Tag Archives: workers

Survey of business leaders highlights the importance of digitally enabling Firstline Workers – Microsoft 365 Blog

Today, there are more than two billion Firstline Workers, who are often a customer’s first point of contact, making them the first to represent a company’s brand. Microsoft partnered with Harvard Business Review Analytic Services to survey the roles and importance of the Firstline Workforce within the context of digital transformation.

Of the 383 business leaders who responded to the survey:

  • 78 percent responded that connecting and empowering Firstline Workers is critical.
  • 67 percent think increased efficiency is their top driver.
  • 60 percent will adopt advanced analytics in the next two years.

Read the full analysis of the survey, Building for success at the Firstline of business, to learn more.

How a custom Microsoft app is helping the Caribbean rebuild after hurricanes

Workers gather data using the Microsoft Building Damage Assessment app in Barbuda. The island was home to 1,600 people, all of whom were evacuated after Hurricane Irma. (United Nations Development Program Photo)

Travel for this story was supported by the Pulitzer Center on Crisis Reporting.

CODRINGTON, Barbuda — Last month at a United Nations donor conference, the international community pledged $1.3 billion to rebuild the hurricane-ravaged Caribbean. But how did they know how much the region, which was hit with back-to-back Category 5 hurricanes in September, needs to recover? In part thanks to a new app and software bundle from Microsoft, developed in collaboration with U.N. relief workers.

The prosaically named Building Damage Assessment app turned out to play a vital role in assessing the devastation of Barbuda and Dominica, two islands that faced the full force of Hurricanes Irma and Maria, respectively. Optimized for tablet, the Building Damage Assessment allows volunteers in the field with minimal training to quickly input data about structural damage through a series of drop-down questions, and collect photographs for visual evidence. The data is stored offline and then uploaded via the cloud when the tablet gets back in mobile data or wi-fi range. Professionals, meanwhile, can analyze the data using Microsoft Power BI to tabulate the total amount of damage and detect trends, like certain types of building materials that were more prone to collapse.

Data from the Building Damage Assessment App, shown in Microsoft Power BI.

The results have impressed even seasoned post-disaster professionals like Ugo Blanco of the United Nations Development Program (UNDP). “It’s going to change the way assessments have been done,” he said. “It can be deployed any time, anywhere. In a few days, we can have the teams in any country in the world.”

Microsoft developed a beta iteration of the Building Damage Assessment in 2015 as part of its humanitarian responses to the earthquakes in Nepal, but the software didn’t come into its own until this year’s double-whammy of hurricanes, when UNDP reached back out for technical assistance. The software giant allocated ten employees to the project and donated 70 Microsoft Surface tablets as well as keyboards and digital pens for use in the field, part of a $6.3-million post-hurricane philanthropic contribution.

Unlike a traditional software project, the client — the United Nations — needed the final product as soon as possible. “With people suffering, moving fast was really important, and we felt that the time that normal application development takes would not work in this situation,” Microsoft’s Humanitarian Response Manager Cameron Birge said via e-mail. “Given UNDP’s need to rapidly deploy, this meant the team had to respond and react more quickly, as challenges in information gathering and UX arose.”

Workers check data on the Building Damage Assessment app. (United Nations Development Program Photo)

A month after the storms, the Building Damage Assessment was ready to go. Barbuda is home to 1,600 people, all of whom were evacuated after Hurricane Irma. In early November, its 1,250 structures became the first complete assessment on a hurricane-hit island. Only a few United Nations relief workers were on the ground, so the U.N. staff recruited local volunteers and put them into 12 teams that fanned out across Codrington, Barbuda’s lone settlement.

Each team included a volunteer trained in the Building Damage Assessment app, an architect or building engineer who could assess damage, and a local who knew the neighborhood and its residents. In 10-15 minutes, the team would determine the state of the building and collect as much information as possible about the inhabitants – family size, gender, age, occupation – in a series of 46 questions.

Adradene Walker was one of the volunteers handling a tablet. After an hour-long orientation workshop, she was sent out into the field and said working with the brand-new app was a breeze.

(Google Earth Image)

“Everything was straightforward,” she told me. “It was even easier than some online forms.” Walker has some data-entry experience from her job as a secretary at the Barbuda secondary school. She owns a smartphone and an HP 3-in-1 laptop. With drop-down menus, the app is designed to be easy to use for anyone with mobile technology literacy.

In five days, the teams assessed all of the buildings on Barbuda in time for the donor conference at U.N Headquarters. While initial reports in the immediate aftermath of the storm indicated that 90% of buildings on Barbuda were damaged, the Building Damage Assessment determined that about half of the structures are ready to move back in or need relatively minor, handyman-level repairs. The other half need serious repairs or have to rebuilt from scratch. That kind of data helped the U.N. determine the rough cost of $79 million to repair and rebuild Barbuda’s housing stock, the kind of hard number necessary to make a pledging conference yield valuable results.

Using technology in post-disaster scenarios is not without pitfalls, of course, especially given power outages. Generators continue to govern life on Barbuda, and nearby Antigua, 39 miles away, offered a stable place to return at the end of the day with reliable electricity and Internet. (Antigua and Barbuda is a twin-island country.) Dominica has proven a more daunting task. There are 25,000 structures to be assessed by 30 teams. UNDP estimates it will take two months to finish the job there. As power is slowly restored, police stations are the only reliable source of electricity in remote areas. Tablets also must weather difficult conditions – several overheated in the Barbuda sun – so cases are de rigueur.

A worker takes a picture of hurricane damage using the Microsoft app. (United Nations Development Program Photo)

Fortunately, the Microsoft Surface Pro 3 can work offline and still collect GPS coordinates. With mobile roaming data, the app can upload 30 questionnaires in ten seconds to collect the most vital data, while photos can be held until there is a WiFi connection.

As the tool continues its work in Dominica, UNDP and Microsoft are already discussing future improvements to user experience, like further streamlining the questionnaire to minimize keyboard entries, which are prone to errors in the high-pressure field environment.

The tool’s desktop data analysis has also helped build local capacity in an underdeveloped region. “The Building Damage Assessment gave us information that the government has never had before,” Blanco said, citing detailed info among the million-plus data points on the location of damaged buildings, the type of debris, and what kinds of roofs were most prone to failure. He describes the user-friendly visual display as valuable for technicians at a housing ministry but also easy-to-understand for a prime minister or president.

“This information is critical evidence,” Blanco said. “You can make policy decisions on how to rebuild.”

Above all, the Building Damage Assessment has proven that a digital approach is the future of disaster relief. “I’ve been in many post-disaster situations. In the best case we’ve had info we can’t use – thousands of pages we did not have time to go through or input to Excel,” Blanco said. “We are dealing with millions of data points. You cannot do that with paper.”

Multi-geo service tackles Office 365 data residency issues

Many modern enterprises have workers in offices spread all over the world. While there are numerous advantages…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

to a multinational organization, the complexities of managing the data generated by a global workforce can vex even the most adept Office 365 administrator.

When the admin creates the Office 365 tenant, the Exchange Online mailboxes reside in a specific geographic region determined by the organization’s billing address. The mailboxes may be replicated to different data centers within that geographic region. To meet data residency requirements, organizations can create multiple Office 365 tenancies in different geographic regions, but this increases overall administrative complexity.

To address these Office 365 data residency needs and streamline how businesses handle them, Microsoft designed what it calls multi-geo capabilities. With multi-geo, organizations that use Exchange Online can store a mailbox in one of multiple geographic regions within a single Office 365 tenancy.

Here is some information on the multi-geo feature and its configuration for Office 365 data residency.

Multi-geo comes with restrictions

As of publication, the multi-geo feature is in a selective preview stage for Exchange Online and OneDrive for Business. Microsoft plans to release it into general availability for those services in the first half of 2018. The company intends to add multi-geo to SharePoint Online with a preview expected in the first half of 2018. Microsoft said it might add this capability to other Office 365 apps, such as Microsoft Teams, but it has not given any timelines.

However, the multi-geo service comes with restrictions. For example, the India and South Korea geographic regions are only available to organizations with licenses and billing addresses there. Other regions, such as France, are not yet available.

Microsoft recommends an organization with questions about the multi-geo feature talk to its Microsoft account team. The company has yet to unveil licensing details for the service.

Multi-geo introduces new terminology

Home geo is the term Microsoft uses for the geographic region where the Office 365 tenancy was created. Regions that the organization adds later are known as satellite geos. The multi-geo feature provisions new mailboxes in the home geo by default, but admins can start them in a satellite geo.

The organization can move existing mailboxes between home and satellite geos. This operation should not adversely affect workers because the mailboxes will remain in the same Office 365 tenancy, and the Autodiscover service automatically locates the user’s mailbox in the background. However, Microsoft said the multi-geo service does not support Exchange public folders, which must reside in the home geo.

Organizations should monitor the Microsoft Office 365 roadmap for changes in support of the multi-geo service.

PowerShell cmdlets adjust regions

In organizations where directory synchronization hasn’t been deployed, administrators can use two PowerShell cmdlets to set configuration parameters for the multi-geo feature.

Admins can use the Set-MsolCompanyAllowedDataLocation cmdlet from the Azure Active Directory (AD) PowerShell module to set up the additional geographic regions in the Office 365 tenant.

The Set-MsolUser cmdlet features a PreferredDataLocation parameter to specify the geographic region that will store the user’s Exchange Online mailbox and OneDrive for Business files. A user account can only have one PreferredDataLocation for those services.

Considerations with directory synchronization

Businesses that have deployed directory synchronization and run a hybrid configuration of Exchange, where some mailboxes are stored on premises and others in Exchange Online, need a new version of Azure AD Connect to support the multi-geo feature. Azure AD Connect synchronizes an on-premises AD user account custom attribute into the PreferredDataLocation attribute in Azure AD.

The admin sets up the geographic region of the user’s Exchange Online mailbox with the AD on-premises custom attribute. After the value is synchronized with Azure AD, Exchange Online uses that setting to place the mailbox in the proper region. This enables admins to adjust settings in on-premises AD accounts to control the geographical region of Exchange Online mailboxes.

Next Steps

Keep Office 365 data secure

Microsoft adds data loss prevention features across services

Back up Office 365 before disaster strikes

Configuration Manager tool regulates server updates to stop attacks

Business workers face a persistent wave of online threats — from malicious hacking techniques to ransomware –…

“;
}
});

/**
* remove unnecessary class from ul
*/
$(“#inlineregform”).find( “ul” ).removeClass(“default-list”);

/**
* Replace “errorMessageInput” class with “sign-up-error-msg” class
*/
function renameErrorMsgClass() {
$(“.errorMessageInput”).each(function() {
if ($(this).hasClass(“hidden”)) {
$(this).removeClass(“errorMessageInput hidden”).addClass(“sign-up-error-msg hidden”);
} else {
$(this).removeClass(“errorMessageInput”).addClass(“sign-up-error-msg”);
}
});
}

/**
* when validation function is called, replace “errorMessageInput” with “sign-up-error-msg”
* before return
*/
function validateThis(v, form) {
var validateReturn = urValidation.validate(v, form);
renameErrorMsgClass();
return validateReturn;
}

/**
* DoC pop-up window js – included in moScripts.js which is not included in responsive page
*/
$(“#inlineRegistration”).on(“click”,”a.consentWindow”, function(e) {
window.open(this.href, “Consent”, “width=500,height=600,scrollbars=1”);
e.preventDefault();
});

and it’s up to the administrator to lock down Microsoft systems and protect the company.

Administrators who apply Microsoft’s security updates in a timely fashion thwart many attacks effectively. IT departments use both System Center Configuration Manager and Windows Server Update Services to roll out patches, but the Configuration Manager tool’s scheduling and deployment options make it the preferred utility for this task. Admins gain control and automation over software updates to all managed systems with the Configuration Manager tool, which also monitors compliance and reporting.

Why we wait to update

An organization bases its security update deployment timeline on several factors, including internal policies, strategies, staff and skill sets. Some businesses roll patches out to production servers as soon as Microsoft makes them available on Patch Tuesday, the second Tuesday each month. Other companies wait a week or even a couple months to do the same, due to stringent testing procedures.

Here’s one example of a deployment timeline:

  • Week 1: Handful of test systems (pilot)
  • Week 2: Larger pool of test systems
  • Week 3: Small pool of production servers
  • Week 4: Larger pool of production servers
  • Week 5: All systems

This scenario leaves many endpoints unpatched and vulnerable to security risks for several weeks. Microsoft has a cumulative update model for all supported Windows OSes; the company packages each month’s patches and supersedes the previous month’s release. In some cases, systems won’t be fully patched — or will remain unpatched — if a business fails to deploy the previous month’s security fixes before Microsoft releases the new updates. To avoid this situation, IT organizations should roll out the current month’s updates before the next Patch Tuesday arrives just a few weeks later.

Automatic deployment rule organizes the patch process

An automatic deployment rule (ADR) in the Configuration Manager tool coordinates the patch rollout process. An ADR provides settings to download updates, package them into software update groups, create deployments of the updates for a collection of devices and roll out the updates when it’s most appropriate.

Find the ADR feature in the Configuration Manager tool under the Software Updates menu within the Software Library module. Figure 1 shows its options.

Create a software update group
Figure 1. The automatic deployment rule feature in the Configuration Manager tool builds a deployment package to automate the update procedure.

Settings to configure specific update criteria

The admin sets the ADR options to download and package software updates with the following criteria, which is also shown in Figure 2:

  • released or revised within the last month;
  • only updates that are required by systems evaluated at the last scan;
  • updates that are not superseded; and
  • updates classified as Critical Updates, Security Updates, Feature Packs, Service Packs, Update Rollups or Updates.
Build an automatic deployment rule
Figure 2. The administrator builds the criteria for a software update group in the ADR component.

The property filter — also seen in Figure 2 — packages software updates on a granular scale to best suit the organization’s needs. In the example shown, the admin uses the property filter to only deploy updates released in the last month.

In the evaluation schedule shown in Figure 3, the admin configures an ADR to assess and package software updates at 11 p.m. on the second Tuesday of each month.

ADR custom schedule
Figure 3. The admin builds a schedule to evaluate and package software updates every month at a certain time in the ADR feature of the Configuration Manager tool.

Set a maintenance window to assist users

To patch servers, use maintenance windows, which control the deployment of software updates to clients in a collection at a specific time. This meets the preferences of server owners, who cannot take certain machines down at particular times for a software update and the consequent reboot. In most cases, admins set maintenance windows to run updates overnight to minimize disruption and effects on end users.

Some businesses roll patches out to production servers as soon as Microsoft makes them available on Patch Tuesday, the second Tuesday each month. Other companies wait a week or even a couple months to do the same, due to stringent testing procedures.

Admins can set the deployment schedule in a maintenance window to As soon as possible since the maintenance window controls the actual rollout time. For example, assume the IT staff configured the following maintenance windows for a collection of servers:

  1. Servers-Updates-GroupA: maintenance window from 12 a.m. to 2 a.m.
  2. Servers-Updates-GroupB: maintenance window from 2 a.m. to 4 a.m.
  3. Servers-Updates-GroupC: maintenance window from 4 a.m. to 6 a.m.

If the admin sets these collections to deploy software updates with the As soon as possible flag, the servers download the Microsoft updates when they become available — it could be right in the middle of a busy workday. Instead, the update process waits until 12 a.m. for Servers-Updates-GroupA, 2 a.m. for the next group and so on. Without any deployment schedule, collections install the software updates as soon as possible and reboot if necessary based on the client settings in the Configuration Manager tool.

To create a maintenance window for a collection, click on the starburst icon under the Maintenance Windows tab in the collection properties. Figure 4 shows a maintenance window that runs daily from 2 a.m. to 4 a.m.

Maintenance window schedule
Figure 4. Configure a maintenance window for a collection with a recurring schedule.

In this situation, admins should configure an ADR to deploy updates with the Available flag at a specific date and time, but not make the installation mandatory until later. Users apply patches and reboot the system at their convenience. Always impress upon users why they should implement the updates quickly.

Microsoft refines features to maximize uptime

Microsoft added more flexibility to coordinate maintenance and control server uptime in version 1606 of the Configuration Manager tool. The server group settings feature the following controls:

  • the percentage of machines that update at the same time;
  • the number of the machines that update at the same time;
  • the maintenance sequence; and
  • PowerShell scripts that run before and after deployments.

[embedded content]

How to use System Center Configuration
Manager to plan and execute a patching regimen
for applications and OSes.

A server group uses a lock mechanism to ensure only the machines in the collection execute and complete the update before the process moves to the next set of servers. An admin can release the deployment lock manually if a patch gets stuck before it completes. Microsoft provides more information on updates to server groups.

To develop server group settings, select the All devices are part of the same server group option in the collection properties, and then click on Settings, as seen in Figure 5.

 Set server group configuration
Figure 5. Select the
All devices are part of the same server group option to configure a collection’s server group settings.

Select the preferred option for the group. In Figure 6, the admin sets the maintenance sequence. Finally, click OK, and the server group is ready.

Maintenance sequence
Figure 6. The administrator uses the server group settings to maintain control over uptime and coordinate the maintenance schedule.

For additional guidance on software update best practices, Microsoft offers pointers for the deployment process.

Next Steps

Secret Service: Culture change needed to boost security

Reduce patching headaches with these tools

Find the right patching software