Tweet review #2

How many more breaches?

  • Do Azure Identity Protection
  • Do Advanced Threat Analytics
  • Do Privileged Access Management
  • Do Privileged Identity Management

Amongst all the key messages from Ignite this year was ‘assume breach’. Networks, directories, points of entry etc. are all so vast in almost any environment. Even with the best security policies it is folly to assume these are enough. These tools from Azure allow you to know when something isn’t right. Check out this session video from Ignite for more on ATA, IdP and PIM!

Teams. Glorious, glorious Teams.

If you’re using Office 365, and you think you might get too much email, you need to be using Teams. There’s plenty more to say but this problem was, in nutshell, what Sway was built to answer – which really saw massive growth, proving the concepts of team-based chat, and is why Microsoft Teams has been built to provide the same functionality with far greater integration with the rest of the Microsoft Office 365 stack. Use it, be happy.


I have an admission to make. I need get myself on the PFE bandwagon at some point and get into some proper performance analytics. For too long have I skirted around this subject and never fully dived in. My intention was to catch the legendary the case of the unexplained session at Ignite but with so much content it was missed somehow. Maybe now with an update being released, now is a good time…

Jen Stirrup is a data wizard

My interest in ‘big data’ is entirely selfish. PowerBI is something I desperately want to plug into everything associated with my day job and dataviz my world. Jen is someone I came across at Ignite via this session and has since become someone I follow more avidly on Twitter than is perhaps healthy!

Bold adoption, big gains

I live in the identity world, which is pretty pervasive throughout the Azure suite. EMS is a close subject matter; Whole Foods and Unilever are two hyper-scale organisations I know of that have undertaken bold adoption plans and are now seeing the fruits of their labour. Learn how Unilver modernized IT.

ARM Templates, DSC, yes please

This is very relevant to a pet project of mine and these areas are so central to managing resources in Azure IaaS/PaaS, thoroughly interesting!

Office 365 Groups – The File Report

I’m clearly a big fan of what Microsoft is doing with Azure, and Office 365, and Office 365 Groups. But one thing which is clearly not quite ‘there’ yet is the file experience. I’ve long converted from attaching files to linking to a shared file in OneDrive, and I’m quickly getting used to the O365 Group Team Site file sharing experience. But the way files are surfaced across the apps feels a little ‘disjointed’ somehow. And I think Tony is getting to similar points in his post here.

A bit like how Teams still has the chat blade, which should either be incorporated into the Skype app proper, or removed. Otherwise it’s just another interface into the Skype experience which will just cause confusion for the average user.

Features are there, they just need tying up and some consistency.

Tweet review #1

Time was when you would have to attend a five day training course, or buy a series of books 12 inches thick, to learn the latest technologies. These days we gather just as much (if not more) from technical articles, blogs, and docs with Twitter becoming one of the top ways to discover new content. You can follow the guys who build this stuff and get the news from the source. It’s an awesome age to be working in!

Every week I try and make sure to trawl through as much as I can, and favourite any tweets which hold any special interest or relevance. What I’ve found is it’s easy to lose track of these, so what I’m setting myself as a goal to complete a weekly tweet review – go back through my favourite tweets each week and complete a summary which I can then share out to folks and peruse at my leisure or refer back to.

So without further ado, on with Tweet review #1 – this one might be on the large side…

Tweets up to 17 November 2016

Get SharePoint out to Office 365

I’m no SharePoint guy, but I do know it’s a beast. And I know that cloud services generally tend to blow their on-prem cousins out of the water (or if they don’t today, then they probably will tomorrow). I imagine that most SharePoint folks are at least keeping a watchful eye on Office 365 SharePoint solutions with a view to migrating some day if not doing so already in big numbers.

I also had a the pleasure of seeing the talented Mr Khipple talk about O365 adoption at Ignite and can imagine he’d have plenty of good down to Earth advice on the subject of these migrations. I’d not heard of KM World before but a quick look up of the KMWorld and the main KMWorld account opens an intriguing window in the world of SharePoint.

State of Internet Identity by Kim Cameron (via Steve Dispensa)

It seems I was close to first hearing the name Steve Dispensa a few years ago when I was with OCG being introduced to the (at the time) PhoneFactor solution (now Azure MFA) by one of the PhoneFactor developers. At the time it seems Steve was founder and CTO of PhoneFactor, roll forward a couple of years and he’s now Director of Engineering in the Identity Division. Cool!

Steve posted a link to a talk by Identity Architect Kim Cameron who makes excellent observations about how the shift to cloud is impacting identity, apps, boundaries and the approach taken to the relationships involved.

His description of todays “ad-hoc” “hodge-podge” range of tactical solutions rings true, and it’s very interesting to be around at a time when Azure AD is really helping organisations to ‘up their game’, and also how rapidly this picture is changing.

Certainly the massive uptake in SaaS means that we’re quickly developing our standards and the need for solid data governance is more true now than ever.

Teams & Planner… & Office 365 Groups

This post is talking mostly about Teams and Planner (duh), but really it’s covering something I’ve seen elsewhere, and which I’m wondering if it’s something which people struggle with hence the repetition seen emphasising this point;

An Office 365 Group is a parent object, with all the collaborative tools a group might need collected underneath it. You want Teams? It’s there. You want Planner? It’s there. And so on. You’re never really just creating one thing in isolation any more. Everything hinges on the Group (from a collaboration perspective at least). And that’s awesome.

PowerBI DataViz

This post is really just a link to the Visualizations section of the Power BI Guided Learning. But as I’m still fresh to Power BI it’s good be directed to these resources. I’ve also found the Community to be massively helpful.

I’ve got a lot more to say on data and data viz so perhaps I’ll save that for another post some day 🙂

Oh & even if you don’t use Power BI, please add votes to this idea. You’ll appreciate it when you do use it later (via Kirk Munro)

MVA for IAM in the cloud

I’ve never really dug into the MVA courses. Maybe it’s not blocking time for them, maybe it’s something else. But whenever I check them out I’m always impressed at their availability and comparative brevity. This is a really great way to learn and consume information.

Of course not every single little detail is covered, but this is an excellent place to come for a run through the essentials.

The Amazing Vittorio!

No explanation required 🙂

Self-service has to be easy

This post reminds me very much of the old UX line:

A user interface is like a joke, if you have to explain it, it can’t be very good.

I’m a firm proponent of usability. There’s a bunch of meme-type images that demonstrate how people are extremely good at finding shortcuts. No matter what you think might be the best process, or a secure process, if it introduces unnecessary delay, people will do their utmost to find another way, or worse – a back door. I love making things super convenient for people – that’s part of the fun of automation and the work we do. But also doing all that securely, and invisibly – is where the magic is.

Dev Ops (improving speed in more ways than one)

There’s a lot of code wrapped up in IAM solutions, and I’m really looking forward to employing a DevOps workflow some time soon, and it’s looking like with the addition of performance that process adds even more value – WIN!

Azure Functions integrated into Visual Studio

I think Functions have massive potential particularly when IAM workloads are placed in the cloud as well. To be able to expose data to other services is going to open up all kinds of interesting capabilities. This is a nice add which brings Azure Functions ‘closer’.







Placing MIM in Azure IaaS

MIM has been listed under the server software support list for Azure VMs since it was known as FIM – so quite some time. But dig a little deeper and this isn’t a done deal, which is possibly a point of some confusion as this is not made at all clear when you read the Supported Platforms for MIM 2016 document. It was only while checking out the HA and DR for SQL in Azure VM’s document that I noticed SQL Clusters were not listed.

Always-On groups have some nice characteristics, and I imagine a great many conversations have taken place between MIM, SQL and Azure IaaS pros related to Always-On groups and how ‘they might just work’ regardless of not being listed in the MIM supported platforms document, but there is a key challenge specific to how MIM works which means that it’s not a trivial issue and Always-On groups might actually break the MIM platform. So we have something which needs to be resolved by Microsoft here, either:

  1. MIM needs to supports Always-On (or at least in some manifestation).
  2. Azure IaaS needs to support SQL clusters – maybe a ‘virtual cluster’?

Each of those is not a simple matter, so I’m not expecting a quick fix but back to today: SQL Cluster is the only supported HA option for MIM, and this is not available in Azure IaaS scenarios – and so Azure IaaS has no supported HA option for MIM.

For MIM Sync this may or may not be an issue for you, likely dependant on the fashion, length and frequency of your sync cycle. But a great many MIM Portal solutions have frequently-used self-service features which need to remain online (at least during business hours). In these cases, it is very difficult to recommend placing identity infrastructure into the cloud.

With identity receiving so much attention recently, it’s a little odd that identity infrastructure components have been left to stagnate in traditional datacentres. I guess this is 2016 and we’re now used to features and fixes coming thick and fast with the accelerated development cycle made possible by Azure. So it’s jarring when we’re forced to remember MIM is still very much a traditional on-premises service. Maybe something cloud-optimised could be coming along down the road, who knows, but identity folks are generally big proponents of cloud solutions, and so out of anyone looking to shift workloads to the cloud, I’m sure we’d all like to be at the vanguard of this… See how nicely I avoided a forefront reference?

If this impacts you, and you have a Premier support contract, it should be possible to open an advisory case from the Premier portal and submit a Business Impact Statement with Microsoft who will then review (and possibly reject) the case. But if enough people ask about this issue it may receive closer attention (here’s hoping).

So how about you and your environment, or your customers? Are people frustrated that they can’t migrate to the cloud? Or are they just doing it anyway on the basis that Azure IaaS brings with it other key benefits? I’d be interested to hear your thoughts and experiences.

Use the Azure AD Graph to generate amazing collaboration opportunities

Dynamic Groups

For many years, we’ve had the capability to drive dynamically generated Active Directory groups using what we might, for the purposes of this post, call the ‘on-prem AD graph’ – in Microsoft Identity Manager (MIM).

MIM maintains a view of a person through the lens of data collected about that person from disparate systems such as HR, AD, Exchange, IP telephony, local apps and so on.

Dynamic Groups are superb for driving access or experiences based upon the data available in MIM. But the data in MIM is often a subset of the whole. Rarely are all on-prem apps integrated, and of those which are, only the attributes selected when the app was integrated is available. So for organisations this lens of person data may be bigger or smaller.

The Azure AD Graph

Today it’s already possible to flow the data we have about people to the Azure AD Graph, which is great; with this new functionality it means we can use Azure AD to drive creation of these groups (automatically if necassary) without consuming processing cycles in the MIM Service or having people manage and maintain these assets in the MIM Portal.

But the really interesting addition is in SaaS; Where MIM is limited to the data sources it is connected to (and the attributes flowed from each), the Azure AD Graph can contain identity-related data generated by over two and half thousand SaaS apps.

The richness this provides is going to dramatically increase the capabilities we have and it’s reaching the point where identity professionals must rely far more on the contextual knowledge and experience of people within the business to extract greater value from our capabilities.

Adoption of identity

Imagine being told that using data that means something to you – about your team, where you work, the department you work in, the applications you use, that you could drive a set of collaborative assets for your specific workloads. Perhaps automatically. Dynamic management of Office 365 Groups using the Azure AD Graph is an incredibly interesting prospect… Hopefully Microsoft Teams isn’t too far from General Availability!

Try out some of the functionality using this tutorial here.

November 03, 2016 at 09:59PM