Office 365 Integration with SCCM…..

2017-11-20T02:02:27+00:00 November 20th, 2017|Azure, blog, Configuration Manager, Micrsoft Cloud Solution Provider, Office 365, System Center|

Deploying Office or Office 365 has traditionally been a challenge in most corporate environments.  The file types have changed, components have been added/removed, content size isn’t the most manageable, and the amount of business processes that rely on the productivity suite of products requires close management of the deployment to ensure that work can continue once the newer version is deployed.

Microsoft System Center Configuration Manager (SCCM) — as of version 1602 — integrates with Office 365 to offer the ability to deploy the Office 365 productivity suite natively with SCCM.  The feature is called Office 365 Client Management and is found in the Software Library of the SCCM Console.  Here’s a snapshot of what it looks like:

On the left, you have your Office 365 Folder with Office 365 Updates included.  When in the folder view, you can see a summary of the number of O365 clients and their versions.  If you notice the scroll-bar indicates there’s more to see…

The different sections can be summarized as such:

  1. Number of O365 Clients in total
  2. The breakdown and summarization of the different versions in the environment
  3. A button which will initiate a wizard to create an O365 client deployment package
  4. A chart indicating the number of systems running different languages of O365
  5. A button to create an Automatic Deployment Rule
  6. Another option to create client settings (These are standard SCCM Client settings, nothing special pertaining to O365)
  7. The number of systems configured to the different update Channels for Office 365 client management
  8. If ADRs were created, they would show in this section

I’ve had some great experiences working with the Office 365 Client management integration with SCCM.  The ability to create a single package to support multiple different languages has taken my packaging time and reduced it to minutes.

In addition to providing a built-in package creation utility, SCCM also manages and services O365 packages moving forward.  The updates are all provided through SCCM’s native Software Update technology but are provided to you in a separate node in the console so that you can view only the updates pertaining to the 365 clients in your environment.  This makes it very easy to identify required and installed updates for your managed systems.

As for what’s needed to manage updates for O365 within SCCM:

Requirements for using Configuration Manager to manage Office 365 client updates

To enable Configuration Manager to manage Office 365 client updates, you need the following (summarized from link above):

  • System Center Configuration Manager, update 1602 or later
  • An Office 365 client – Office 365 ProPlus, Visio Pro for Office 365, Project Online Desktop Client, or Office 365 Business
  • Supported channel version for Office 365 client. For more details, see Version and build numbers of update channel releases for Office 365 clients
  • Windows Server Update Services (WSUS) 4.0  — You can’t use WSUS by itself to deploy these updates. You need to use WSUS in conjunction with Configuration Manager
  • On the computers that have the Office 365 client installed, the Office COM object is enabled

All in all, I have to say that I’m very impressed with the integration of Office 365 Client Management into SCCM.  SCCM has been a very powerful tool and to add the ability to manage the productivity suite natively in SCCM will ensure that admins in large environments can spend more time managing than packaging.

Good Job Microsoft!

Which Azure Plan is Right for You?

2017-07-27T00:47:04+00:00 July 27th, 2017|Azure, blog, Cloud, Microsoft, Microsoft Infrastructure, Micrsoft Cloud Solution Provider, Office 365|

As you start to explore the world of Microsoft Azure Cloud Services, you will start to see there are many options.  Let’s discuss the three types of Microsoft programs for you to purchase.

#1 – Pay-As-You-Go Subscriptions

Pay-As-You-Go subscriptions are simple to use and simple to set up.  There are no minimum purchases or commitments.  You pay for your consumption by credit-card on a monthly basis and you can cancel anytime.  This use-case is primarily for infrastructure environments that are setup for a temporary purpose.  It’s important to understand that organizations using this model pay full list price for consumption and do not have direct support from Microsoft.

#2 – Microsoft Enterprise Agreement (EA)

Microsoft Enterprise Agreements are commitment based Microsoft Volume Licensing agreements with a contractual term of 3 years.  Enterprise Agreement customers can add Azure to their EA by making an upfront monetary commitment for Azure services.  That commitment is consumed throughout the year by using a combination of the wide variety of Microsoft cloud services including Azure and Office 365.  This is paid annually in advance with a true up on a quarterly basis for overages.  Any unused licenses are still charged based on the commitment.  If you are a very large enterprise, the greatest advantage of an EA is having a direct relationship with a Microsoft sales team.  Also, EAs offer discounts based on your financial commitment.  And while there are many pros to the EA approach, understanding and controlling the cost of consumption can be a challenge for customers within EAs.  Personally, I recently took over the management of our EA and can attest that this can be very complicated.

#3 – Cloud Solution Provider (CSP)

When using Microsoft Cloud Services through the Cloud Solution Provider (CSP) program, you work directly with a partner to design and implement a cloud solution that meets your unique needs.  Cloud Solution Providers, support all Microsoft Cloud Services (i.e., Azure, Office 365, Enterprise Mobility Suite and Dynamics CRM Online) through a single platform.  CSP is similar to the Pay-As-You-Go subscription in that there are no minimum purchases or commitments.  Your consumption is invoiced monthly based on actual consumption (either via invoiced PO or credit card, your choice), and you can cancel at anytime.  This will significantly simplify your Azure and Office 365 billing process!  CSP offers many advantages over Pay-As-You-Go Subscriptions and Enterprise Agreements, and in most cases can be a more cost effective solution.

As a CSP, Coretek helps customers optimize their consumption cost by working with our customers to ensure they have the right Azure server types assigned to their workloads.  We also work with customers to shut down services when they are minimally used after business hours.  As part of Coretek’s Managed Support, our team provides proactive maintenance to ensure your infrastructure is running in an optimal manor including monitoring and patching of your servers.  Coretek’s Azure Management Suite (AMS) Portal enables business users to understand where the cost of their consumption is being utilized.  The AMS portal can display real time consumption cost based on department and projects.  It also enables business users to understand what Microsoft licenses are being utilized and who they are assigned to in a simple graphical format.

Coretek Services – Improving End User Experience and IT Efficiency.

Microsoft Azure – Global. Trusted. Hybrid.  This is cloud on your terms.

Azure – What tags are we using again…?

2017-07-27T00:00:55+00:00 July 7th, 2017|Azure, blog, PowerShell|

Have you wondered what tags are assigned to all your Azure VMs?  Do you not have ARM Policies in place to enforce your preferred tags yet?

I was in just such a situation the other day.  Just like in my previous post on quick Azure-related scripts, I was working with a customer that just wanted a quick utility to report on what VMs are properly tagged (or not) in their implementation, without having to fish around the Portal.  No ARM Policies there yet…  *yet*.

So I whipped this together.  And much like that previous script, you just paste this into a PS1 file, set the subscription name in the variable, and then run it.

# GetVmTags - Jeremy Pavlov @ Coretek Services 
# Setting the subscription here
$MySubscriptionName = "My Subscription"
# Set some empty arrays
$vmobjs = @()
$vmTagsKeys = @()
$vmTagsValues = @()
# Get the VMs...
$vms = Get-AzureRmVm 
#
$NeedToLogin = Read-Host "Do you need to log in to Azure? (Y/N)"
if ($NeedToLogin -eq "Y")
{
  Login-AzureRmAccount
  Select-AzureRmSubscription -SubscriptionName $MySubscriptionName
}
elseif ($NeedToLogin -eq "N")
{
  Write-Host "You must already be logged in then.  Fine. Continuing..."
}
else
{
  Write-Host ""
  Write-Host "You made an invalid choice.  Exiting..."
  exit
}
#
foreach ($vm in $vms)
{
    Write-Host ""
    $vmname = $vm.name
    $MyResourceGroup = $vm.ResourceGroupName
    Write-Host "Checking tags for VM $vmname... "
    Start-Sleep 1
    $vmTags = (Get-AzureRmVM -name $vmname -ResourceGroupName $MyResourceGroup).Tags
    $vmTagsCount = $vmTags.Count
    if ($vmTagsCount -gt 0)
    {
      $vmTagsKeys = $vmTags.Keys -split '
[\r\n]' $vmTagsValues = $vmTags.Values -split '[\r\n]' for ($i=0;$i -lt $vmTagsCount; $i++) { $CurrentTagKey = $vmTagsKeys[$i] $CurrentTagValue = $vmTagsValues[$i] Write-Host -ForegroundColor Green "Key : Value -- $CurrentTagKey : $CurrentTagValue" } } else { Write-Host -ForegroundColor Yellow "No tags for $vmname" } }

The results should look something like this, except hopefully a lot more serious and business-y:

Have fun with it, change it up, and let me know what you do with it…   I hope it helps.  Enjoy!

Enterprise Best Practice does not necessarily equal Cloud Best Practice…

2017-07-27T00:00:58+00:00 July 28th, 2016|Azure, blog|

This article might just be restating the obvious for some — but to put it bluntly, a “best-practice” Enterprise Active Directory (AD) design feature may not perfectly translate to a Cloud-based deployment scenario. Let me explain…

When Good Mappings Go Bad

Let’s imagine an enterprise that has done a good job of providing universal access to user Home Folders by using the AD Home Folder attributes on the user objects.  Very common indeed, and very well loved in most cases.  In a well-designed infrastructure, the users get access to the Home Folder from almost anywhere in the world, and from a variety of platforms including local, remote, and thin/terminal access.

On top of that, imagine further that the environment utilized the individual logon script user object attribute to determine group memberships, deliver printers, and maybe even deliver a mapping or two.  All of this is fine (though arguably cumbersome) in a high-speed environment where the network inter-connectivity is not rate-limited or rate-charged.

Now however, let’s imagine being one of those users authenticating to an RDS/Terminal Server (session hosts) farm in a cloud-based domain instead of in the Enterprise.  Hmm.  Suddenly, different access and performance considerations appear when walking through that logon process.  For instance, while that Home Folder server may be reachable from that RDS farm, that lookup and access of the file server might very well be across a VPN pipe that is slow; or even if it’s fast, there may be a charge for egress data transfer as is the case with Microsoft Azure.  Oh, and that logon script will definitely hit the Domain Controller looking for all of what it needs to draw conclusions; and in the end, may attempt to map you to things you cannot even reach.

Can you solve this problem by putting domain controllers in the cloud?  Well, part of it — if you use good AD Site and Subnet configuration.  But you can’t escape the fact that your enterprise user objects may attempt to reach beyond those controllers and into the infrastructure to access what they must, and time-out on what they cannot (read: slow logon).

The GPO is your frienemy

And don’t even get me started on GPOs.  Yes, you know them, and you love them, and you use them to provide a rock-solid enterprise configuration for your users…  But what about those mandatory proxy registry settings that matter in the cloud?  What about those printer map settings?  What about those WMI evaluations?  The Item-Level Targeting?  And so on.

And then one day of course, there’s the one GPO setting that accidentally gets applied to those users that inexplicably wipes out their access to the application in the cloud-based RDS farm.

The bottom line is that again, things that may be prudent and reasonable in the Enterprise may be detrimental to the Cloud users’ experience.

So what can you do?

First, step back.  Ask yourself if your user logon process is clean, lean, and mean, and prudent for a Cloud-based experience.  It may very well be the case, but it likely is not.  So if you find that you’ve been a good and dutiful Enterprise admin and used Active Directory to tightly configure that user, you might be faced with a need to have a separate directory for your Cloud environment that is either replicated, integrated, or federated.  Which, for some organizations, may very well cause them to have to re-think security models (or at least re-imagine the ones they have), evaluate provisioning, and so on, as part of a larger Cloud Strategy.

Or, if your situation permits, you might be able to take advantage of the soon-to-be-released Azure Active Directory Domain Services, as long your design doesn’t run up against some of the limitations (I strongly recommend you read the FAQ and other documentation before deciding it’s right for you).

Now you’ve heard what to watch out for, but the options you utilize going forward depend on what you are trying to achieve.  Good luck out there, and let us know if we can help…

Is Microsoft Really Going “Open”?

2017-07-27T00:00:58+00:00 April 14th, 2016|Azure|

Coretek Cloud Logo final

Many customers aren’t aware of the major shift Microsoft has been making over the last few years.  Microsoft SQL on Linux is a culmination of those changes.  With the announcement of Red Hat support and .Net on Linux, Microsoft has made a major move in the open source marketplace.

Did you know that almost all of the features in System Center 2013, OMS, Azure Backup, and Azure Site Recovery, treat Linux as an equal class citizen?  Windows — or Linux — is no longer a sticking point on the solutions we design and deploy.  With Windows or Linux we can deliver operational solutions on any platform.

 

Let us know if you have a unique requirement that has been challenging to your business, we are very confident we can help.

 

Jason M. Cornellier – Cloud Practice Director

 

http://blogs.microsoft.com/blog/2016/03/07/announcing-sql-server-on-linux/

http://blogs.microsoft.com/blog/2016/02/24/microsoft-to-acquire-xamarin-and-empower-more-developers-to-build-apps-on-any-device/

http://blogs.microsoft.com/blog/2015/11/04/microsoft-and-red-hat-partner-to-deliver-more-flexibility-and-choice/

http://www.dotnetfoundation.org/

http://www.computerworld.com/article/3052881/microsoft-windows/microsoft-brings-bash-to-windows-with-new-beta-build.html

 

Server 2003 EOS, Part 3…

2017-07-27T00:01:00+00:00 February 12th, 2015|Uncategorized|

(Please see Server 2003 EOS, Part 1, and Part 2 for background)

Well, folks, now the Server 2003 EOS is just 153 days away as I type this in early February…  And don’t tell me you’re still running Exchange 2003 or 2007 on that Server 2003, are you?!?

Well, it’s a good thing that Chris Shalda and I just finished presenting the second part of our 4-part webinar series, “The Windows Server 2003 Comfort Trap”.   Part 2 is all about Exchange, and you can watch it embedded below in this page or directly here.  Chris goes into pretty good detail about why you should be concerned about EOS and your Exchange server, and some tips and approaches to help you get started in preparing.  

So grab some popcorn and cocoa, and watch the movie!  It’s about 40 minutes long, and could be the first step in helping you out of the Comfort Trap!

Update: Also, the other Sessions can be seen here:

Thanks to all that attended the live webinar!  And for those that stuck with us even though we had some audio difficulties at the beginning.  😉

In the upcoming sessions in this series, we’ll be bringing on more special guests from Coretek to tell their stories and give great insight.  I know I’m looking forward to it!  See you then…

 

Server 2003 EOS, Part 2…

2017-07-27T00:01:00+00:00 January 28th, 2015|Uncategorized|

(Please see Server 2003 EOS, Part 1 for background)

Well, folks, the Server 2003 EOS is just 167 days away as I type this in late January…  What is the “EOS” you ask?  I’m glad you asked…

I just finished presenting the first part of our 4-part webinar series, “The Windows Server 2003 Comfort Trap”.  Part 1 is called “Foundations”, and you can watch it at this link, and its also embedded below in this page. I go into pretty good detail about what the EOS is, why you should be concerned, and some tips and approaches to help you get started in preparing.  

So grab some popcorn and cocoa, and watch the movie!  It’s only about 33 minutes long, and might just be your first step in getting yourself out of the Comfort Trap!

Update: By the way, the other Session can now also be seen here:

Thanks to all that attended the live webinar!  And thanks to all those that pointed out that I have the wrong date in the first slide… I promise to have that fixed for the next session.  😉

Speaking of which, in the upcoming sessions in this series, we’ll be bringing on other special guests from Coretek to tell their stories and give great insight into the areas which are their strengths.  I know I’m looking forward to it!  See you then…

 

Managing Multiple Azure Subscriptions from PowerShell…

2017-07-27T00:01:01+00:00 July 24th, 2014|Uncategorized|

Hi folks, Jason here again – this time with some Azure PowerShell goodness to share.

A while back I set up an Azure trial subscription.  Following Jeremy’s post last year, “How to manage Azure from PowerShell on your PC“, I was able to get PowerShell to connect to my free trial subscription, creatively named “Free Trial”.  Coretek was kind enough to provide me with an MSDN Premium license.  Since the MSDN Azure subscriptions get $99 a month in Azure credit, it was high time to switch over to that Azure account and leverage that credit!  This subscription was also creatively named… “Visual Studio Premium with MSDN”.

Once again I followed Jeremy’s steps to import the Azure Publish Settings file – this time for the new subscription.  I ran Get-AzureVM… but I wasn’t seeing any VMs for my MSDN subscription.  Take a look:

http://www.coretekservices.com/sites/default/files/20140724/azuresub1.png

…In the above screen capture, XENAPP1 is a VM in my old, un-loved Free Trial subscription.  Running Get-AzureSubscription showed me that I did indeed have access to two subscriptions, as expected:

http://www.coretekservices.com/sites/default/files/20140724/azuresubnames.png

So that begged the obvious question… how do I connect to my VMs in my other subscription?  Well that’s easy enough to do.  Just run the following cmdlet:

Select-AzureSubscription –SubscriptionName “Visual Studio Premium with MSDN”

…of course, change the subscription name to match your own.  NOTE: the subscription name is case sensitive!

One more tip for you, Dear Reader.  If you close your Azure PowerShell window and come back, it will revert back to whatever subscription is the default subscription.  That will always be the first subscription you set up.  The fix is simply adding the –Default switch to the end of the above cmdlet.  Now that’ll be where your Azure cmdlets do their magic as you go forward.

Now when I run Get-AzureVM I get the VMs I am looking for:

http://www.coretekservices.com/sites/default/files/20140724/correctazurevms.png

😎

Azure PowerShell Errors Pt. 2…

2017-07-27T00:01:01+00:00 July 16th, 2014|Uncategorized|

In Part 1 of this 2-part series, I showed you how to re-install in order to eliminate the errors.  But at the end of that post, you surely noticed that while I fixed one problem, I seemigly created another.  Now it appears that I have red error text because it can’t load my profile script, and tons of scripts prompting me to execute.  It looked like this:

Unexpected Azure Errors...

This is strange… because I’m fairly certain my ExecutionPolicy is set to something lower, like RemoteSigned…  Hmm.  Let’s take a look at what my *combined* policy is set at, by issuing the Get-ExecutionPolicy -List command like this:

Get-ExecutionPolicy -List

That’s strange too.  But I see now that there’s a limiting policy on the *process*, so at least I know why this is happening (by the way, ignore that Unrestricted on LocalMachine 😉 ).  Clearly, I’m shooting myself in the foot with the cumulative permissions.  So, let’s try and figure out how that restriction is getting set on my system by chasing down the PowerShell link.  Right-click on the Windows Azure PowerShell icon and choose Open File Location:

Open File Location

Then, right-click on the Windows Azure PowerShell link and choose Properties.  And guess what we find:

Windows Azure PowerShell Properties

Yes, it appears that the shortcut/tile/link has hard-coded the ExecutionPolicy of AllSigned, which means it will permit only execution of — and request your validation of — certificate-signed scripts. 

Aside: This is where I tell you that normally, using AllSigned is probably a good thing; and although I’m not making an official recommendation of lowering that setting in production, I will tell you honestly that I typically use RemoteSigned on my laptop and feel it to be sufficient for my needs. 

So with that clarification out of the way, let’s change this setting and make our life a lot easier.  To do so, change:

C:WINDOWSSysWOW64WindowsPowerShellv1.0powershell.exe -NoExit -ExecutionPolicy AllSigned -File "C:Program Files (x86)Microsoft SDKsWindows AzurePowerShellAzureShortcutStartup.ps1"

…to (you will be prompted for Administrator-level permission):

C:WINDOWSSysWOW64WindowsPowerShellv1.0powershell.exe -NoExit -ExecutionPolicy RemoteSigned -File "C:Program Files (x86)Microsoft SDKsWindows AzurePowerShellAzureShortcutStartup.ps1"

…and now things should be back to normal. 

Normal Azure Startup - Hooray!

Look!  Even my startup script runs now.  Ah…  Feel that?  It’s Azure Zen goodness…

 

 

Azure PowerShell Errors Pt. 1…

2017-07-27T00:01:02+00:00 July 10th, 2014|Uncategorized|

Following up my original post from last year, “How to manage Azure from PowerShell on your PC“…

If you haven’t updated your Azure PowerShell installation in the last few months, you very well may be seeing errors that say Requested value (something) not found, like this:

Requested Value (something) Was Not Found

The first thing you should do is to go to Control Panel -> Programs, and take a look at the version of the Windows Azure PowerShell listed there.  But, I suspect that if you’re reading this, you already know it’s older and out of date…  like mine was:

Azure PowerShell Old Version

How do you fix it?  Easy.  Just re-install on top of the existing.  In fact, if you go back to my original installation post and follow the install process, it will put in the newest, correct version.  After clicking the installation link, the Web Platform Installer launches, like this:

Web Platform Installer

If you click on “options”, you’ll see what it will be installing…

Web Platform Installer Details

Upon launch, you have to allow the startup scripts to run (Why is this?  More on this in Part 2!)…

Azure PowerShell Accept message...

…and allow, and allow, and allow (again, more on this in Part 2)…

Azure PowerShell Accept and Accept...

And finally, you should be good to go.  Your Programs listing should now look more like this:

Azure PowerShell New Version

…and once again, your shell should look like it once was:

Azure PowerShell Working Again

Happy Azuring!

😎

 

Load More Posts