New computers: why get one now and what to look for | Windows Experience Blog

What with the huge growth in video calling and the fact many of us spend a lot more time using our tech devices to stay connected, entertained and educated, yesterday’s computers often just don’t do the trick anymore.
If you’re on the fence about whether now is the time to replace your computer and what features you should look for if you do, head over to the Windows Home and Family Resources Blog. There you’ll find three main reasons to upgrade, what processor to choose based on your needs and budget, the best drive for you and more.

3 Ways to Customize Your Windows Terminal – Windows Developer Blog

Windows Terminal is here! From the buzz of the announcement at Microsoft Build 2019 to the release of 1.0 at Build 2020, it’s generated excitement and interest from the dev community. Get started by downloading the Preview here.
As a refresher, Windows Terminal is a new, modern, fast, efficient, powerful, and productive terminal application for users of command-line tools and shells like Command Prompt, PowerShell, and WSL.
Its main features include multiple tabs, panes, Unicode and UTF-8 character support, a GPU accelerated text rendering engine, and the ability to create your own themes and customize text, colors, backgrounds, and shortcut key bindings.
Today, we’re digging into three ways to tailor the Terminal to your preference: colors, cursor, and tabs.

Windows Terminal includes the following named color schemes inside the defaults.json file, which can be accessed by holding alt and selecting the settings button.
Campbell
Campbell Powershell
Vintage
One Half Dark
One Half Light
Solarized Dark
Solarized Light
Tango Dark
Tango Light
This is what Vintage looks like:
To set up your scheme inside one of your command-line profiles, add the colorScheme property with the color scheme’s name as the value.
“colorScheme”: “COLOR SCHEME NAME”
Every setting, aside from name, accepts a color as a string in hex format: “#rgb” or “#rrggbb”. The cursorColor and selectionBackground settings are optional.
Dark and light theme are also available in the Terminal’s chrome.
Property name: theme
Necessity: Optional
Accepts: “system”, “dark”, “light”
Default value: “system”

Old school or modern, there’s a full set of cursor options for shape, color, and height.
Do you prefer horizontal or vertical? A line or a box? Just tell the Terminal.
This sets the cursor shape for the profile. The possible cursors are as follows: “bar” ( ┃ ), “vintage” ( ▃ ), “underscore” ( ▁ ), “filledBox” ( █ ), “emptyBox” ( ▯ )
Property name: cursorShape
Necessity: Optional
Accepts: “bar”, “vintage”, “underscore”, “filledBox”, “emptyBox”
Default value: “bar”
You can override cursorColor set in the color scheme if colorScheme is set. Color as a string in hex format: “#rgb” or “#rrggbb” are accepted.
cursorHeight sets the percentage height of the cursor starting from the bottom. This will only work when cursorShape is set to “vintage.” Integers from 25-100 are accepted.

You can easily rename and recolor tabs in Windows Terminal Preview. Just right click on a tab and select Rename Tab to rename a tab for that session. This option will change your tab title into a text field, where you can then edit the title.
Do the same to recolor your tab. Select from a predefined list of colors or click Custom to use the color picker or the RGB/HSV or hex fields. One cool tip is to use the hex field to set your tab to the same color as your background color for a seamless look.

To set the tab title for a profile for every terminal instance, check out the Tab title tutorial.
Monthly updates for Windows Terminal begin in July 2020. Don’t forget to download Windows Terminal Preview from the Microsoft Store or from the GitHub releases page. This is the channel where you can be involved with the development of Windows Terminal and use the latest features as soon as they are developed.

Why Linux containers on Windows is a big deal

Although it’s tempting to think that a container is just a container, there are key differences between Linux and Windows containers.

Windows has more strict requirements on image compatibility, particularly regarding the operating system. Some networking features on Docker on Linux are not available for Windows, and similarly for orchestration.

With these limitations, why would you want to run Linux containers on Windows? For one, containers allow you to be agnostic on the host system. Whether you’re running Linux or Windows on the host, and whether that’s in production or not, it won’t matter to the container. You can run Windows in the development environment, stage it in Linux and deploy to production on either system. By allowing your Windows hosts to run Linux or Windows containers, you keep the developers free to do their jobs without having to factor in variables, such as the host operating system.

Linux containers on Windows offers several advantages

The biggest benefit of this expanded functionality is Linux and Windows containers can run from the same Docker engine, which is a recent development. This feature lets you standardize your tool set across your environment, provide parity between production and nonproduction systems, and can collapse infrastructure costs by using one machine to host multiple types of containers.

Deploying Linux containers on Windows encourages you to build your applications as microservices using Windows or Linux containers. It’s encouraging to see a technology give users across the spectrum a way to choose the container they prefer for development. A key difference when using Windows Server containers is having access to certain technologies on the Windows platform, such as PowerShell. There are also benefits to using the .NET Framework with Windows containers.

Limitations of Linux containers on Windows

Not all Windows versions are supported, so your developers will need to be on the correct version of Microsoft’s operating system for Linux containers to work properly on their machines. In addition, if you’re running containers on premises, you’ll need to pay careful attention to which servers have the appropriate prerequisites and operating systems installed.

You can read more on the requirements for containers here.

What’s needed to run Linux containers on Windows

Before you can proceed with the instructions below, you’ll need:

  • a machine running Windows 10 Professional or Enterprise, or Windows Server 2019 version 1809 or later;
  • Hyper-V enabled; and
  • Docker Desktop 18.02 or later installed.

How to run a test container

To run your first Linux container on Windows, you’ll need to start by getting a Linux Docker image. For our purposes, we’ll use the “Hello World” example container. You can run this by executing the following command:

docker run --rm --platform linux busybox echo hello_world

This command pulls the image with the indicated platform via the –platform flag.

To run the image, enter the following command:

docker run --rm busybox echo hello_world

To view a list of your images, you can run the next command to see the image you’ve pulled:

docker images

Where do we go from here?

That’s all it takes to run Linux containers on Windows. Of course, there’s much more to learn with this type of virtualization, such as understanding how to manage clusters of Docker nodes and getting familiar with Kubernetes to automate the deployment and management of containers.

If you’re using Windows on your development team and your team prefers to use Linux containers, then this is all excellent news for you. You can continue with your operating system of choice but also participate in all the neat things used by your developers. Additionally, if you’re an operations expert trying to wade your way through the plethora of container deployment methods, you can rest easy knowing that you can implement all these container types from a Windows machine.

Go to Original Article
Author:

Check out ‘Simply Windows’ to find out how to get more organized using Microsoft Edge | Windows Experience Blog

The latest “Simply Windows” video is now available, focusing on tips for organizing your tabs in Microsoft Edge.
If you’re new to Windows 10 or want to learn more about how to get the most out of it, this video series can help you get up to speed. And as writers in the series have had to work from home, like many people, they’re sharing their remote experiences in these newer episodes and answering questions from viewers.

In episode 12, writer Maxx Ramos guides you through working with Microsoft Edge, specifically on using Collections to organize the many, many tabs you may have open on your browser. This way, you can quickly pull up the tabs according to those collections, which could align to shopping, research or any project. She also shows you how to quickly pick up where you left off with your tabs.
Find out more about “Simply Windows” and check out a playlist of previous shows. Windows Community also has videos on the new Microsoft Edge and managing favorites, if you want to know more about that.
And if you like this, check out other Windows 10 Tips.

Is SCCM in Azure right for your organization?

You’ve probably heard a lot of rumors about the inevitable demise of Microsoft System Center Configuration Manager, partly due to its on-premises origins.

A few years ago, this might have had some merit, but things have changed with several cloud options. We can both extend SCCM into Azure-based services (PaaS) or put the whole SCCM infrastructure in Azure (IaaS). The need to use cloud services, such as Microsoft Azure, has become more apparent after the sudden surge of people working remotely, adding strain to existing VPN infrastructures. Some traditional on-premises roles are giving way to the cloud service model for this scalability feature, and extending your SCCM environment into Azure is an excellent way to start experimenting with a hybrid approach.

Before the SCCM current branch update program, if you wanted to move your SCCM in Azure, you could only talk about moving the entire infrastructure to Azure. When Microsoft introduced the SCCM current branch, it updated the product to connect it to the cloud using back-end Azure services. Now, most organizations can pick and choose and switch some of the on-premises services with Azure-based ones. Organizations that want to use a cloud-only tool should consider using Intune, which is packaged with Configuration Manager in the Microsoft Endpoint Management product that was announced in November 2019.

Extending to the cloud essentially means you have a hybrid scenario, with some of your infrastructure on premises with other components in the cloud, to take advantage of the flexibility and other benefits when you move a workload out of your data center. There are three paths you can choose to combine the use of SCCM with Azure: Move update workloads from on premises to Microsoft Update, use the cloud management gateway (CMG) or move the SCCM infrastructure to Azure.

Option 1: Move update workloads from on premises to Microsoft Update

Moving software update binaries from internal servers to Microsoft Update is one of the most common scenarios many administrators have begun using due to the increase of remote work due to COVID-19 and the added stress to the VPN infrastructure. When you think about it, why would you want your internet-facing users to go into your infrastructure for updates when their systems get the same data from the cloud?

If you follow the method below, you still control which software updates to deploy through your SCCM infrastructure, but the binaries come from Microsoft Update. If the content is not found on a distribution point in SCCM, then the client will go to the cloud.

Prerequisite: Split tunneling for the VPN.

Configuration: To force clients to go to Microsoft Update, you need to:

  1. Find out which IP ranges cover your VPN clients.
  2. Create a boundary group in SCCM for the IP ranges. The IP ranges cannot be part of any other boundary groups.
  3. Create a distribution point that contains everything except software updates.
  4. Assign the distribution point to the boundary group.
  5. Go to the deployment settings of each software update deployment and any automatic deployment rules. Go to the Download Settings tab and select the checkbox next to where it says, If software updates are not available on a distribution point in current, neighbor or site boundary groups, download content from Microsoft Updates.”
SCCM download settings
When using Microsoft Update rather than the VPN to update clients, you need to adjust the download settings in SCCM.

Cost: The only additional charge may be setting up a new distribution point. There are no extra charges for using Microsoft Update.

Support: Moving software update workloads to Microsoft Update is fully supported and documented in this blog from Microsoft.

Drawbacks: There are a few risks involved with setting this such as:

  • Incorrect or missing configuration of split tunneling in the VPN will cause unintended behavior.
  • Overlapping boundaries might also cause unexpected behavior.
  • If the clients are on premises and content for the software updates are not found on internal distribution points, then they will go to Microsoft Update. You can prevent this by having multiple deployments, but it adds complexity to the setup.

Option 2: Cloud management gateway

The CMG is a cloud service that simplifies the management of your internet-facing clients by having them contact Azure services instead of going through the VPN. The CMG is a PaaS and requires no management of VMs in Azure.

You can use CMG both as a manage-out client management system as well as a content delivery service from the cloud. The service uses a standard A2 v2 VM. The full configuration of the CMG is done via the SCCM console.

As of SCCM 1810, Microsoft deprecated the cloud distribution point, which is now in the CMG offering.

Prerequisites:

  • An active Azure subscription
  • Service connection point in online mode (can be colocated with other SCCM roles)
  • Certificates for server authentication
  • CMG management points in HTTPS mode
  • Clients in IPv4 mode
  • Integration with Azure AD
  • A globally unique name

Configuration: The high-level plan to set up CGM is as follows:

  1. Verify prerequisites
  2. Add CGM in the SCCM console
  3. Configure primary site for client certificate authentication
  4. Add a CMG connection point
  5. Configure management point for HTTPS or enhanced HTTPS
  6. Create a boundary group for external clients
  7. Assign the CMG to the new Boundary Group

For more details on setting up the CMG, refer to the documentation on Microsoft’s site at this link.

Cost: CMG adds additional charges, including:

  • VMs, which depends on the number of CMGs deployed;
  • storage, where the cost depends on how much content you distribute; and
  • egress, how much outgoing traffic is used.

Johan Arwidmark, the technical fellow at 2Pint Software, has a great blog post on the type of costs you can expect when using CMG. If you would rather do this calculation, use the Azure Pricing Calculator here and the pricing details page for Azure bandwidth on this calculator page.

Since the release of SCCM 1902, you can limit the cost through the SCCM console.

To configure thresholds, you will need to set up outbound traffic alerts. Stopping the CMG will not remove all costs; removing the CMG is the only way to prevent additional fees.

Support: The CMG is one of the focus areas within client management at Microsoft, so expect that the feature will be improved in the future.

Drawbacks: Two distinct downsides to CMG use include additional costs and added complexity with HTTPS.

Option 3: Move the SCCM infrastructure to Azure

Moving the SCCM infrastructure is as it sounds: pushing the servers to Azure instead of hosting them on premises.

Prerequisites: Azure VPN Gateway and Azure ExpressRoute.

Configuration: When setting up SCCM in Azure, you follow the same setup in the cloud as you do for an on-premises environment.

Cost: The costs vary greatly depending on your license agreement.

Because ExpressRoute is the option that makes the most sense for this type of arrangement, if you wish to move all servers to Azure, refer to Microsoft’s ExpressRoute pricing site to determine which plan works best for your organization.

Once you determine which servers to move to Azure, you can then use the Azure Pricing Calculator to see what the cost is.

Support: Microsoft fully supports multiple SCCM in Azure configurations, such as Configuration Manager on an Azure VM or using an Azure VM to run different Configuration Manager site system roles with other roles running in the data center.

Drawbacks: If you want to move all SCCM servers to Microsoft Azure, you will need an unlimited data plan and a reliable connection between the on-premises data center and Microsoft Azure.

Also, an unlimited data plan only exists in Azure ExpressRoute, which can be expensive for some organizations. The lowest price for this type of plan is $300 per month for a 50 Mbps standard circuit connection. For a 1 Gbps plan, the monthly cost is $5,700 for the standard circuit and an additional $1,200 for the local circuit price.

What is supported in each scenario?

The following chart compares the areas supported in each of the three Configuration Manager configurations.

Feature Microsoft Update Cloud Management Gateway SCCM in Azure
Operating system deployment No Yes* Yes
Software updates Yes Yes Yes
Application deployment No Yes Yes
Compliance management No Yes Yes
Client management No Yes Yes
Driver management Yes** Yes** Yes

*Announced in Configuration Manager technical preview version in May 2005. The feature will most likely be added as a preproduction feature in the next version of Configuration Manager.
**New driver updates can be delivered through Microsoft Update.

How can I monitor where my content is coming from?

There are a few ways to do this, but two methods are to check the Cloud Management and Client Data Sources dashboards in SCCM, shown below, or check the log files on the client.

SCCM dashboard
The Client Data Sources dashboard in SCCM keeps track the source of client software updates.

Go to Original Article
Author:

Spending more time in the kitchen? 7 ways to make tech your chef’s assistant | Windows Experience Blog

Many of us are finding ourselves in the kitchen a lot more these days. If you’d like to focus that time on upping your gourmet game, check out the ways your tech devices can help you plan healthy and delicious meals, cook them like a pro, plan your shopping trips efficiently and more.
Read all about it on the Windows Home and Family Resources Blog – and bon appétit!

Now available: new State of Decay 2 Plunder Pack and Green Zone update | Windows Experience Blog

State of Decay 2 recently celebrated its two-year anniversary with new weapons, clothes, gameplay improvements and more. Now its fans can enjoy a new Plunder Pack and Green Zone updates.
The new Plunder Pack adds Sea of Thieves-themed weapons, outfits, hats and one seriously salty vehicle to the game. The Green Zone is a more relaxed, accessible apocalypse; where enemies do less damage, maintaining the community becomes easier due to cheaper crafting and more resources from scavenging and your Stamina lasts longer.
The update is available for all players, with State of Decay 2: Juggernaut Edition available with Xbox Game Pass, Xbox One, Windows 10 PC, Steam and the Epic Games Store. Get all the details over at Xbox Wire.

Microsoft Defender ATP taps into cloud for added protection

It’s a full-time job to defend a Windows shop from security breaches.

In fact, many organizations simply use an “assume breach” mentality regarding their current defense posture, meaning they constantly monitor and check for vulnerabilities in their environment. There are many products designed to defend the host against malicious attackers. Microsoft Defender Advanced Threat Protection (ATP) is the tech giant’s expansive threat protection platform.

Microsoft Defender ATP monitors endpoints for in-memory and kernel-based attacks. It also checks for potential system issues, such as vulnerable drivers. These features complement the more commonplace vulnerability scanning and malware detection techniques to find network exploitations, keylogging attempts and malicious scripts. Microsoft Defender ATP is the embedded interface that connects to the cloud-based Microsoft Defender Security Center.

The Microsoft Defender Security Center portal gives administrators the proverbial single pane of glass for management and control across the organization for many Windows Security features, including Windows Firewall, antivirus and performance monitors. Alerts reported by Microsoft Defender ATP can be dealt with manually or automatically based on certain criteria. To dig deeper into specific incidents, an analyst can access a timeline of real and historical data from a client or from a wide range of systems.

Microsoft continues to invest heavily in this endpoint security protection product to expand beyond the Windows OS. In fact, Microsoft Defender ATP used to be called Windows Defender ATP but underwent a name change now that it supports non-Microsoft OSes, such as Linux and macOS.

Dig deeper with Microsoft Defender ATP

A key feature of Microsoft Defender ATP is its post-breach forensics functionality to determine the proper remediation on endpoints.

Microsoft Defender ATP taps into the advanced analytic capabilities that come courtesy of the machine learning technology in the Microsoft Intelligent Security Graph, an overall security fabric that collects data from endpoints worldwide that is analyzed to determine the viability of an emerging threat.

Security teams are able to drill down and get a high level of detail to understand the full scope of a breach from attacks on endpoints. They can use behavioral analytics to watch the attack progress through your environment, as well as provide guidance on response. Below is an example of a timeline of an attack on a particular machine generated by Microsoft Defender ATP.

Microsoft Defender ATP alerts
Security teams can get granular details on the suspicious activity for a particular machine after Microsoft Defender ATP detects unusual activity.

How to use Microsoft Defender ATP automation levels

For some enterprises, Microsoft Defender ATP might manage several hundred or thousands of machines resulting in a plethora of alerts. To deal with this level of activity, the ATP service has an automated investigations feature, which uses inspection algorithms and playbooks to examine and remediate incidents. Each incident appears in an automated investigations list with details such as the current status and detection source.

Microsoft Defender ATP comes with automation levels including Not Protected, Semi and Full. The default action is for semiautomatic remediation, which requires approval from the user before any action is taken when the ATP service detects malicious activity. A complete breakdown of each of the automation levels is included in the table below.

Automation level Description
Not protected
  • No automated investigations on any machine.
Semi — any remediation
  • This is the default automation level.
  • ATP requires approval for any remediation action.
Semi — non-temp folders remediation
  • ATP requires approval on files or executables outside of any temporary folders.
  • Files or executables in temporary folders, such as the user’s download folder or the user’s temp folder, will automatically be remediated if needed.
Semi — core folders remediation
  • ATP requires approval on files or executables in the operating system directories such as the Windows folder and the Program Files folder.
  • ATP remediates files or executables in all other folders if needed.
Full
  • ATP performs all remediation actions automatically.

After determining the extent of the damage, additional steps can be taken to defend the network from further attack, such as blocking the malicious URL with the Windows Firewall and shoring up defenses by updating to the latest definition files, disabling macros and enabling backups of critical data.

Microsoft Defender ATP also integrates with the Office 365 platform to protect from threats that come via email.

Integration with Exploit Guard

Microsoft Defender also works with Windows Defender Exploit Guard, an optional add-on to ATP.  Exploit Guard provides more tools to mitigate exploits at runtime by giving enterprises more control on how code runs on their machines. It is similar to the technology it replaced, Microsoft EMET, by using intrusion prevention to stop attacks.

Exploit Guard joins with other technologies in the Microsoft ecosystem, such as Windows Defender SmartScreen. It dynamically blocks malicious websites based on the filters in SmartScreen, providing an extra layer of defense that is particularly useful for organizations that rely on a remote workforce.

Microsoft Defender ATP in action

One example of Microsoft Defender ATP’s capabilities and versatility is its security integration and event management (SIEM) integration for use with detecting certain attacks, such as the WannaCry ransomware, which encrypted files on vulnerable Windows machines.

Sigma is an open source project that creates a generic signature format for SIEM systems. Microsoft Defender ATP supports this multi-tool search engine language. Users who subscribe to Microsoft Defender ATP can test how to import Sigma files by downloading the WannaCry.yml file from the project’s GitHub site at this link.

Next, convert the yml file to a Sigma rule using the Python-based Sigmac tool at its GitHub site.

python sigmac — target mdatp .win_mal_wannacry.yml

The Microsoft Defender interface provides a way to copy and paste these converted files and save them as a query with a descriptive name, such as WannaCry.

Microsoft Defender ATP query
The advanced hunting section in Microsoft Defender ATP provides a way to perform an in-depth search using queries for specific attacks, such as WannaCry.

Microsoft Defender-saved queries can be converted into detection rules. These rules will run automatically every 24 hours.

If Microsoft Defender ATP detects WannaCry in the environment, it can determine if the threat has affected other machines on the network using the Microsoft Defender ATP Search. The search function works with a file hash, filename, malicious URL or IP addresses.

Go to Original Article
Author:

The Real Cost of Microsoft 365 Revealed

Estimating the real cost of a technology solution for a business can be challenging. There are obvious costs as well as many intangible costs that should be taken into account.

For on-premises solutions, people tend to include licensing and support maintenance contract costs, plus server hardware and virtualization licensing costs. For Software as a Service (SaaS) cloud solutions, it seems like it should be easier since there’s no hardware component, just the monthly cost per licensed user but this simplification can be misleading.

In this article we’re going to look at the complete picture of the cost of Microsoft 365 (formerly Office 365), how choices you as an administrator make can directly influence costs, and how you can help your business maximize the investment in OneDrive, SharePoint, Exchange Online and other services.

Office 365 & Microsoft 365

As covered in our recent blog there are naming changes afoot in the Office ecosystem. The personal Office 365 subscriptions have changed and are now called Microsoft 365 Family (up to six people) and Personal along with the Office 365 Business SKUs, that top out at 300 users, has also been renamed. The new SKUs are Microsoft 365 Business Basic, Apps, Standard, and Premium.

There’s no reason to believe that this name change won’t eventually extend to the Enterprise SKUs but until it does, from a licensing cost perspective it’s important to separate the two. Office 365 E1, E3 and E5 gives you the well-known “Office” applications, either web-based or on your device, along with SharePoint Online, Exchange Online and OneDrive for Business in the cloud backend.

Microsoft 365 F3, E3 and E5, on the other hand, includes everything from Microsoft 365 plus Azure Active Directory Premium features (identity security), Enterprise Mobility & Security (EMS) / Intune for Mobile Device Management (MDM) and Mobile Application Management (MAM) along with Windows 10 Enterprise.

Comparing M365 plans

Comparing M365 plans

So, a decision that needs to be looked at early when you’re looking to optimize your cloud spend is whether your business is under 300 users and likely to stay that way for the next few years. If that’s the case you should definitely look at the M365 Business SKUs as they may fulfill your business needs, especially as Microsoft recently added several security features from AAD Premium P1 to M365 Business.

If you’re close to 300, expecting to grow or already larger, you’re going to have to pick from the Enterprise offerings. The next question is then, what’s the business need – do you just need to replace your on-premises Exchange and SharePoint servers with the equivalent cloud-based offerings? Or is your business looking to manage corporate-issued mobile devices (smartphones and tablets) with MDM or protecting data on employee-owned devices? The latter is known as Bring Your Own Device (BYOD), sometimes called Bring Your Own Disaster. If you have those needs (and no other MDM in place today), the inclusion of Intune in M365 might be the clincher. If on the other hand you need to protect your on-premises Active Directory (AD) against attacks using Azure Advanced Threat Protection (AATP) or inspect, understand and manage your users’ cloud usage through Microsoft Cloud App Security (MCAS) you’ll also need M365 E5, rather than just O365.

Microsoft 365 Cloud app security dashboard

Cloud app security dashboard

The difference is substantial, outfitting 1000 users with O365 E3 will cost you $ 240,000 per year, whereas moving up to M365 E3 will cost you $ 384,000. And springing for the whole enchilada with every security feature available in M365 E5 will cost you $ 684,000, nearly 3X the cost of O365 E3. Thus, you need to know what your business needs and tailor the subscriptions accordingly (see below for picking individual services to match business requirements).

Note that if you’re in the education sector you have different options (O365 A1, A3, and A5 along with M365 A1, A3, and A5) that are roughly equivalent to the corresponding Enterprise offerings but less costly. And charities/not-for-profits have options as well for both O365 and M365. M365 Business Premium is free for up to 10 users for charities and $ 5 per month for additional users.

A la carte instead of bundles

There are two ways to optimize your subscription spend in O365 / M365. Firstly, you can mix licenses to suit the different roles of workers in your business. For instance, the sales staff in your retail chain stores are assigned O365 E1 licenses ($8 / month) because they only need web access to email and documents, the administrative staff in head office use O365 E3 ($20 / month) and the executive suite and other high-value personnel use the full security features in E5 ($35 / month). Substitute M365 F3, E3, and E5 in that example if you need the additional features in M365.

Secondly, you don’t have to use the bundles that are encapsulated in the E3, E5, etc. SKUs, and you can instead pick exactly the standalone services you need to meet your business needs. Maybe some users only need Exchange Online whereas other users only need Project Online. The breakdown of exactly what features are available across all the different plans and standalone services is beyond the scope of this article but the O365 and M365 service descriptions is the best place to start investigating.

Excerpt from the O365 Service Description

Excerpt from the O365 Service Description

And if you’re a larger business (500 users+) you’re not going to pay list prices and instead these licenses will probably be part of a larger, multi-year, enterprise agreement with substantial discounts.

If you hate change

If you want to stay on-premises Exchange Server 2019 is available (only runs on Windows Server 2019), as is SharePoint Server 2019 and you can even buy the “boxed” version of Office 2019 with Word, Excel, etc. with no links to the cloud whatsoever. This is an option that moves away from the monthly subscription cost of M365 (there’s no way to “buy” M365 outright) and back to the traditional way of buying software packages every 2-5 years. Be aware that these on-premises products do NOT offer the same rich features that O365 / M365 provides, whether it’s the super-tight integration between Exchange Online and SharePoint Online, cloud-only services like Microsoft Teams that builds on top the overall O365 fabric or AI-powered design suggestions in the O365 versions of Word or PowerPoint. There’s no doubt that Microsoft’s focus is on the cloud services, these are updated with new features on a daily basis, instead of every few years. If your business is looking to digitally transform, towards tech intensity (two recent buzzwords in IT with a kernel of truth in them) using on-premises servers and boxed software licensing is NOT going to get you there. But if you want to keep going like you always have, it’s an option.

And if you’re looking at this from a personal point of view, a free Microsoft account through Outlook.com does give you access to Office Online: Word, Excel, and PowerPoint in a browser. There’s even a free version of Microsoft Teams available.

Transforming your business

There’s a joke going around at the moment about the Covid-19 pandemic bringing digital transformation to many businesses in weeks that would have taken years to achieve without it. There’s no doubt that adopting the power of cloud services has the power to truly change how you run your business for the better. A good example is moving internal communication from email to Teams, including voice and video calls and perhaps even replacing a phone system with cloud-based phone plans.

But these business improvements depend on the actual adoption of these new tools. And that requires a mindset shift for everyone. Start with your IT department, if they still see M365 as just cloud-hosted versions of their old on-premises servers they’re missing the much bigger picture of the integrated platform that O365 has become. Examples include services such as Data Loss Prevention (DLP), unified labeling and automatic encryption/protection of documents and data, and unified audit logging that spans ALL the workloads. So, make sure you get them on board with seeing O365 as a technology tool to transform the business, not just a place to store emails and documents in OneDrive. And adding M365 unlocks massive security benefits, enabling zero-trust (incredibly important as everyone is working from home), identity-based perimeters, and cloud usage controls. But if your IT or security folks aren’t on board with truly adopting these tools, they’re not going to make you any more secure. Here’s a free IT administrator training for them.

Finally, you’re going to have to bring all the end-users on board with a good Adoption and Change Management (ACM) program, helping everyone understand these new services and what they can do to make their working lives better. This includes training but make sure you look to short, interactive, video-based modules that can be applied just when the user needs coaching on a particular tool, not long classroom-based sessions.

And all of that, for all the different departments, isn’t a once-off when you migrate to O365, it’s an ongoing process because the other superpower of the cloud is that it changes and improves ALL the time. This means you’ll need to assign someone to track the changes that are coming/in preview and ensure that the ones that really matter to your business are understood and adopted. The first place to look is the Microsoft 365 Message Center in the portal where you can also sign up for regular emails with summaries of what’s coming. Another good source is the Office 365 Weekly Blog.

M365 portal Message Center

M365 portal Message Center

A great course to help your IT staff is the free Microsoft Service Adoption Specialist (if you want the certificate at the end, it’s going to cost you $99). To help you track your usage and adoption of the different services in O365 there is a usage analytics integration with PowerBI. Use this information to firstly see where adoption can be improved and take steps to help users with those services and secondly to identify services and tools that your business isn’t using and perhaps don’t need, giving you options for changing license levels to optimize your subscription spend.

PowerBI Offie 365 Usage Analytics

PowerBI O365 Usage Analytics (courtesy of Microsoft)

Closing notes

There’s another factor to consider as you’re moving from on-premises servers to Microsoft 365 and that’s the changing tasks of your IT staff. Instead of swapping broken hard drives in servers these people now need to be able to manage cloud services and automation with PowerShell and most importantly, see how these cloud services can be adopted to improve business outcomes.

A further potential cost to take into account is backup. Microsoft keeps four copies of your data, in at least two datacentres so they’re not going to lose it but if you need the ability to “go back in time” and see what a mailbox or SharePoint library looked like nine months ago, for instance, you’ll need a third-party backup service, further adding to your monthly cost.

And that’s part of the overall cost of using O365 or M365, training staff, adopting new features, different tasks for administrators and managing change requires people and resources, in other words, money. And that’s got to be factored into the overall cost using Microsoft 365, it’s not just the monthly license cost.

The final question is of course – is it worth it? Speaking as an IT consultant with clients (including a K-12 school with 100 students) who recently moved EVERYONE to work and study from home, supported by O365, Teams, and other cloud services, the answer is a resounding yes! There’s no way we could have managed that transition with only on-premises infrastructure to fall back on.

Is Your Office 365 Data Secure?

Did you know Microsoft does not back up Office 365 data? Most people assume their emails, contacts and calendar events are saved somewhere but they’re not. Secure your Office 365 data today using Altaro Office 365 Backup – the reliable and cost-effective mailbox backup, recovery and backup storage solution for companies and MSPs. 

Start your Free Trial now


Go to Original Article
Author: Paul Schnackenburg

PowerShell book captures the tool’s intense early days

Colliding egos, Machiavellian subterfuge, cutthroat tactical maneuvers.

This isn’t the backdrop of a ripping yarn a la Game of Thrones, but a sampling of what you’ll discover in a behind-the-scenes book about the development of PowerShell book titled Shell of an Idea: The Untold History of PowerShell.

Don Jones had the idea for this PowerShell book simmering on the back burner for several years before some of the people directly involved in the development decided to go on the record about the Herculean efforts required to bring PowerShell from a concept to a default tool — or “in the box” — in the Windows OS.

Jones interviewed PowerShell’s inventor, Jeffrey Snover, and other team members and collected their anecdotes for an engaging narrative that offers a look behind the curtain of the high-pressure development process at Microsoft circa the early 2000s. Even with the blessing of Bill Gates, PowerShell still had numerous hurdles to jump before it was allowed to enter the Windows ecosystem.

Despite a promising start, it seemed PowerShell would be another venture that would wither on the development vine. However, a chance encounter between Snover and a friend who worked on Exchange Server resulted in PowerShell being added as an administrative tool in Exchange 2007. With that key advancement, the effort to get PowerShell added to the Windows OS took a step closer to reality.

The following excerpt from Jones’s PowerShell book comes from the chapter entitled “Windows, Again” and picks up the action at another crucial turning point for the automation tool.

Shell of an Idea: The Untold Story of PowerShell

With PowerShell’s triumphant 2006 release as part of Exchange Server 2007 — although you could also download the shell all by itself from Microsoft’s website — it was time to try and get back “in the box” with Windows itself. The motto for version 2 of PowerShell was “PowerShell Everywhere,” meaning the team wanted PowerShell to ship with Windows, putting the shell everywhere Windows was.

The team worked incredibly hard to clear all of the Windows Architecture team’s “gates” to inclusion in Windows. They went through Bill Gates reviews, they ticked off all the checkboxes they were given, and finally had to deal with management and politics.

Brian Valentine had been the primary high-level objector to PowerShell’s inclusion in Windows, and he was the one who’d denied the Design Change Request (DCR) files by Charlie Chase to “let PowerShell in.”

Bob Muglia, higher in the org chart than Valentine, set up a private meeting between the two men. Snover has a colorful, amusing, and incredibly NSFW turn of phrase for that conversation, and if you’re ever at a cocktail part with him, ask him about it. By the way, he drinks Budweiser. Not Bud Light.

After the meeting, Muglia sent out the kind of email you’d expect a high-level, professional, corporate executive to send out: I appreciate your perspective, I understand your concerns, but this is the business decision and we’re going to move ahead. It’s the type of email you send out to try and allow all sides to save face, even though, in some decisions, not everyone can have their way all at the same time. If you’ve been advocating for something other than what becomes the final decision, it’s an honorable way out of the argument.

Valentine didn’t take it.

He hit Reply All to a list that’s been described as “pretty much everyone,” and launched an impassioned, emotional diatribe against PowerShell being included in Windows. This was likely driven at least somewhat by him supporting this team members who were themselves fighting to keep PowerShell out of Windows, but it was too late. The decision had been made, and the next version of Windows would ship with Windows PowerShell v2 “in the box.”

PowerShell was now real, it wasn’t just an Exchange thing, and it was about to be in the hands of every Windows user on Earth.

Editor’s note: This chapter excerpt is from Shell of an Idea: The Untold History of PowerShell by Don Jones, published on the Leanpub platform. To read more about the book, click this link.

Go to Original Article
Author: