Office 365 Virtual Launch Event

I’m attempting to live blog this.  No promises – I’ve been sick for a week and I will probably miss quite a bit in between bouts of coughing.


We get a video of an O365 customer in Hamburg Germany.  They use an E plan by the sounds of it, with AD synch via ADFS.  It’s a big love affair with the cloud in Hamburg.

And here goes the launch … let’s hope no SSL certs expire in the next while …

John Case, Corporate VP Office Division, announces availability of #Office365.

Kurt DelBlene

President Office Division

We get the old cloud message: mobility, ad-hoc working, faster change (when is my upgrade?), less hardware and maintenance costs (partners need to evolve), and a “new role for IT to focus on strategic investments”.


  • Best on Windows 8: new look, touch.
  • Built for the cloud from the ground up.  Auto save to the cloud and available on PC and Mac equally well
  • Social is built into Office.  Context of people is shown: who/where/what
  • Built for the end user with new scenarios.  PowerPoint has a useful (first time ever) presenter mode.  Lync does HD.  You can import and edit PDF in Word.  Word is a reader that remembers the last location
  • IT control: compliance and deliverables.

Office 365 business plans are now launched.  Office 2013 Pro Plus is included (no mention of the plans), for up to 5 PCs/Macs.  Yammer is built into Office 365.

Julia White

General Manager, Office, has her Windows 8 Surface Pro out for a demo.  Word 2013 first.  New read mode with swipe support, tap to read comments, and tap again to talk to the commentator  via Lync.  New online picture option to Bing for an image and drop it straight into the Word doc.  You are asked how you want text to flow around the new picture.  By default, the doc is stored in the cloud.

SharePoint in O365 next.  Content can be cached offline. 

Windows Phone 8 Office Hub.  Same content is visible.  It even goes to the last read location in Word. 

Outlook.  It does detect if your device is touch and gives you a panel of controls on the right for easy mail manipulation. 

OneNote MX:  New touch control instead of fiddly menus.  Called a Radial Menu – very Star Trek TNG.  It is context sensitive.  You can use a stylus and draw – I’ve found this very handy to diagram within my notes. 

Excel: New flash fill feature to auto fill cells based on a predictive text algorithm that detects patterns on existing data versus what you’re doing.  Yay, more pivot tables – ick!  And a new power view based on pivot tables. 

Yammer: basically it’s an internal Facebook for the company.  It’s really a lot like Facebook.  Attach files, like, praise, run surveys, etc.  You follow people or groups like on Twitter.  You can create external networks (security and compliance officers crap themselves here). 

Out comes the 85” Perceptive Pixel touch TV for a Lync demo.  A presentation is shown and live edited.  OneNote is open and all participants can interact with it.

Customer Interviews

  • City of Chicago: 30,000 employees moved to the cloud. 
  • Toyota: Wanted to improve communications between the company and partners. “When you’re an IT person you don’t normally get applause” Smile
  • Meals On Wheels (charity): Great solution for widely dispersed charities.  Irish NGO Concern has been using O365 for it’s people scattered all over the world.

And that’s that.  Very short and not much info at all on this massive release.  I guess you’ll have to go online.  I guess will have a glut of docs.

Technorati Tags: ,

Office 365 “2013” Is Launched/Announced

The “2013” wave of “The New Office” has been launched.  You’re hearing lots of news about Office 365 (and this stuff is valid) but the launch includes all the usual on-premise server and Office client suspects.

A few days ago Microsoft launched the FPP (Full Packaged Product) of Office 365 Home Premium.  FPP means it comes in a box.  Yup a consumer can buy Office 365 from a shop (or direct online) for their family on an annual basis.  This includes up to 5 installs of Office on a PC (2013) and on a Mac (2011).  The box contains a code and setup instructions to get going, and this includes the simple process for installing the auto-updating install of Office.

The other SKUs of Office 365 are intended for the business.  If they are sold direct by Microsoft, a partner can be registered as the partner of record.  This gives that partner their recurring fees.  Partners can also use the Office 365 partner portal to send invites to their customers; this automatically configures the partner of record to ensure they get their finders fee and recurring fees.  The new Office 365 versions will be available on Feb 27.  Don’t ask me when the upgrades for existing customers will happen because I do not know.

Remember that Office 2013 is included in the price and can be delivered by:

  • Click-to-run: permanent (it is leased and activated every 30 days as long as your subscription is valid) and updated install
  • On-demand: A temporary install, e.g. for an Internet Café
  • Office Web Apps: lightweight web only Office apps

Office 365 Small Business has a target market of 1-10 users (expands up to 20) and works with Windows Server 2012 Essentials.  This will also be available direct and retail (FPP).

Office 365 Midsize Business is intended for the SME market with a target market of 11-250 (max of 300).  It is also available via Open licensing as well as the normal direct/partner of record methods.  This means that VARs can buy Office 365 Midsize Business (from March 1st) from a cloud distributor and sell it direct to their customer without Microsoft having direct billing with the customer.  This means that VARs can bundle O365 with annual support/maintenance/services contracts and price it as they see fit. 

Office 365 Enterprise is for >250 users.  It is also available via Enterprise Agreements (EAs) sold direct to the customer by a Large Account Reseller (LAR).

In summary:

  • Right now: people can buy Office 365 Home Premium, including FPP via retail
  • Feb 27th: business can buy direct and through association Office 365 Small Business, Midsize, and Enterprise SKUs
  • March 1st: Microsoft partners can buy Office 365 Midsize via Open licensing from distribution and resell it to their customers

There will be trial editions available.

The clever partners will focus on services.  The soon-to-be-extinct partners will moan about the end of SBS.  How much profit did you make last year on that SBS server hardware sale?  Hardware margins have been going down.  If you rely on selling tin then you’re not long for this world.  How much profit did you make from the license?  Maybe a few points, and once again, you won’t feed your children on profits from licensing.  Services are where the money is.

My employers have been running a series of workshops on the next version of Office 365 for the partners who registered us as their cloud distributors.  Office 365 MVP, Kerstin Rachfahl, flew over from Germany to deliver the content. Kerstin and her husband Carsten (Virtual Machine MVP like me) own a VAR company that operates in a market that is similar to the one that the typical Irish partner does, and they have made a success of Office 365.


Services! Services! Services!  Set your self up as the delegated administrator for your customers and support them from your office.  Deploy Office and Lync.  Upgrade their PCs using MDT.  Maybe couple Office 365 with cloud PC management (e.g. Windows Intune) for remote PC/mobile device support and management.  Migrate users from their SBS to the cloud.  Learn some basics in SharePoint and maintain it for the customer.  Maintain their users, customise policies, and all that usual stuff.  Become the customer’s IT support staff in the cloud.  In the end, you still do the services.  Just now, you can do it from anywhere because everything is online.

Partners had a right to be upset at Office 365 before now because of the lack of a distribution model through Open.  Now the two smaller packages will be available via FPP retail and the midsize product (where most VARs business is) will be available via Open.  Don’t bother crying about Enterprise not being via Open.  All Microsoft enterprise licensing (Select and EA) goes direct to the customer via a LAR, bypassing the partner.

Any partner that continues to fight the cloud is going to be in for “interesting times” in the next 12-18 months.  Change is constant in IT.  Your ability to resell SBS ends this year.  Selling Server Standard, Server Standard per user/device CALs, Exchange Server and user CALs is a pricey business, and the stuff is complicated.  Anyone in the SBS market knows that service provider churn happens and is common.  You probably won the customer through a “site check-up” and that’ll happen to you if you cling to the traditional client/server model.  I’m seeing lots of partners interested in what Office 365 can do for their business and their customers … once you’re in you have enterprise level products (e.g. Email archival and Data Loss Prevention without Enterprise CALs), no more upgrades, and continuous Office upgrades … and no more trying to sell a SBS server with ever reducing margin on tin/licensing.  Not to mention that field engineer time becomes more efficient because the “server” is online and there is no travel to “hit the reset button”.

Resistance is futile.  Even the dinosaurs, as powerful as they were, died when change came a calling.  Do you want to be a dinosaur?

Microsoft posted a lot of information last night.  This includes release dates, information on the 4 basic SKUs of Office 365 (Exchange online is still available and can be mixed with Office 365 Enterprise [E1]), and some FAQ and presentations.

Technorati Tags: ,

Hyper-V and System Center Training for VMware Professionals

This post is dedicated to the person from VMware Australia (name withheld) who keeps attempting to post spam on my blog.  Sorry dude, we’re not buying any.  But I thought you’d like to learn some facts about the Microsoft stack so you can understand why so many of your Australian customers are switching to Hyper-V and System Center.  Maybe there’s some time left for you to drop the FUD feedbag and reskill Smile

Virtualization for VMware Professionals Jump Start

Tomorrow at 08:00 until 17:00 PST (-8 hours GMT) Symon Perriman and Matt McSpirit (both VMware VCPs) are running the second of a three course series that is tailored for VMware professionals looking to get up-to-speed on how Windows Server 2012 Hyper-V and System Center 2012 SP1 compare with VMware vSphere 5.1 and VMware’s Private Cloud, respectively.

You can register here.

Managing Apple iOS Devices From Windows Intune

This was the most exciting thing I saw at MMS 2012.  I knew what System Center was capable of, but I wasn’t expecting to see iPhones and iPads (as well as Android, etc) being managed by Microsoft from the cloud, using the same solution for managing PCs.

This week I’ve been setting up a demo environment in Windows Intune “Wave D” (thanks to my colleagues at work for the help in setting up the “partner”).  It’s one thing to manage PCs, but you really score points with customers when you can show a Microsoft product managing the rivals.  I use Ubuntu as my guest OS when showing of Hyper-V.  I want to show of an iPad Mini being managed by Windows Intune Smile

The process is “documented” on TechNet, with links from the Windows Intune console.  I use “documented” very loosely.  The information incomplete in my opinion.  So here are my notes:

A step I missed in this documentation is choosing your mobile device management solution.  I chose the Windows Intune option, instead of using System Center with Windows Intune, which was under Tasks in Administration > Mobile Device Management.

The Push Notification Certificate

The first requirement for managing iOS devices is that you have an Apple ID for your company.  There is no cost to this.  This contrasts with the €75/year cost of signing up for a Windows Phone developer account for managing Windows Phone 8.

Now open the Windows Intune admin console and browse to Administration > Mobile Device Management > iOS > Upload an APNs Certificate.  Confusion point: there is more to this than a simple upload.  Here’s how.  Click Download The APNs Certificate Request.  This downloads a .CSR file certificate request.

Now you browse to the Apple Push Certificates Portal.  Here is where you upload the .CSR file that you just downloaded from Windows Intune.  If like me, you’re using IE, you will likely be prompted about a .JSON file.  Ignore that.  Refresh the page (I muddled about here trying to figure out the JSON thing) and you should end up with something like the below:


Click Download to get a file called MDM_ Microsoft Corporation_Certificate.PEM; this is the certificate that you will be uploading to Windows Intune.  It will uniquely identify your organisation to managed iOS devices (or something like that). 

Return  to Windows Intune where you downloaded the .CER file, and click Upload The APNs Certificate. Browse in the dialog and select the .PEM file you just got from Apple.  You also need to supply the Apple ID name that was used in the Apple Push Certificates Portal to create the PEM file.


That all sounds messy.  I agree.  But you only have to do it once in your portal … every year.  Check the previous Apple screenshot and look at the expiry date for the APN certificate.  It only lasts for 1 year.  Set a recurring reminder in your (and your colleagues) calendar to repeat this process in advance of the expiration (you don’t want to be digging up email addresses and passwords).  And document what accounts/passwords are being used.  Please use a strong passphrase for your Apple ID.

Create User Accounts

You create user accounts in the Windows Intune Accounts site.  You can set up AD synchronisation instead of manually creating your users.  A warning: management of the devices will not work unless you add the users to the Windows Intune user group in the Accounts site.  Open the user, click Group, and check the Windows Intune box:


Enroll the Device

This is a crude mechanism.  You need to supply the IOS device user (probably via email) with the following information:

At this point there’s a whole bunch of crap that happens from the Apple side.  You have to OK lots of things to enable the device to volunteer to be managed: Install, Install, Install Now, Install, and then Done.  A Company Portal “app” (it’s actually a web shortcut that opens the mobile site in Safari) is installed on the iOS device.  Now the user can open the Company Portal, log in using their Intune account, and install company supplied apps.  Here’s a screenshot of a user browsing a serious business app on an iPad Mini in the Windows Intune catalog.


You can add apps from the Apple App Store (just links which open the App Store and allow the user to install apps as always) or you can develop in-house apps and side-load them directly from Windows Intune, bypassing the app store completely.  Good news: you use the exact same tool for managing apps on all types of devices, including PCs.  And it’s pretty simple to use too.

The Management Profile

Part of the configuration on the device is setting up the Management Profile.  You can find this under Settings > General > Profile – Management Profile.


You can expand More Details to see more information (might be useful for troubleshooting certificates).  You can remove management of the device by Intune (“returning” the device to the user) by clicking Remove.  It takes a few seconds to remove the profile.  Management Profile should disappear from Profile after this and Windows Intune is now nothing to do with the machine again.

Device Not Appearing In the Console

The “documentation” says:

To enable iOS devices to receive notifications using a wireless connection, make sure that port 5223 is open.

There is no mention if this is an inbound or outbound port requirement, or if it is TCP (probably) and/or UDP.  You could also read it as a firewall requirement on the actual iOS device itself (which it isn’t).  I had the devices on the lab at work and, while I could pull down apps from and browse the Company Portal, the devices refused to appear in the console.

Want to check if it’s working OK?  Log into the Company Portal on the device in question, and browse to Support.  If the name of the device appears there then comms seem to be OK and the device is registered … at least in my experience – I have no idea if that’s a valid indicator but it works for me … so far.


On the Wi-Fi in the company lab, the devices refused to register.  I put them onto 3G and they registered pretty quickly, and you can see lots of information for each device.

Reinstalling The Management Profile

I decided to remote the management profile and try to re-add the iOS device to Windows Intune.  I could not get the device to re-register to Windows Intune using the above process.  I believe the correct procedure is to log into the Company Portal, hit Support, click Change, and click Add Another Device.  This has worked for me a couple of times.


You can create Mobile Device Security Policy objects in the admin console.  There are some generic and some iOS specific settings:





The certificate stuff is a bit fiddly but you’ll only have to do that once per company, per year.  I can’t be sure, but I guess that is an Apple restriction on the validity of the APN certificate.  After that, it’s a pretty simple process.

Enrolment of these consumer style devices will always (with any product) be user driven.  You can’t push management onto a consumer (or BYOD) device.  If necessary, you could do the sneaker-net thing.  I can envision helpdesks doing a lot of that for BYOD management.

Some of the Apple folks in the office were very impressed with this solution.  Centralised management of mobile (particularly iOS) is a hot topic right now.  Windows Intune does a nice job.  Does it have all the bells and whistles of a Zenprise?  No, but Intune has a nice price at around €4.89/user/month (with 5 devices/user).  Throw in Software Assurance (€8.98/user/month) and those Windows PCs can be upgraded to the rights of SA, including Windows 8 Enterprise.

Thumbs up!

Technorati Tags: ,,

Q&A On The Microsoft Server & Cloud Blog

I did a questions & answers email interview for the Microsoft Server & Cloud blog recently and the results of it were posted online overnight.  The subject: the Cloud OS (Windows Server 2012 and System Center 2012 SP1).

System Center Global Service Monitor Availability

Global Service Monitor for System Center 2012 SP1 Operations Manager is now available.  However, it’s not quite as simple as your normal feature in OpsMgr, because there is a cloud service involved.

Version 1.0.1800.0 of the System Center Global Service Monitor Management Packs can be downloaded and installed freely.  Then you are going to need an account for Global Service Monitor.  On this, Microsoft says:

You can sign up for a free trial account and use Global Service Monitor for free for up to 90 days. Beyond the 90-day free trial period, System Center Global Service Monitor is only available to customers with active Microsoft Software Assurance coverage for their System Center 2012 server management licenses.

This Software Assurance benefit will be available in March 2013 in supporting countries.  At the moment, these are Australia, Austria, Brazil, Canada, France, Germany, Ireland, Italy, Japan, Mexico, Netherlands, Singapore, Spain, Switzerland, United Kingdom, and the United States.

So, if you want to use GSM long term, you will need to be (a) in one of the participating countries, and (b) have current Software Assurance on your System Center licensing.  Beyond that, there is no additional cost that I can see.

Technorati Tags: ,,

Office 365 vNext Training For Registered MicroWarehouse Cloud Customers

My employers, MicroWarehouse are running technical training on the next wave of Office365 at the end of this month.  Spaces are limited – and they are restricted strictly to employees of Microsoft partners that have completed the process of registering MicroWarehouse as their cloud distributor.  Such training is one of the benefits of this registration.

Anyone with questions on registration or becoming a Cloud Essentials partner can contact their MWH account manager for assistance.

Now for the training details.  We’re lucky to have Office 365 MVP Kerstin Rachfahl coming over from Germany to deliver this training.  Kerstin, and her husband Carsten (a fellow Virtual Machine MVP), work in the SME space just like the majority of Microsoft partners, and the training will be focused on this market, making the training very relevant to Irish partners.  I will be sitting in too – cos I want to learn from an expert.

The details of the training are:


As I said, this event is exclusively for technical employees of Microsoft partners that have completed the process of registering MicroWarehouse as their cloud distributor.  Those folks may register for this event here.

Technorati Tags: ,

Log Into And Use 2 Lync Accounts At Once

I have two Lync online accounts:

  • My personal one
  • And my work one

Both run through Office 365, and I wanted to have them both running.  Doing this with Live Messenger was possible using 3rd party clients, but I’ve not seen such a client for Lync. 

How to do it?  Well, there’s a few ways to run Lync clients, and they can all run in parallel:

  1. Install the desktop client – this is the best user experience and should be used for the account that is most important (presence and chat)
  2. Log into Lync via the OWA interface in the O365 portal … it’s basic but it allows people to talk to you
  3. Install the Windows Store Lync app on Windows 8 – it’s not as good as the desktop client but it works

At work, I use the full desktop client and the Windows Store App.  Both can be running at the same time, and logged in with different user accounts.  Sorted!

Now if only we had a desktop client that supported dual accounts ….

Technorati Tags: ,

Strike Up Another Reason For Using System Center Configuration Manager In Your Cloud

It is rare that Microsoft releases a bad update through Windows Updates, but one appeared this week, as Hans Vredevoort posted.  How do you avoid the problem of automatically pushing out “bad” updates straight after they are released?

Well, here’s the “solution” I often encounter when I talk to consultants and administrators:

We approve patches manually

Ah!  My response to this usually goes along the lines of:

  1. I grimace
  2. and respond with:

When you approve patches manually then you don’t patch at all!

One such company hadn’t deployed a Windows update since Windows XP SP2 – and I suspect that the media they used came with SP2 slipstreamed.  It was no doubt that Conficker ate them up.  And it’s no doubt that Conficker still is in the top 10 of malware in domain-joined (i.e. administrator controlled) PCs.  Meanwhile, PCs that are managed by users (workgroup members) are not seeing Conficker in the top 10.  By the way, Microsoft released a hotfix to prevent Conficker 1 month before the malware was first detected, and that was around the time of Windows 7’s GA launch.

The fact is that manual patch testing and approval do not happen.  There might be a process, but that doesn’t mean that it’s used.  I bet if you surveyed 1000 companies with this process then you’d find the majority of them don’t do it, and are probably woefully unprotected.  Queue the moronic comments that’ll try to excuse behaviour … I know they’re coming and they only show guilt.

What you need is automation.  But doesn’t automated patch approval mean that patches are approved and deployed immediately, bugs and all?  Not necessarily.

When I started working with ConfigMgr 2012, I read the guides by Irish (in Sweden) MVP, Niall Brady.  I liked his approach to dealing with updates:

  1. Check for new catalog updates every hour (my preference)
  2. Allow already approved updates to be superseded automatically
  3. Delay approval of updates by 7-14 days
  4. Set a deadline of 7 days

With this approach, updates are approved automatically, but they aren’t made available for 7-14 days.  And updates won’t be mandatory for another 7 days beyond that. That means updates don’t get forced onto machines for 14-21.

For server updates, I’d set a maintenance window on the collection(s) of servers, so that updates can only happen during those time windows (and not impact SLA).

With this approach, you get the best of both worlds:

  • You delay the updates, giving other people the “opportunity” to test the updates for you, and you deploy the 2nd release of “bad” updates (bad updates are superseded by new versions)
  • The process is automated, so your updates are pushed out without any human intervention.  You can always disable the automatic approval rule if the brown smelly stuff looks like it wants to hit the fan.

Remember, you can deploy updates from anywhere using ConfigMgr (see System Center Updates Pulisher).  And this is just one of many reasons why I like ConfigMgr in the cloud.

Technorati Tags: ,,

System Center 2012 Service Pack 1 Is On The Volume Licensing Service Center – And Ready For Production

Fellow MVP, Johan Arwidmark (@jarwidmark), just tweeted that he saw SysCtr 2012 SP1 on the VLSC site.  I just checked.  He’s right:


TechNet is for evaluation and MSDN is for test/development/demo.  What you download from the VLSC site is for production usage … and for managing Windows 8 and Windows Server 2012 (including Hyper-V).  This is also the release to integrate with Wave D of Windows Intune.

This is not an R2 release, it’s a service pack.  So if you bought System Center 2012 then you’re entitled to this update.  Please don’t assume anything about “upgrades”.  Some features of System Center can be upgraded (Operations Manager – see Kevin Greene’s series of posts).  Some cannot be directly upgraded (see VMM).