Tweet review #2

How many more breaches?

  • Do Azure Identity Protection
  • Do Advanced Threat Analytics
  • Do Privileged Access Management
  • Do Privileged Identity Management

Amongst all the key messages from Ignite this year was ‘assume breach’. Networks, directories, points of entry etc. are all so vast in almost any environment. Even with the best security policies it is folly to assume these are enough. These tools from Azure allow you to know when something isn’t right. Check out this session video from Ignite for more on ATA, IdP and PIM!

Teams. Glorious, glorious Teams.

If you’re using Office 365, and you think you might get too much email, you need to be using Teams. There’s plenty more to say but this problem was, in nutshell, what Sway was built to answer – which really saw massive growth, proving the concepts of team-based chat, and is why Microsoft Teams has been built to provide the same functionality with far greater integration with the rest of the Microsoft Office 365 stack. Use it, be happy.

Sysinternals

I have an admission to make. I need get myself on the PFE bandwagon at some point and get into some proper performance analytics. For too long have I skirted around this subject and never fully dived in. My intention was to catch the legendary the case of the unexplained session at Ignite but with so much content it was missed somehow. Maybe now with an update being released, now is a good time…

Jen Stirrup is a data wizard

My interest in ‘big data’ is entirely selfish. PowerBI is something I desperately want to plug into everything associated with my day job and dataviz my world. Jen is someone I came across at Ignite via this session and has since become someone I follow more avidly on Twitter than is perhaps healthy!

Bold adoption, big gains

I live in the identity world, which is pretty pervasive throughout the Azure suite. EMS is a close subject matter; Whole Foods and Unilever are two hyper-scale organisations I know of that have undertaken bold adoption plans and are now seeing the fruits of their labour. Learn how Unilver modernized IT.

ARM Templates, DSC, yes please

This is very relevant to a pet project of mine and these areas are so central to managing resources in Azure IaaS/PaaS, thoroughly interesting!

Office 365 Groups – The File Report

I’m clearly a big fan of what Microsoft is doing with Azure, and Office 365, and Office 365 Groups. But one thing which is clearly not quite ‘there’ yet is the file experience. I’ve long converted from attaching files to linking to a shared file in OneDrive, and I’m quickly getting used to the O365 Group Team Site file sharing experience. But the way files are surfaced across the apps feels a little ‘disjointed’ somehow. And I think Tony is getting to similar points in his post here.

A bit like how Teams still has the chat blade, which should either be incorporated into the Skype app proper, or removed. Otherwise it’s just another interface into the Skype experience which will just cause confusion for the average user.

Features are there, they just need tying up and some consistency.

Placing MIM in Azure IaaS

MIM has been listed under the server software support list for Azure VMs since it was known as FIM – so quite some time. But dig a little deeper and this isn’t a done deal, which is possibly a point of some confusion as this is not made at all clear when you read the Supported Platforms for MIM 2016 document. It was only while checking out the HA and DR for SQL in Azure VM’s document that I noticed SQL Clusters were not listed.

Always-On groups have some nice characteristics, and I imagine a great many conversations have taken place between MIM, SQL and Azure IaaS pros related to Always-On groups and how ‘they might just work’ regardless of not being listed in the MIM supported platforms document, but there is a key challenge specific to how MIM works which means that it’s not a trivial issue and Always-On groups might actually break the MIM platform. So we have something which needs to be resolved by Microsoft here, either:

  1. MIM needs to supports Always-On (or at least in some manifestation).
  2. Azure IaaS needs to support SQL clusters – maybe a ‘virtual cluster’?

Each of those is not a simple matter, so I’m not expecting a quick fix but back to today: SQL Cluster is the only supported HA option for MIM, and this is not available in Azure IaaS scenarios – and so Azure IaaS has no supported HA option for MIM.

For MIM Sync this may or may not be an issue for you, likely dependant on the fashion, length and frequency of your sync cycle. But a great many MIM Portal solutions have frequently-used self-service features which need to remain online (at least during business hours). In these cases, it is very difficult to recommend placing identity infrastructure into the cloud.

With identity receiving so much attention recently, it’s a little odd that identity infrastructure components have been left to stagnate in traditional datacentres. I guess this is 2016 and we’re now used to features and fixes coming thick and fast with the accelerated development cycle made possible by Azure. So it’s jarring when we’re forced to remember MIM is still very much a traditional on-premises service. Maybe something cloud-optimised could be coming along down the road, who knows, but identity folks are generally big proponents of cloud solutions, and so out of anyone looking to shift workloads to the cloud, I’m sure we’d all like to be at the vanguard of this… See how nicely I avoided a forefront reference?

If this impacts you, and you have a Premier support contract, it should be possible to open an advisory case from the Premier portal and submit a Business Impact Statement with Microsoft who will then review (and possibly reject) the case. But if enough people ask about this issue it may receive closer attention (here’s hoping).

So how about you and your environment, or your customers? Are people frustrated that they can’t migrate to the cloud? Or are they just doing it anyway on the basis that Azure IaaS brings with it other key benefits? I’d be interested to hear your thoughts and experiences.