there and in regards to this chat with Orin, look for the audio and the full transcript of it as with all of our chats in the next few days. Thanks again.

    • This reply was modified 6 months ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: Whats in your system tray? #620544

    Newton mail
    Nvidia Control panel
    CAM System Montior

    Brad Sams
    Brad Sams
    in reply to: Microsoft's Chromium-based Edge browser (for IT pros) #620500

    You can find an audio replay, here.

    Mary Jo Foley: <u>00:04</u> Hi, you’re listening to, MJFChat show. I am Mary Jo Foley, aka your community magnet. I’m here to interview industry experts about various topics that you, our readers and listeners want to know about. So today’s MJF chat is going to be about Microsoft’s chromium based edge browser, which sometimes we affectionately call Chredge. My guest today is Russell Smith an IT consultant, trainer, author and regular contributor to Thank you so much for joining me Russell.

    Russell Smith: <u>00:44</u> Thanks for having me. Mary Jo.

    Mary Jo Foley: <u>00:46</u> Looking forward to this one. I myself am running both the Dev and the Beta channels of Chredge right now and I really like it. I’m running it on Windows 7 and 10.

    Russell Smith: <u>00:58</u> Right. Yeah, me too. I’ve been using it I think since the day it was launched or the day after. To be honest, yeah, I love it. Which is surprising because I’ve never really been a big fan of Google Chrome. So as a little bit to dubious, about Chredge, but so far I haven’t really found any problems with it. It does everything that I needed to do.

    Mary Jo Foley: <u>01:22</u> That’s awesome. So maybe we should just start at the very beginning for people who don’t know and have you addressed, what is chromium based edge and when do you think it might GA?

    Russell Smith: <u>01:35</u> Yes, Chromium based edge or Chredge is basically an evolution of Microsoft Edge, which is the current browser that ships with windows 10. So if we go back a little bit further, the current version of Edge is actually like a stripped down version of Internet Explorer, but with a new rendering engine that Microsoft developed specifically for Windows 10 Edge and it’s called Edge HTML. Now the problem with the current version of Edge that’s in Windows 10 is well there are a couple of problems I guess, or even more than just a couple. So I guess the first is that it has a very small market share, right? So I don’t know what the market share is. I think it’s like 2% or something.

    Mary Jo Foley: <u>02:27</u> I had heard a generously limit of five.

    Russell Smith: <u>02:30</u> Okay. Maybe, maybe five or something like this.

    Russell Smith: <u>02:35</u> Now the problem with having a very small market share is that developers don’t test their websites against it, right? Because, well, why would they? Because nobody’s using it. So you get a lot of issues with sites not rendering properly. Some sites just don’t work. Whether that’s because the developer has decided to put an artificial block in it because they don’t want to support it or whether there’s a feature that Microsoft hasn’t developed within Edge and you find that in Google Chrome. So they develop and test against Google chrome.

    So there are lots of issues with compatibility. think with speed, although Microsoft claims that in certain circumstances the current Edge actually runs faster than chrome. I think that there are also issues with the fact that people just don’t trust Microsoft browsers, obviously. Obviously with the legacy history that we have with Internet explorer. So now we’re at today’s point where Microsoft has basically decided, well they already decided, I guess probably last year and kind of launched, was in January or February this year?

    Mary Jo Foley: <u>03:53</u> Yeah.

    Russell Smith: <u>03:53</u> So it’s all a little bit confusing because as we just discussed offline.

    Mary Jo Foley: <u>04:06</u> Yeah, I know that. So we should be clear about why we call this Chredge and you know, besides just, it sounds funny, that’s a joke. Microsoft’s current browser is called edge. The new one when it launches will also be called Edge. So it’s hard to distinguish sometimes between which Ed’s you’re talking about current Edge or the new Edge, which was codenamed Anaheim. I mean, I guess we could use code named Anaheim, but I don’t think a lot of people know that code name.

    Russell Smith: <u>04:31</u> Yeah yeah sure.

    Mary Jo Foley: <u>04:31</u> The new Edge also runs not just on windows 10, but on windows 7, 8, 8.1 and Mac OS, so then you have to talk about which Edge you talking about. Then there’s a separate Edge that runs on Android and a separate edge that runs on IOs. So there are a lot of things called edge, right?

    Russell Smith: <u>04:51</u> Yes, yes. So I mean officially, officially this was launched as the Microsoft Edge Insider Preview. I think that’s the kind of official official name. Lots of people are calling it kind of chromium based edge or Chredge for short if you like. The main difference with this version of Edge is that it’s based on an open source project, Chromium, which is actually what Google chrome is based on and it uses a rendering engine called “Blink” right now.

    And as you just said, Mary Jo, the other major differences are that this has been supported on a whole wide variety of platforms including platforms which are just about to go out or supports like Windows 7 and Windows 8 and Mac OS and of course we already have Edge on IOS and Android. So the IOS version is based on Safari or the Safari rendering engine if you like. The android version a of course it’s based on Chromium. So Microsoft actually already has experience building a browser based on Chromium. So that’s basically what’s happening. It’s been a very controversial decision. There are lots of people very unhappy about it because they think that this is going to reduce competition in the marketplace, that now we have one less major browser, whether in fact as we’ve just discussed, it has such a small market share.

    Russell Smith: <u>06:51</u> I don’t think it really matters to be honest. It’s not a real contender anyway.

    Mary Jo Foley: <u>06:55</u> So I’ve actually personally found the new Edge to work better on lower power devices like my Surface Go because things like Tweetdeck didn’t use to work well or sometimes even almost at all with the old Edge, but with the new Edge it works so much better. You know, I guess at the time when Microsoft was talking about the reason they did their own version of their browser was to have diversity in the ecosystem and all, I was like, okay, I buy that. But if diversity and heterogeneity means it doesn’t work great, then I’m not for that.

    Russell Smith: <u>07:32</u> Yes, sure. I also think one of the major reasons that Microsoft basically had to do this was because of, well you could say, now we can talk about Windows S mode or Windows S and Microsoft and the Windows Light OS, which is supposed to be coming probably sometime next year because on those devices you cannot install another browser.

    Russell Smith: <u>07:56</u> You are stuck basically with what you have and Microsoft Edge as it stands on Windows 10 as you’ve just said, it just doesn’t cut it. It just doesn’t cut it. You know, people are using the browser as the main means for productivity. If you’ve got a browser that you know, doesn’t really work, isn’t compatible or is slow, people are just not going to adopt, you know, Windows Light OS or whatever comes next. You have to have something that is compatible and you know, performs at least as well as Google Chrome, which is what many people use as the default browser. So, you know, it has to be as good as that if not better. I don’t think Microsoft really had a choice to be honest.

    Mary Jo Foley: <u>08:41</u> I agree. I don’t know when it will GA, have you, have you heard anything about it?

    Russell Smith: <u>08:48</u> Officially nothing, but I would expect that they will aim to put this into 20H1. I have heard somewhere that they are gradually pulling out the current Edge icons of insider preview builds of 20H1 and I assume that’s to kind of prepare for slipping in the new version of Edge in there.

    Mary Jo Foley: <u>09:14</u> I bet you’re right. I bet you’re right. You know the one thing I meant to mention, which I think is a really positive development also about edge is even though it will be part of Windows 10 still, we believe it’ll still be an in box app when you download 20H1 for example. They’re going to be updating it and making it available outside of the operating system even for Windows 10 users. So it’ll be updated through the store. And that means it should be able to be updated more frequently than the operating system itself, which is good news.

    Russell Smith: <u>09:54</u> Yes. That’s also important because the current version of Edge, it gets updated basically only when you get a feature update for Windows 10 and that’s it. So obviously Chrome has been updated once a month.

    Mary Jo Foley: <u>10:07</u> Right, right. So I think one of the biggest features that IT Pros are going to be interested in Chredge is this thing called Internet explorer mode or IE mode. Could you talk a little bit about that and what it is and how you actually use it?

    Russell Smith: <u>10:24</u> Yep. So we actually already have Internet Explorer mode for the current edge, right? Basically what it is, it’s a group policy setting where organizations can define a list of sites which they want their users to open in Internet Explorer as it stands in Windows 10. So what actually happens right now is if you’re using Edge and Microsoft 10 and you go to one of these sites that’s been defined by your organization as only compatible with IE, what actually happens is you get a message in the edge browser window that says basically the site is only compatible with IE and it automatically opens up in IE but in a completely different browser. So that’s how it works at the moment. So what Microsoft announced at Build was that the new version of Edge is going to support IE mode as well, but it’s going to work differently.

    Russell Smith: <u>11:28</u> So instead of opening up those legacy sites in Internet Explorer, you will essentially get a new tab in Chredge running the Internet Explorer or rendering engine, if that makes sense. The idea of this is to allow users to just use one browser rather than having Edge or Chredge or IE open as well. Everything will just happen in one browser window. I haven’t actually looked to see how they’ve implemented this in Chredge at the moment, but it might be that the users are not even aware that the new tab is using Internet explorer as a rendering engine if you like. It will be completely seamless to the end user.

    Mary Jo Foley: <u>12:16</u> Which is great. So Chredge IE Mode, do you think that’s going to support active x controls and browser helper objects?

    Russell Smith: <u>12:25</u> Yeah, so it is going to be full of compatibility. At least Microsoft says they’re aiming for full compatibility and it will support all of those technologies which were proprietary to Internet explorer. They don’t work in any other browser. So things like active x controls and browser help or objects BHOs. If you have legacy applications or internet site that relies on those things, they will indeed work in Chredge.

    I think it’s worth saying that Internet Explorer mode in Chredge isn’t something, at least I don’t believe this is something Microsoft is going to allow you to just switch on as an end user. You won’t be able to just decide, I want to open a new tab in IE mode. At least that’s not built into it at the moment and I don’t think that’s what they’re going to allow you to do. This is something that you’d have to define and group policy.

    Mary Jo Foley: <u>13:18</u> Okay, that’s good.

    Russell Smith: <u>13:19</u> That’s not something you can go into a menu and just find.

    Mary Jo Foley: <u>13:22</u> Right, right. Got It. We’ve got a reader question from Hoorge who said, Chredge has been great so far, but do we know exactly which features from the old Edge, like annotation, sharing and reading lists are going to be available? Like, do we even know that all of these will be available and do we know when they’ll be available in Chredge?

    Russell Smith: <u>13:45</u> Microsoft has said that they will bring some of the features across if they think they are wanted and that they make sense. So the short answer is that we don’t know exactly the list of features that are going to be brought across. I would be surprised if they’d bring the lead in risk list across, to be honest. Maybe, I don’t know. Do you use it? Do you know anybody who uses it?

    Mary Jo Foley: <u>14:14</u> I don’t use it, but whenever we talk about it, maybe not being in there, they’re always the people that come out of the woodwork and say, wait, I use that feature. Right. So I don’t think they’re going to be able to do every feature or decide to do every feature. But again, even though they’ve given us a pretty good roadmap of what they’re going to do, especially in the enterprise, I don’t think they’ve actually committed to every feature being in there. But what about security though. What security features do you think?

    Russell Smith: <u>14:47</u> I think they have promised to bring across smart screen. So this is the system that basically checks the website that you’re visiting to see whether it hosts any malicious software, that kind of stuff or kind of efficient website or something like that. So they promised to bring that across. They’ve promised to support Windows Fefender Application Guard, which is the kind of sandboxing system for the entire browser if you like, to isolate it from the base OS. And what else would they promised to bring across?

    Of course, we’ve got now support for more than 180 group policy objects which this something that they recently added a group policy support. So that’s obviously important. They promised to bring across a conditional access and integration with Azure active directory. So quite a lot of that security stuff is coming across because otherwise enterprises are going to wonder why they don’t stick to Edge.

    Mary Jo Foley: <u>15:53</u> So yeah, exactly. What about mobile device management deployments in Windows 10?

    Russell Smith: <u>16:01</u> They’ve settled that it’s going to be supported, but the official line at the moment seems to only be within Intune or at least that is what’s written. So I don’t know whether that will be extended to other third party mobile device managements solutions or whether it’s something that we’ll only get with Intune, but it’s definitely on the roadmap.

    Mary Jo Foley: <u>16:22</u> Yes. Okay. Okay, good. So I don’t want really want to bring this up because it’s a loaded question, but UWP apps, whatever those are these days. Right. The ones that use Edge HTML, the old rendering engine, will those still be supported in Chredge?

    Russell Smith: <u>16:43</u> Yes. At least what Microsoft has said, is that if you have a UWP app that currently uses Edge HTML, but even when Chredge reaches general availability, but your applications will be able to remain on the existing rendering engine Edge HTML or they will be able to use the new Chredge engine. So it won’t mean that’s when Chredge GA’s that suddenly all of your UWP apps are going to stop working. Now for how long Microsoft will support that situation of course is another question. It doesn’t make sense in my mind to support Edge HTML forever of course. Right. But at least in the short term there will be some duality in rendering engines if you like.

    Mary Jo Foley: <u>17:39</u> I mean, I think that’s a good move because you know, Microsoft heritage is supporting legacy and they got people who are developing apps to commit to using eight Edge’s HTML. It would be kind of, I dunno, uncharacteristic of them to just suddenly say, and by the way, we’re not doing that anymore as of whenever edge, the new Edge GA’s. I think they do need to give people a ramp. Right?

    Russell Smith: <u>18:02</u> Yeah. I think you see that they’re still supporting IE 11 four years after Edge GA] and windows 10, so. I think, you know, you’re going to have five or six years support of Edge to Edge HTML as a minimum. They have to anyway, I think because you’ve got the long-term service in branch of windows 10 as well, right. Which is what, four or five years of support. So they can’t just ditch html.

    Mary Jo Foley: <u>18:27</u> I think it’s 10. Is it 10 still?

    Russell Smith: <u>18:27</u> Yeah. It might be 10, even if you include the extended part. So I don’t think, you know that they’re going to suddenly ditch Edge HTML. That’s not going to happen either.

    Mary Jo Foley: <u>18:37</u> Let’s talk a little bit about the new Edge on Windows 7. I think this was a smart move for Microsoft to decide to deploy this because even though windows seven is officially no longer supported by Microsoft as of January, 2020, there’s still going to be people who are running it, unsupported and they’re also going to be people who buy the extended support contracts from Microsoft and continued to run it for up to three years.

    So I think it was a good move for them to bring this to Windows 7 finally. Especially because I know a lot of companies, and larger enterprises too, you know, they may buy Windows 10 and downgrade it through their licensing rights so that everybody’s running the same version of Windows. But what do you think about them supporting Windows 7? As a secondary part to the question, what about automating deployment of Chredge to Windows 7?

    Russell Smith: <u>19:38</u> Well, of course one of the big problems with UWP apps and Edge itself in Windows 10 was that there was no legacy support for Windows 7. Of course when Windows 10 launched, you know most of the world was still using Windows 7. I don’t know what percentage of Windows deployments are now Windows 10 versusWwindows seven I don’t know. Has it reached 50 50 or whatever it is.

    Mary Jo Foley: <u>20:05</u> Yeah. I just saw a new stat this week that’s high 30 percentage points are still running Windows 7.

    Russell Smith: <u>20:12</u> There is still a sizeable population that is using Windows 7. Of course if you exclude them for those new technologies, then of course developers are going to think, well now why would I write a UWP app on Windows 10 if you know most of the world is still running Windows 7 at least that was the case four years ago. You know, I think the same situation with Edge now. If Microsoft is serious about Edge, really getting hold on the market, then they have to make it available everywhere.

    If Windows XP has anything to go by, you know, Windows 7 isn’t going to die inJanuary 2020. As you said, there’s the many, many reasons why people might, organizations might still use it. There are also windows virtual desktop, which is still in preview, but when that GAs, I don’t know whether that’s due to GA, but when that GAs, you will also be able to choose to use Windows 7 for a limited period of time. So that’s the virtualization in the cloud, of Windows not just going to be Windows 10. Also Microsoft offering Windows 7 after January 2020 there. So again, they need to have this browser support it because otherwise you’re excluding a whole chunk of your corporate customers. And of course your consumer customers who just basically won’t upgrade Windows until their PC dies, you know.

    Mary Jo Foley: <u>21:46</u> What about automation of deployment Windows stuff?

    Russell Smith: <u>21:49</u> Yeah, so automation, this is going to be provided. So Chredge is going to be provided in the form of an offline installer across all of the supportive platforms. So basically you will be able to deploy it using pretty much any deployment solution like system center configuration manager for instance, or any other deployment solution that works with Microsoft install technology. You’ll be able to use it, um, unlike the current version of Edge where it’s completely baked into the OS and there’s no other way to deploy it. It’ll be widely configurable in terms of deployment.

    Mary Jo Foley: <u>22:32</u> Okay. Great. Anything else you want to add that you think IT pros might be interested in knowing about the coming Chromium based Edge?

    Russell Smith: <u>22:44</u> So what else? It’s going to have enterprise grade integrated PDF support and I’m not quite sure what they mean by enterprise grade, but we’re going to get that. In terms of features coming over from the existing Edge, I do think it’s probably quite likely, I’ll be surprised if they don’t bring across, the One Note annotation feature just because that’s something they pushed quite a lot on the Surface products. So I’d be surprised to see that go. But who knows? Maybe it depends on how, you know, is it really used as often as we think it’s used or as often as Microsoft would like us to think that it’s used.

    Mary Jo Foley: <u>23:25</u> You know what I heard, um, this is still kind of unconfirmed but genuinely positive speculation. They’re going to bring Chredge to Linux I believe.

    Russell Smith: <u>23:36</u> Oh, right, okay. I hadn’t heard that.

    Mary Jo Foley: <u>23:37</u> Which, you know, some people are like, oh, you know, how many people really would use it on Linux? Well, if you’re going to have it be a MacOS I think having an on Linux is probably a good idea too. Especially the way Microsoft these days is putting a lot of support into the Window subsystem for Linux and Linux in general.

    Russell Smith: <u>23:57</u> Well maybe, I mean I guess the Chrome is available for Linux, I guess it must be. If chrome is on Linux and I think Chredge also needs to be on Linux, so that makes a lot of sense. If market share is part of the goal here, then of course it needs to be there as well. It needs to be everywhere that Chrome is.

    Mary Jo Foley: <u>24:16</u> It does. I think that is the perfect end point to this podcast. It was a good slogan. So for all of you regular listeners here, we’re going to be back in a couple of weeks with our next guest, so be sure to watch for that. I’ll be posting the information on and that will be your signal listeners to send in your questions. All you have to do is go to the MJFChat area and the forums on and submit questions right in there in regard to this chat with Russell. Look for the audio and the transcript of it as with all of our chats in the next few days. Thanks again, Russell for doing this.

    • This reply was modified 6 months, 2 weeks ago by Brad Sams Brad Sams.
    • This reply was modified 6 months, 1 week ago by Mary Jo Foley Mary Jo Foley.
    Brad Sams
    Brad Sams
    in reply to: Career tips and tricks for IT pros #620244

    You can find the audio playback, here.

    Mary Jo Foley: 00:00 Hi, you’re listening to’s MJFChat show. I Am Mary Jo Foley, Aka Your community magnate. I’m here to interview industry experts about various topics that you, our readers and listeners want to know about. So today’s MJF chat is going to be mostly about career tips and tricks for IT pros. My guest today is Rick Claus , Microsoft cloud advocate team lead, craft beer connoisseur, and proud owner of the Tilley hat. Thank you for joining me. Rick. You like that intro?

    Rick Claus: 00:45 I didn’t know that Tilly was endorsing us in sponsoring us this episode. That’s fantastic.

    Mary Jo Foley: 00:53 Thank you very much.

    Rick Claus: 00:54 I should probably ask you, can I call you MJ or do I call you Mary Jo or what would you prefer?

    Mary Jo Foley: 01:00 People do MJ and Mary Jo both. So whichever you prefer. All good.

    Rick Claus: 01:05 Okay, sounds great.

    Mary Jo Foley: 01:07 So before we get into the career tips and tricks, I want you to tell our listeners a bit about your career path because I know you’ve been at Microsoft about 15 years and you’ve had a lot of twists and turns and also relatedly, what is a cloud advocate?

    Rick Claus: 01:24 Okay, well I’ll see what I can do. So my formal background, if you call it formal cause people always ask what kind of degrees you have. I don’t have a university degree. I originally was going to university way back when I want to give you the exact dates. I was going after what I was passionate and interested about, which at the time was actually theater directing. The part that got me into technology was the fact that actually my father was an electrical engineer at university and was a professor and he brought home, you know, quote-unquote the first computer back when I was a wee young lad in grade four, grade five. That’s where I got started with technology and I started to collect the salary in technology because I literally was the guy who sat in front of the computer and jiggled the cable to get the printer to work.

    Rick Claus: 02:19 That would have been in the late eighties, early nineties timeframe for when I started. Eventually grew through a bunch of different careers being the person that got computers to work, gradually working at building a local area network, and then a wide-area network with multiple different companies and organizations. Back then it was banging vines back in the Windows 311 for workgroups interface and that progressively led into windows systems and windows servers as well. Fast forward a little while from that to becoming a trainer and a consultant for a training company based out of Toronto, Canada that no longer exists anymore. And then from there I did some consulting and training for other companies, freelance, both the United States and in Canada, mostly in the consulting side. I happened to sit down and train a person who actually now is on my team here at Microsoft and he suggested that I apply for a job, which was at the time a technical evangelist role at Microsoft.

    Rick Claus: 03:31 And that was almost 15 years ago, and that’s how I got my job at Microsoft. Basically even the consulting world, and going into the technical evangelism space, the concept was we needed technical people that had walked a mile in the it pros or the operations professionals shoes, doing their racking and stacking of servers, managing of systems, networking, you know, your traditional stuff you’d expect for it pros and, and CIS admins to do. They needed people like that that could actually get in front of customers and get in front of audiences to be able to talk about technology. That’s where I got into the role of a technology evangelist at Microsoft 15 years ago.

    Mary Jo Foley: 04:15 Wow. Okay.

    Rick Claus: 04:17 So fast forward to now cloud advocacy. That’s kind of the 2.0 version of doing technical evangelism activities where instead of being the person that’s on the soapbox, on the corner with a megaphone talking about how fantastic product x is, instead is pivoted to be more of an engaging and listening, mechanism or role to different online communities and in-person communities. The community that I focus on is IT Pros and operations folks that typically work inside of, I guess you’d call them enterprise and small-medium businesses, one of the larger side for Microsoft ecosystem because of my background. We take their feedback about what they like about the products, what they don’t like about the products, we help them identify gaps and problems with the products and resources to be able to use them. And then we take those back to engineering teams and our own teams to be able to try to solve with product updates and, changes to those individual services or even just better resourcing and documentation and, demos and other things that could help them learn how to use something better on-premises or up inside of the Azure world.

    Rick Claus: 05:29 Cause we were from Microsoft inside the classroom. That’s where cloud advocacy comes into play here.

    Mary Jo Foley: 05:35 Okay. That’s good to know. I’ve heard that title a lot because I feel like there are more and more people who have the Cloud Advocate title at Microsoft, but I wasn’t exactly sure what it meant.

    Rick Claus: 05:47 You could think of developer evangelists kind of were first then came technology evangelists, which are the operations folks after that. And I was one of those, I was one of the first 12 that were hired at Microsoft way back when 15 years ago. And then the same thing, they were cloud developer advocates that came first at Microsoft and there has been developer advocacy at all sorts of tech companies, over the last couple of years. And then, I can tell you the story, but maybe it’s not the right place for this story here, but basically I was tapped on the shoulder for my engineering role as a pm to come and see if we could start up and create a team of advocates that were specifically targeting the it pro audience. So I have created and manage a team of seven resources around the world to be able to do what I do.

    Mary Jo Foley: 06:36 That’s awesome. Nice. So I’m going to give you the hardest question here first. It’s related to what you were just talking about, which is Azure in the cloud. One of the readers on Petri, let me see if I can pronounce his name correctly, Hadriendugas asked, “why should I choose to work on an Azure cloud when providers like Amazon already are occupying a third of the cloud market? What makes Azure more powerful and more responsive or more diverse than Amazon?”

    Rick Claus: 07:11 That’s a great question. That is howI’d like to start my questions so I can think about it for a second to come up.

    Mary Jo Foley: 07:17 That’s a good trick.

    Rick Claus: 07:20 My philosophy has always been in this particular role for the entire time I’ve been at Microsoft has been what is the right technology that’s going to provide the solution for the person asking the question, spending time to figure out what that happens to be. We don’t have that kind of detail with this particular question, but, one of the reasons why I’m at Microsoft and believe in Microsoft’s vision and Satya’s vision for what we’re doing with the cloud, is that I see it from a practical perspective of growing through the Microsoft ecosystem. A huge percentage of all the different organizations that are currently enterprise customers around the world have a very large footprint of Microsoft services and Technologies on-premises, that they use in right now.

    And they’re starting to dabble and use the cloud in different areas. The engineering team that I spent three years in on the Azure side before joining this role, it was our mandate and mission to make it so that the experience for people that are using those types of technologies in the Microsoft ecosystem had a really good experience using them also inside of the Azure environment.

    So you could translate your skills easily from on-premises up into Azure. So things like making Powershell better to be able to manage Azure resources. It’s been up and down, up and down based on how you’re looking at that over the last number of years as things evolve and grow because it’s a distributed management process. But, I find that I have a lot more attach of technologies that will work on-premises inside the Microsoft ecosystem that tie into Azure to give me some added benefits. My current one that I like right now is Azure File Sync, very, very popular with IT Pros, all these aging, servers and NAS devices, and SANS that are serving up storage on-premises.

    Rick Claus: 09:06 Why not take advantage of scale and using some of those resources that are no longer required on-premises, from a file perspective cause their archival information have them automatically moved up for you into Azure cold storage, Azure storage counts that basically, you know, hundreds of terabytes of storage available in the is for you to be able to use. And then if a customer needs one of those files, they can simply click on that file to open it and it’s going to bring down the actual hot version of that file from cold storage, if you will, and make it as if the end-user never had to worry about where that file is located.

    It’s completely transparent to them. So a better experience for your on-premises technologies in the Microsoft ecosystem, it’s going to naturally be coming from an environment where Azure was made by the same people, in the same company that’s been working inside that space for quite some time.

    Mary Jo Foley: 09:55 That’s a, that’s this is a really perfect segue to a question I had. So like the idea in my head is if you’re an IT Pro and you’re experienced in say windows server or you’re experienced in office on-prem or you know, even more, specialized like Exchange or Skype for business or Teams or whatever. Do you like have a set of recipes where you say, okay, you’re a guy or a gal who knows about windows server, here’s how I would suggest you start thinking about moving your career ahead. Like as are there products or paths or I, I guess I’m wondering how do you, how do you kind of guide people or counsel them who say, I only have experience on-prem with older technologies and I want to stay current and I want to advance in my career? What do you tell them?

    Rick Claus: 10:45 Well the good thing is my team is actually tasked with creating a bunch of these resources so that’s good to know that there are people at Microsoft that dedicated this kind of information and content creation.

    Mary Jo Foley: 10:58 All the new docs, right?

    Rick Claus: 11:01 That’s exactly where I’m heading. Basically, I would actually go to a more interactive place, which is a I would go there and if you make a profile of a Microsoft ID of some kind, like a, you know, a live id kind of thing, you can basically have a profile that tracks your progress as you’re going through different tiny micro-learning segments if you will.

    These aren’t necessarily, um, like you, what you would expect from an online learning company, like a pluralsight as an example where it’s like an in-depth video and demo and you’re kind of watching this two or three-hour segment of multiple different types of topics on let’s say Azure administration. Instead, you can go to the site and then just do some browse searching for some keywords. Like windows server like Powershell, like Azure.

    Rick Claus: 11:50 Then you can also filter to say, you know, my role really I want to become an administrator. Like I am on-premises, but I want to start looking at the Azure side . Just type in the word administrator as the keyword. You’ll actually find a learning path of multiple modules that build on each other to be able to go off and get used to provisioning your first machine, interacting with it, managing it with Powershell, throwing a web server up there, that sort of stuff. Those types of incremental steps and experiences are actually all available to you inside of the live sandbox environment that you don’t have to pay for.

    Mary Jo Foley: 12:24 Yeah, I was going to ask you it’s free, right?

    Rick Claus: 12:26 Like it’s completely free sandboxes that are small enough for the duration of your no screens basically.S o long as you have an account profile that you’ve created on the site, then it tracks your progress as you go through them.

    Rick Claus: 12:39 So when we launched that last September back in 2018, there was a missing chunk of stuff for your administrator types that are used to working on premises. And so my team stepped up and we helped create a whole bunch of those different modules and we’re continuing upon that experience now. Those particular modules, we’re now have created content that happens to also match up with some certification exams, which I’m a big fan of certification. There is content there for the AZ 900 course, AZ 103, which is the Azure administrator, AZ 101 exams as well. Those types of content are going to be available to go through, in a guided knowledge checking knowledge testing, kind of miniaturized chunks of microlearning you can go through and track your way through them.

    Rick Claus: 13:31 So that’s where I point everybody to go off and start to use Azure because you don’t have to pop down a credit card for guided experiences for how to answer questions and do some scenarios and then actually see the results of how they work in the, in a live-action environment.

    Mary Jo Foley: 13:44 I remember when you announced Azure learn, I think it was at Ignite last year. At the time I was like yeah that’s another learning thing. But then when I started looking at it, it’s that you actually get quite a bit for free.

    Rick Claus: 13:57 The cool thing is it’s evolving to like, we’re trying to bring some new experiences because originally it was designed from a developer perspective cause it’s a bit easier to simulate some stuff inside of development experience. What they’re looking for. It’s a bit more complex to be able to have, you know, multiple machines spun up for you to be able to use inside of the sandbox environment that’s there.

    Rick Claus: 14:20 So we’re looking at expanding upon those in the coming year to make it even richer environments to try some hybrid solutions, things like that. Right now it’s native inside of Azure. Spin up your vms, do some kind activity, do some networking, do some VPN connectivity in that sort of stuff. The basic things you would expect to want to do if you were an on-premises person going ahead and using Azure for the first time.

    Mary Jo Foley: 14:44 Cool. Very cool. I know your role is in Azure and you’re a cloud advocate and all, but if you were not in Azure and you were giving someone guidance, who’s an IT Pro right now, who says, okay, what else besides general cloud do you think I should be looking at when I’m thinking about the place to go for maximizing job security and hopefully my salary. What other areas, do you like say data science or is that too kind of specialized?

    Rick Claus: 15:15 I’m still kind of traditional old school right now. I believe that there is a very large opportunity to continue with your on-premises knowledge, even just using more modern versions of on-premises solutions that you have right now. So if we’re talking about my space, which is infrastructure and background and infrastructure and data centers, I would be looking at how I can go off and modernize my on-premises server infrastructure from an active directory perspective to be the most recent version of active directory that would be using server 2019 as opposed to server 2012 or 2002 or whichever it happens to be. Looking at those different workloads that are running on premises that are of those different versions and how I could upgrade them to newer versions, within windows server.

    The reason why is because those give you the easiest hook to start to leverage some of those hybrid services inside the Azure space or the new windows admin center interface for being able to go off to manage them, where you can start to dip your toe and understand on-premises 80% of your time and then 20% of your time doing some hybrid services and hybrid capabilities as well.

    Rick Claus: 16:27 So to me, it’s hybrid. Hybrid’s gonna be around for quite some time and getting the knowledge of how to hook up, how to leverage services, which ones to use, which vendors to use, is going to be pretty invaluable. To me going and changing direction completely and going into an AI base or going into data sciences or things like that. Those are going to have a slightly higher barrier to entry.

    Mary Jo Foley: 16:49 For sure.

    Rick Claus: 16:50 But I’m looking for the easy progression. The best asset a person has that has been in the industry for a little bit of time or for some period of time with the company that they are with is the fact that you have that tribal knowledge of how the organization works and runs from an IT perspective. You can be the person that brings forward ideas on how to get better value for the stuff that you currently own and currently running. But then as I mentioned, what types of services you could bring down from different vendors like Azure and Microsoft to be able to bring you some value added stuff to some of the pain points you have right now.

    Mary Jo Foley: 17:26 That’s good. Yup. General question, also using the word general in it. When you talk to it pros, do you suggest they think about being generalists or do you suggest they specialize and why do you give them the advice that you do?

    Rick Claus: 17:44 This is interesting. I have a debate with this with my team constantly. I’ve seen kind of just looking at the industry from the years that I’ve been in it, I’ve seen it where people were very, very specialized and stuff that they did. They were the people that did the, you know, the operations of the, you know, AS 400 of the mainframes and stuff like that. And that’s what they did. And that’s all. Then they had to become a bit more generalist to be able to go off and support the advent of PCs come inside their environment. All the lovely support you have to worry about as that industry was maturing.

    Then they found themselves going in and specializing and all of a sudden now they are the persons responsible for the local area network, the servers and the network and infrastructure. And then people went down the path of being a security expert or the networking expert or the sand experts. So they went back down to very focused. But I’m seeing now is that they’re going away from being specialized going back to being more broadly, aware of all the different options of technologies that are there.

    But they still maintain a level of specialty for where their passionate happens to reside. So my team and I, I dunno if this is an industry term or whichever, but, my team and I refer to it as more of a t-shaped, approach. You have to have a depth in an area that you want to choose as being your area of specialty. In my case, it is infrastructure that I’ve chosen. In one of my team members case it’s identity and security of that they’ve chosen to be more, more depth on. But you have to maintain the broader peripheral vision around complimentary services and also the industry, in general, to be able to see where your depth technology can go in and tie into, so we typically try to say you’ve gotta be broad, but you also have to be deep in areas that you find value and also that you are interested in.

    Mary Jo Foley: 19:33 Yup, it’s funny. It’s very similar in our field too, in journalism. People always say, how do you even have a career in journalism anymore? Should I specialize or should I be a generalist and I 9 times out of 10 tell them to specialize. But sometimes you’d go back and you think, well like for me, I’ve specialized in Microsoft for my career. But is that a good idea or would it have been better to be like cloud reporter?

    Rick Claus: 19:59 You know, you’ve specialized in the Microsoft area, but then you are very passionate about asking people about data sciences, about AI technologies and about other things. So you’re specialized in one, but you still have a broad depth of a certain level more than the layperson that’s not involved technology at all. To be able to have those initial conversations about stuff.

    Mary Jo Foley: 20:19 Very true, very true. In addition to learn, which we talked about at the start of this chat, what are the kinds of resources do you suggest people take advantage of? Like, especially things they might not even know exist where they could find new ways to kind of think about their career and get excited about different technologies.

    Rick Claus: 20:43 I am a huge subscriber to simply being constantly curious and being a lifelong learner. That’s two buzzwords you’ve probably heard before. I firmly believe that and try to abide it as much as I can personally. And it’s served me well over the years. I tend to get involved in projects that are again on the peripheral that I’m not a specialist in, but I have an interest in because it’s complimentary.

    So like samples, identity as an example, and find opportunities to work on projects that kind of, you know, partner or shadow someone else that is an expert in that particular area. So one of the things that we have an opportunity to need to do here at Microsoft is participating in hackathons and hack weeks and stuff like that. I was at first kind of a naysayer because a lot of them that are in this space, we’re the largest software development company in the world, tend to be around development and development systems and the role of someone in operations or IT Pro, infrastructure-focused may or may not have the opportunity to really get that deeply involved in a short period of time of a hack over the course of, you know, three or four days.

    Rick Claus: 21:54 So we have gone in and we’ve created our own hack as an example of specifically looking at an operations problem that’s been overlooked and just kind of nursed along within our organization, within our company. We’re taking this on as a project. So we’re basically doing a specialized focused project work for, you know, four or five days, to try to solve a specific problem here inside of our organization and it’s opening me back up to having to learn some technologies that I thought I knew really well, but they’ve evolved over time . I need to kind of brush up on some of them right now.

    Mary Jo Foley: 22:29 That is part of the one-week hackathon?

    Rick Claus: 22:29 Yeah, the one-week hackathons going on right now. So there’s thousands and thousands of projects that are going on and there was a handful of them that I found were kind of interesting and this is one that I was asked to participate in specifically.

    Mary Jo Foley: 22:45 Very cool. So before we do anything else, we also have to talk about beer. For those listening who don’t know, Rick is really serious about beer brewing. He’s won a bunch of awards for beers that he’s brewed with friends and his team. So I’ve dabbled a little in a home too, and I always think it’s interesting how many people are in tech, who also happened to be homebrewers or brewers in some way. But I’m curious, what are you brewing right now?

    Rick Claus: 23:20 I’m a gadget guy. I love gadgets. At the end of June, I think it was. There’s this company called Glickman Engineering that builds really good homebrew materials and for the prosumer type market, they just released an updated version of their temperature control device that allows you to zero in on temperature control during the mash period of soaking the greens to extract the sugars that make the base of your beer before you go in and, and you add hops and oil it and then ferment in.

    Rick Claus: 23:57 And so I made a test batch using this new device that I purchased from them to see how it works. And so I actually have a Manny’s Pale Ale Cologne that I’ve made right now that’s just finishing fermenting and ready for the dry-hop edition. But I got to use this, basically like an IOT device that actually has a nice little screen on it that allows me to set my temperature all through and it’s gonna fluctuate and turn on and turn off the gas burner and light it automatically for you to maintain and achieve and then maintain that temperature that you have at set for and based on clocks and counters, we’ll go through and increase or decrease it based on your recipe as well. I’ll have to let you know how to try it turns out but according to the numbers, it looks like it’s going to be good because of those gadgets that I picked up and tried and then in my bright tank I also have a Summertime Wit that needs to be caked and made servable cause it is summertime of course.

    Mary Jo Foley: 24:58 Of course. Of course. Yeah. I was going to say, do you have any summer favorite styles or beers and what’s always a good one?

    Rick Claus: 25:05 What we do is my team and I get together and we make a big batch of Wit, so maybe 15, 15 gallons of Wit. And then what we do is we switch it out, with the fresh fruit Randall device when you serve it. So one weekend it could be blueberry. The next weekend it could be peach mango. The next weekend it could be watermelon. So you’re not locked into just one. You just swap the fruit out of the canister that the beer is flowing through before.

    Mary Jo Foley: 25:33 Oh Man, I get to come over for some of that, I think.

    Rick Claus: 25:36 Welcome anytime.

    Mary Jo Foley: 25:37 Thank you. All right. Any, any last tips, tricks or, or words of wisdom to share with the IT Pros?

    Rick Claus: 25:45 The biggest thing is honestly, as I mentioned, stay curious and be a lifelong learner. It’s something that you have probably gotten into as being a member of the profession, that people that work inside of IT. The big thing for me is besides lifelong learning and staying curious and that sort of stuff also understands that the skills that you have amassed already if you’ve been in the industry for awhile, are directly translatable into skills that work inside of the new cloud ecosystem. If you know, subnetting, you know, VPN connectivity, you know, infrastructure design for how to build a three-tier application on-premises and virtualization, it’s essentially the same skills inside of cloud vendor x like Azure. It’s simply a matter of understanding the new tools you have to use to be able to do it. But the architecture’s the same.

    Rick Claus: 26:36 Performance testing is the same. Security is the same. Just simply pivoting that knowledge to using the different set of tools and then understanding some of the nuances of work inside the cloud, to quote the good, Jeffrey Snowbird, treating your servers like cattle as opposed to pets. From a troubleshooting perspective, knowing when to quit and to simply rebuild it again and being able to go off and try it as opposed to as trying to sweat and labor over top of a server to try to fix it. So those are just a couple of things that worked really well from you over the years.

    Mary Jo Foley: 27:08 Hmm. I think that’s great. I think it always bears repeating that it doesn’t mean you’re antique or you’re a dinosaur just because you’re somebody who specialized in on-prem that a lot of those skills are transferable and you don’t have to start completely over from scratch.

    Rick Claus: 27:22 No, definitely not. They are definitely transferable. I call it an essential tribal knowledge that you have about those environments and then how to translate that to make it work inside of a new environment.

    Mary Jo Foley: 27:31 Great. Great. Well, thank you Rick. That was really great. Awesome, awesome tips, tricks and all beer, everything else. Thanks for having me on. For all of you regular listeners here, we’re going to be back in a couple of weeks with our next guest, so be sure to watch for that. I’ll be posting the information on and that will be your signal listeners to send in your questions. All you have to do is go to the MJFChat area in the forms on and submit questions right in there in regard to this chat with Rick. Look for the audio and the transcript of it, as with all of our chats in the next few days. Thanks again.


    Main blog for Rick’s team:

    MS Learn Azure Fundamentals learning path (especially good content for beginners in Azure/Cloud):


    • This reply was modified 6 months, 4 weeks ago by Brad Sams Brad Sams.
    • This reply was modified 6 months, 4 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: How to keep up with Windows patches in your enterprise #619956

    You can find the audio version of the interview, here.

    Mary Jo Foley: 00:00 Hi, you’re listening to’s MJFChat show. I Am Mary Jo Foley, Aka your community magnet. And I’m here to interview industry experts about various topics that you, our readers and listeners want to know about. So today’s MJFChat is all about keeping up with windows patches in your enterprise. And my guest is Brian Dam, software engineer at Recast Software and the force of nature behind the Dam Good Admin blog. Thanks for joining me Brian.

    Bryan Dam: 00:40 Oh, thanks for having me. It’s absolutely my pleasure.

    Mary Jo Foley: 00:43 Especially thanks because I know you just emerged from a disconnected vacation in the woods and you know that kind of made me wonder is isn’t there some kind of metaphor involving emerging from the woods and cutting through the underbrush of patch management?

    Bryan Dam: 01:03 I don’t know if it takes a similar mind, but let me tell you, doing patch management definitely makes you want to go run into the woods every once in a while.

    Mary Jo Foley: 01:11 I can believe that.

    Bryan Dam: 01:15 I came back just in time for patch Tuesday.

    Mary Jo Foley: 01:20 Ready? Rested, ready and all set for patch Tuesday. We’re going to talk about b week and c week. In fact, that’s actually where I wanted to start. I was thinking, you know, the nomenclature of patches as part of, I think what makes it feel so complicated and is, makes it so complicated for many people. So now that SACT has been sacked as you put in one of your blog posts recently, how do we, how do we keep up with all these ever-changing names? There’s things like b week, c week, LTSC, sac, blah, blah, blah.How do you yourself try to keep up with all this?

    Bryan Dam: 02:10 It’s kind of frustrating to say the least. I get that frustration from, from people that are asking me questions. Right? And so it’s how do you keep up with it? Patch Tuesdays still is a thing. I guess that’s what we’re all used to. We all know that on the second Tuesday of the month at 10:00 AM Pacific Standard Time is when patches are released. We’re just so used to that. We’ve kind of almost been lulled into, let’s say, a false sense of security. That’s what patching is. That was really always for security patches. There was a reason for doing that for, and we could talk a whole hour about why they chose to do that, but they did.

    Bryan Dam: 02:58 And whether you agree with it or not, kind of slightly irrelevant, but the point is that that’s what we all sort of thought that, oh, it’s just okay. We know exactly when patches are released. Microsoft always kind of said, well, that’s, you know, that’s just, our security patches. It never really committed to that being the only time that they released, but in a practical manner, they really didn’t break that rule. And then they really, really kind of start half, I won’t say break the rule, but I think people are now waking up to the fact that, oh okay, patches aren’t only being released on patch Tuesday.But I really think that monthly cadence still works, right? It is still true that security updates are released, I wouldn’t say exclusively, but that’s what they’re targeting. The targeting patch Tuesday is when security updates are released.

    Bryan Dam: 03:50 And so I still think despite everything else that they’ve changed, you can still viably have a monthly patch cycle if that’s what works for your organization.

    Mary Jo Foley: 03:59 And that is B week?

    Bryan Dam: 03:59 Yes, that is, that is B. So I mean if people are confused, the thing to understand is that still is true. And part of the things that are confusing about that is they’ve done some good work, which is they’ve created these nice pages that lists the builds, right? Cause now with Windows 10 and even Windows 7, now that they’ve gone to the fully cumulative update model, it’s really about a build, right? This is just a build they put out and the confusing part right now is that they’re putting out builds not once a month, right? They’re putting builds out two maybe three times a month. The website that you can go to that lists all the builds for particular version of Windows 10 right?

    Bryan Dam: 04:42 Whether it’s 1809 or 1803 or 1709, whatever it is that you’re seeing builds on this website more frequently than once a month. And that’s kind of freaking people out. And that’s where the b, c and d come in. So, so the B week and the seaweed and the t week, those are just, those are just the weeks that Microsoft will try and target a release. But the thing I want people to come away with is targeting week B, which is patch Tuesday and doing a monthly cycle is as valid as it’s as I would say it’s ever been. The upside is, is that they’re releasing on the other weeks they, they will release quality updates. So if you have a known issue, right, if you’re experiencing an issue, and I don’t know if you want to talk an hour about patch quality, but we could talk.

    Mary Jo Foley: 05:28 I mean I was going to ask you that as the opener, but I am like that is too cruel to ask.

    Bryan Dam: 05:34 We could, we could talk about patch quality, but those other weeks, do you have to push those out?

    Bryan Dam: 05:41 And I would say no. But it’s useful to know that they’re there. And again, the nice part about having that these websites is they are doing a better job of being a little more transparent about, hey, yeah, we have this problem. It’s a known issue. And if you have an issue, then there’s a chance there’s a chance, the smallest chance that they might actually fix it in the next non security release. And so maybe you do want to deploy that, but maybe not. Right? It’s difficult to know what to do with those things and it’s kinda freaked people out.

    Mary Jo Foley: 06:22 I like your point though, that the north star of patch Tuesday is still there. And I think some people have forgotten that because now it feels like we get patches every day.

    Bryan Dam: 06:33 Exactly. Yeah. No, it’s exactly that. When I look into it, if you look at some of the release dates for some of the, non windows Os Apps, Office 365, they’re releasing patches entirely outside of that cycle. And that’s fine. You have to look at your organization say, okay, well does the monthly cycles still make sense? And I think for most people the answer is yes. But what I tell people is, is if you’re not doing testing right, if you’re not doing any patch testing other than what we just push it out and see what happens, it takes as much time to do zero testing four times a month or five, you know, five times as it does once a month. So if you’re just kind of spraying and praying anyways, then maybe, sure.

    Bryan Dam: 07:23 Go for a weekly cycle, if that makes sense for you. I just don’t think the majority of people that make sense for, and so in which case stick with the monthly. I mean if you don’t like to the patch, well wait a week before you, you push a patch out, but a patch Tuesday is still when the very important security up security stuff comes out. The only caveat to that is when they do an out of band release, I’m okay not automating or planning for that. Right. It’s rare. It happens and usually there’s a big stink made about it. I mean, unless you are completely disconnected from the Internet, like you were going to know some way somehow that something has gone horribly wrong and you like and you and you need to do something about it.

    Bryan Dam: 08:13 And even then at one of my previous organizations that came out and we went to the security team and said, okay, Microsoft put out this, this, you know, this out of band patch and it, it looks bad. And they, they looked at it and they were reasonable about it. He said, well, they looked at it, they looked at what the vulnerability was and said, yeah, we’re not too worried about that. We don’t have that particular problem we don’t use or we have another, mitigate way of mitigating it. And so we’re actually, okay, not just putting, pushing what we called the big red button, which said, you know, just shoot. Who cares about testing? Right. So I’m fine still thinking of patch Tuesday, like you said, it’s the north star and stick with it. Okay, cool.

    Mary Jo Foley: 08:56 So we have a related question from one of our readers blood and he’s asking you about preview updates. So I think this is one of those other weeks, like d week maybe, or maybe it’s not that. So here’s his question. He said a lot of people decline these preview updates as they’re intended for further testing. However, when synchronized with WSUS they are automatically approved. There are third party tools to deal with this. He says, but considering it’s such important technology, it would be great if there was an automated way to deal with it within WSUS itself is there a solution to this?

    Bryan Dam: 09:39 This is one of the questions you want to ask questions. So one thing to talk about the preview, right? So and and so you mentioned preview, I want to talk about that because it actually pertains to the last question. Which is with Windows 7 when they went to the cumulative update model, the updates themselves were labeled preview, right? So the non be released, the Non Patch Tuesdays, they were named free view of monthly quality updates. I forget exactly what it was called, but it was like it was right there in the title and you just knew this was a preview update and that’s part of what when people started moving to Windows 10 they don’t do that. Right. The non B week updates, it makes me want to go check right now, but I’m, I’m 99% sure they’re going to be wrong, but I’m 99% sure they’re just labeled whatever .

    Bryan Dam: 10:28 There’s no freaky moniker. That was part of the confusion because people were used to, Hey, we saw these Windows 7, they’re called “preview” on Windows 10. Wait a minute, where’s the preview? I’m just seeing these other updates. So that word “preview” was part of the problem because people got used to it seeing in Windows 7 and then it was gone in Windows 10. So now to get to the question as a whole, I’m not aware that WSUS would automatically approve preview updates. I think what he means is that in WSUS, you can have automatic automated approval rules , but they’re basic. A lot of my experience recently is with config manager and you get very, very granular with what kinds of software updates, what kind of software updates you can choose to release as we’re in WSUS.

    Bryan Dam: 11:27 It’s less granular and I think what he’s saying here is that it doesn’t give us the ability to, to exclude these non security released. That’s an interesting question. I actually have a script and it’s on my blog that I think maybe he’s talking about, but you can proactively decline them. Remember how we talked about it? I want like 10 seconds to think of my answer. This is actually one of those I’m like, I’m thinking through, cause there’s not a great solution to it cause he’s right. I don’t know of a great thing to do proactively to say, hey, how do we not ever approve these? Because the way that WSUS works, which is I do the sync and then that kicks off the automated approval rules.

    Bryan Dam: 12:20 I’d want to go back and look and see if there’s any time in between there where you could proactively decline those and get those updates declined before the automated approval rules run. I just don’t remember off the top of my head if you can, how tied together those are in wcs. But yeah, he’s right. It’s not a great, not a great situation.

    Mary Jo Foley: 12:44 If you do have something, we can always add them to the notes and have a thing saying here there is a solution and here it is. It sounds like it’s not, not really built that way.

    Mary Jo Foley: 12:56 Yeah. Yeah. I mean this is where I could, I could talk a long time for WSUS, WSUS is the architecture, and this foundational technology that was architected, you know, way back in the early 2003 or so.

    Bryan Dam: 13:09 The thing we’re dealing with right now, the architecture and the last time anybody really, in my opinion, and I want to be clear, I’m not an MVP, I don’t, I don’t have any inside baseball on this. From my external experience, nobody’s done anything meaningful with WSUS since, 3.0 I think service pack two, which was in architected back in 2003 and later. Like the base architecture hasn’t been touched and I think this is one of those things where yeah, I mean when somebody put this thing together, nobody thought, hey, in 10, 15 years we might have these preview updates that we might want to not do.

    Mary Jo Foley: 13:47 Yup, things have changed, right? They way that the patches were originally conceived as so different now from how patches are handled.

    Bryan Dam: 13:56 Exactly. Exactly. Yeah. In the cumulative update model was, was a huge change for that. Right out of the bat, I was a huge fan of the cumulative update model was like, yes, this is what everyone else does.

    Bryan Dam: 14:08 And , I’m a huge fan of it, in part for political reasons because it gave me the opportunity to say, listen, we install a patch , and I don’t have a choice, right. Microsoft I can, I don’t have a choice as a system administrator whether to choose this patch or not chooses patch. If you tell me your application has a problem and I can’t install this patch, what that means is we can never ever install patches again because next month is going to have the same thing and that’s a powerful political tool. I hate having to say that.

    Mary Jo Foley: 14:44 I feel like admins, it’s not just doing the tech work that’s part of your job. It’s the political work too. Right?

    Bryan Dam: 14:53 Exactly. And what really worked for me at my organization, when they, when they mentioned that to first time, the first thing I did with them was go to security and talk about this and explain, if Microsoft is really, going to do this, if we’re going to go to the cumulative update model, these, these are the things I think it means.

    Bryan Dam: 15:13 What it means is we can’t really uninstall. If we uninstall a patch, it means we uninstall all the patches. We’re not even sure if the uninstaller will work. If we don’t do a patch, then we can’t do next month’s patch cause it’s cumulative and that’s how it works. So I got security on my side and that was a huge win. We did have times when a patch, again going back to past quality of patch, created a problem with an app and we had to discuss him, well, security said you have a month, I’ll give you one month and you need to figure this out because I can’t have that system vulnerable. So it was beautiful. I was out of the discussion.

    Bryan Dam: 15:55 It’s not me. It’s like, hey, you’re talking to security. If security is okay with not patching that box, great. I want that in writing and I’m going to print that out and I’m going to put it into a folder when something happens, I’m going to pull it out and say, hey, you said we’re not going to ever patch that box again until they fix their problem and that that made so many conversations go away of like, well, can we just do this? Like, nope, we can’t. You can fix your problem or we can not patch. Those are the binary choices.

    Mary Jo Foley: 16:32 I’m going to give you another reader question. This is looking for some advice. Greg Alto says, does Bryan have a recommendation for remote monitoring of claim systems for patches? Here’s my scenario. I maintain a lot of SMB PCs remotely and visit on site when needed. Do you have any recommendations besides WSUS?

    Bryan Dam: 16:55 Yeah, so here again we go with WSUS wasn’t thinking of an organization where 90% of your people are using laptops. Right? And maybe working from home. I 100% work from home. I almost never go to the office. And so how do you deal with that, especially as a small business? You mentioned monitoring. So the monitoring sort of the knife in my back on that one because what I would tell you is the simplest thing to do is just use Windows update, right? Don’t use WSUS. Take those that subset of devices and say, we’ll just point them at windows update, but you lose reporting. Right? So he specifically asked about, well, how would you monitor this? You could apply patches by just using group policy and say, well point windows update, but that’s the spray pray and don’t really validate method and that’s not that great.

    Bryan Dam: 17:50 So there are other options outside of WSUS. The one that I like to start with in these kinds of conversations is always on VPN. So historically VPN has been the solution for on prem in as well. You’re out of the network, so you use a VPN, you get on the network. The problem there is, is that was usually tied to, well they need access to a folder, right? Or a file share somewhere, so when they need something, they’re going to connect to the VPN. And maybe if we get lucky, there’s enough connection time for some of the scans and all the software updates stuff happening. But now that we’ve moved, you know, to One Drive and other solutions where there’s less and less of a reliance on VPN, a user isn’t of their own accord and say, Hey, I’m going to connect to the VPN and put in my password and do all that stuff.

    Bryan Dam: 18:45 So that’s where, so that stopped kind of working for people. It’s like, Hey, I have people that have VPN, but unless they actually go and take action, nothing’s happening and that’s a problem. And that’s where always on VPN comes in. Now that’s when I say always on VPN. That’s also now a sort of branded Microsoft solution. I’m talking in a more generic thing. If you have a VPN solution or you don’t get one and consider, do they have an always on option where it’s just, if that machine is running and connected to the internet, it will automatically create a connection into your environment. So that I think is the simplest thing. And the reason I’d like to like that solution and why I tend tend to start with it is because you probably have some other stuff that’s not just patching that would also benefit from having, um, that, that, that connectivity, whether it’s some sort of remote support tool, whether it’s some remote, some third party anti virus software or whatever.

    Bryan Dam: 19:46 Um, or some other security tool where you need connected connectivity of the box. If you do an always on VPN, you’ve solved your patching problem and you possibly solve a whole bunch of other stuff. Outside of that, the other two is, the big one from me is Intune, Intune to me is like the perfect small business solution. The feeling I get from the marketing is, you know, I want huge enterprise and Microsoft thinks huge enterprise should all go to Intune. My first Gig as a system administrator was at a very small shop. It was 150 people at two different offices in two different states. The minute Intune was a thing I would have went there because I had nothing else. Right.

    Bryan Dam: 20:35 That’s where I cut my teeth. That’s why I set up WSUS and all these other things. But his exact problem of how do I deal with remote users, but there was no good solution. There was no cloud back in 2000. Well, I shouldn’t say that. That’s not true. The whole Intune and cloud based management for sure it wasn’t a thing back in 2005, but it is now. Right. And so if you’re a small business and you’re using, especially if you’re using Office 365 or you know, what do you want to call it, EMS or the app now, the 365 Stack or whatever. I would seriously look into, if you’re a small business, I would actually look at Intune for doing your management. I think it’s almost purpose built for small businesses, small and medium businesses.

    Bryan Dam: 21:24 Because it’s a matter of it’s just enough administration, right? You don’t have any infrastructure that’s, and that’s the problem with the small business, right? It’s like, well, I can set up WSUS because that in theory that doesn’t take a lot. But setting up something like config manager, which is near and dear to my heart, doesn’t make sense to me in small businesses. Right. The amount of infrastructure and experience and just, it’s a big chunk of infrastructure for a small business. So I think that’s really where Intune shines. So those are my three options. Windows updates if you don’t care about reporting. But he very specifically said, I care about reporting. So always on VPN if you can swing it. And none of that I think really in tune. I think that’s, where Intune comes in.

    Mary Jo Foley: 22:07 Nice. Okay. I don’t know if you, if you heard this while you were out in the woods avoiding bears, but 19h2 is coming and it’s going to be at basically like a cumulative update for people who are already on 1903 and will be a minor update for everyone else.

    Bryan Dam: 22:31 I had not heard that. Wow. They’re not going to call it a service back, are they?

    Mary Jo Foley: 22:31 No, they’re not going to call it a service pack.

    Bryan Dam: 22:42 Would you like to scribble why they’re not going to do that?

    Mary Jo Foley: 22:48 I believe they want to continue to call these feature updates and in fact it will have some features, but I keep hearing the features will be turned off by default. And so if you want some of the new features that are in 19h2 when it comes out in the fall, you will be turning those features on as an app.

    Bryan Dam: 23:06 Okay. So that’s good. That’s good news. My quick aside on the service back thing is cause that extends the support. If you release it right, according to Microsoft, if they released the service pack then it extends the support life cycle. Right. They don’t want to do that.

    Mary Jo Foley: 23:21 If it is a cumulative update, I haven’t gotten this part clarified yet, but if it is a cumulative update, you can’t defer it forever. I think you could have maybe 30 days.

    Bryan Dam: 23:34 If you’re using a windows update or Intune, correct. I think it’s 35. Exactly.

    Mary Jo Foley: 23:46 Now now that you’ve heard the big news, um, yeah, we don’t know if this is a forever thing or just a onetime reprieve. We don’t, we don’t know when they haven’t really said. So my question to you is, do you think this would be a good thing if it became the new normal? If the H2 updates are basically service packs though, they won’t call them service packs. Do you think that’s a good way to go or do you think that admins really just have to suck it up and and start figuring out that feature updates are coming twice a year and you get to find a way to make it work.

    Bryan Dam: 24:23 Yeah, I need 10 seconds.

    Mary Jo Foley: 24:26 So I didn’t know I was going to give you this big like bomb. Now you’re going to go write a blog post right after I’m done. Right?

    Bryan Dam: 24:32 There goes to the whole rest of my day Mary. The whole rest of my day, right?

    Mary Jo Foley: 24:39 I know there’s so many things that go through your head all sudden, right? Like, oh wait, this is gonna change the whole way this happens. But again, we don’t know. We don’t know if this is a forever thing or just a onetime.

    Bryan Dam: 24:54 So aspirationally, yeah, I agree with where Microsoft wants to go. Right? Which is the feature updates are just no big deal and you just push them out. I don’t want to have to do a bunch of planning and a bunch of naval gazing , and I don’t want to have to get all uptight about it. I just want to work. And so my initial reaction is if it just works great, I don’t care. If what you’re telling me is, is more frequently in smaller chunks, we will update the base OS and then you can optionally at your leisure enable new features. I mean, my initial reaction to that is that’s great. Long as it works, right. If, if, if as long as it works and it doesn’t take an hour or two hours to actually apply and it doesn’t impact, you know, which is to say it doesn’t impact the business and it just works.

    Bryan Dam: 25:49 I’m fine with that. My sort of thing about the whole, the whole cadence of Windows 10 feature updates, it’s just, it’s a carton horse situation. A really, to me, it was a a spaceship and ended up pushing a cart, an old buggy, which is to say you wanted us to move fast but you didn’t build the trust, right. I need to do in place updates or whatever. This whatever H2 is and it needs to be a nonevent for me and then fine, let’s just do it right. Then I don’t have to worry about it, but we’ve not been able to string together totally problem free releases. Right.

    Mary Jo Foley: 26:39 And put it mildly. Yeah, exactly.

    Bryan Dam: 26:44 It’s like they kind of came out of the gate saying you’re going to do this and you know you’re going to do it every once, twice a year and that’s okay as long as it worked without any hassle. And I think everyone including Microsoft can agree that didn’t happen. And so as long as whatever they’re doing now works, and doesn’t impact the business, it sounds to me, it sounds like a a great idea. But the proof is in the pudding. Exactly. In what I want to talk key out specifically is that they’re not, they’re not allowing you to not enable these new features. I think that makes a lot of sense, especially in this scenario. To me it’s following something that the convict manager, again, that’s a product I, I follow very closely, but the convict manager group has been doing that.

    Bryan Dam: 27:40 They do these releases, these monthly releases and then three times a year, they will put out a release and, they’ll have preview features, right? You can optionally go enable them and eventually they might change slightly, but then eventually they get into, into the bigger products. So I think that would be a smart thing for the Windows 10 product team to grab onto and say, Hey, well we have this cool new feature. Let’s get it out there and let’s see if some people try it and get some feedback. And then when we actually hit, you know, production if you will, uh, when we put it into an actual full blown release and force it on people, it’s actually been out there and we’ve had some feedback and I know they have like internal rings, right?

    Bryan Dam: 28:21 They have the fast all that stuff but to get it out into a larger ring.

    Mary Jo Foley: 28:27 Yeah it makes sense cause that’s basically how this would work is my understanding is that this would give the H2 release extra time to bake because it would already be out in the H1 timeframe for people who wanted to adopt it then. But it would give them six months more basically a real world testing before going out to people who deployed the H2.

    Bryan Dam: 28:53 Exactly. And they’re doing this kind of the same thing though which is we shouldn’t be learning about this when they release it. If you follow this stuff a little closer I think than I do. Like did we know this was coming and if we didn’t, why or when is the release date? See again, I don’t know. What are they actually pushing this out?

    Mary Jo Foley: 29:13 Yeah, so we think it’s going to be 1909. So September, October time.

    Bryan Dam: 29:17 Okay. Okay. So good. So they’re getting ahead of the ball here.

    Mary Jo Foley: 29:27 One last thing I want to close on because this is another topic near and dear to your patching heart. Servicing stack updates.

    Bryan Dam: 29:38 *Laughs

    Mary Jo Foley: 29:38 Yeah, he laughs evilly. I remember you wrote back, I think it was last year about the whole mess that is servicing stack updates. And I wonder if you could give us a quick breakdown of what these things are and are things getting better there or no.

    Bryan Dam: 29:58 Oh, what’s the quick rundown? So servicing stack updates, the surfacing stack is the thing that updates the operating system. So, so that’s the updater kind of, you got it. Patch, patch or patch thyself. That’s exactly what a servicing stack update is. If you go back to, let’s say, go back to the Windows 7 world, what that is is you have something called the windows update agent, right? So that’s the every version of Windows 7, has a surface that’s sitting there in the windows update agent and , occasionally Microsoft would release an update to that windows update agent. People knew this, it was really relatively infrequent. There were a few months where they were clearly trying to squash a bug and they came out with like a new version for like three months in a row. But historically speaking of the life, the life cycle of Windows 7, it was somewhat rare.

    Bryan Dam: 30:52 It was something you needed to make sure of, or be aware of, and you need to make sure that you are running a recent windows update agent cause it solved a bunch of quality problems, but it was really infrequent. Searching stack uptakes is the Windows 10 equivalent of the windows update agent or a way of saying as a windows update agent is a subset of the whole servicing stack and the servicing stack gets into a whole bunch of things that I’m not even sure I fully aware of, but definitely the in place upgrade, all that stuff is part of it. The surfacing stack is what does it, and so Microsoft has been releasing new versions of the servicing stack update and that’s probably a good thing, right? In theory, they’re fixing quality issues with the process of applying updates. What to date still confuses me as why there’s so many of them. I do not understand. What changed between Windows 7, where it’s like, oh, okay, we found a bug in the updating process and so on. Some sort of rare, you know, it was a rare event with Windows Tenets. I think we can say now pretty officially, It’s not a rare event. It’s something every single month you’re going to have to go be like, oh, did they do a servicing stack update or not this month? I think it really became a problem for organizations is that servicing stack updates are not security updates. If you look at their release dates, maybe it’s on a c or d week, maybe it’s patch Tuesday, but they, they aren’t really releasing them on patch Tuesday.

    Bryan Dam: 32:37 And what Microsoft has done a couple of times is, let’s say, they release a new surface stack update in the middle of June. It’s outside of any normal cycle. They recently in June and now we get to July updates and the July update has a prerequisite for the latest servicing stack update. The shortest way I can explain it is updates have a metadata and that tells your device, you know, is this update applicable to this device? Is it already installed? And all sorts of kinds of things about it. It’s the metadata and then there’s the actual update the content itself. In that what they’re doing is if in July , they put in that Metadata, Hey, we need the servicing stack update from June. We need that installed first before this update, the security update is applicable.

    Bryan Dam: 33:33 And the problem is, and this goes actually back to your first question where we talked about monthly, the monthly cycle. If they released something out of band, let’s say it right just whenever they want for the circuit, in June, you get to July and you go push out your updates, you’re going to, hopefully you’re going to grab that one, you’re going to grab that servicing stack update. But when you push it out, if it’s a prerequisite, your new security updates that justgot released are not applicable. They won’t even show up as needed until that servicing status update has been installed. Where this is a big promise on servers and the problem is your device is going to scan and say, okay, what updates are applied or applicable, what updates do I need?

    Bryan Dam: 34:20 And all it’s going to pick up is that servicing stack update and it’s going to install that servicing stack update. And it’s gonna say, you know, maybe there’s some other patches but it will not pick up July’s security update and it’s gonna install it and it’s gonna say I’m done. Now what happens then is the question and, in the config manager space as it currently stands, because if there’s no reboot, if that device doesn’t reboot itself, it’s never going to go and scan again and say, Hey, do I have other updates that need to be installed? And on a server where you might have a maintenance window of a couple of hours that won’t happen. And so you’re going to miss patches. And that’s, that’s the problem with that. That’s the big kerfuffle with servicing stack updates only when they make it a prerequisite.

    Bryan Dam: 35:08 But that has been kind of rare and that’s one thing. So this servicing updates themselves are not rare. What really makes it a kerfuffle? Something that you actually need to plan around is when they make the latest cumulative update have a prerequisite at dependency upon the last, a particular services stack update. Then you need to make sure in your organization that you’ve installed that surfacing stack update with enough time so the device can now pick up that the security update that it depends on is detected as needed, installed in whatever sort of maintenance window or whatever sort of cycle and that you want. That’s the tricky part because the service tech updates themselves because they are updating that servicing stack. They tend not to have a filed in use problem, right. That they don’t need, which means they don’t need a reboot.

    Bryan Dam: 36:06 They tend not to require rebates. So they don’t need a reboot. But you might need a reboot or you, you need time for the device to say, oh, hey, now this update that previously, you know, the cumulative update, the security update that previously wasn’t apply now does apply. And that’s, that’s the big kerfuffle. Anyone who wants to take Microsoft to task for doing that, I think is that you have my blessing. Just wait a month, release it in June. That’s fine. And make it requisite in August or September. Yeah, that’s okay.

    Mary Jo Foley: 36:39 But not close to the date of the patch itself.

    Bryan Dam: 36:42 That’s, that’s correct. If you’re thinking of a monthly cycle, the biggest problem really comes out is if within a single monthly cycle they put out a cumulative update that depends on a serving stack update released in that same cycle.

    Bryan Dam: 36:58 That’s the biggest problem. Now there’s some debate about, well, these things fixed quality problems. So it’s ideally you would install the latest serving stack update to fix whatever quality problem that exists so that your cumulative update has a higher chance of installing. And I’ve only seen that answer anecdotally. Now again, I’m not a a high paid consultant that talks to a hundreds of organizations every week. But I have talked to a lot of people and I don’t know too many people that have had problems installing them not in a particular order when it’s not a prerequisite. When we did it in the right order it seemed to work better and okay. So that I just haven’t, I haven’t seen anyone scream about it.

    Mary Jo Foley: 37:52 Okay. Good to know. Well, we are out of time unfortunately, but I want to say thank you very much for doing this chat, Brian. That was great.

    Bryan Dam: 38:00 Oh, my pleasure. I could talk patching for hours.

    Mary Jo Foley: 38:03 I know we could, we could go on and on. Maybe, maybe one day I’ll have you back on if your game.

    Bryan Dam: 38:09 Oh yeah. Very cool.

    Mary Jo Foley: 38:12 All right, so for all, all of you regular listeners here, we’re going to be back in a couple of weeks with our next guest, so be sure you watch for that. I’ll post the information on and that will be your signal listeners to send in your questions. All you have to do is go to the MJFChat area in the forums on and submit your questions there in regard to this chat with Brian, look for the audio and the transcript of it, as with all of our chats in the next few days. Thank you again.

    • This reply was modified 7 months, 2 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams

    You can find the audio playback here.

    Mary Jo Foley: 00:04 Hi, you’re listening to MJFChat show. I Am Mary Jo Foley, aka your community magnet. I’m here to interview industry experts about various topics that you are readers and listeners want to know about. So today’s MJFChat is all about Cosmos DB, Microsoft’s Azure Cosmos DB NoSQL database. That’s a mouthful. My guest today is Azure Cosmos DB Product Manager and Architect Rimma Nehme. Thanks Rama for coming on the chat.

    Rimma Nehme: 00:40 Sure, Mary Jo. Nice to be here this morning.

    Mary Jo Foley: 00:43 Thank you very much. I want to do in this chat in particular, kind of like a little demystification of a product that I think some people, kind of over anticipate is going to be too complex and something they can’t get their hands around. If I’m going to start out by saying, if you have one minute to explain Cosmos DB to someone like doing an elevator pitch, what would you say?

    Rimma Nehme: 01:11 Oh, very simple. It’s like SQL for the cloud.

    Mary Jo Foley: 01:14 That’s it. Well, that’s, that’s a great way to explain it.

    Rimma Nehme: 01:17 Yeah. So Cosmos DB is the database service that was worn in the cloud. As the cloud-native database service, it tries to bring all of the value in the promise of the cloud in its own form factor as a database service.

    And so when we think about, what does it mean to be cloud-native? I usually think of three core properties that are fundamental to the cloud core design center, which is global distribution, you know, given that cloud is everywhere, wherever users are, whether it’s, you know, North America, Asia Pacific, Europe, Latin America, and so the database has to be everywhere, wherever the users are. The second one is the promise of elasticity and basically computational resources on demand. You know, the fact that you can come to the cloud and ask for storage or compute on demand whenever you need to, as much as you want to. We bring the same capabilities in the form factor of the database.

    The third core property of the cloud is ultimately the multi-tenancy and this notion of very, very fine-grained resource governance. What that means is that we take the same physical hardware and by virtue of a lot of, you know, engineering rigor and the right architecture, we put multiple shards with copies of the data on exactly the same servers and machines.

    What it allows us to do is just drive the utilization of the physical hardware. And by virtue of driving that utilization, we can pass on all of the cost savings to the customers so that they don’t have to buy that hardware capacity in their own data centers. And it’s something that is also very hard to achieve if you’re doing it in the VMs, you know, as a hosted solution. So these three core capabilities, being ubiquitous, being elastic in terms of storage or compute, and then ultimately passing on the savings by virtual of resource governance, multitenancy and resource utilization, we can give it back to the customers. These are the kind of core principles.

    Mary Jo Foley: 03:41 All right. Got It. Would you say that the kinds of customers who should be looking at Cosmos DB fall into any particular size or industry? Like should it only be enterprise level customers or is there a case you could make for even an SMB to be looking at this technology?

    Rimma Nehme: 04:01 Yeah, the way I put it, it’s actually database for any developer or any customer or any enterprise actually if you will, you know, just like SQL in 1990s, but today, you know, we are all in the cloud era. You know, whether you are a startup, whether you are an SMB, whether you’re a large enterprise, you’re facing with exactly the same challenges, which is trying to, store your data, get the guaranteed performance for your data.

    If your data, we’ll continue to grow. You know, if it’s a startup or, and the startup that becomes a Unicorn, chances are your data will continue to grow from gigabytes into terabytes and potentially even into petabytes. If you are a gaming development company and you game becomes viral, all of a sudden you’ll get burst in terms of a number of users that you have to support or the number of operations or request per second that you need to support.

    Rimma Nehme: 05:03 And this is something, whether you are in a gaming industry or in the retail industry or even in the insurance industry, consumer goods or financial services, the way we see these bursts in terms of number of users, number of operations, storage size, these are ubiquitous. So look at the modern data platform requirements.

    The way I put it, scalability, performance, elasticity, high availability, and then the flexibility of dealing with any type of data, whether it’s documents, graph, or whatnot and trying to be closer to where your users, regardless of the geographical location. These are all core fundamental properties regardless of whether you know, it’s a large enterprise or a small unicorn startup.

    Mary Jo Foley: 06:00 So when you started out about Cosmos DB being born in the cloud and a cloud-native database. So for people who have heard about Azure SQL, how does it differ from that? Because I know SQL wasn’t born in the cloud, but a lot of people, I think when you say to them, does Microsoft have a cloud database? They say, yeah, Azure SQL.

    Rimma Nehme: 06:23 Maybe a little bit of the history behind the service could help.Cosmos DB project started in 2010 as project Florence. I think I might have told you the story behind it before. We named it Florence for two reasons. One is the official and the other one is unofficial. The official one, if anyone of the or your listeners have ever been to Florence, Italy, there is a famous dome by Brunelleschi. It is viewed as the epitome and the jumpstart of the renaissance movement because he pioneered a lot of the architecture or design principles that are viewed as sort of the beginning of the renaissance. And we wanted this to be the renaissance for data on the cloud. And so we named the project as a Project Florence.

    Rimma Nehme: 07:25 But the other sort of unofficial reason, Dharma Shukla who is the founder and the technical fellow, he’s the founder of Cosmos DB service, was in vacation in Florence and it is anecdotally where the first version of the code worked. So we called in Project Florence. When we started in 2010 it was intended first to address the critical developer pain points that were faced by internal Microsoft applications. You know, the likes of Office 365, Xbox, universal store. Today we also have LinkedIn running on Cosmos DB and also Yammer.

    We are onboarding now GitHub on Cosmos DB. All of the problems that these applications were facing were scale and performance at scale. Again, trying to meet developers and users wherever they are. Because Microsoft is also a global company and we have operations and customers anywhere worldwide.

    Rimma Nehme: 08:37 We observed that many of these problems are not unique to Microsoft applications. They are ubiquitous among the third parties, among our customers, and the customers who are also coming into Azure. We set out to build this service trying to address again the needs that I’ve described earlier. This is the system that is capable to elastically scale.

    As your data size continues to grow as you computational needs vary over a period of time the system we’ll elastically scale to the needs so you don’t have to incur all of those pain points and you focus on your application rather than managing and maintaining your backend, especially as your data size and your computational needs continue to increase. Being able to provide very, very strict upper bounds on the latency on the performance.

    Rimma Nehme: 09:41 To date we are the only service that actually gives the SLA on the latency at the 99th percentile. So again, if you’re building an application and performance is super critical, you don’t have to worry about it. You don’t have to worry about, you know, optimizing your indices, you schemas so that you can get and extract a little bit more performance here and there.

    The service takes care of it for you. Being able to provide also, five nines high availability regardless of the software, regardless of the machines, regardless of the network failures, regardless of the regional disasters. Again, if you were to try to do it yourself, it puts a lot of burden on the customers, on the developers. They either have to really design their system with high availability in mind. They have to put a lot of redundancies, a lot of copies of their data, keeping the data consistent across multiple copies.

    Rimma Nehme: 10:37 It all again, adds to that burden. And the pain point that ultimately we wanted to take away from the customer so that they can focus on the apps. Then being able to provide what I call Schema agnostic experience to the applications. The idea here is your obligation logic will continuously keep on evolving.

    You know, you start out building, maybe an operational application, let’s say maybe for a retail, like a real-time payment processing or personalization or customer 365. Over time your application logic will continuously change. You might want to bring additional data sources into your application. If your backhand and your database is very rigid in terms of that fast evolution and agility of the application, it becomes again, yet another burden that goes on the developer or the customer to keep the application logic in sync with your database.

    Rimma Nehme: 11:45 You know, with the Schema and constantly evolve and keep its performance and highly available. And so we wanted to make it so flexible that you throw any data at it, it will happily absorb and it will automatically index all of the data on a by default. So you don’t have to again worry about doing schema management, index management and just focus on your application logic.

    And then the last but not the least, we wanted to meet the customers where they are regardless of their adoption of the technology or the languages or the stack and keep their investments wherever they are. And ultimately, instead of picking for instance, the approach of setting out and saying there is one language of Cosmos DB and this is how you should design your application, how you should manage your data, this is the data model that you should use. We ultimately said we want to meet wherever the customers are.

    So if they want to use various data models, by all means we will natively support them. If they want to use open source languages and open source APIs for instance, Mongo DB, Cassandra, we will meet them there as well and enables sort of the best of both worlds, the open source as well as the cloud-native capabilities. And so as a result of that, the service became multi-model and Multi Api service as well.

    Mary Jo Foley: 13:16 So I wanted to ask you about that because I know one of the top, if you were saying like top points that everyone from Microsoft mentions about Cosmos DB, you always hear them talk about the multimodal approach. But I was curious to kind of go back to no SQL also because sometimes I see cosmos db described as a no SQL database, but it seems like it’s different from the typical no SQL database because it also can handle like relational data too, right?

    Rimma Nehme: 13:45 Yeah. So the way I put it, most people think when they think about no SQL, they typically start thinking about the data model and the language first. Whereas actually, the roots of the no SQL systems came from being able to handle data at scale. So if I were to describe what is no SQL , first and foremost, it’s scale.

    It’s a scale-out system. And when you want to deal with data at scale, it fundamentally requires you to think about how you model that data, how you interact with that data slightly differently. You know for instance, you will not see, you know, typical canonical, characteristics of relational databases like primary foreign key constraints in scale-out systems because in those ecosystems, because it’s in this violent disagreement with scale versus preserving the semantics. When you want to continue to scale and be scalable to petabytes of data, to trillions of operations per second, no SQL systems typically will never the scale to preserve those semantics.

    Rimma Nehme: 14:54 And so that kind of, you know, in a sense you’re trading off different capabilities because ultimately, you know, this is sort of the use cases and scenarios that you’re going after. So in that regard, Cosmos DB is a no SQL system in the sense that it’s designed for scale-out, workloads in scale out in terms of, again, both storage as well as compute.

    So if your data size continues to grow from gigabytes into terabytes into petabytes, it will seamlessly scale out. Similarly, as you are computational needs fluctuate or increase and you go, let’s say from tens to hundreds to thousands to millions of operations per second. The backend of the service will also scale. And then on top of that, we add this what I call syntactic sugar, which is the various data models, the various API languages on top of the service to be able to interact with various types of data. In a sense all of these new systems like new SQL systems, they sort of take a similar approach where fundamental core design architecture is a scale-out, no SQL like architecture. And then on top of that, you add various data models, supports, and various API languages to interact with the data.

    Mary Jo Foley: 16:21 Okay. I remember, um, the predecessor to Cosmos DB was Microsoft’s no SQL database called Document DB. Right? So that was kind of the heritage.

    Rimma Nehme: 16:30 Yes. So when we started out in the early days, we started as Project Florence. We took a subset of the capabilities of Florence and first manifested in the form factor of Document DB with just the document data model support. But in parallel behind the scene, we’ve been basically battled testing other data model supports other extensions of the global replication and multi-master capabilities. And then in 2017, you know, as an aggregate of all of these capabilities, we’ve launched it as a Cosmos DB service.

    Mary Jo Foley: 17:07 Something we haven’t really talked about yet, I think you and I’ve talked about this in the past is how Cosmos DB handles consistency and why that’s different from the way many database administrators might think about consistency. Could you give us a little kind of high-level explanation of how that is different?

    Rimma Nehme: 17:30 Sure, sure. So when it comes to the consistency it’s actually a very fascinating topic, it actually deserves a session its own right. But when it comes to consistency, if you look at the market of operational databases to date, you will typically notice this what we call dichotomy between traditional systems and traditional no SQL systems. Where on the one hand, most of the traditional relational databases typically offer you strong consistency or also we call it as perfect consistency, where at any point in time, whenever the application requests the data, you always get the most freshest up to date view with respect to all of the recent updates. That typically comes at the cost of availability, performance, also latency implications because you just need to run a lot more processing in order to provide these guarantees with respect to strong consistency.

    Rimma Nehme: 18:39 On the other hand, most of the traditional no SQL systems, MongoDB, Cassandra DB and many others were targeting a different type of applications like web, mobile, ware, potentially the highest sort of high order bid. A goal that you’re going after is latency, very, very fast serving of the data and availability.

    So if your building for instance, recommendation website and people are putting comments about products, it’s very important to serve them quickly. But if one individual comment is missing, potentially it’s not the end of the deal. You know, it’s not, not a big problem, but latency is super, super important. So with traditional no SQL systems, they typically emphasize more of a week of consistency or eventual consistency in order to gain low latency and high availability. And for us, when we approach this data consistency problem, uh, the first inside came to us is that, um, instead of viewing it as too extreme binary choices, strong versus eventual, we’ve used data consistency as a spectrum of choices instead of the extremes.

    Rimma Nehme: 20:00 Strong consistency and eventual consistency are ends of the spectrum. But there are many consistency choices along the spectrum. And developers, customers can use these options to make precise choices and granular tradeoffs with respect to their own applications. Something that makes the most sense for them and picks the right tradeoff between high availability and performance.

    And so in addition to these two strong and eventual, we also implemented three intermediate consistency models that includes a bounded staleness session, consistent prefix and then eventual. To make it very intuitive, we put this animation inside the portal that I believe one of the actually readers asks you to ask me about it. So I highly recommend, you know, anybody can go into the portal and click on the default consistency tab. And we show there a musical note animation where if you were to write on data in one region, depending on the consistency model, we show the animation, how other regions will view and get that data.

    Rimma Nehme: 21:13 And so it makes it a very, very visceral understanding wise. You know, how the data actually will manifest itself depending on the consistency model that you choose. And again, we made it simple in a sense by a virtue of clicking on either in the portal or making a single API call, you can change it at any point in time.

    In the insight, remember I told you about the spectrum of choices, all more than 93% of our customers are actually using these intermediate consistency models instead of the two extremes. So he was actually a validation of that initial hunch and the initial hypothesis that it was the right approach towards approaching the data consistency as a spectrum.

    Mary Jo Foley: 22:03 Speaking of customers, I know, you know, Microsoft can’t disclose names of customers without their prior approval, but I was curious if you could talk about, or maybe give a couple of examples of scenarios where a customer ended up choosing Cosmos DB because of a particular need or a scenario. So we talked about the applications that Microsoft has that run on Cosmos DB and there’s a growing family of those. But when you’re looking out at customers, is there like anything you could say as a trend or a general indicator of the types of problems that people see Cosmos DB as uniquely set up to fulfill?

    Rimma Nehme: 22:49 Yes. There are a number of verticals and industry segments that absolutely love what Cosmos DB has to offer and some of them include retail, e-commerce, consumer goods, IUT scenarios from various industries, whether it’s automotive or airlines or industrial IOT or connected buildings or connected to anything. We also see a lot of adoption in financial services, in logistics and sort of anything that has to do with moving things. We also see a lot of adoption in oil and energy and utilities.

    The other sector that we see is entertainment media and gaming. What attracts all of these customers is there are some scenarios that are specific to their businesses and the industries that they’re in, and some could be distilled to sort of more technical scenarios.

    Rimma Nehme: 24:09 What they absolutely love is the elasticity. If I were to pick, for instance, retail and e-commerce, elastic scale is extremely attractive to e-commerce retail and consumer groups. This is not a surprise because we all know about this event called black Friday, cyber Monday, right? All of a sudden all of these customers need the ability to scale sometimes 10x to 100x of their normal, you know, traffic and their normal workload patterns. Typically if they were to do this either on premises, they would have to buy basically the physical servers, the machines that are needed to sustain that capacity, that peak capacity. And so what that means is that almost eight to six months out of the year, they’ve already paid for that hardware and they’re not using it.

    Rimma Nehme: 25:10 And similar approach, if they were to do it in the IAS using VMS, typically four to six months before the event, they will set up their configuration to make sure that everything is ready.

    And again, they’re spending the money on the capacity that they’re not utilizing and if they’re off by any orders of magnitude or even slightly, it would impact both their revenue as well as also a perception from their own customers if the services aren’t available. So this elasticity just in time whenever they need these capabilities becomes super, super important. And also doing it in a geo-replicated sense because many of these customers could have users also in different geographical regions in different continents and different countries, so with the predictable latency characteristics with the predictable performance. Again, they don’t have to worry about the experience that their customers will incur.

    Rimma Nehme: 26:14 So it gives that peace of mind with very aggressive guarantees in terms of performance, scale, high availability that again, they can focus on the upper tier logic of their business application, like serving better recommendations maybe providing some personalization, maybe integrating with other third-party tools and scenarios because their data is always there whenever they needed. What I’ve noticed also this phenomenon of black Friday and cyber Monday is actually prevalent in every single industry. It just depends on the time of the year. It depends on the industry that you’re in.

    For instance, with insurance, it’s typically January because a lot of people start a new year and they start signing up for new policies. So all of a sudden you see that burst. For example, for companies that deal with, for instance, let’s say spring gardening, you know, we have big, big customers like that. When people start preparing for spring and they need to buy, let’s say lumber, they need to buy soil, they need to buy mulch and all that other stuff.

    We see a lot of burst with those customers as well. In financial industry, again, whenever you see the bursts in terms of some offers becoming more popular than others, or if you’re running a campaign, all of a sudden you see a burst. With gaming, which is when you do the game lounge, this is your black Friday, you know, and so this burstiness and fluctuations and being able to elastically scale becomes super, super attractive for customers again.

    It becomes like a turnkey solution that they don’t have to go again, pause their application, add more clusters, add more nodes, the application is down, then they have to go resurrect it. None of that. It becomes very elastic and online. As a result of that customers really, really like it.

    Mary Jo Foley: 28:21 Nice. Last question and it might be a kind of a silly question, but I still want to ask it anyway. Do you ever see a day when Cosmo DB will actually completely replace SQL server or Azure SQL? If you do when and if you don’t, why not?

    Rimma Nehme: 28:43 Oh, that’s a big one. It’s not a silly question.

    Mary Jo Foley: 28:48 The reason I thought it might not hold is because the two things aren’t really the same. I mean they are both databases and a database service, but I, I was kind of like, would there ever be a day when Microsoft would retire SQL server?

    Rimma Nehme: 29:05 I can’t comment on that. But the way I put it the convergence SQL or versus no SQL, where I put it, it’s a wrong conversation in this as even the term itself. No SQL I would put it as a fad.

    Mary Jo Foley: 29:26 They’re like serverless, right?

    Rimma Nehme: 29:29 The way I put it, the fundamental needs that the customers are facing today is scale, performance at scale and the guaranteed performance at any scale. Elasticity, high availability of their data, being able to be wherever the, you know, their businesses, their users are, which is, you know, globally, because at the end of the day, the world is becoming flat as they always say it. So there are these fundamental core tenants of how we’re dealing with the data in the modern age.

    Rimma Nehme: 30:08 So the conversation at that point, SQL versus no SQL and being religious about it, I feel like it’s a wrong question to a wrong problem. I guess the problem we’re trying to address is trying to fundamentally solve the customer problems in the modern age. The other thing is also going forward, the interesting things will happen with the data at scale. Whether it’s AI, IOT or any type of insight that you’re seeking out of your data, bringing it, you know, trying to handle more and more. The data that is coming from your devices, your Internet of things, from Twitter feeds to Facebook statuses from customer service, from call centers, loyalty programs. You know, somebody said that I don’t know the official number but around 90% of the world’s data was generated only in the last two years.

    Rimma Nehme: 31:07 And largely it comes from, semi-structured, unstructured data and basically machine-generated data, voice over IP, IOT and whatnot. Given this data explosion, while we have all these tools, there is still a huge gap between the available data and the ability to do something with that data. And ultimately that’s the gap that we’re trying to fill in.

    The conversation of SQL versus no SQL, where I put it, that dichotomy sooner or later actually is going to go away. We see this convergence in the sense that at the end of the day you are dealing with data, small scale, big scale, it doesn’t matter. You’re trying to get some meaningful insights out of it and either provide a service to your customers or try to find means for differentiating your business or trying to monetize on it or if it helps all the third parties.

    Rimma Nehme: 32:06 So in that regard, in my lifetime, or at least in the professional career, there are a lot of legacy systems that probably isn’t much high ROI in goring and aggressively trying to move them to this cloud-native service. Because they’ll stay where they are. You know, they’re largely as they are. But for any new endeavors, any new applications, especially if you anticipate and you want to do something at large scale, you know, Cosmos DB become sort of a defacto go-to solution.

    Because in the sense it presents the cloud promise in the database form factor. I don’t know if that answered your question or not, but just like music in the 1960s, whatever the music was that came out, that was viewed as different. I think when I retire, I think the world will be very, very different.

    Mary Jo Foley: 33:10 Good, good point. Well, thank you very much for this chat Rimma. For all of you regular listeners, we’re going to be back in a couple of weeks with our next guest, so be sure you watch for that. I’ll post the information on and that’ll be your signal listeners to send in your questions. All you have to do is go to the MJFChat area in the forums on Petri and submit your questions there in regard to this chat with Rimma, look for the audio and the transcript of it as with all of our chats in the next few days. Thank you again so much. Thank you, Mary Jo. Thank you, everyone.

    Brad Sams
    Brad Sams

    You can find the audio playback, here.

    Mary Jo Foley: 00:00 Hi, you’re listening to MJFChat show. I Am Mary Jo Foley, Aka your community magnet. I’m here to interview industry experts about various topics that you, our readers, want to know about. So today’s MJFChat is about the five Azure services that IT pros need to know about. Narrowing this down to five given there more than 100 Azure services right now is no small task, but I have the perfect person to help me here. My guest today is Aidan Finn and Azure most valuable professional and principal consultant at Innofactor. He’s also a regular contributor to welcome Aidan. Thank you for joining me.

    Aidan Finn: 00:50 Hi Mary Jo. How are you?

    Mary Jo Foley: 00:52 I’m great. I’m really excited you’re doing this chat with me today.

    Aidan Finn: 00:56 Five items , I wondering if Mary Jo would do seven.

    Mary Jo Foley: 01:03 You’re always trying to squeeze one more in, aren’t you? One or two?

    Aidan Finn: 01:08 Yeah. You always want an extra one. Like, my three year old’s just one more please.

    Mary Jo Foley: 01:12 One of our readers set the stage for us perfectly, Aka Joel Reed. He said, Azure has to be one of the most daunting things I’ve ever been faced with. Not only are there constantly new services, the existing ones seem to update and reconstitute regularly too. And he identifies himself as an IT pro, not resistant to change.

    So he was really excited about this chat because he wanted to know any kind of advice, insight, strategy, anything you can provide. And he said he’s a very big fan of your regular, everything you need to know about Azure infrastructure column on Petri. Let’s start here. So like he says, for many it pros, the cloud is new, how things are done, there is new and things are constantly changing. So what would you recommend regarding education or reeducation for IT pros who are looking at the cloud?

    Aidan Finn: 02:14 This is a big topic for me. So I started working with Azure five, six years ago when Microsoft came into my employers and asked us to help them start promoting Azure with Microsoft partners in Ireland. I quickly realized that the way I was going to have to do that was through education. That was, you know, educating business people, sales people, but most importantly IT pros, technical people.

    The good news for the IT pros out there, and I’m going to wrap all this up later on, is that your job is safe. In fact, your job on the cloud is more important than ever. So your company, your employer, your customer is not going to do successfully without you being educated about how to do it. You are going to have to go out and get information. So there’s lots of places to do that.

    Aidan Finn: 03:08 I mean, yeah, there’s the official places and then there’s, you know, sources where they’ll provide you educational resources where you have the past exams and stuff like that. I’m going to be real world here and say screw the exams. They’re good for getting past HR people and their good for working for Microsoft partners. But if you want to get a job doing what you want, what you need is training on how to actually get the job done. So go and find alternative sources for training. People who deliver hands on training and around the world there are lots and lots of people who do that.

    They’re not necessarily the big names in IT education. They might be individual people. Go look for that stuff. Find alternative sources who are going to give you real world. This is how it works.

    Aidan Finn: 03:57 For official resources go So you and I know Rick Claus and his team are behind that content. There’s tons of material on I know everyone who’s been working in IT for a while remembers Technet and how bad that used to be. really does show how Microsoft has changed. They’re offering that content in a Dev op style, very much open source. It’s actually on Github. If you go looking for the content and basically it’s technical people in Microsoft who are responsible for product or writing the documentation now.

    Instead of being similar division within Microsoft who are a bunch of authors who don’t know the technical stuff, there’s an awful lot of hands on. There’s a lot of examples and different ways of doing things. So Azure has many ways of doing things. You can use the portal, which is the nice, easy way there’s, you know, the, the bash version or Cli and for windows, Mac Os and Linux, there’s Powershell for the Windows and Linux people and they’ve all those different examples.

    Aidan Finn: 05:03 So you’ll find that stuff there too. But the important thing here is that the cloud, you can’t just go out and learn the cloud and then that it. As Joel Reed kind of mentioned there is that things change constantly. And for me that’s part of the fun. I like learning new technical things.

    I like being one of those people that goes out and figures things out and shows that other people how to do them. If you like that then the cloud is great for you because it’s a constant change. You remember the old days Microsoft released a product and there’s a reason why this is true, but it was the third version of all of those. Microsoft is basically the timing of feedback. They get the first version out and they start planning the second version.

    Aidan Finn: 05:53 By then everything’s kinda locked down and then they’re getting the feedback, then they are getting feedback on the first version, which they can only use for the planning of the third version In the cloud, things change constantly. So when they get feedback, they can put that into their Dev ops backlog and they use that then to build up their schedule for the next, it could be even days or weeks, not months or years.. It’s a very different rate of change. So when they get something out there and it doesn’t work the way that people are hoping, or there is something missing from it, they hear about it straight away and they put that into the backlog. That means we are getting new things constantly and we’re getting the changes we want constantly. So that means going back to those sources. So one of the most important sources of information I have on Azure is actually the official Azure blog.

    Mary Jo Foley: 06:40 Yeah, me too. I use that a lot.

    Aidan Finn: 06:42 Most of the product groups in Azure use that as their jump off board. They’ll put their announcement up there, some of them will put in long posts and that are quite technical. Some of them it’s just, you know, it’s a short posts saying, okay, something is generally available. Click here to learn more. There are a few of the product groups who aren’t great about doing that, unfortunately. But most of them, the networking guys to patrol machine people, they’re all really good at putting their information up there and then linking it to

    And then there are lots of MVPs who are writing stuff, get to know them on Twitter, follow them or whatever the social media is that you prefer. I believe there’s a bunch of them to have something on Slack as well. I know we should be using teams, but you know, there are lots of different social media. So there’s a lot of information out there and go to the local community events, the user groups, there are lots of Azure meetups to go to and you’ll find loads of those out there. People who are doing this stuff, who are enthusiastic about sharing their knowledge, often share with their competitors. So there’s plenty of sources of education.

    Mary Jo Foley: 08:04 You brought up an interesting point when we were talking about this earlier. You said, just because you’re going cloud doesn’t mean as an IT pro, you have to dump everything, you know? Right. I mean, hybrid cloud for me is an indicator of this, it’s not just cloud or nothing, right?

    Aidan Finn: 08:21 Yeah. Most organizations have an existing spend in it. It was probably bought in the last few years and you know, it’s not end of life. Maybe they prefer keeping things on Prem. Maybe it’s running their factory and they had to keep it on Prem. You can’t have, some VPN links going offline because a digger, you know, tore up the wrong part of the road. Then your factory shuts down for a week, who can afford that? So when Microsoft came to cloud and they weren’t first, they had a good eye.

    They saw what was going on. They had formed a good plan, which was the best way to get people to cloud is to extend and improve what they already have. So if they’ve met an investment in VMware or hyper V, if they’ve got, you know, what was then the latest version of windows server, Linux, let’s improve that.

    Aidan Finn: 09:16 Let’s extend that functionality into the cloud. If they’re running database services on parameter, let’s offer them stuff that they can do in the cloud, there’s so many different ways of doing this in Azure, we could probably spend hours talking about them. So there’s a few that for me, the IT pro, whether you are in small, medium or large business, that really stand out. Simple things like the new Azure NIC and Windows Server 2019 or I can say that I’ve got a network with some interesting stuff up in the cloud and I’ve got this on Prem Window server 2019 machine. I’d like to connect it up to the cloud. Well a few clicks you can do that. And suddenly this machine you’re running on Prem has a second network card and it’s connected to your Azure network and your Azure stuff can talk to this machine. That’s pretty cool.

    We’ve got Windows admin center, so you know, Project Honolulu, which Microsoft’s has put a lot of work into giving us this beautiful new HTML 5 UI that sits in front of Windows Server. But it can also sit in front of Azure. So if I’m running machines on Prem or I’m running machines up in the cloud, I treat them as one set of machines, which is the right way to do it. Azure backup was probably the first service I used in Azure and it has a special place in my heart. The team is awesome. They love feedback. They provide a solution when I want to back up my PC, whether I want to back up a file server, VMWare or Hyper V to the cloud and use that really cheap storage for longterm retention, which a lot of organizations need to do.

    Aidan Finn: 11:02 They have to store things for 10 years. I’ve even heard of organizations have to keep backups for 99 years. Doing that on Prem, that can be expensive. But if you can do that using that really cheap storage up in the cloud, that cost plummets. Plus you have that element of that offsite. So you have that three, two, one thing that we’re supposed to do in backup power. You know, you’re supposed to have your copies in two different locations. Well I’m using the cloud. There’s my second location.

    Easy, simple setup. Disaster recovery is hard to do. Azure site recovery makes it easier. And our sister team of Azure backup one that I’ve really liked. I knew about it for years before it came out and I kept telling people there’s something cool coming that is going to solve your problems with file servers and it was Azure file sync.

    So I know we’re all supposed to move to Teams, SharePoint online and stuff like that, but you know there are many times when we have to keep that file server on Prem for whatever reason and you know it uses a lot of storage, it becomes difficult to backup and Azure file sync allows you to synchronize all the content of that file server up into the cloud, possibly even to other files servers around the world and move your backup function to the cloud. So you don’t have to do backup infrastructure out in a small-medium business or out in branch offices. And it allows you to reduce the amount of storage you’re using on the file server. So the file server becomes cash and Azure becomes the master copy. So you’re seeing the hot files on your file server, but everything is up in the cloud.

    Aidan Finn: 12:34 And the cool thing is the end user doesn’t really even realize that there’s a division going on. They see everything the same as it was before. So if they access a cold file to file servers, actually sucking it down from the Internet and then presenting it to the user without the user even noticing there was anything going on. So that’s reducing costs from backup and storage consumption on synchronization between different locations.

    And it’s another one of these micro cost services in the cloud. The cost of it is pennies per gig. So it’s one of these things that are a few clicks an IT pro can make a real improvement to how IT works for their business. And of course there’s Azure stack, right? So if you want to run an oil rig in the middle of the ocean or you want to Microsoft to talk about the cruise ship.

    Mary Jo Foley: 13:31 The perennial example you are on a cruise ship.

    Aidan Finn: 13:37 I don’t know any cruise ship I heard we usually booze cruises and they probably shouldn’t be running a cloud. Remember the cloud is the way you work, not where you work and if you want to have that cloud work practice, but you need to keep that on premises or you need to keep that in a country where Microsoft don’t have an Azure region and those are getting fewer and fewer in number, then you can run Azure stack. So that gives you that whole solution. And that’s just a few of them. There are probably hundreds of different options.

    Mary Jo Foley: 14:09 You know when, one we haven’t talked about yet is virtual machines and VMs are a big part of not just Microsoft, but all the cloud vendors approaches. So if you’re an it pro, what do you need to think about when you’re thinking about how to use VMs in the cloud?

    Aidan Finn: 14:25 The good news about Vms in the cloud is if you know VM Ware or Hyper V, you’re pretty much there. In fact, one of the things with a lot of people don’t even realize is that Azure is Hyper V. It used to be a company called Red Dog, but now it’s windows server 2016 Hyper V. It’s the same hypervisor that you can put on prem. So if you know generation one virtual machines, you’re already there. What you need to figure out is what for two machines for deploy because there’s probably over 200 different options. It’s like buying a laptop.

    Mary Jo Foley: 15:05 Yeah, yeah.

    Aidan Finn: 15:06 You know, that struggle, I listened to Windows weekly. The IT pro will know this story as well. It’s like buying a server. When you go on the Dell or HP or Lenovo, there’s all these different series of servers. But the funny thing is if I said to an I pro, you know what I need to a rack server to run as a VM ware or Hyper v host, straight away in their head, they already know a particular physical machine probably to use that has two processors and certain number of highspeed knicks. They know exactly what they want.

    If I said to them, you know what, I’m thinking of a high end physical SQL box, there’s probably something they’re already thinking of and a disc configuration they’re already thinking of. Azure has tried to give us a naming system for all these different series of virtual machines that makes that possible. Now there’s a whole bunch of them. So they’ve categorized them into things like general purpose. So you things that, you know, your typical workload is like your domain controllers, your file servers in normal SQL boxes, that sort of thing that they’ve got the graphics enhanced machines that have Nvidia chip sets and Nvidia grid for High Spec GPU enhancements.

    Aidan Finn: 16:25 They’ve got ridiculous machines with crazy amounts of memory like the MV two series, where that’s got nearly six terabytes of Ram. That’s crazy stuff. But most of us are going to be working on the lower end. That’s the reality of things.. So we’ve got the A series now. Now this a, these letters, they actually mean something. A was a star in the alphabet. It was the first of the virtual machines introduced into Azure and then over time Microsoft introduced different generations of those. So a was replaced by AB 2 and cool thing about it was when they introduced AB 2 was cheaper than the original. It was a D and DB 2and DB 3, the d stands for disc or database. So when I think, oh I need a machine with fast disk or I need a machine is going to run database, I think D series.

    Aidan Finn: 17:17 And then they’ve got this other one called B. The B series. Now technically is called “BS”, but we don’t call it BS for pretty obvious reasons. The “B” is burstable processor. Microsoft has years and years of empirical data about virtual machines in Azure and they know what processor capacity has been handed out and how much people are using. So on most virtual machines and all, but the B series, when you give a virtual machine a processor, you get all of the physical capacity from that host.

    So if I’ve got a four processor virtual machine, I’m using all of those four cores from that physical host and that can be quite wasteful because most applications are using less than 12% of their potential. So with the B series, what Microsoft did is they put a cap on how much processor I can use and while I stay under that cap, I save up credits which allow me to burst through that cap. So it means I can slash the cost of my virtual machines by probably up to 80% and when I need that processor, it’s there.

    Mary Jo Foley: 18:28 I never knew the connection between the letters of the VM series and what they stood for. I thought it was just kind of arbitrary to be honest.

    Aidan Finn: 18:37 No, they all mean something.

    Mary Jo Foley: 18:38 This is great to know.

    Aidan Finn: 18:38 The only one that I know of where Microsoft have really been obvious about is “G”, which was Goliath.

    Mary Jo Foley: 18:47 What’s “N”?

    Aidan Finn: 18:47 “N” is Nvidia.

    Aidan Finn: 18:51 So you’ve got NV for video virtualization. NC for Nvidia compute and D for Nvidia deep learning. So Chrome robots stepping on our skills. Right. Then you’ve got e series, which is actually D with extra ram. You’ve got H which is high performance computing.

    Mary Jo Foley: 19:14 I know you’re going to make my life so much easier by putting me into this because every time they announced one of these. I’m like, yeah, there’s another letter. I don’t know like why, but you know.

    Aidan Finn: 19:24 Yeah, they all mean something. And then within the name of the virtual machines there are little indicators or letters as well. S means it supports your premium SSD. I means it’s isolated as the only machine on the host, OR means it has a second network card.

    Mary Jo Foley: 19:47 But what about pricing though, I feel like, okay, it’s pretty confusing. All these different options you have in the VM size wise. But pricing seems equally like crazy to me about all the different options there.

    Aidan Finn: 20:00 Yeah. So the size of Vm you pick and where are you picking dictate the price. So if you go into one or the US regions or I one of the European capital regions like north Europe or West Europe, the prices are as low as you pretty much can get within Azure. Typically the big thing that increases the cost is the number of course. So windows virtual machines include the cost of windows server and you don’t need any Window Server CALs cause their processors are licensed.

    So if you’re dealing with that 2008 migration issue at the moment, and you were saying, right, I’m not migrating these 2008 machines in the cloud, what I’m gonna do is I’m going to rebuild them as 2016 or 2019 machines in the cloud. You don’t need to replace those CALs. Now things like SQL server CALs and RDS CALs, you would need to replace those. But those windows server CALs, you don’t need to worry about that.

    Now if you are in that 2008 migration scenario, so you’re dealing with Windows Server and of life or SQL server end of life or even Windows Seven and life of VDI, you can move those machines to the cloud and Microsoft will give you three additional years of support for free.

    Mary Jo Foley: 21:09 Right? So you keep getting the security patches, right?

    Aidan Finn: 21:12 Yeah. And that’s different mechanism that you’re going to get the patches through. But you will get the patches and so anyone who that goes and buys the extra security for n Prem will have to use a new mechanism as well. So that gives you that extra bit of time to say, okay, what are we going to deal with this legacy application? We can’t upgrade the software developer’s gone. Do we go off and find another application? Do we rewrite it? Do we transform it using some of the Azure platform services or whatever.

    Mary Jo Foley: 21:39 Got It. Okay. Let’s talk about ARM. And I don’t mean as in the chips, I mean Azure Resource Manager, you know, it’s funny, like whenever I see ARM, I have to think of my talking about ARM as imposters or ARM as Azure resource manager. So I’ve heard you talk a little bit about how great ARM templates are, but could you explain more why IT pros should know what these are and why they should rely on them?

    Aidan Finn: 22:05 Yeah. The important phrase here is something called infrastructure as code. Now straightaway, most IT pros are going to go on though he’s talking about development and I’m not because that was my reaction when I first heard about this stuff years ago. Microsoft’s kind of stopped using that phrase because I think they realized, they scared away a lot of people.

    For me, I came to this stuff when I realized I needed to reproduce the same thing over and over. I wasn’t working in a large enterprise. I was actually dealing with small, medium businesses. I needed it to be able to reproduce the same solution with two VMs over and over. One was the domain controller doubling as a file server, the other one was a RDS box. It’s a very, very basic thing that you’ll find a small medium business. Wow I’m doing this stuff with large enterprise and what it basically is is a solution where you can describe the end result. It isn’t programming. We have to describe the actions. This is describing the end result, what it is you would like Azure to give you.

    We basically supply this in a format of file called JSON or Java script object notation. Azure consumes that. And then in the back end, the Azure resource providers who were kind of like the chefs in the kitchen take up their different bits. So they all have speciality, some do VM, some do storage, networking, etc. They deployed a bits for us. So it’s like asking a waiter, I want my steak cooked a certain way. I would like my solid prepared a certain way and you don’t worry how it’s done. It’s just done for you. The benefits here are you get the same result every single time and you can specialize a true parameterization. It’s much faster at deploying than doing click, click, click, or even doing partial scripting.

    Aidan Finn: 23:53 And plus we can scale out really fast. So if you do need to do to deploy, you know, a thousand machines at once, it isn’t a task where it does at that task in a loop a thousand times, it literally will send an instruction saying, give me a thousand of tasks. And they’re all deployed at the same time. So it’s really fast. It’s a whole new skill set that most people are going to have to learn.

    But the investment, you make does pay off in the long run because that task that may have required a very senior person to do it originally now can be passed off to someone more junior and allows the senior person to spend their time doing the more advanced work. And you can get into the machines and start enabling roles within the machines that they’re windows machines and start configuring them automatically. So if you’re working with developers or something, you can give them their test environment, their dev environment or production environment, just like using a cookie cutter. So just snaps at the same thing over and over. And you can have little specializations for each of those deployments as well to make them unique.

    Mary Jo Foley: 24:58 How many of these are there that already exist?

    Aidan Finn: 25:01 Oh these templates, Microsoft have shared hundreds.

    Mary Jo Foley: 25:04 Oh Wow.

    Aidan Finn: 25:04 Yeah. So there’s loads of examples out there plus everything you deploy in Azure, you can go into the Azure portal and look at the template and then using the auditing system that’s in Azure call activity log. If you make a change to something and you’d like to see what that looks like in one of these ARM templates, you can look at the audit trail and see the before and after. So I could change the size of the virtual machine or the disc configuration of a virtual machine and then go in and look at the activity log and see the before and after of what I did in the Azure portal and capture that to users in templates. So it’s kind of cool.

    Mary Jo Foley: 25:44 Yeah. Very cool. So at the beginning of our chat, you made kind of an illusion to this idea that IT pros don’t have to feel like their jobs are in jeopardy just because they’re being asked to move to the cloud or are moving to the cloud. So what kinds of skills do you think automatically can translate to the cloud? Like what, what are the things that they already know that they, you know, they won’t have to just relearn something or dump it.

    Aidan Finn: 26:13 So most of it actually transfers. I think a lot of people think that the cloud is like that whole outsourcing craze that started back in the late 1990s and it’s not. The reality is what happens inside your virtual machines. Microsoft really don’t care. This is not a managed service that they’re providing. They’re providing a platform, they provide the hardware and the networking and the storage, the physical stuff. Then you do with that what you want. What do you want to run virtual machines or Linux or windows?

    Microsoft don’t care that they measure to consumption. They send you a bill at the end of the month. So it’s a utility. So it’s up to you to deploy that stuff. It’s up to you to run that stuff, design that stuff, get the performance right in that stuff. Get your SQL server configured the right way, get your whatever it is in that APP server running the right way. What changes is the focus moves away from the flashing lights in the dark room to actually the service layer. So the bit that the business actually hired you to get right, they don’t care about physical things.

    So there’s one role that really does change and goes away. That’s the role of the disc monkey. Is that a person who’s job to get storage up and running because you don’t even see that stuff anymore? Your networking skills transferred. They change, but they transfer. The person who looks after windows, nothing changes really. You still have to make controllers.

    You still have file servers, you still have, you know, Citrix boxes and RDS boxes and all that stuff. Initially you’re still gonna have sequel server for compatibility reasons, but you’re going to move to a different kind of sequel server where you never worry about upgrades. Again, let’s still sequel server. So if you have sequel server skills, that’s still transfers.

    Aidan Finn: 28:05 The piece I think is really important for the IT pro is, yeah, over time you’re going to see how applications are being built will change. So the role of the virtual machine will diminish over time. But that doesn’t mean your job diminishes because the people who are going to build that application on the platform or platform as a service in the cloud, they’re developers.

    They know nothing about security. They know nothing about compliance. They know nothing about how to ensure that the business is secure against external threats or even internal threats. This is stuff that IT pros know and Microsoft have been over the last two or so years, bringing that platform side of the cloud, which was completely alien. Nothing to do with us, IT pros, but now they’re bringing it into our worlds because they need the network. Because the network allows us to control how our data moves around, how, if it’s allowed to move around, how it gets logged and filtered. So it’s important for security. It’s important for compliance , it’s important for governance.

    These are big, top 10 topics for businesses that are moving to the cloud. And these are things that we, IT pros know howto do. We’ve been doing them for a long time. That devs never will because it’s not their skillset. So more and more we’re seeing these things come into our space. In fact, the last five months that I’d been working on customer projects, it’s been this, it’s been networking in Azure. Here’s the thing I love about Azure networking, in my career I’ve never been the guy to configure it. The physical network never happen, but I love that I can do just about everything in Azure networking. I’m the guy that people come to to get that done. Most of the articles I’ve written about for On Azure have been about networking.

    I love Azure networking. It’s so easy to do and pick up. And the fact that I can deploy firewalls and layer seven uprooting and all this stuff that I never could do and I can do that really, really easily through the Azure Port or JSON or whatever, and give businesses a secure platform that allowed them to control the flow of data and make sure only the right people are seeing the data. The data is only going to the right places. External threats are being blocked. Some cool features using machine learning to dynamically block know bad threats that are identified in the Microsoft security graph. That stuff, you know, those are bull phrases you hear in such in the delicate conference keynotes that are real to me.

    Aidan Finn: 30:44 And this is stuff that, you know, us, IT pros, we know how to do this. Every time I talk about this, I ask the room, how many people here are in your 50s? Few hands go up. How many are in your forties lots of hands , and then I get down to the 20s, maybe one or two hands go up. We IT pros are an aging punch and we’re not being replaced on our role has actually become important again.

    I saw a comment earlier on someone on social media talking to you about going to the cloud and how their jobs are going to be made redundant or something. I laughed because it’s actually the opposite. If you’re like aka Joel Reed back at the start and you want to learn your job is safer than ever. Because you’ll be able to take those IT pro skills you already have transformed them not that much cause the pattern stayed the same. The pieces are different, but the patterns are the same and you will be valuable. And if your employer doesn’t see that value, trust me, there’s so many businesses out there looking for Azure people that if you have the skills, you will find a job.

    Mary Jo Foley: 31:56 That’s, that’s a great note to end on. Upbeat. So thank you. That was awesome. Thanks for the great chat and for all of you regular listeners, we’re going to be back in a couple of weeks with our next guest on MJF chat, so make sure you watch for that. It’s going to be in the forums on and then that’ll be your signal listeners to send in your questions. All you have to do is go to the MJFChat area in the forums and submit your questions there. In regard to this chat with Aiden look for the audio and the transcript of it, as with all of our chats on the site in the near term. Thank you so much.

    • This reply was modified 8 months, 1 week ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: How Can I Get Started With AI? #617613

    You can find the audio playback, here.

    Mary Jo Foley: 00:01

    Hi, you’re listening to’s MJF chat show. I Am Mary Jo Foley, AKA your community magnet. I’m here to interview industry experts about various topics that you, our readers want to know about. So today’s MJFChat is all about how tech pros can get started with AI using Microsoft technologies. My guest today is Gary Pretty Conversational AI Consultant at Mando and a Microsoft MVP.

    Welcome Gary. It’s so great to have you on. We’re longtime friends and colleagues, so this is going to be really fun. There’s a lot going on right now in the Microsoft AI and conversation spaces. I was just at build where Microsoft showed off some new plans for their conversational engine that they’re going to bake into Cortana and make available to others via the Bot framework and Azure services. Cognitive services are all over the map. They’re springing up, it feels like almost daily. I feel like it’s a very hot topic right now. But I will say in talking to some tech pros, I know more than a few feel a little overwhelmed and under prepared to take advantage of these kinds of technologies. So here’s looking at you, Gary, I want you to help explain why they don’t need to be afraid and why they should be excited about jumping in.

    Gary Pretty: 01:36

    Sure.l guess the first thing to say in terms of not being afraid to jump in and why you should be excited, is this technology really allows you to get a lot done and have a real impact with very little effort. This is a technology that’s only been around for say like two and a half years now, since built two or three years ago. When it was first introduced, the idea behind it was to give developers the ability to build one single Bot application, maintain a single Bot application, but then make that available on multiple channels.

    So things like Skype, maybe web chat, Facebook messenger, and the idea of bots really isn’t anything new, but up until fairly recently, we would need to go and build an individual block for each one of those channels. But I guess the first thing to say really is behind the scenes of Bot is just a web application. It’s a web application and the Bot builder SDK, which we use to build Bots really just handles all the complicated bits for you. So sending messages to and from the channels. So receiving a message from Facebook and sending messages back to a user. All of that complexity is actually wrapped up for you in the Bot framework connector service that Microsoft handles, which is fantastic. And then you can focus as a developer on simply building a great conversation. You know, that’s the first thing I would, I always do encourage people to think about when they started to think, should I be getting involved with bot building.

    Mary Jo Foley: 03:24

    That’s a really good beginning. We also had a question from a reader calling himself or herself “botsornot” saying we heard a lot about bots from Microsoft a few years ago at Build as you just alluded to. But the conversation feels like it’s gone a bit quiet. Can you explain if bots are really Microsoft’s focus anymore or if this is just a thing they built, tossed out into the open to see what happens?

    Gary Pretty: 03:53

    It’s a good question. I think we all know that sometimes technologies get thrown against the wall to see what sticks. I think the message I’ve certainly received from Microsoft over the last couple of years is that they are really betting big on this sort of technology. The Bot builder SDK and the Bot framework really are at the core of the AI services.

    They are core pillar of the AI services that they want to offer for developers. I certainly don’t get any sense that they are just throwing it to see what happens. I think we’ve seen the growth. There’s been a fairly rapid growth of the uptake of the technology. There are a lot of Bots out there that are built on this platform. There’s a very good chance that, you know, on any given day you’ll be interacting with one or more bots or services that are using this SDK under the hood. But ultimately as we’ve talked about before, if you’re a developer that needs the bot framework that you want to build with the bot framework. You know about it, it’s there. It’s one of the most important tools in your toolkit.

    But just like so many of those other, you know, products and services on Azure and elsewhere in the technology industry, sometimes it just takes somebody to introduce you to them, for you to actually pick it up and get going. Just because you maybe never heard of it or you don’t know how to get started doesn’t mean it’s difficult. There are so many products and technologies out there right now that it’s really hard for some of them to make a big noise over some of the bigger projects that everybody is using. You know, maybe like dot net core for example. But no, this is a super hot area right now and Microsoft is investing big in this space.

    Mary Jo Foley: 05:45

    Do you think it’s a good strategy for someone’s that has never really dabbled much with AI to start with the Bot framework or is that kind of more for someone who’s a little further advanced?

    Gary Pretty: 05:59

    No, I think it’s a really good idea. Actually, I did that exact thing myself. So I’d never dabbled in anything to do with AI at all. I’d never used any of Microsoft cognitive services and I saw the Bot framework at Build and thought, Hey, that’s pretty neat. I think I can build something pretty cool with that for some of our customers. I went away and built a proof of concept in a few hours and that’s really straightforward and simple to do.

    It really allows you to dip your toe in the water because as we’ll come on to talk about later, the other services that you use with the Bot builder SDK, the cognitive services, the things that really are the magic to your Bot are really then going to take you further down that journey into using those AI services that Microsoft have to offer. And you can keep going and using things like as your machine learning, etc. But the Bot Builder SDK is a great place to start. It’s a phenomenally powerful tool for building awesome solutions for either yourself or your users or your customers. It really is awesome.

    Mary Jo Foley: 07:08

    Do you feel like somebody needs to understand concepts around data science or machine learning or do you even need to be a programmer to start using the Bot Framework? Like what, where do you need to come into the equation?

    Gary Pretty: 07:21

    Okay. So you definitely don’t need to understand things like machine learning and any, you know, deep complex AI topics. It’s worth calling out here that I’m a Microsoft AI MVP, but I focus on the Bot builder SDK, the Bot framework and the cognitive services. I don’t write my own machine learning algorithms. I don’t really get that deep. I am using all the services that are available off the shelf to combine them to build awesome solutions.

    So you certainly don’t need to have that in your tool kit already. I’m far from it. What you do need is to, ideally, you’d be a web developer and that could either be with a node, no js javascript or you could be using . As long as you have got some experience in those technologies or indeed python or Java are coming down the line as well, they’re in preview right now. As long as you’ve got experience in one of these languages, you’re going to be able to pick up this SDK really, really quickly. Microsoft has done a phenomenal job of making the documentation really pretty rock solid for the Bot framework. That wasn’t always the case. They completely overhauled it in the last 12 months. With version four of the SDK, they overhauled the documentation and it’s so much better and they spent a lot of time thinking about how do we put together the samples, the sample projects, the sample code so that people know where to get started. And those sample projects are designed so that you can move through them one by one and each one introduces a new core concept. But you can literally take 10 minutes to look through one of the samples and understand the core concepts of building a Bot.

    To get started really easily. You can go into the Azure portal and spin up a Bot app in just a couple of minutes. And you can say, I want a Bot app and you can pick from some templates. You can either have a really basic echo Bot, which will just repeat back to you what you’ve said in the web chat window. And that can be really useful to just get used how am I sending and receiving messages? Then you can spin up another web app, which is then starting to introduce some of those cognitive services that we talked about and some of the key concepts there. Then once you have progressed and you understand all of those concepts, Microsoft is then doing an amazing job of saying, okay, we don’t want our customers to reinvent the wheel.

    One of the things that I think is happening across Microsoft, certainly over the last 12 to 18 months is they’re saying they are looking at their customers and they’re realizing that everybody was actually reinventing the same thing over and over again. And a really good example of this was the Virtual Assistants Accelerator. So the Virtual Assistant Accelerator is a solution, a prebuilt solution that’s open source or made available to developers by Microsoft. It’s opening GitHub and it is essentially a virtual assistant built on the Bot framework, which will allow a user who is interacting with it maybe by a web chat or via Microsoft teams, which is one of the other channels to do things like book appointments in their calendar, but using conversations so they can say, “book me a meeting with Mary Jo on Wednesday between two and four in meeting room one” and they’re going to use the cognitive services and the Bot framework to make that happen.

    But you don’t have to build that from scratch. They’re going to give you the base code for you to then tweak and hone to make it your own. And because they realize that every enterprise customer that they were talking to was looking to try and do the same thing. So building out the solutions and actually sharing the best practices that they’re finding means even if you’re looking to build out something really quite complicated, it doesn’t have to take a lot of time or a lot of effort. You can really focus on tailoring it for your needs.

    Mary Jo Foley: 11:37

    That sounds also like a good way for somebody who isn’t a developer at all, but is more like a tech pro could start checking this technology out and seeing how it can be used in your organization.

    Gary Pretty: 11:48

    Yes, absolutely you can. As a tech pro, as long as you’ve got some basic skills, you know, the ability to maybe go and check out a repo from GitHub and get a project up and running and see it working. That’s one really good way of doing it. I mean, in other ways, just to go and check out some of the awesome content that’s available online around this area.

    I’m one of the AI MVPS, but I’ve got colleagues of mine who produce some phenomenal video content on youtube where you can just go and watch five-minute videos. They will take you from zero to hero in terms of Bots and show you how do these things work? And they’ll explain those core concepts for you. The community is also really, really friendly. You know, the idea that anybody can really reach out to any one of us and we’ll do our absolute best to help. It’s a very unusual week if I don’t get two or three requests just by a DMs on Twitter, just saying, I’m just getting started. I’ve had a problem. How can I fix this?

    And I quite often work with people backwards and forwards until they’ve got their solution working because that’s where I really see and get my value from being an MVP is showing the people how they can work with this technology and seeing them be successful.

    Mary Jo Foley: 13:10

    So we, we’ve mentioned the word cognitive services a couple of times, but can you get a little deeper on that? When I talk about them in articles, I just say these are APIs that developers can add to their products and services to make them AI enabled. But that’s kind of a little simplistic, I admit. But you know, if you’re a tech pro, what do you need to know about what our Cognitive Services and what kinds of things they could help you with in your job?

    Gary Pretty: 13:40

    Sure. I don’t necessarily think that that’s too simplistic a way to describe it. I would say exactly how I would describe it to customers that I’m talking to or other developers because the beauty of the Cognitive Services a lot of the time is their simplicity and how straight they are to pickup and use. Going back to that point that I made earlier about Microsoft wanting to not have people reinvent the wheel.

    Let’s take something like image recognition. Image recognition has been around for a long time. So also things like speech recognition, but everybody was building their own models and you needed a team of data scientists. You needed you know, a lot of programmers and ultimately all different enterprises or different customers were building their own air from scratch. Now Microsoft who said, well, hang on, we’ve got a ton of experience in these areas from the last 20 to 30 years. How about we take all of the great technology that we’ve got behind the scenes and we make that available off the shelf for you to use? It’s this whole idea of democratizing AI.

    Microsoft has been using that buzzword for a couple of years, but for me, it’s more than just a buzzword. It’s very much a mantra for them. The idea of getting these services and to the hands of customers so that you don’t have to have all this knowledge and you don’t have to maintain these models, so we use these cognitive services a lot with Bots.

    So if you think about the Bot framework and the Bot Builder SDK as being the platform that controls sending messages between a user and a the platform, like Facebook or teams, we then use the cognitive services to understand what a user is talking about. So if they use the example for booking a meeting, on a particular day at a particular time, we can use the language understanding service to understand what their intent is, what do they mean, what are the important pieces of that phrase?

    You know, it’s the time, it’s the location, it’s the attendees. Or we can use the cognitive services to our control, how we speak back to a user as well. So using things like the translation service for example, you know I think there’s around 50 different languages now that you can convert and translate between. We can actually use the translation services to detect the language that our user is speaking on the way into a Bot, convert that into a language that we understand as a developer then act on that query that the user has sent in and produce a response and then translate that back into the language and send it back to the user all in real time without any noticeable delay. I mean these services are incredibly powerful and just at Build, a couple of weeks ago we saw some really awesome services being announced, either in a preview now or private preview over the next couple of months.

    Things like the personalized service that’s going to allow you to effectively get personalized results. You think about the recommendations on Amazon or on the recommendations of what to watch on Netflix. We could have built a service like that. We could have done it ourselves before that, but ultimately you would have needed a special set of skills. Right now all you need is the ability to know how to call an API. And that’s the beauty of cognitive services.

    Mary Jo Foley: 17:23

    Another thing we saw at Build that I thought was very interesting, but I think a lot of people didn’t quite understand what they were seeing was that turn by turn conversational engine that they showed. Where you don’t have to every time say like Cortana, blah, blah, blah, Cortana. You could just say, Cortana, what’s the weather today? Then followed up with, do I need a coat? Should I bring an umbrella?

    And it will follow your conversation as if you were talking to a person. Microsoft said that’s being enabled by some of the technology they acquired when they bought Semantic Machines about a year ago. So I’m curious, we know Cortana’s not really your thing, quote-unquote, but you are a conversational AI expert and a lot arm chair industry watchers think when you say AI they think, oh, you mean Siri or Alexa or Cortana. And they just think of that as the whole kind of ball of wax there. I’m curious about that particular set of technology. We didn’t really get a sense of how close or far away that is, but what was your take on it, do you think is just demoware or do you think this is something that people like you and other people working with these technologies are going to be able to take advantage of anytime soon?

    Gary Pretty: 18:42

    Yeah. Okay. That’s a really good question. You know, I’ll preface this by saying this is just my opinion. I don’t have any secret sauce from Microsoft. But the one thing I would definitely say is, but we know that Microsoft has a rich history of being able to show a vision of the future. You know, I remember when Windows Mobile 6 was around and we were seeing these really visionary videos and clips of what does communication look like in 5, 10 years time?

    I do think this is slightly different though. I think whilst we don’t have access to that technology right now, the services that are coming out behind things like the Bot builder SDK and Cortana, and you can build Cortana skills using the bot framework the service we’re seeing come out behind those platforms really do allow you to start having those 10 by 10 conversations. Now it may not be as advanced as what we saw in the video, right now.

    But what we are seeing are things like there’s the service called QNA maker and that allows you to provide a series of questions and answers in a knowledge-base. And then when somebody asks a question, we use machine learning and it will automatically go and pick the most appropriate answer from that knowledge base. Well at Build they announced a new capability for the Q and A maker, which is followup questions and followup prompts. So you could in theory, string a whole bunch of those questions together.

    You don’t need to know the order beforehand. You just need to say these questions relate to the followup questions which relates to these other questions. That’s going to allow you to do something similar to that.

    Mary Jo Foley: 20:29

    I think another technology you can keep an eye on from my perspective would be the project conversation letter, which right now is in the Cognitive Services labs and it’s been there for some time. But it’s still in on the active preview. Conversation Learner is, rather than you needing to go away and be a developer and build a conversation using code, where you are really controlling at quite a granular level, what does that conversation look like in terms of its structure? And we’ve still got a lot of flexibility in terms of how that conversation might branch and flow and we can make it feel supernatural.

    Whereas project Conversation Learner though takes that out of the way and it learns from examples. So you as a developer or maybe even just a business user can actually train Conversation Learner to have a conversation autonomously by having a conversation with it. So you can actually provide both sides of the conversation. So you might say, Hey, is it going to rain today? And then you can provide the follow-up and that follow up can be calling out to third-party services. And what this allows you to do is with enough training, with Conversation Learner, it can intelligently switch contacts and move between different topics of a conversation fairly effortlessly.

    So I think we’re a lot closer to that video than we may think. I think, you know, Microsoft’s history of showing some demoware sometimes it can feel like these things are a long way away. But looking at how far we’ve come just in the last couple of years in terms of Microsoft, they are, I think we’re going to see some of this pretty soon.

    Mary Jo Foley: 22:19

    To step kind of up one level, I think a lot of people want to know what kinds of things can I do better or at all with things like cognitive services and the BOT framework that might be impossible for me to do otherwise. I guess what I’m thinking about is, okay, it all, it sounds amazing. It’s like this technology is, is so futuristic, but it’s also starting to actually show up in real life. But what’s an example of something you would do with your, with one of your clients, say, um, that you couldn’t do or you couldn’t do easily without these technologies?

    Gary Pretty: 22:59

    Sure. So let’s put Bots aside for one second. And let’s look a really simple example with cognitive services. So we had one of our clients and they had a problem where people were visiting the website, they were searching in the search box and they were coming up with either irrelevant search results or no search results because the query that they were typing in were using different terms and different phrases that didn’t maybe match the content on the website. It was kind of a problem. So we looked elsewhere in the industry and said, okay, who does search really well? We didn’t look at Bing, we looked at Google, and we said, what does Google do that’s really awesome in terms of search.

    It’s actually one of the most simple things they do is they will predict what you’re looking for, give you the answer straight away. So if I type in, what’s the exchange rate pound against the dollar, it will give me the answer. It doesn’t expect me to go and say actually the results and click through to a website. We can actually enable an experience just like that using the Cognitive Services. So what we did, we took two Cognitive Services, language understanding and the QNA maker. We train to them and it really didn’t take that long at all. I mean we’re talking a few hours for each service here and we put some questions and answers in and we trained it to understand a user’s intent.

    We call those services now whenever somebody types into that search box. What that means is whenever they type into the search box as well as the searching through the standard web pages, we are also using machine learning to go and find the appropriate FAQs. So maybe they’ve typed in, I’ve lost my account number, or how can I pay by credit card? We can bring those FAQs back and display them above the search results in exactly the same way that Google does. And the reason that is so powerful is you can have a thousand different uses, say their search query in a thousand different ways, but because of the simplicity of the cognitive service, they can all resolve to the same FAQ or the same call to action.

    Mary Jo Foley: 25:24

    That’s very cool. Nice. Well, we’re almost out of time. Thank you so much for helping decipher these complex topics for our readers and listeners. However, before you go, I need to ask you a beer question. We are craft beer buddies. So we always talk about beer whenever we get together. My question for you today is what’s your summer go to craft beer style? I know you, you spend a lot of time in Florida, so you probably have some good options that you go to when the weather is quite warm.

    Gary Pretty: 26:01

    I do. I literally just got back from Florida a couple of days ago for summer vacation. My goto right now has to be the funky Buddha. The name of the brewery is actually escaping me right now, but it’s a Floridian brewery. It’s a phenomenal a beer. It’s low percentage. It’s very sessionable. So if you are in the area, and I’m sure you can probably get it around NYC as well, Mary Jo, I don’t know if you’ve had.

    Mary Jo Foley: 26:41

    Yeah. Funky Buddha is actually the name of the brewery, so yes. You know what’s funny, we don’t get that all that often up here, but I have had a chance to have a couple of their beers and their excellent.

    Gary Pretty: 26:54

    Oh yeah, that is fantastic. So definitely try and pick them up

    Mary Jo Foley: 27:07

    I can tell you’re, you’re turning into a Floridian, you’re picking Florida breweries. Well we’re going to be back in a couple of weeks with our next guest on MJFChat, so make sure you watch for that. I’ll be posting who it’s going to be in the forums on And then that’ll be your signal listeners to send in your questions. Just go to the MJFChat area in the forums and in regard to this chat with Gary. Look for audio and the transcript of this as with all of our chats on the site in the near term. Thank you very much.

    • This reply was modified 8 months, 4 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: What Tech Pros Need to Know About the Microsoft Graph #617269

    You can find the audio playback, here.

    Mary Jo Foley: 00:04

    Hi, you’re listening to MJFChat show. I am Mary Jo Foley, AKA your community magnet. I’m here to ask industry experts about various topics that you, our readers want to know about. So today’s MJFChat is all about the Microsoft Graph and specifically what IT pros need to know about it. My guest today is Yina Arenas, Principle Program Manager for the Microsoft Graph. She also happens to be known as the mother of the Graph. Thank you so much for joining us Yina.

    Yina Arenas: 00:42

    Thank you so much Mary Jo for having me in the show.

    Mary Jo Foley: 00:46

    I’m going to jump right in because we have a number of questions and I want it to start out by asking you if you wouldn’t mind to give us a quick recap of the history of the Graph. Because I think some of the readers and listeners may not be as familiar with the Graph as I am because I’ve written quite a bit about it. But where did the graph come from and when and why was it built?

    Yina Arenas: 01:10

    So let’s start with what is the graph and then I’ll give a little bit of the history about it. Microsoft Graph is the gateway to data and intelligence in Microsoft 365. It gives a unified program ability model so that developers can access a tremendous amount of data across Office 365, Windows 10, and the Enterprise Mobility and Security Suite. In terms of how it got started, it actually was a few years back. Microsoft graph is the result of a journey that we at Microsoft have been going through before moving our own services to the cloud.

    We are our own programmability models where tight to each of the individual products. So it wasn’t very easy or intuitive to build experiences that went across. So for us, the kind of people-centric experiences that we envisioned, we needed to create a platform that could realize them. So we started working on Microsoft Graph and driving consolidation of our APIs and on our data models. It started with a few services.

    It started with Office, Exchange and Sharepoint and then also as your Active Directory, which is that the service that we use to store all the information about users and groups. Today, I will say over a few dozen teams across different product teams across Office 365, Windows, and EMS, which is the enterprise mobility and security suite, expose their data in Microsoft Graph.

    So it is a tremendous amount of data fabric of data from our customers that has been consolidated to power the set of experiences that we build. At Build we announced that not only we have the API, which is the way that developers interact with it, but also data connect, which is a kind of new way to enable analytic applications.

    Mary Jo Foley: 03:09

    I’m definitely gonna ask you more about data connect as we get into this because I think it’s very interesting where you’re going with that. That’s, that’s a really good level set for us to start with. I’ve been kind of trying to explain this in my writing lately and I bet other people have this question too, but how does the Microsoft graph fit in with other kinds of graphs of data that Microsoft has? Like I’m thinking like LinkedIn specifically.

    Yina Arenas: 03:35

    So Microsoft graph, as I mentioned before, it exposes data for Microsoft 365 services. At this point in time of Microsoft and Linkedin, the businesses have made a call to separate partner ecosystems and models. So Linkedin has a program and has an API that partners can apply to to access the data from the Linkedin service. Microsoft Graph is accessible to every partner which, Microsoft’s customers grants them access. So we have a user that is customer for Microsoft 365, then they have the ability to grant a developer or an application access to their data in the graph.

    Mary Jo Foley: 04:21

    Is it correct to call the graph, the Microsoft graph one API or is it multiple APIs?

    Yina Arenas: 04:28

    So it’s actually thousands of APIs. There is more half of a million resources described on the API, it’s a lot. Each of them have their APIs that enable to create, read an update, and delete operations. Because there’s so much data on all of these different set of products that are part of it, that one of the hardest things that we’ve accomplished with Microsoft Graph is having that consistency and establishing the patterns that teams across Microsoft used to design those APIs.

    So those consistent conventions across like naming, casing, errors, URL structures, heather functions and more enable it. The important thing is that at the end result is that developers can leverage the learning curve. So for example, where they learn how to interact with one resource in the graph, that knowledge automatically transfers to any other resource.

    When I say add a resource, I just want to clarify. So I mean files, calendar events, conversations, security alerts, devices and all of the different set of data structures that we have in the Graph.

    Mary Jo Foley: 05:49

    Okay, that’s good. I think I get confused about this because when Microsoft talks about it, they say the Graph API sometimes and so I know that there’s like supposed to be common end points and you can interact with it I think by SDK APIs. So I was a little confused, how people should think about it conceptually.

    Yina Arenas: 06:12

    It is a unified endpoint that is hosted on the . We have SDKs that provide tailored experiences for developers in different languages and Java and javascript and node and objective c. So depending on what environment and what type of application they’re building, they’ll have tailored experiences for them. It is a unified end point that has access to all of these data. So that’s why we call it the like one thing.

    Mary Jo Foley: 06:45

    I’m going to ask a question from one of the forum participants, Stephanie Madrid, who says, “I’d like to know what some of the things that are enabled by the Microsoft Graph API. Like can you give us some examples of things that I might know about that exist today that will give me a better picture of what the Graph can do? ”

    Yina Arenas: 07:06

    Absolutely. So if we start by the definition of these interconnected FAPE fabric of data that contains the resources that I was talking about, right? Like mail, calendar files, like these tasks groups. I’ll say that there are two big components of the Graph. The first one is what enables Microsoft to do. Microsoft graph enables us to build people centric experiences across Microsoft 365. For example, imagine you’re in Word and being able to @mention a person right there in the word document and assign a task to the person without leaving the flow, right? Like that is powered by the Microsoft Graph.

    The second important thing is that what it enables for our partners. So it offers, as we were discussing, this unified end point that they can use to get access to all of the data for these services across Microsoft 365 and not just the data, but also some of the calculated insights and relationships that we produce on our intelligent engine. We enabled them to create these intelligent experiences which can be extending one of the experiences that we wanted, the canvases that we have. Like for example, having an app that shows in outlook and enables you to do smart scheduling. Or writing their own applications, like for example, a web application or a mobile application. So that’s what a set of things that are enabled through the graph.

    Mary Jo Foley: 08:42

    I don’t know if you can do this in words, I’m just thinking of this now because a lot of times when I talk about these kinds of concepts, I always ask people for an architectural diagram because I kind of think in diagrams, so I’m curious if you can. If I was going to draw a picture of where the Graphs sits in the architectural stack, can you explain like here’s the bottom layer, here’s the next layer…

    Yina Arenas: 09:07

    Let’s try, let’s try to imagine this mental picture. So I’ll say that on the bottom of the picture of this layer cake is Microsoft identity. So it all starts with identity of the user. That is a customer for Microsoft services, whether it is across our commercial offerings that is for our business offerings or for work or for school or for our consumer users, right? So it starts with that layer. So the identity layer is the underpinning of our platform. Then the next layer is the data. So it’s all of the data that we have across the different services.

    I was talking about a mail data and calendar data on the task, right? And then on top of that, we have the interfaces that allow access to the data Microsoft Graph being that interface. You can think about the next layer will be the services that we provide. So it is the calendar services or search or emailing or the services around security, like ATP. So all of the services that are built on top of the data. And then the layer on the top will be the experiences. So this is what our users will interact with, right? Like whether it is an experience that we provide or an experience that our partners tailor. Because that’s the big opportunity here. Tailoring those experiences that we built for the very general public.

    The same Microsoft 365 experiences that K to 12 and school will use are the same that will be used across industry verticals in legal or marketing or retail, right? Like we don’t customize them for specific needs, but that’s where the partners come. They are that last mile that customize those experiences and help thrive that tailored set of experiences that are needed for our customers. That’s the layer cake.

    Mary Jo Foley: 11:23

    That’s awesome. I don’t know if it helps other people, but that helps me a lot. So I was a build last week in Seattle and a word that kept coming up a lot in different meetings I had and in different presentations I saw was substrate. I kept hearing people say, you know, there’s this substrate that’s underlying Office 365, Microsoft 365, and some people called it like a knowledge bank or a knowledge base. It seemed to be kind of key, the whole people centric concept that Microsoft is pushing now. But what does substrate have to do with the Graph? Anything?

    Yina Arenas: 11:59

    Yes, absolutely. Substrate is the internal name that we have for the place where a lot of the data sets, capabilities, and services that power the intelligent insights and all of that AI machine learning technologies that are being applied. And that’s where we built, these experiences and Microsoft Graph is the gateway to that. So the data that you will find in the substrate is the same data that is exposed through the Microsoft Graph.

    Mary Jo Foley: 12:30 There’s another concept, I’m familiar with on the dynamics side of the house, which they call the common data model. Which I kind of think of as a place to store all this kind of data too. But I’m curious if there’s any correlation or potential correlation between what’s going on the dynamic side with CDM and what’s going on with the Graph on the other side?

    Yina Arenas: 12:54

    Yes. So graph has a set of defined resources. For example, we have the Schema for those core resources that drive productivity and that are anchored to each of these products that are part of the Microsoft 365 umbrella. Like we’ve been talked about Office 365 and all of the products that our protocol has 365, we talked about Windows and the Windows services and then enterprise mobility and security suite. So that, I’ll say that those are set and defined set of resources and the schema that they already have.

    Present CDM, the partners have an opportunity to define their own schema. And then also there’s the whole initiative around open data that where the common schema is being established across different partners, right? Like with SAP and Adobe, and being the importance there is like how do we make sure that when we’re talking about a specific entity, specific resource, we’re all talking about it in the same way. I mean consistency and coherence, which both CDM and Graph a half as a mantra Jose.

    Mary Jo Foley: 14:06

    Okay. I mean, would there be any case where they were being overlap between the two? If say I’m thinking like custom, like in the case of the Graph, sometimes you have customer data and they have customer data also.

    Yina Arenas: 14:19

    Yes, there could be scenarios where you will use both on par in your application.

    Mary Jo Foley: 14:26

    All right. Another thing to add to my mental map. Another thing that came up at Build last week and you, briefly addressed this at the beginning, was the data connect piece of the Graph. That was an announcement last week at Build. Could you talk a little more in depth about what that is and why that’s a big deal.

    Yina Arenas: 14:48

    Absolutely. So remember we talked about that layer of data?. And the first thing, the first interface that we exposed with a set of APIs that enable you to get access to real time data. So think about very transactional. I want to know what are the top important emails in my inbox right now. Microsoft graph data connect is a set of tools that provide a new interface and then allow developers to get managed access to the data at scale. So it’s not, I’m just not going to get a single point in time, but I’m going to get a window of time.

    I don’t have these tools that including Microsoft graph data connect, gives ability for developers to with no code just configuration. That’s one of the tools that is provided securely, an automated migration of that data into Azure. Once the data is in Azure, then you can use Azure tooling like all of the AI and ML tool set that Azure offers to do an analysis on that data. Then you can derive and generate your own insights. And not only it has that secure migration to Azure which remains in the customer’s boundary, but also it allows administrators to manage the type of data that is most. So for example, if we go with email, so say we want to move all of the email for a given group, let’s say the marketing group and we want to know if they’re collaborating, right?

    Like, so we’ll move that email, but we just want to know, we don’t necessarily want to know who sent it. We only want to know subjects and bodies. So we can do that granularity and decide like what are the set of dimensions of the data that we’re going to move to Azure and allow the administrator to control that. So that is at the natural what Microsoft graph data connectors.

    Mary Jo Foley: 16:52

    Is it specific to insights or can you do other things with data connect beyond that?

    Yina Arenas: 16:57

    You could do other things that it enables different set of scenarios, right? Like basically it gives organizations the opportunity to tap into large datasets. They can power, whether it is insights or intelligent workflows or organizational optimization, like for example, scanning for fraud and security. There are many scenarios that you could use once you have that data at rest.

    Mary Jo Foley: 17:27

    Speaking of security, we have a security question from Greg Alto. He asked, “can you talk a bit about the security of the graph? It contains a lot of sensitive data and I’ve always been curious how about how Microsoft protects users data in such a rich pool of content from abuse by outside parties.”

    Yina Arenas: 17:47

    Yes, that’s a very important question. So I’ll say that the, the prime message here is that it is customer’s data, right? Like all of the data that is stored in Microsoft Graph. It’s either belongs to an organization or belongs to the individual users and privacy and security of our customer’s data is the most important thing for us. We’ll say all of the intelligence features within Microsoft 365 strictly respect the access rights given by a user.

    We will not expose the information to anyone who has not been given access. So when you have a third party application, they must explicitly request access to that data. And the users, if they have the rights to give access to that data, they will be able to consent to it. Otherwise, like it would be up to the administrators to consent to give access to that data. Then the company administrators have the ability to take full control on what the applications can be used with in the organization.

    So whether or not users are permitted to acquire applications and they can even control all of the apps that have access at any point in time. They can also revoke these access at any point in time. So the security, like I said, it’s very, very important for us and there is very granular controls that users and administrators have or the data.

    Mary Jo Foley: 19:22

    That’s good. Good to know. So you’ve addressed the question I had, which is, is the graph applicable to both business data and consumer data?

    Yina Arenas: 19:33

    Yes. On both.

    Mary Jo Foley: 19:36

    This may be a crazy question, but given that at Build, Microsoft’s is now talking about three clouds. They’re talking about the productivity cloud, the AI Cloud end gaming cloud. Is there any use for this at all in gaming?

    Yina Arenas: 19:53

    Well, you’re right, Graph is for both consumer and commercial services. Today on the consumer side is it exposes the user profile information that is the same for our gaming services. So when you sign up to Xbox live with your account, that’s the same information that is exposed on the consumer side of the Microsoft Graph. Now we don’t have at this point in time any other data from the gaming services, but in the future it might expose. So it’s not out of the question. It’s not a crazy question.

    Mary Jo Foley: 20:38

    Cool. So getting towards a wrap up here, I think Tina had a good potential last questions. She said, “for a developer, I understand what the appeal of the Graph is and and I know why I would need to know about this concept in the APIs and all, but if you’re an IT pro, what’s your stake in the game here and how should you start learning about this? Like what do you recommend it pros need to learn or do or know about the Graph at this point?”

    Yina Arenas: 21:09

    Yeah, so I’ll say that Microsoft graph is here to alter the landscape of productivity for everyone. So developers and users and IT pros are directly impacted by the experiences that are powered by the Microsoft Graph. We already talked about, you know, the set of experiences that can be built for developers. We talked about the opportunity for them to build those experiences.

    For IT pros, I think that there is an important aspect around the control that it gives them. So for apps that are easier to deploy and manage because they are integrated with the Graph, they can, as I was mentioning before, they can control at all times what applications have access to the data in their organization. They can assign applications to specific users or groups that can manage those.

    And furthermore with offerings like Microsoft cloud app security, they can get detailed information of the apps that publishers understand, classify, and protect the exposure of sensitive information. So if you think about what we used to have in the past where IT pros or where users in an organization were getting customizations and that were freely given access to their data. Because Microsoft Graph has such tight security controls, it gives more control to the IT admin to what their users can do with applications.

    Mary Jo Foley: 22:34

    That’s interesting. Great. Well, thank you. You know, this was really helpful. I hadn’t talked to you in a couple of years. I think about the Graph and there’s a lot of things that have changed, so I really appreciate you giving us time here and sharing more insights.

    Yina Arenas: 22:54

    Absolutely. Thank you for inviting me. You’re welcome.

    Mary Jo Foley: 22:58

    We’ll be back in a couple of weeks with our next guest on MJF chat, so make sure that you watch for that. I’ll be posting who it’s going to be in the forums on and that’s your signal listeners to send in your questions in the MJFChat Forum area. In regard to this chat with Yina look for the audio recording and the transcript of this, as with all our chats on the site in the near term. Thank you very much.

    • This reply was modified 9 months, 1 week ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams

    You can find the audio recording, here.

    Mary Jo Foley: 00:04

    Hi, you’re listening to MJFChat show. I am Mary Jo Foley, AKA
    your community magnet and I’m here to ask industry experts about
    various topics that you, our readers, want to know about. Today’s MJFChat
    is all about Microsoft’s Windows Lite release and my guest today is Brad
    Sams, the executive editor of and someone who’s been at the
    forefront of digging up some really interesting Windows Lite gold. Thank
    you so much for joining us Brad.

    Brad Sams: 00:37

    Thank you Mary Jo. It’s fun to talk about this stuff because it’s so
    bleeding edge. It’s not even on an edge yet, but we know it’s coming and
    it’s going to be a big deal for Microsoft when it does arrive. We just are
    still trying to figure out exactly when that’s going to be.

    Mary Jo Foley: 00:55

    I like your thinking on that. A little inside baseball for you listeners,
    Brad and I actually proposed through the official channels a session on
    Windows Lite at Build. We did not do this as a joke. We should point out.
    We got shut down. We actually thought there was a case to be made for some
    early dialogue around this, what this is and how it should evolve. But the
    session keepers at Build did not agree with us so we decided to take this
    to MJFChat and have the same discussion here.

    Brad Sams: 01:26

    Yep. Because you know, if they don’t want us to show must go on.

    Mary Jo Foley: 01:30

    Exactly. So Brad, let’s start with a little context for any of our readers
    or listeners who may not have heard a lot about Windows Lite. So what is
    this thing and why should we care?

    Brad Sams: 01:41

    So Windows Lite is going to be, and I don’t say this too lightly, I think
    one of the more interesting things Microsoft does over the next 18 months
    depending on how they play it out. But what it is is it’s going to be there
    first. And I, I don’t want to say real attempt in competing with Chromo OS
    cause we can document some other attempts. But Microsoft is trying to build
    a light version of Windows that they hope will compete with that. The
    Chromebook style devices of the world and modernize windows to some extent
    to make things just a little bit more modernized because the windows that
    we use today, while it has been upgraded and there’s lots of great stuff in
    there, it’s still the same basic idea of Windows XP not much has changed,
    you know, modernizing it. We saw them trying to do things with like Windows
    phone and then we have Windows S and RT and all that stuff. Microsoft has
    put their best of breed according to people who are familiar with the
    company’s plans on developing Windows Lite. It’s going to be, well just a
    modern version of Windows. It’s going to look familiar and yet it’ll look
    different at the same time.

    Mary Jo Foley: 02:48

    Do you even think it’s going to be called Windows?

    Brad Sams: 02:50

    I don’t think it will be. I heard that they are trying to move away from
    that. My gut tells me that it will be something recognizable to Microsoft
    and I don’t know what that is exactly, but it would not surprise me if they
    actually removed the name windows from it because that brings with it its
    own set of expectations, which you could probably argue doom some of the
    other attempts, right? When you say windows, you expect backwards
    compatibility, you expect to be able to run any application that you own.
    You expect to be able to just download things from the web. But I don’t
    think that’s going to be the case with this next version. Microsoft I think
    is approaching it very, very cautiously and it’s going to be exciting.

    Mary Jo Foley: 03:33

    I do too. Since we brought it up in kind of in a roundabout way, let’s
    bring in a reader question from Greg Alto. He said, “why is this going to
    work this time when S mode and Windows RT failed?” So we made some veiled
    references to previous attempts and you know, they did try to compete with
    Chrome OS, in those two ways. But why do you think this could work this
    time if you do think that?

    Brad Sams: 03:57

    So it’s honestly a very fair question. First off, I think Windows 10S,
    honestly I think we can just write that off. That was a very poor attempt
    at everything. It almost, I don’t want to say reactionary, it was just a
    very awkward announcement at a very awkward sort of of education based
    event. And then they didn’t really explain why S mode was ever going to be
    better. That was the one thing I remember leaving that event was saying,
    okay, they’ve said it’s going to be better, but they never actually proved
    it and all they do with some weird boot up time, which how often do people
    reboot their machines anymore? Not all that much. I think the real
    competitor was RT and there were a lot of things going wrong there. You had
    Windows 8, which was not universally loved by well many people or anyone

    Brad Sams: 04:43

    You had a really weak store. The web apps weren’t really there and so on.
    Why is Windows Lite going to succeed? I think it’s because they went back
    to the drawing board and first off we have things like a better browser,
    which was seriously lacking in some of the older stuff. So we now have a,
    what we think that we use as a chromium base browser. We also have
    progressive web apps are really taking off. Microsoft is actually doing
    some quality work to the UI. And so it’s hard to underestimate how much
    changing the UI can just change a user’s perception on day one. And by not
    making those expectations of it, just being windows I think is going to
    help them. If they do the branding correctly, I think that will help them
    as well.

    Brad Sams: 05:37

    The other thing I think they have going for them too during all of this is
    that the Internet has just kind of grown up. We have these progressive web
    apps. We have the ability to just run apps completely in a browser. And so
    that is what Microsoft needs and if they get their timing right, their
    message right, and the hardware right, which is going to be a big sell or a
    tough challenge, you’d say. I think they have a better chance than when
    they launched RT where they had new hardware with a new OS that wasn’t
    fully baked. And so I think that they’re going to get things right this
    time. Because they’re putting their best people on it, so it should
    actually work a bit better than the previous attempts. It’s a great and
    very fair question and I guarantee you Microsoft is putting together a
    very, very carefully crafted, at least I hope Mary Jo, we know this very
    well from the marketing stuff and crafted marketing message about why this
    is going to work. Because to Greg’s point, they have actually tried twice
    before and they have failed twice before.

    Mary Jo Foley: 06:43

    Right. Another question from the forums. Will Windows Lite be based on
    Windows 10 or Chrome OS as suggested by this guy called Paul Thurrott who
    you might know.

    Brad Sams: 06:52

    Yeah, unfortunately, we do know him. He’s the compandre.

    Mary Jo Foley: 06:58

    I don’t remember Paul saying Chromo OS. I remember him saying the idea was
    to compete with Chromo OS like we both heard, but I can’t imagine Microsoft
    building an OS on top of Chrome when they’ve got windows core operating
    system to build on top of.

    Brad Sams: 07:13

    Yeah, from what I have seen, it’s not based on Chrome OS or anything like
    that. It is definitely based on Windows Core OS. As it stands today and I
    expect this to change the install screens and all that look just like
    Windows 10, there are different color and they’re slightly more streamlined
    if you will. But this is absolutely based on Windows Core OS.

    Mary Jo Foley: 07:38

    Bart also asks, if Lite is going to be based on Windows 10, which we both
    believe, will it be able to run Android apps?

    Brad Sams: 07:47

    It’s an interesting question. I don’t think they’re going to go down that
    route personally. What we both know that they had the technology to be able
    to do this. They were bringing it over to windows phone and then the rumor
    was that it was so successful that it was going to kill the Windows Store.
    So I don’t think that, I think they are honestly going to push down the
    progressive web app route because that seems to make the most sense. And
    obviously the Microsoft store as well, but what do you think Mary Jo, do
    you think they would go that crazy with it?

    Mary Jo Foley: 08:19

    The way they’re approaching Android apps with Windows 10 might be the way
    they go with Lite in terms of having the euro phone companion app and, and
    bring in compatibility and the ability to access certain features in
    android to Lite if they even want to bring android apps to Lite. Or you
    know what, this might be even crazier, but there is talk that one of the
    things that will differentiate Windows Lite from previous attempts at
    Microsoft is they’re gonna have win32 app compatibility with your
    virtualization. So could you bring Android apps through virtualization and
    would that make any sense? Or it just added a level of complexity that they
    don’t want in light. I’m not sure.

    Brad Sams: 09:04

    I’m honestly hoping that we hear about this at Build, I think this will be
    a very telltale sign if they do talk about it at Build, if they truly do
    figure out how to containerize win32 apps. While this absolutely has
    implications for Windows Lite, I think it has bigger implications across
    the entire Microsoft stack. Because you can look at virtual desktops, you
    can look at just streaming in general. That is like the one thing that I’m
    waiting for, which we’ve heard about and we’ve read various things, but we
    haven’t really seen any proof yet. So if they come out and show this off,
    that will be a massive win for Microsoft. And I honestly hope that we see
    it soon.

    Mary Jo Foley: 09:45

    I do too. Bart has another question. Bart you had a lot of questions, but
    they were good ones. When do you expect Lite to be tested now that it
    sounds like we won’t hear anything about it at Build and will it require
    any special hardware, do you think?

    Brad Sams: 10:02

    That is $1 million question right there because the only reason I say that
    is that I think that some things have shifted in the Lite timeline
    relatively recently and I think it has to do with Edge. If you remember in
    December they announced that they were dumping Edge html for Chromium and
    now we have this new browser up and running and Windows Lite was utilizing
    the browser a lot to no surprise. And now they have to put in a new browser
    and we don’t know how far down the rabbit hole they are going with that
    rendering engine. If Windows Lite was heavily based on Edge html to then
    switch it, is not a trivial task. So that could be delaying it’s inevitable
    announcement. So the last thing that I had heard was that around the July
    timeframe, they were expected to have wider availability of internal
    testing, which means that it’s getting to the point where they want the
    whole company running on this, or at least testing it. I don’t know if that
    timeline has slipped, but up until this kind of delay, I was expecting it
    sooner rather than later.

    Mary Jo Foley: 11:09

    It’s interesting because when you first reported about Lite, I believe you
    were the first person to talk about it. I started asking around to some of
    my contacts about it and people were saying, you know, don’t think we’re
    going to be as fast at this as you think we should or might because there
    are a lot of moving parts in the equation. I was kind of taking a little
    more of a cautious stance thinking, okay, you know, I know they’re working
    on it. It sounds like it’s full steam ahead to get this thing going, but
    you know, are they going to try to tie it to a hardware release or not, you
    know, are they going to make it something that will run on existing
    hardware or it’s going to require a new device. I think a lot of those
    things play in to too.

    Brad Sams: 11:53

    I fully agree. They also need partners too, if Microsoft does this right,
    it would be unjust to just launch this with just one Surface model or
    however you want to do it. Microsoft has always made a living candidly off
    of its partner network. For them to bring this out and say, well first off
    it would make all of their partners probably pretty angry. If they said,
    hey look, here’s this brand new surface device running this new OS and you
    could only get it from us. I think HP, Dell, Acer and all those guys would
    throw up their arms and just start cranking out Chromebooks left and right.
    Which that only adds to the complexity, the timeline, because they’re not,
    again, to your point, they’re not only shipping software, they need new
    hardware stacks to make it run. Granted you can run this Windows Lite I
    believe on just about anything, but I think they are going to come out with
    designed more locked down hardware sets for OEM partners and all that
    stuff. So they have a guaranteed good experience rather than trying to
    chase the rabbit hole of Windows, which is, it runs on everything really
    well on any hardware configuration, which is the strength and weakness of

    Mary Jo Foley: 13:01

    Right, right. When you first reported about it and then I started digging
    around, we were also hearing about something codename Centaurus, right?.
    Which is supposedly Microsoft’s dual screen netbook. I wouldn’t call it a
    Chromebook because probably going to be pretty expensive unless it’s like
    the high end pixel book. Right. But I don’t think that hardware isn’t
    necessarily tied to Windows Lite, but I could see a case for them bringing
    those out together.

    Brad Sams: 13:30

    I would agree only because we’ve seen Microsoft try to launch hardware and
    new software at the same time that’s how they like to position surface.
    That’s how they like to use their products. That’s how they like to present
    the narrative, not to mention if more complete. If you go up on stage and
    say, hey look, here’s the software, go install it on your own desktop today
    isn’t quite as exciting as going to go buy this new piece of hardware.
    It’ll run it and it’ll be great and we can promise that. And so it makes
    for a much better launch experience and it gives them something to talk
    about to drag it on.

    Mary Jo Foley: 14:09

    Andrew Ness or Andrewness if you want to look at how he does his name in
    the forums, had a bunch of really good questions. So one he asked was “what
    technical characteristics do you foresee light sharing with Chromo OS and
    he brings up power wash, which is the reset of the operating system to
    factory defaults”. I think this, if you’re looking at where Microsoft has
    not had a compelling story, vis a vi Chromo OS and Chromebooks, here it is,
    right? It’s in the management of the device. So do you think they’ll come
    out with something like that or do you think they’re working on something
    like that? You heard anything about that?

    Brad Sams: 14:47

    So the terms that I’ve heard to use describe a Windows Lite, instant on
    instant reboot, instant refresh, which would make it sound like Powerwash
    Microsoft, and I’ve heard them talk about this, they know that Powerwash of
    Chromo OS is one of the most compelling features because all the teacher
    needs to do is just shut the lid, reopen it, and they don’t need to call
    IT. They don’t need to do anything else. Because you’ve got to think about
    too, were Chromo OS is most popular, it’s in, at least in the US I should
    say, it’s in that education segment, which is typically not had a massive
    IT budget. And so if a teacher can just shut the lid, reopen it, you know
    effectively off and on again and it’s brand new and they don’t have to call
    IT that is probably the biggest win of Chrome OS over anything because
    anybody can go browse or anymore, we know that anybody can build something
    that gets on the Internet. It’s the management and Microsoft knows this.
    The only reason I hesitate to say they know what the best is because they
    didn’t do a great job with it with Windows RT or 10 S. But I believe that
    they are making that a priority with this next version.

    Mary Jo Foley: 15:54

    Even something like Intune for education, it’s starting to go that way, but
    it’s still like really complex compared to something like Powerwash, right,

    Brad Sams: 16:03

    Exactly. Because the world is changing, right. It used to be that IT was
    this central hub of everything that you did and that’s not going away and I
    don’t want to undervalue that, but at the same time, the end user is
    becoming more empowered mostly because most things are moving to the web.
    When things are on the web and they’re much easier to manage because you
    only have to deal with if the device connecting to the Internet. And that’s
    it. Because then everything else is done by the IT pro on the backend. And
    when you have more management such as logging in, finding the files,
    navigating the shared drives and all that stuff, it becomes more complex.
    What Chromo OS has did really well was connect the Internet and refresh and
    that’s all that it needed to do.

    Mary Jo Foley: 16:44

    Another good question, Andrew Ness. How do you expect Microsoft to counter
    Google’s position of Chromo OS and in noncommercial environment? So this to
    me is really interesting because we’ve talked Chromebooks and we always
    think education first, right? Like that’s the big market. That was the
    first market. But Microsoft’s making a big play for firstline workers and
    so is Google. How do you think Microsoft will position Windows Lite
    compared to Chromo OS in those kinds of segments?

    Brad Sams: 17:17

    I think it works out pretty easily from a narrative slash pitch
    perspective, because they can just say, hey look, we can make this work
    really well with Office 365 and we can make this work with our entire
    suite. It’ll boot up with autopilot and just be up and running and all that
    good stuff, but at the same time, I think they’re also going to eventually
    scale all this stuff up. I’ve seen documentation around Windows Lite, and
    this goes back to a lot of the Wind 32 to containerization. To your point,
    and I think that is absolutely correct, they start the first line workers.
    I absolutely believe that Microsoft is looking one day to have this span
    and much deeper subset of users, not necessarily the full on power user of
    the Gamers, the people running autocad or editing videos of the world, but
    all the way up through the accountants through finance through marketing
    and all of that and making this just a more easy to manage OS because as
    enterprise continues to grow, IT budgets candidly typically aren’t growing
    at the same rate. Mary Jo, I’m sure you’ve heard this before, but upgrading
    to Windows 10 was actually a burden for a lot of companies because now they
    have to deal with updates all the time as opposed to just once every three
    years and patch Tuesday was fine, but now you’re throwing in 2 feature
    updates per year and it wasn’t making sense financially. So Microsoft has
    to prove as Windows Lite scales up that hey, this is actually an easier to
    manage, it’s a cost reduction version, it ties into Office 365 or Microsoft
    365, has the AD integration, that you just won’t find on Chromo OS.

    Mary Jo Foley: 18:55

    That’s making me think of something I hadn’t thought now, which is do you
    think windows as a service, Microsoft’s whole new servicing strategy with
    two feature updates a month, we’ll still continue when we have Windows

    Brad Sams: 19:06

    That’s a really good question. It really is. I honestly think that it might
    just be something you don’t even think about if Microsoft does it right. I
    still remember having breakfast with Terry Myerson at CES, Paul and a
    couple other people were there many, many years ago and he said one day and
    we hope that Windows updates, you don’t even know they just happened in the
    background and it’s a completely seamless experience. Having to reset is
    too much. Having to dedicate time to have your machine update is too much.
    Windows Lite I believe will be the first opportunity where Microsoft has
    the technical chops, the infrastructure and the underlying core or less in
    place to actually enable that functionality. So if Microsoft kind of
    factors around that wind 32 containerization and all that stuff, if they
    can get every app to just kind of float inside the OS, which is something
    I’ve heard them use before and that the underlying components can just be
    updated and have no impact on the apps or settings or anything else, I
    think we might actually see it accelerate a little bit potentially.

    Mary Jo Foley: 20:10

    I know that’s the true promise of containers, but so far that really hasn’t
    been the way things work, right?

    Brad Sams: 20:16

    Correct. You’re right.

    Mary Jo Foley: 20:17

    We always hear about people wearing and looking forward to the idea of a
    cloud OS, windows in the cloud, or some people even used to call it
    Microsoft Windows 365 , there are all these ideas about what if Microsoft
    really had a streaming version of Windows? It’s not as far fetched as it
    seems a couple of years ago, right?

    Brad Sams: 20:38

    I mean, you look at the VDI, the virtual desktop infrastructure, that they
    just announced, what do they call it? Windows VDI light. You look at all
    that stuff and you think this actually becomes pretty plausible. There’s a
    lot of moving parts right now that haven’t fully aligned, such as Windows
    Lite, such as their desktop infrastructure. It’s there, but it’s not well
    integrated across the entire Microsoft stack yet. I think that is one of
    the kind of overarching narratives that’s happening inside of Microsoft.
    And I’m watching and you probably are too watching how all these different
    parts are eventually going to work themselves into a streaming portfolio,
    but we’re not quite there yet. That’s kind of the other thing I think Lite
    will help play into as well.

    Mary Jo Foley: 21:23

    Yeah. So I remember you saying at one point, I think you did say this, that
    you thought one day Lite would be the only operating system that Microsoft
    offers. Do you still think that because I still feel like there needs to be
    something like a fully featured Windows as it exists, like Windows
    enterprise for certain use cases.

    Brad Sams: 21:44

    So I would say that yes, with just the caveat that there’s always going to
    be edge cases. I mean there’s Microsoft documentation that talks about how
    currently Windows Lite is for your casual kind of consumption and that
    Windows proper is going to be productivity based and that is going to be
    the ongoing narrative for a while. That windows 10 or whenever they
    rebranded as eventually or whatever they call it will always be the
    productivity hero of Microsoft. I think we’re going to see some licensing
    changes once Lite comes out as they’ve tried to push more consumers towards
    that. Will Lite ever 100% fully replace Windows 10 Enterprise? I don’t
    think so. I think Microsoft would love for to have all that functionality
    enabled, but from a business perspective, and we both know that Microsoft
    made a bunch of money from windows last quarter, they’re going to be very,
    very cautious about how they approached that because for the same reason
    they made a bunch of money on it last quarter.

    Mary Jo Foley: 22:44

    Yup. I agree. Okay. We’re nearing the end of our time, but as, is there
    anything you wanted to talk about or bring up about Lite that you feel like
    people don’t quite get but they need to understand, you know, like when you
    read other coverage or hear people talk about it, you’re like, yeah, but
    you guys don’t understand this.

    Brad Sams: 23:01

    I would point out is that Microsoft is approaching this much more seriously
    than they did Windows 10 S. I mean it’s almost kind of got that Windows RT
    style commitment from management. Like this is not some just one off thing.
    They’re going to try it and then they’re going to do it. I’ve heard time
    and time again that they took the best Windows 10 engineers and put them on
    Windows Core OS project. This has been a massive undertaking to get
    Windows, update it to this Windows Core OS experience, which percolates
    across, you know, Hub, Hololens, Lite everywhere. When people look at this
    and just say, hey, this is just going to be RT 2.0, I don’t agree with
    that. I think that this is going to be a much more serious initiative, much
    more pervasive and also a much, I don’t want to say bigger bet than RT
    cause we all know how big of a bet RT was, but it’s on that same scale. I
    think Microsoft has becoming increasingly confident that this path is
    actually going to be the one that works. Microsoft has a pretty good
    history of being third time’s the charm. So we’ll see if this one shakes

    Mary Jo Foley: 24:12

    Great. Well thank you so much for being on the chat today, Brad.

    Brad Sams: 24:16

    Well thank you. This was a lot of fun.

    Mary Jo Foley:24:18

    I think it’s good because it’s good for our listeners to hear from the
    Horses Mouth, Aka Brad’s, what we think is happening with Lite and where we
    think it’s going to go. Let’s see if we’re right in, in the coming weeks
    and months as well.

    Brad Sams: 24:32

    That’s the one thing you got to keep in mind that this is, none of this is
    externally official information. This is all internal communications. This
    is what’s happening. Mary Jo and you fall right into this category. When
    people say, what is your role in the world? My vantage point is that I
    always just try to see over the walls of Redmond and kind of observe what’s
    going on.

    Mary Jo Foley: 24:52

    Hide in a Bush and peek out and try to steal some secrets maybe .

    Brad Sams: 24:56

    Or you know sometimes you ride around on the trolleys or whatever..

    Mary Jo Foley: 25:05

    Cool. We’ll be back in a couple of weeks with our next guest, so make sure
    to watch for that. I’ll post who it’s going to be in the forums on and that’s your signal to send in your questions in the MjfChat
    forum area. In regards to this chat with Brad, look for an audio recording
    and the transcript of this as all of our chats have in the site
    and in the forums. Thank you very much.

    • This reply was modified 9 months, 4 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams

    You can find the audio playback, here.

    Mary Jo Foley:                 00:04                   Hi, you’re listening to MJFChat show. I am your community magnet and my name is Mary Jo Foley. I’m here to ask industry experts about various topics that you, our readers, want to know about.

    Today’s MJFChat is all about Microsoft’s Power Platform. My guest today is Steve Mordue, a Microsoft business applications MVP and the CEO of Forceworks, which is a Microsoft cloud partner specializing in Dynamics 365 for SMBs. Thank you so much for joining us Steve.

    Steve Mordue:                00:41                   Well thank you for having me.

    Mary Jo Foley:                 00:43                   So I’m going to give a little intro of the Power Platform, but I’m sure your going to give us a lot more details about it. So, for the past few years Microsoft has been developing and rolling out pieces of what it now calls the Power Platform. There’s Power BI, it’s business analytics platform, Flow, it’s workforce automation engine, and Power Apps it’s associated development platform.

    Together, these three things are now called the Power Platform. Up until now, this has been mostly the domain of Dynamics 365 users. But I feel like this is changing and Microsoft is now making Power Platform a key piece of its overall “intelligent cloud intelligent edge pitch”. I feel like the pair of platform is a fundamental pivot for Microsoft business apps. It facilitates taking developer centric tasks and moving them into the hands of so called citizen developers.

    Mary Jo Foley:                 01:40                   So this is basically a low code, no code story. Steve is one of the best people to tell this story. So thank you again for being here. So Steve, I’m going to start with one of my own questions for you. I’ve been around this block a few times as you have this Microsoft block and I feel like this isn’t the first time Microsoft has tried to target non-developer developers.

    I remember back in the old days VSTO, Visual Studio Tools for Office, and then Office developer tools. Neither of those efforts really took off, I would say. So now here we have the Power Platform. Why do you think this is different and will this time Microsoft be able to succeed in targeting so called citizen developers?

    Steve Mordue:                02:33                   You definitely have been down this particular block longer than we have. We were Salesforce partners for 10 years before we moved over to Dynamics in 2011, so a lot of the old war stories that I hear from partners and insiders, I wasn’t here for. I take everything from when we were on board and what we know about, so some of the fails or past efforts from different regimes and things like that are interesting stories for me, but I wasn’t there for that pain. But there’s been other pains of course in the process.

    I would love to think that somebody at Microsoft or a team at Microsoft came up with this grand plan quite some time ago and this is the execution of that plan. But I think in reality it’s been more opportunistic, you know, as they have been developing down a path and multiple paths of different things, the opportunities just arise to “Hey, what if we connected this?”. I think that’s kind of how we’ve gotten to where we are with Power Platform.

    It was a bunch of opportunities recognized and taken individually that now after they’ve taken quite a few of these individual opportunities, we look back and we say, “wow, we’ve got a darn platform here”. So I don’t want to take away anything from Microsoft having this grand vision of Power Platform, but I get a sense that we kind of ended up here, you know, a less planned way, but we did it up at a very good place.

    Mary Jo Foley:                 04:11                   I’m glad to hear you say this is how you see it too, because I felt like we were hearing about different pieces at different times. Like I feel like we heard about Power BI and then one day Power Apps and Flow showed up and now it’s all one thing. And I’m like, was this a grand plan or actually are they making lemonade out of lemons? Cut. No, but I also am happy to hear you say we’re in a good place.

    Steve Mordue:                04:37                   Well when you would you see a lot of these things that kind of started off in one direction and then kind of took a step back and and went down a different direction to kind of conversion is really what makes me feel like, it’s good a kind of a journey of realization for Microsoft as it had been building some of these technologies independently.

    You know, Power Apps really came out of the Sharepoint side of the house and now of course it’s all CDS all day. And CDs had started out on a whole different path before they took a couple of steps back and took it down a different fork. So I think a lot of these things are realizations they’ve made after they start one direction, that then they’re looking at this. So, you know, if we’d gone that direction, this could be a lot more powerful and they’ve taken that step back, which, you know, I’ve got to kind of applaud them for that. It just keep the head down and push forward in the wrong direction.

    They saw those opportunities and took that step back. There’s still some of those kinds of steps going on where they’re seeing other opportunities around this Power Platform to bring more things into it. I think a lot of this is James Phillips.

    Mary Jo Foley:                 05:47                   Yeah. I was going to ask you.

    Steve Mordue:                05:49                   You know, there’s been a lot of leaders of the business applications over the years. When we came in, we went through two different regimes. I think when we arrived, Bob Stutz was in charge and then when he left, another person was in charge for a little while and then when he left, Phillips took over. Phillips has been I think the smartest of the guys that’s running this group, and also he’s been the best salesman by far.

    Mary Jo Foley:                 06:18                   Yep. I, I feel like when I hear him speak, James Phillips, he makes it feel like, okay, this all makes sense, right? It doesn’t feel as disjointed and it feels like they do have a vision. So I think that’s really important for partners and customers because as you noted, Dynamics 365, it’s been a little rocky and there been a lot of strategy changes. I feel like of all the parts on Microsoft’s that I write about, it’s been the hardest one to keep up with.

    Steve Mordue:                06:44                   Yeah. Tough one to keep your arms around. Well, I definitely think that we went from an era where lots of mistakes were made, to a new leader who I don’t think has made mistakes, but he’s doing a lot. He saw an opportunity here where, you know, Salesforce is still far and away, you know, the 800 pound gorilla.

    All the past efforts really hadn’t made a dent, but I think he kind of looked at it from you know, let’s stop chasing Salesforce and instead, let’s take the strengths that we have as Microsoft and just come up with the best thing we can come up with. And stop all this focus on all the competitors and what they’re doing. And I think that’s probably been the best move for the whole business applications group. Let’s focus on what we can do well and stop worrying about what everybody else does.

    Mary Jo Foley:                 07:36                   Right. You brought up Salesforce a few times, which makes sense given you are a former Salesforce partner because Salesforce is the biggest competitor to Dynamics 365. I’m curious, do you think it’s fair to say that the Power Platform is Microsoft’s answer to, which is salesforce developer platform, or is it something a little more nuanced and different?

    Steve Mordue:                08:00                   I think so. You know, if you stand back and kind of look at what has happened, you could certainly say, well in comparison to it looks like the Power Platform, a platform license, is a similar approach. But I don’t think anybody at Microsoft thought, “oh, we have to have an answer for”. I think it’s more about tying together some of those other pieces that they have. When you look at products like Flow for example, I mean there’s not even a complete story from Salesforce route flow.

    They don’t have anything that does anything like that yet it’s a key component of the Power Platform. So I think they really have just said, “forget about the competition “. They’re keeping an eye, obviously the sales teams keep an eye on what’s going on over there with competition, but, frankly, if you’re not gaining in a race change the race and I think that’s what they did.

    Mary Jo Foley:                 08:53                   Okay. Let’s, dig into the parts of the platform. We have a reader, Jessica Jolly, who in our forums goes by JBJ211O. She wants to know who is the natural audience for power apps, the development piece of the Power Platform. Given that it’s a no code low code solution, one would think that it would attract business users, but in fact the interface still feels a little intimidating. So is there a vision that they’ll be enough training out there to get business users to overcome their initial “shyness” ?

    Steve Mordue:                09:31                   So no code doesn’t mean your mom can do it.

    Mary Jo Foley:                 09:36                   Or your dad.

    Steve Mordue:                09:41                   There’s still some level of understanding of just some basic technology. But I mean, if you can create a Facebook page for your business or a linkedin page for your business or do some of those sorts of things that people do routinely now that they were a little intimidated the first time they. They could accomplish things with the platform.

    I think what the real key here is that that business user knows better than anyone what kind of problem they’re trying to solve. They also know and recognize when it’s been solved. And, this is a big advantage I think, is they can, they can get around the initial intimidation of, oh, this doesn’t look familiar. Well, neither does my new cell phone. But eventually I figured out how to use it, but much quicker than any developer they can come up with.

    Steve Mordue:                10:35                   Here’s what I need to solve my problem. And they can recognize when it’s being solved. And I think that’s a real key is putting that kind of power into the hands of business users. You know, to really not have to engage with a developer, which has been the historical way you solve problems, this is going to be huge.

    I think that there will be a lot of problems solved that never would have been solved because it never would have been able to justify the expense for you in a developer. I think that that’s going to be the real interesting thing to see grow is people being able to solve their own problems for the platform.

    Mary Jo Foley:                 11:12                   Yup. So Jessica is also asking, is it envisioned that Power Apps will replace existing processes and business or will it be deployed at least initially to solve problems that are not even on the it planning radar?

    Steve Mordue:                11:30                   Yeah. I think both. I mean, when you look at customers of all sizes, this is enterprise all the way down to small business. There’s still 80% of the workloads that are being done on spreadsheets.

    At any size business, there’s lots of stuff being done on spreadsheets and outlook. That is how they’re managing stuff and depending on what it is you’re trying to solve and what size company you’re at, you just might not be able to get the interest of IT to come in and help you solve that departmental problem or something like that. There’s a point with spreadsheets, no matter what you’re doing, where you just plainly outgrow them.

    The first time you start sharing a spreadsheet with more than two people, it starts getting a little unwieldy and you see companies all over the place

    Steve Mordue:                12:17                   that have gotten massive processes with lots of people working on them all while trying to share a spreadsheet. I think that’s where power apps can really initially come into an organization and solve some problems is when they get all these mishmosh of spreadsheets and get them on a platform that’s actually designed for managing this kind of activity. IT doesn’t have to get involved, but they still got the governance, which is what I think scares IT, departments for example, going off and solving their own problems.

    They just sign up for some cloud APP somewhere. Who knows what it’s doing, what’s happening to the data. This gives them the ability to kind of accomplish that same goal, but with a platform that has full, you know, IT governance capabilities. That’ll be the key is whether or not IT will be comfortable enough with a platform that they do have governance over to let their kind of users, run free a little bit and solve their own problems.

    Mary Jo Foley:                 13:15                   So I know you work for a Microsoft gold, I think it’s a gold certified partner. Do you think this is something customers could do without a partner or do you think at least at the beginning, people need a partner to even start pulling off a power app type project?

    Steve Mordue:                13:33                   You know, I think it’s like a swimming pool, right? I mean, certainly, in the shallow end of the pool, customers should be able to do their own builds quite a bit. I wrote a post while back about that first mile, you know that your customers can definitely get themselves a lot farther down the path without bringing a developer on and for many needs that could be completely solved without having to engage a partner or developer.

    What’ll happen is you’ll see and you see this today where somebody at a department identifies a need. They jump out here, build themselves a power app to solve that need and suddenly more people in the organization start using it. Then it becomes mission critical and people want you have more things.

    That’s a typical time they may want to bring in somebody who knows how to lock down security and do other things like that that they might need to do with it. But it kind of circled back to what I said earlier. I think we’re going to see lots of apps built that never would have been built otherwise because was it not for that person’s ability to go make something and get people using it. It never would have happened at all. So ultimately I think it’s going to lead to at some stage probably having to bring in a professional level of development to tidy that up, make it even more valuable.

    Mary Jo Foley:                 14:53                   Okay. That’s great. So you at the beginning of this chat mentioned CDS just in passing. So CDS for our listeners who don’t know is this thing Microsoft has called common data service. I know you wrote a post recently CDS explained for normal people, but could you explain on here in lay person’s terms what the heck is CDS? It’s kind of a, an unwieldy topic I feel like.

    Steve Mordue:                15:22                   Yeah, it is. It’s gotten a lot of attention I think. For the typical users out there, it’s one of those things that they can, they can pretty much ignore. It has allowed, the things that they’re using to be able to kind of natively talk to one another in a way that we’d never had before, in a way that other platforms have struggle with as well.

    Microsoft particularly on the business application side, at a legacy of a CRM application, ERP applications, lots of these different applications. Many of them they got through acquisition, so they were built on different platforms and they never really talked to one another. I think this whole idea of CDS, it’s funny because I think customers over the years probably assumed something like CDS was in play and that all of this data we’re working on with all this different stuff is all going into one place.

    Steve Mordue:                16:18                   But it never really was. It was going a lot to different places and then kind of being linked or pushed back and forth. So CDS really is this idea that there’s a database for everything. A single database that your customer engagement is working with your ERP system, is working with Outlook, is pushing information into Flows and pushing and pulling information from it.

    All this stuff’s happening in this common data service. I think while it doesn’t sound so revolutionary probably to customers, it’s actually a pretty revolutionary, not just for Microsoft but for the industry as a whole. This was actually one of those things where I think it was an opportunity.

    They started down a path with CDS on a different platform. During some meeting somewhere, somebody said, you know what, let’s take a step back and go with this other platform that is going to be much more amenable to a common data service infrastructure and that was the old XRM platform that ran under CRM. And you know, just another one of those links got tied together and everything really talks to CDS. It’s almost like inside of Microsoft if you’re building something at better talk CDS or stop building it.

    Mary Jo Foley:                 17:39                   Interesting. So you mentioned XRM and so I was going to ask you about what I think is XRM 2.0, which is the common data model. I believe. Not to get too deep in the alphabet soup here, but we have CDS and we have CDM, right?

    And CDM seems to still be around and it seems to also be the heart of what Microsoft announced at Ignite with relatively few details, the open data initiative, where they talked about Microsoft, Adobe and SAP all coming together and having this common data model that would let users have a single view of customer data and be in control of that customer data. I’m wondering if you can explain to me and the other listeners, CDM and its relationship to CDS and what it means to the Power Platform.

    Steve Mordue:                18:29                   Yeah, I think CDs is the bottom of the stack, right? That’s the database that everything ultimately sits in. A CDM is the data model that sits on top of that. And CDM is pretty amorphous. There are lots of different ways to approach the data model. Obviously, if you install something like Dynamics 365 Enterprise Sales, you get a common data model, installed on top of the CDS and includes all of those sales related entities. I kind of look at it as almost like an interpreter.

    What is a contact? What is the first name? What is this that the other sits in the CDM, but the actual value of that sits in the CDS. So a couple of different directions that Microsoft has gone with this, again, opportunistic is, built some accelerators which are essentially common data models that you can install on top of your CDS. This would do things like there’s a healthcare accelerator for example.

    Steve Mordue:                19:33                   that will automatically add all of the entities and attributes necessary around healthcare business. The open data initiative is kind of a further extension of that is. Everybody in business applications, all different business applications out there have a concept of an account, right? The companies that people do business with.

    But what one company might call an account address might be different than what a different, another company calls the account address. So the idea of open data initiative is really, let’s see if we can get, frankly, some pretty big players to all agree on what do we call that account’s address. And if they can get to that point where they’ve got consensus, almost like a standardized model of what these entities and attributes are across these different companies, that just makes things so much easier for everybody, that we eliminate a lot of mapping of data,

    Steve Mordue:                20:35                   over here, it’s called this over there, it’s called that. And instead, let’s all just agree to call it the same thing and we’ll use the same thing. And of course, they’re starting with a couple of their big important partners, with plans to try and expand that. There’s only a couple of different players out there that could even offer that kind of a data store that’s expandable like that.

    I think Microsoft is thinking, let’s become the standard. You know, that’s because I can imagine some of those meetings with SAP and Adobe and Microsoft all arguing over who’s going to call what, what, you know, but eventually they get consensus on that and that gets traction and then bringing other people on board. It will be a pretty easy process here. Just use this data model.

    Steve Mordue:                21:24                   it’s great for ISVs you know. I mean ISVs today have always, kind of created their own custom date to everything. You know what I mean? Every healthcare ISV out there has a stone, entity for a patient with its own attributes. And part of the idea of these accelerators is here, let’s just give you all those things. You can build your own logic, build your own solution. But you know, at the data model, there’s no value of data model. Just use this one and then you’ll be using the same one as everybody else.

    Mary Jo Foley:                 21:55                   It’s funny you bring up ISVs. That’s what I was just going to ask you about because some readers have asked me, okay, this is great. They’re thinking about how to make all these terms common and have a common actual database for all these entities. But what about Oracle? And what about Salesforce? You know, kind of two companies that are really key to a lot of these kinds of scenarios the customers might have, but will they ever be part of this? Will they ever agree to also buy into this common data model? I can’t see it, but what do you think?

    Steve Mordue:                22:27                   Yeah, I think it depends on where it goes, right? I mean, you can stand on the sidelines with your arms crossed and say, I’m not going to play until everybody else has played. And then you kind of have no choice. I don’t know that it’ll get there, but maybe it does. Maybe it doesn’t. I don’t know that it’s a grand design of Microsoft to get that reward of those companies on here.

    I think right now they’re kind of head down and let’s prove the model now. They’ve got obviously a relationship with SAP and Adobe, to be able to work cooperatively to get there. If they get something that’s appealing, well then the thing that pulls companies is always customers. You get customers start saying, hey, we’re using Adobe and we were using this data model and we want you to conform to this cause it’s easier for us.

    Steve Mordue:                23:18                   And then they start pulling the other vendors over. You know, Microsoft has already got some, hey you could wait on Salesforce to come around and play. You could wait on Google to come around and play or you could just go out there and do it from your side. So we’ve already got in as part of the Power Platform. You know, there’s some 250 some odd connectors that Microsoft has published, many of which they built to get that started.

    Now they’re being taken over by the providers that allow, you, a citizen to be able to go in there and build a little app and say, you know what? I think I wanted to have some data from my Salesforce deployment in here. Maybe customer or account records or something like that. But I can use a connector in there where they can connect to their salesforce for instance, and pull that data into some power apps they’re building.

    So it’s kind of interesting, the Dynamics 365 products, the first party products have always competed with Salesforce. But the Power Platform, those dynamics products are one of many options. Obviously you can build a lot using those, but they really did open this thing up. I mean, I could build a complete power after day running on nothing to Salesforce data if I wanted to and I didn’t need salesforce to participate in that.

    Mary Jo Foley:                 24:41                   Yeah, that’s a good point. Very good point. For people who are listening and they’re thinking, okay, this all sounds kind of intriguing, but how do I even get started and why should I bother learning about the power platform? So I’m asking you a little bit about the how and the why for people who may not be typical, you know, dynamics customers or developers. Why do you think those kinds of people should care about this and how can they actually start getting their feet wet in the best way?

    Steve Mordue:                25:13                   You know, cause they don’t have any problems, so they are not going to care.

    Mary Jo Foley:                 25:16                   Is there anyone with no problems?

    Steve Mordue:                25:20                   The only people that go looking for solutions or people that have problems.

    Mary Jo Foley:                 25:23                   It’s true.

    Steve Mordue:                25:25                   Every business, every department, has some problem or some nuisance or some routine that they’re having to do every morning they got to go do this, this thing or some just annoyance. A lot of it just starts with that annoyance. And I think probably the easiest place for people to start with a Power Platform is probably Flow. Flow is similar to some other things out there like Zapier or If This, Then That. But it’s, it’s kind of baked into the Microsoft ecosystem. So if they’re Office 365 users, they’ve already got access.

    If they’re not, they can go sign up and get access. Flow is probably the simplest tool for people to get quick value out of because again, 250 different things I could connect, you know, one of those 250 things to another of those 250 things and start doing some stuff in an automated way. And that one, I think the easiest for people to understand and the quickest for them to get some value out of this Flow. That would be my recommendation folks would be to start with Flow.

    Mary Jo Foley:                 26:33                   Okay. That’s good. So Steve, thank you so much for coming on the chat today. That was really great helping to explain to our listeners and to me about Microsoft’s Power Platform. So we’ll be back again in a couple of weeks with our next guests.

    Make sure to watch for that. I will post who it is in the forums on and then once you see who it is, send in your questions in the MJFChat forum area. Also for this chat, look for an audio recording and the transcript of this and all of our chats on and in the forms. Thank you again very much, Steve. I enjoyed it to talk to you soon. Thank you.


    • This reply was modified 10 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 10 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 10 months, 1 week ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: New Job so limited usage #616315

    Thanks for the heads up, good luck!

    Brad Sams
    Brad Sams
    in reply to: I also have a new job #616314

    You can try to leave but I will make sure you always come back…hopefully.

    Brad Sams
    Brad Sams

    You can find the audio version of this conversation, here.

    Mary Jo Foley: 00:04 Hi, you’re listening to Petri’s MJFChat show. I am your Community Magnate. My name is Mary Jo Foley and I’m here to ask industry experts about various topics that you, our readers, want to know about. Today’s MJFChat is all about Microsoft’s coming Windows Virtual Desktop service called WVD for short. And my guest today is Vadim Vladimirskiy who is the CEO of IT management and automation vendor, Nerdio. Thanks so much for joining us, Vadim.

    V. Vladimirskiy: 00:40 It’s great to be here. Thanks for having me.

    Mary Jo Foley: 00:43 You’re welcome. So, first I’m gonna start with a little background. WVD in case you haven’t heard of it is a new service, Microsoft is going to be rolling out later this year. It’s designed to allow users to virtualize Windows 7 and 10, Office 365 pro plus apps and other third party applications by running them remotely in Azure virtual machines.

    Just last week Microsoft released, its awaited public preview of WVD and Nerdio was part of the private preview testing group for this service. So Vadim, let’s just dig right in here. If someone asks you, what is WVD how would you explain it in just a sentence or two? Like your elevator pitch for WVD?

    V. Vladimirskiy: 01:30 Sure. So I would say in the simplest sense, WVD is a set of technologies from Microsoft that enable both IT pros and IT service providers to deploy virtual desktops in Azure with great end user experience.

    Mary Jo Foley: 01:47 That’s good. I’m curious, what is Nerdio’s interest in WVD – why did you want to be in the private preview?

    V. Vladimirskiy: 01:58 So Nerdio has really been in the desktop virtualization space for a very long time. I mean, you know, well over a decade and we are kind of a recognized leader in that space. We were first, deploying virtual desktops as a service provider for many years using both remote desktop services, initially terminal server technology, then eventually various VDI technologies.

    Then more recently, we’ve become an ISV that helps manage service providers and IT pros deploy Azure based environments with our software. So we’ve really been very deep and involved with desktop virtualization for a long time. So when Microsoft announced, RDmi first and then Windows Virtual Desktop later, you know, being part of that initial group of companies that helped them test and vet the solution was very important for us and, and we, you know, we enjoyed participating in that process.

    Mary Jo Foley: 02:59 Wow. You’ve been there since terminal services – you’ve been around.

    V. Vladimirskiy: 03:03 Absolutely. Well, I think, we started offering our services with Terminal Server 2003.
    Mary Jo Foley: 03:08 Wow. Okay. Also I wanted to ask you to define for some of our listeners who might not be in the channel or know about channel terminology. What is an MSP? You mentioned MSP.

    V. Vladimirskiy: 03:21 So an MSP which, which stands for a Managed Services Provider, refers to an IT services company that typically services SMB and mid-market organizations and provides them with a wide array of technology services.

    You know, things like a technology implementation maybe help desk – ongoing IT monitoring and management, virtual CIO services, sometimes staffing and you know, many other services. I think the easiest way to think about an MSP as an outsourced IT department that has a wide range of expertise in many different technology areas.

    Mary Jo Foley: 03:59 Okay, that’s good. So today, if somebody wants to virtualize Windows and Office, what kind of hoops do they have to jump through? And then how has WVD to make this simpler, at least in theory?

    V. Vladimirskiy: 04:13 That’s a great question. So today if somebody wanted to virtualize Windows and Office, and, we’ll talk about doing so in Azure specifically or some kind of hosted environment. They would have quite a few things that they would need to check off and still end up with something that’s probably not as powerful as WVD. Specifically, you know, let’s start with licensing.

    So from a licensing perspective, today the easiest way to license a virtual desktop on a per user per month basis is through the RDS technology. Microsoft introduced a way of being able to do that with Windows 10 just recently about a year or so ago but most deployments of virtual desktops today use RDS. So there are some licensing limitations there. Also deploying RDS requires quite a bit of knowledge and has quite a bit of complexity that goes along with it because there’s a whole set of what they call infrastructure roles that have to be properly rolled out before users can start connecting to their desktop.

    V. Vladimirskiy: 05:20 So there’s, there’s a lot of complexity managing those roles, properly sizing the virtual machines, monitoring them, making sure they’re available. So quite a bit to do there. The next challenge with today’s methodology I would say comes around profile management. So in a typical virtual desktop environment, the most flexible ones are where users can, you know, be logged into one machine one day and another machine another day which means that their user state, their profile has to reside outside of those machines that they’re connecting to.

    And Microsoft as a called user profile discs. There are also technological roaming profiles and all of them have their quirks and limitations. So today that’s a significant challenge. There are lots of third-party tools that have helped bridge those gaps in RDS environments.

    V. Vladimirskiy: 06:17 And I would say the final thing would be the end user experience. You know, a user that’s going to be logging into a virtual desktop based on RDS and using Office, which is really the most commonly used application inside of a virtual desktop are going to be subject to some limitations. You know they may have issues with Outlook searching not being as fast as on a local desktop. They may have some limitations, um, you know, in terms of being able to cache outlook data on the local virtual desktop. So those sort of things are some of the bigger challenges with deploying virtual desktops in today’s environment. The great thing about WVD is it really addresses all of these challenges. It simplifies the licensing by making double WVD management service just be a right of a Windows 10 subscription. So anybody who owns a Windows 10 subscription, whether it be through Microsoft 365 or through just the direct Windows 10 enterprise subscription through something like a CSP program, they have the right to use WVD at really no additional charge. It really removes all of those licensing barriers.

    Mary Jo Foley: 07:24 So could I interrupt you for a minute? Do you have to be a Windows 10 Enterprise user or could you also be a pro user and do this?

    V. Vladimirskiy: 07:33 With WVD, you do have to be a Windows 10 Enterprise user.

    Mary Jo Foley: 07:37 Okay. But you don’t need software assurance, right?

    V. Vladimirskiy: 07:41 You do not. You do not. So some of the skews that include Windows 10 Enterprise would be things like Microsoft 365, E3 and E5 I believe Microsoft 365 Business includes Windows 10 Enterprise as well. And then there is a number of Windows-only skews that also include that product. So it needs to be a subscription to Windows 10 Enterprise specifically.

    Mary Jo Foley: 08:08 Okay. Yeah, every time I talk to people about virtualizing Windows desktops, licensing is always the first thing that comes up. And they’re like, wow, it’s such a headache. I can’t even figure out what I’m supposed to do right now.

    V. Vladimirskiy: 08:20 Absolutely. So, that’s going to be taking care, you know, the other thing around RDS, deployment complexity. So what Microsoft is doing is their packaging into WVD management service. They’re actually bringing all of those RDS rolls into that service. They’re going to be running it and managing it and making it available via Azure as a platform, as a service offering. So somebody, you know, that’s entitled to it can just go in and start using those services without having to deploy them on top of virtual machines, which is what they will have to do today.

    So that eliminates a lot of that complexity too. Then finally on the profile management and end-user experience side of things, because Microsoft is now acquired and integrated FSLogix profile management solution into WVD. A lot of those traditional, you know, tradeoffs that users had to make when using virtual desktops like index search are now a thing of the past because that’s going to be now natively supported. And, and one thing I want to mention that, you know, another significant improvement is with WVD users get the native Windows 10 operating system rather than a Windows Server 2016 or 2019 with the desktop experience, which looks like Windows 10. But under the hood it’s a little bit different. So it has some limitations, especially when it comes to OneDrive and On-Demand Files and some of the more advanced functionalities is limited.

    Mary Jo Foley: 09:50 Okay. So you, you just triggered a couple other questions that we’ve got from readers. One, one is from Brad Sams who’s the editor here at Petri and he, he was asking specifically about FSLogix and you know, when Microsoft bought them last year, they hinted that this would be part of WVD or involved with WVD, but he asked specifically what that technology will bring to WVD that people don’t have right now. And I think you touched on that a little bit. Could you talk a little more about that?

    V. Vladimirskiy: 10:21 Oh, certainly. Yeah, I think it’s a really key component and brings everything together really well. So you know, FSLogix it plays a really significant role in improving the end user experience. And I think the easiest way to think about it as a profile management solution that encapsulates the user profile. You need virtual disk file and then stores that file on the file server somewhere or eventually in Azure files maybe as well. And then when the user logs into a session host, right, which is their virtual desktop, and that could be a different session host every day, right?

    They could be logging into session host A today and session host B tomorrow. That profile gets mounted to that server in a way that the operating system is not even aware that that’s not a local profile. So what this allows is for things like OneDrive, which currently, you know, it doesn’t like to run when it can tell that it’s running across a network. But with FSLogix, OneDrive will run very natively and files can be synchronized easily. It enables things like searching in Outlook, you know, where you get that instant index search. That’s not really possible today natively. You can have things like Outlook cache mode, so it really brings parody to the user functionality between a physical desktop running Windows 10 and a virtual desktop running Windows 10.

    Mary Jo Foley: 11:43 Okay. That’s good. You also did mention RDS – Remote Desktop Services. I was a little bit confused when Microsoft announced WVD if RDS was going to continue as a standalone product or if the only way people will be able to do RDS now is through WVD.

    V. Vladimirskiy: 12:03 So, I think RDS is going to continue with this part of Windows Server 2019. And I think there’s still going to be room for it. I think it’s a well-understood market tested mature technology that’s been around for a very, very long time. And there are lots of RDS deployments out there already and people are familiar with it. It’s also the technology that those who want to deploy virtual desktops on-premises or in the hybrid cloud type of a scenario will be forced to use because WVD is really an Azure only solution at this point.

    Also for those that want to have complete control of not just the desktops themselves but also the control plane and the management service with RDS, they’ll be able to continue doing that.

    Mary Jo Foley: 12:51 Okay.

    V. Vladimirskiy: 12:53 Now I think one thing that’s going to make RDS be less and less relevant is, you know, at least in our experience, the most popular application that runs in the virtual desktop is Microsoft Office. And most people are obviously going towards Office 365 for licensing that.

    So that has the Office Pro Plus product and Microsoft announced in version 2019, of the, the server operating system support for Pro Plus is going to be dropped or it has been dropped, which means that if you’re running RDS on any of the subsequent versions of Windows Server beyond 2016, the most popular application, which is Office Pro Plus is not going to be a supported deployment. So I think as a result of that, there’s going to be a pretty significant shift towards WVD and the Windows 10 operating system.

    Mary Jo Foley: 13:39 Okay. That’s great. Good to know. So one reader, mattchatblog on Petri said, does WVD require Azure Active Directory services exclusively? He said we tried to enable it, but we couldn’t because we only use AD, Active Directory. Will it support AAD accounts by the time it’s generally available?

    V. Vladimirskiy: 14:07 That’s a great question. So in order to deploy WVD you actually need both. You need Azure Active Directory and you need Active Directory Directory Services.

    V. Vladimirskiy: 14:26 So the Azure Active Directory piece is going to house the user objects. That’s where the user authentication information username and password is going to live. And you do need an Azure Active Directory tenant, which is tied to a WVD tenant in order for it to work. But the session hosts themselves, the desktop virtual machines are going to need to be joined to a domain which is using Active Directory Directory Services and it’s not sufficient to have them Azure AD joined only. I don’t believe there are any plans to remove that requirement.

    Certainly, I haven’t heard for GA purposes that that’s going to be removed. So right now you need both. You need Azure AD for the user accounts and you need Active Directory Directory Services for the session host to join. And this Active Directory Directory Services can either be the traditional active directory that’s running on a Windows Server or it also supports the Azure ADDSdeployment, which is sort of another way of running Active Directory in Azure independent or connected to Azure AD. You know, there’s some confusing terminology but those are separate products.

    Mary Jo Foley: 15:38 Yup. It’s very confusing to me especially. I’m curious what you think about the idea of people who are looking at WVD as a way to keep running their Windows 7 apps after Microsoft no longer supports Windows 7 in January 2020. Do you think that’s a good strategy? Is this one of the reasons people should look at WVD or is it like, yeah, if you can do it but not the best idea?

    V. Vladimirskiy: 16:08 Well, you know, I think it depends on the use case. This is something that’s likely going to be leveraged by larger organizations that have like a significant investment in some sort of an application that for whatever reason they’re unable to modernize and get it to work in Windows 10, right?

    So in that scenario they’ll likely just want to lift and shift that environment and put it in Azure and get the extended support and be able to run it through WVD. The challenge, you know, that I see with that strategy, sort of at scale, for the rest of the market does that, you know, Windows 7 is not a multi-session operating system. So you basically going to end up having to assign each user a dedicated virtual machine, which tends to get expensive. With WVD natively using the Windows 10 multi-session operating system. One of the big advantages is now you can have multiple users leveraging the same VM, same infrastructure, which really drives the costs down.

    Mary Jo Foley: 17:05 Right. I was going to ask you about the multi-session Windows 10 feature and it’s funny this, this product has so many different piece parts to it. It’s not just RDS, it’s not just a virtualization strategy. It’s also got multi-session Windows 10. And I’m curious if you think if that is a big seller or if that will be a big driver for a WVD?

    V. Vladimirskiy: 17:28 In my opinion, that’s huge, right, I really think that’s the core of what makes WVD something unique and special. So what Windows 10 Enterprise multi-session enables you to do is to have a consistent user experience both on remote desktops, virtual desktops running in Azure and on local desktops using the same operating system that users are used to have on both. Now it allows for more cost-efficient use of Azure compute resources by combining multiple users onto the same virtual machine.

    And therefore you can increase the per user, or the user per CPU density compared to running one-to-one, you know, a virtual machine per user and make the cost of desktop infrastructure and Azure very appealing. Especially if you use some of the technologies that Nerdio has around auto-scaling and, and scaling out, scaling in based on user demand. You can drive the cost of compute down tremendously even relatively to doing anything on-premise and especially given the fact that the license piece of it is included with Windows already.

    So you get the licensing piece at no additional charge and then the cost of infrastructure by having multiple people on the same virtual machine having the same user experience at a very, very low per user cost. I think is what brings this whole thing together and makes it very unique and exciting from the market.

    Mary Jo Foley: 19:01 Another Petri reader, bluvg asked about MFA support. He said, ‘are they building MFA support into the RDP client itself? For example, there’s no UI showing it’s awaiting an MFA response and no selection screen to pick a different MFA option.’ What can you tell us about that?

    V. Vladimirskiy: 19:23 So, that’s another one of these really useful things in Windows Virtual Desktop. And, it’s really a byproduct. I mean, obviously, it’s by design, but it’s a byproduct of WVD being natively integrated with Azure Active Directory, right? An Azure Active Directory has this functionality around multifactor authentication and conditional access things that many organizations already use today with their Office 365 deployments, right?

    So if you log in from an unknown computer to your Office 365 to Outlook, you know, whatever product you’re using, if you have multi-factor enabled, it’s going to send you a code or ask you to authenticate through an APP. And what WVD does is it leverages that same authentication mechanism for a virtual desktop. And the way it looks to the end user is there is a new remote desktop client app that they download and install on their computer. They open it up and then they do what’s called a subscriber.

    V. Vladimirskiy: 20:20 They click a button to subscribe to their WVD, you know, feed or their desktops. And that’s when the Azure ID authentication process happens. So they type in their username and password. Then, if there is a second-factor challenge, they go ahead and they go through that process. And, then once they’re subscribed, then they can see their desktops and they can double click and launch them. But it absolutely does support it.

    And I know a lot of our partner’s customers have been asking for native integration with Azure AD and multi-factor and conditional access policy support and they’re excited to see it with a Windows Virtual Desktop.

    Mary Jo Foley: 20:59 Okay, great. So I was kind of curious about Citrix specifically now that Microsoft’s doing WVD. Citrix is a long-time Microsoft virtualization partner. I know they’ve publicly said that they’re going to be integrating their services in with WVD and having a new offering based on it when it’s generally available. But I always have my readers ask me, ‘do we really still need Citrix – is Microsoft now providing all the parts and we don’t really need them anymore?’ What do you think the role of partners and specifically Citrix, if you can talk to that will be with WVD?

    V. Vladimirskiy: 21:38 Sure. And, I’ll be happy to give you my opinion on it. I think as you’ve pointed out, with every evolution of RDS, Microsoft has released many features that Citrix that used to be a must for those features. And then as time went on, I think Citrix feature set is really appealing and useful for large and complex deployments that require special things like maybe the HDX protocol, maybe NetScaler other advanced functionality that are not yet in the RDS or the WVD product.

    But, you know, in my opinion, just from experience with the partners and customers we work with, for the vast majority of deployments, I think WVD by itself is going to be more than sufficient. It already has some of that automation and management services built into it. And the RDP protocol is, is great, and maybe sufficient for the vast majority of deployments. So I do think there is room for Citrix. Citrix’s stack of products for large complex deployments, but I think for the vast majority of the smaller, more straight forward ones, it’s probably not necessary. And, you know, people can save the cost of Citrix licensing.

    V. Vladimirskiy: 22:57 Now, you mentioned, you asked the question about partners and the role partners play in WVD and people ask us that a lot. Because what Nerdio ultimately is, it’s an automation tool that helps Manage Services Providers deploy virtual desktop-centric environment in Azure. Like that’s kind of what we do.

    And people say, ‘Hey, we’re WVD, do we not need Nerdio anymore?’ And, the answer is that with WVD as I mentioned, it’s a set of technologies. They still need to be deployed and managed and automated. And both we and Citrix and other partners in the ecosystem are going to be building automation and management tools around the WVD core technologies, making them available to IT professionals and MSPs to then be able to go and leverage those WVD services that Microsoft is going to be releasing later this year.

    Mary Jo Foley: 23:55 That’s good. Good to know. So any last words that you’d offer to people either like hidden features or your opinion of how the product’s evolving so far? How does it look? Um, just anything you think our listeners might want to know about before we sign off?

    V. Vladimirskiy: 24:13 I can’t really think of anything at this point. We’ve covered a lot of really great questions from your audience. Very insightful – You know, we’re all very excited and been working on this for quite a long time and happy to be able to speak about it in public forums and help our partners and customers really understand what WVD is and how it affects them – how they can price it and use it once it comes out into general availability.

    Mary Jo Foley: 24:41 Great. Well thank you so much for coming on the chat today and helping to explain to our listeners more about WVD. I think it’s going to be a really big focus for Microsoft this year, as well as for its partners and customers as you said. Thank you to everyone who’s listening to this MJFChat.

    Mary Jo Foley: 25:02 Also, we’ll be back again in a couple of weeks with our next guest, so make sure to watch for that. And when I post who it is – in the forums, send in your questions using the MJFChat forum area. Look there too for an audio recording of this chat and transcript as well for this and all of our chats. We’re going to have all of those available in the forums. So thank you very much.

    • This reply was modified 10 months, 3 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams

    Working on this, the URLS got a bit botched when we migrated.

    Brad Sams
    Brad Sams

    What is the impact of fslogix acquisition with Windows Virtual Desktop?

    Brad Sams
    Brad Sams

    Got the text cleaned up a bit further.

    Brad Sams
    Brad Sams

    Audio playback can be found here.

    Mary Jo Foley: 00:05                              Hi, you’re listening to Petri’s MJFChat show your Community Magnate. That’s me, Mary Jo Foley, is here to ask industry experts about various topics that you, our readers want to know about. So today’s MJFChat is all about why it’s not too early for you to start learning about Microsoft’s mixed reality apps. And my guest today is Lorraine Bardeen, who is the Microsoft General Manager of Dynamics 365 mixed reality apps. Welcome Lorraine. Thank you so much for joining us.

    Lorraine Bardeen: 00:42                        Thank you so much.

    Mary Jo Foley: 00:44                              So we’re going to go right in here. I’m going to talk about, what we’ve learned recently about HoloLens 2, and ask you a few things around that, specifically about the apps. A couple of weeks ago, Microsoft announced its second generation HoloLens device. But to me the real stars of that show where the new Azure services and the Dynamics 365 mixed reality apps, some people think that mixed reality is so far away from being usable in the real world reality that they don’t really need to start learning about it yet. But is this really true? I think smart IT Pros need to start figuring this out today and it’s not too early for them to be trying it out and learning about this technology. So that’s what we’re going to discuss. So before we get into that, Lorraine, I wanted to do a quick level set for people who might not be as familiar with mixed reality at Microsoft as I am. I remember when I saw the first prototype of HoloLens 1, I think it was back in 2015, Microsoft was showing off both consumer and business apps for the device. But over the past couple of years, I feel like the focus has really shifted to business and especially in the mixed reality space from Microsoft.

    Mary Jo Foley: 01:58                               So I want to ask you why that has happened and why did Microsoft move mixed reality apps under dynamics, which is a CRM and ERP brand. I get this question a lot. So dig in.

    Lorraine Bardeen: 02:13                         Great. Thank you so much Mary Jo. So yeah, I remember that launch day like it was yesterday too. And you know, my team is full of application developers, creative folks, product managers, etc. And we love making things that people will use. And so on that launch day, you’re right, we showed off a lot of different applications to really expand how people would think and to give examples of what people could possibly do with the types of incredible new technology that the HoloLens represented. You saw all sorts of things, communication, collaboration, games, et cetera. And then we’ve spent every minute since that day learning and paying really, really close attention to the feedback we’re getting, certainly from developers and absolutely from companies.

    Lorraine Bardeen: 02:56                        We’ve had the opportunity to work with hundreds and hundreds of companies over that time. And, you know, the same thing has been coming back over and over. They’re so ready to get started, to your point in the question you raised, the IT department, the Innovation Department, the c-suite and the workers themselves are seeing real time, real term value because this heads-up, hands free capability that the HoloLens is brought to their workforce is solving problems right now. An example of the feedback that we received over the past few years that has really continued to shift our direction to where you see us now: we heard over and over, “hey, there’s nothing like this for providing real time remote expert assistance when someone is somewhere difficult to go, they don’t have the right expert on the ground. And this technology enables us to bring an expert from anywhere in the world and not only see through someone else’s eyes but draw right into their world.”

    Lorraine Bardeen: 03:54                         So that was one big cluster feedback that came back. And out of that we’ve delivered in APP to market called a Dynamic 365 Remote Assist. Oh, another cluster around, “hey, there’s nothing like this type of technology, the HoloLens, for enabling us to lay out a three-dimensional objects in space at real world size and scale and make the kind of decisions we always had to have a physical model to make before.” That was another whole cluster we’ve delivered, a product called Dynamics 365 layout into market also in October. Then there’s this whole area of feedback and innovation that’s been happening over the past couple of years and helping a first-line workforce. These are people who move around the real world, use their hands to do their jobs and can only use technology if it’s heads up and hands free while helping them learn, helping them upskill, reskill respond to the incredible changes across so many industries and for that challenge and opportunity, we’ve just recently announced a new product Dynamics 365 Guides, which is in public preview now.

    We can talk more about those products, but overall, the answer to your question is over these multiple years, we paid attention to what customers are looking for and they’re looking for not only the ability to get started right away, but frankly most of them want out of the box value. So as they develop their own ideas, their own applications, they start to use mixed reality services you’ve talked about to build their own specialized apps. Meanwhile, they want to be using this product right away. And so they’re really looking for apps that they can, they can spin up, start using day one and get value for their company. So that’s the focus as we’ve shifted it. Do you want me to switch into your second part of your question and talk about why Dynamics makes such a good home for these products?

    Mary Jo Foley: 05:37                              Definitely. Because like I said, I get that question all the time because people, when they think of Dynamics, they think of ERP and CRM and then you’re like, and there’s also this mixed reality part of it. Wait, what? You know.

    Lorraine Bardeen: 05:50                         Yeah, no, absolutely. It’s been such a good home for our applications and our team, frankly, over the past year and here’s how I think about it. So Dynamics 365 from Microsoft represents a very rapidly growing business application space. And this is a space that Microsoft has played a big part in for a long time. And then over the past couple of years we’ve been growing the Power Platform, which I know you, you’re quite an expert on. And the Power Platform includes things like Power BI for sort of a citizen developer ability to analyze data rapidly and then share across your whole organization.

    Lorraine Bardeen: 06:29                        It also includes Power Apps, which enables anyone to make applications and then includes the very powerful common data service. And I say all of this because there’s two main answers to your question about why we belong in Dynamics. One answer is this Power Platform itself. If you think about from an IT decision makers standpoint, if you’re going to deploy something like mixed reality into your organization, maybe you’re completely convinced that you’re going to see near term ROI in making this decision, but you’re still a little bit nervous about, wow, how am I going to hook this into all of my other IT infrastructure?

    Well, I really believe that part of the answer is in this Power Platform because all of our products either currently sit on top of and are integrated with CDS or they’re rapidly on their path.

    Lorraine Bardeen: 07:15                         And what that means is even if you don’t use it a Dynamics 365 product right now, and you don’t have currently have a plan to, as long as you’re using a common data schema that’s published to GitHub, that really helps to maneuver data into a way that’s useful across departments, then you can just integrate Remote Assist, Layout Guides, etc, right into your existing workflows and really treat these mixed reality applications as an extension of your other departmental apps, whether they’re created by Microsoft or not created by Microsoft.

    And so one example we’ve shown and that companies are using is because of the CDS integration, we show Dynamics 365 Remote Assist integrated on the front end with the field service application, which means that a field service engineer can get all their scheduling and routing, preparation, etc from the field service mobile app and then jump right into Remote Assist. All the relevant data transfers over work order etc, without having sort of any of these cliffs between apps. So that’s one major reason. Frankly, the power of the power of platform is such a good fit for applications.

    Lorraine Bardeen: 08:18                          And the second main reason is the way that the Dynamics 365 product group thinks about its offerings is very much from a company’s point of view. We think about what are the challenges and opportunities that a company has around its product development, around its operations, around the people, the talent that makeup that organization and around its customers.

    And you might’ve seen this, this digital feedback loop visually laid out, but that’s exactly how we think about delivering value through mixed reality applications, helping with product development, helping with customer service, helping with talent development, like first-line workers, helping with the challenges of operating in an increasingly complex environment.

    Lorraine Bardeen: 09:04                          So we had such a close alignment in perspective in approaches to serving customers and then frankly, being able to use the Power Platform to give a really seamless experience. Overall, those are the reasons that really resonated for me and it’s been such a good fit.

    Mary Jo Foley: 09:20                                  That’s the best explanation I’ve heard of the Power Platform. And the reason I laughed when you brought it up is I’ve been joking on Twitter with people that you guys need a Power Platform onesie for this HoloLens. Yeah, you bring up a really interesting point because I think when people, again, when they hear Dynamics, they think automatically like, oh, so I have to be a Dynamics user already to now use these mixed reality Apps, right? So I have to use Microsoft CRM or Microsoft ERP, but that’s not actually the case. Right? You don’t have to be using those.

    Lorraine Bardeen: 09:58                          No, absolutely not. And you know, if a company is ready to consider it, we’re always here and eager to help, but you absolutely do not. A lot of the Dynamics 365 portfolio of applications that you can just pick up and start using it in five minutes and just get a sense of the value to the organization. That includes all of the new artificial intelligence supported applications and includes all of the mixed reality applications as well. Plus many, many others. You know, for example, to use Power BI, which is part of the Power Platform, you don’t need to use any of the product either. What we’re all taking a shared commitment to using the common data schema as part of the common data model. And many of us are prioritizing use of the common data service throughout.

    Lorraine Bardeen: 10:43                          That is such a critical part. You know, just as a leader of a APP engineering team, I’ll tell you, as we moved into the group and I caught up, it had been a few months since I caught up on where we were with common data service. I was so delighted because I was able to really rapidly accelerate a number of our APP development plans. Things that we didn’t have to do because they’re already provided as part of the Power Platform. So that’s why I’m such a crazy advocate for it because it’s really helped me as an app developer inside of Microsoft.

    Mary Jo Foley: 11:16                              Oh wow. Interesting. Okay. So a couple of questions from Petri readers that kind of fit in here. One is from Greg Alto. He said, ”Why do I need mixed reality for an ERP solution versus mixed reality for a phone, tablet or laptop?” So again, I think he, like many, are thinking I need to start out with Dynamics 365 apps and instead of just taking a mixed reality APP and putting it on a phone, tablet or a laptop, again, that’s not the case.

    Lorraine Bardeen: 11:45                         Yeah, not the case. He might, I don’t know, I might be reading too much into what you said, but he also be asking, why would I need to use a HoloLens versus a phone? Do you think he’s asking that or not?

    Mary Jo Foley: 11:59                              Yeah. Well. So he, I think he may also be asking that as, as is another reader, factoryoptimizr who said, I’m wondering if Microsoft has plans to apply this technology, meaning your Dynamics 365 mixed reality apps, to non-HoloLens mobile devices like smartphones and tablets.

    Lorraine Bardeen: 12:19                          Gotcha. Okay. So I’ll wrap those two together. So one thing I would say is we, to a certain degree, we answered the question that it’s, it’s certainly not necessary to start with an ERP solution and there are certain scenarios where I think mixed reality is gonna play a huge part in ERP. I’ll give a few tantalizing suggestions and I’m sure you and I will be following up on over time. One of them is in warehouse management. You can just, you can easily see that as the first-line workers we’ve been serving with Remote Assist with Layout, now with Guides.

    There’s a huge amount of complexity in warehouse management and that is a core part of many ERP solutions. So that’s an area where I expect we’ll see more and more innovation. Then also just in enterprise asset management, that’s a core part of many ERP solutions and really understanding these complex high, high value assets and equipment and how they move through their product life cycle, including through repair and maintenance and all of that is something where mixed reality can play a big part.

    Lorraine Bardeen: 13:16                         So that’s one part of the question. And then talking about, phone, tablet, laptop, et cetera. Remote Assistant layout, which were in-market were released first for HoloLens. Guides is released for HoloLens and then all of these will be available on HoloLens 2 as soon as it starts shipping. That said, we also have been, like I said, listening, learning, paying close attention and collaborating with customers.

    There are definitely cases where a phone or a tablet could be quite helpful. Now the one thing I want to establish though is that the vast majority of our customers who are using our Dynamics 365 mixed reality applications are first-line workers. So, their companies or the decision makers and the first-line workers are the people who are using the devices, who are using HoloLens and using the apps.

    Lorraine Bardeen: 14:04                         And as a reminder, I remember I said heads up, hands free before that is a really critical part. So many of these jobs you have to hold tools or you have to push a cart or you have to be able to pick things up and put them down and it’s actually a hassle to be holding a phone and trying to figure out what to do with it. So many, many, many of these scenarios are heads up, hands free only, and you’ll find that they’re going to roll out entirely and dominantly using HoloLens and HoloLens 2.

    Now there are some cases though where we heard consistently that would be really valuable to have an option on mobile phone. And so we have now announced that we’re extending support or in some cases starting with mobile phone support for some scenarios. So two announcements a couple of weeks ago. One, we announced that we’re extending Remote Assist to mobile phones starting with Android.

    Lorraine Bardeen: 14:53                        And then following up later on with iOS. And starting with Android because our customer research and time with customers indicated that there are more for some workers who are using Android devices. Really quickly the scenario here is, you’re a field service worker or someone working in manufacturing and maybe there’s a inspection round that needs to happen frequently and the person who is certified to do that inspection can’t always be there onsite is easily or efficiently as they’d like. And so you can partner with them, collaborate with them to give them a view into the inspection that needs to happen. They can sign off on this spectrum remotely while you hold up the phone.

    They can see through the phone using Remote Assist, do some annotation, etc, and then move on and sign off. That said, if there’s any sort of complex repair that’s going to require tools and two hands, which many do, that’s when it’s time to switch to HoloLens.

    Lorraine Bardeen: 15:46                         So that’s one of the announcements we made and that’s a case where we think a mobile phone is the better solution. [Two,] we also announced a new product called Dynamics 365 Product Visualize. This is starting with a phone only and then we’ll expand over time. And this is available on iOS, phone and tablet. What Product Visualize enables you to do is share with your customer a full size, at scale 3-D view of a product that you can see in your space, maybe in a manufacturing floor, in a retail store, etc.

    And really use that to make a decision about the product, in a way that you couldn’t perhaps, from seeing the product on screen. And so we’re bringing that to a mobile first and then we’ll follow up with support for further end points.

    Mary Jo Foley: 16:32                               Okay. I was wondering if you were going to bring that to HoloLens at some point when you announced it a couple of weeks ago.

    Lorraine Bardeen: 16:37                          I think we will. We’re just listening and learning just like we have been with everything else, but I would absolutely expect we will.

    Mary Jo Foley: 16:43                                Okay. Now here’s, here’s a question. I don’t know if it’s too early to answer or not, but again, factoryoptimizr asks if Microsoft has any plans to componentize or open source, the remote support technology that you’ve demo-ed to make it available to more developers?

    Lorraine Bardeen: 17:01                          Yeah, this is a great question. So right now, so Remote Assist uses teams, to provide this sort of communication infrastructure and layer. And so we have a very close partnership with the Teams team, which I love saying. And work together to make sure that we can provide this product around the world, wherever people use HoloLens. And then, now Remote Assist phones. So in terms of componentizing, here’s what we’ve done so far.

    Lorraine Bardeen: 17:28                        Right now Remote Assist can be called from another application. If the person asking the question is building mixed reality applications, we have a pretty simple protocol that enables them to basically embed calling Remote Assist from their application. And that’s possible right now. But, I don’t think it’s what they’re really asking a fully componentized open source solution.

    We don’t have a plan to do that right now, but I will say another, another thing that we’re thinking through, you probably got the impression that I’m a big fan of power apps and so we’re really thinking through how can we collaborate closely with the team behind power apps and bring more and more functionality to that space over time.

    Mary Jo Foley: 18:11                              Okay. Yep. That makes a lot of sense. Given the dependencies well not dependencies, but you’re betting on the Power Platform, right? (Lorraine: Absolutely.) I saw a lot of examples, case studies, demos during the HoloLens 2 launch about here’s how people could use this, which I think is really useful because otherwise it’s pie in the sky stuff. But Tina asked in our forums, which companies Microsoft and the Dynamics 365 team are working with, who could share practical APP models for the rest of us.

    Lorraine Bardeen: 18:50                        Yeah. So I can answer the question as far as I’m interpreting it at least when she says practical APP models. I wonder if she’s curious about whether some of them are sort of extending or whether she’s curious about their extended workflows before and after the APP. But we can maybe answer that another time. So let me start, so Remote Assist and layout have both been in market since October. So we have many customers who are using those products both before we formally sort of jade them and after. So for example, Chevron’s a great example who has been using Remote Assist extensively around the world with many, many different engineers.

    Lorraine Bardeen: 19:34                         And Chevron is a core example of not only heads-up, hands-free is the only acceptable path. And we’ve heard stories about how they’ve tried to solve heads up, hands free in the past. It’s been very creative, I’ll tell you. But something that, something that they’re able to do much more effectively using a HoloLens and letting each engineer have access to HoloLens whenever they need one, so they can get help where they need it.

    And we’ve heard so many stories, like when you run a complex global operation, no matter what industry you’re in, it’s impossible to know where you’re going to need what help and you know, one of my favorite quotes about Remote Assist of all time is Ed Moore, the head of innovation at Chevron, who was behind the original analysis and now of course is deploying through the IT infrastructure. He says, I can put an engineer anywhere in the world in under a minute. And that’s the way he sees the product. And that’s a great, it really underlies why they’re investing so significantly moving forward so rapidly.

    Lorraine Bardeen: 20:32                         And that’s true for a lot of companies. You know another company that has been really instrumental in defining the product itself for layout is ZF, which is a German car parts manufacturer. They’ve been just incredible in helping us actually hone in on what are the highest value use cases for layout, a short-term, mid-term and long-term. Because if you think about Layout, it can do a lot.

    It enables you to bring in any and all 3-D objects in your company’s existence and lay them out in space and really decide what’s the best layout for manufacturing line, for a retail store, for a restaurant, shop, etc. What they’ve also helped us discover is some really specific use cases that are so simple, but so powerful. For example, just simply fit testing.

    Lorraine Bardeen: 21:26                         It turns out that in manufacturing floors there is a ton of fit testing that needs to be done every single day. Just to make sure that our people, you know, safety is usually the top priority for from a factory, that people can move through the space safely. That equipment can move to this space safely and vehicles in many cases. And, so, just doing a quick check, can we still fit what we need to fit through the space, while things have changed in the factory over the past 24 hours? Just that simple scenario alone was a really insightful for us.

    And, and ZF. It’s been a great partner and they’re also deploying Layout as well. And then Guides is our newest announced product. We have a very healthy set of preview customers who’ve been giving us a ton of feedback and this is one that I think might be interesting to your listeners over time that Guides is both being used by customers who are building their own Guides in house, companies who are building their own Guides in house and then deploying to their workers. But it’s also being used by curriculum providers and companies who deliver training to other companies.

    So for example, Crane Morley, which is a performance improvement firm. They’ve been using Guides to create mixed reality curriculum for Mercedes, for their technicians to learn how to service and maintain new models. And they’ve been very, very happy with the ability to use Guides there. In preview of course. There’s a number of different customers in preview who are, who are moving very quickly with Guides.

    Mary Jo Foley: 22:55                              Hmm. I saw, I think it was you who tweeted it. Somebody tweeted just kind of a funny example of Guides that with somebody repairing, how to repair a coffee machine in your office.

    Lorraine Bardeen: 23:05                         That’s exactly right.

    Mary Jo Foley: 23:07                               But you know what, I thought that actually is good for people to see because I think some of these things seem so lofty, you know, like Chevron and these kinds of companies, but then you’re like, wait, I could do something like that. I could put something up for my customers about here’s how you fix some piece of equipment and they could actually do it themselves.

    Lorraine Bardeen: 23:26                         You’re absolutely right. One of the preview customers had a hackathon where all the employees just came together and made Guides, tons and tons of different types of Guides. And, it’s fun. You know, people feel really creative. It’s like a lot like making a PowerPoint slide when you’re putting a guide together or sorry, a PowerPoint presentation. We really focused on making it as easy as possible to author. And so some other fun examples. One of the Preview customers, one of the energetic employees made a CPR guide.

    Rather than having to go and use a printed manual and then we’ve had employees take their HoloLens home and make cooking Guides. What happens a lot when you work at Microsoft as you become the extended IT support for everyone you’ve ever met. We’ve had a few people, make Guides on setting up a home network or you know, debugging your Wi-Fi. So it, it is an accessible product that I think people are having fun with. And I agree with you. It’s fun to see the results of that.

    Mary Jo Foley: 24:28                                Okay. Now I’ve got, this is probably the heaviest question we’ve got from one of our readers, but I understand where he’s coming from. This is Elle Sobrato and he said, I’m an architect who seen Microsoft reboot its UI technology over and over, burning early adopters. And he cites as examples, Silverlight, Win RT, weird UI, I don’t know what that one is, etc. Win RT, weird UI. I see what he’s saying – the UI for Win RT. Okay. He’s asking basically for guarantees, which I know it’s impossible to make, but he’s saying what commitments is your team making this time that you didn’t before to ensure that I’m not going to have to rewrite yet another Microsoft platform in two years or worse, for iOS and Android when their AR glasses enter the market.

    So I mean, you can’t guarantee somebody, hey, it’s never going to change. But I understand his point too. It’s like things have changed a lot in certain parts of Microsoft and it’s a big bet when you bet on something like mixed reality or HoloLens. So what, what kind of guarantees can you give him that you as Microsoft are dedicated to the platform?

    Lorraine Bardeen: 25:37                         Absolutely. So, I mean, first I would say the best guarantee is me and my team. I mean, we’re like him we’re APP developers. So I partner very, very closely with the team that makes both the hardware device and the operating system and tools layers. My team builds applications on top of those UI controls on top of that operating system on top of the UX guidance, etc. And so, you know, at our best, my team should be the strongest internal advocate for the person who asked that question. And for everyone else that you could possibly have. We’re doing everything we can to make sure that we both drive forward with as much innovation to serve customers and delight developers for sure as possible while maintaining that level of predictability and consistency that developers need to make a business frankly, and that customers need to trust to deploy into their operation.

    Lorraine Bardeen: 26:32                        So that’s our balance to strike is advocates for the broader developer community. And then specifically I think interesting thing for that person who asked the question to look forward to is as we really evolve and learn in this mixed reality space, I would expect we are going to continue to see changes in natural user interaction. There’s no way that that’s not going to continue to improve.

    And so this is something that we think about a lot. You know, we developed our applications for HoloLens using air tap and the gestures that were really, really solid and really, really strong for UI controls. And now that there’s more understanding of how hands move that’s built into HoloLens 2, we’re taking advantage of that and starting to develop some additional functionality for applications. So the way we see that is yes, we do have to shift a little bit how we think about the user interaction. But it’s a great opportunity to continue to make that more and more and more natural for our customers. And as we think, as long as we’re communicating really openly, as long as we’re making any sort of user interaction transition as seamless as possible, hopefully our customers will be the ones who benefit.

    Mary Jo Foley: 27:50                               Okay. Great. I have one final question for you before we wrap it up. When, when someone says to you, okay, I’m an IT Pro, I’m interested in this, what can I do now to start getting ready for mixed reality? What’s your elevator pitch for them?

    Lorraine Bardeen: 28:05                         Oh, of course. I would love them to try it hands on in the best way. Most people really, really learn. I would love them to get access to a HoloLens and  just try all the applications, ask questions, give feedback if it’s not working for them, but I’d love them to just get going. Now if they don’t have access to HoloLens for some reason and or they don’t think they will I’m really happy that we’re making some of this functionality available on mobile phones as well. So they can get started with Remote Assist if they have Android devices.

    Then get started with Product Visualize on iOS devices and we’ll keep an eye on where and how we should extend functionality more in the future. But the bottom line to me is this is a space where we’re moving into computing and that really understands and looks from the point of view of the person. The worker, the leader, etc. So the best way to decide is to try it yourself, to get it into operation to see if you’re, if you’re a business decision maker, if you’re saving money, empowering workers, improving quality in your operation, the results should speak for themselves. And that’s really the best way to get going.


    Mary Jo Foley: 29:18                              Hmm. Great. Well, thank you so much Lorraine for the great answers and useful dialogue on this topic and thank you to all our listeners too, for tuning in today to today’s MJFChat, which was all about Microsoft’s mixed reality for business strategy. We’ll be back again in a couple of weeks with our next guest, so make sure to watch for that. And when I post who it is, send in your questions using the MJFChat forum area. Look there too for the audio recording and the transcript of this and all our chats. Thank you very much.

    • This reply was modified 11 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 11 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 11 months, 1 week ago by Mary Jo Foley Mary Jo Foley.
    • This reply was modified 11 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 11 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 11 months, 1 week ago by Brad Sams Brad Sams.
    • This reply was modified 11 months, 1 week ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: How stable is Office 365? Can I trust the cloud? #615068

    Audio now available here.

    • This reply was modified 11 months, 3 weeks ago by Brad Sams Brad Sams.
    • This reply was modified 11 months, 3 weeks ago by Brad Sams Brad Sams.
    Brad Sams
    Brad Sams
    in reply to: ASKMJF Feature Coming Up Soon #614512

    Our first topic is going to be Office 365 stability with Tony Redmond…so it will span SMB-Enterprise.

Viewing 30 posts - 1 through 30 (of 37 total)