My first PowerApps app – a business mileage recorder

In common with many people who travel for work, I keep a record of my journeys so that I can claim mileage expenses. For the last couple of years, that record has been a spiral-bound notebook (for driving) and Strava (for cycling) – though I haven’t actually claimed any mileage for cycling yet! I wanted to replace my analogue system with a smartphone app and, following a conversation a few weeks ago with my colleague Brian Cain (@BrianCainUC), I decided to create something using Microsoft PowerApps.

For those who are unfamiliar with PowerApps, it’s a technology solution provided by Microsoft to help normal business users – people who are not developers – to create simple applications to connect systems and data. The resulting apps can run on mobile devices, as well as on Windows 10.

PowerApps is available in my Office 365 subscription (though I think there are other ways to sign-up too) and I set to work creating my Mileage Recorder. A few minutes later I had something functional. Not long after that I had tweaked it to be pretty much what I needed. So I created an app in less than 30 minutes and it’s taken me three weeks to write this blog post! Hmm…

Creating my first PowerApps app

My app is a simple three-screen app – taking a table in an Excel Workbook from OneDrive for Business as a data source. PowerApps recognised the data types in the columns of the table and formatted accordingly, then I tweaked things a little in PowerApps Studio.

PowerApps Mileage Recorder: Home PowerApps Mileage Recorder: View PowerApps Mileage Recorder: Edit

I haven’t looked in detail at the architecture used by PowerApps but essentially the PowerApps app provides a native OS wrapper for any apps that I create. This means my app will work on any platform where PowerApps is supported.

PowerApps Mileage Recorder

I can also create a direct link to the app on my phone’s home screen but the look and feel is one of a PowerApps app – not a native application. None of that is an issue – if I want more complex cross-platform apps then someone who can cut code (not me!) can use Xamarin – but for a simple app, PowerApps seems to do the job.

PowerApps/Mileage Recorder on iOS Home Screen

The PowerApps documentation helped me out a lot – and these were the tutorials I found most useful:

There’s also a useful Q&A on using PowerApps within an organisation.

I did have some challenges worth noting but none are show-stoppers:

  • The Windows 10 smartphone that I use for work doesn’t meet the PowerApps hardware requirements, which is a little bizarre. So, I needed to use the app on my personal iPhone. I had created my PowerApp using my employer’s Office 365 tenant and a data source in my work OneDrive but I also use the Outlook app on iOS to connect to my personal Office 365 tenant. This combination was causing challenges that required re-authentication. I couldn’t find an easy way to move the app between tenants (though I’m sure there is one) so I moved the data source to my own tenant and recreated the PowerApp. I’m pretty sure that there must be a proper way to import and export apps, I just haven’t found it yet!
  • The web version of the PowerApps Studio seems a bit flaky at times but it is still a preview. Installing the Universal Windows Platform (UWP) version on a Windows 10 PC worked flawlessly though, even without any admin rights on my company Surface.
  • I couldn’t work out how to make a date and time field work as a simple date field. I really don’t need to record the time of my journeys – just the date!
  • PowerApps doesn’t support formulae in Excel workbooks. Instead, I had to apply some logic in the app to calculate the miles travelled, which displays in my app but doesn’t get written back to the data source. I’m pretty sure that’s fixable – I just haven’t worked out how, yet…

Is it really a good idea to let users create their own apps?

In my customer conversations, it’s quite common to hear IT people saying they don’t want their users creating PowerApps. I can see why – after all, we’ve all seen Access databases and Excel spreadsheets become “business-critical applications” that then create issues for the IT department. For what it’s worth, my view is that if something is really business critical, the business will invest resources into developing something that’s properly supportable. If it doesn’t reach that bar, then it’s not a business-critical app – and why would you prevent users from generating their own tools that help them to work more effectively, albeit unsupported by corporate IT?

To put it another way, people will do what they need to do to get things done, with or without IT’s blessing – so why not give them the tools to do things in a manner that integrates well with existing (supported) applications and services?

I’ll be at Microsoft tomorrow, attending a training event around PowerApps and Flow. That should give me a good opportunity to build on the experience from creating my Mileage Recorder. Together with PowerBI (something else I really need to learn more about) these technologies provide a trilogy of tools to empower users to do more with data. And on that note, I should probably end this blog post, as I’m starting to sound like a Microsoft marketing representative…

Removing the ability to accidentally email colleagues from my personal mailbox in Office 365

For some time now, Outlook has supported the use of multiple Exchange servers inside a single profile. This is very useful because I can use a single client to connect to my work email (@risual.com), my Microsoft email (until recently), any email accounts that are provided by customers (e.g. for project purposes) and my personal email account.

There are a couple of gotchas though:

  • My employer uses Azure Information Protection (AIP) to classify email and the AIP client will not allow me to send a message unless it’s classified, regardless of whether I’m sending using my risual.com account or one of the others.
  • I have to be careful to make sure that I don’t accidentally send business email from my personal account. This isn’t a problem when responding to an existing message but is possible if the focus is on my personal Inbox and I start a new message thinking “I just need to email so-and-so about something-or-other” (often out of hours).

The first of these is just a minor inconvenience – I just send as Unclassified if I’m not using my risual.com account. The second requires a little more thought – and my colleague Simon Bilton (@sabrisual) suggested creating a transport rule in Exchange Online (who said Engagement Managers aren’t technical?).

So, as of now, the following rule is in place:

<?xml version="1.0" encoding="utf-16" standalone="yes"?>
<rules name="TransportVersioned">
  <rule name="Prevent accidentally sending work email from personal account" id="a0f59e36-93f1-4f2e-bccb-3eddf0c097e1" format="cmdlet">
    <version requiredMinVersion="15.0.3.0">
      <commandBlock><![CDATA[New-TransportRule -Name 'Prevent accidentally sending work email from personal account' -Comments '
' -Mode Enforce -RecipientAddressContainsWords 'risual.com' -ExceptIfSentTo 'markw@risual.com' -SetAuditSeverity 'High' -RejectMessageReasonText 'This email contains recipients at risual.com and you are sending from your personal account' -RejectMessageEnhancedStatusCode '5.7.1']]></commandBlock>
    </version>
  </rule>
</rules>

This rejects email sent from my Exchange Online subscription to any risual.com address except markw@risual.com. That exception allows my wife (on the same server) to send email to me and still allows me to forward emails to myself at work (e.g. receipts for expenses using my personal email address).

I’ve tested by sending to both markw@risual.com (allowed) and mark@risual.com (blocked) so accidentally emailing someone at work from my personal address is no longer a concern!

Custom mail flow rule blocks email sent to work from personal mailbox

Office 365 data moves are now available for UK customers

Last year I wrote a post about data residency options for Office 365 customers in the UK. At the time, Microsoft was publishing a window for UK-based customers to request data moves between December 2016 and February 2017 but then the web page was updated to say “TBA”. Now, the how to request your data move page has been updated again (thanks to @gavinmorrison for the tip-off), giving UK customers six months between 15 March 2017 and 15 September 2017 to request a move to UK-hosting. Microsoft will then take up to 2 years to complete the move.

This is a one-time opportunity to request a data move (although tenants created after UK datacenter availability will already be hosted in the UK) but it’s only recommended if your organisation has strict data residency requirements. If you don’t see the option to move, it’s probably because:

  • You’re using the old Office 365 Admin Center – the option is only available (under Settings, Organization Profile, Data Residency Option) in the preview Admin Center.
  • Your tenant is not eligible for the move.
  • All of your data is already located in the new region.

Once you’ve started the move process, it cannot be cancelled.

Further reading

Office 365 Groups and Teams – what, when and why?

Office 365 offers a fantastic set of collaboration tools but there are times when I wish they were just a little more tightly integrated. The basic Exchange-Skype-SharePoint trio are fine – and OneDrive is finally sorted after years of transitioning to a new client but what about Video, Sway, Groups, Yammer, Planner, etc.? Well, I recently got myself along to a Microsoft Cloud User Group event where Al Eardley (@Al_Eardley) gave a really informative talk about Groups vs. Teams – and what you should be aware of. This post attempts to merge some of the main points from Al’s talk with some other information I’ve been tracking in recent weeks to hopefully give a better idea of how these two apparently competing (but actually complementary) products can be used.

TL;DR

Office 365 Groups have been around for a while but Teams are new (at the time of writing, Teams are still in preview, having been launched in late 2016 and being lauded as “Microsoft’s Slack competitor”).

Groups vs Teams

Let’s start by thinking about the Office 365 tools we use to collaborate:

Scope Tool Notes
Me OneDrive Personal file storage
Us Teams Working as a team, to collaborate on content. On a project, bid, system, area of business
Us Groups Similar functionality but can share with partners outside the organization
Everyone SharePoint Publishing content the traditional way (can also share through Groups/Teams) with governance and approval processes. Records to keep.

Then, if we look at the features we use:

  • Distribution list – so we can easily get “stuff” to “people” using Exchange Online
  • Files – and sharing them with shared document libraries in SharePoint Online
  • OneNote – collaborative note-taking
  • Calendar – a “proper” Exchange calendar, not just a SharePoint calendar!
  • Planner – for task management; things to complete as a team, with criteria to step through, simple interface – a Kanban board like Trello
  • Landing page – that’s editable/customisable
  • News – keeping everyone informed
  • Yammer Group – because Office 365 Groups and Yammer Groups are now integrated
  • Persisted Chat – within Teams. Another way to record conversations
  • Channels – the ability to have a team with multiple channels to segregate content by project/activity
  • Connectors – the ability to include information from other sources, e.g. Twitter, Visual Studio, PowerBI, etc.

Woah! Information overload! And some of these features are in Groups. Some are in Teams. Neither has them all!

So consider this: with Groups we create a container for content, integrating various services and applying security using a common identity; Teams sit above Groups – and creating a Team creates an underlying Group. Also, Groups can be public, private or external but Teams are public/private only (there is no external sharing in Teams).

That’s the easy part – access to the features depends on the application you’re using (Outlook, Outlook on the Web, SharePoint Online, Planner, a Group site, Teams in-browser, Teams in the desktop client… etc.). We get different views of the same elements from different locations – which can feel a bit disjointed but I expect (sincerely hope) it will get better as Teams moves closer to release.

It might help to look at what goes where inside Office 365 (this information is taken from a recent webinar from AvePoint):

Skype for Business Online Exchange Online SharePoint Online Planner Yammer
  • Instant Messaging
  • Broadcast meetings
  • Teams chats
  • User mailboxes
  • Calendars
  • Group conversations
  • Group mailboxes
  • Planner task comments
  • Sites, lists, libraries
  • Office 365 Video portal
  • User OneDrives
  • Group files
  • Group notebooks
  • Teams attachments
  • Planner attachments
  • Plans
  • Buckets
  • Tasks
  • Internal networks
  • External networks
  • Yammer notes and files

So which tool has which features?

Features Groups Teams
Distribution List Yes Yes
Files Yes Yes*
OneNote Yes Yes*
Calendar Yes Yes*
Landing Page Yes Not visible
News Yes Not visible
Planner Yes Yes*
Yammer Group Yes No
Persisted Chat No Yes
Channels No Yes
Connectors Yes Yes

Items marked * in the table above are segregated by channel

Pros and cons

Drawbacks Benefits
Groups
  • Interface – disjointed navigation experience
  • Skype for Business – very little integration
  • Conversations – Outlook conversations add nothing new to collaboration
  • Yammer – there are restrictions on integration
  • Landing page – does not offer links to all features of a team (Calendar or Planner) – the page can be changed but this needs some SharePoint knowledge
  • News – is an immature feature
  • Groups are public by default (which can lead to oversharing)
  • External access
  • Android/iOS apps
  • Easy to provision (maybe too easy sometimes, unless self-service group creation is disabled)
  • Management tools are improving with controls over naming, banned words, soft-deletion, group expiration, etc.
Teams
  • Calendar – can’t invite Rooms, a Surface Hub, or anyone outside of the team
  • Skype for Business – joining meetings from Outlook does not use Teams (it opens the Skype for Business client instead!)
  • Planner – tasks in Teams planners are not available in Groups; and Teams planners are not visible in the Teams web interface or in Planner!
  • News – not available at all
  • Chat – restricted to the Team
  • Single interface
  • Skype for business integration
  • Windows and Mac apps
  • Android/iOS apps
  • Regular product updates

Further Reading

Four considerations before rolling out Microsoft Teams

Missing Office 365 icons after blocking untrusted fonts in Windows 10

One of my customers contacted me recently to ask about a challenge they had seen with Windows 10. After blocking untrusted fonts in Windows 10, they noticed that parts of the Office 365 portal were missing icons.

The problem

The issue is that Office 365 uses a font to display icons/glyphs (to improve the experience when scaling to adapt to different screen sizes). It appears some browsers are unable to display the embedded fonts when they are untrusted – including Internet Explorer according to one blog post that my colleague Gavin Morrison (@GavinMorrison) found – apparently Edge has no such issues (though I can think of many more issues that it does have…) – Chrome also seemed to work for me.

There’s some good information about blocking untrusted fonts on TechNet and this highlights that:

“Using Internet Explorer to look at websites that use embedded fonts. In this situation, the feature blocks the embedded font, causing the website to use a default font. However, not all fonts have all of the characters, so the website might render differently.”

The fix

So, that appears to be the issue. What’s the fix?

It seems there are two workarounds – one includes excluding processes from the font blocking (but it’s no good excluding a browser – as the most likely attack vector for a malicious font would be via a website!) and the other includes installing the problematic font to %windir%\Fonts.

Tracking down the Office 365 font

So, where do you get hold of the Office 365 font? I thought it should be part of the Office UI fabric but I couldn’t find it there, nor any reference to it in the Office developer documentation (there are some icons in the fabric – but they don’t seem to be the ones used for the Office 365 portal).

There is a site where you can select Office 365 glyphs and download a font file but I’m not sure that will address the issue with the Office 365 fonts being blocked in the portal, so some more detective work was required…

Stefan Bauer has posted quite a lot of information on the Office 365 fonts (there’s more in his “lab”) but it seems the CDN location Stefan highlights has changed. Thomas Daly found some new locations (and helpfully hosts a copy of the font on his site) but I wanted to signpost my customer to a Microsoft-provided source.

One of the locations that Thomas highlights is https://outlook.office365.com/owa/prem/16.0.772.13/resources/styles/fonts/office365icons.ttf but that results in an HTTP Error 404 now (not found). So I opened the Office 365 portal in my browser and started the Debugger. Then, I found the following line of code that gave me a clue:

<meta name="msapplication-TileImage" content="https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/images/0/owa_browserpinnedtile.png"/>

I used that base location (up to and including the version number) with the tail end of the URI that Thomas had provided and was pleased to find that https://r1.res.office365.com/owa/prem/16.1630.11.2221454/resources/styles/fonts/office365icons.ttf got me to an installable TrueType font file for the Office 365 fonts on Windows.

I expect the location to change again as the version number is updated but the method of tracking down the file should be repeatable.

Testing my theory

Testing on one of my PCs with HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\MitigationOptions set to 0x1000000000000 resulted in Internet Explorer loading the Office 365 portal without icons and Event ID 260 recorded in the Microsoft-Windows-Win32k/Operational log:

C:\Program Files (x86)\Internet Explorer\iexplore.exe attempted loading a font that is restricted by font loading policy.
FontType: Memory
FontPath:

Office 365 fonts blocked - missing icons

After installing the Office 365 icons font (office365icons.ttf) and refreshing the page, I was able to view the icons:

Office 365 fonts installed - icons visible

Uninstalling the font locally and refreshing once more took me back to missing icons.

I then tidied up by setting the MitigationOptions registry key to 0x2000000000000 and restarting the PC, before removing the registry entry completely.

Further reading

Block programs from loading untrusted fonts in Windows 10.

Update on data residency options for Office 365 customers in the UK

Back in September, Microsoft started offering Azure and Office 365 services from UK datacenters.  At the time, there was no announcement for customers who had existing Office 365 tenants (hosted elsewhere in Europe) about how to move data to the UK but, earlier today, my colleague Brian Cain (@BrianCainUC) tweeted about a Microsoft article titled “moving core data to new Office 365 datacenter regions“. This isn’t a new page but it seems Microsoft has quietly updated it to include reference to a new Data Residency Option for the UK (updated 3 November 2016):

“[Microsoft] offer existing customers that have strict data residency requirements, and that are listed in the table below, an option to have their core customer data moved to the new region.”

Customers with billing address in Previous datacenter region New datacenter region Region available since Announcement
United Kingdom Europe, Middle East, Africa United Kingdom September 2016 Office 365 Blog

[some rows have been removed from the table above]

Previously the UK was covered by the statement that:

“The data residency option, and the availability to move customer data into the new region, is not a default for every new region [Microsoft] launch. As [Microsoft] expand into new regions in the future, [Microsoft will] evaluate the availability and the conditions of data moves on a region by region basis.”

I, and my colleagues at risual, have seen a lot of interest from customers who are UK-based but have Office 365 tenants that were created before 2 September 2016; however my colleague Paul Wooldridge highlighted that the option to move data is time limited.

Microsoft’s “How to request your data move” page is clear that for UK customers the request period begins on 1 December 2016 and ends on 28 February 2017 [update 7 December 2016: my colleague Gavin Morrison spotted that the page has been updated to state 12 December 2016-10 March 2017. Update 12 December 2016: the page has now been updated with date “to be determined”], the actual migration of the data can take up to 2 years, and that:

“[Microsoft is] unable to accept requests to be moved after the deadline in each region”

So, if you’re looking to “Brexit your data”, you have a 3 month window in which to make the request, and potentially up to a 2 year wait. Also, once moved, there is no way back – at least not without performing your own tenant-to-tenant migration.

Further reading

Microsoft’s UK datacenters: what you need to know.

Short takes: what to do when Outlook won’t open HTTP(S) links; how to disable Outlook Clutter; and don’t run externally-facing mail servers in Azure!

Once again, my PC is running out of memory because of the number of open browser tabs, so I’ll convert some into a mini-blog post…

Outlook forgets how to open HTTP(S) links

I recently found that Outlook 2016 had “forgotten” what to do with HTTP(S) links – complaining that:

Something unexpected went wrong with this URL: […] Class not registered.

The fix was to reset my default browser in Windows. Even though I hadn’t changed it away from Edge, a Windows Update (I expect) had changed something and Edge needed to be reset as the default browser, after which Outlook was happy to open links to websites again.

Globally disable Outlook Clutter

I had a customer who moved to Exchange Online and then wanted to turn off the Clutter feature, because “people were complaining some of their email was being moved”.

Unfortunately, Clutter is set with a per-mailbox setting so to globally disable it you’ll need something like this:

get-mailbox | set-clutter -enable $false

That will work for existing mailboxes but what about new ones? Well, if you want to do make sure that Clutter remains “off”, then you’ll need a script to run on a regular basis and turn off Clutter for any new users that have been created – maybe using Azure Automation with Office 365?

Alternatively, you can create a transport rule to bypass Clutter.

Personally, I think this is the wrong choice – the answer isn’t to make software work the way we used to – it’s to lead the cultural change to start using new features and functionality to help us become more productive. Regardless, Clutter will soon be replaced by the Focused Inbox (as in the Outlook mobile app).

Don’t run externally-facing mail servers in Azure

I recently came across a problem when running an Exchange Hybrid server on a VM in Azure. Whilst sending mail directly outbound (i.e. not via Office 365 and hence Exchange Online Protection), consumer ISPs like Talk Talk were refusing our email.  I tried adding PTR records in DNS for the mail server but then I found the real issue – Azure adds it’s IP addresses to public block lists in order to protect against abuse.

It turns out that Microsoft’s documentation on sending e-mail from Azure compute resource to external domains is very clear:

“[…] the Azure compute IP address blocks are added to public block lists (such as the Spamhaus PBL).  There are no exceptions to this policy”

and the recommended approach is to use a mail relay – such as Exchange Online Protection or a third party service like SendGrid. Full details can be found in the Microsoft link above.

Inside the Microsoft datacentres

A datacentre is just a datacentre isn’t it? After all, isn’t it just a bigger version of the server room in the basement? But what about the huge datacentres that run cloud services? What’s it like inside the Microsoft datacentres that host Azure, Office 365, etc.?

Last week, Microsoft’s Modern Workplace webcast titled “An Inside Look at Your Secure Cloud” gave a sneak peek inside some of the Microsoft datacentres – comparing various generations and showing the improvements along the way.  And, as you might expect, these are the very definition of operating at scale…

As Doug Hauger (General Manager for National Cloud Programs at Microsoft) explained, organisations look to use a cloud datacentre for scale and professionalism.  Anyone can run a datacentre but the Microsoft Cloud is about robustness and security – whether that’s how staff are monitored or the physical and logical security models.

Each time Microsoft moves into a new region (like the two regions that opened in the UK earlier this month) there’s not just one super-scale datacentre but multiple facilities per region, providing redundancy and disaster recovery capability. Each facility has multiple power sources and multiple network ingress and egress points. Then there’s the investment Microsoft is making in physical infrastructure around the world – for example the joint project with Facebook for a new Europe-North America undersea cable (MAREA).

Each time Microsoft considers expanding into a new market they perform a business case analysis on the potential opportunity, considering the scale that they will go in at (tens of thousands of servers). Microsoft now has more than 100 datacentres in 30 regions around the world (with four more under construction). Because of the huge range of locations covered, Microsoft is now the industry leader for compliance and certification – whether that is meeting global or local requirements. Then there is the question of meeting customer needs around data residency, compliance, etc. (for example with the German datacentres that operate under a unique data trustee model in partnership with Deutsche Telekom).

With its cloud datacentres, Microsoft is aiming to meet customer needs around digital transformation, where the question is no longer “why should I go to the cloud” but one of “how to innovate more quickly in the cloud”. That’s what drives the agenda for where to geographically expand, where enhance scalability, etc.

Despite the question I posed in the opening paragraph of this post, a true datacentre is worlds apart from the typical server room in the basement (or wherever). The last time I got to visit a datacentre was when I was working at Fujitsu and I visited the London North facility, an Uptime Institute Tier III datacentre that won awards when it was built in 2008. Seeing the scale at which a modern datacentre operates is impressive. Then ramp it up some more for the big cloud service providers.

In the webcast, Christian Belady (General Manager Cloud Infrastructure Strategy and Architectures at Microsoft) explained that datacentres are the foundation of the Internet – they are where all the cloud services are served from (whether that is Microsoft services, or those provided by other major players).

There are several layers of physical security from the outside fence in, screening people, controlling access to parts of the buildings, even to cabinets themselves with critical customer data in locked cabinets covered with video surveillance. Used disks are destroyed, being wiped and then crushed on site! The physical security surpasses anything provided for on-premises servers and the logical security continues that defence in depth.

Each custom-built server is actually 2 computers with 10s of 1000s of computers per room, 100s of 1000s per datacentre, each datacentre the size of 20-30 football fields. Look at the racks and you can see the attention to detail – keeping things orderly not only adds to operational efficiency but it looks good too! The enterprise servers that most of us run on-premises have plastic bezels to make them look pleasant. Instead, Microsoft’s servers have focused on eliminating anything that has no useful function…

Each iteration of datacentres becomes more industrialised – with improvements to factors such as cooling (which is one of the biggest power usage factors).

A generation 2 datacentre from around 2007 has a Power Usage Effectiveness (PUE) efficiency score of 1.4-1.6 (for comparison, the Fujitsu facility I mentioned earlier has a PUE of 1.4 but a typical enterprise datacentre from the 2000s with a normal raised floor would have a PUE of 2-3). Cool and hot aisles are used with hot air returned to coolers and recirculated. Microsoft then raised the temperature of their servers to a level that is acceptable (working with manufacturers), rather than the lower levels they used to have (reducing the cooling demands).

Moving on to generation 4, efficiency is improved further (a PUE of 1.1-1.2), eliminating chillers by removing roofs, driving down costs and using outside air to chill. Containers use the outside cooling and a system of adiabatic cooling, spraying mist into the air to cool down – which evaporates before it hits the server”. Such datacentres use a lot less water too (compared with older styles of datacentre).

With the latest (generation 5) datacentres, further improvements are made, culminating the features of other generations – learning and adapting. The PUE is now down to 1.1 (and below at certain times of year) with running costs also improved. There are still hot a cold aisles but no raise floor and, instead of outside air, the datacentres use a closed liquid loop system (no chiller – cool the water outside) – and that water doesn’t need to be potable.

The actual datacentre design changes for each facility, based on the geography and the environmental impact. Backup power generation is a key component in the design, with several days of fuel onsite and contracts to keep bringing more fuel in. Power is often sustainably sourced, be that cheap and carbon-free hydro-electric power, wind or solar. Microsoft Research is even working on a tidal-powered under-sea datacentre (Project Natick).

Inside the Microsoft datacentres is very industrial. Whole racks are brought in (pre-tested), rather than single servers and, as previously mentioned, Microsoft design and build the servers for use at scale, stripping out enterprise features and retaining only what’s needed for the Microsoft environment.

Whilst I’ve worked with customers who have visited Microsoft datacentres in Dublin, it seems unlikely that I’ll ever get the chance. Watching the Modern Workplace webcast gave me a fascinating look at how Microsoft operates datacentres at scale though – and it truly is awe-inspiring. To find out more, visit the Microsoft website.

Microsoft’s UK datacentres: what you need to know

This morning, the UK woke up to an announcement from Microsoft that the UK datacentres for Azure and Office 365 are generally available, making Microsoft the first global provider to deliver a complete cloud (Iaas, PaaS and SaaS) from UK data centres.

That means:

  • Two new Azure regions in the UK:
    • UK West (Cardiff)
    • UK South (London)
  • Office 365 services from UK datacentres in Durham and London.

Dynamics CRM online will be offered from the UK in the first half of 2017.

That Azure location information was taken from the Azure regions page on the Microsoft website (although my sources tell me that “Cardiff” is really “Newport” – close enough as to make no difference anyway, and London is probably “near London” too).  The Office location information was taken from the Office 365 Interactive Data Maps.

Now, UK customers already using Azure or Office 365 will be asking “will my data be moved to a UK datacentre?”. There’s no official announcement from Microsoft (not that I’ve seen) but my (unofficial) answer is “no”. At least not automatically.

For Azure, it’s good practice to design across multiple regions. There are also implications around geo-replication (which regions are paired with which for business continuity and disaster recovery purposes). Moving resources from one region to another is possible but is also a project that would need to be undertaken by a customer (possibly working with a partner) as a programme of planned resource moves.

For Office 365, it’s worth reading the TechNet advice on Moving core data to new Office 365 datacenter regions. At the time of writing it hasn’t been updated to reflect UK datacentres (it was last updated 28 July 2016) but it currently says:

“Existing customers that have their core customer data stored in an already existing datacenter region are not impacted by the launch of a new datacenter region”

[…]

“The data residency option, and the availability to move customer data into the new region, is not a default for every new region we launch. As we expand into new regions in the future, we’ll evaluate the availability and the conditions of data moves on a region by region basis.”

“New customers or Office 365 tenants created after the availability of the new datacenter region will have their core customer data stored at rest in the new datacenter region automatically.”

The page goes on to state that, assuming the data residency option is made available for the UK (remember, nothing has been announced yet)

“Customers will need to request to have their data moved within a set enrollment window.”

and that:

“Data moves can take up to 24 months after the request period to complete”

There’s also a footnote on the UK interactive data map to say:

“Customers who signed up and selected the United Kingdom for their Office 365 services before September 2, 2016 will have their customer data located in the EMEA datacenter locations.”

So, in short, Office 365 (SaaS) data stays exactly where it is, unless you sign up for a new tenant, or wait for further announcements from Microsoft. Azure (IaaS and PaaS) workloads can be moved to the new regions whenever you are ready.

 

End user computing – the device doesn’t matter

Following a recent Windows update that “went bad”, I needed to have my work PC rebuilt.  That left me with a period when I had work to do, but only a smartphone to work on or my personal devices. To me, this was also a perfect opportunity to put cloud services to work.

So, armed only with a web browser on another PC, I was perfectly able to access email and send/receive IMs (it’s all in Office 365), pester people on Yammer, catch up on some technical videos, etc. There was absolutely nothing (technically) preventing me from doing my job on another device. That’s how End User Computing should work – providing a flexible computing workstyle that’s accessible regardless of the device and the location.

The real issues are not around technology, but process: questions were asked about why I wasn’t following policy and using my company-supplied device; and I was able to answer with clear reasons and details of what I was doing to ensure no customer information was being processed on a non-corporate device. There are technical approaches to ensuring that only approved devices can be used too – but what’s really needed is a change of mindset…