Notes from the field: Microsoft 365 Multi-Geo

This content is 3 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Generally, Office 365/Microsoft 365 data is located in the datacentre region that relates to the country where the company’s registered address is. If your company is registered in Amsterdam, you’ll be in West Europe. If you’re registered in New York, you’ll be in a US datacentre somewhere. Registered in the UK… it depends on when your tenant was created but it could be in West Europe (if it’s an older tenant, like mine) or in the UK…

For global organisations, this can be a challenge. If your data is on the other side of the world then you may find that latency adversely impacts access to resources. The Microsoft global network is designed to efficiently route traffic from local points of presence to Microsoft datacentres over fast links, but sometimes that’s not enough. In these cases, check out the Microsoft docs on network planning and performance tuning for Microsoft 365.

The other challenge relates to data residency and, as you can expect, there are some options.

One would be to establish multiple tenants. But that means multiple Azure AD instances. Added to which, a DNS name can only be registered in one place. This means I can’t have users with @markwilson.co.uk addresses (for example) in more than one tenant. For a global organisation with everyone using an @company.com address for identity, email and instant messaging, that’s going be a challenge.

Another option is Microsoft 365 Multi-Geo. This service allows the provisioning and storage of data at rest in the locations of your choice. Note that this is not designed for performance optimisation – in fact, the Microsoft website specifically calls this out:

“Note that Microsoft 365 Multi-Geo is not designed for performance optimization, it is designed to meet data residency requirements”.

Microsoft 365 Multi-Geo documentation

On the face of it, Multi-Geo sounds great, but it has some pretty significant licensing restrictions:

“Microsoft 365 Multi-Geo is available as an add-on to [selected] Microsoft 365 subscription plans for Enterprise Agreement customers with a minimum of 250 Microsoft 365 seats in their tenant, and a minimum of 5% of those seats using multi-geo. User subscription licenses must be on the same Enterprise Agreement as the Multi-Geo Services licenses.”

Microsoft 365 Multi-Geo documentation

In my case, with a US-headquartered organisation where the UK organisation was tiny in comparison, Microsoft 365 Multi-Geo became cost-prohibitive. With around 80,000 US seats and only up to 1500 in the UK, they would have needed almost three times the number of licences in order to hit the 5% minimum seat count in the UK satellite location. And it needs to be on an Enterprise Agreement (not Cloud Services Provider), although that’s probably not such a challenge when operating at this scale.

For the vast majority of Microsoft 365 clients that I work with Multi-Geo is not even a consideration. But if it is for you, then go in with your eyes open. The reliance on the US-HQ IT team for Microsoft 365 led to a total change of strategy for my client… and that meant the project was no longer led from the UK, and therefore they no longer needed my team’s services.

Notes from the field: some common dependencies for Microsoft 365 deployments

This content is 3 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

My blog posts take a while to get published these days. I struggle to find the time to write them and often a few notes can remain in draft form for a long time. Some of those notes never make it. Others possibly shouldn’t.

This is one of those posts where I’m not sure whether to publish or not. It’s based on an email I sent to a client, in 2018, as we were starting to work together. That client was about to embark on a migration to Windows 10 and Office 365, and these notes were intended to set them in the right path.

We all know that Office 365 is under constant development, and some of the advice below might not be current. I don’t think it’s too far off the mark but your mileage may vary. I’ve also added a few comments where I know we’d look to do things differently today. Those comments are marked with square parentheses.

All of these dependencies were things I identified before we got into design… but many more came out as we got into the detail.

Preparing the identity platform

[Identity is key to any successful Microsoft cloud implementation. And Azure AD is Microsoft’s cloud identity platform.]

Recommendation:

  • IdFix tool used to ensure that there are no directory issues that will cause synchronisation issues.
  • Azure AD Connect synchronising without error between on-premises Active Directory and Azure Active Directory. Even with on-premises authentication via ADFS or similar, user objects will be required in Azure AD in order to populate the Exchange GAL.

[in this case, I could be reasonably sure that both of these are already in place for the existing Skype for Business Online deployment.]

Useful links:

Preparing for Exchange hybrid

[It’s common to run Microsoft Exchange in a hybrid configuration when migrating mailboxes to Office 365. Generally, the hybrid will remain in place even after user mailboxes have been migrated to the cloud, for management purposes. There are constraints around the versions of Exchange Server that can be used though.]

  • The hybrid server must be running the latest or immediately previous (i.e. n or n-1) cumulative update or update rollup available for the version of Exchange installed on-premises
  • Domain names that will be used for email should have the appropriate records created and verified in DNS.
  • Ports should be enabled to allow traffic to flow as outlined in the above article. It may be useful to run the Remote Connectivity Analyzer (RCA) tools to verify this.
  • In addition, I recommend that the other Exchange servers in the organisation are upgraded to run with the latest available updates.

Useful links:

Preparation for deployment of Windows 10 images using SCCM

[System Center Config Manager (SCCM) is now part of Microsoft EndPoint Manager (MEM) and I’m not sure I’d recommend an SCCM-based deployment these days. My first preference would be to use Microsoft’s own Windows images, in Azure AD-joined configuration managed with Intune (also part of MEM). This topic would make a blog post on its own…]

Config Manager needs to be updated to align with the version of Windows 10 being deployed: Support for Windows 10 in Configuration Manager.

[Even when I wrote the notes 3 years ago, it seems I was guiding the client towards a Modern Device Management approach with Intune…]

Preparation for the use of Office applications (desktop and web)

[Office 365 ProPlus is now Microsoft 365 Apps for Enterprise but the advice below is unchanged apart from the product name.]

Office 365 ProPlus (i.e. subscription-based Office application) requirements are the same as for Office Professional Plus 2016 (i.e. perpetually-licensed applications) and are detailed at Microsoft 365 and Office Resources.

With regards to documents (including spreadsheets, presentations, etc.) containing macros, etc. It would be advisable to perform some basic compatibility testing: Check file compatibility with previous versions.

Office 2016 and 2019 are supported under the Fixed Lifecycle Policy.

Use of a supported browser is critical to the use of Office 365 web-based components although many organisations are held back by legacy software releases.

General Microsoft 365 system requirements may be found at the Microsoft 365 and Office Resources link above. Most notably:

“Microsoft 365 is designed to work with the latest browsers and versions of Office. If you use older browsers and versions of Office that are not in mainstream support:

  • Microsoft won’t deliberately prevent you from connecting to the service, but the quality of your Microsoft 365 experience will diminish over time.
  • Office 2019 connections to Microsoft 365 services will be supported until October 2023.
  • Microsoft won’t provide code fixes to resolve non-security related problems.

[Microsoft’s guidance previously stated that “Office 365 doesn’t support interoperability with any software that isn’t supported by its manufacturer.”]

Using Windows Autopilot to deploy PCs in the middle of a pandemic

This content is 3 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

A year ago, who would have thought that so many people would still be working from home because of COVID-19? That a pandemic response would lead to such a huge impact on the way we live? That we’d be having discussions about the future role of the office?

Lots of things changed in 2020. Some of them may never change back.

Changes to PC operating system deployment methods

There is a saying (attributed to the Greek philosopher, Heraclitus) that the one constant in life is change…

Over nearly 30 years working in IT, I’ve worked on a lot of PC rollouts. And the technology keeps on changing:

  • Back in 1994, I was using Laplink software with parallel cables (so much faster than serial connections) to push Windows for Workgroups 3.11 onto PCs for the UK Ministry of Defence.
  • In 2001, Ghost (which by then had been purchased by Norton) was the way to do it. Working with a a Microsoft partner called Conchango, my team at Polo Ralph Lauren rolled out 4000 new and rebuilt PCs. We did this across 8 European countries, supporting languages and PC hardware types with just two images.
  • By 2005, I was working for Conchango and using early versions of the Microsoft Business Desktop Deployment (BDD) solution accelerator to push standard operating environment (SOE) images to PCs for a UK retail and hospitality company.
  • By 2007, BDD had become Microsoft Deployment. Later, that was absorbed into System Center Configuration Manager.

After this, the PC deployment stuff gets a bit fuzzy. My career had moved in a different direction and, these days, I’m less worried about the detail (I have subject matter experts to rely on). My concerns are around the practicalities of meeting business requirements by making appropriate technology selections.

Which brings me back to the current day.

A set of business requirements

Imagine it’s early 2021 and you’re faced with this set of requirements:

  • Must deploy new Windows 10 PCs to a significant proportion of the business’ staff.
  • Must comply with UK restrictions and guidance in relation to the COVID-19 novel coronavirus.
  • Should follow Microsoft’s current recommended practice.
  • Must maintain compliance with all company standards for security and for information management. In particular, must not impact the company’s existing ISO 27001, ISO 9001 or Cyber Essentials Plus certifications.
  • Should not involve significant administrative overhead.

A solution, built around Windows Autopilot

The good news is that this is all possible. And it’s really straightforward to achieve using a combination of Microsoft technologies.

  • Azure Active Directory provides a universal identity platform, including conditional access, multifactor authentication.
  • Windows Autopilot takes a standard Windows 10 image (no need for customised “gold builds”) and applies appropriate policies to configure and secure it in accordance with organisational requirements. It does this by working with other Microsoft Endpoint Manager (MEM) components, like Intune.
  • OneDrive keeps user profile data backed up to the cloud, with common folders redirected so they remain synced, regardless of the PC being used.

What does it look like?

My colleague, Thom McKiernan (@ThomMcK), created a great unboxing video of his experience, opening up and getting started with his Surface Pro 7+:

(I tried to do the same with my Surface Laptop 3 but unboxing videos are clearly not my thing.)

Why does this matter?

The important thing for me is not the tech. It’s the impact that this had on our business. To be clear:

We deployed new PCs to staff, during a national lockdown, without the IT department touching a single PC.

For me, it took around 10 minutes from opening the box to sitting at a usable desktop with Microsoft Teams and Edge. (What else do you need to work in 2021?)

That would have been unthinkable a few years ago.

It seems that, on an almost daily basis, I talk to clients who are struggling with technology to allow staff to work from home. It always seems to come back to legacy VPNs or virtual desktop “solutions” that are holding the IT department back.

So, if you’re looking at how your organisation manages its end user device deployments, I recommend taking a look at Windows Autopilot. Perhaps you’re already licensed for Microsoft 365, in which case you have the tools. And, if you need some help to get it all working, well, you know who to ask…

Featured image created from Microsoft press images.

Weeknote 18/2020: Microsoft 365, the rise of the humans and some data platform discovery

This content is 4 years old. I don't routinely update old blog posts as they are only intended to represent a view at a particular point in time. Please be warned that the information here may be out of date.

Some highlights from the last week of “lockdown” lunacy*…

Office 365 rebranding to Microsoft 365

For the last couple of years, Microsoft has had a subscription bundle called Microsoft 365, which includes Office 365 Enterprise, Enterprise Mobility and Security and Windows 10 Enterprise. Now some bright spark has decided to rebrand some Office 365 products as Microsoft 365. Except for the ones that they haven’t (Office 365 Enterprise E1/3/5). And Office 365 ProPlus (the subscription-based version of the Office applications) is now “Microsoft 365 Apps for Enterprise”. Confused? Join the club…

Read more on the Microsoft website.

The Rise of the Humans

A few years ago, I met Dave Coplin (@DCoplin). At the time he was working for Microsoft, with the assumed title of “Chief Envisioning Officer” (which was mildly amusing when he was called upon to interview the real Microsoft CEO, Satya Nadella at Future Decoded). Dave’s a really smart guy and a great communicator with a lot of thoughts about how technology might shape our futures so I’m very interested in his latest project: a YouTube Channel called The Rise of the Humans.

Episode 1 streamed on Wednesday evening and featured a discussion on Algorithmic Bias (and why it’s so important to understand who wrote an algorithm that might be judging you) along with some discussion about some of the tech news of the week and “the new normal” for skills development, education and technology. There’s also a workshop to accompany the podcast, which I intend to try out with my family…

Data Platform Discovery Day

I spent Thursday in back-to-back webcasts, but that was a good thing. I’d stumbled across the presence of Data Platform Discovery Day and I joined the European event to learn about all sorts of topics, with talks delivered by MVPs from around the world.

The good thing for me was that the event was advertised as “level 100” and, whilst some of the presenters struggled with that concept, I was able to grasp just enough knowledge on a variety of topics including:

  • Azure Data Factory.
  • Implementing Power BI in the enterprise.
  • An introduction to data science.
  • SQL Server and containers.
  • The importance of DevOps (particularly apt as I finished reading The Pheonix Project this week).
  • Azure SQL Database Managed Instances.
  • Data analysis strategy with Power BI.

All in all, it was a worthwhile investment of time – and there’s a lot there for me to try and put into practice over the coming weeks.

2×2

I like my 2x2s, and found this one that may turn out to be very useful over the coming weeks and months…

Blogging

I wrote part 2 of my experiences getting started with Azure Sphere, this time getting things working with a variety of Azure Services including IoT Hub, Time Series Insights and IoT Central.

Decorating

I spent some time “rediscovering” my desk under the piles of assorted “stuff” this week. I also, finally, put my holographic Windows 2000 CD into a frame and it looks pretty good on the wall!

* I’m just trying to alliterate. I don’t really think social distancing is lunacy. It’s not lockdown either.