Break Glass Account using FEITIAN FIDO2 Key

I was invited by Della (FEITIAN Technologies) to review one of their FIDO2 products. Out of their range of products I choose the K50: USB A-Type with Fingerprint.

There is one particular use case for using a FIDO2 Fingerprint Key I’d like to examine. The Break Glass (Global Admin) Account. By now, in 2023, we all agree on Multi Factor Authentication for ALL Users and we’re moving fast forward to Passwordless Authentication. In the Trainings I deliver and in conversations with my Customers we always discuss the “Break Glass Account” for emergencies. Shouldn’t we have a non-MFA-enabled Account for that? Write a very complex password on a piece of paper and put it in a safe?

No more. For daily use of both normal users and privileged users the Authenticator App works just fine. I’m not so much in favor of adding another device. For privileged accounts we should add Conditional Access policies like Device Compliance (Windows 11 Enterprise with all Security Features enabled), location and such. And Privileged Identity Management to harden access security (Principle of Least Privilege and Just-Intime Access).

And then we run into an emergency situation….. the hardened workstations become inaccessible or cellular Wi-Fi Services become unavailable (no push notification to Authenticator app) or whatever trouble.

In situations like that, having some FIDO2 Keys on some Break Glass Accounts can be a very good solution. Restrict these accounts to authenticating ONLY with a Security Key. Have 3-5 Accounts and a couple of these Keys (you can add up to 128 accounts on 1 Key). Enroll all 3-5 accounts on all Keys and keep the Keys in separate places for redundancy. Don’t forget to put PIM on these Accounts!

Et voila! We have a very decent solution in place, compliant with the MFA Policy for ALL users and also Passwordless.

 

Break the Glass safely!

Security: get the whole deal

By now we all know Microsoft has become a “Security Company”. Their current portfolio on Security, Compliance and Governance is unmatched. By now most Organizations realize their Security posture is not what it should be. Not to mention their Compliance and Governance posture.

Plenty of Office 365 customers come to me for a Solution for a specific issue they encounter. Ransomware, spoofing, account breaches, compliance requirements, you name it. They perform some searches on the Internet and find an Add-On Subscription to remediate their issue. That is reactive. Out of my experience I know for sure they’ll be back before long with another issue and another Add-On to remediate. Reactive once more.

Let’s stop doing that. Let’s start being pro-active. Digital transformation is nothing more than “loosing old habits and creating new habits”. How do we get there? Not by enumerating factsheets of the capabilities of the products. We get there by showing Business Decision Makers what the threats are from the Business and User perspective. Then we show them how to remediate those threats and what that looks like from the Business and User perspective. Loved by Users, trusted by IT. Pro-active. Let the always present Mr. Murphy die a slow but certain death.

Having these presentations and conversations with customers creates instant transformation: Value is more relevant than Cost. So, we can stop talking about Add-Ons and we can start talking about the complete packages. They bring Value.

Oops, is this a Sales pitch?

Happy protecting!

 

Training means Train!

Digital Transformation, Adoption, learning methods, Adoption Specialists, Onboarding specialists, migration specialists. We can do it cheap and fast. Ouch. There is no cheap and fast when looking at Value.

We, as in the “communities”, are making mistakes. We must distinguish between knowing how to do something and understanding why it must be done in a certain way. Sometimes knowing the how-to is good enough. But when we look at Digital Transformation and Adoption, the real Value comes from a thorough understanding by all involved on the WHY.

Why is a business process structured like it is? Understanding that, and only then, we can find new ways of getting the same results by effectively using the right tools in the right way. Efficiency is about “Doing things the right way”. Effectiveness Is about “Doing the right things”.

Basically, we need to do 2 things during the Journey of Adoption/Digital Transformation:

  1. Inclusion. From C-level Management to frontline workers, all need to be involved. Involved, get that?
  2. Training. It means Train!

Training is not the same as watching a “how-do-I-….” video on YouTube or attending a Webinar/Seminar. Training means practice, repetition, endurance, discipline, making mistakes, learning to understand why it is as it is. Training is an action, one needs to allocate time for it. Results will take a while.

A year ago, I bought myself a new Rickenbacker bass-guitar. I dream of being on stage, playing like Paul Grey or Bruce Foxton. Keep on dreaming, I pick up the instrument no more than 30 minutes a week. It makes no sense to go to the gym for 8 hours straight. When you look in the mirror the next day, you’ll see no difference.

As a Microsoft Certified Trainer, I tell my students that the Labs are not about getting them done successfully. The Labs are about spending time, practicing, learning to understand the why of the technology. The students train!

A new insight is not good enough if you do not practice the actions that come out of the new insight. The insight gives a moment of “aha”. After practicing it becomes obvious. You cannot learn how to ride a bicycle from a book.

 

Just saying: don’t go for cheap and fast! No such thing……

 

Happy Training!

 

 

 

Some Email Etiquette, maybe I can start liking email again?

We need agreement on an “email etiquette” document, so we can hold each other accountable. Without agreement nobody is accountable. And that just doesn’t work. Here are some thoughts of what should be in such a document.

Email has a couple of drawbacks in modern organizations. A lot of corporate information sits isolated in user mailboxes and is not accessible for the organization. The speed at which we currently work, dropping emails all day, without wondering how it will be received at any point in time by the recipient(s). The push mechanism of email maybe good in some situations, when it comes to sharing information a pull mechanism would be way more effective. The tools are available for that. We just need to be aware of the ineffectiveness of email for the sole purpose of sharing information. People tend to hide behind email, avoiding responsibility. The email is sent, it is of my plate. Disastrous for Organizations. Furthermore, emails are often not written (or read for that matter) with the necessary attention. Resulting in unnecessary back and forth (group) emails.

The primary accountability lies with the sender, including replying, of any email. The sender must be aware of several things when composing a message, filling out the “To” and “CC” fields, including the “Reply/Reply All” button, applying other marks like “High Priority” or “Ask for Read Conformation”, using Distribution Lists and determining the Subject line. While filling out the: “To” and “CC” Fields, so called MailTips can appear. They have an important function. If someone is on vacation maybe it is not such a great idea to send that person this email right now. We all know what our mailboxes look like when we return from vacation. Some common sense in timing is also appreciated by your customers, partners and colleagues. Friday afternoon is not an elegant time to put people to work. It may be nice to have it of your weekly plate, for the organization it doesn’t work. Senders must realize they consume time of the recipients. So far, not even mentioned the content of the body.

Let’s start with the last, the body. The intention of communication must be clear. It starts with relating to the common interest and understanding you and your recipient(s) have. When steps in a process go as expected is there any need to confirm these steps? Maybe only just the last one? Email by exception or of course, when agreed upon or requested. In general, the results of a completed process should be visible in one of the systems we all have access to (pull information).

Most emails are about a request, you want somebody to do something. Be specific and to the point. Can you please do this by then. Maybe you could add you need a confirmation by a specific time. Not by default though. Even on complex matters or questions, the finishing lines of an email contain a request, also as recap. Announcements should not be made over email, we have better platforms for that. Emails are conversations and you always want to forward the conversation. In a reply, just a “no” is not good enough, it does not forward the conversation. No, I cannot do it at the requested time or as requested, but I can do it by then or I can do it like this or let’s ask another colleague to handle it. This applies to Meeting Requests as well. Being specific becomes even more important when emailing to multiple persons. Who is going to do what by when? Make clear who is responsible for what by when. Be to the Point, stick to that Point, be accurate, precise and complete. Make sure the conversation moves forward, the sender is largely responsible for that. Or, the sender can stop the conversation mentioning something like “replies not necessary”.

The Fields of an email: To, CC, Subject. Again, the sender is responsible for avoiding unnecessary emails. The “To” field should only contain those persons to whom you have a request to make. No more. Putting in others for “For your Information” purposes just means you are not relating to the common interest you have with those persons. Try to minimize on the number of persons in the “To” Field, it also has a great impact on the possible mail storm when people start hitting “Reply All”.

The CC field is probably the most outdated option since working with computers. In the type-writer era we made Carbon Copies to file somewhere in a cabinet so one could look them up afterwards. Pull information in the old glory paper days. Folks, in any email application a copy is filed in the Sent Items folder. Absolutely no need to stash that Carbon Copy in other people’s Inboxes too. It’s also kind of degrading the position of the person in the CC Field, ah, well, you’re just not important enough to be in the “To” field, but I think maybe you want to know about this, but please note you’re at the side line so stay out of the conversation. Plenty of people made themselves email rules for incoming emails when they are in the CC Field. Try to eliminate that Field, you know you can hide it in Outlook? Oh, ah, you CC the Manager! Hoping that that will make your request more important for the actual recipients. That is just covering up, clearing yourself from all responsibility if things do not move forward. It’s also damaging the trust relationship you should have with the recipient, you’d better do it, the Manager already knows you should. Keep the managers out of it. When escalating something, the Manager should be in the “To” field. Last thing on the “CC” Field, all recipients in there are included when someone hits “Reply All”. I’m not even going into the BCC Filed, I hope you get that.

The Subject line is the first thing recipients see when they receive an email. So, it better makes sense, right? It creates the listening of and the context for the recipient. People who receive (large amounts of) emails will select the order of opening emails based on what’s in the Subject. Or even apply rules based on the Subject. Recipients expect the body of an email to have something to do with the Subject, use it wisely. If, while moving forward the conversation, the topic changes slightly, you can append something to the Subject of the original thread. Senders should realize that.

Special Markups. Request a Delivery Receipt is an old remnant of the ages when connectivity was unreliable and slow. It only states that the receiving servers have put the email in the appropriate mailbox(es). Don’t use it. Request a Read Receipt. There is a huge difference between opening an email, glancing at it, reading it or acting on it. The Sender will never know which one it is when receiving such a confirmation. So, what’s the point Sender? Wishful thinking that recipients will actually read your message? High Priority. Senders, please be careful here, your High Priority is likely not the High Priority of the recipient(s). What intention does that red flag fulfil in your communication? What is your expectation? Is it in your common interest or just yours?

Finally, we get to the “Send” button. Did you know you can schedule emails? Again, sending out a bunch of requests on Friday afternoon after 4 PM will probably not yield much result. On the contrary, you might spoil the recipients’ weekends. Well done. Effective emailers will not push the send button immediately. Go over your own writing at least once. A good practice is to just close it and re-open it 30 minutes later from your drafts Folder. Read it again, maybe adjust something and then send it out. Do not call or message recipients telling them you are going to send them an email. Do not call or message recipients telling them you have just send them an email. People live in their Inbox, popups, phone notifications, smart watch notification; don’t you think they’ll know?

Receiving and replying to emails. There must be agreement on a timeframe. We reply within 24 hours or something like that. Of course, a reply can also say, I am not able to do that now, but I will take care if it by then. But let the sender know so she or he can forward other relating conversations and actions. A first reaction response is by default a defensive one. That is the nature of people. It also tends to be emotional. We all know this “What!!!??? Reply All, type like crazy, Send!!! Do not hit the “Reply” or “Reply All” button too quickly. Give it 30 minutes or so. When the sender has stated by when an answer is expected you should respect that timeframe. When replying you become a Sender so all the above applies. Forward the conversations, relate to the common interest, be specific in answering the question(s) or following up on the communicated action(s). People tend to use the “Reply All” button automatically. For the Organization or the issue at hand, that is probably not the best option. Take the extra couple of mouse clicks, just hit “Reply” and add just a couple of those from the initial email. Have some consideration and compassion for your recipients. Please note that email is not a suitable medium for discussion. Murphy’s law applies and someone will not reply to the last email in the thread ….. and then there were two. There are better platforms to have discussions. As mentioned before, email should not be used for announcements. But if a sender did that anyway, you should refrain from the “Reply All” button period. A good exercise would be to hide the “Reply All” button for a while, after some time you won’t even miss it. Or you can send emails on which the “Reply All” button becomes greyed out for recipients.

Last but not least, always, always be respectful and polite. Not in the last place because we all know that emails could end up anywhere, in anyone’s mailbox.

Alternatives:

  • Announcements should be made on Yammer
  • Discussions belong in Teams
  • Information sits in SharePoint/Teams/CRM/LOB/ERP where it belongs
  • Quick Questions sit in Skype/IM
  • How about picking up the Phone
  • How about walking up to a colleague

So, let’s do ourselves, our colleagues, our customers, our partners a huge favor and take some of these points.

Maybe we can start liking email again, if and when effectively used. Just saying……

Cloud Adoption, where to start: CEO

This is the third blog in a series on Cloud Adoption and Cloud Migration. Previously I wrote “The GAP between Cloud Migration and Cloud Adoption” and “Office 365 and Bandwidth – Adoption to Cloud Computing“. This one is on Ownership of Cloud Adoption and Ownership of Cloud Migration. As explained in previous mentioned posts Adoption and Migration are two totally different things.

IT Departments are responsible for Cloud Migration(s). It’s about the technical challenges of moving workloads to the Cloud. Ownership of Migration lies with the IT Department, somewhat automatically delegated by the Organization. Not much to discuss here.

Now Cloud Adoption, who has Ownership of that? I have seen a lot of Migrations not yielding the expected results, not because it was a bad Migration but because the Organization did not benefit from it, or even worse, continued “business as usual”. Didn’t even have to do with Cloud Migrations; could be Onprem Exchange, SharePoint, Desktop OS or Office migrations as well. A lot of Organizations run the latest versions of those but still live in the dark ages when it comes to using them. Because nobody in the Organization took Ownership of the Adoption. Mostly that was left to IT Managers. But who listens to IT Managers, not the Sales and Marketing Managers for sure. They are busy. And so any free 1996 Pegasus mail server and mail client could actually do the job. IT should not be owner of the Adoption of features made possible by the Migration. It should work the other way around. First there is a Feature Requirement list made by the Business. Out of that an IT Project/Migration may get started.

That being said, Adoption first, leaves the question of who must be the Owner if not IT. The answer to that is very simple: the CEO. If the CEO is not the Owner of Adoption every IT Manager will set himself up for failure when engaging in whatever Migration. Adoption touches the very heart and nature of the way people work and thus the Organization. If that is not endorsed, empowered and owned by the CEO, well, good luck. All will trickle down into the Organization from the highest management making sure all is in place when the stages of Migration arrive. I have very good experiences with Migrating higher Management first. Let them “Walk the Talk” and show that “all is well”.

Also, when progress stops because of CEO’s are not taking Ownership, Shadow-IT becomes a painful reality. Percentages of users finding their own way to do their job are rising, IT loses yet more control as will the Organization itself. Mobile Devices, Tablets, Notebooks, Drop Box, Skype, OneDrive, unmanaged devices, unmanaged storage, where is the corporate content going? That makes any’s Organizations fear of safety in the Cloud a bit ridiculous, doesn’t it?

To set up that CEO’s come back in control IT Management needs to have good connections with the higher Management. As a Consultant I can’t do much if I’m stuck on the level of IT. IT may understand what direction to go or not, but if higher management speaks a different language then IT is also stuck. This morning I had a one hour conversation on this with the IT Manager of one of my customers. He’s stuck in that exact situation. I could only listen to him and coach him on how to repair the damages of the past in those lines of communication in order for his CEO to get aligned again and put his fist on the table to move forward. I asked him to keep me posted on how that will go.

Another Customer sits at the other side of this. His CEO is enrolled in Azure and they are really moving forward FAST now. The CEO knows nothing about Technology but he was informed in such a way he could endorse and empower the Organization to move in that direction.

Conclusion: Cloud Adoption starts at the CEO!

 

CEO’s, Happy Adopting!!! You really should!

Office 365 and Bandwidth – Adoption to Cloud Computing

Where I live, in The Caribbean, Office 365 is available in most countries, on most islands. However, customers have concerns about bandwidth. So this is my second Blog Post in the context of Adopting to Cloud Computing.

There are some really great options to reduce bandwidth usage but that touches strongly on end user behavior (not that I mind, I’m a huge advocate of serious end user training before moving to the cloud). Of course, working with Office 365 requires a decent Internet Connection at the workplace and maybe even decent 4G (LTE) coverage for the road warriors. You do not need huge speed to be able to do your work. Let’s have a look at what users can do to work effectively in the Cloud without consuming too much bandwidth.

Mail: the first thing people do when coming into the office is check their email (actually, it’s even worse, the first thing people do when they wake up is check their email on their Mobile device to see if there was someone who mailed in the middle of the night). Outlook Web App is so powerful nowadays, I tend to say “who needs Outlook”. There is even an “offline availability” feature. Outlook has the option to not cache emails on the local computer. In either case there is hardly any data flowing over the network. And of course all tips and tricks I wrote down in my Blog post “Mail Senders, Stop doing that” are valid to reduce bandwidth through email.

Lync: now that people are already pretty familiar with the possibility of Video Calls, in a lot of Business conversations the video bit has hardly any contribution. It’s really about awareness and education to make users understand how to use Lync/Skype wisely for conferencing. In Desktop or Application sharing beware what and how to share. It’s better to stage PowerPoint presentations, it is better if participants in the call use Office Online to be on the same page in any Office document during the call. Prepare a Lync meeting like you prepare a real meeting. IM and Presence do not require a great deal of bandwidth.

Yammer: when wisely used, Yammer can eliminate lots of email and even lots of Lync calls. It’s a perfect platform for discussion and information sharing.

SharePoint: for me, SharePoint is the equivalent of Office Online. Work in the browser whenever I can. Using Office Online means no data flows over the network. No downloading and uploading of Office files, they stay put on SharePoint. This is really something users need to get used to. We are all SO used to working in the local installed Office versions. Deadly for working effectively with SharePoint is the use of Windows Explorer: use the browser!!!

OneDrive for Business: of course it’s great we have unlimited storage in OneDrive for Business now but be very careful on Syncing all that content, you do not have unlimited storage on your NotebookJ. And of course Syncing uses Bandwidth…..and it uses Windows Explorer. Luckily in the very near future we can setup “selective syncing”. Personally, I sync nothing. I am always online, if I’m not, I don’t even bother to switch on my PC. I am a road warrior, I travel 50% of my time, spending a lot of time on airports and airplanes and even without syncing I can always do some work when offline. Just a matter of planning.

Office Online: use it! Office Online is THE best thing when it comes to reducing usage of bandwidth. Put your stuff in SharePoint Online and edit/view in Office Online. Brilliant!

 

All of this is no IT Pro Rocket science, it has nothing to do with Migrating to the Cloud. This is all about adoption of end users to use the rich features of The Online Collaboration Suite wisely. That takes time so organizations looking to moving to the Cloud should start at least the awareness process and start planning the necessary Training. Manage expectations when moving to the Cloud.

 

 

 

The GAP between Cloud Migration and Cloud Adoption

Everybody is starting or already on the way of migrating stuff to the Cloud. Business cases revolve around money. Direct cash back. However, Cloud Adoption is very different from Cloud Migration. And actually I believe we do it in the wrong order: we migrate and maybe someday, but not now, we (will try to) adopt.

Let me define Cloud Migration and Cloud Adoption. Cloud migration is about taking a workload currently running in the local network and move that workload to the Cloud. A Mailbox migration to Exchange Online is a perfect example of Cloud Migration. Cloud Adoption is about leveraging features of workloads running in the Cloud which are not available when those workloads run in the local network. Office 365 for example advertises with “Enterprise Grade Features” but moving a Mailbox does not imply those features will be used. And most often they will not be used. So having you mailbox in the Cloud does not mean you do Cloud computing.

Recently I commented on http://www.conceptsearching.com/wp/challenges-in-adopting-cloud/ and my only comment was that this is the consequence of BAD PreSales and BAD Management of Customer Expectations. When we do not put an effort in on Cloud Adoption, the results of Cloud Migration are disappointing and frustrating. Maybe that is the main reason for this report to come out with such statistics.

Mea culpa. Me too, I have been focusing too much on the technical challenges of Migrating workloads to the Cloud. Although, together with that, I have always been evangelizing the powers of the Collaboration Suite; Exchange, Lync, SharePoint, Office, Devices. Then we talk Adoption. To get the full benefits of Cloud, Adoption should be the context and Migration is just content. Migration is only the execution of part of the adoption.

Now that Cloud Migration is no longer “rocket science” and now that the dust has settled, we can redefine Cloud Adoption as a Strategy whereas Cloud Migration was a tactical operation. For Organizations this is GREAT news. It means a huge step in getting IT as a “Business Enabler” instead of a “Cost Center. And for IT Companies and Consultants that is GREAT news too. It means we can engage in longer projects with our Customers! Adopting them to the Cloud and contribute to our Customers in moving their IT forward. Less technical and tactical, more engaging and strategic.

Happy Adopting!!!

Accounts, Identities and mail addresses

Users want to access applications and data that run anywhere, and, they want to run them from anywhere. There is only a very thin line left distinguishing business apps from non-business apps and they all need to be accessible anytime, anyplace, anywhere. That calls for Identity Management which can be very confusing for users. So here is a little explanation on the why, the what and the how.

In the old days we used to logon to our computer using this format:

  • Domain\user
  • Computer\user

Or maybe even without the domain\ or computer\:

  • User (domain user)
  • User (local computer user)

As long as the applications and their data sat on that local computer or in that local Active Directory domain, a logon like this worked perfectly. (Really? No. It uses NetBIOS and that protocol is soooo 1987, but that discussion is out of scope for this article)

The logon identity for a user must now be valid outside of the local computer and the local Active Directory as well. It must identify the user as a unique identity across multiple platforms, preferably: local computer, Active Directory, cloud applications like Office365 and personal applications like Facebook, Gmail, Twitter and the rest of it all.

The format to logon is called User Principal Name and a UPN looks like an email address and that can be very confusing for some users, for example:

NOTE: this is NOT necessarily a mail address! A mail address for this user could be, for example:

If your computer is running Windows 8 (or above) you can logon using a Microsoft Account (a.k.a. LiveID or Hotmail.com or outlook.com account). The format of such an account is always the UPN format and it may or may not correspond to your private email account.

If you use multiple devices like PC, laptop, tablet, Windows Phone, the Microsoft Account synchronizes a lot of settings between your devices (like recent documents, desktop wallpaper, etc.) so that the user experiences a unified work environment, on whatever device.

Next to having a Microsoft Account (private, individual) you can have an Active Directory account to access corporate resources in your corporate network, maybe even remotely. Active Directory can (and should) have UPN as logon format instead of the NetBIOS domain\user.

When using Microsoft Online services like Office365, Microsoft Intune or Microsoft Azure you may have a so called Organizational Account, always in the format of a UPN. It can be synchronized from your Active Directory account, even with synchronization of your password. But beware, unless a thing called Federated Identities is enabled by your administrators, it still is 2 separate identities; you logon to separate authentication providers, your local Active Directory and a Cloud Authentication provider like Azure Active Directory.

So until now, this is all on accounts, the mechanism with which you authenticate yourself. Now we get to email addresses.

An email address always comes in the format of UPN (actually UPN’s were there first and email addresses were derived from the UPN). As noted above, the account does not necessarily have to match an email address. It can but it is not a requirement.

And that is exactly what can make it very confusing for users if they do not distinguish the difference between accounts (UPN, identity) and email addresses. THEY ARE TWO DIFFERENT THINGS! A user can sign with one UPN and have access through that to multiple mail addresses (aliases) even in different domains.

Some organizations and users try to match the account UPN to the email address, making it simple for users: who you are (account UPN) is your mail address. It gets confusing when you have multiple accounts AND multiple email addresses. In order to get it straightened out for yourselves you can create a little table like this and fill out the appropriate UPN’s:

Access to

Microsoft Account

Active Directory Account

Organizational Account

Devices

     

Active Directory

     

Online Services

     

Office ProPlus

     

Work email

     

Private email

     

 

Happy logging on!

 

 

 

 

 

Office 365 – Office Pro Plus Deployment Tool – An example

When you browse the Internet for use of the Office Deployment Tool for Click-to-Run for Office products you may find yourself lost in a myriad of websites referring to other websites and send you into several complete circles. There just too much out there if you just need to do a rollout for 5 or 10 PC’s. I thought I just make an example for the whole process.

Some background on my example. I have to do a rollout on 4 PC’s, last time I visited that location the Internet connection was terrible. And, I found out that users do not have a dedicated PC in the small Office. That gives me 2 good reasons to prepare the rollout using the Office Deployment Tool at home: no slow downloads on 4 PC’s and I can configure the shared computer activation.

On my Surface Pro3 I created a directory C:\o365 and Shared it with Everyone (Read Permissions) as \\jk-proi7\o365 .

In that directory I downloaded the Office Deployment Tool for Click-to-Run, you can find it here: http://www.microsoft.com/en-us/download/details.aspx?id=36778 . Run “officedeploymenttool.exe” which creates only 2 files, so I’m left with 3 files in that directory:

Now I need to download the binaries of the Office Pro Plus in the language(s) I need and the versions (32 bits – 64 bits) I need. In my situation I only need the English 32 bits version so I edit, in Notepad, the “configuration.xml” file:

<Configuration>

<Add SourcePath=”\\jk-proi7\o365\” OfficeClientEdition=”32″ >

<Product ID=”O365ProPlusRetail”>

<Language ID=”en-us” />

</Product>

</Add>

</Configuration>

And I saved the file as “downloadus.xml” in that same directory, keeping everything together.

I’m ready to download now so I click Run and enter the following command:

\\jk-proi7\o365\setup.exe /download \\jk-proi7\o365\downloadus.xml

I accept the UAC warning and a CMD Prompt Window opens with just a blinking cursor. That is bit annoying, no progress bar or what so ever. But in my directory I see files added and in Task Manager I can see my network is downloading at full speed. So stuff is happening, just wait until the CMD Prompt Window closes.

My o365 Directory now contains a folder “Office” which is just over 1 GB in size; the Office Pro Plus binaries!

For deploying Office Pro Plus I need to edit the “configuration.xml” once again and this time I save as “installus.xml”:

<Configuration>

<Add SourcePath=”\\jk-proi7\o365\” OfficeClientEdition=”32″ >

<Product ID=”O365ProPlusRetail”>

<Language ID=”en-us” />

</Product>

</Add>

<Display Level=”None” AcceptEULA=”TRUE” />

<Property Name=”SharedComputerLicensing” Value=”1″ />

</Configuration>

Notice I used the Property Name to make sure that multiple users can run Office Apps on the machine after deployment. More on Shared Activation can be found here: http://technet.microsoft.com/en-us/library/dn782860(v=office.15).aspx

To install Office Pro Plus with these configuration settings I run the following command (with elevated privileges) on each machine:

\\jk-proi7\o365\setup.exe /configure \\jk-proi7\o365\installus.xml

Once again the nagging Command Prompt Window with no information. But look at Task Manager and folders being created, there is stuff happening on the PC.

Now all different users can logon to the PC and individually activate their Office Pro Plus.

 

A good starting point to read more on the whole process: http://technet.microsoft.com/en-us/library/jj219422(v=office.15).aspx

The Office 365 Theatre Play

I happen to know a lot on Office 365, working with it as a Consultant and Trainer ever since the BPOS Era. And I happen to have some Marketing colleagues around me who are really done with Events and Sessions and Demos. But in the region where we work, The Caribbean, a lot of marketing needs to be done to create awareness and business on Microsoft’s “Cloud First – Mobility First”. For an already planned Event we needed to be creative.

When I heard about the location, the Luna Blou Theatre on Curacao, I immediately thought of writing a play, a theatre play. It took us a couple of conversations on what it should look like and then I started thinking and drawing and writing. The story should encompass the whole process a Business will go through before they actually work in the Cloud. Just as in a real play I created several scenes. As the talks in the scenes proceed so do PowerPoint slides in the background.

Scene 1. In the first scene my colleague Mark plays a Business Owner who heard something about Office 365. I play the Consultant explaining him what it is. In the following conversation we hit topics on security, availability, education, pricing and how to get there.

Scene 2. The second scene is all about Training. Colleague Mark is still the Business owner and Daimaline plays her role of Training Coordinator. She goes over the different options we have available for end user Trainer like Online Live (in cooperation with New Horizons), Instructor Led, and Instructor Led 8 x 3 hours, etc. And of course also the Training options we have for the IT Pro’s, the people that will have to manage the new platforms.

Scene 3. Ronald as the IT Manager of Mark’s business has done the 5 day Training on Office 365 and discusses the options he’d prefer with me as the Consultant. So we have the conversation on Identities, Migration options (including our Partner BitTitan’s MigrationWiz).

Ronald and me in Scene 3. In the background a bulleted list of our topics

Scene 4. In the final scene we put it all together and use a “Microsoft Customer Immersion Experience” demo-environment and play as if Mark’s Business has made the transition. We use a multiple Beamer/Projector setup to showcase OneNote, co-authoring, collaborating without the use of email, Yammer, CRM integration. We even throw in some preconfigured devices into the audience so they can also participate in the CIE to experience the look and feel of Office 365.

Me giving someone in the Audience a Windows Phone

All attendees thought it was very new and refreshing way of giving a comprehensive overview on Office 365. We had very good criticsJ:

Our Partner Account Manager, Suresh Dookeran from Microsoft: “Again, congrats on the request for the encore performance and special thanks to the Director of production for thinking outside the box. This concept has been tossed around for so long and it’s so refreshing to have a brave enough team willing to execute!”

Inova’s CEO Hans Kruithof: “Be sure that for Curacao the other actors are ready and prepared for this great re-run of this already classic epic play.”

Office 365 MVP Jethro Seghers, Program Manager at BitTitan: “Sooo cool. Do you mind if we send this internally?”

We have been invited by the Central Bank of Curacao and Saint Maarten to do a re-run during their “Information Technology Service Management Seminar”. In the first week of December we’ll be performing the show in Jamaica and other countries are lining up.

I think we should end up on Broadway and win some Awards! Thanks to the whole crew of Inova Solutions and NetPro!