A Brief History of Workplace Changes How many changes or transformations has IT undergone in the past decade? Evolution of the World Wide Web – from JavaScript to Squarespace. Virtualization brings on consolidation. AI and machine learning. Big Data becoming bigger and faster. Centralized model vs decentralized model vs Cloud model. Cloud, cloud, cloud. Microsoft’s Workplace Change Business has been historically transacted in the traditional sense, on premises offices, on premises staff, and on premises infrastructure (both hardware and software). Sure, there have always been the need for remote users, but always the outlier. Business has strived for collaboration. This was typically done again through on premises means: a conference room, a white board, face to face communication, and that old dinosaur, the printer. In 2017, Microsoft launched an initiative to achieve a mission of empowering every person and every organization on the planet to achieve more. To accomplish this mission, they decided they would need to transform the way they do IT. Microsoft had operated like a traditional IT shop, highly reactive to circumstances and more focused on the technology and the experience. The team transformed to be “vision-led” focused on building and deploying the right solutions to meet the needs of people, not just deploying the latest technology. “That transformation culminated with our transition to becoming Microsoft Digital Employee Experience. At the core of that transformation is an obsession with the needs of our employees that transcends tools and infrastructure and extends to the entirety of their daily experience, from the day they’re hired to their eventual retirement. We steward their digital experience through every dimension of their employment, ensuring they have the devices, applications, services, and infrastructure needed to be productive on the job no matter where they are or what they do.” (Microsoft, 2022) From that experience, Microsoft introduced The Modern Workplace in 2018. Virtualizing the workplace utilizing Microsoft 365, and other online work platforms that provide all the applications, storage, and communication solutions a team needs to get their work done from wherever they have an internet connection. Then, not a foreign concept but definitely not mainstream. Enter the pandemic. Now, a very mainstream concept, in fact, most every organization on the planet is already there or trying to figure out how to get there. The pandemic was a massive shove for the technology world, a shock to the system which required immediate access for teams to get their work done from wherever they have an internet connection – the very definition of Microsoft’s Modern Workplace. One great example of this shove was Microsoft Teams – the ability to have a meeting and collaborate from anywhere with a connection. Many a business were able to get through the pandemic with the help of Microsoft Teams. What is The Modern Workplace? As previously stated, the Microsoft Modern Workplace is made up of online platforms which provide applications, storage, and communications to provide the employees they need to be successful. These tools reside within Microsoft 365 and Microsoft Azure. For this blog, we are focusing on Microsoft 365. Microsoft 365 can be broken down into two segments: Communication and Collaboration; and Productivity and Automation. Communication and Collaboration products are best known by their common names: Exchange Online, SharePoint Online, Office Suite (Word, Excel, PowerPoint, etc.) and Teams. Productivity and Automation products are best known by the Power Suite (Power Apps, Power Automate, and PowerBI). Both groups riding atop Office 365 Groups, Microsoft Graph, and Security and Compliance. Microsoft Modern Workplace Licensing Navigating Microsoft licensing can be a very daunting task. Organizations are often unsure of where to begin when going through the licensing options. Achieving the Modern Workplace comes in many different shapes and sizes, and most of the time there are different licensing options for each. Most case studies referenced by Microsoft share the same beginning steps. 1. Establish anywhere working and collaboration and 2. Microsoft Teams. Step 1 is usually Office/Microsoft 365 and Step 2 is self-explanatory, Microsoft Teams. Now the trick is figuring those out: Microsoft 365 Business Premium For SMBs 1-300 employees Apps Outlook, Word, Excel, PowerPoint, OneNote OneDrive (1 TB storage per user) Teams Services Exchange Online SharePoint Online Additional Intune Microsoft Defender Azure Information Protection Azure AD Premium P1 Azure Virtual Desktop Office 365 E3 Unlimited number of employees Apps Outlook, Word, Excel, PowerPoint, OneNote OneDrive (1 TB storage per user) Teams Services Exchange Online SharePoint Online Office 365 E5 Everything included with Office 365 E3 plus: Microsoft Teams Phone System Power BI Pro Cloud 365 App Security Audio Conferencing Microsoft Defender for Office 365 Plan 2 Advanced compliance Microsoft 365 E3 Unlimited number of employees Apps Outlook, Word, Excel, PowerPoint, OneNote OneDrive (1 TB storage per user) Teams Services Exchange Online SharePoint Online Additional Intune Microsoft Defender Azure Information Protection Azure AD Premium P1 Azure Virtual Desktop Power Apps for 365 OneDrive for Work Endpoint Configuration Manager Many more Microsoft 365 E5 Everything included with Microsoft 365 E3 plus: Microsoft Teams Phone System Power BI Pro Cloud 365 App Security Audio Conferencing Microsoft Defender for Office 365 Plan 2 Advanced compliance Obviously, these are some summary explanations of common license packages. But it does show how complex the choosing the right licenses can be? I definitely recommend having an expert, a Microsoft Partner, such as ProCern to assist in your version of the Microsoft Modern Workplace.
Cloud computing has definitely impacted how most enterprise IT Departments are managing their overall IT architecture. Businesses are constantly reevaluating what infrastructure will work best for their environment. Is it private cloud, public cloud, or hybrid cloud? What are the differences between these types of clouds? Cloud computing has definitely impacted how most enterprise IT Departments are managing their overall IT architecture. Businesses are constantly reevaluating what infrastructure will work best for their environment. Is it private cloud, public cloud, or hybrid cloud? All three options provide similar benefits, including cost-effectiveness, performance and reliability but ultimately which deployment method a business chooses is dependent upon their business needs. Public Cloud Public cloud is a term for cloud computing services offered over the public Internet and available to anyone who wants to purchase them. This type of cloud typically offers the greatest level of efficiency in shared resources however they are typically more vulnerable than private clouds. Microsoft Azure is an example of a public cloud. All hardware, software, and other supporting infrastructure is owned and managed by the cloud provider. You share the same hardware, storage, and network devices with other organizations or “cloud tenants.” You access your services and manage your account using a web browser. A public cloud may be a good option when: Your workload for applications is used by lots of people, such as email You have SaaS (Software as a Service) applications from a vendor who has a well implemented security strategy You need incremental capacity (ability to add computer capacity for peak times) You are doing collaboration projects You are doing an ad-hoc software development project using a Platform as a Service (PaaS) offering cloud Testing and developing environments Public cloud storage is for the most part cheaper than on-premises storage especially when you look into the upkeep and upgrades you may need with your hardware. Most cloud-storage services can accommodate periodic surges and typically have security protocols in place to protect your data including backup in a second location. The biggest warning is to make sure that your business takes the extra time and due diligence to ensure you have security and governance issues well planned. This option may work best for small businesses since they typically do not have a lot of proprietary information that requires extra security. Private Cloud A private cloud consists of computing resources used exclusively by one business or organization. It can be located physically at a business’ on-site datacenter or it can be hosted by a third-party service provider. The services and infrastructure are always maintained on a private network and the hardware and software are dedicated solely to the organization to allow your business to customize its resources to best fit your specific IT requirements. Private clouds are often used by government agencies, financial institutions and other mid to large size organizations where its critical to have control over their IT environment. Advantages include: Ability to customize the cloud environment to meet your specific business needs Improved security since your resources are not shared with others High Scalability Here are some additional indicators that your application may be a good fit for the private cloud: Application has very predictable usage patterns and low storage costs You need high performance access to a file system. For example, a media company that creates or produces large videos An application that may be poorly written or infrequently used that may not be worth the effort of moving it to the public cloud Hybrid Cloud A hybrid cloud is becoming a more popular choice for businesses of all sizes. It is where both public and private cloud are utilized to host your data. In a hybrid cloud, both data and applications can move between private and public clouds for greater flexibility. Cloud bursting is also an option when using a hybrid cloud. Its when an application or resource runs in the private cloud until there is a spike in demand such as during the holiday season when online shopping is at its peak and then at that point, the organization can “burst through” to the public cloud to tap into additional computing resources. Advantages of hybrid clouds: Control: you can maintain a private infrastructure for sensitive assets Flexibility: take advantage of additional resources in the public cloud when you need them Cost-effectiveness: You pay for extra computing power only when needed Ease: You can migrate to the cloud gradually and phase in workloads over time. A hybrid environment is only as strong as the integrations that unite them. The team managing the infrastructure should always be running performance monitoring, regular testing, and data ingress and egress procedures to reveal possible areas of difficulty and when to further evolve the application. When deciding what cloud platform works best for you, its best to analyze your business’ needs and what will work the best for your budget, security, and compliance. ProCern is available to sit down with you for a discovery of what will work best for your organization. Contact us today to find out more on how we can help.
Ensure a Stress-Free Migration So, you think you’re ready for the jump to Microsoft 365? You have done your research; licensing, cost-savings, administration, migration strategies, best practices, etc. You have weighed the costs of doing the migration in-house or choosing a vendor to assist. What’s next? Ensuring a stress-free migration for you and your users will need 3 things: Smart planning Smart decisions Time There are many things recommended to make the migration go smoothly. One key piece of smart planning is ensuring the Active Directory accounts, which are migrating to Microsoft 365, are prepared for the migration. Successful directory synchronization between your on-premise directory and Microsoft 365 requires that attributes are properly configured. The following 5 tasks should be completed in Active Directory to plan for a smooth migration: 1. Active Directory Cleanup Tasks Perform the following cleanup tasks in your on-premise directory: Ensure that each user has a valid and unique email address in the proxyAddress Field Remove Duplicates in the proxyAddress field Ensure each user has a valid and unique value for the userPrincipalName atrribute in the user’s user object For best use of the global address list (GAL), be sure the information in the following attributes is accurate: givenName surnamedisplayName Job Title Department Office Office Phone Mobile Phone Fax Number Street Address City State Zip Country 2. Directory Object and Attribute Preparation Directory synchronization will fail if some of the Active Directory users have one or more duplicate attributes. If there are duplicate values, the first user with the value is synchronized. Subsequent users will not appear in Office 365. The following attributes should need prepared: Mail Attribute must be unique within the directory mailNickname (Exchange alias) Cannot begin with a period (.). Attribute must be unique within the directory proxyAddresses Can accept multiple values Value must not contain a space Attribute must be unique within the directory Invalid characters: [ “ | , / : < > + = ; ? * ] sAMAccountName Maximum characters: 20 Attribute must be unique within the directory Invalid characters: [ “ | , / : < > + = ; ? * ] targetAddress Maximum characters: 255 Value must not contain a space Attribute must be unique within the directory Invalid characters: [ “ | , / : < > + = ; ? * ] All SMTP addresses should comply with email messaging standards UserPrincipalName Must be in the Internet-style sign-in format: [email protected] Invalid characters: [ “ | , / : < > + = ; ? * ] The @ character is required in each value The @ character cannot be the first character The user cannot end with a period (.), &, a space, or @ Routable domains must be used, local or internal domains cannot be used 3. Prepare the userPrincipalName Attribute Active Directory is designed to allow the end users to sign in to the directory by using either sAMAccountName or userPrincipalName. End users can sign in to Microsoft 365 by using the user principal name (UPN) of their work or school account. Directory synchronization attempts to create new users in Azure Active Directory by using the same UPN that’s in the on-premises directory. The UPN is formatted like an email address. In Office 365, the UPN is the default attribute that’s used to generate the email address. It’s easy to get userPrincipalName (on-premises and in Azure Active Directory) and the primary email address in proxyAddresses set to different values. When they are set to different values, there can be confusion for administrators and end users. 4. Add an Alternative UPN Suffix (if needed) There may be a need to add an alternative UPN suffix to associate the user’s corporate credentials with the Microsoft 365 environment. A UPN suffix is the part of a UPN to the right of the @ character. UPNs can contain letters, numbers, periods, dashes, and underscores, but no other types of characters. 5. Match the On-Premise UPN with Microsoft 365 UPN If directory synchronization is already setup, the user’s UPN for Microsoft 365 may not match the user’s on-premise UPN that’s defined in the on-premise directory service. This can occur when a user was assigned a license before the domain was verified. To fix this, use PowerShell to fix duplicate UPN to update the user’s UPN to ensure that the Microsoft 365 UPN matches the corporate user name and domain. When updating the UPN in the on-premise directory service and to have it synchronized with the Azure Active Directory identity, remove the user’s license in Microsoft 365 prior to making the changes on-premise. It is common for the on-premise domain to have a .local extension. In these cases, it is required to add an alternate UPN suffix to the .local domain which matches the email addresses of the users begin migrated. For example, if the local domain is contoso.local, but the email domain is contoso.com (i.e. users have email addresses of [email protected]) an alternate UPN suffix is required on the local domain. In addition, the user’s primary UPN needs to be modified to reflect the UPN which needs to match the email domain. IdFix Tool Microsoft provides a tool to make this process easier, it is called the IdFix tool. In fact, Microsoft does not recommend making the above changes without the tool. IdFix can find errors, report on errors, and even allow to take actions to edit or remove the attributes. All prior to attempting synchronization. Conclusion These are the main values in Active Directory which need to be validated or modified to ensure a smooth transition to Microsoft 365, and IdFix can assist in identifying these values.
Finding Active Directory Issues Anyone who has ever worked with Microsoft’s Active Directory, either as an end user or administrator, has undoubtedly come across strangeness and unexplained occurrences. Active Directory serves many purposes: identity management, resource policy deployment, and user security management to name a few. Active Directory handles its extremely complex inter-workings in a very robust and flexible way. It is designed to resist outages and lost communication while continuing to provide services to users. While all of that is good from an availability standpoint, it also makes it easy to hide problems from its administrators. Help Desk conversations about Active Directory can often be heard with the phrases, “I don’t know why that happened,” “That’s weird. I’ve never seen it do that before,” and “Oh well, it works now.” These conversations can lead to the realization that Active Directory isn’t totally healthy and could be performing better than it is currently. Something as simple as logging on to a workstation may generate multiple errors that aren’t visible to the end user except in the symptom of a log on delay.The health of Active Directory can be affected in many ways. Changes to Active Directory throughout the years can add up to significant problems that seem to show up suddenly. Examples of these types of changes could be any of the following: Adding or removing domain controllers Upgrading domain controllers Adding or removing Exchange servers Adding or removing physical sites to your environment Extending the schema Unreliable communication between domain controllers These changes, if done incorrectly, can cause multiple problems including log on issues, replication failures, DNS misconfiguration, or GPO problems to name a few.Simple questions that you can ask yourself to determine if your Active Directory is currently not as healthy as it could be are as follows: Do your users complain of strange log on or authentication issues? Does it take an abnormally long time for users to log on to their workstations? Do your GPOs work sometimes and not other times? Do you get strange references to old domain controllers or Exchange servers that have long since been removed? Do you have issues resolving server’s names through DNS? Do your DNS servers get out of sync? Do DNS entries mysteriously disappear? And maybe most importantly, have you ever employed an admin that was given full rights to Active Directory who you later learned was not qualified? Active Directory is integral to the IT success of just about every company. Finding issues and correcting them before they become a problem can prevent outages and future losses in revenue. Whether you are currently experiencing noticeable issues or just want a “feel good” report on the current status of your Active Directory, ProCern can provide that peace of mind. With over 15 years supporting Microsoft Active Directory services for our customers, we have the experience and skills to get your Active Directory to a healthy state. Our proven method of using various tools to extract Active Directory information, analyze that data, and prepare and deliver a detailed report has proven very successful. Contact ProCern today to set up an appointment to talk about your Active Directory needs.
Active Directory is often compared to the central nervous system of the human body. The central nervous system consists of the brain, spinal cord, and nerves running throughout the body. Just as the central nervous system coordinates and influences every activity of all parts of the human body, Active Directory is a database that coordinates the servers, client computers, printers, shared files, and other resources, as well as securing network resources in a Microsoft Windows network. Active Directory accomplishes these tasks by providing a hierarchy of management elements enabling administrators to organize resources, advertise these resources accordingly, and control the users who access them.Medical doctors suggest a checkup or physical at least once a year, as well as personal monitoring of your health. Even if you are healthy, the purpose of these visits is to screen for diseases, asses risk of future medical problems, encourage a healthy lifestyle, update vaccinations, and maintain a relationship with doctors in case of an illness.The comparison to Active Directory here can also be made. Proper monitoring and periodic checkups can keep the database functioning smoothly and without issues. It can definitely benefit from checkups, or health checks. The purpose of an Active Directory health check could be for the same reasons listed above: Screen for Diseases Verify trust relationships View replication failures between domain controllers View queued replication events between domain controllers Display replication partners and results of replication events Provide a summary of the replication state and health of the forest Analyze the state of all domain controllers in the forest and report problems Review results of Microsoft Best Practice Analyzer on domain controllers Asses Risk of Future Medical Problems Discuss Microsoft Server Roadmap. Are you using the latest version? When will the next version be released? When will the oldest version no longer be supported? Meet with Active Directory stakeholders. Will the layout and design of database be affected by any projects or applications in the future? Encourage a Healthy Lifestyle Discuss current administrative practices surrounding Active Directory. What is the process to add, change, or delete users or resources, etc.? Discuss and recommend monitoring strategies around Active Directory Discuss and recommend auditing strategies of Active Directory Review objects (users, computers, etc.) to check for stale/out-of-date resources, or illegal objects Update Vaccinations Validate patch levels on domain controllers Validate anti-virus/malware on domain controllers Discuss security around the database Maintain a Relationship with Doctors in Case of an Illness Good to have a relationship with an infrastructure provider, like ProCern, when issues arise and advanced assistance is needed Good to have an independent third-party, like ProCern, doing the health checks. You aren’t allowed to prescribe your own medication, are you? Just like the human body, proper monitoring and care can assist in keeping Active Directory healthy. Active Directory and the Windows network can only benefit from these periodic “doctor” visits. database design and implementation, based on Microsoft best practices. Contact ProCern to find out more about our IT Health Check.
Most businesses recognize the incredible flexibility of cloud-based applications, but there are multiple paths to realizing this value without diving into the deep end with a full Software-as-a-Service model.
Cloud computing platforms can offer unprecedented scalability compared to traditional onsite or hosted servers, but adapting IBM i applications to x86-based cloud platforms has historically been a prohibitive challenge.